From 28732a2ec865a1b2f28534d0a2a65a331cb901b3 Mon Sep 17 00:00:00 2001 From: Scott Mayhew Date: Tue, 4 Feb 2025 11:03:19 -0500 Subject: [PATCH] tlshd: always link .nvme default keyring into the session (RHEL-76525) Resolves: RHEL-76525 --- ktls-utils-0.11-nvme-default-keyring.patch | 43 ++++++++++++++++++++++ ktls-utils.spec | 1 + 2 files changed, 44 insertions(+) create mode 100644 ktls-utils-0.11-nvme-default-keyring.patch diff --git a/ktls-utils-0.11-nvme-default-keyring.patch b/ktls-utils-0.11-nvme-default-keyring.patch new file mode 100644 index 0000000..abceb79 --- /dev/null +++ b/ktls-utils-0.11-nvme-default-keyring.patch @@ -0,0 +1,43 @@ +From 311d9438b984e3b2a36bd88fb3ab8c87c38701fa Mon Sep 17 00:00:00 2001 +From: Daniel Wagner +Date: Thu, 24 Oct 2024 13:15:44 +0200 +Subject: [PATCH] tlshd: always link .nvme default keyring into the session + +A common use case for tlshd is to authenticate TLS sessions for the nvme +subsystem. Currently, the user has to explicitly list a keyring (even +the defautl one) in the configuration file so that tlshd running +as daemon (started via systemd) to find any key. + +Thus always link the default .nvme keyring into the current session, +which makes the daemon work out of the box for default configurations. + +Signed-off-by: Daniel Wagner +--- + src/tlshd/config.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/tlshd/config.c b/src/tlshd/config.c +index fae83b3..8becbe0 100644 +--- a/src/tlshd/config.c ++++ b/src/tlshd/config.c +@@ -91,10 +91,17 @@ bool tlshd_config_init(const gchar *pathname) + "keyrings", &length, NULL); + if (keyrings) { + for (i = 0; i < length; i++) { ++ if (!strcmp(keyrings[i], ".nvme")) ++ continue; + tlshd_keyring_link_session(keyrings[i]); + } + g_strfreev(keyrings); + } ++ /* ++ * Always link the default nvme subsystem keyring into the ++ * session. ++ */ ++ tlshd_keyring_link_session(".nvme"); + + return true; + } +-- +2.48.1 + diff --git a/ktls-utils.spec b/ktls-utils.spec index 6cd28f4..c525d42 100644 --- a/ktls-utils.spec +++ b/ktls-utils.spec @@ -17,6 +17,7 @@ URL: %{forgeurl} Source0: %{forgeurl}/releases/download/%{name}-%{baseversion}/%{name}-%{baseversion}.tar.gz Patch0: ktls-utils-0.11-openscanhub.patch +Patch1: ktls-utils-0.11-nvme-default-keyring.patch BuildRequires: bash systemd-rpm-macros BuildRequires: gcc make coreutils