From 4c5d5408bf0c24e446b62ff010628e7db3766dd9 Mon Sep 17 00:00:00 2001
From: Norbert Pocs <npocs@redhat.com>
Date: Tue, 4 Oct 2022 14:41:18 +0200
Subject: [PATCH] Add pkcs11 support

Fix broken libsofthsm2.so detection in the test on i686 arch
Add missing bugzilla references from rebase commit

Related: rhbz#2026449
Resolves: rhbz#1977913, rhbz#1975500

Signed-off-by: Norbert Pocs <npocs@redhat.com>
---
 libssh.spec           | 14 +++++++++++++-
 pkcs11_test_fix.patch | 42 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 55 insertions(+), 1 deletion(-)
 create mode 100644 pkcs11_test_fix.patch

diff --git a/libssh.spec b/libssh.spec
index b1136b9..3ba9767 100644
--- a/libssh.spec
+++ b/libssh.spec
@@ -1,6 +1,6 @@
 Name:           libssh
 Version:        0.10.4
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        A library implementing the SSH protocol
 License:        LGPLv2+
 URL:            http://www.libssh.org
@@ -15,6 +15,7 @@ BuildRequires:  cmake
 BuildRequires:  gcc-c++
 BuildRequires:  gnupg2
 BuildRequires:  openssl-devel
+BuildRequires:  openssl-pkcs11
 BuildRequires:  pkgconfig
 BuildRequires:  zlib-devel
 BuildRequires:  krb5-devel
@@ -26,6 +27,8 @@ BuildRequires:  uid_wrapper
 BuildRequires:  openssh-clients
 BuildRequires:  openssh-server
 BuildRequires:  nmap-ncat
+BuildRequires:  softhsm
+BuildRequires:  gnutls-utils
 
 Requires:       %{name}-config = %{version}-%{release}
 Requires:       crypto-policies
@@ -37,6 +40,7 @@ Provides: libssh_threads.so.4
 %endif
 
 Patch1: coverity_scan.patch
+Patch2: pkcs11_test_fix.patch
 
 %description
 The ssh library was designed to be used by programmers needing a working SSH
@@ -71,6 +75,7 @@ gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
     -DUNIT_TESTING=ON \
     -DCLIENT_TESTING=ON \
     -DSERVER_TESTING=ON \
+    -DWITH_PKCS11_URI=ON \
     -DGLOBAL_CLIENT_CONFIG="%{_sysconfdir}/libssh/libssh_client.config" \
     -DGLOBAL_BIND_CONFIG="%{_sysconfdir}/libssh/libssh_server.config"
 
@@ -128,6 +133,13 @@ popd
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config
 
 %changelog
+* Tue Oct 4 2022 Norbert Pocs <npocs@redhat.com> - 0.10.4-3
+- Enable pkcs11 support
+- Fix broken libsofthsm path on i686
+- Add missing bugzilla references from the rebase commit
+- Related: rhbz#2026449
+- Resolves: rhbz#1977913, rhbz#1975500
+
 * Tue Sep 27 2022 Norbert Pocs <npocs@redhat.com> - 0.10.4-2
 - Fix coverity scan issues
 - Resolves: rhbz#2130126
diff --git a/pkcs11_test_fix.patch b/pkcs11_test_fix.patch
new file mode 100644
index 0000000..5af27fd
--- /dev/null
+++ b/pkcs11_test_fix.patch
@@ -0,0 +1,42 @@
+diff --git a/tests/pkcs11/setup-softhsm-tokens.sh b/tests/pkcs11/setup-softhsm-tokens.sh
+index 532c86a7..8a15c2e9 100755
+--- a/tests/pkcs11/setup-softhsm-tokens.sh
++++ b/tests/pkcs11/setup-softhsm-tokens.sh
+@@ -41,8 +41,27 @@ if [ $ret -ne 0 ]; then
+     exit 1
+ fi
+ 
++find_library_path() {
++    echo "$@"
++    for _lib in "$@" ; do
++        if test -f "$_lib" ; then
++            LIBSOFTHSM_PATH="$_lib"
++            echo "Using libsofthsm path: $_lib"
++            return
++        fi
++    done
++    echo "libsofthsm2.so not found"
++    exit 1
++}
++
++find_library_path \
++    /usr/lib64/libsofthsm2.so \
++    /usr/lib/libsofthsm2.so \
++    /usr/local/lib/softhsm/libsofthsm2.so \
++    /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so
++
+ #load private key
+-cmd='p11tool --provider /usr/lib64/pkcs11/libsofthsm2.so --write --load-privkey "$PRIVKEY" --label "$OBJNAME" --login --set-pin=1234 "pkcs11:token="$OBJNAME""'
++cmd='p11tool --provider $LIBSOFTHSM_PATH --write --load-privkey "$PRIVKEY" --label "$OBJNAME" --login --set-pin=1234 "pkcs11:token="$OBJNAME""'
+ eval echo "$cmd"
+ out=$(eval $cmd)
+ ret=$?
+@@ -58,7 +77,7 @@ ls -l $TESTDIR
+ 
+ if [ $LOADPUBLIC -ne 0 ]; then
+ #load public key
+-    cmd='p11tool --provider /usr/lib64/pkcs11/libsofthsm2.so --write --load-pubkey "$PUBKEY" --label "$OBJNAME" --login --set-pin=1234 "pkcs11:token="$OBJNAME""'
++    cmd='p11tool --provider $LIBSOFTHSM_PATH --write --load-pubkey "$PUBKEY" --label "$OBJNAME" --login --set-pin=1234 "pkcs11:token="$OBJNAME""'
+     eval echo "$cmd"
+     out=$(eval $cmd)
+     ret=$?