From: Daan De Meyer Date: Fri, 21 Feb 2025 21:41:26 +0000 (+0100) Subject: sbsign: Don't set bit in SpcPeImageData->flags X-Git-Tag: v258-rc1~1273 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=66584a9335f9a3be5666209ddb34ae7d7f547189;p=thirdparty%2Fsystemd.git sbsign: Don't set bit in SpcPeImageData->flags Neither sbsign nor pesign set this flag in SpcPeImageData->flags, which is about which resources should be included specifying "Which portions of the Windows PE file are hashed." according to the authenticode spec. However, this is followed by "Although flags is always present, it is ignored when calculating the file hash for both signing and verification purposes". So as it doesn't seem to do anything useful and the other tools don't set any of these flags either, let's follow suite and not set this flag ourselves either. --- diff --git a/src/sbsign/sbsign.c b/src/sbsign/sbsign.c index a7e4047054c..db4216c7e5e 100644 --- a/src/sbsign/sbsign.c +++ b/src/sbsign/sbsign.c @@ -298,9 +298,6 @@ static int verb_sign(int argc, char *argv[], void *userdata) { if (!peid) return log_oom(); - if (ASN1_BIT_STRING_set_bit(peid->flags, 0, 1) == 0) - return log_oom(); - peid->file = TAKE_PTR(link); _cleanup_free_ uint8_t *peidraw = NULL;