| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: pesign-systemd | Distribution: SUSE Linux 16 |
| Version: 116 | Vendor: SUSE LLC <https://www.suse.com/> |
| Release: 160000.2.2 | Build date: Mon Mar 3 03:52:58 2025 |
| Group: Productivity/Security | Build host: reproducible |
| Size: 625 | Source RPM: pesign-116-160000.2.2.src.rpm |
| Packager: https://www.suse.com/ | |
| Url: https://github.com/rhinstaller/pesign | |
| Summary: Systemd units for pesign | |
Systemd units for the pesign package.
GPL-3.0-or-later
* Mon Mar 03 2025 glin@suse.com
- Add pesign-bsc1238023-initialize-pwdata.patch to fall back to
password prompt correctly (bsc#1238023)
* Tue Feb 25 2025 obs.coke518@passinbox.com
- Enable build on loongarch64
* Tue Feb 18 2025 bluca@debian.org
- Add Requires: mozilla-nss-tools, pesign needs it at runtime to
sign/attach signatures
* Wed Mar 20 2024 glin@suse.com
- Add pesign-bsc1221694-fix-reversed-calloc-arguments.patch to
fix the parameters for calloc() (bsc#1221694)
* Thu Nov 02 2023 glin@suse.com
- Add the Provides tag for the files moved to pesign-systemd
* Wed Nov 01 2023 glin@suse.com
- Move rcpesign and %{_tmpfilesdir}/pesign.conf to pesign-systemd
* Fri Oct 06 2023 dcermak@suse.com
- Create pesign-systemd subpackage to remove systemd dependency
(jsc#PED-7256)
* Wed Feb 22 2023 glin@suse.com
- Update to 116
+ daemon: remove always-true comparison
+ pesum - add a new tool to the shed
+ Fix building signed kernels on setups other than koji
+ Add -D_GLIBCXX_ASSERTIONS to CPPFLAGS
+ macros.pesign: handle centos like rhel with --rhelver
+ Detect the presence of rpm-sign when checking for "rhel"-ness
+ Fix typo in efikeygen command
+ pesigcheck: Fix crash on digest match
+ cms: store digest as pointer instead of index
+ Fix mandoc invocation to not produce garbage
+ Password fixes
+ Re-work CMS's selected_digest again...
+ src/certs/make-certs: delete the duplicate codes
+ Free resources if certification cannot be found
+ macros: drop %{_pesign_args}
+ Fix two bugs from package building
+ Fix bad free of cms data (DoS only)
+ Send pesign stdout/err to systemd journal
+ Add missing Install section
+ Add default packages for pkg-config
+ Short delay to ensure /run/pesign/socket exists
+ Resolve crash when signature that is removed is not the end of
the list
+ Enhance error diagnostics about version mismatch
+ Upstream all Fedora changes
+ Add some hardening options to build
+ Add code of conduct
+ Fix build on gcc 12 and non-Fedora
- Add BuildRequires efivar-devel >= 38 for efisec.h
+ efisiglist is replaced by efisecdb in efivar 38
- Add BuildRequires mandoc to generate the manpages
- Replace pesign-privkey_unneeded.diff with
pesign-skip-auth-on-friendly-slot.patch to avoid the unnecessary
authentication
- Add pesign-fix-cert-match-check.patch to fix the subject name
matching
- Add pesign-fix-efikeygen-segfault.patch to fix the potential
crash when executing efikeygen
- Add pesign-bsc1202933-Remove-pesign-authorize.patch to remove
pesign-authorize completely (bsc#1202933)
- Refresh patches
+ harden_pesign.service.patch
+ pesign-boo1143063-remove-var-tracking.patch
+ pesign-boo1185663-set-rpmmacrodir.patch
+ pesign-fix-authvar-write-loop.patch
+ pesign-suse-build.patch
+ pesign-bsc1202933-Make-etc-pki-pesign-writeable.patch
- Remove upstreamed/unnecessary patches
+ pesign-boo1158197-fix-pesigncheck-gcc10.patch
+ pesign-efikeygen-Fix-the-build-with-nss-3.44.patch
+ pesign-run.patch
+ pesign-bsc1202933-Use-normal-file-permissions-instead-of-ACLs.patch
* Tue Feb 07 2023 glin@suse.com
- Add pesign-bsc1202933-Use-normal-file-permissions-instead-of-ACLs.patch
to use the normal file permissions in pesign-authorize to avoid
the potential security issue (bsc#1202933, CVE-2022-3560)
- Set the libexecdir path for "make" to fix the path to
pesign-authorize in pesign.service (bsc#1202933)
- Add pesign-bsc1202933-Make-etc-pki-pesign-writeable.patch to make
the default NSS datebase writeable (bsc#1202933)
* Thu Nov 11 2021 schwab@suse.de
- Enable build on riscv64
* Tue Nov 09 2021 gmbr3@opensuse.org
- Change to systemd-sysusers
* Tue Oct 19 2021 jsegitz@suse.com
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_pesign.service.patch
* Tue Jun 08 2021 wolfgang.frisch@suse.com
- Link as Position Independent Executable (bsc#1184124).
* Fri May 07 2021 glin@suse.com
- Stop marking macros.pesign as %config
* Thu May 06 2021 glin@suse.com
- Add pesign-boo1185663-set-rpmmacrodir.patch to set the rpm macro
directory at build time (boo#1185663)
+ Also set rpmmacrodir when installing files
- Remove "make install" since "make install_systemd" invokes
"make install" automatically
* Tue May 05 2020 dimstar@opensuse.org
- Use %_tmpfilesdir instead of %{_libexecdir}/tmpfiles.d.
* Wed Dec 04 2019 glin@suse.com
- Add pesign-boo1158197-fix-pesigncheck-gcc10.patch to remove the
superfluous type settings in pesigcheck to fix the gcc10 errors
(boo#1158197)
* Wed Jul 31 2019 glin@suse.com
- Add pesign-boo1143063-remove-var-tracking.patch to remove
var-tracking from the default CFLAGS (boo#1143063)
* Thu Jul 11 2019 glin@suse.com
- Add pesign-efikeygen-Fix-the-build-with-nss-3.44.patch to fix
the compilation error when building with NSS 3.44
* Sun Jun 02 2019 jengelh@inai.de
- Trim conjecture from description.
* Mon May 13 2019 glin@suse.com
- Update to 113
+ Get rid of the 0.Y versioning
+ Make --padding the default
+ Add kmod signing (drake)
+ efisiglist format fixes
+ enforce the use of --kernel or --module in efikeygen
+ RPM macro updates
+ Move the license to GPLv3+
+ Use sql-type NSS database by default
+ Various documentation improvements.
+ Improve /etc/pki/pesign authorization scripts
+ Various pesigcheck improvements
+ Fix wrong oid offsets (bsc#1205323)
- Refresh patches
+ pesign-suse-build.patch
+ pesign-privkey_unneeded.diff
+ pesign-fix-authvar-write-loop.patch
- Drop upstreamed patches
+ pesign-fix-argument-list.patch
+ pesign-bsc1087742-fix-efisiglist.patch
- Drop pesign-fix-build-errors.patch since those warnings are gone
* Thu May 09 2019 guillaume.gardet@opensuse.org
- Enable build on %arm as we can sign kernel on %arm (boo#1134670)
* Fri Apr 26 2019 mvetter@suse.com
- bsc#1130588: Require shadow instead of old pwdutils
* Mon Apr 02 2018 glin@suse.com
- Add pesign-bsc1087742-fix-efisiglist.patch to fix the generation
of efi signature list. (bsc#1087742)
* Thu Aug 11 2016 glin@suse.com
- Add pesign-fix-argument-list.patch to fix the argument list
parsing
* Thu Apr 21 2016 glin@suse.com
- Update to 0.112
- Refresh patches: pesign-suse-build.patch and pesign-run.patch
- Drop upstreamed pesign-fix-signness.patch
* Tue Nov 10 2015 glin@suse.com
- Update to 0.111
- Add pesign-fix-signness.patch to fix the signness comparison
- Drop upstreamed patches
+ pesign-efivar-pkgconfig.patch
+ pesign-make-efi_guid_t-const.patch
+ pesign-fix-import-sig-check.patch
+ pesign-install-supplementary-programs.patch
- Refresh pesign-suse-build.patch, pesign-privkey_unneeded.diff,
and pesign-run.patch
- Update pesign-fix-build-errors.patch
- Merge use-standard-pid-location.patch into pesign-run.patch
* Tue Sep 01 2015 dimstar@opensuse.org
- Do not buildrequire systemd: it conflicts with systemd-mini,
which is pulled in by systemd-mini-devel (due to BuildRequires:
pkgconfig(systemd).
- As we lack systemd-tmpfiles in the build env, we ignore the
errors cast in the %post scriptlet.
* Fri Aug 14 2015 mpluskal@suse.com
- Update project url
- Use url for download
- Add rcpesign symlink
- Tiny spec file cleanup with spec-cleaner
* Mon Jul 13 2015 werner@suse.de
- Make it build, tool systemd-tmpfiles is part of systemd
* Tue Jun 16 2015 glin@suse.com
- Add pesign-efivar-pkgconfig.patch to get the efivar compiler
parameters from pkg-confg
- Add pesign-make-efi_guid_t-const.patch to avoid the error from
gcc
* Wed Nov 26 2014 glin@suse.com
- Add pesign-fix-import-sig-check.patch to fix the signature size
check while importing a signature
- Amend the spec file with spec-cleaner
* Fri Oct 31 2014 glin@suse.com
- Update pesign-suse-build.patch to set LIBDIR for AArch64
* Tue Oct 28 2014 glin@suse.com
- Update to version 0.110
- Add pesign-fix-authvar-write-loop.patch to fix the write loop in
authvar
- Add pesign-install-supplementary-programs.patch to install the
supplementary programs
- Refresh patches
+ pesign-fix-build-errors.patch
+ pesign-run.patch
+ pesign-suse-build.patch
- Drop upstreamed patches
+ pesign-clear-padding-bits.patch
+ pesign-enable-supplementary-programs.patch
+ pesign-no-db.patch
- Enable aarch64
* Tue Jul 01 2014 glin@suse.com
- Update pesign-enable-supplementary-programs.patch to fix write
loop
* Thu Jun 12 2014 glin@suse.com
- Add pesign-enable-supplementary-programs.patch to fix and enable
the supplementary programs: pesigcheck, authvar, efisiglist
* Wed Apr 16 2014 aj@suse.com
- Add pesign-run.patch: Use /run instead of /var/run (bnc#873857).
* Fri Jan 31 2014 lnussel@suse.de
- mark dir in /var/run as %ghost
* Thu Nov 07 2013 glin@suse.com
- Add pesign-no-db.patch to allow some commands to proceed without
a NSS database.
* Thu Oct 24 2013 glin@suse.com
- Revert the dowload Url since it's not valid
* Tue Oct 22 2013 p.drouand@gmail.com
- Update to version 0.109
- Remove sysvinit related old stuff
- Remove redundant %clean section
- Add use-standard-pid-location.patch
Use the good location to stock pidfile
- Use download Url as source
- Rebase pesign-suse-build.patch to upstream changes as it has been
partially merged on upstream
- Remove pesign-allow-no-issuer-cert.patch; fixed on upstream
* Thu Jul 18 2013 glin@suse.com
- Add pesign-allow-no-issuer-cert.patch to avoid crash when the
issuer's certificate is not available
* Tue Jul 09 2013 glin@suse.com
- Update to 0.106
- Add pesign-clear-padding-bits.patch to clear the padding bits
- Rebase patches:
+ pesign-suse-build.patch
+ pesign-fix-build-errors.patch
+ pesign-privkey_unneeded.diff
- Drop upstreamed patches
+ pesign-client-initialize-action.patch
+ pesign-bnc808594-align-signatures.patch
+ pesign-upstream-fixes.patch
+ pesign-fix-export-attributes.patch
+ pesign-no-set-image-size.patch
+ pesign-client-read-pin-file.patch
+ pesign-local-database.patch
+ pesign-bnc801653-teardown-segfault.patch
+ pesign-bnc805166-fix-signature-list.patch
* Tue Mar 26 2013 glin@suse.com
- Add pesign-bnc808594-align-signatures.patch to align signatures
(bnc#808594, bnc#811325)
* Fri Mar 01 2013 glin@suse.com
- Update pesign-bnc805166-fix-signature-list.patch to avoid the
potential crash when inserting a signature (bnc#805166)
- Add pwdutils to PreReq
* Mon Feb 25 2013 glin@suse.com
- Update pesign-bnc805166-fix-signature-list.patch to skip the
unneeded private key request. (bnc#805166c#17)
* Sat Feb 23 2013 jlee@suse.com
- Modified pesign-bnc805166-fix-signature-list.patch, block out the
source code for find/attach Issuer certificate
(bnc#805166 comment#13)
* Fri Feb 22 2013 glin@suse.com
- Add pesign-bnc805166-fix-signature-list.patch to fix the broken
signature list when inserting signature into a signed EFI binary
(bnc#805166)
* Tue Feb 12 2013 mls@suse.de
- do not try to recalculate the image size, it is included in the
hash and therefore must not change.
* Wed Feb 06 2013 glin@suse.com
- Merge patches for FATE#314552
+ pesign-fix-export-attributes.patch: fix crash when exporting
the signed attributes
+ pesign-privkey_unneeded.diff: Don't check the private key when
importing the raw signature
- Add pesign-bnc801653-teardown-segfault.patch to fix crash when
freeing digests (bnc801653)
- Drop pesign-digestdata.diff which is no longer needed.
* Mon Jan 21 2013 glin@suse.com
- Add pesign-digestdata.diff to generate digestdata (FATE#314552)
* Wed Dec 12 2012 fcrozat@suse.com
- Don't call sysv RPM post/pre macros when building for systemd
- Ship rcpesign for systemd, link to /sbin/service
- Update pesign-suse-build.patch to allow change systemd unit
install directory.
- Don't hardcode systemd unit directory, since it changed in
Factory.
* Tue Dec 11 2012 glin@suse.com
- Add Requires: pwdutils
* Wed Nov 28 2012 glin@suse.com
- Add pesign-local-database.patch to support the local certificate
database
- Amend the spec file to build on openSUSE:Factory
* Thu Nov 08 2012 glin@suse.com
- Version bump to 0.99 (FATE#314484)
+ Add documentation for --daemonize and --nofork
+ Make popt aliases work
+ Add documentation for pesign-client
+ Add --pinfd and --pinfile to the client
- Update pesign-suse-build.patch and pesign-fix-build-errors.patch
- Add pesign-upstream-fixes.patch to backport fixes from git head
and add sysvinit script
- Add pesign-client-initialize-action.patch to initialize client
action to avoid undetermined flags.
- Add pesign-client-read-pin-file.patch to fix pin file reading
* Mon Oct 15 2012 glin@suse.com
- Version bump to 0.98
+ close the socket immediately on invalid input
+ Slightly better error messages
+ Log an error if digest initialization fails
+ Add systemd bits for pesignd
+ Add actual signing code to the daemon
+ Add input and output setup for sign functionality in the daemon
+ Audit allocation of CERTCertificateList/PK11SlotList and
friends
+ Fix memory leaks
- Refresh pesign-suse-build.patch and pesign-fix-build-errors.patch
* Mon Aug 13 2012 glin@suse.com
- Version bump to 0.9
+ Add NSS "token" support for smartcards.
+ Allocate space for the section header variable
- Refresh pesign-fix-build-errors.patch to fix the warning
- Drop upstreamed pesign-allocate-shdr.patch
* Fri Aug 10 2012 glin@suse.com
- Add pesign-allocate-shdr.patch to allocate space for the section
header variable
* Thu Aug 09 2012 glin@suse.com
- Version bump to 0.8
+ Don't open the DB r/w, read-only is fine.
+ Attempt to do a better job setting the image size.
+ Emit correct OID for encryption type.
- Drop pesign-fix-image-size.patch which is already in 0.8
* Tue Aug 07 2012 glin@suse.com
- Add upstream patch pesign-fix-image-size.patch to set the image
size correctly.
- Drop pesign-elilo-workaround.patch
* Mon Aug 06 2012 glin@suse.com
- Version bump to 0.7
+ Fix incorrect initialization error in (undocumented) -e option.
+ Use SEC_OID_PKCS1_RSA_ENCRYPTION like MS
+ Initialize the index variable of loop
+ Adjust the buffer size to avoid overflow
+ Make sure pe_populatecert() always returns a value
* Mon Jul 23 2012 glin@suse.com
- Add pesign-elilo-workaround.patch to workaround the section
header corruption in some EFI image (elilo for example)
* Mon Jul 23 2012 glin@suse.com
- Add pesign-fix-build-errors.patch to fix build error/warning
- Don't install the util efi images
- Fix the RPM_OPT_FLAGS warning
* Thu Jul 12 2012 glin@suse.com
- Version bump to 0.5
+ Handle and report mremap() failure
+ Man page should be in section 1.
+ Add some basic signature list management.
+ Add some more efi-defined constants, flesh out efi_guid_t.
+ authver: Find a guid for 'namespace'.
+ Add some basic ucs2 functions :(
+ Support multiple signatures correctly.
+ Add ascii_to_ucs2()
+ Add file formats and some code for variables-on-disk.
+ Allow the memory map to move when we're allocating space in the
binary.
+ Remove extra call to ftruncate()
+ Adjust section addresses when we remap the pecoff binary.
+ Correctly set win_certificate.length to /include/
win_certificate.
+ Move certificate space iterator to wincert.c so other stuff can
get it.
+ Split allocating space for certs and filling it in.
+ Put the new signature into the cms ctx instead of keeping it
locally.
+ Actually calculate space and extend the file before hashing the
binary.
+ Bounds-check everything we're hashing so we don't segfault on a
bad bin.
- Add pesign-always-return-value.patch to fix
no-return-in-nonvoid-function
- Drop upsreamed patch pesign-mem-reallocation.patch
* Fri Jun 29 2012 glin@suse.com
- Add pesign-mem-reallocation.patch to fix crash when writing
signature
* Tue Jun 26 2012 glin@suse.com
- Version bump to 0.3
+ it seems to generate working signatures
* Thu Jun 21 2012 glin@suse.com
- New package pesign 0.2
/usr/lib/systemd/system/pesign.service /usr/lib/tmpfiles.d/pesign.conf /usr/sbin/rcpesign
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Sep 30 22:36:46 2025