Enable pkcs11 support in 0.10.4

Signed-off-by: Norbert Pocs <npocs@redhat.com>
This commit is contained in:
Norbert Pocs 2022-10-06 16:45:45 +02:00
parent 09bb29291f
commit 766cc6286d
2 changed files with 108 additions and 1 deletions

View File

@ -1,6 +1,6 @@
Name: libssh
Version: 0.10.4
Release: 1%{?dist}
Release: 2%{?dist}
Summary: A library implementing the SSH protocol
License: LGPLv2+
URL: http://www.libssh.org
@ -26,6 +26,9 @@ BuildRequires: uid_wrapper
BuildRequires: openssh-clients
BuildRequires: openssh-server
BuildRequires: nmap-ncat
BuildRequires: openssl-pkcs11
BuildRequires: softhsm
BuildRequires: gnutls-utils
Requires: %{name}-config = %{version}-%{release}
@ -37,6 +40,8 @@ Provides: libssh_threads.so.4()(64bit)
Provides: libssh_threads.so.4
%endif
Patch1: pkcs11_test_fix.patch
%description
The ssh library was designed to be used by programmers needing a working SSH
implementation by the mean of a library. The complete control of the client is
@ -70,6 +75,7 @@ gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
-DUNIT_TESTING=ON \
-DCLIENT_TESTING=ON \
-DSERVER_TESTING=ON \
-DWITH_PKCS11_URI=ON \
-DGLOBAL_CLIENT_CONFIG="%{_sysconfdir}/libssh/libssh_client.config" \
-DGLOBAL_BIND_CONFIG="%{_sysconfdir}/libssh/libssh_server.config"
@ -127,6 +133,9 @@ popd
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config
%changelog
* Thu Oct 06 2022 Norbert Pocs <npocs@redhat.com> - 0.10.4-2
- Enable pkcs11 support
* Wed Sep 07 2022 Andreas Schneider <asn@redhat.com> - 0.10.4-1
- Update to version 0.10.4
https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.4

98
pkcs11_test_fix.patch Normal file
View File

@ -0,0 +1,98 @@
diff --git a/tests/pkcs11/setup-softhsm-tokens.sh b/tests/pkcs11/setup-softhsm-tokens.sh
index 532c86a7..9050cea6 100755
--- a/tests/pkcs11/setup-softhsm-tokens.sh
+++ b/tests/pkcs11/setup-softhsm-tokens.sh
@@ -17,10 +17,10 @@ echo "OBJNAME: $OBJNAME"
echo "LOADPUBLIC: $LOADPUBLIC"
# Create temporary directory for tokens
-install -d -m 0755 $TESTDIR/db
+install -d -m 0755 "$TESTDIR/db"
# Create SoftHSM configuration file
-cat >$TESTDIR/softhsm.conf <<EOF
+cat >"$TESTDIR/softhsm.conf" <<EOF
directories.tokendir = $TESTDIR/db
objectstore.backend = file
log.level = DEBUG
@@ -28,12 +28,12 @@ EOF
export SOFTHSM2_CONF=$TESTDIR/softhsm.conf
-cat $TESTDIR/softhsm.conf
+cat "$TESTDIR/softhsm.conf"
#init
-cmd='softhsm2-util --init-token --label "$OBJNAME" --free --pin 1234 --so-pin 1234'
+cmd="softhsm2-util --init-token --label $OBJNAME --free --pin 1234 --so-pin 1234"
eval echo "$cmd"
-out=$(eval $cmd)
+out=$(eval "$cmd")
ret=$?
if [ $ret -ne 0 ]; then
echo "Init token failed"
@@ -41,10 +41,29 @@ if [ $ret -ne 0 ]; then
exit 1
fi
+find_library_path() {
+ echo "$@"
+ for _lib in "$@" ; do
+ if test -f "$_lib" ; then
+ LIBSOFTHSM_PATH="$_lib"
+ echo "Using libsofthsm path: $LIBSOFTHSM_PATH"
+ return
+ fi
+ done
+ echo "libsofthsm2.so not found"
+ exit 1
+}
+
+find_library_path \
+ /usr/lib64/libsofthsm2.so \
+ /usr/lib/libsofthsm2.so \
+ /usr/local/lib/softhsm/libsofthsm2.so \
+ /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so
+
#load private key
-cmd='p11tool --provider /usr/lib64/pkcs11/libsofthsm2.so --write --load-privkey "$PRIVKEY" --label "$OBJNAME" --login --set-pin=1234 "pkcs11:token="$OBJNAME""'
+cmd="p11tool --provider $LIBSOFTHSM_PATH --write --load-privkey $PRIVKEY --label $OBJNAME --login --set-pin=1234 \"pkcs11:token=$OBJNAME\""
eval echo "$cmd"
-out=$(eval $cmd)
+out=$(eval "$cmd")
ret=$?
if [ $ret -ne 0 ]; then
echo "Loading privkey failed"
@@ -52,15 +71,15 @@ if [ $ret -ne 0 ]; then
exit 1
fi
-cat $PUBKEY
+cat "$PUBKEY"
-ls -l $TESTDIR
+ls -l "$TESTDIR"
-if [ $LOADPUBLIC -ne 0 ]; then
+if [ "$LOADPUBLIC" -ne 0 ]; then
#load public key
- cmd='p11tool --provider /usr/lib64/pkcs11/libsofthsm2.so --write --load-pubkey "$PUBKEY" --label "$OBJNAME" --login --set-pin=1234 "pkcs11:token="$OBJNAME""'
+ cmd="p11tool --provider $LIBSOFTHSM_PATH --write --load-pubkey $PUBKEY --label $OBJNAME --login --set-pin=1234 \"pkcs11:token=$OBJNAME\""
eval echo "$cmd"
- out=$(eval $cmd)
+ out=$(eval "$cmd")
ret=$?
if [ $ret -ne 0 ]; then
echo "Loading pubkey failed"
@@ -69,9 +88,9 @@ if [ $LOADPUBLIC -ne 0 ]; then
fi
fi
-cmd='p11tool --list-all --login "pkcs11:token="$OBJNAME"" --set-pin=1234'
+cmd="p11tool --list-all --login \"pkcs11:token=$OBJNAME\" --set-pin=1234"
eval echo "$cmd"
-out=$(eval $cmd)
+out=$(eval "$cmd")
ret=$?
if [ $ret -ne 0 ]; then
echo "Loging failed"