Prepare for the rebase

2019-05-23 11:59:09 +02:00 · 2019-05-23 11:59:09 +02:00 · 7b3e3f565e
commit 7b3e3f565e
parent dc76f22c04
2 changed files with 0 additions and 182 deletions
--- a/0001-trust-Ignore-unreadable-content-in-anchors.patch
+++ b/0001-trust-Ignore-unreadable-content-in-anchors.patch
@ -1,181 +0,0 @@
-From e2170b295992cb7fdf115227a78028ac3780619f Mon Sep 17 00:00:00 2001
-From: Daiki Ueno <dueno@redhat.com>
-Date: Mon, 18 Feb 2019 14:53:49 +0100
-Subject: [PATCH] trust: Ignore unreadable content in anchors
-
-This amends eb503f3a1467f21a5ecc9ae84ae23b216afc102f.  Instead of
-failing C_FindObjectsInit, treat any errors internally and accumulates
-the successfully loaded certificates.
-
-Reported by Andrej Kvasnica in:
-https://bugzilla.redhat.com/show_bug.cgi?id=1675441
---
- trust/module.c      |  3 +-
- trust/test-module.c | 77 +++++++++++++++++++++++++++++++++++++++++++++
- trust/token.c       | 23 ++++++--------
- 3 files changed, 88 insertions(+), 15 deletions(-)
-
-diff --git a/trust/module.c b/trust/module.c
-index 1722340..ec3333d 100644
--- a/trust/module.c
-+++ b/trust/module.c
-@@ -1198,8 +1198,7 @@ sys_C_FindObjectsInit (CK_SESSION_HANDLE handle,
- 				indices[n++] = session->index;
- 			if (want_token_objects) {
- 				if (!session->loaded)
-					if (p11_token_load (session->token) < 0)
-						rv = CKR_FUNCTION_FAILED;
-+					p11_token_load (session->token);
- 				if (rv == CKR_OK) {
- 					session->loaded = CK_TRUE;
- 					indices[n++] = p11_token_index (session->token);
-diff --git a/trust/test-module.c b/trust/test-module.c
-index 1e8d812..4024d81 100644
--- a/trust/test-module.c
-+++ b/trust/test-module.c
-@@ -163,6 +163,80 @@ setup_writable (void *unused)
- 	p11_parser_formats (test.parser, p11_parser_format_persist, NULL);
- }
- 
-+/* This is similar to setup(), but it adds an unreadable content in
-+ * the anchor directory. */
-+static void
-+setup_unreadable (void *unused)
-+{
-+	CK_C_INITIALIZE_ARGS args;
-+	const char *paths;
-+	char *p, *pp, *anchors;
-+	FILE *f, *ff;
-+	char buffer[4096];
-+	char *arguments;
-+	CK_ULONG count;
-+	CK_RV rv;
-+
-+	memset (&test, 0, sizeof (test));
-+
-+	/* This is the entry point of the trust module, linked to this test */
-+	rv = C_GetFunctionList (&test.module);
-+	assert (rv == CKR_OK);
-+
-+	test.directory = p11_test_directory ("test-module");
-+	anchors = p11_path_build (test.directory, "anchors", NULL);
-+#ifdef OS_UNIX
-+	if (mkdir (anchors, S_IRWXU) < 0)
-+#else
-+	if (mkdir (anchors) < 0)
-+#endif
-+		assert_fail ("mkdir()", anchors);
-+
-+	p = p11_path_build (anchors, "unreadable", NULL);
-+	f = fopen (p, "w");
-+	fwrite ("foo", 3, 1, f);
-+	fclose (f);
-+	chmod (p, 0);
-+	free (p);
-+
-+	pp = p11_path_build (anchors, "thawte", NULL);
-+	ff = fopen (pp, "w");
-+	f = fopen (SRCDIR "/trust/fixtures/thawte.pem", "r");
-+	while (!feof (f)) {
-+		size_t size;
-+		size = fread (buffer, 1, sizeof (buffer), f);
-+		if (ferror (f))
-+			assert_fail ("fread()",
-+				     SRCDIR "/trust/fixtures/thawte.pem");
-+		fwrite (buffer, 1, size, ff);
-+		if (ferror (ff))
-+			assert_fail ("write()", pp);
-+	}
-+	free (pp);
-+	fclose (ff);
-+	fclose (f);
-+	free (anchors);
-+
-+	memset (&args, 0, sizeof (args));
-+	paths = SRCDIR "/trust/input" P11_PATH_SEP \
-+		SRCDIR "/trust/fixtures/self-signed-with-ku.der";
-+	if (asprintf (&arguments, "paths='%s%c%s'",
-+		      paths, P11_PATH_SEP_C, test.directory) < 0)
-+		assert (false && "not reached");
-+	args.pReserved = arguments;
-+	args.flags = CKF_OS_LOCKING_OK;
-+
-+	rv = test.module->C_Initialize (&args);
-+	assert (rv == CKR_OK);
-+
-+	free (arguments);
-+
-+	count = NUM_SLOTS;
-+	rv = test.module->C_GetSlotList (CK_TRUE, test.slots, &count);
-+	assert (rv == CKR_OK);
-+	assert (count == NUM_SLOTS);
-+}
-+
- static void
- test_get_slot_list (void)
- {
-@@ -1324,5 +1398,8 @@ main (int argc,
- 	p11_fixture (NULL, NULL);
- 	p11_test (test_token_write_protected, "/module/token-write-protected");
- 
-+	p11_fixture (setup_unreadable, teardown);
-+	p11_test (test_find_certificates, "/module/unreadable");
-+
- 	return p11_test_run (argc, argv);
- }
-diff --git a/trust/token.c b/trust/token.c
-index b91a1d0..8c75d06 100644
--- a/trust/token.c
-+++ b/trust/token.c
-@@ -266,8 +266,8 @@ loader_load_directory (p11_token *token,
- 		return_val_if_fail (path != NULL, -1);
- 
- 		ret = loader_load_if_file (token, path);
-		return_val_if_fail (ret >=0, -1);
-		total += ret;
-+		if (ret >= 0)
-+			total += ret;
- 
- 		/* Make note that this file was seen */
- 		p11_dict_remove (present, path);
-@@ -328,8 +328,8 @@ loader_load_path (p11_token *token,
- 			p11_dict_iterate (present, &iter);
- 			while (p11_dict_next (&iter, (void **)&filename, NULL)) {
- 				ret = loader_load_if_file (token, filename);
-				return_val_if_fail (ret >= 0, ret);
-				total += ret;
-+				if (ret >= 0)
-+					total += ret;
- 			}
- 		}
- 
-@@ -377,20 +377,17 @@ p11_token_load (p11_token *token)
- 	int ret;
- 
- 	ret = loader_load_path (token, token->path, &is_dir);
-	if (ret < 0)
-		return -1;
-	total += ret;
-+	if (ret >= 0)
-+		total += ret;
- 
- 	if (is_dir) {
- 		ret = loader_load_path (token, token->anchors, &is_dir);
-		if (ret < 0)
-			return -1;
-		total += ret;
-+		if (ret >= 0)
-+			total += ret;
- 
- 		ret = loader_load_path (token, token->blacklist, &is_dir);
-		if (ret < 0)
-			return -1;
-		total += ret;
-+		if (ret >= 0)
-+			total += ret;
- 	}
- 
- 	return total;
-- 
-2.20.1
-
--- a/p11-kit.spec
+++ b/p11-kit.spec
@ -9,7 +9,6 @@ URL:            http://p11-glue.freedesktop.org/p11-kit.html
 Source0:        https://github.com/p11-glue/p11-kit/releases/download/%{version}/p11-kit-%{version}.tar.gz
 Source1:        trust-extract-compat
 Source2:        p11-kit-client.service
-Patch0:		0001-trust-Ignore-unreadable-content-in-anchors.patch

 BuildRequires:  gcc
 BuildRequires:  libtasn1-devel >= 2.3