nss-pem package creation

Signed-off-by: basebuilder_pel7ppc64bebuilder0 <basebuilder@powerel.org>
2018-05-31 12:08:53 +02:00 · 2018-05-31 12:08:53 +02:00 · d9b6a6629b
parent 32a16a63ef
commit d9b6a6629b
2 changed files with 165 additions and 0 deletions
--- a/SOURCES/0001-nss-pem-1.0.3-drop-wait-for-slot-event-cb.patch
+++ b/SOURCES/0001-nss-pem-1.0.3-drop-wait-for-slot-event-cb.patch
@ -0,0 +1,102 @@
+From c7783ffebee147c3491c58656d9b77c74cdf3667 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Fri, 21 Apr 2017 13:32:25 +0200
+Subject: [PATCH] remove implementation of the WaitForSlotEvent callback
+
+This reverts commit eefef2286183f1c895f408202367a0e4cb3b44c8.
+---
+ src/ckpem.h   |  1 -
+ src/pinst.c   | 13 +------------
+ src/pobject.c | 19 ++++++++++++-------
+ 3 files changed, 13 insertions(+), 20 deletions(-)
+
+diff --git a/src/ckpem.h b/src/ckpem.h
+index b4fff2c..e6ecc5f 100644
+--- a/src/ckpem.h
+++ b/src/ckpem.h
+@@ -211,7 +211,6 @@ struct pemInternalObjectStr {
+ NSS_EXTERN_DATA pemInternalObject **pem_objs;
+ NSS_EXTERN_DATA int pem_nobjs;
+ NSS_EXTERN_DATA int token_needsLogin[];
+-NSS_EXTERN_DATA NSSCKMDSlot *lastEventSlot;
+ 
+ struct pemTokenStr {
+   PRBool          logged_in;
+diff --git a/src/pinst.c b/src/pinst.c
+index 9cfbf45..5ac0ff3 100644
+--- a/src/pinst.c
+++ b/src/pinst.c
+@@ -53,7 +53,6 @@ static PRBool pemInitialized = PR_FALSE;
+ pemInternalObject **pem_objs;
+ int pem_nobjs = 0;
+ int token_needsLogin[NUM_SLOTS];
+-NSSCKMDSlot *lastEventSlot;
+ 
+ /*
+  * simple cert decoder to avoid the cost of asn1 engine
+@@ -833,16 +832,6 @@ pem_mdInstance_ModuleHandlesSessionObjects
+     return CK_TRUE;
+ }
+ 
+-static NSSCKMDSlot *
+-pem_mdInstance_WaitForSlotEvent(
+-    NSSCKMDInstance * mdInstance,
+-    NSSCKFWInstance * fwInstance,
+-    CK_BBOOL block,
+-    CK_RV * pError)
+-{
+-    return lastEventSlot;
+-}
+-
+ NSS_IMPLEMENT_DATA const NSSCKMDInstance
+ pem_mdInstance = {
+     (void *) NULL, /* etc */
+@@ -855,6 +844,6 @@ pem_mdInstance = {
+     pem_mdInstance_GetLibraryVersion,
+     pem_mdInstance_ModuleHandlesSessionObjects,
+     pem_mdInstance_GetSlots,
+-    pem_mdInstance_WaitForSlotEvent,
+    NULL, /* WaitForSlotEvent */
+     (void *) NULL /* null terminator */
+ };
+diff --git a/src/pobject.c b/src/pobject.c
+index 6551d06..1227737 100644
+--- a/src/pobject.c
+++ b/src/pobject.c
+@@ -1212,6 +1212,7 @@ pem_CreateObject
+         /* Brute force: find the id of the certificate, if any, in this slot */
+         int i;
+         SECItem certDER;
+        CK_SESSION_HANDLE hSession;
+         PRBool added;
+ 
+         nobjs = ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_FALSE /* keys only */);
+@@ -1259,14 +1260,18 @@ pem_CreateObject
+          * the token was removed so we can force a login.
+          */
+         if (cipher && added) {
+-            /* remember the slot for pem_mdInstance_WaitForSlotEvent() */
+-            lastEventSlot = NSSCKFWSlot_GetMDSlot(fwSlot);
+-
+            /* FIXME: Why 1.0s? Is it enough? Isn't it too much?
+             * What about e.g. 3.14s? */
+            PRIntervalTime onesec = PR_SecondsToInterval(1);
+             token_needsLogin[slotID - 1] = PR_TRUE;
+-            /* FIXME: dirty hack relying on NSS internals */
+-            CK_SESSION_HANDLE hSession =
+-                NSSCKFWInstance_FindSessionHandle(fwInstance, fwSession);
+-            NSSCKFWInstance_DestroySessionHandle(fwInstance, hSession);
+
+            /* We have to sleep so that NSS will notice that the token was
+             * removed.
+             */
+            PR_Sleep(onesec);
+            hSession =
+                NSSCKFWInstance_FindSessionHandle(fwInstance, fwSession);
+            NSSCKFWInstance_DestroySessionHandle(fwInstance, hSession);
+         } else {
+             *pError = CKR_KEY_UNEXTRACTABLE;
+         }
+-- 
+2.9.3
+
--- a/SPECS/nss-pem.spec
+++ b/SPECS/nss-pem.spec
@ -0,0 +1,63 @@
+Name:       nss-pem
+Version:    1.0.3
+Release:    4%{?dist}
+Summary:    PEM file reader for Network Security Services (NSS)
+
+License:    MPLv1.1
+URL:        https://github.com/kdudka/nss-pem
+Source0:    https://github.com/kdudka/nss-pem/releases/download/%{name}-%{version}/%{name}-%{version}.tar.xz
+Patch1:     0001-nss-pem-1.0.3-drop-wait-for-slot-event-cb.patch
+
+BuildRequires: cmake
+BuildRequires: nss-pkcs11-devel
+
+# require at least the version of nss that nss-pem was built against (#1428965)
+Requires: nss%{?_isa} >= %(nss-config --version 2>/dev/null || echo 0)
+
+# make the nss-pem pkg conflict with all nss builds with bundled nss-pem
+Conflicts: nss%{?_isa} < 3.28.2-2.el7
+
+%description
+PEM file reader for Network Security Services (NSS), implemented as a PKCS#11
+module.
+
+%prep
+%setup -q
+%patch1 -p1
+
+%build
+mkdir build
+cd build
+%cmake ../src
+make %{?_smp_mflags} VERBOSE=yes
+
+%install
+cd build
+make install DESTDIR=%{buildroot}
+
+%check
+cd build
+ctest %{?_smp_mflags} --output-on-failure
+
+%files
+%{_libdir}/libnsspem.so
+%license COPYING
+
+%changelog
+* Wed Apr 26 2017 Kamil Dudka <kdudka@redhat.com> 1.0.3-4
+- fix missing prototypes detected by Covscan
+
+* Tue Apr 25 2017 Kamil Dudka <kdudka@redhat.com> 1.0.3-3
+- remove implementation of the WaitForSlotEvent callback (#1445384)
+
+* Mon Mar 06 2017 Kamil Dudka <kdudka@redhat.com> 1.0.3-2
+- require at least the version of nss that nss-pem was built against (#1428965)
+
+* Wed Mar 01 2017 Kamil Dudka <kdudka@redhat.com> 1.0.3-1
+- update to latest upstream bugfix release (#1427917)
+
+* Tue Feb 14 2017 Kamil Dudka <kdudka@redhat.com> 1.0.2-2
+- explicitly conflict with all nss builds with bundled nss-pem
+
+* Tue Jan 24 2017 Kamil Dudka <kdudka@redhat.com> 1.0.2-1
+- imported into RHEL-7