From 4a1979de79d9de48a44538f856f1d50f398541a8 Mon Sep 17 00:00:00 2001 From: Ingo Franzki Date: Thu, 22 Oct 2020 11:10:54 +0200 Subject: [PATCH] zkey: Add library versioning for libekmfweb and zkey-ekmfweb MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Closes: https://github.com/ibm-s390-tools/s390-tools/issues/93 Signed-off-by: Ingo Franzki Reviewed-by: Jan Höppner --- .gitignore | 3 +++ common.mak | 6 +++--- libekmfweb/Makefile | 29 ++++++++++++++++++----------- zkey/ekmfweb/Makefile | 22 +++++++++++++++------- zkey/kms.c | 33 +++++++++++++++++++++++---------- 5 files changed, 62 insertions(+), 31 deletions(-) diff --git a/.gitignore b/.gitignore index 0a0cbe5a..40bb2a55 100644 --- a/.gitignore +++ b/.gitignore @@ -37,6 +37,8 @@ iucvterm/test/test_afiucv libekmfweb/check-dep-libekmfweb libekmfweb/detect-openssl-version.dep libekmfweb/libekmfweb.so +libekmfweb/libekmfweb.so.1 +libekmfweb/libekmfweb.so.1.0 libutil/util_base_example libutil/util_file_example libutil/util_libc_example @@ -97,6 +99,7 @@ zipl/src/zipl_helper.device-mapper zkey/check-dep-zkey zkey/check-dep-zkey-cryptsetup zkey/detect-libcryptsetup.dep +zkey/ekmfweb/libekmfweb.dep zkey/ekmfweb/zkey-ekmfweb.so zkey/zkey zkey/zkey-cryptsetup diff --git a/common.mak b/common.mak index fa99c514..b413b66f 100644 --- a/common.mak +++ b/common.mak @@ -163,7 +163,7 @@ USRSBINDIR = $(INSTALLDIR)/usr/sbin USRBINDIR = $(INSTALLDIR)/usr/bin BINDIR = $(INSTALLDIR)/sbin LIBDIR = $(INSTALLDIR)/lib -LIB64DIR = $(INSTALLDIR)/lib64 +USRLIB64DIR = $(INSTALLDIR)/usr/lib64 SYSCONFDIR = $(INSTALLDIR)/etc MANDIR = $(INSTALLDIR)/usr/share/man VARDIR = $(INSTALLDIR)/var @@ -179,10 +179,10 @@ INSTDIRS = $(USRSBINDIR) $(USRBINDIR) $(BINDIR) $(LIBDIR) $(MANDIR) \ $(SYSCONFDIR) $(SYSCONFDIR)/sysconfig \ $(TOOLS_LIBDIR) $(TOOLS_DATADIR) \ $(ZFCPDUMP_DIR) $(SYSTEMDSYSTEMUNITDIR) \ - $(LIB64DIR) $(USRINCLUDEDIR) + $(USRLIB64DIR) $(USRINCLUDEDIR) OWNER = $(shell id -un) GROUP = $(shell id -gn) -export INSTALLDIR BINDIR LIBDIR LIB64DIR MANDIR OWNER GROUP +export INSTALLDIR BINDIR LIBDIR USRLIB64DIR MANDIR OWNER GROUP # Special defines for zfcpdump ZFCPDUMP_IMAGE = zfcpdump-image diff --git a/libekmfweb/Makefile b/libekmfweb/Makefile index 0212398c..50a22669 100644 --- a/libekmfweb/Makefile +++ b/libekmfweb/Makefile @@ -1,10 +1,13 @@ include ../common.mak +VERSION = 1.0 +VERM = $(shell echo $(VERSION) | cut -d '.' -f 1) + ifneq (${HAVE_OPENSSL},0) ifneq (${HAVE_JSONC},0) ifneq (${HAVE_LIBCURL},0) - BUILD_TARGETS += libekmfweb.so - INSTALL_TARGETS += install-libekmfweb.so + BUILD_TARGETS += libekmfweb.so.$(VERSION) + INSTALL_TARGETS += install-libekmfweb.so.$(VERSION) else BUILD_TARGETS += skip-libekmfweb-curl INSTALL_TARGETS += skip-libekmfweb-curl @@ -64,22 +67,26 @@ ekmfweb.o: check-dep-libekmfweb ekmfweb.c utilities.h cca.h $(rootdir)include/ek utilities.o: check-dep-libekmfweb utilities.c utilities.h $(rootdir)include/ekmfweb/ekmfweb.h cca.o: check-dep-libekmfweb cca.c cca.h utilities.h $(rootdir)include/ekmfweb/ekmfweb.h -libekmfweb.so: ALL_CFLAGS += -fPIC -libekmfweb.so: LDLIBS = -ljson-c -lcrypto -lssl -lcurl -ldl -shared -libekmfweb.so: LDFLAGS = -shared -Wl,--version-script=libekmfweb.map \ - -Wl,-z,defs,-Bsymbolic -libekmfweb.so: ekmfweb.o utilities.o cca.o +libekmfweb.so.$(VERSION): ALL_CFLAGS += -fPIC +libekmfweb.so.$(VERSION): LDLIBS = -ljson-c -lcrypto -lssl -lcurl -ldl +libekmfweb.so.$(VERSION): ALL_LDFLAGS += -shared -Wl,--version-script=libekmfweb.map \ + -Wl,-z,defs,-Bsymbolic -Wl,-soname,libekmfweb.so.$(VERM) +libekmfweb.so.$(VERSION): ekmfweb.o utilities.o cca.o $(LINK) $(ALL_LDFLAGS) $^ $(LDLIBS) -o $@ + ln -srf libekmfweb.so.$(VERSION) libekmfweb.so.$(VERM) + ln -srf libekmfweb.so.$(VERSION) libekmfweb.so -install-libekmfweb.so: libekmfweb.so - $(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 -T libekmfweb.so $(DESTDIR)$(LIB64DIR)/libekmfweb.so +install-libekmfweb.so.$(VERSION): libekmfweb.so.$(VERSION) + $(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 -T libekmfweb.so.$(VERSION) $(DESTDIR)$(USRLIB64DIR)/libekmfweb.so.$(VERSION) + ln -srf $(DESTDIR)$(USRLIB64DIR)/libekmfweb.so.$(VERSION) $(DESTDIR)$(USRLIB64DIR)/libekmfweb.so.$(VERM) + ln -srf $(DESTDIR)$(USRLIB64DIR)/libekmfweb.so.$(VERSION) $(DESTDIR)$(USRLIB64DIR)/libekmfweb.so $(INSTALL) -d -m 770 $(DESTDIR)$(USRINCLUDEDIR)/ekmfweb $(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 $(rootdir)include/ekmfweb/ekmfweb.h $(DESTDIR)$(USRINCLUDEDIR)/ekmfweb install: all $(INSTALL_TARGETS) clean: - rm -f *.o libekmfweb.so check-dep-libekmfweb detect-openssl-version.dep + rm -f *.o libekmfweb.so* check-dep-libekmfweb detect-openssl-version.dep .PHONY: all install clean skip-libekmfweb-openssl skip-libekmfweb-jsonc \ - skip-libekmfweb-curl install-libekmfweb.so + skip-libekmfweb-curl install-libekmfweb.so.$(VERSION) diff --git a/zkey/ekmfweb/Makefile b/zkey/ekmfweb/Makefile index 42e3937f..79a16cb5 100644 --- a/zkey/ekmfweb/Makefile +++ b/zkey/ekmfweb/Makefile @@ -1,5 +1,8 @@ include ../../common.mak +VERSION = 1.0 +VERM = $(shell echo $(VERSION) | cut -d '.' -f 1) + all: zkey-ekmfweb.so libs = $(rootdir)/libutil/libutil.a @@ -8,7 +11,7 @@ export LIBRARY_PATH = $(rootdir)/libekmfweb:$LIBRARY_PATH zkey-ekmfweb.o: zkey-ekmfweb.c zkey-ekmfweb.h ../kms-plugin.h \ ../cca.h ../utils.h ../pkey.h ../properties.h \ - $(rootdir)include/ekmfweb/ekmfweb.h $(rootdir)/libekmfweb/libekmfweb.so + $(rootdir)include/ekmfweb/ekmfweb.h libekmfweb.dep properties.o: ../properties.c ../properties.h $(CC) $(ALL_CPPFLAGS) $(ALL_CFLAGS) -fPIC -c $< -o $@ @@ -26,9 +29,9 @@ utils.o: ../utils.c ../utils.h ../pkey.h ../cca.h ../ep11.h $(CC) $(ALL_CPPFLAGS) $(ALL_CFLAGS) -fPIC -c $< -o $@ zkey-ekmfweb.so: ALL_CFLAGS += -fPIC -zkey-ekmfweb.so: LDLIBS = -lekmfweb -ldl -lcrypto -shared -zkey-ekmfweb.so: LDFLAGS = -shared -Wl,--version-script=zkey-ekmfweb.map \ - -Wl,-z,defs,-Bsymbolic +zkey-ekmfweb.so: LDLIBS = -lekmfweb -ldl -lcrypto +zkey-ekmfweb.so: ALL_LDFLAGS += -shared -Wl,--version-script=zkey-ekmfweb.map \ + -Wl,-z,defs,-Bsymbolic -Wl,-soname,zkey-ekmfweb.so.$(VERM) zkey-ekmfweb.so: zkey-ekmfweb.o properties.o pkey.o cca.o ep11.o utils.o $(libs) $(LINK) $(ALL_LDFLAGS) $^ $(LDLIBS) -o $@ @@ -36,13 +39,18 @@ install-libekmfweb.dep: $(MAKE) -C $(rootdir)/libekmfweb/ TOPDIR=$(TOPDIR) ARCH=$(ARCH) install touch install-libekmfweb.dep +libekmfweb.dep: + $(MAKE) -C $(rootdir)/libekmfweb/ TOPDIR=$(TOPDIR) ARCH=$(ARCH) all + touch libekmfweb.dep + install: all install-libekmfweb.dep zkey-ekmfweb.so $(INSTALL) -d -m 755 $(DESTDIR)$(MANDIR)/man1 $(INSTALL) -m 644 -c zkey-ekmfweb.1 $(DESTDIR)$(MANDIR)/man1 - $(INSTALL) -d -m 755 $(DESTDIR)$(LIB64DIR) - $(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 -T zkey-ekmfweb.so $(DESTDIR)$(LIB64DIR)/zkey-ekmfweb.so + $(INSTALL) -d -m 755 $(DESTDIR)$(USRLIB64DIR) + $(INSTALL) -d -m 755 $(DESTDIR)$(USRLIB64DIR)/zkey + $(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 -T zkey-ekmfweb.so $(DESTDIR)$(USRLIB64DIR)/zkey/zkey-ekmfweb.so clean: - rm -f *.o zkey-ekmfweb.so install-libekmfweb.dep + rm -f *.o zkey-ekmfweb.so install-libekmfweb.dep libekmfweb.dep .PHONY: all install clean \ No newline at end of file diff --git a/zkey/kms.c b/zkey/kms.c index 46427e6e..b2ce165a 100644 --- a/zkey/kms.c +++ b/zkey/kms.c @@ -40,6 +40,7 @@ #define ENVVAR_ZKEY_KMS_PLUGINS "ZKEY_KMS_PLUGINS" #define DEFAULT_KMS_PLUGINS "/etc/zkey/kms-plugins.conf" +#define KMS_PLUGIN_LOCATION "/usr/lib64/zkey" #define KMS_CONFIG_FILE "kms.conf" #define KMS_CONFIG_PROP_KMS "kms" @@ -209,6 +210,7 @@ static int load_kms_plugin(const char *plugin, void **plugin_lib, char **plugin_name, bool verbose) { kms_get_functions_t _kms_get_functions; + char load_so_name[PATH_MAX]; char *so_name = NULL; FILE *fp = NULL; char line[4096]; @@ -258,15 +260,26 @@ static int load_kms_plugin(const char *plugin, goto out; } + /* Try to load via LD_LIBRARY_PATH first */ + snprintf(load_so_name, sizeof(load_so_name), "%s", so_name); pr_verbose(verbose, "Loading KMS plugin '%s': '%s'", *plugin_name, - so_name); - *plugin_lib = dlopen(so_name, RTLD_GLOBAL | RTLD_NOW); + load_so_name); + *plugin_lib = dlopen(load_so_name, RTLD_GLOBAL | RTLD_NOW); if (*plugin_lib == NULL) { - pr_verbose(verbose, "%s", dlerror()); - warnx("Failed to load KMS plugin '%s': '%s'", *plugin_name, - so_name); - rc = -ELIBACC; - goto out; + /* Try to load from default plugin location */ + snprintf(load_so_name, sizeof(load_so_name), "%s/%s", + KMS_PLUGIN_LOCATION, so_name); + pr_verbose(verbose, "Loading KMS plugin '%s': '%s'", + *plugin_name, load_so_name); + + *plugin_lib = dlopen(load_so_name, RTLD_GLOBAL | RTLD_NOW); + if (*plugin_lib == NULL) { + pr_verbose(verbose, "%s", dlerror()); + warnx("Failed to load KMS plugin '%s': '%s'", + *plugin_name, load_so_name); + rc = -ELIBACC; + goto out; + } } _kms_get_functions = (kms_get_functions_t)dlsym(*plugin_lib, @@ -274,7 +287,7 @@ static int load_kms_plugin(const char *plugin, if (_kms_get_functions == NULL) { pr_verbose(verbose, "%s", dlerror()); warnx("Failed to load KMS plugin '%s': '%s'", *plugin_name, - so_name); + load_so_name); rc = -ELIBACC; goto out; } @@ -283,13 +296,13 @@ static int load_kms_plugin(const char *plugin, if (*kms_functions == NULL) { pr_verbose(verbose, "kms_get_functions() reutned NULL"); warnx("Failed to load KMS plugin '%s': '%s'", *plugin_name, - so_name); + load_so_name); rc = -ELIBACC; goto out; } pr_verbose(verbose, "Successfully loaded KMS plugin '%s': '%s' (API " - "version: %u)", *plugin_name, so_name, + "version: %u)", *plugin_name, load_so_name, (*kms_functions)->api_version); out: