diff --git a/.gitignore b/.gitignore index 43f999f..42550f2 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ /ktls-utils-0.10.tar.gz /ktls-utils-0.11.tar.gz +/ktls-utils-1.2.1.tar.gz diff --git a/ktls-utils-0.11-nvme-default-keyring.patch b/ktls-utils-0.11-nvme-default-keyring.patch deleted file mode 100644 index abceb79..0000000 --- a/ktls-utils-0.11-nvme-default-keyring.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 311d9438b984e3b2a36bd88fb3ab8c87c38701fa Mon Sep 17 00:00:00 2001 -From: Daniel Wagner -Date: Thu, 24 Oct 2024 13:15:44 +0200 -Subject: [PATCH] tlshd: always link .nvme default keyring into the session - -A common use case for tlshd is to authenticate TLS sessions for the nvme -subsystem. Currently, the user has to explicitly list a keyring (even -the defautl one) in the configuration file so that tlshd running -as daemon (started via systemd) to find any key. - -Thus always link the default .nvme keyring into the current session, -which makes the daemon work out of the box for default configurations. - -Signed-off-by: Daniel Wagner ---- - src/tlshd/config.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/src/tlshd/config.c b/src/tlshd/config.c -index fae83b3..8becbe0 100644 ---- a/src/tlshd/config.c -+++ b/src/tlshd/config.c -@@ -91,10 +91,17 @@ bool tlshd_config_init(const gchar *pathname) - "keyrings", &length, NULL); - if (keyrings) { - for (i = 0; i < length; i++) { -+ if (!strcmp(keyrings[i], ".nvme")) -+ continue; - tlshd_keyring_link_session(keyrings[i]); - } - g_strfreev(keyrings); - } -+ /* -+ * Always link the default nvme subsystem keyring into the -+ * session. -+ */ -+ tlshd_keyring_link_session(".nvme"); - - return true; - } --- -2.48.1 - diff --git a/ktls-utils-0.11-openscanhub.patch b/ktls-utils-0.11-openscanhub.patch deleted file mode 100644 index 891baca..0000000 --- a/ktls-utils-0.11-openscanhub.patch +++ /dev/null @@ -1,88 +0,0 @@ -diff --git a/src/tlshd/config.c b/src/tlshd/config.c -index 7b6a533..fae83b3 100644 ---- a/src/tlshd/config.c -+++ b/src/tlshd/config.c -@@ -186,6 +186,7 @@ bool tlshd_config_get_client_truststore(char **bundle) - return false; - } else if (access(pathname, F_OK)) { - tlshd_log_debug("client x509.truststore pathname \"%s\" is not accessible", pathname); -+ g_free(pathname); - return false; - } - -@@ -222,6 +223,7 @@ bool tlshd_config_get_client_certs(gnutls_pcert_st *certs, - return false; - } else if (access(pathname, F_OK)) { - tlshd_log_debug("client x509.certificate pathname \"%s\" is not accessible", pathname); -+ g_free(pathname); - return false; - } - -@@ -268,7 +270,8 @@ bool tlshd_config_get_client_privkey(gnutls_privkey_t *privkey) - g_error_free(error); - return false; - } else if (access(pathname, F_OK)) { -- tlshd_log_debug("client x095.private_key pathname \"%s\" is not accessible", pathname); -+ tlshd_log_debug("client x509.private_key pathname \"%s\" is not accessible", pathname); -+ g_free(pathname); - return false; - } - -@@ -321,6 +324,7 @@ bool tlshd_config_get_server_truststore(char **bundle) - return false; - } else if (access(pathname, F_OK)) { - tlshd_log_debug("server x509.truststore pathname \"%s\" is not accessible", pathname); -+ g_free(pathname); - return false; - } - -@@ -357,6 +361,7 @@ bool tlshd_config_get_server_certs(gnutls_pcert_st *certs, - return false; - } else if (access(pathname, F_OK)) { - tlshd_log_debug("server x509.certificate pathname \"%s\" is not accessible", pathname); -+ g_free(pathname); - return false; - } - -@@ -378,6 +383,7 @@ bool tlshd_config_get_server_certs(gnutls_pcert_st *certs, - - tlshd_log_debug("Retrieved %u x.509 server certificate(s) from %s", - *certs_len, pathname); -+ g_free(pathname); - return true; - } - -@@ -403,6 +409,7 @@ bool tlshd_config_get_server_privkey(gnutls_privkey_t *privkey) - return false; - } else if (access(pathname, F_OK)) { - tlshd_log_debug("server x509.privkey pathname \"%s\" is not accessible", pathname); -+ g_free(pathname); - return false; - } - -diff --git a/src/tlshd/handshake.c b/src/tlshd/handshake.c -index 50c2f62..768dac2 100644 ---- a/src/tlshd/handshake.c -+++ b/src/tlshd/handshake.c -@@ -59,7 +59,7 @@ static void tlshd_save_nagle(gnutls_session_t session, int *saved) - int ret; - - -- len = sizeof(saved); -+ len = sizeof(*saved); - ret = getsockopt(gnutls_transport_get_int(session), - IPPROTO_TCP, TCP_NODELAY, saved, &len); - if (ret < 0) { -diff --git a/src/tlshd/netlink.c b/src/tlshd/netlink.c -index 2e206f6..439904c 100644 ---- a/src/tlshd/netlink.c -+++ b/src/tlshd/netlink.c -@@ -269,7 +269,7 @@ static int tlshd_genl_valid_handler(struct nl_msg *msg, void *arg) - tlshd_parse_certificate(parms, tb[HANDSHAKE_A_ACCEPT_CERTIFICATE]); - - if (peername) -- strcpy(tlshd_peername, peername); -+ strncpy(tlshd_peername, peername, sizeof(tlshd_peername) - 1); - else { - err = getnameinfo(parms->peeraddr, parms->peeraddr_len, - tlshd_peername, sizeof(tlshd_peername), diff --git a/ktls-utils.spec b/ktls-utils.spec index c525d42..4cdd9c1 100644 --- a/ktls-utils.spec +++ b/ktls-utils.spec @@ -1,5 +1,5 @@ %global forgeurl https://github.com/oracle/ktls-utils -%global baseversion 0.11 +%global baseversion 1.2.1 Name: ktls-utils Version: %{baseversion} @@ -16,9 +16,6 @@ URL: %{forgeurl} # FIXME: is this a bug in the tagging scheme or forgesource macro? Source0: %{forgeurl}/releases/download/%{name}-%{baseversion}/%{name}-%{baseversion}.tar.gz -Patch0: ktls-utils-0.11-openscanhub.patch -Patch1: ktls-utils-0.11-nvme-default-keyring.patch - BuildRequires: bash systemd-rpm-macros BuildRequires: gcc make coreutils BuildRequires: pkgconfig(gnutls) >= 3.3.0 diff --git a/sources b/sources index 50d64dc..8418b92 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (ktls-utils-0.11.tar.gz) = ce59ef0c84f35bc68136664107cecdcb9b04c17c9315fadc6a2e59bdf8ceeb123e40e657da450eebd7594b09cf790bae30e48cdcfe9213191922fe19ad462231 +SHA512 (ktls-utils-1.2.1.tar.gz) = 34b5565d5c816bf4dc519b41b7dba9445c6c3dffc09b0eacb56fa7345e5d6daa909a8d682448f02a42063f7a66ed8e377047852a775723fd4cb08964bb7344ca