Hello community,
here is the log from the commit of package openCryptoki for openSUSE:Factory checked in at 2016-08-03 11:43:47
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openCryptoki (Old)
and /work/SRC/openSUSE:Factory/.openCryptoki.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openCryptoki"
Changes:
--------
--- /work/SRC/openSUSE:Factory/openCryptoki/openCryptoki.changes 2016-07-12 23:52:29.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.openCryptoki.new/openCryptoki.changes 2016-08-03 11:44:01.000000000 +0200
@@ -1,0 +2,6 @@
+Tue Jul 19 17:07:16 UTC 2016 - mpost@suse.com
+
+- Added ocki-3.5-create-missing-tpm-token-lock-directory.patch
+ (bsc#989602).
+
+-------------------------------------------------------------------
New:
----
ocki-3.5-create-missing-tpm-token-lock-directory.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openCryptoki.spec ++++++
--- /var/tmp/diff_new_pack.VXxEXW/_old 2016-08-03 11:44:03.000000000 +0200
+++ /var/tmp/diff_new_pack.VXxEXW/_new 2016-08-03 11:44:03.000000000 +0200
@@ -70,6 +70,7 @@
Patch6: ocki-3.5-icsf-sessionhandle-missing-fix.patch
Patch7: ocki-3.5-icsf-reasoncode-2028-added.patch
Patch8: ocki-3.5-added-NULLreturn-check.patch
+Patch9: ocki-3.5-create-missing-tpm-token-lock-directory.patch
Url: https://sourceforge.net/projects/opencryptoki/
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -156,6 +157,7 @@
%patch6 -p1
%patch7 -p1
%patch8 -p1
+%patch9 -p1
cp %{SOURCE2} .
++++++ ocki-3.5-create-missing-tpm-token-lock-directory.patch ++++++
commit aeea198cb8ea640cd37735365ee51a03aca67036
Author: Vineetha Pai
Date: Mon Jul 18 15:41:24 2016 -0400
create missing tpm lock directory from tpm stdll.
tpm token does not use common/utility function to create token lock
directory. Hence the patch to create missing lock directories was not
working on tpm token. Modified the tpm stdll code to create the token
lock directory if it is missing on the system.
Signed-off-by: Vineetha Pai
diff --git a/usr/lib/pkcs11/tpm_stdll/tpm_specific.c b/usr/lib/pkcs11/tpm_stdll/tpm_specific.c
index e7978d3..2a20d7d 100644
--- a/usr/lib/pkcs11/tpm_stdll/tpm_specific.c
+++ b/usr/lib/pkcs11/tpm_stdll/tpm_specific.c
@@ -44,6 +44,7 @@
#include
#include
#include
+#include
#include
#include
@@ -3393,10 +3394,13 @@ int
token_specific_creatlock(void)
{
CK_BYTE lockfile[PATH_MAX];
+ CK_BYTE lockdir[PATH_MAX];
struct passwd *pw = NULL;
struct stat statbuf;
mode_t mode = (S_IRUSR|S_IWUSR|S_IXUSR);
int lockfd;
+ int ret = -1;
+ struct group *grp;
/* get userid */
if ((pw = getpwuid(getuid())) == NULL) {
@@ -3404,6 +3408,45 @@ token_specific_creatlock(void)
return -1;
}
+ /** create lock subdir for each token if it doesn't exist.
+ * The root /var/lock/opencryptoki directory should be created in slotmgr
+ * daemon **/
+ sprintf(lockdir, "%s/%s", LOCKDIR_PATH, SUB_DIR);
+
+ ret = stat(lockdir, &statbuf);
+ if (ret != 0 && errno == ENOENT) {
+ /* dir does not exist, try to create it */
+ ret = mkdir(lockdir, S_IRWXU|S_IRWXG);
+ if (ret != 0) {
+ OCK_SYSLOG(LOG_ERR,
+ "Directory(%s) missing: %s\n",
+ lockdir,
+ strerror(errno));
+ goto err;
+ }
+ grp = getgrnam("pkcs11");
+ if (grp == NULL) {
+ fprintf(stderr, "getgrname(pkcs11): %s",
+ strerror(errno));
+ goto err;
+ }
+ /* set ownership to euid, and pkcs11 group */
+ if (chown(lockdir, geteuid(), grp->gr_gid) != 0) {
+ fprintf(stderr, "Failed to set owner:group \
+ ownership\
+ on %s directory", lockdir);
+ goto err;
+ }
+ /* mkdir does not set group permission right, so
+ ** trying explictly here again */
+ if (chmod(lockdir, S_IRWXU|S_IRWXG) != 0){
+ fprintf(stderr, "Failed to change \
+ permissions\
+ on %s directory", lockdir);
+ goto err;
+ }
+ }
+
/* create user-specific directory */
sprintf(lockfile, "%s/%s/%s", LOCKDIR_PATH, SUB_DIR, pw->pw_name);