[pesign] Get the Fedora signing token name right.
Peter Jones
pjones at fedoraproject.org
Fri Oct 19 23:21:31 UTC 2012
commit 11a11c6946d7dfcceb86a20b7149e5234979d769
Author: Peter Jones <pjones at redhat.com>
Date: Fri Oct 19 19:19:24 2012 -0400
Get the Fedora signing token name right.
..._TraverseCertsForNicknameInSlot-after-all.patch | 2 +-
0002-Remove-an-unused-field.patch | 2 +-
...rtificate-list-we-make-once-we-re-done-us.patch | 2 +-
...e-actually-look-up-the-certificate-when-n.patch | 2 +-
...eck-for-allocations-on-tokenname-certname.patch | 2 +-
...-Update-valgrind.supp-for-newer-codepaths.patch | 2 +-
...the-pid-string-once-we-re-done-writing-it.patch | 2 +-
...n-t-complain-about-unlocking-a-key-and-ke.patch | 2 +-
0009-Only-try-to-register-OIDs-once.patch | 2 +-
0010-Check-for-NSS_Shutdown-failure.patch | 2 +-
...troy-stdin-stdout-stderr-if-we-don-t-fork.patch | 2 +-
0012-valgrind-Add-SECMOD_LoadModule-codepath.patch | 2 +-
...-Don-t-set-up-digests-in-cms_context_init.patch | 2 +-
...-register_oids-where-we-re-doing-NSS_Init.patch | 2 +-
...-shutdown-actually-close-the-NSS-database.patch | 2 +-
...bunch-of-error-messages-to-be-vaguely-con.patch | 2 +-
0017-Use-PORT_ArenaStrdup-where-appropriate.patch | 2 +-
0018-Minor-whitespace-fixes.patch | 2 +-
...-sure-inpe-is-initialized-before-all-erro.patch | 2 +-
...sign_context-rather-than-having-it-on-the.patch | 2 +-
...initialize-nss-only-if-we-re-not-a-daemon.patch | 2 +-
0022-Handle-errors-on-pesign_context_init.patch | 2 +-
...checking-to-make-sure-we-don-t-emit-unini.patch | 2 +-
...e-free-the-token-cert-we-get-from-the-com.patch | 2 +-
...-shut-down-nss-in-pesign.c-if-we-re-not-t.patch | 2 +-
...Rework-setup_digests-and-teardown_digests.patch | 2 +-
...t-need-Environment-NSS_STRICT_NOFORK-DISA.patch | 2 +-
0028-Fix-errors-found-by-coverity.patch | 2 +-
0029-Don-t-keep-the-DEPS-list-twice.patch | 2 +-
0030-Don-t-build-util-right-now.patch | 2 +-
...l_systemd-and-install_sysvinit-separate-t.patch | 2 +-
0032-Get-rid-of-an-unnecessary-allocation.patch | 2 +-
0033-Allow-use-of-e-from-rpm-macro.patch | 2 +-
...-use-e-like-pesign-does-rather-than-detac.patch | 2 +-
...n-by-systemd-to-remove-socket-and-pidfile.patch | 2 +-
...cros-use-the-default-fedora-signer-if-the.patch | 2 +-
0037-Fix-command-line-checking-for-s.patch | 2 +-
...port-to-read-the-pin-from-stdin-in-client.patch | 2 +-
...uth-authentication-failure-error-reportin.patch | 2 +-
...-in-sysvinit-script-to-allow-kojibuilder-.patch | 2 +-
...n-quite-so-immediately-if-we-re-the-paren.patch | 2 +-
0042-Get-the-Fedora-signing-token-name-right.patch | 28 ++++++++++++++++++++
pesign.spec | 6 +++-
43 files changed, 74 insertions(+), 42 deletions(-)
---
diff --git a/0001-Use-PK11_TraverseCertsForNicknameInSlot-after-all.patch b/0001-Use-PK11_TraverseCertsForNicknameInSlot-after-all.patch
index 35b19b7..2b58155 100644
--- a/0001-Use-PK11_TraverseCertsForNicknameInSlot-after-all.patch
+++ b/0001-Use-PK11_TraverseCertsForNicknameInSlot-after-all.patch
@@ -1,7 +1,7 @@
From 406a08cc45a2d0761294002d946ee3381a4706ee Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Wed, 17 Oct 2012 09:53:07 -0400
-Subject: [PATCH 01/41] Use PK11_TraverseCertsForNicknameInSlot after all.
+Subject: [PATCH 01/42] Use PK11_TraverseCertsForNicknameInSlot after all.
As of 76bc13c it doesn't appear to be leaky any more, and it does a
better job of disinguishing between certificates with the same nickname
diff --git a/0002-Remove-an-unused-field.patch b/0002-Remove-an-unused-field.patch
index 7fa6b72..d09c150 100644
--- a/0002-Remove-an-unused-field.patch
+++ b/0002-Remove-an-unused-field.patch
@@ -1,7 +1,7 @@
From e4aa0a2755d7b00e31760a7f90561b0566445fa4 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Wed, 17 Oct 2012 09:54:10 -0400
-Subject: [PATCH 02/41] Remove an unused field.
+Subject: [PATCH 02/42] Remove an unused field.
Signed-off-by: Peter Jones <pjones at redhat.com>
---
diff --git a/0003-Free-the-certificate-list-we-make-once-we-re-done-us.patch b/0003-Free-the-certificate-list-we-make-once-we-re-done-us.patch
index e82eba1..59c9014 100644
--- a/0003-Free-the-certificate-list-we-make-once-we-re-done-us.patch
+++ b/0003-Free-the-certificate-list-we-make-once-we-re-done-us.patch
@@ -1,7 +1,7 @@
From df5afd0e6d92f31a804f5f1631b6fae3b8ef4d8b Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Wed, 17 Oct 2012 09:54:37 -0400
-Subject: [PATCH 03/41] Free the certificate list we make once we're done
+Subject: [PATCH 03/42] Free the certificate list we make once we're done
using it.
Signed-off-by: Peter Jones <pjones at redhat.com>
diff --git a/0004-Make-sure-we-actually-look-up-the-certificate-when-n.patch b/0004-Make-sure-we-actually-look-up-the-certificate-when-n.patch
index 4a0fb36..9c50ba2 100644
--- a/0004-Make-sure-we-actually-look-up-the-certificate-when-n.patch
+++ b/0004-Make-sure-we-actually-look-up-the-certificate-when-n.patch
@@ -1,7 +1,7 @@
From c13cc0b03dcae9a743cc49aaa62c3923a3e7d8f9 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Wed, 17 Oct 2012 09:55:02 -0400
-Subject: [PATCH 04/41] Make sure we actually look up the certificate when not
+Subject: [PATCH 04/42] Make sure we actually look up the certificate when not
in daemon mode.
Signed-off-by: Peter Jones <pjones at redhat.com>
diff --git a/0005-Fix-check-for-allocations-on-tokenname-certname.patch b/0005-Fix-check-for-allocations-on-tokenname-certname.patch
index 6fca165..e515214 100644
--- a/0005-Fix-check-for-allocations-on-tokenname-certname.patch
+++ b/0005-Fix-check-for-allocations-on-tokenname-certname.patch
@@ -1,7 +1,7 @@
From 844138e07535a8aa2be80496378c9929acaa1687 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Wed, 17 Oct 2012 10:35:41 -0400
-Subject: [PATCH 05/41] Fix check for allocations on tokenname,certname.
+Subject: [PATCH 05/42] Fix check for allocations on tokenname,certname.
If we didn't have anything to start with, we won't have anything when
we're done...
diff --git a/0006-Update-valgrind.supp-for-newer-codepaths.patch b/0006-Update-valgrind.supp-for-newer-codepaths.patch
index 54aa698..731a2d5 100644
--- a/0006-Update-valgrind.supp-for-newer-codepaths.patch
+++ b/0006-Update-valgrind.supp-for-newer-codepaths.patch
@@ -1,7 +1,7 @@
From 682233d107460b49071017b4d88c0430373dbd35 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Wed, 17 Oct 2012 10:55:25 -0400
-Subject: [PATCH 06/41] Update valgrind.supp for newer codepaths.
+Subject: [PATCH 06/42] Update valgrind.supp for newer codepaths.
Signed-off-by: Peter Jones <pjones at redhat.com>
---
diff --git a/0007-Free-the-pid-string-once-we-re-done-writing-it.patch b/0007-Free-the-pid-string-once-we-re-done-writing-it.patch
index d02d84f..c52526a 100644
--- a/0007-Free-the-pid-string-once-we-re-done-writing-it.patch
+++ b/0007-Free-the-pid-string-once-we-re-done-writing-it.patch
@@ -1,7 +1,7 @@
From 81bf0e36a82a3d746a01aee50d8ee460dc794b19 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Wed, 17 Oct 2012 10:57:20 -0400
-Subject: [PATCH 07/41] Free the pid string once we're done writing it.
+Subject: [PATCH 07/42] Free the pid string once we're done writing it.
Signed-off-by: Peter Jones <pjones at redhat.com>
---
diff --git a/0008-valgrind-Don-t-complain-about-unlocking-a-key-and-ke.patch b/0008-valgrind-Don-t-complain-about-unlocking-a-key-and-ke.patch
index b6a8f0d..1c23eba 100644
--- a/0008-valgrind-Don-t-complain-about-unlocking-a-key-and-ke.patch
+++ b/0008-valgrind-Don-t-complain-about-unlocking-a-key-and-ke.patch
@@ -1,7 +1,7 @@
From 50c50c8fbebab3d8b5efff35dc1a7ca4b44d6b19 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Wed, 17 Oct 2012 11:08:30 -0400
-Subject: [PATCH 08/41] [valgrind] Don't complain about unlocking a key and
+Subject: [PATCH 08/42] [valgrind] Don't complain about unlocking a key and
keeping the handle.
Signed-off-by: Peter Jones <pjones at redhat.com>
diff --git a/0009-Only-try-to-register-OIDs-once.patch b/0009-Only-try-to-register-OIDs-once.patch
index 25843ba..590cf7f 100644
--- a/0009-Only-try-to-register-OIDs-once.patch
+++ b/0009-Only-try-to-register-OIDs-once.patch
@@ -1,7 +1,7 @@
From b71f1d2e8f7ad6853e5e68134a66baf9dea2471b Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Wed, 17 Oct 2012 11:26:04 -0400
-Subject: [PATCH 09/41] Only try to register OIDs once.
+Subject: [PATCH 09/42] Only try to register OIDs once.
Signed-off-by: Peter Jones <pjones at redhat.com>
---
diff --git a/0010-Check-for-NSS_Shutdown-failure.patch b/0010-Check-for-NSS_Shutdown-failure.patch
index 2e6042c..3d5f098 100644
--- a/0010-Check-for-NSS_Shutdown-failure.patch
+++ b/0010-Check-for-NSS_Shutdown-failure.patch
@@ -1,7 +1,7 @@
From f966137c17f74fc3e343dfb6e04300a9d179de03 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Wed, 17 Oct 2012 12:05:29 -0400
-Subject: [PATCH 10/41] Check for NSS_Shutdown() failure.
+Subject: [PATCH 10/42] Check for NSS_Shutdown() failure.
Signed-off-by: Peter Jones <pjones at redhat.com>
---
diff --git a/0011-Don-t-destroy-stdin-stdout-stderr-if-we-don-t-fork.patch b/0011-Don-t-destroy-stdin-stdout-stderr-if-we-don-t-fork.patch
index 333df42..7e567ed 100644
--- a/0011-Don-t-destroy-stdin-stdout-stderr-if-we-don-t-fork.patch
+++ b/0011-Don-t-destroy-stdin-stdout-stderr-if-we-don-t-fork.patch
@@ -1,7 +1,7 @@
From 0dddfd5e738232403220b0d18888f94fa0032a59 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Wed, 17 Oct 2012 12:17:39 -0400
-Subject: [PATCH 11/41] Don't destroy stdin/stdout/stderr if we don't fork.
+Subject: [PATCH 11/42] Don't destroy stdin/stdout/stderr if we don't fork.
I like being able to read my error messages.
diff --git a/0012-valgrind-Add-SECMOD_LoadModule-codepath.patch b/0012-valgrind-Add-SECMOD_LoadModule-codepath.patch
index d0bc3c4..bdadd94 100644
--- a/0012-valgrind-Add-SECMOD_LoadModule-codepath.patch
+++ b/0012-valgrind-Add-SECMOD_LoadModule-codepath.patch
@@ -1,7 +1,7 @@
From 19c8e797d092e17f2882d249d5446728a76db050 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Wed, 17 Oct 2012 14:29:30 -0400
-Subject: [PATCH 12/41] [valgrind] Add SECMOD_LoadModule codepath.
+Subject: [PATCH 12/42] [valgrind] Add SECMOD_LoadModule codepath.
This is called once when we initialize the database.
diff --git a/0013-Don-t-set-up-digests-in-cms_context_init.patch b/0013-Don-t-set-up-digests-in-cms_context_init.patch
index b471ba0..bc5f1e9 100644
--- a/0013-Don-t-set-up-digests-in-cms_context_init.patch
+++ b/0013-Don-t-set-up-digests-in-cms_context_init.patch
@@ -1,7 +1,7 @@
From 186b6d5d39a1feeaa5f9493d28dc4f53015d551d Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Wed, 17 Oct 2012 14:33:35 -0400
-Subject: [PATCH 13/41] Don't set up digests in cms_context_init.
+Subject: [PATCH 13/42] Don't set up digests in cms_context_init.
Move digest setup out of cms_context_init, so we can avoid leaking the
reference to the digests by not having them in ctx->backup_cms in the
diff --git a/0014-Do-register_oids-where-we-re-doing-NSS_Init.patch b/0014-Do-register_oids-where-we-re-doing-NSS_Init.patch
index 76c5deb..651c391 100644
--- a/0014-Do-register_oids-where-we-re-doing-NSS_Init.patch
+++ b/0014-Do-register_oids-where-we-re-doing-NSS_Init.patch
@@ -1,7 +1,7 @@
From e1f8d4e38f4ad08fb407691a3f59edc19a1f15e2 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Wed, 17 Oct 2012 14:41:18 -0400
-Subject: [PATCH 14/41] Do register_oids() where we're doing NSS_Init()
+Subject: [PATCH 14/42] Do register_oids() where we're doing NSS_Init()
Signed-off-by: Peter Jones <pjones at redhat.com>
---
diff --git a/0015-Make-daemon-shutdown-actually-close-the-NSS-database.patch b/0015-Make-daemon-shutdown-actually-close-the-NSS-database.patch
index aa173f4..572361f 100644
--- a/0015-Make-daemon-shutdown-actually-close-the-NSS-database.patch
+++ b/0015-Make-daemon-shutdown-actually-close-the-NSS-database.patch
@@ -1,7 +1,7 @@
From 092e3f81233655849156b0948a53f3b5f51b8c97 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Wed, 17 Oct 2012 14:43:58 -0400
-Subject: [PATCH 15/41] Make daemon shutdown actually close the NSS databases
+Subject: [PATCH 15/42] Make daemon shutdown actually close the NSS databases
and whatnot.
Signed-off-by: Peter Jones <pjones at redhat.com>
diff --git a/0016-Reformat-a-bunch-of-error-messages-to-be-vaguely-con.patch b/0016-Reformat-a-bunch-of-error-messages-to-be-vaguely-con.patch
index 41fbdc9..f274a8d 100644
--- a/0016-Reformat-a-bunch-of-error-messages-to-be-vaguely-con.patch
+++ b/0016-Reformat-a-bunch-of-error-messages-to-be-vaguely-con.patch
@@ -1,7 +1,7 @@
From b6ff405da1bf4627a40fc104457a539788c9f470 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Wed, 17 Oct 2012 15:18:08 -0400
-Subject: [PATCH 16/41] Reformat a bunch of error messages to be vaguely
+Subject: [PATCH 16/42] Reformat a bunch of error messages to be vaguely
consistent.
Signed-off-by: Peter Jones <pjones at redhat.com>
diff --git a/0017-Use-PORT_ArenaStrdup-where-appropriate.patch b/0017-Use-PORT_ArenaStrdup-where-appropriate.patch
index 393518e..5fc4c32 100644
--- a/0017-Use-PORT_ArenaStrdup-where-appropriate.patch
+++ b/0017-Use-PORT_ArenaStrdup-where-appropriate.patch
@@ -1,7 +1,7 @@
From 8ffe6943f04d42314f81eb8b5e3350d4ccc41895 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Wed, 17 Oct 2012 15:26:23 -0400
-Subject: [PATCH 17/41] Use PORT_ArenaStrdup() where appropriate.
+Subject: [PATCH 17/42] Use PORT_ArenaStrdup() where appropriate.
Signed-off-by: Peter Jones <pjones at redhat.com>
---
diff --git a/0018-Minor-whitespace-fixes.patch b/0018-Minor-whitespace-fixes.patch
index d64c9a5..435ac22 100644
--- a/0018-Minor-whitespace-fixes.patch
+++ b/0018-Minor-whitespace-fixes.patch
@@ -1,7 +1,7 @@
From c196b462ad5267e8ed20c0b855b9921268b22a7b Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Wed, 17 Oct 2012 15:26:47 -0400
-Subject: [PATCH 18/41] Minor whitespace fixes.
+Subject: [PATCH 18/42] Minor whitespace fixes.
Signed-off-by: Peter Jones <pjones at redhat.com>
---
diff --git a/0019-daemon-Make-sure-inpe-is-initialized-before-all-erro.patch b/0019-daemon-Make-sure-inpe-is-initialized-before-all-erro.patch
index 1686740..dd1e971 100644
--- a/0019-daemon-Make-sure-inpe-is-initialized-before-all-erro.patch
+++ b/0019-daemon-Make-sure-inpe-is-initialized-before-all-erro.patch
@@ -1,7 +1,7 @@
From 7a8c50f620c7484af9d750f484df8a6837e6b2a5 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Wed, 17 Oct 2012 15:27:03 -0400
-Subject: [PATCH 19/41] [daemon] Make sure inpe is initialized before all
+Subject: [PATCH 19/42] [daemon] Make sure inpe is initialized before all
error handling.
find_certificate() and set_up_inpe() errors wind up being at the same
diff --git a/0020-Allocate-pesign_context-rather-than-having-it-on-the.patch b/0020-Allocate-pesign_context-rather-than-having-it-on-the.patch
index f8172f7..ca1d178 100644
--- a/0020-Allocate-pesign_context-rather-than-having-it-on-the.patch
+++ b/0020-Allocate-pesign_context-rather-than-having-it-on-the.patch
@@ -1,7 +1,7 @@
From 66d3353e6d24c9e69ce71735c5aa4741717a6d68 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Wed, 17 Oct 2012 15:31:15 -0400
-Subject: [PATCH 20/41] Allocate pesign_context rather than having it on the
+Subject: [PATCH 20/42] Allocate pesign_context rather than having it on the
stack.
This way it won't try to re-initialize cms_context when it's cleaned up.
diff --git a/0021-pesign-initialize-nss-only-if-we-re-not-a-daemon.patch b/0021-pesign-initialize-nss-only-if-we-re-not-a-daemon.patch
index 666dcd6..4350e94 100644
--- a/0021-pesign-initialize-nss-only-if-we-re-not-a-daemon.patch
+++ b/0021-pesign-initialize-nss-only-if-we-re-not-a-daemon.patch
@@ -1,7 +1,7 @@
From 444a514e1a7c9a27953f914cf416d559ef5be083 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Wed, 17 Oct 2012 15:32:57 -0400
-Subject: [PATCH 21/41] [pesign] initialize nss only if we're not a daemon.
+Subject: [PATCH 21/42] [pesign] initialize nss only if we're not a daemon.
If it's a deamon, NSS_Init, register_oids, and setup_digests will be
done in the daemon code, not in the normal tool code.
diff --git a/0022-Handle-errors-on-pesign_context_init.patch b/0022-Handle-errors-on-pesign_context_init.patch
index 6ed0b8c..b46de8a 100644
--- a/0022-Handle-errors-on-pesign_context_init.patch
+++ b/0022-Handle-errors-on-pesign_context_init.patch
@@ -1,7 +1,7 @@
From a1ce809e199c7fbbd6f5c0e75f27a4234fcbd2bc Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Wed, 17 Oct 2012 15:34:00 -0400
-Subject: [PATCH 22/41] Handle errors on pesign_context_init()
+Subject: [PATCH 22/42] Handle errors on pesign_context_init()
Signed-off-by: Peter Jones <pjones at redhat.com>
---
diff --git a/0023-Add-sanity-checking-to-make-sure-we-don-t-emit-unini.patch b/0023-Add-sanity-checking-to-make-sure-we-don-t-emit-unini.patch
index 6c1aca1..c94a7bd 100644
--- a/0023-Add-sanity-checking-to-make-sure-we-don-t-emit-unini.patch
+++ b/0023-Add-sanity-checking-to-make-sure-we-don-t-emit-unini.patch
@@ -1,7 +1,7 @@
From 4ed91a1bb65769401c0fd6c1c5b2a3c64c0c1266 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Wed, 17 Oct 2012 16:35:43 -0400
-Subject: [PATCH 23/41] Add sanity checking to make sure we don't emit
+Subject: [PATCH 23/42] Add sanity checking to make sure we don't emit
uninitialized hashes.
Signed-off-by: Peter Jones <pjones at redhat.com>
diff --git a/0024-Make-sure-we-free-the-token-cert-we-get-from-the-com.patch b/0024-Make-sure-we-free-the-token-cert-we-get-from-the-com.patch
index 61e0493..0cc0c33 100644
--- a/0024-Make-sure-we-free-the-token-cert-we-get-from-the-com.patch
+++ b/0024-Make-sure-we-free-the-token-cert-we-get-from-the-com.patch
@@ -1,7 +1,7 @@
From d8ead122f34375a496d280bcc803f730542ca78d Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Wed, 17 Oct 2012 17:47:49 -0400
-Subject: [PATCH 24/41] Make sure we free the token/cert we get from the
+Subject: [PATCH 24/42] Make sure we free the token/cert we get from the
command line.
This probably needs some further examination, but valgrind likes what's
diff --git a/0025-pesign-Only-shut-down-nss-in-pesign.c-if-we-re-not-t.patch b/0025-pesign-Only-shut-down-nss-in-pesign.c-if-we-re-not-t.patch
index d5b6b92..beafbe7 100644
--- a/0025-pesign-Only-shut-down-nss-in-pesign.c-if-we-re-not-t.patch
+++ b/0025-pesign-Only-shut-down-nss-in-pesign.c-if-we-re-not-t.patch
@@ -1,7 +1,7 @@
From 2030d382b49a1b957de829a67f74d9cc127c55ee Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Wed, 17 Oct 2012 17:48:44 -0400
-Subject: [PATCH 25/41] [pesign] Only shut down nss in pesign.c if we're not
+Subject: [PATCH 25/42] [pesign] Only shut down nss in pesign.c if we're not
the daemon.
The daemon does its own init and shutdown.
diff --git a/0026-Rework-setup_digests-and-teardown_digests.patch b/0026-Rework-setup_digests-and-teardown_digests.patch
index 91adea6..33cb3a0 100644
--- a/0026-Rework-setup_digests-and-teardown_digests.patch
+++ b/0026-Rework-setup_digests-and-teardown_digests.patch
@@ -1,7 +1,7 @@
From 4efe979d6b781e064fe1afa946753ead9e3bbb9d Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Wed, 17 Oct 2012 17:49:17 -0400
-Subject: [PATCH 26/41] Rework setup_digests() and teardown_digests()
+Subject: [PATCH 26/42] Rework setup_digests() and teardown_digests()
This fixes the problem I was seeing with empty content_info digests, and
makes the code a /little/ bit cleaner in some ways.
diff --git a/0027-We-shouldn-t-need-Environment-NSS_STRICT_NOFORK-DISA.patch b/0027-We-shouldn-t-need-Environment-NSS_STRICT_NOFORK-DISA.patch
index d8bba7d..1b8beaa 100644
--- a/0027-We-shouldn-t-need-Environment-NSS_STRICT_NOFORK-DISA.patch
+++ b/0027-We-shouldn-t-need-Environment-NSS_STRICT_NOFORK-DISA.patch
@@ -1,7 +1,7 @@
From 15cd554d35c5ea8d31671b346dffd84e27e7c6ec Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Wed, 17 Oct 2012 17:52:57 -0400
-Subject: [PATCH 27/41] We shouldn't need
+Subject: [PATCH 27/42] We shouldn't need
Environment=NSS_STRICT_NOFORK=DISABLED any more.
Since NSS_Init is called from the daemon now, we should get past its
diff --git a/0028-Fix-errors-found-by-coverity.patch b/0028-Fix-errors-found-by-coverity.patch
index 9c77d62..75a4bb0 100644
--- a/0028-Fix-errors-found-by-coverity.patch
+++ b/0028-Fix-errors-found-by-coverity.patch
@@ -1,7 +1,7 @@
From 1b94dd90f5a1c65df16ffe3b0619ce5dc0ca1f06 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Wed, 17 Oct 2012 19:59:49 -0400
-Subject: [PATCH 28/41] Fix errors found by coverity.
+Subject: [PATCH 28/42] Fix errors found by coverity.
Signed-off-by: Peter Jones <pjones at redhat.com>
---
diff --git a/0029-Don-t-keep-the-DEPS-list-twice.patch b/0029-Don-t-keep-the-DEPS-list-twice.patch
index e3ae001..9681fa4 100644
--- a/0029-Don-t-keep-the-DEPS-list-twice.patch
+++ b/0029-Don-t-keep-the-DEPS-list-twice.patch
@@ -1,7 +1,7 @@
From 95c0fe1d512fcdf3b397359fb0f54dc44e5947c2 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Thu, 18 Oct 2012 09:12:25 -0400
-Subject: [PATCH 29/41] Don't keep the DEPS list twice.
+Subject: [PATCH 29/42] Don't keep the DEPS list twice.
Signed-off-by: Peter Jones <pjones at redhat.com>
---
diff --git a/0030-Don-t-build-util-right-now.patch b/0030-Don-t-build-util-right-now.patch
index 6ac8bf2..97a736b 100644
--- a/0030-Don-t-build-util-right-now.patch
+++ b/0030-Don-t-build-util-right-now.patch
@@ -1,7 +1,7 @@
From 44aad110fd3f0a12e1817d95047f882c4d8b0fce Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Thu, 18 Oct 2012 11:36:10 -0400
-Subject: [PATCH 30/41] Don't build util/ right now.
+Subject: [PATCH 30/42] Don't build util/ right now.
Signed-off-by: Peter Jones <pjones at redhat.com>
---
diff --git a/0031-Make-install_systemd-and-install_sysvinit-separate-t.patch b/0031-Make-install_systemd-and-install_sysvinit-separate-t.patch
index 7a91b6c..9f1cd07 100644
--- a/0031-Make-install_systemd-and-install_sysvinit-separate-t.patch
+++ b/0031-Make-install_systemd-and-install_sysvinit-separate-t.patch
@@ -1,7 +1,7 @@
From 4c13f6d393db0aa5ff5b327cb5e842ee21522236 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Thu, 18 Oct 2012 13:09:58 -0400
-Subject: [PATCH 31/41] Make "install_systemd" and "install_sysvinit" separate
+Subject: [PATCH 31/42] Make "install_systemd" and "install_sysvinit" separate
targets
Signed-off-by: Peter Jones <pjones at redhat.com>
diff --git a/0032-Get-rid-of-an-unnecessary-allocation.patch b/0032-Get-rid-of-an-unnecessary-allocation.patch
index 15a6166..6a8c9dd 100644
--- a/0032-Get-rid-of-an-unnecessary-allocation.patch
+++ b/0032-Get-rid-of-an-unnecessary-allocation.patch
@@ -1,7 +1,7 @@
From df1b69e304f2a7eb82e2f94e50f07099afbf4578 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Thu, 18 Oct 2012 13:10:28 -0400
-Subject: [PATCH 32/41] Get rid of an unnecessary allocation.
+Subject: [PATCH 32/42] Get rid of an unnecessary allocation.
Signed-off-by: Peter Jones <pjones at redhat.com>
---
diff --git a/0033-Allow-use-of-e-from-rpm-macro.patch b/0033-Allow-use-of-e-from-rpm-macro.patch
index 90f68f8..11fb55d 100644
--- a/0033-Allow-use-of-e-from-rpm-macro.patch
+++ b/0033-Allow-use-of-e-from-rpm-macro.patch
@@ -1,7 +1,7 @@
From 24a63eab7ddbe2be3ab6b25b04602d8e3fe5d775 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Thu, 18 Oct 2012 14:28:36 -0400
-Subject: [PATCH 33/41] Allow use of -e from rpm macro.
+Subject: [PATCH 33/42] Allow use of -e from rpm macro.
Signed-off-by: Peter Jones <pjones at redhat.com>
---
diff --git a/0034-Make-client-use-e-like-pesign-does-rather-than-detac.patch b/0034-Make-client-use-e-like-pesign-does-rather-than-detac.patch
index 4a2eaea..84a201d 100644
--- a/0034-Make-client-use-e-like-pesign-does-rather-than-detac.patch
+++ b/0034-Make-client-use-e-like-pesign-does-rather-than-detac.patch
@@ -1,7 +1,7 @@
From e5c632516a2a31f3e184d0ca9d8ac5ceba1f9015 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Thu, 18 Oct 2012 14:55:07 -0400
-Subject: [PATCH 34/41] Make client use -e like pesign does, rather than
+Subject: [PATCH 34/42] Make client use -e like pesign does, rather than
--detached.
This way we can use the same macros for them.
diff --git a/0035-Fix-shutdown-by-systemd-to-remove-socket-and-pidfile.patch b/0035-Fix-shutdown-by-systemd-to-remove-socket-and-pidfile.patch
index c97a79b..8934dab 100644
--- a/0035-Fix-shutdown-by-systemd-to-remove-socket-and-pidfile.patch
+++ b/0035-Fix-shutdown-by-systemd-to-remove-socket-and-pidfile.patch
@@ -1,7 +1,7 @@
From f1a2f097cfb290951702251703abcd34ca0bf9e6 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Thu, 18 Oct 2012 15:13:11 -0400
-Subject: [PATCH 35/41] Fix shutdown by systemd to remove socket and pidfile.
+Subject: [PATCH 35/42] Fix shutdown by systemd to remove socket and pidfile.
Signed-off-by: Peter Jones <pjones at redhat.com>
---
diff --git a/0036-Make-the-macros-use-the-default-fedora-signer-if-the.patch b/0036-Make-the-macros-use-the-default-fedora-signer-if-the.patch
index 9766d3e..08c6117 100644
--- a/0036-Make-the-macros-use-the-default-fedora-signer-if-the.patch
+++ b/0036-Make-the-macros-use-the-default-fedora-signer-if-the.patch
@@ -1,7 +1,7 @@
From 22308fbfb540b5215efb9ce96a4dfdce08ef9165 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Thu, 18 Oct 2012 15:16:05 -0400
-Subject: [PATCH 36/41] Make the macros use the default (fedora) signer if
+Subject: [PATCH 36/42] Make the macros use the default (fedora) signer if
there's a daemon running.
Signed-off-by: Peter Jones <pjones at redhat.com>
diff --git a/0037-Fix-command-line-checking-for-s.patch b/0037-Fix-command-line-checking-for-s.patch
index 67d7cac..b35ecc7 100644
--- a/0037-Fix-command-line-checking-for-s.patch
+++ b/0037-Fix-command-line-checking-for-s.patch
@@ -1,7 +1,7 @@
From abe7981ba049b23ae9c42da92559576c6e0cc53b Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Fri, 19 Oct 2012 10:07:40 -0400
-Subject: [PATCH 37/41] Fix command line checking for -s.
+Subject: [PATCH 37/42] Fix command line checking for -s.
Accidentally applied when not using -s. Woops.
diff --git a/0038-Add-support-to-read-the-pin-from-stdin-in-client.patch b/0038-Add-support-to-read-the-pin-from-stdin-in-client.patch
index cca71f2..7ede208 100644
--- a/0038-Add-support-to-read-the-pin-from-stdin-in-client.patch
+++ b/0038-Add-support-to-read-the-pin-from-stdin-in-client.patch
@@ -1,7 +1,7 @@
From 8067d9bace148a254528fdf752f083d2a0debada Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Fri, 19 Oct 2012 10:08:26 -0400
-Subject: [PATCH 38/41] Add support to read the pin from stdin in client.
+Subject: [PATCH 38/42] Add support to read the pin from stdin in client.
Signed-off-by: Peter Jones <pjones at redhat.com>
---
diff --git a/0039-Fix-token-auth-authentication-failure-error-reportin.patch b/0039-Fix-token-auth-authentication-failure-error-reportin.patch
index fb243c8..4451ac5 100644
--- a/0039-Fix-token-auth-authentication-failure-error-reportin.patch
+++ b/0039-Fix-token-auth-authentication-failure-error-reportin.patch
@@ -1,7 +1,7 @@
From 3ceb3eb5b1c36ead2a862bcec5e527f74dc91381 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Fri, 19 Oct 2012 10:08:49 -0400
-Subject: [PATCH 39/41] Fix token auth authentication failure error reporting.
+Subject: [PATCH 39/42] Fix token auth authentication failure error reporting.
Signed-off-by: Peter Jones <pjones at redhat.com>
---
diff --git a/0040-Use-setfacl-in-sysvinit-script-to-allow-kojibuilder-.patch b/0040-Use-setfacl-in-sysvinit-script-to-allow-kojibuilder-.patch
index e613be2..95443c8 100644
--- a/0040-Use-setfacl-in-sysvinit-script-to-allow-kojibuilder-.patch
+++ b/0040-Use-setfacl-in-sysvinit-script-to-allow-kojibuilder-.patch
@@ -1,7 +1,7 @@
From 9c2daa8d3761b49961498cb9a9bbc8a37e05b0da Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Fri, 19 Oct 2012 10:19:39 -0400
-Subject: [PATCH 40/41] Use setfacl in sysvinit script to allow kojibuilder
+Subject: [PATCH 40/42] Use setfacl in sysvinit script to allow kojibuilder
access.
---
diff --git a/0041-Don-t-return-quite-so-immediately-if-we-re-the-paren.patch b/0041-Don-t-return-quite-so-immediately-if-we-re-the-paren.patch
index f98027f..49f5f6a 100644
--- a/0041-Don-t-return-quite-so-immediately-if-we-re-the-paren.patch
+++ b/0041-Don-t-return-quite-so-immediately-if-we-re-the-paren.patch
@@ -1,7 +1,7 @@
From 2bd84dcfbdf084bcfb3e6d7c26756ca3783cdae4 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones at redhat.com>
Date: Fri, 19 Oct 2012 10:20:40 -0400
-Subject: [PATCH 41/41] Don't return quite so immediately if we're the parent
+Subject: [PATCH 41/42] Don't return quite so immediately if we're the parent
pid when daemonizing.
Long term we probably want to look for the socket and/or sigchld instead
diff --git a/0042-Get-the-Fedora-signing-token-name-right.patch b/0042-Get-the-Fedora-signing-token-name-right.patch
new file mode 100644
index 0000000..e68fba4
--- /dev/null
+++ b/0042-Get-the-Fedora-signing-token-name-right.patch
@@ -0,0 +1,28 @@
+From b699c67004807c53d7c22328ba15304c4f9748a9 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones at redhat.com>
+Date: Fri, 19 Oct 2012 19:16:52 -0400
+Subject: [PATCH 42/42] Get the Fedora signing token name right.
+
+Because, you know, we're not signing with the CA token.
+
+Signed-off-by: Peter Jones <pjones at redhat.com>
+---
+ src/macros.pesign | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/macros.pesign b/src/macros.pesign
+index fb9d21e..4996d7c 100644
+--- a/src/macros.pesign
++++ b/src/macros.pesign
+@@ -15,7 +15,7 @@
+ %pesign(i:o:C:e:s) \
+ if [ -x %{_pesign} -a "%{_target_cpu}" == "x86_64" ]; then \
+ if [ -e /var/run/pesign/socket ]; then \
+- %{_pesign_client} -t "OpenSC Card (Fedora Signing CA)" \\\
++ %{_pesign_client} -t "OpenSC Card (Fedora Signer)" \\\
+ -c "/CN=Fedora Secure Boot Signer" \\\
+ %{-i} %{-o} %{-e} %{-s} \
+ else \
+--
+1.7.12.1
+
diff --git a/pesign.spec b/pesign.spec
index 9445ee9..b9fc3a3 100644
--- a/pesign.spec
+++ b/pesign.spec
@@ -1,7 +1,7 @@
Summary: Signing utility for UEFI binaries
Name: pesign
Version: 0.99
-Release: 7%{?dist}
+Release: 8%{?dist}
Group: Development/System
License: GPLv2
URL: https://github.com/vathpela/pesign
@@ -59,6 +59,7 @@ Patch38: 0038-Add-support-to-read-the-pin-from-stdin-in-client.patch
Patch39: 0039-Fix-token-auth-authentication-failure-error-reportin.patch
Patch40: 0040-Use-setfacl-in-sysvinit-script-to-allow-kojibuilder-.patch
Patch41: 0041-Don-t-return-quite-so-immediately-if-we-re-the-paren.patch
+Patch42: 0042-Get-the-Fedora-signing-token-name-right.patch
%description
This package contains the pesign utility for signing UEFI binaries as
@@ -128,6 +129,9 @@ exit 0
%ghost %attr(0660, -, -) %{_localstatedir}/run/%{name}/pesign.pid
%changelog
+* Fri Oct 19 2012 Peter Jones <pjones at redhat.com> - 0.99-8
+- Get the Fedora signing token name right.
+
* Fri Oct 19 2012 Peter Jones <pjones at redhat.com>
- Add coolkey and opensc modules to pki database during %%install.
More information about the scm-commits
mailing list