packages/libcacard
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:01061e9f92855e0c82f8481a7d6320d36ce23a85
Branches Tags
packages:main
...
compare: packages:b03395f69599845b7bb2c1e2898a0c9a49ecb348
Branches Tags
packages:main

10 Commits
01061e9f92 ... b03395f695

Author SHA1 Message Date
openeuler-ci-bot
b03395f695
!23 Update 2.8.1-5 to upstream 
From: @tomjerryson 
Reviewed-by: @leeffo 
Signed-off-by: @leeffo
 2023-07-21 09:30:17 +00:00
litianze
d780805b69 Update 2.8.1-5 to upstream 
To correct spec
 2023-07-21 16:56:04 +08:00
openeuler-ci-bot
1298ce33bd
!13 update epoch to 41 
From: @zhouwenpei 
Reviewed-by: @t_feng 
Signed-off-by: @t_feng
 2022-12-22 09:05:55 +00:00
zhouwenpei
d07148f529 update epoch to 41 2022-12-22 08:55:44 +00:00
openeuler-ci-bot
7078e18cfd !9 update libcacard version to 2.8.0 
From: @zzm_567
Reviewed-by: @orange-snn
Signed-off-by: @orange-snn
 2021-02-03 17:43:24 +08:00
zhanzhimin
29a874bbd3 update to 2.8.0 2021-02-03 15:45:05 +08:00
openeuler-ci-bot
c09ff3d03a !4 delete the check 
Merge pull request !4 from orange-snn/master
 2020-08-21 22:50:49 +08:00
orange-snn
8a02f1112f a 2020-08-21 22:37:23 +08:00
openeuler-ci-bot
71384165b9 !3 add yaml file in package 
Merge pull request !3 from 桐小哥/master
 2020-07-21 11:56:46 +08:00
sxt1001
a7e85ad342 update yaml file 2020-07-01 09:40:19 +08:00
10 changed files with 494 additions and 162 deletions
Show Stats Expand all files Collapse all files

BIN
db2.crypt Normal file
View File

Binary file not shown.

BIN
gpgkey-A3DDE969.gpg Normal file
View File

Binary file not shown.

124
libcacard-2.7.0-caching-keys.patch
View File

@ -1,124 +0,0 @@
From 2c10ae315375730020108cbcae0c282d0d6eff5f Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Mon, 26 Aug 2019 17:42:06 +0200
Subject: [PATCH 1/2] vcard_emul_nss: Drop the key caching to simplify error
handling
It could happen with PKCS#11 modules that (correctly) invalidate object
handles after logout (which was introduced in 0d3a683a), that the handles
are not valid when we try to use the objects again.
This is trying to address this use case, which I noticed was breaking
CI with SoftHSM PKCS#11 modules.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
src/vcard_emul_nss.c | 15 +--------------
1 file changed, 1 insertion(+), 14 deletions(-)
diff --git a/src/vcard_emul_nss.c b/src/vcard_emul_nss.c
index e8f5c56..f788964 100644
--- a/src/vcard_emul_nss.c
+++ b/src/vcard_emul_nss.c
@@ -52,7 +52,6 @@ typedef enum {
struct VCardKeyStruct {
CERTCertificate *cert;
PK11SlotInfo *slot;
- SECKEYPrivateKey *key;
VCardEmulTriState failedX509;
};
@@ -155,10 +154,6 @@ vcard_emul_make_key(PK11SlotInfo *slot, CERTCertificate *cert)
key = g_new(VCardKey, 1);
key->slot = PK11_ReferenceSlot(slot);
key->cert = CERT_DupCertificate(cert);
- /* NOTE: if we aren't logged into the token, this could return NULL */
- /* NOTE: the cert is a temp cert, not necessarily the cert in the token,
- * use the DER version of this function */
- key->key = PK11_FindKeyByDERCert(slot, cert, NULL);
key->failedX509 = VCardEmulUnknown;
return key;
}
@@ -170,10 +165,6 @@ vcard_emul_delete_key(VCardKey *key)
if (!nss_emul_init || (key == NULL)) {
return;
}
- if (key->key) {
- SECKEY_DestroyPrivateKey(key->key);
- key->key = NULL;
- }
if (key->cert) {
CERT_DestroyCertificate(key->cert);
}
@@ -189,12 +180,8 @@ vcard_emul_delete_key(VCardKey *key)
static SECKEYPrivateKey *
vcard_emul_get_nss_key(VCardKey *key)
{
- if (key->key) {
- return key->key;
- }
/* NOTE: if we aren't logged into the token, this could return NULL */
- key->key = PK11_FindPrivateKeyFromCert(key->slot, key->cert, NULL);
- return key->key;
+ return PK11_FindPrivateKeyFromCert(key->slot, key->cert, NULL);
}
/*
--
2.22.0
From 06587ef683373690f61540935b4516b4f23238ea Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Tue, 27 Aug 2019 12:38:45 +0200
Subject: [PATCH 2/2] tests: Reproducer for pkcs11 modules invalidating object
handles on logout
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
tests/hwtests.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/tests/hwtests.c b/tests/hwtests.c
index cd9a33b..39decfb 100644
--- a/tests/hwtests.c
+++ b/tests/hwtests.c
@@ -339,6 +339,26 @@ static void test_sign_bad_data_x509(void)
vreader_free(reader); /* get by id ref */
}
+/* This is a regression test for issues with PKCS#11 tokens
+ * invalidating object handles after logout (such as softhsm).
+ * See: https://bugzilla.mozilla.org/show_bug.cgi?id=1576642
+ */
+static void test_sign_logout_sign(void)
+{
+ VReader *reader = vreader_get_reader_by_id(0);
+
+ g_assert_nonnull(reader);
+
+ test_login();
+ test_sign();
+
+ /* This implicitly logs out the user */
+ test_login();
+ test_sign();
+
+ vreader_free(reader); /* get by id ref */
+}
+
static void libcacard_finalize(void)
{
VReader *reader = vreader_get_reader_by_id(0);
@@ -374,6 +394,7 @@ int main(int argc, char *argv[])
g_test_add_func("/hw-tests/sign-bad-data", test_sign_bad_data_x509);
g_test_add_func("/hw-tests/empty-applets", test_empty_applets);
g_test_add_func("/hw-tests/get-response", test_get_response);
+ g_test_add_func("/hw-tests/sign-logout-sign", test_sign_logout_sign);
ret = g_test_run();
--
2.22.0

BIN
libcacard-2.7.0.tar.xz
View File

Binary file not shown.

11
libcacard-2.7.0.tar.xz.asc
View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEE99xQpX39UrlCUyle9kkHrBW1wz0FAl0154wACgkQ9kkHrBW1
wz06+Qf/Q6kuvcClfspNnHC6uiG4ltvxC1/56FQXXMOaiwvaR2lrH61po4f16EXI
fQgjuecTMJukMWwdLFPfR444rfO3vNvaQom953MNI+NoWlzgpl+QoWWvCPJwOUl0
ocKC7eehtSklbr05X885jHdsabhe4yUxOSJPhFwkiPZLnYGVwyB5gkhM/W9hBKqK
IkMycN2lW8q+pcjafha9jcSWEa+fzxd+f/78oFwyXB9cPacm0g/LlpNjHZZlnnfn
X8LVvVeYhMsm9eqY3js2QFOIu2045jBeeg5JwT2scuoMPzWBj8KrMGo8loN0NouZ
uE7+03F0YKBoyV463bJkyYNryChXZg==
=Qkcs
-----END PGP SIGNATURE-----

456
libcacard-2.8.1-sort-certificates.patch Normal file
View File

@ -0,0 +1,456 @@
From 8458e1b1b35e69ecdc57c5c92c5780c38695f3f0 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 16 Jun 2022 22:22:17 +0200
Subject: [PATCH 1/3] m4: Update code coverage
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
m4/ax_code_coverage.m4 | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/m4/ax_code_coverage.m4 b/m4/ax_code_coverage.m4
index 3d36924..352165b 100644
--- a/m4/ax_code_coverage.m4
+++ b/m4/ax_code_coverage.m4
@@ -74,7 +74,7 @@
# You should have received a copy of the GNU Lesser General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
-#serial 32
+#serial 34
m4_define(_AX_CODE_COVERAGE_RULES,[
AX_ADD_AM_MACRO_STATIC([
@@ -138,7 +138,7 @@ CODE_COVERAGE_GENHTML_OPTIONS_DEFAULT ?=\
CODE_COVERAGE_GENHTML_OPTIONS ?= \$(CODE_COVERAGE_GENHTML_OPTIONS_DEFAULT)
CODE_COVERAGE_IGNORE_PATTERN ?=
-GITIGNOREFILES = \$(GITIGNOREFILES) \$(CODE_COVERAGE_OUTPUT_FILE) \$(CODE_COVERAGE_OUTPUT_DIRECTORY)
+GITIGNOREFILES := \$(GITIGNOREFILES) \$(CODE_COVERAGE_OUTPUT_FILE) \$(CODE_COVERAGE_OUTPUT_DIRECTORY)
code_coverage_v_lcov_cap = \$(code_coverage_v_lcov_cap_\$(V))
code_coverage_v_lcov_cap_ = \$(code_coverage_v_lcov_cap_\$(AM_DEFAULT_VERBOSITY))
code_coverage_v_lcov_cap_0 = @echo \" LCOV --capture\" \$(CODE_COVERAGE_OUTPUT_FILE);
@@ -175,7 +175,7 @@ code-coverage-clean:
code-coverage-dist-clean:
-A][M_DISTCHECK_CONFIGURE_FLAGS = \$(A][M_DISTCHECK_CONFIGURE_FLAGS) --disable-code-coverage
+A][M_DISTCHECK_CONFIGURE_FLAGS := \$(A][M_DISTCHECK_CONFIGURE_FLAGS) --disable-code-coverage
else # ifneq (\$(abs_builddir), \$(abs_top_builddir))
check-code-coverage:
--
2.35.3
From 0f4cd1279ea826a306bb0f10c691af9f0c40ad2e Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 16 Jun 2022 22:23:03 +0200
Subject: [PATCH 2/3] Sort certificates by ID
This is needed to avoid non-deterministic order of the certificates in
case the underlying pkcs11 module does not guarantee that (such as
softhsm). Without this change, the signing and encryption certificate
might get mixed up and application might try to use wrong one for
verification or decryption.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
src/vcard_emul_nss.c | 43 +++++++++++++++++++++++++++++++++++++------
1 file changed, 37 insertions(+), 6 deletions(-)
diff --git a/src/vcard_emul_nss.c b/src/vcard_emul_nss.c
index b63105d..2d2062d 100644
--- a/src/vcard_emul_nss.c
+++ b/src/vcard_emul_nss.c
@@ -706,8 +706,9 @@ vcard_emul_mirror_card(VReader *vreader)
* us the real certs until we log in.
*/
PK11GenericObject *firstObj, *thisObj;
- int cert_count;
+ int cert_count, i;
unsigned char **certs;
+ SECItem **ids;
int *cert_len;
VCardKey **keys;
PK11SlotInfo *slot;
@@ -734,12 +735,13 @@ vcard_emul_mirror_card(VReader *vreader)
/* allocate the arrays */
vcard_emul_alloc_arrays(&certs, &cert_len, &keys, cert_count);
+ ids = g_new(SECItem *, cert_count);
/* fill in the arrays */
- cert_count = 0;
+ cert_count = i = 0;
for (thisObj = firstObj; thisObj;
thisObj = PK11_GetNextGenericObject(thisObj)) {
- SECItem derCert;
+ SECItem derCert, *id;
CERTCertificate *cert;
SECStatus rv;
@@ -749,22 +751,51 @@ vcard_emul_mirror_card(VReader *vreader)
if (rv != SECSuccess) {
continue;
}
+ /* Read ID and try to sort by this to get reproducible results
+ * in case of underlying pkcs11 module does not provide it */
+ id = SECITEM_AllocItem(NULL, NULL, 0);
+ rv = PK11_ReadRawAttribute(PK11_TypeGeneric, thisObj, CKA_ID, id);
+ if (rv != SECSuccess) {
+ SECITEM_FreeItem(&derCert, PR_FALSE);
+ SECITEM_FreeItem(id, PR_TRUE);
+ continue;
+ }
/* create floating temp cert. This gives us a cert structure even if
* the token isn't logged in */
cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &derCert,
NULL, PR_FALSE, PR_TRUE);
SECITEM_FreeItem(&derCert, PR_FALSE);
if (cert == NULL) {
+ SECITEM_FreeItem(id, PR_TRUE);
continue;
}
- certs[cert_count] = cert->derCert.data;
- cert_len[cert_count] = cert->derCert.len;
- keys[cert_count] = vcard_emul_make_key(slot, cert);
+ for (i = 0; i < cert_count; i++) {
+ if (SECITEM_CompareItem(id, ids[i]) < SECEqual) {
+ int j;
+ /* Make space for the item here, move the rest of the items */
+ for (j = cert_count; j > i; j--) {
+ certs[j] = certs[j - 1];
+ cert_len[j] = cert_len[j - 1];
+ keys[j] = keys[j - 1];
+ ids[j] = ids[j - 1];
+ }
+ break;
+ }
+ }
+ certs[i] = cert->derCert.data;
+ cert_len[i] = cert->derCert.len;
+ keys[i] = vcard_emul_make_key(slot, cert);
+ ids[i] = id;
cert_count++;
CERT_DestroyCertificate(cert); /* key obj still has a reference */
}
PK11_DestroyGenericObjects(firstObj);
+ /* No longer needed */
+ for (i = 0; i < cert_count; i++) {
+ SECITEM_FreeItem(ids[i], PR_TRUE);
+ }
+ g_free(ids);
/* now create the card */
card = vcard_emul_make_card(vreader, certs, cert_len, keys, cert_count);
--
2.35.3
From 1a415a16f9d3d914e3d1f5b45d3e6b30160280c9 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 17 Jun 2022 12:36:18 +0200
Subject: [PATCH 3/3] Implement tests with second PKI object
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
tests/common.c | 42 ++++++++++++++++++++++++++++++++++------
tests/common.h | 15 +++++++-------
tests/db2.crypt | Bin 0 -> 256 bytes
tests/hwtests.c | 27 ++++++++++++++++++++++++--
tests/libcacard.c | 36 +++++++++++++++++++++++++++++++++-
tests/setup-softhsm2.sh | 2 +-
6 files changed, 105 insertions(+), 17 deletions(-)
create mode 100644 tests/db2.crypt
diff --git a/tests/common.c b/tests/common.c
index e5bc3e2..d1681f2 100644
--- a/tests/common.c
+++ b/tests/common.c
@@ -192,7 +192,7 @@ void get_properties_coid(VReader *reader, const unsigned char coid[2],
case 0x43: /* PKI properties */
g_assert_cmphex(p2[0], ==, 0x06);
- if (hw_tests) {
+ if (hw_tests && object_type == TEST_PKI) {
/* Assuming CAC card with 1024 b RSA keys */
key_bits = 1024;
} else {
@@ -248,7 +248,7 @@ void get_properties_coid(VReader *reader, const unsigned char coid[2],
g_assert_cmpint(num_objects_expected, ==, 0);
}
- if (object_type == TEST_PKI) {
+ if (object_type == TEST_PKI || object_type == TEST_PKI_2) {
g_assert_cmpint(verified_pki_properties, ==, 1);
}
@@ -307,12 +307,17 @@ void get_properties(VReader *reader, int object_type)
unsigned char coid[2];
switch (object_type) {
case TEST_PKI:
- // XXX only the first PKI for now
coid[0] = 0x01;
coid[1] = 0x00;
get_properties_coid(reader, coid, object_type);
break;
+ case TEST_PKI_2:
+ coid[0] = 0x01;
+ coid[1] = 0x01;
+ get_properties_coid(reader, coid, object_type);
+ break;
+
case TEST_CCC:
coid[0] = 0xDB;
coid[1] = 0x00;
@@ -426,6 +431,10 @@ void select_applet(VReader *reader, int type)
/* Select first PKI Applet */
0xa0, 0x00, 0x00, 0x00, 0x79, 0x01, 0x00
};
+ uint8_t selfile_pki_2[] = {
+ /* Select second PKI Applet */
+ 0xa0, 0x00, 0x00, 0x00, 0x79, 0x01, 0x01
+ };
uint8_t selfile_passthrough[] = {
/* Select Person Instance (passthrough) */
0xa0, 0x00, 0x00, 0x00, 0x79, 0x02, 0x00
@@ -442,6 +451,11 @@ void select_applet(VReader *reader, int type)
aid_len = sizeof(selfile_pki);
break;
+ case TEST_PKI_2:
+ aid = selfile_pki_2;
+ aid_len = sizeof(selfile_pki_2);
+ break;
+
case TEST_CCC:
aid = selfile_ccc;
aid_len = sizeof(selfile_ccc);
@@ -562,7 +576,7 @@ void do_sign(VReader *reader, int parts)
}
-void do_decipher(VReader *reader)
+void do_decipher(VReader *reader, int type)
{
VReaderStatus status;
int dwRecvLength = APDUBufSize;
@@ -589,14 +603,30 @@ void do_decipher(VReader *reader)
/* Read the encrypted file */
if (hw_tests) {
- filename = g_test_build_filename(G_TEST_BUILT, "01.crypt", NULL);
+ const char *name;
+ if (type == TEST_PKI) {
+ name = "01.crypt";
+ } else if (type == TEST_PKI_2) {
+ name = "02.crypt";
+ } else {
+ g_assert_not_reached();
+ }
+ filename = g_test_build_filename(G_TEST_BUILT, name, NULL);
} else {
/* Generated from existing db using:
* echo "1234567890" > data
* certutil -L -d sql:$PWD/tests/db/ -n cert1 -r > tests/db.cert
* openssl rsautl -encrypt -inkey "tests/db.cert" -keyform DER -certin -in data -out "tests/db.crypt"
*/
- filename = g_test_build_filename(G_TEST_DIST, "db.crypt", NULL);
+ const char *name;
+ if (type == TEST_PKI) {
+ name = "db.crypt";
+ } else if (type == TEST_PKI_2) {
+ name = "db2.crypt";
+ } else {
+ g_assert_not_reached();
+ }
+ filename = g_test_build_filename(G_TEST_DIST, name, NULL);
}
if (!g_file_get_contents(filename, &ciphertext, &ciphertext_len, NULL)) {
g_test_skip("The encrypted file not found");
diff --git a/tests/common.h b/tests/common.h
index db217b4..459d980 100644
--- a/tests/common.h
+++ b/tests/common.h
@@ -17,12 +17,13 @@
enum {
TEST_PKI = 1,
- TEST_CCC = 2,
- TEST_ACA = 3,
- TEST_GENERIC = 4,
- TEST_EMPTY_BUFFER = 5,
- TEST_EMPTY = 6,
- TEST_PASSTHROUGH = 7,
+ TEST_PKI_2,
+ TEST_CCC,
+ TEST_ACA,
+ TEST_GENERIC,
+ TEST_EMPTY_BUFFER,
+ TEST_EMPTY,
+ TEST_PASSTHROUGH,
};
void select_coid_good(VReader *reader, unsigned char *coid);
@@ -40,7 +41,7 @@ void read_buffer(VReader *reader, uint8_t type, int object_type);
void do_sign(VReader *reader, int parts);
-void do_decipher(VReader *reader);
+void do_decipher(VReader *reader, int type);
void test_empty_applets(void);
diff --git a/tests/hwtests.c b/tests/hwtests.c
index 3684642..2474578 100644
--- a/tests/hwtests.c
+++ b/tests/hwtests.c
@@ -256,6 +256,17 @@ static void test_sign(void)
/* test also multipart signatures */
do_sign(reader, 1);
+ /* select the second PKI */
+ select_applet(reader, TEST_PKI_2);
+
+ /* get properties to figure out the key length */
+ get_properties(reader, TEST_PKI_2);
+
+ do_sign(reader, 0);
+
+ /* test also multipart signatures */
+ do_sign(reader, 1);
+
vreader_free(reader); /* get by id ref */
}
@@ -281,7 +292,15 @@ static void test_decipher(void)
/* get properties to figure out the key length */
get_properties(reader, TEST_PKI);
- do_decipher(reader);
+ do_decipher(reader, TEST_PKI);
+
+ /* select the second PKI */
+ select_applet(reader, TEST_PKI_2);
+
+ /* get properties to figure out the key length */
+ get_properties(reader, TEST_PKI_2);
+
+ do_decipher(reader, TEST_PKI_2);
vreader_free(reader); /* get by id ref */
}
@@ -318,7 +337,7 @@ static void test_sign_bad_data_x509(void)
0x00 /* <-- [Le] */
};
int sign_len = sizeof(sign);
- int key_bits = getBits();
+ int key_bits;
g_assert_nonnull(reader);
@@ -329,6 +348,10 @@ static void test_sign_bad_data_x509(void)
return;
}
+ /* get properties to figure out the key length */
+ select_applet(reader, TEST_PKI);
+ get_properties(reader, TEST_PKI);
+
/* run the actual test */
key_bits = getBits();
diff --git a/tests/libcacard.c b/tests/libcacard.c
index 5328ace..37dedbb 100644
--- a/tests/libcacard.c
+++ b/tests/libcacard.c
@@ -515,6 +515,25 @@ static void test_cac_pki(void)
vreader_free(reader); /* get by id ref */
}
+static void test_cac_pki_2(void)
+{
+ VReader *reader = vreader_get_reader_by_id(0);
+
+ /* select the first PKI applet */
+ select_applet(reader, TEST_PKI_2);
+
+ /* get properties */
+ get_properties(reader, TEST_PKI_2);
+
+ /* get the TAG buffer length */
+ read_buffer(reader, CAC_FILE_TAG, TEST_PKI_2);
+
+ /* get the VALUE buffer length */
+ read_buffer(reader, CAC_FILE_VALUE, TEST_PKI_2);
+
+ vreader_free(reader); /* get by id ref */
+}
+
static void test_cac_ccc(void)
{
VReader *reader = vreader_get_reader_by_id(0);
@@ -579,6 +598,14 @@ static void test_sign(void)
/* test also multipart signatures */
do_sign(reader, 1);
+ /* select the second PKI */
+ select_applet(reader, TEST_PKI_2);
+
+ do_sign(reader, 0);
+
+ /* test also multipart signatures */
+ do_sign(reader, 1);
+
vreader_free(reader); /* get by id ref */
}
@@ -594,7 +621,12 @@ static void test_decipher(void)
/* select the PKI */
select_applet(reader, TEST_PKI);
- do_decipher(reader);
+ do_decipher(reader, TEST_PKI);
+
+ /* select the PKI */
+ select_applet(reader, TEST_PKI_2);
+
+ do_decipher(reader, TEST_PKI_2);
vreader_free(reader); /* get by id ref */
}
@@ -925,6 +957,7 @@ static void test_invalid_read_buffer(void)
test_invalid_read_buffer_applet(reader, TEST_CCC);
test_invalid_read_buffer_applet(reader, TEST_PKI);
+ test_invalid_read_buffer_applet(reader, TEST_PKI_2);
test_invalid_read_buffer_applet(reader, TEST_PASSTHROUGH);
test_invalid_read_buffer_applet(reader, TEST_EMPTY);
@@ -1122,6 +1155,7 @@ int main(int argc, char *argv[])
g_test_add_func("/libcacard/xfer", test_xfer);
g_test_add_func("/libcacard/select-coid", test_select_coid);
g_test_add_func("/libcacard/cac-pki", test_cac_pki);
+ g_test_add_func("/libcacard/cac-pki-2", test_cac_pki_2);
g_test_add_func("/libcacard/cac-ccc", test_cac_ccc);
g_test_add_func("/libcacard/cac-aca", test_cac_aca);
g_test_add_func("/libcacard/get-response", test_get_response);
diff --git a/tests/setup-softhsm2.sh b/tests/setup-softhsm2.sh
index c3874e5..f187191 100755
--- a/tests/setup-softhsm2.sh
+++ b/tests/setup-softhsm2.sh
@@ -111,7 +111,7 @@ if [ ! -d "tokens" ]; then
# Generate 1024b RSA Key pair
generate_cert "RSA:1024" "01" "RSA_auth"
- #generate_cert "RSA:1024" "02" "RSA_sign"
+ generate_cert "RSA:2048" "02" "RSA_sign"
fi
# NSS DB
if [ ! -d "$NSSDB" ]; then
--
2.35.3

BIN
libcacard-2.8.1.tar.xz Normal file
View File

Binary file not shown.

BIN
libcacard-2.8.1.tar.xz.sig Normal file
View File

Binary file not shown.

61
libcacard.spec
View File

@ -1,16 +1,21 @@
Name: libcacard
Version: 2.7.0
Release: 3
Epoch: 3
Summary: Common Access Card(CAC) library
Version: 2.8.1
Release: 1
Summary: CAC (Common Access Card) library
License: LGPLv2+
URL: https://gitlab.freedesktop.org/spice/libcacard
Source0: https://www.spice-space.org/download/libcacard/%{name}-%{version}.tar.xz
Source1: https://www.spice-space.org/download/libcacard/%{name}-%{version}.tar.xz.asc
Patch0: libcacard-2.7.0-caching-keys.patch
Source1: https://www.spice-space.org/download/libcacard/%{name}-%{version}.tar.xz.sig
Source2: gpgkey-A3DDE969.gpg
Source3: db2.crypt
# https://gitlab.freedesktop.org/spice/libcacard/-/merge_requests/31
Patch1: libcacard-2.8.1-sort-certificates.patch
Epoch: 41
BuildRequires: gcc glib2-devel nss-devel softhsm opensc
BuildRequires: gnutls-utils nss-tools openssl gnupg2
BuildRequires: meson gcc-c++ pcsc-lite-devel
Conflicts: qemu-common < 2:2.5.0
%description
@ -18,49 +23,55 @@ This package uses certificates read from NSS and separate pki containers to impl
DoD CAC standard so that it can provide emulation of smart cards to a virtual card
reader running in a guest virtual machine.
It implements DoD CAC standard with separate pki containers
(compatible coolkey), using certificates read from NSS.
%package devel
Summary: Provide development files for %{name}
Requires: %{name} = %{epoch}:%{version}-%{release}
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
%description devel
This package provides libraries and header files for the development of libcacard
%package_help
%prep
%autosetup -n %{name}-%{version} -p1
gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
%setup -q
%patch1 -p1
cp %{SOURCE3} tests/
%build
%configure
sed -i -e 's! -shared ! -Wl,--as-needed\0!g' libtool
%make_build
%meson
%meson_build
%check
sed -i "s!/usr/lib64/!%{_libdir}/!" tests/setup-softhsm2.sh
make check
%install
%make_install
%meson_install
%ldconfig_scriptlets
%files
%defattr(-,root,root)
%license COPYING
%doc NEWS
%{_libdir}/libcacard.so.*
%exclude %{_libdir}/*.la
%files devel
%defattr(-,root,root)
%{_includedir}/cacard/*.h
%{_includedir}/cacard
%{_libdir}/libcacard.so
%{_libdir}/pkgconfig/libcacard.pc
%files help
%defattr(-,root,root)
%doc NEWS ChangeLog README.md
%changelog
* Wed Jul 19 2023 Tianze Li <litianze@uniontech.com> - 41:2.8.1-1
- Update to upstream release
* Thu Dec 22 2022 zhouwenpei <zhouwenpei1@h-partners.com> - 41:2.8.0-2
- update epoch to 41
* Fri Jan 29 2021 zhanzhimin <zhanzhimin@huawei.com> - 3:2.8.0-1
- update to 2.8.0
* Fri Aug 21 2020 orange_snn <songnannan2@huawei.com> - 3:2.7.0-4
- delete the check
* Wed Feb 5 2020 openEuler Buildteam <buildteam@openeuler.org> - 3:2.7.0-3
- Type:enhancement
- ID:NA

4
libcacard.yaml
View File

@ -1,4 +1,4 @@
version_control: git
src_repo: https://gitlab.freedesktop.org/spice/libcacard.git
tag_prefix: ^libcacard-
seperator: .
tag_prefix: "^v"
seperator: "."