Browse Source

nss-pem package creation

Signed-off-by: basebuilder_pel7ppc64bebuilder0 <basebuilder@powerel.org>
master
basebuilder_pel7ppc64bebuilder0 7 years ago
parent
commit
d9b6a6629b
  1. 102
      SOURCES/0001-nss-pem-1.0.3-drop-wait-for-slot-event-cb.patch
  2. 63
      SPECS/nss-pem.spec

102
SOURCES/0001-nss-pem-1.0.3-drop-wait-for-slot-event-cb.patch

@ -0,0 +1,102 @@
From c7783ffebee147c3491c58656d9b77c74cdf3667 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Fri, 21 Apr 2017 13:32:25 +0200
Subject: [PATCH] remove implementation of the WaitForSlotEvent callback

This reverts commit eefef2286183f1c895f408202367a0e4cb3b44c8.
---
src/ckpem.h | 1 -
src/pinst.c | 13 +------------
src/pobject.c | 19 ++++++++++++-------
3 files changed, 13 insertions(+), 20 deletions(-)

diff --git a/src/ckpem.h b/src/ckpem.h
index b4fff2c..e6ecc5f 100644
--- a/src/ckpem.h
+++ b/src/ckpem.h
@@ -211,7 +211,6 @@ struct pemInternalObjectStr {
NSS_EXTERN_DATA pemInternalObject **pem_objs;
NSS_EXTERN_DATA int pem_nobjs;
NSS_EXTERN_DATA int token_needsLogin[];
-NSS_EXTERN_DATA NSSCKMDSlot *lastEventSlot;
struct pemTokenStr {
PRBool logged_in;
diff --git a/src/pinst.c b/src/pinst.c
index 9cfbf45..5ac0ff3 100644
--- a/src/pinst.c
+++ b/src/pinst.c
@@ -53,7 +53,6 @@ static PRBool pemInitialized = PR_FALSE;
pemInternalObject **pem_objs;
int pem_nobjs = 0;
int token_needsLogin[NUM_SLOTS];
-NSSCKMDSlot *lastEventSlot;
/*
* simple cert decoder to avoid the cost of asn1 engine
@@ -833,16 +832,6 @@ pem_mdInstance_ModuleHandlesSessionObjects
return CK_TRUE;
}
-static NSSCKMDSlot *
-pem_mdInstance_WaitForSlotEvent(
- NSSCKMDInstance * mdInstance,
- NSSCKFWInstance * fwInstance,
- CK_BBOOL block,
- CK_RV * pError)
-{
- return lastEventSlot;
-}
-
NSS_IMPLEMENT_DATA const NSSCKMDInstance
pem_mdInstance = {
(void *) NULL, /* etc */
@@ -855,6 +844,6 @@ pem_mdInstance = {
pem_mdInstance_GetLibraryVersion,
pem_mdInstance_ModuleHandlesSessionObjects,
pem_mdInstance_GetSlots,
- pem_mdInstance_WaitForSlotEvent,
+ NULL, /* WaitForSlotEvent */
(void *) NULL /* null terminator */
};
diff --git a/src/pobject.c b/src/pobject.c
index 6551d06..1227737 100644
--- a/src/pobject.c
+++ b/src/pobject.c
@@ -1212,6 +1212,7 @@ pem_CreateObject
/* Brute force: find the id of the certificate, if any, in this slot */
int i;
SECItem certDER;
+ CK_SESSION_HANDLE hSession;
PRBool added;
nobjs = ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_FALSE /* keys only */);
@@ -1259,14 +1260,18 @@ pem_CreateObject
* the token was removed so we can force a login.
*/
if (cipher && added) {
- /* remember the slot for pem_mdInstance_WaitForSlotEvent() */
- lastEventSlot = NSSCKFWSlot_GetMDSlot(fwSlot);
-
+ /* FIXME: Why 1.0s? Is it enough? Isn't it too much?
+ * What about e.g. 3.14s? */
+ PRIntervalTime onesec = PR_SecondsToInterval(1);
token_needsLogin[slotID - 1] = PR_TRUE;
- /* FIXME: dirty hack relying on NSS internals */
- CK_SESSION_HANDLE hSession =
- NSSCKFWInstance_FindSessionHandle(fwInstance, fwSession);
- NSSCKFWInstance_DestroySessionHandle(fwInstance, hSession);
+
+ /* We have to sleep so that NSS will notice that the token was
+ * removed.
+ */
+ PR_Sleep(onesec);
+ hSession =
+ NSSCKFWInstance_FindSessionHandle(fwInstance, fwSession);
+ NSSCKFWInstance_DestroySessionHandle(fwInstance, hSession);
} else {
*pError = CKR_KEY_UNEXTRACTABLE;
}
--
2.9.3

63
SPECS/nss-pem.spec

@ -0,0 +1,63 @@
Name: nss-pem
Version: 1.0.3
Release: 4%{?dist}
Summary: PEM file reader for Network Security Services (NSS)

License: MPLv1.1
URL: https://github.com/kdudka/nss-pem
Source0: https://github.com/kdudka/nss-pem/releases/download/%{name}-%{version}/%{name}-%{version}.tar.xz
Patch1: 0001-nss-pem-1.0.3-drop-wait-for-slot-event-cb.patch

BuildRequires: cmake
BuildRequires: nss-pkcs11-devel

# require at least the version of nss that nss-pem was built against (#1428965)
Requires: nss%{?_isa} >= %(nss-config --version 2>/dev/null || echo 0)

# make the nss-pem pkg conflict with all nss builds with bundled nss-pem
Conflicts: nss%{?_isa} < 3.28.2-2.el7

%description
PEM file reader for Network Security Services (NSS), implemented as a PKCS#11
module.

%prep
%setup -q
%patch1 -p1

%build
mkdir build
cd build
%cmake ../src
make %{?_smp_mflags} VERBOSE=yes

%install
cd build
make install DESTDIR=%{buildroot}

%check
cd build
ctest %{?_smp_mflags} --output-on-failure

%files
%{_libdir}/libnsspem.so
%license COPYING

%changelog
* Wed Apr 26 2017 Kamil Dudka <kdudka@redhat.com> 1.0.3-4
- fix missing prototypes detected by Covscan

* Tue Apr 25 2017 Kamil Dudka <kdudka@redhat.com> 1.0.3-3
- remove implementation of the WaitForSlotEvent callback (#1445384)

* Mon Mar 06 2017 Kamil Dudka <kdudka@redhat.com> 1.0.3-2
- require at least the version of nss that nss-pem was built against (#1428965)

* Wed Mar 01 2017 Kamil Dudka <kdudka@redhat.com> 1.0.3-1
- update to latest upstream bugfix release (#1427917)

* Tue Feb 14 2017 Kamil Dudka <kdudka@redhat.com> 1.0.2-2
- explicitly conflict with all nss builds with bundled nss-pem

* Tue Jan 24 2017 Kamil Dudka <kdudka@redhat.com> 1.0.2-1
- imported into RHEL-7
Loading…
Cancel
Save