Resolves: #1974365, Fix detection if pkcsslotd is still running
This commit is contained in:
parent
03d0eb1e5f
commit
e479145be9
@ -0,0 +1,106 @@
|
||||
commit 5951869263b556280da53498270cf4826f779c5b
|
||||
Author: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||
Date: Tue Jul 13 09:05:22 2021 +0200
|
||||
|
||||
pkcstok_migrate: Fix detection if pkcsslotd is still running
|
||||
|
||||
Change the code to use the pid file that pkcsslotd creates, and check
|
||||
if the process with the pid contained in the pid file still exists and
|
||||
runs pkcsslotd.
|
||||
|
||||
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||
|
||||
diff --git a/usr/sbin/pkcstok_migrate/pkcstok_migrate.c b/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
|
||||
index 05081aff..a29dc8f7 100644
|
||||
--- a/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
|
||||
+++ b/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
|
||||
@@ -2474,54 +2474,53 @@ static CK_RV backup_repository(const char *data_store)
|
||||
*/
|
||||
static CK_BBOOL pkcsslotd_running(void)
|
||||
{
|
||||
- DIR *dir;
|
||||
FILE *fp;
|
||||
- struct dirent* ent;
|
||||
char* endptr;
|
||||
- char buf[PATH_MAX];
|
||||
+ long lpid;
|
||||
char fname[PATH_MAX];
|
||||
+ char buf[PATH_MAX];
|
||||
+ char* first;
|
||||
|
||||
TRACE_INFO("Checking if pkcsslotd is running ...\n");
|
||||
- if (!(dir = opendir("/proc"))) {
|
||||
- TRACE_WARN("Cannot open /proc, i.e. cannot check if pkcsslotd is running.\n");
|
||||
- return CK_TRUE;
|
||||
+
|
||||
+ fp = fopen(PID_FILE_PATH, "r");
|
||||
+ if (fp == NULL) {
|
||||
+ TRACE_INFO("Pid file '%s' not existent, pkcsslotd is not running\n",
|
||||
+ PID_FILE_PATH);
|
||||
+ return CK_FALSE;
|
||||
}
|
||||
|
||||
- while ((ent = readdir(dir)) != NULL) {
|
||||
- /* if endptr is not a null character, the directory is not
|
||||
- * entirely numeric, so ignore it */
|
||||
- long lpid = strtol(ent->d_name, &endptr, 10);
|
||||
- if (*endptr != '\0') {
|
||||
- continue;
|
||||
- }
|
||||
+ if (fgets(buf, sizeof(buf), fp) == NULL) {
|
||||
+ TRACE_WARN("Cannot read pid file '%s': %s\n", PID_FILE_PATH,
|
||||
+ strerror(errno));
|
||||
+ fclose(fp);
|
||||
+ return CK_FALSE;
|
||||
+ }
|
||||
+ fclose(fp);
|
||||
|
||||
- /* try to open the cmdline file */
|
||||
- snprintf(fname, sizeof(fname), "/proc/%ld/cmdline", lpid);
|
||||
- fp = fopen(fname, "r");
|
||||
- if (!fp) {
|
||||
- warnx("fopen(%s) failed, errno=%s", fname, strerror(errno));
|
||||
- return CK_TRUE;
|
||||
- }
|
||||
+ lpid = strtol(buf, &endptr, 10);
|
||||
+ if (*endptr != '\0' && *endptr != '\n') {
|
||||
+ TRACE_WARN("Failed to parse pid file '%s': %s\n", PID_FILE_PATH,
|
||||
+ buf);
|
||||
+ return CK_FALSE;
|
||||
+ }
|
||||
|
||||
- /* check the first token in the file: the program pathname */
|
||||
- if (fgets(buf, sizeof(buf), fp) != NULL) {
|
||||
- char* first = strtok(buf, " ");
|
||||
- if (!first) {
|
||||
- TRACE_WARN("Cannot read program name from %s, i.e. cannot check if pkcsslotd is running.\n",
|
||||
- fname);
|
||||
- return CK_TRUE;
|
||||
- }
|
||||
- if (strstr(first, "pkcsslotd") != NULL) {
|
||||
- fclose(fp);
|
||||
- closedir(dir);
|
||||
- return CK_TRUE;
|
||||
- }
|
||||
- }
|
||||
+ snprintf(fname, sizeof(fname), "/proc/%ld/cmdline", lpid);
|
||||
+ fp = fopen(fname, "r");
|
||||
+ if (fp == NULL) {
|
||||
+ TRACE_INFO("Stale pid file, pkcsslotd is not running\n");
|
||||
+ return CK_FALSE;
|
||||
+ }
|
||||
+
|
||||
+ if (fgets(buf, sizeof(buf), fp) == NULL) {
|
||||
+ TRACE_INFO("Failed to read '%s'\n", fname);
|
||||
fclose(fp);
|
||||
+ return CK_FALSE;
|
||||
}
|
||||
+ fclose(fp);
|
||||
|
||||
- closedir(dir);
|
||||
- return CK_FALSE;
|
||||
+ first = strtok(buf, " ");
|
||||
+ return (first != NULL && strstr(first, "pkcsslotd") != NULL);
|
||||
}
|
||||
|
||||
/**
|
@ -1,7 +1,7 @@
|
||||
Name: opencryptoki
|
||||
Summary: Implementation of the PKCS#11 (Cryptoki) specification v2.11
|
||||
Version: 3.16.0
|
||||
Release: 6%{?dist}
|
||||
Release: 6.1%{?dist}
|
||||
License: CPL
|
||||
URL: https://github.com/opencryptoki/opencryptoki
|
||||
Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
|
||||
@ -11,10 +11,8 @@ Patch0: opencryptoki-3.11.0-group.patch
|
||||
|
||||
# bz#1373833, change tmpfiles snippets from /var/lock/* to /run/lock/*
|
||||
Patch1: opencryptoki-3.11.0-lockdir.patch
|
||||
|
||||
# PIDfile below legacy directory /var/run/
|
||||
Patch2: opencryptoki-pkcsslotd-pidfile.patch
|
||||
|
||||
# Use --no-undefined to debug missing symbols
|
||||
#Patch100: %%{name}-3.2-no-undefined.patch
|
||||
|
||||
@ -33,6 +31,7 @@ Patch210: opencryptoki-3.16.0-d7de5092247a0efc2c397f12977a7c9925420143.patch
|
||||
Patch211: opencryptoki-3.16.0-1fdd0e4497b0078e73e0004e3492db647c7c458b.patch
|
||||
Patch212: opencryptoki-3.16.0-bf812c652c49d7e248b115d121a4f7f6568941a2.patch
|
||||
Patch213: opencryptoki-3.16.0-7b7d83c571ceb3050969359817d4145600f14ae8.patch
|
||||
Patch214: opencryptoki-3.16.0-pkcstok_migrate-detection_if_pkcsslotd_is_still_running.patch
|
||||
|
||||
Requires(pre): coreutils
|
||||
Requires: (selinux-policy >= 34.1.8-1 if selinux-policy-targeted)
|
||||
@ -340,6 +339,9 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Tue Jul 13 2021 Than Ngo <than@redhat.com> - 3.16.0-6.1
|
||||
- Resolves: #1974365, Fix detection if pkcsslotd is still running
|
||||
|
||||
* Fri Jun 25 2021 Than Ngo <than@redhat.com> - 3.16.0-6
|
||||
- Resolves: #1974693, pkcsslotd PIDfile below legacy directory /var/run/
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user