Add pkcs11 support

Fix broken libsofthsm2.so detection in the test on i686 arch
Add missing bugzilla references from rebase commit

Related: rhbz#2026449
Resolves: rhbz#1977913, rhbz#1975500

Signed-off-by: Norbert Pocs <npocs@redhat.com>
This commit is contained in:
Norbert Pocs 2022-10-04 14:41:18 +02:00
parent ed3909edd6
commit 4c5d5408bf
2 changed files with 55 additions and 1 deletions

View File

@ -1,6 +1,6 @@
Name: libssh Name: libssh
Version: 0.10.4 Version: 0.10.4
Release: 2%{?dist} Release: 3%{?dist}
Summary: A library implementing the SSH protocol Summary: A library implementing the SSH protocol
License: LGPLv2+ License: LGPLv2+
URL: http://www.libssh.org URL: http://www.libssh.org
@ -15,6 +15,7 @@ BuildRequires: cmake
BuildRequires: gcc-c++ BuildRequires: gcc-c++
BuildRequires: gnupg2 BuildRequires: gnupg2
BuildRequires: openssl-devel BuildRequires: openssl-devel
BuildRequires: openssl-pkcs11
BuildRequires: pkgconfig BuildRequires: pkgconfig
BuildRequires: zlib-devel BuildRequires: zlib-devel
BuildRequires: krb5-devel BuildRequires: krb5-devel
@ -26,6 +27,8 @@ BuildRequires: uid_wrapper
BuildRequires: openssh-clients BuildRequires: openssh-clients
BuildRequires: openssh-server BuildRequires: openssh-server
BuildRequires: nmap-ncat BuildRequires: nmap-ncat
BuildRequires: softhsm
BuildRequires: gnutls-utils
Requires: %{name}-config = %{version}-%{release} Requires: %{name}-config = %{version}-%{release}
Requires: crypto-policies Requires: crypto-policies
@ -37,6 +40,7 @@ Provides: libssh_threads.so.4
%endif %endif
Patch1: coverity_scan.patch Patch1: coverity_scan.patch
Patch2: pkcs11_test_fix.patch
%description %description
The ssh library was designed to be used by programmers needing a working SSH The ssh library was designed to be used by programmers needing a working SSH
@ -71,6 +75,7 @@ gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
-DUNIT_TESTING=ON \ -DUNIT_TESTING=ON \
-DCLIENT_TESTING=ON \ -DCLIENT_TESTING=ON \
-DSERVER_TESTING=ON \ -DSERVER_TESTING=ON \
-DWITH_PKCS11_URI=ON \
-DGLOBAL_CLIENT_CONFIG="%{_sysconfdir}/libssh/libssh_client.config" \ -DGLOBAL_CLIENT_CONFIG="%{_sysconfdir}/libssh/libssh_client.config" \
-DGLOBAL_BIND_CONFIG="%{_sysconfdir}/libssh/libssh_server.config" -DGLOBAL_BIND_CONFIG="%{_sysconfdir}/libssh/libssh_server.config"
@ -128,6 +133,13 @@ popd
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config
%changelog %changelog
* Tue Oct 4 2022 Norbert Pocs <npocs@redhat.com> - 0.10.4-3
- Enable pkcs11 support
- Fix broken libsofthsm path on i686
- Add missing bugzilla references from the rebase commit
- Related: rhbz#2026449
- Resolves: rhbz#1977913, rhbz#1975500
* Tue Sep 27 2022 Norbert Pocs <npocs@redhat.com> - 0.10.4-2 * Tue Sep 27 2022 Norbert Pocs <npocs@redhat.com> - 0.10.4-2
- Fix coverity scan issues - Fix coverity scan issues
- Resolves: rhbz#2130126 - Resolves: rhbz#2130126

42
pkcs11_test_fix.patch Normal file
View File

@ -0,0 +1,42 @@
diff --git a/tests/pkcs11/setup-softhsm-tokens.sh b/tests/pkcs11/setup-softhsm-tokens.sh
index 532c86a7..8a15c2e9 100755
--- a/tests/pkcs11/setup-softhsm-tokens.sh
+++ b/tests/pkcs11/setup-softhsm-tokens.sh
@@ -41,8 +41,27 @@ if [ $ret -ne 0 ]; then
exit 1
fi
+find_library_path() {
+ echo "$@"
+ for _lib in "$@" ; do
+ if test -f "$_lib" ; then
+ LIBSOFTHSM_PATH="$_lib"
+ echo "Using libsofthsm path: $_lib"
+ return
+ fi
+ done
+ echo "libsofthsm2.so not found"
+ exit 1
+}
+
+find_library_path \
+ /usr/lib64/libsofthsm2.so \
+ /usr/lib/libsofthsm2.so \
+ /usr/local/lib/softhsm/libsofthsm2.so \
+ /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so
+
#load private key
-cmd='p11tool --provider /usr/lib64/pkcs11/libsofthsm2.so --write --load-privkey "$PRIVKEY" --label "$OBJNAME" --login --set-pin=1234 "pkcs11:token="$OBJNAME""'
+cmd='p11tool --provider $LIBSOFTHSM_PATH --write --load-privkey "$PRIVKEY" --label "$OBJNAME" --login --set-pin=1234 "pkcs11:token="$OBJNAME""'
eval echo "$cmd"
out=$(eval $cmd)
ret=$?
@@ -58,7 +77,7 @@ ls -l $TESTDIR
if [ $LOADPUBLIC -ne 0 ]; then
#load public key
- cmd='p11tool --provider /usr/lib64/pkcs11/libsofthsm2.so --write --load-pubkey "$PUBKEY" --label "$OBJNAME" --login --set-pin=1234 "pkcs11:token="$OBJNAME""'
+ cmd='p11tool --provider $LIBSOFTHSM_PATH --write --load-pubkey "$PUBKEY" --label "$OBJNAME" --login --set-pin=1234 "pkcs11:token="$OBJNAME""'
eval echo "$cmd"
out=$(eval $cmd)
ret=$?