261 lines
9.8 KiB
Diff
261 lines
9.8 KiB
Diff
From 4a1979de79d9de48a44538f856f1d50f398541a8 Mon Sep 17 00:00:00 2001
|
|
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
Date: Thu, 22 Oct 2020 11:10:54 +0200
|
|
Subject: [PATCH] zkey: Add library versioning for libekmfweb and zkey-ekmfweb
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Closes: https://github.com/ibm-s390-tools/s390-tools/issues/93
|
|
|
|
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
Reviewed-by: Jan Höppner <hoeppner@linux.ibm.com>
|
|
---
|
|
.gitignore | 3 +++
|
|
common.mak | 6 +++---
|
|
libekmfweb/Makefile | 29 ++++++++++++++++++-----------
|
|
zkey/ekmfweb/Makefile | 22 +++++++++++++++-------
|
|
zkey/kms.c | 33 +++++++++++++++++++++++----------
|
|
5 files changed, 62 insertions(+), 31 deletions(-)
|
|
|
|
diff --git a/.gitignore b/.gitignore
|
|
index 0a0cbe5a..40bb2a55 100644
|
|
--- a/.gitignore
|
|
+++ b/.gitignore
|
|
@@ -37,6 +37,8 @@ iucvterm/test/test_afiucv
|
|
libekmfweb/check-dep-libekmfweb
|
|
libekmfweb/detect-openssl-version.dep
|
|
libekmfweb/libekmfweb.so
|
|
+libekmfweb/libekmfweb.so.1
|
|
+libekmfweb/libekmfweb.so.1.0
|
|
libutil/util_base_example
|
|
libutil/util_file_example
|
|
libutil/util_libc_example
|
|
@@ -97,6 +99,7 @@ zipl/src/zipl_helper.device-mapper
|
|
zkey/check-dep-zkey
|
|
zkey/check-dep-zkey-cryptsetup
|
|
zkey/detect-libcryptsetup.dep
|
|
+zkey/ekmfweb/libekmfweb.dep
|
|
zkey/ekmfweb/zkey-ekmfweb.so
|
|
zkey/zkey
|
|
zkey/zkey-cryptsetup
|
|
diff --git a/common.mak b/common.mak
|
|
index fa99c514..b413b66f 100644
|
|
--- a/common.mak
|
|
+++ b/common.mak
|
|
@@ -163,7 +163,7 @@ USRSBINDIR = $(INSTALLDIR)/usr/sbin
|
|
USRBINDIR = $(INSTALLDIR)/usr/bin
|
|
BINDIR = $(INSTALLDIR)/sbin
|
|
LIBDIR = $(INSTALLDIR)/lib
|
|
-LIB64DIR = $(INSTALLDIR)/lib64
|
|
+USRLIB64DIR = $(INSTALLDIR)/usr/lib64
|
|
SYSCONFDIR = $(INSTALLDIR)/etc
|
|
MANDIR = $(INSTALLDIR)/usr/share/man
|
|
VARDIR = $(INSTALLDIR)/var
|
|
@@ -179,10 +179,10 @@ INSTDIRS = $(USRSBINDIR) $(USRBINDIR) $(BINDIR) $(LIBDIR) $(MANDIR) \
|
|
$(SYSCONFDIR) $(SYSCONFDIR)/sysconfig \
|
|
$(TOOLS_LIBDIR) $(TOOLS_DATADIR) \
|
|
$(ZFCPDUMP_DIR) $(SYSTEMDSYSTEMUNITDIR) \
|
|
- $(LIB64DIR) $(USRINCLUDEDIR)
|
|
+ $(USRLIB64DIR) $(USRINCLUDEDIR)
|
|
OWNER = $(shell id -un)
|
|
GROUP = $(shell id -gn)
|
|
-export INSTALLDIR BINDIR LIBDIR LIB64DIR MANDIR OWNER GROUP
|
|
+export INSTALLDIR BINDIR LIBDIR USRLIB64DIR MANDIR OWNER GROUP
|
|
|
|
# Special defines for zfcpdump
|
|
ZFCPDUMP_IMAGE = zfcpdump-image
|
|
diff --git a/libekmfweb/Makefile b/libekmfweb/Makefile
|
|
index 0212398c..50a22669 100644
|
|
--- a/libekmfweb/Makefile
|
|
+++ b/libekmfweb/Makefile
|
|
@@ -1,10 +1,13 @@
|
|
include ../common.mak
|
|
|
|
+VERSION = 1.0
|
|
+VERM = $(shell echo $(VERSION) | cut -d '.' -f 1)
|
|
+
|
|
ifneq (${HAVE_OPENSSL},0)
|
|
ifneq (${HAVE_JSONC},0)
|
|
ifneq (${HAVE_LIBCURL},0)
|
|
- BUILD_TARGETS += libekmfweb.so
|
|
- INSTALL_TARGETS += install-libekmfweb.so
|
|
+ BUILD_TARGETS += libekmfweb.so.$(VERSION)
|
|
+ INSTALL_TARGETS += install-libekmfweb.so.$(VERSION)
|
|
else
|
|
BUILD_TARGETS += skip-libekmfweb-curl
|
|
INSTALL_TARGETS += skip-libekmfweb-curl
|
|
@@ -64,22 +67,26 @@ ekmfweb.o: check-dep-libekmfweb ekmfweb.c utilities.h cca.h $(rootdir)include/ek
|
|
utilities.o: check-dep-libekmfweb utilities.c utilities.h $(rootdir)include/ekmfweb/ekmfweb.h
|
|
cca.o: check-dep-libekmfweb cca.c cca.h utilities.h $(rootdir)include/ekmfweb/ekmfweb.h
|
|
|
|
-libekmfweb.so: ALL_CFLAGS += -fPIC
|
|
-libekmfweb.so: LDLIBS = -ljson-c -lcrypto -lssl -lcurl -ldl -shared
|
|
-libekmfweb.so: LDFLAGS = -shared -Wl,--version-script=libekmfweb.map \
|
|
- -Wl,-z,defs,-Bsymbolic
|
|
-libekmfweb.so: ekmfweb.o utilities.o cca.o
|
|
+libekmfweb.so.$(VERSION): ALL_CFLAGS += -fPIC
|
|
+libekmfweb.so.$(VERSION): LDLIBS = -ljson-c -lcrypto -lssl -lcurl -ldl
|
|
+libekmfweb.so.$(VERSION): ALL_LDFLAGS += -shared -Wl,--version-script=libekmfweb.map \
|
|
+ -Wl,-z,defs,-Bsymbolic -Wl,-soname,libekmfweb.so.$(VERM)
|
|
+libekmfweb.so.$(VERSION): ekmfweb.o utilities.o cca.o
|
|
$(LINK) $(ALL_LDFLAGS) $^ $(LDLIBS) -o $@
|
|
+ ln -srf libekmfweb.so.$(VERSION) libekmfweb.so.$(VERM)
|
|
+ ln -srf libekmfweb.so.$(VERSION) libekmfweb.so
|
|
|
|
-install-libekmfweb.so: libekmfweb.so
|
|
- $(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 -T libekmfweb.so $(DESTDIR)$(LIB64DIR)/libekmfweb.so
|
|
+install-libekmfweb.so.$(VERSION): libekmfweb.so.$(VERSION)
|
|
+ $(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 -T libekmfweb.so.$(VERSION) $(DESTDIR)$(USRLIB64DIR)/libekmfweb.so.$(VERSION)
|
|
+ ln -srf $(DESTDIR)$(USRLIB64DIR)/libekmfweb.so.$(VERSION) $(DESTDIR)$(USRLIB64DIR)/libekmfweb.so.$(VERM)
|
|
+ ln -srf $(DESTDIR)$(USRLIB64DIR)/libekmfweb.so.$(VERSION) $(DESTDIR)$(USRLIB64DIR)/libekmfweb.so
|
|
$(INSTALL) -d -m 770 $(DESTDIR)$(USRINCLUDEDIR)/ekmfweb
|
|
$(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 $(rootdir)include/ekmfweb/ekmfweb.h $(DESTDIR)$(USRINCLUDEDIR)/ekmfweb
|
|
|
|
install: all $(INSTALL_TARGETS)
|
|
|
|
clean:
|
|
- rm -f *.o libekmfweb.so check-dep-libekmfweb detect-openssl-version.dep
|
|
+ rm -f *.o libekmfweb.so* check-dep-libekmfweb detect-openssl-version.dep
|
|
|
|
.PHONY: all install clean skip-libekmfweb-openssl skip-libekmfweb-jsonc \
|
|
- skip-libekmfweb-curl install-libekmfweb.so
|
|
+ skip-libekmfweb-curl install-libekmfweb.so.$(VERSION)
|
|
diff --git a/zkey/ekmfweb/Makefile b/zkey/ekmfweb/Makefile
|
|
index 42e3937f..79a16cb5 100644
|
|
--- a/zkey/ekmfweb/Makefile
|
|
+++ b/zkey/ekmfweb/Makefile
|
|
@@ -1,5 +1,8 @@
|
|
include ../../common.mak
|
|
|
|
+VERSION = 1.0
|
|
+VERM = $(shell echo $(VERSION) | cut -d '.' -f 1)
|
|
+
|
|
all: zkey-ekmfweb.so
|
|
|
|
libs = $(rootdir)/libutil/libutil.a
|
|
@@ -8,7 +11,7 @@ export LIBRARY_PATH = $(rootdir)/libekmfweb:$LIBRARY_PATH
|
|
|
|
zkey-ekmfweb.o: zkey-ekmfweb.c zkey-ekmfweb.h ../kms-plugin.h \
|
|
../cca.h ../utils.h ../pkey.h ../properties.h \
|
|
- $(rootdir)include/ekmfweb/ekmfweb.h $(rootdir)/libekmfweb/libekmfweb.so
|
|
+ $(rootdir)include/ekmfweb/ekmfweb.h libekmfweb.dep
|
|
|
|
properties.o: ../properties.c ../properties.h
|
|
$(CC) $(ALL_CPPFLAGS) $(ALL_CFLAGS) -fPIC -c $< -o $@
|
|
@@ -26,9 +29,9 @@ utils.o: ../utils.c ../utils.h ../pkey.h ../cca.h ../ep11.h
|
|
$(CC) $(ALL_CPPFLAGS) $(ALL_CFLAGS) -fPIC -c $< -o $@
|
|
|
|
zkey-ekmfweb.so: ALL_CFLAGS += -fPIC
|
|
-zkey-ekmfweb.so: LDLIBS = -lekmfweb -ldl -lcrypto -shared
|
|
-zkey-ekmfweb.so: LDFLAGS = -shared -Wl,--version-script=zkey-ekmfweb.map \
|
|
- -Wl,-z,defs,-Bsymbolic
|
|
+zkey-ekmfweb.so: LDLIBS = -lekmfweb -ldl -lcrypto
|
|
+zkey-ekmfweb.so: ALL_LDFLAGS += -shared -Wl,--version-script=zkey-ekmfweb.map \
|
|
+ -Wl,-z,defs,-Bsymbolic -Wl,-soname,zkey-ekmfweb.so.$(VERM)
|
|
zkey-ekmfweb.so: zkey-ekmfweb.o properties.o pkey.o cca.o ep11.o utils.o $(libs)
|
|
$(LINK) $(ALL_LDFLAGS) $^ $(LDLIBS) -o $@
|
|
|
|
@@ -36,13 +39,18 @@ install-libekmfweb.dep:
|
|
$(MAKE) -C $(rootdir)/libekmfweb/ TOPDIR=$(TOPDIR) ARCH=$(ARCH) install
|
|
touch install-libekmfweb.dep
|
|
|
|
+libekmfweb.dep:
|
|
+ $(MAKE) -C $(rootdir)/libekmfweb/ TOPDIR=$(TOPDIR) ARCH=$(ARCH) all
|
|
+ touch libekmfweb.dep
|
|
+
|
|
install: all install-libekmfweb.dep zkey-ekmfweb.so
|
|
$(INSTALL) -d -m 755 $(DESTDIR)$(MANDIR)/man1
|
|
$(INSTALL) -m 644 -c zkey-ekmfweb.1 $(DESTDIR)$(MANDIR)/man1
|
|
- $(INSTALL) -d -m 755 $(DESTDIR)$(LIB64DIR)
|
|
- $(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 -T zkey-ekmfweb.so $(DESTDIR)$(LIB64DIR)/zkey-ekmfweb.so
|
|
+ $(INSTALL) -d -m 755 $(DESTDIR)$(USRLIB64DIR)
|
|
+ $(INSTALL) -d -m 755 $(DESTDIR)$(USRLIB64DIR)/zkey
|
|
+ $(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 -T zkey-ekmfweb.so $(DESTDIR)$(USRLIB64DIR)/zkey/zkey-ekmfweb.so
|
|
|
|
clean:
|
|
- rm -f *.o zkey-ekmfweb.so install-libekmfweb.dep
|
|
+ rm -f *.o zkey-ekmfweb.so install-libekmfweb.dep libekmfweb.dep
|
|
|
|
.PHONY: all install clean
|
|
\ No newline at end of file
|
|
diff --git a/zkey/kms.c b/zkey/kms.c
|
|
index 46427e6e..b2ce165a 100644
|
|
--- a/zkey/kms.c
|
|
+++ b/zkey/kms.c
|
|
@@ -40,6 +40,7 @@
|
|
|
|
#define ENVVAR_ZKEY_KMS_PLUGINS "ZKEY_KMS_PLUGINS"
|
|
#define DEFAULT_KMS_PLUGINS "/etc/zkey/kms-plugins.conf"
|
|
+#define KMS_PLUGIN_LOCATION "/usr/lib64/zkey"
|
|
|
|
#define KMS_CONFIG_FILE "kms.conf"
|
|
#define KMS_CONFIG_PROP_KMS "kms"
|
|
@@ -209,6 +210,7 @@ static int load_kms_plugin(const char *plugin,
|
|
void **plugin_lib, char **plugin_name, bool verbose)
|
|
{
|
|
kms_get_functions_t _kms_get_functions;
|
|
+ char load_so_name[PATH_MAX];
|
|
char *so_name = NULL;
|
|
FILE *fp = NULL;
|
|
char line[4096];
|
|
@@ -258,15 +260,26 @@ static int load_kms_plugin(const char *plugin,
|
|
goto out;
|
|
}
|
|
|
|
+ /* Try to load via LD_LIBRARY_PATH first */
|
|
+ snprintf(load_so_name, sizeof(load_so_name), "%s", so_name);
|
|
pr_verbose(verbose, "Loading KMS plugin '%s': '%s'", *plugin_name,
|
|
- so_name);
|
|
- *plugin_lib = dlopen(so_name, RTLD_GLOBAL | RTLD_NOW);
|
|
+ load_so_name);
|
|
+ *plugin_lib = dlopen(load_so_name, RTLD_GLOBAL | RTLD_NOW);
|
|
if (*plugin_lib == NULL) {
|
|
- pr_verbose(verbose, "%s", dlerror());
|
|
- warnx("Failed to load KMS plugin '%s': '%s'", *plugin_name,
|
|
- so_name);
|
|
- rc = -ELIBACC;
|
|
- goto out;
|
|
+ /* Try to load from default plugin location */
|
|
+ snprintf(load_so_name, sizeof(load_so_name), "%s/%s",
|
|
+ KMS_PLUGIN_LOCATION, so_name);
|
|
+ pr_verbose(verbose, "Loading KMS plugin '%s': '%s'",
|
|
+ *plugin_name, load_so_name);
|
|
+
|
|
+ *plugin_lib = dlopen(load_so_name, RTLD_GLOBAL | RTLD_NOW);
|
|
+ if (*plugin_lib == NULL) {
|
|
+ pr_verbose(verbose, "%s", dlerror());
|
|
+ warnx("Failed to load KMS plugin '%s': '%s'",
|
|
+ *plugin_name, load_so_name);
|
|
+ rc = -ELIBACC;
|
|
+ goto out;
|
|
+ }
|
|
}
|
|
|
|
_kms_get_functions = (kms_get_functions_t)dlsym(*plugin_lib,
|
|
@@ -274,7 +287,7 @@ static int load_kms_plugin(const char *plugin,
|
|
if (_kms_get_functions == NULL) {
|
|
pr_verbose(verbose, "%s", dlerror());
|
|
warnx("Failed to load KMS plugin '%s': '%s'", *plugin_name,
|
|
- so_name);
|
|
+ load_so_name);
|
|
rc = -ELIBACC;
|
|
goto out;
|
|
}
|
|
@@ -283,13 +296,13 @@ static int load_kms_plugin(const char *plugin,
|
|
if (*kms_functions == NULL) {
|
|
pr_verbose(verbose, "kms_get_functions() reutned NULL");
|
|
warnx("Failed to load KMS plugin '%s': '%s'", *plugin_name,
|
|
- so_name);
|
|
+ load_so_name);
|
|
rc = -ELIBACC;
|
|
goto out;
|
|
}
|
|
|
|
pr_verbose(verbose, "Successfully loaded KMS plugin '%s': '%s' (API "
|
|
- "version: %u)", *plugin_name, so_name,
|
|
+ "version: %u)", *plugin_name, load_so_name,
|
|
(*kms_functions)->api_version);
|
|
|
|
out:
|