Add pkcs11 support

Fix broken libsofthsm2.so detection in the test on i686 arch Add missing bugzilla references from rebase commit Related: rhbz#2026449 Resolves: rhbz#1977913, rhbz#1975500 Signed-off-by: Norbert Pocs <npocs@redhat.com>
2022-10-04 14:41:18 +02:00 · 2022-10-04 14:41:18 +02:00 · 4c5d5408bf
commit 4c5d5408bf
parent ed3909edd6
2 changed files with 55 additions and 1 deletions
--- a/libssh.spec
+++ b/libssh.spec
@ -1,6 +1,6 @@
 Name:           libssh
 Version:        0.10.4
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        A library implementing the SSH protocol
 License:        LGPLv2+
 URL:            http://www.libssh.org
@ -15,6 +15,7 @@ BuildRequires:  cmake
 BuildRequires:  gcc-c++
 BuildRequires:  gnupg2
 BuildRequires:  openssl-devel
 BuildRequires:  openssl-pkcs11
 BuildRequires:  pkgconfig
 BuildRequires:  zlib-devel
 BuildRequires:  krb5-devel
@ -26,6 +27,8 @@ BuildRequires:  uid_wrapper
 BuildRequires:  openssh-clients
 BuildRequires:  openssh-server
 BuildRequires:  nmap-ncat
 BuildRequires:  softhsm
 BuildRequires:  gnutls-utils
 Requires:       %{name}-config = %{version}-%{release}
 Requires:       crypto-policies
@ -37,6 +40,7 @@ Provides: libssh_threads.so.4
 %endif
 Patch1: coverity_scan.patch
 Patch2: pkcs11_test_fix.patch
 %description
 The ssh library was designed to be used by programmers needing a working SSH
@ -71,6 +75,7 @@ gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
    -DUNIT_TESTING=ON \
    -DCLIENT_TESTING=ON \
    -DSERVER_TESTING=ON \
    -DWITH_PKCS11_URI=ON \
    -DGLOBAL_CLIENT_CONFIG="%{_sysconfdir}/libssh/libssh_client.config" \
    -DGLOBAL_BIND_CONFIG="%{_sysconfdir}/libssh/libssh_server.config"
@ -128,6 +133,13 @@ popd
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config
 %changelog
 * Tue Oct 4 2022 Norbert Pocs <npocs@redhat.com> - 0.10.4-3
 - Enable pkcs11 support
 - Fix broken libsofthsm path on i686
 - Add missing bugzilla references from the rebase commit
 - Related: rhbz#2026449
 - Resolves: rhbz#1977913, rhbz#1975500
 * Tue Sep 27 2022 Norbert Pocs <npocs@redhat.com> - 0.10.4-2
 - Fix coverity scan issues
 - Resolves: rhbz#2130126
--- a/pkcs11_test_fix.patch
+++ b/pkcs11_test_fix.patch
@ -0,0 +1,42 @@
 diff --git a/tests/pkcs11/setup-softhsm-tokens.sh b/tests/pkcs11/setup-softhsm-tokens.sh
 index 532c86a7..8a15c2e9 100755
 --- a/tests/pkcs11/setup-softhsm-tokens.sh
 +++ b/tests/pkcs11/setup-softhsm-tokens.sh
@@ -41,8 +41,27 @@ if [ $ret -ne 0 ]; then
     exit 1
 fi
 +find_library_path() {
 +    echo "$@"
 +    for _lib in "$@" ; do
 +        if test -f "$_lib" ; then
 +            LIBSOFTHSM_PATH="$_lib"
 +            echo "Using libsofthsm path: $_lib"
 +            return
 +        fi
 +    done
 +    echo "libsofthsm2.so not found"
 +    exit 1
 +}
 +
 +find_library_path \
 +    /usr/lib64/libsofthsm2.so \
 +    /usr/lib/libsofthsm2.so \
 +    /usr/local/lib/softhsm/libsofthsm2.so \
 +    /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so
 +
 #load private key
 -cmd='p11tool --provider /usr/lib64/pkcs11/libsofthsm2.so --write --load-privkey "$PRIVKEY" --label "$OBJNAME" --login --set-pin=1234 "pkcs11:token="$OBJNAME""'
 +cmd='p11tool --provider $LIBSOFTHSM_PATH --write --load-privkey "$PRIVKEY" --label "$OBJNAME" --login --set-pin=1234 "pkcs11:token="$OBJNAME""'
 eval echo "$cmd"
 out=$(eval $cmd)
 ret=$?
@@ -58,7 +77,7 @@ ls -l $TESTDIR
 if [ $LOADPUBLIC -ne 0 ]; then
 #load public key
 -    cmd='p11tool --provider /usr/lib64/pkcs11/libsofthsm2.so --write --load-pubkey "$PUBKEY" --label "$OBJNAME" --login --set-pin=1234 "pkcs11:token="$OBJNAME""'
 +    cmd='p11tool --provider $LIBSOFTHSM_PATH --write --load-pubkey "$PUBKEY" --label "$OBJNAME" --login --set-pin=1234 "pkcs11:token="$OBJNAME""'
     eval echo "$cmd"
     out=$(eval $cmd)
     ret=$?