Hello community,
here is the log from the commit of package mokutil for openSUSE:Factory checked
in at 2014-03-25 13:23:53
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mokutil (Old)
and /work/SRC/openSUSE:Factory/.mokutil.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mokutil"
Changes:
--------
--- /work/SRC/openSUSE:Factory/mokutil/mokutil.changes 2014-02-25
07:33:41.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.mokutil.new/mokutil.changes 2014-03-25
13:23:54.000000000 +0100
@@ -1,0 +2,8 @@
+Mon Mar 24 07:37:39 UTC 2014 - g...@suse.com
+
+- Add mokutil-more-details-for-skipped-keys.patch to show the
+ reason to skip the key
+- Add mokutil-check-secure-boot-support.patch to check whether the
+ system supports Secure Boot or not
+
+-------------------------------------------------------------------
New:
----
mokutil-check-secure-boot-support.patch
mokutil-more-details-for-skipped-keys.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ mokutil.spec ++++++
--- /var/tmp/diff_new_pack.wEdHhx/_old 2014-03-25 13:23:54.000000000 +0100
+++ /var/tmp/diff_new_pack.wEdHhx/_new 2014-03-25 13:23:54.000000000 +0100
@@ -32,6 +32,10 @@
Patch3: mokutil-fix-hash-list-size.patch
# PATCH-FIX-UPSTREAM mokutil-clean-request.patch g...@suse.com -- Clear the
request if all keys are removed
Patch4: mokutil-clean-request.patch
+# PATCH-FIX-UPSTREAM mokutil-more-details-for-skipped-keys.patch g...@suse.com
-- Be more verbose while skipping a key
+Patch5: mokutil-more-details-for-skipped-keys.patch
+# PATCH-FIX-UPSTREAM mokutil-check-secure-boot-support.patch g...@suse.com --
Check whether the system supports secure boot or not
+Patch6: mokutil-check-secure-boot-support.patch
# PATCH-FIX-OPENSUSE mokutil-support-revoke-builtin-cert.patch g...@suse.com
-- Add an option to revoke the built-in certificate
Patch100: mokutil-support-revoke-builtin-cert.patch
BuildRequires: autoconf
@@ -57,6 +61,8 @@
%patch2 -p1
%patch3 -p1
%patch4 -p1
+%patch5 -p1
+%patch6 -p1
%patch100 -p1
%build
++++++ mokutil-check-secure-boot-support.patch ++++++
>From e8899f1f26a77dfd870388156381489d53e5548c Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <g...@suse.com>
Date: Mon, 24 Mar 2014 15:20:27 +0800
Subject: [PATCH] Check whether the system supports Secure Boot or not
Signed-off-by: Gary Ching-Pang Lin <g...@suse.com>
---
src/mokutil.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/src/mokutil.c b/src/mokutil.c
index cd039f0..149df2b 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -2211,6 +2211,23 @@ main (int argc, char *argv[])
if (hash_file && use_root_pw)
command |= HELP;
+ if (!(command & HELP)) {
+ /* Check whether the machine supports Secure Boot or not */
+ efi_variable_t var;
+ efi_status_t status;
+
+ memset (&var, 0, sizeof(var));
+ var.VariableName = "SecureBoot";
+ var.VendorGuid = EFI_GLOBAL_VARIABLE;
+ status = read_variable (&var);
+ if (status != EFI_SUCCESS) {
+ fprintf (stderr, "This system doesn't support Secure
Boot\n");
+ ret = -1;
+ goto out;
+ }
+ free (var.Data);
+ }
+
switch (command) {
case LIST_ENROLLED:
case LIST_ENROLLED | MOKX:
@@ -2331,6 +2348,7 @@ main (int argc, char *argv[])
break;
}
+out:
if (files) {
for (i = 0; i < total; i++)
free (files[i]);
--
1.8.4.5
++++++ mokutil-more-details-for-skipped-keys.patch ++++++
>From 98fe9bfda3bcf6c532d57e07e6ba25c350e7b7a1 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <g...@suse.com>
Date: Thu, 13 Feb 2014 14:32:18 +0800
Subject: [PATCH 1/3] Be more verbose while skipping a key
Signed-off-by: Gary Ching-Pang Lin <g...@suse.com>
---
src/mokutil.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/mokutil.c b/src/mokutil.c
index 1c32313..3655b92 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -1228,7 +1228,8 @@ issue_mok_request (char **files, uint32_t total,
MokRequest req,
printf ("Removed %s from %s\n", files[i], reverse_req);
ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);
} else {
- printf ("Skip %s\n", files[i]);
+ printf ("%s is already enrolled or in %s request\n",
files[i],
+ import?"an enrollment":"a deletion");
ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);
}
--
1.8.4.5
>From 2e5560600b213e35e59d4a7923c01f8b9c095323 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <g...@suse.com>
Date: Mon, 24 Mar 2014 14:48:53 +0800
Subject: [PATCH 2/3] Show more details when skipping a key
Signed-off-by: Gary Ching-Pang Lin <g...@suse.com>
---
src/mokutil.c | 26 ++++++++++++++++++++++++--
1 file changed, 24 insertions(+), 2 deletions(-)
diff --git a/src/mokutil.c b/src/mokutil.c
index 3655b92..cd039f0 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -1111,6 +1111,29 @@ in_pending_request (efi_guid_t type, void *data,
uint32_t data_size,
return 0;
}
+static void
+print_skip_message (const char *filename, void *mok, uint32_t mok_size,
+ uint8_t import)
+{
+ if (import) {
+ if (is_duplicate (mok, mok_size, "PK", EFI_GLOBAL_VARIABLE))
+ printf ("SKIP: %s is already in PK\n", filename);
+ else if (is_duplicate (mok, mok_size, "KEK",
EFI_GLOBAL_VARIABLE))
+ printf ("SKIP: %s is already in KEK\n", filename);
+ else if (is_duplicate (mok, mok_size, "db",
EFI_IMAGE_SECURITY_DATABASE_GUID))
+ printf ("SKIP: %s is already in db\n", filename);
+ else if (is_duplicate (mok, mok_size, "MokListRT",
SHIM_LOCK_GUID))
+ printf ("SKIP: %s is already enrolled\n", filename);
+ else if (is_duplicate (mok, mok_size, "MokNew", SHIM_LOCK_GUID))
+ printf ("SKIP: %s is already in the enrollement
request\n", filename);
+ } else {
+ if (!is_duplicate (mok, mok_size, "MokListRT", SHIM_LOCK_GUID))
+ printf ("SKIP: %s is not in MokList\n", filename);
+ else if (is_duplicate (mok, mok_size, "MokDel", SHIM_LOCK_GUID))
+ printf ("SKIP: %s is already in the deletion
request\n", filename);
+ }
+}
+
static int
issue_mok_request (char **files, uint32_t total, MokRequest req,
const char *hash_file, const int root_pw)
@@ -1228,8 +1251,7 @@ issue_mok_request (char **files, uint32_t total,
MokRequest req,
printf ("Removed %s from %s\n", files[i], reverse_req);
ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);
} else {
- printf ("%s is already enrolled or in %s request\n",
files[i],
- import?"an enrollment":"a deletion");
+ print_skip_message (files[i], ptr, sizes[i], import);
ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);
}
--
1.8.4.5
>From 19df75d89e636293c93686e1edd8529f4b68170e Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <g...@suse.com>
Date: Mon, 24 Mar 2014 16:27:06 +0800
Subject: [PATCH 3/3] Merge MokX for print_skip_message()
Signed-off-by: Gary Ching-Pang Lin <g...@suse.com>
---
src/mokutil.c | 39 ++++++++++++++++++++++++++++-----------
1 file changed, 28 insertions(+), 11 deletions(-)
diff --git a/src/mokutil.c b/src/mokutil.c
index cd039f0..492dffc 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -1113,24 +1113,41 @@ in_pending_request (efi_guid_t type, void *data,
uint32_t data_size,
static void
print_skip_message (const char *filename, void *mok, uint32_t mok_size,
- uint8_t import)
+ MokRequest req)
{
- if (import) {
- if (is_duplicate (mok, mok_size, "PK", EFI_GLOBAL_VARIABLE))
+ efi_guid_t type = EfiCertX509Guid;
+
+ switch (req) {
+ case ENROLL_MOK:
+ if (is_duplicate (type, mok, mok_size, EFI_GLOBAL_VARIABLE,
"PK"))
printf ("SKIP: %s is already in PK\n", filename);
- else if (is_duplicate (mok, mok_size, "KEK",
EFI_GLOBAL_VARIABLE))
+ else if (is_duplicate (type, mok, mok_size,
EFI_GLOBAL_VARIABLE, "KEK"))
printf ("SKIP: %s is already in KEK\n", filename);
- else if (is_duplicate (mok, mok_size, "db",
EFI_IMAGE_SECURITY_DATABASE_GUID))
+ else if (is_duplicate (type, mok, mok_size,
EFI_IMAGE_SECURITY_DATABASE_GUID, "db"))
printf ("SKIP: %s is already in db\n", filename);
- else if (is_duplicate (mok, mok_size, "MokListRT",
SHIM_LOCK_GUID))
+ else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID,
"MokListRT"))
printf ("SKIP: %s is already enrolled\n", filename);
- else if (is_duplicate (mok, mok_size, "MokNew", SHIM_LOCK_GUID))
+ else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID,
"MokNew"))
printf ("SKIP: %s is already in the enrollement
request\n", filename);
- } else {
- if (!is_duplicate (mok, mok_size, "MokListRT", SHIM_LOCK_GUID))
+ break;
+ case DELETE_MOK:
+ if (!is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID,
"MokListRT"))
printf ("SKIP: %s is not in MokList\n", filename);
- else if (is_duplicate (mok, mok_size, "MokDel", SHIM_LOCK_GUID))
+ else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID,
"MokDel"))
printf ("SKIP: %s is already in the deletion
request\n", filename);
+ break;
+ case ENROLL_BLACKLIST:
+ if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID,
"MokListXRT"))
+ printf ("SKIP: %s is already in MokListX\n", filename);
+ else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID,
"MokXNew"))
+ printf ("SKIP: %s is already in the MokX enrollment
request\n", filename);
+ break;
+ case DELETE_BLACKLIST:
+ if (!is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID,
"MokListXRT"))
+ printf ("SKIP: %s is not in MokListX\n", filename);
+ else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID,
"MokXDel"))
+ printf ("SKIP: %s is already in the MokX deletion
request\n", filename);
+ break;
}
}
@@ -1251,7 +1268,7 @@ issue_mok_request (char **files, uint32_t total,
MokRequest req,
printf ("Removed %s from %s\n", files[i], reverse_req);
ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);
} else {
- print_skip_message (files[i], ptr, sizes[i], import);
+ print_skip_message (files[i], ptr, sizes[i], req);
ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);
}
--
1.8.4.5
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
