tlshd: link .nvme default keyring into the session (RHEL-71505)

Signed-off-by: Steve Dickson <steved@redhat.com> Resolves: RHEL-71505
2025-02-04 06:31:38 -05:00 · 2025-02-04 06:31:38 -05:00 · 6b7ab9a84d
commit 6b7ab9a84d
parent 59b5fd3ee8
3 changed files with 52 additions and 43 deletions
--- a/0001-tlshd-fix-max-config-file-size-comparison.patch
+++ b/0001-tlshd-fix-max-config-file-size-comparison.patch
@ -1,42 +0,0 @@
-From 52ac9ff05a5edb5ccda33ee186ba388553b258c4 Mon Sep 17 00:00:00 2001
-From: Jeff Layton <jlayton@kernel.org>
-Date: Tue, 20 Jun 2023 13:20:14 -0400
-Subject: [PATCH] tlshd: fix max config file size comparison
-
-gcc throws a warning on 32-bit x86 because of signedness mismatch:
-
-config.c:155:52: error: comparison of integer expressions of different signedness: '__off_t' {aka 'long int'} and 'unsigned int' [-Werror=sign-compare]
-  155 |         if (statbuf.st_size < 0 || statbuf.st_size > UINT_MAX) {
-      |                                                    ^
-
-st_size is a signed value (off_t), but UINT_MAX is unsigned.
-
-Change it to compare against INT_MAX instead. This technically cuts the
-max size of the config file in half to only 2GB, but I don't think we'll
-miss it.
-
-Cc: Steve Dickson <steved@redhat.com>
-Reported-by: Petr Pisar <ppisar@redhat.com>
-Link: https://bugzilla.redhat.com/show_bug.cgi?id=2182151
-Signed-off-by: Jeff Layton <jlayton@kernel.org>
-Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
- src/tlshd/config.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/tlshd/config.c b/src/tlshd/config.c
-index 87cc4018733b..bdab98b9fba4 100644
--- a/src/tlshd/config.c
-+++ b/src/tlshd/config.c
-@@ -152,7 +152,7 @@ static bool tlshd_config_read_datum(const char *pathname, gnutls_datum_t *data,
- 		tlshd_log_perror("stat");
- 		goto out_close;
- 	}
-	if (statbuf.st_size < 0 || statbuf.st_size > UINT_MAX) {
-+	if (statbuf.st_size < 0 || statbuf.st_size > INT_MAX) {
- 		tlshd_log_error("Bad config file size: %lld", statbuf.st_size);
- 		goto out_close;
- 	}
-- 
-2.41.0
-
--- a/ktls-utils-0.11-nvme-default-keyring.patch
+++ b/ktls-utils-0.11-nvme-default-keyring.patch
@ -0,0 +1,43 @@
+From 311d9438b984e3b2a36bd88fb3ab8c87c38701fa Mon Sep 17 00:00:00 2001
+From: Daniel Wagner <wagi@monom.org>
+Date: Thu, 24 Oct 2024 13:15:44 +0200
+Subject: [PATCH] tlshd: always link .nvme default keyring into the session
+
+A common use case for tlshd is to authenticate TLS sessions for the nvme
+subsystem. Currently, the user has to explicitly list a keyring (even
+the defautl one) in the configuration file so that tlshd running
+as daemon (started via systemd) to find any key.
+
+Thus always link the default .nvme keyring into the current session,
+which makes the daemon work out of the box for default configurations.
+
+Signed-off-by: Daniel Wagner <wagi@monom.org>
+---
+ src/tlshd/config.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/tlshd/config.c b/src/tlshd/config.c
+index fae83b3..8becbe0 100644
+--- a/src/tlshd/config.c
+++ b/src/tlshd/config.c
+@@ -91,10 +91,17 @@ bool tlshd_config_init(const gchar *pathname)
+ 					      "keyrings", &length, NULL);
+ 	if (keyrings) {
+ 		for (i = 0; i < length; i++) {
+			if (!strcmp(keyrings[i], ".nvme"))
+				continue;
+ 			tlshd_keyring_link_session(keyrings[i]);
+ 		}
+ 		g_strfreev(keyrings);
+ 	}
+	/*
+	 * Always link the default nvme subsystem keyring into the
+	 * session.
+	 */
+	tlshd_keyring_link_session(".nvme");
+ 
+ 	return true;
+ }
+-- 
+2.47.1
+
--- a/ktls-utils.spec
+++ b/ktls-utils.spec
@ -3,7 +3,7 @@

 Name:           ktls-utils
 Version:        %{baseversion}
-Release:        0%{?dist}
+Release:        1%{?dist}
 Summary:        TLS handshake agent for kernel sockets

 %forgemeta
@ -14,6 +14,11 @@ URL:            %{forgeurl}
 # FIXME: is this a bug in the tagging scheme or forgesource macro?
 Source0:        %{forgeurl}/releases/download/%{name}-%{baseversion}/%{name}-%{baseversion}.tar.gz

+#
+# RHEL-9.6
+#
+Patch001: ktls-utils-0.11-nvme-default-keyring.patch
+
 BuildRequires:  bash systemd-rpm-macros
 BuildRequires:  gcc make coreutils
 BuildRequires:  pkgconfig(gnutls) >= 3.3.0
@ -66,6 +71,9 @@ standard kTLS socket options.
 %systemd_postun_with_restart tlshd.service

 %changelog
+* Tue Feb 04 2025 Steve Dickson <steved@redhat.com> 0.11-1
+- tlshd: link .nvme default keyring into the session (RHEL-71505)
+
 * Mon Jun 17 2024 Steve Dickson <steved@redhat.com> 0.11-0
 - Release ktls-utils 0.11 (RHEL-39442)