import opencryptoki-3.16.0-4.el8

2021-07-17 04:25:15 +00:00 · 2021-07-17 04:25:15 +00:00 · bd874b55c0
commit bd874b55c0
parent cb6b49e5e0
2 changed files with 111 additions and 1 deletions
--- a/SOURCES/opencryptoki-3.16.0-pkcstok_migrate-detection_if_pkcsslotd_is_still_running.patch
+++ b/SOURCES/opencryptoki-3.16.0-pkcstok_migrate-detection_if_pkcsslotd_is_still_running.patch
@ -0,0 +1,106 @@
+commit 5951869263b556280da53498270cf4826f779c5b
+Author: Ingo Franzki <ifranzki@linux.ibm.com>
+Date:   Tue Jul 13 09:05:22 2021 +0200
+
+    pkcstok_migrate: Fix detection if pkcsslotd is still running
+    
+    Change the code to use the pid file that pkcsslotd creates, and check
+    if the process with the pid contained in the pid file still exists and
+    runs pkcsslotd.
+    
+    Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
+
+diff --git a/usr/sbin/pkcstok_migrate/pkcstok_migrate.c b/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
+index 05081aff..a29dc8f7 100644
+--- a/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
+++ b/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
+@@ -2474,54 +2474,53 @@ static CK_RV backup_repository(const char *data_store)
+  */
+ static CK_BBOOL pkcsslotd_running(void)
+ {
+-    DIR *dir;
+     FILE *fp;
+-    struct dirent* ent;
+     char* endptr;
+-    char buf[PATH_MAX];
+    long lpid;
+     char fname[PATH_MAX];
+    char buf[PATH_MAX];
+    char* first;
+ 
+     TRACE_INFO("Checking if pkcsslotd is running ...\n");
+-    if (!(dir = opendir("/proc"))) {
+-        TRACE_WARN("Cannot open /proc, i.e. cannot check if pkcsslotd is running.\n");
+-        return CK_TRUE;
+
+    fp = fopen(PID_FILE_PATH, "r");
+    if (fp == NULL) {
+        TRACE_INFO("Pid file '%s' not existent, pkcsslotd is not running\n",
+                   PID_FILE_PATH);
+        return CK_FALSE;
+     }
+ 
+-    while ((ent = readdir(dir)) != NULL) {
+-        /* if endptr is not a null character, the directory is not
+-         * entirely numeric, so ignore it */
+-        long lpid = strtol(ent->d_name, &endptr, 10);
+-        if (*endptr != '\0') {
+-            continue;
+-        }
+    if (fgets(buf, sizeof(buf), fp) == NULL) {
+        TRACE_WARN("Cannot read pid file '%s': %s\n", PID_FILE_PATH,
+                   strerror(errno));
+        fclose(fp);
+        return CK_FALSE;
+    }
+    fclose(fp);
+ 
+-        /* try to open the cmdline file */
+-        snprintf(fname, sizeof(fname), "/proc/%ld/cmdline", lpid);
+-        fp = fopen(fname, "r");
+-        if (!fp) {
+-            warnx("fopen(%s) failed, errno=%s", fname, strerror(errno));
+-            return CK_TRUE;
+-        }
+    lpid = strtol(buf, &endptr, 10);
+    if (*endptr != '\0' && *endptr != '\n') {
+        TRACE_WARN("Failed to parse pid file '%s': %s\n", PID_FILE_PATH,
+                           buf);
+        return CK_FALSE;
+    }
+ 
+-        /* check the first token in the file: the program pathname */
+-        if (fgets(buf, sizeof(buf), fp) != NULL) {
+-            char* first = strtok(buf, " ");
+-            if (!first) {
+-                TRACE_WARN("Cannot read program name from %s, i.e. cannot check if pkcsslotd is running.\n",
+-                           fname);
+-                return CK_TRUE;
+-            }
+-            if (strstr(first, "pkcsslotd") != NULL) {
+-                fclose(fp);
+-                closedir(dir);
+-                return CK_TRUE;
+-            }
+-        }
+    snprintf(fname, sizeof(fname), "/proc/%ld/cmdline", lpid);
+    fp = fopen(fname, "r");
+    if (fp == NULL) {
+        TRACE_INFO("Stale pid file, pkcsslotd is not running\n");
+        return CK_FALSE;
+    }
+
+    if (fgets(buf, sizeof(buf), fp) == NULL) {
+        TRACE_INFO("Failed to read '%s'\n", fname);
+         fclose(fp);
+        return CK_FALSE;
+     }
+    fclose(fp);
+ 
+-    closedir(dir);
+-    return CK_FALSE;
+    first = strtok(buf, " ");
+    return (first != NULL && strstr(first, "pkcsslotd") != NULL);
+ }
+ 
+ /**
--- a/SPECS/opencryptoki.spec
+++ b/SPECS/opencryptoki.spec
@ -1,7 +1,7 @@
 Name: opencryptoki
 Summary: Implementation of the PKCS#11 (Cryptoki) specification v2.11
 Version: 3.16.0
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: CPL
 Group: System Environment/Base
 URL: https://github.com/opencryptoki/opencryptoki
@ -26,6 +26,7 @@ Patch210: opencryptoki-3.16.0-d7de5092247a0efc2c397f12977a7c9925420143.patch
 Patch211: opencryptoki-3.16.0-1fdd0e4497b0078e73e0004e3492db647c7c458b.patch
 Patch212: opencryptoki-3.16.0-bf812c652c49d7e248b115d121a4f7f6568941a2.patch
 Patch213: opencryptoki-3.16.0-7b7d83c571ceb3050969359817d4145600f14ae8.patch
+Patch214: opencryptoki-3.16.0-pkcstok_migrate-detection_if_pkcsslotd_is_still_running.patch

 Requires(pre): coreutils
 Requires: (selinux-policy >= 3.14.3-70 if selinux-policy-targeted)
@ -356,6 +357,9 @@ fi


 %changelog
+* Fri Jul 16 2021 Than Ngo <than@redhat.com> - 3.16.0-4
+- Resolves: #1964304, Fix detection if pkcsslotd is still running
+
 * Tue Jun 15 2021 Than Ngo <than@redhat.com> - 3.16.0-3
 - Related: #1919223, add conditional requirement