import opencryptoki-3.16.0-4.el8

This commit is contained in:
CentOS Sources 2021-07-17 04:25:15 +00:00 committed by Andrew Lukoshko
parent cb6b49e5e0
commit bd874b55c0
2 changed files with 111 additions and 1 deletions

View File

@ -0,0 +1,106 @@
commit 5951869263b556280da53498270cf4826f779c5b
Author: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Tue Jul 13 09:05:22 2021 +0200
pkcstok_migrate: Fix detection if pkcsslotd is still running
Change the code to use the pid file that pkcsslotd creates, and check
if the process with the pid contained in the pid file still exists and
runs pkcsslotd.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
diff --git a/usr/sbin/pkcstok_migrate/pkcstok_migrate.c b/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
index 05081aff..a29dc8f7 100644
--- a/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
+++ b/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
@@ -2474,54 +2474,53 @@ static CK_RV backup_repository(const char *data_store)
*/
static CK_BBOOL pkcsslotd_running(void)
{
- DIR *dir;
FILE *fp;
- struct dirent* ent;
char* endptr;
- char buf[PATH_MAX];
+ long lpid;
char fname[PATH_MAX];
+ char buf[PATH_MAX];
+ char* first;
TRACE_INFO("Checking if pkcsslotd is running ...\n");
- if (!(dir = opendir("/proc"))) {
- TRACE_WARN("Cannot open /proc, i.e. cannot check if pkcsslotd is running.\n");
- return CK_TRUE;
+
+ fp = fopen(PID_FILE_PATH, "r");
+ if (fp == NULL) {
+ TRACE_INFO("Pid file '%s' not existent, pkcsslotd is not running\n",
+ PID_FILE_PATH);
+ return CK_FALSE;
}
- while ((ent = readdir(dir)) != NULL) {
- /* if endptr is not a null character, the directory is not
- * entirely numeric, so ignore it */
- long lpid = strtol(ent->d_name, &endptr, 10);
- if (*endptr != '\0') {
- continue;
- }
+ if (fgets(buf, sizeof(buf), fp) == NULL) {
+ TRACE_WARN("Cannot read pid file '%s': %s\n", PID_FILE_PATH,
+ strerror(errno));
+ fclose(fp);
+ return CK_FALSE;
+ }
+ fclose(fp);
- /* try to open the cmdline file */
- snprintf(fname, sizeof(fname), "/proc/%ld/cmdline", lpid);
- fp = fopen(fname, "r");
- if (!fp) {
- warnx("fopen(%s) failed, errno=%s", fname, strerror(errno));
- return CK_TRUE;
- }
+ lpid = strtol(buf, &endptr, 10);
+ if (*endptr != '\0' && *endptr != '\n') {
+ TRACE_WARN("Failed to parse pid file '%s': %s\n", PID_FILE_PATH,
+ buf);
+ return CK_FALSE;
+ }
- /* check the first token in the file: the program pathname */
- if (fgets(buf, sizeof(buf), fp) != NULL) {
- char* first = strtok(buf, " ");
- if (!first) {
- TRACE_WARN("Cannot read program name from %s, i.e. cannot check if pkcsslotd is running.\n",
- fname);
- return CK_TRUE;
- }
- if (strstr(first, "pkcsslotd") != NULL) {
- fclose(fp);
- closedir(dir);
- return CK_TRUE;
- }
- }
+ snprintf(fname, sizeof(fname), "/proc/%ld/cmdline", lpid);
+ fp = fopen(fname, "r");
+ if (fp == NULL) {
+ TRACE_INFO("Stale pid file, pkcsslotd is not running\n");
+ return CK_FALSE;
+ }
+
+ if (fgets(buf, sizeof(buf), fp) == NULL) {
+ TRACE_INFO("Failed to read '%s'\n", fname);
fclose(fp);
+ return CK_FALSE;
}
+ fclose(fp);
- closedir(dir);
- return CK_FALSE;
+ first = strtok(buf, " ");
+ return (first != NULL && strstr(first, "pkcsslotd") != NULL);
}
/**

View File

@ -1,7 +1,7 @@
Name: opencryptoki
Summary: Implementation of the PKCS#11 (Cryptoki) specification v2.11
Version: 3.16.0
Release: 3%{?dist}
Release: 4%{?dist}
License: CPL
Group: System Environment/Base
URL: https://github.com/opencryptoki/opencryptoki
@ -26,6 +26,7 @@ Patch210: opencryptoki-3.16.0-d7de5092247a0efc2c397f12977a7c9925420143.patch
Patch211: opencryptoki-3.16.0-1fdd0e4497b0078e73e0004e3492db647c7c458b.patch
Patch212: opencryptoki-3.16.0-bf812c652c49d7e248b115d121a4f7f6568941a2.patch
Patch213: opencryptoki-3.16.0-7b7d83c571ceb3050969359817d4145600f14ae8.patch
Patch214: opencryptoki-3.16.0-pkcstok_migrate-detection_if_pkcsslotd_is_still_running.patch
Requires(pre): coreutils
Requires: (selinux-policy >= 3.14.3-70 if selinux-policy-targeted)
@ -356,6 +357,9 @@ fi
%changelog
* Fri Jul 16 2021 Than Ngo <than@redhat.com> - 3.16.0-4
- Resolves: #1964304, Fix detection if pkcsslotd is still running
* Tue Jun 15 2021 Than Ngo <than@redhat.com> - 3.16.0-3
- Related: #1919223, add conditional requirement