Hello community, here is the log from the commit of package openCryptoki for openSUSE:Factory checked in at 2016-08-03 11:43:47 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openCryptoki (Old) and /work/SRC/openSUSE:Factory/.openCryptoki.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openCryptoki" Changes: -------- --- /work/SRC/openSUSE:Factory/openCryptoki/openCryptoki.changes 2016-07-12 23:52:29.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.openCryptoki.new/openCryptoki.changes 2016-08-03 11:44:01.000000000 +0200 @@ -1,0 +2,6 @@ +Tue Jul 19 17:07:16 UTC 2016 - mp...@suse.com + +- Added ocki-3.5-create-missing-tpm-token-lock-directory.patch + (bsc#989602). + +------------------------------------------------------------------- New: ---- ocki-3.5-create-missing-tpm-token-lock-directory.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openCryptoki.spec ++++++ --- /var/tmp/diff_new_pack.VXxEXW/_old 2016-08-03 11:44:03.000000000 +0200 +++ /var/tmp/diff_new_pack.VXxEXW/_new 2016-08-03 11:44:03.000000000 +0200 @@ -70,6 +70,7 @@ Patch6: ocki-3.5-icsf-sessionhandle-missing-fix.patch Patch7: ocki-3.5-icsf-reasoncode-2028-added.patch Patch8: ocki-3.5-added-NULLreturn-check.patch +Patch9: ocki-3.5-create-missing-tpm-token-lock-directory.patch Url: https://sourceforge.net/projects/opencryptoki/ BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -156,6 +157,7 @@ %patch6 -p1 %patch7 -p1 %patch8 -p1 +%patch9 -p1 cp %{SOURCE2} . ++++++ ocki-3.5-create-missing-tpm-token-lock-directory.patch ++++++ commit aeea198cb8ea640cd37735365ee51a03aca67036 Author: Vineetha Pai <vpis...@us.ibm.com> Date: Mon Jul 18 15:41:24 2016 -0400 create missing tpm lock directory from tpm stdll. tpm token does not use common/utility function to create token lock directory. Hence the patch to create missing lock directories was not working on tpm token. Modified the tpm stdll code to create the token lock directory if it is missing on the system. Signed-off-by: Vineetha Pai <vpis...@us.ibm.com> diff --git a/usr/lib/pkcs11/tpm_stdll/tpm_specific.c b/usr/lib/pkcs11/tpm_stdll/tpm_specific.c index e7978d3..2a20d7d 100644 --- a/usr/lib/pkcs11/tpm_stdll/tpm_specific.c +++ b/usr/lib/pkcs11/tpm_stdll/tpm_specific.c @@ -44,6 +44,7 @@ #include <errno.h> #include <pwd.h> #include <syslog.h> +#include <grp.h> #include <openssl/des.h> #include <openssl/rand.h> @@ -3393,10 +3394,13 @@ int token_specific_creatlock(void) { CK_BYTE lockfile[PATH_MAX]; + CK_BYTE lockdir[PATH_MAX]; struct passwd *pw = NULL; struct stat statbuf; mode_t mode = (S_IRUSR|S_IWUSR|S_IXUSR); int lockfd; + int ret = -1; + struct group *grp; /* get userid */ if ((pw = getpwuid(getuid())) == NULL) { @@ -3404,6 +3408,45 @@ token_specific_creatlock(void) return -1; } + /** create lock subdir for each token if it doesn't exist. + * The root /var/lock/opencryptoki directory should be created in slotmgr + * daemon **/ + sprintf(lockdir, "%s/%s", LOCKDIR_PATH, SUB_DIR); + + ret = stat(lockdir, &statbuf); + if (ret != 0 && errno == ENOENT) { + /* dir does not exist, try to create it */ + ret = mkdir(lockdir, S_IRWXU|S_IRWXG); + if (ret != 0) { + OCK_SYSLOG(LOG_ERR, + "Directory(%s) missing: %s\n", + lockdir, + strerror(errno)); + goto err; + } + grp = getgrnam("pkcs11"); + if (grp == NULL) { + fprintf(stderr, "getgrname(pkcs11): %s", + strerror(errno)); + goto err; + } + /* set ownership to euid, and pkcs11 group */ + if (chown(lockdir, geteuid(), grp->gr_gid) != 0) { + fprintf(stderr, "Failed to set owner:group \ + ownership\ + on %s directory", lockdir); + goto err; + } + /* mkdir does not set group permission right, so + ** trying explictly here again */ + if (chmod(lockdir, S_IRWXU|S_IRWXG) != 0){ + fprintf(stderr, "Failed to change \ + permissions\ + on %s directory", lockdir); + goto err; + } + } + /* create user-specific directory */ sprintf(lockfile, "%s/%s/%s", LOCKDIR_PATH, SUB_DIR, pw->pw_name);
