diff --git a/0001-tlshd-fix-max-config-file-size-comparison.patch b/0001-tlshd-fix-max-config-file-size-comparison.patch deleted file mode 100644 index c6a4a1c..0000000 --- a/0001-tlshd-fix-max-config-file-size-comparison.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 52ac9ff05a5edb5ccda33ee186ba388553b258c4 Mon Sep 17 00:00:00 2001 -From: Jeff Layton -Date: Tue, 20 Jun 2023 13:20:14 -0400 -Subject: [PATCH] tlshd: fix max config file size comparison - -gcc throws a warning on 32-bit x86 because of signedness mismatch: - -config.c:155:52: error: comparison of integer expressions of different signedness: '__off_t' {aka 'long int'} and 'unsigned int' [-Werror=sign-compare] - 155 | if (statbuf.st_size < 0 || statbuf.st_size > UINT_MAX) { - | ^ - -st_size is a signed value (off_t), but UINT_MAX is unsigned. - -Change it to compare against INT_MAX instead. This technically cuts the -max size of the config file in half to only 2GB, but I don't think we'll -miss it. - -Cc: Steve Dickson -Reported-by: Petr Pisar -Link: https://bugzilla.redhat.com/show_bug.cgi?id=2182151 -Signed-off-by: Jeff Layton -Signed-off-by: Chuck Lever ---- - src/tlshd/config.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/tlshd/config.c b/src/tlshd/config.c -index 87cc4018733b..bdab98b9fba4 100644 ---- a/src/tlshd/config.c -+++ b/src/tlshd/config.c -@@ -152,7 +152,7 @@ static bool tlshd_config_read_datum(const char *pathname, gnutls_datum_t *data, - tlshd_log_perror("stat"); - goto out_close; - } -- if (statbuf.st_size < 0 || statbuf.st_size > UINT_MAX) { -+ if (statbuf.st_size < 0 || statbuf.st_size > INT_MAX) { - tlshd_log_error("Bad config file size: %lld", statbuf.st_size); - goto out_close; - } --- -2.41.0 - diff --git a/ktls-utils-0.11-nvme-default-keyring.patch b/ktls-utils-0.11-nvme-default-keyring.patch new file mode 100644 index 0000000..fcb764a --- /dev/null +++ b/ktls-utils-0.11-nvme-default-keyring.patch @@ -0,0 +1,43 @@ +From 311d9438b984e3b2a36bd88fb3ab8c87c38701fa Mon Sep 17 00:00:00 2001 +From: Daniel Wagner +Date: Thu, 24 Oct 2024 13:15:44 +0200 +Subject: [PATCH] tlshd: always link .nvme default keyring into the session + +A common use case for tlshd is to authenticate TLS sessions for the nvme +subsystem. Currently, the user has to explicitly list a keyring (even +the defautl one) in the configuration file so that tlshd running +as daemon (started via systemd) to find any key. + +Thus always link the default .nvme keyring into the current session, +which makes the daemon work out of the box for default configurations. + +Signed-off-by: Daniel Wagner +--- + src/tlshd/config.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/tlshd/config.c b/src/tlshd/config.c +index fae83b3..8becbe0 100644 +--- a/src/tlshd/config.c ++++ b/src/tlshd/config.c +@@ -91,10 +91,17 @@ bool tlshd_config_init(const gchar *pathname) + "keyrings", &length, NULL); + if (keyrings) { + for (i = 0; i < length; i++) { ++ if (!strcmp(keyrings[i], ".nvme")) ++ continue; + tlshd_keyring_link_session(keyrings[i]); + } + g_strfreev(keyrings); + } ++ /* ++ * Always link the default nvme subsystem keyring into the ++ * session. ++ */ ++ tlshd_keyring_link_session(".nvme"); + + return true; + } +-- +2.47.1 + diff --git a/ktls-utils.spec b/ktls-utils.spec index 0eccf73..827514c 100644 --- a/ktls-utils.spec +++ b/ktls-utils.spec @@ -3,7 +3,7 @@ Name: ktls-utils Version: %{baseversion} -Release: 0%{?dist} +Release: 1%{?dist} Summary: TLS handshake agent for kernel sockets %forgemeta @@ -14,6 +14,11 @@ URL: %{forgeurl} # FIXME: is this a bug in the tagging scheme or forgesource macro? Source0: %{forgeurl}/releases/download/%{name}-%{baseversion}/%{name}-%{baseversion}.tar.gz +# +# RHEL-9.6 +# +Patch001: ktls-utils-0.11-nvme-default-keyring.patch + BuildRequires: bash systemd-rpm-macros BuildRequires: gcc make coreutils BuildRequires: pkgconfig(gnutls) >= 3.3.0 @@ -66,6 +71,9 @@ standard kTLS socket options. %systemd_postun_with_restart tlshd.service %changelog +* Tue Feb 04 2025 Steve Dickson 0.11-1 +- tlshd: link .nvme default keyring into the session (RHEL-71505) + * Mon Jun 17 2024 Steve Dickson 0.11-0 - Release ktls-utils 0.11 (RHEL-39442)