Package init

2019-09-30 10:56:50 -04:00 · 2019-09-30 10:56:50 -04:00 · f41f1db20f
commit f41f1db20f
4 changed files with 227 additions and 0 deletions
--- a/libkcapi-1.1.1-lib_Fix_kcapi_handle_destroy_closing_FD_0.patch
+++ b/libkcapi-1.1.1-lib_Fix_kcapi_handle_destroy_closing_FD_0.patch
@ -0,0 +1,33 @@
 From b2e9360dab74de1ffcb8527610e88b0da87c701e Mon Sep 17 00:00:00 2001
 From: Ondrej Mosnacek <omosnace@redhat.com>
 Date: Mon, 30 Jul 2018 17:17:59 +0200
 Subject: [PATCH] lib: Fix _kcapi_handle_destroy() closing FD 0
 The kcapi_handle structure is initialized with zeroes at allocation.
 However, since it contains several file descriptor variables, it may
 happen that _kcapi_handle_destroy() is executed while some of these are
 set to 0, causing an unwanted call to close(0).
 This patch prevents it by initializing all FD variables to -1 right
 after handle allocation.
 ---
 lib/kcapi-kernel-if.c | 6 ++++++
 1 file changed, 6 insertions(+)
 diff --git a/lib/kcapi-kernel-if.c b/lib/kcapi-kernel-if.c
 index 595ce68..dfa94b4 100644
 --- a/lib/kcapi-kernel-if.c
 +++ b/lib/kcapi-kernel-if.c
@@ -1146,6 +1146,12 @@ int _kcapi_handle_init(struct kcapi_handle **caller, const char *type,
 	handle->tfm = tfm;
 +	/* Initialize all fd vars to -1 to avoid unwanted close(0) */
 +	handle->pipes[0] = -1;
 +	handle->pipes[1] = -1;
 +	handle->opfd = -1;
 +	handle->aio.efd = -1;
 +
 	ret = _kcapi_handle_init_tfm(handle, type, ciphername);
 	if (ret)
 		goto err;
--- a/libkcapi-1.1.5.tar.xz
+++ b/libkcapi-1.1.5.tar.xz
--- a/libkcapi-1.1.5.tar.xz.asc
+++ b/libkcapi-1.1.5.tar.xz.asc
@ -0,0 +1,11 @@
 -----BEGIN PGP SIGNATURE-----
 iQEzBAABCAAdFiEEO8xD1NLIfReEtp7kQh7pNjJqwVsFAl1BSvEACgkQQh7pNjJq
 wVtOogf/UzYn7DUB4x0QQxODtaVbXrZ5FfFWDpKJxCVXWI64VK1kF6SSm+qD305h
 Dj0lA7+TpIKhwKlc4kofaLjW/yeUPEoZCBjFSTeLc+A/7XP5m1Xqnz6fuH2lZwRK
 o1p8ICPj9bOW9rj2K59pdHVTdXW1fj5sJOi25n9fLf5PcaPMxoawHG4l18tp7qNd
 XXrqcfeSe+IF3Z4MJQee4lnsQE37wOJC8lanNDMXs7XZJ4RGUrJWfMWzVhVbh+D4
 n6Ow6H0ZaJDUksSh6faKBwAlo+c9J2CRe80+EIiAcYCKzQOH6ylnhdU1qKVD/kNK
 7XMwTY3intV9FP3mhM/RPSLSOw7NLA==
 =UN86
 -----END PGP SIGNATURE-----
--- a/libkcapi.spec
+++ b/libkcapi.spec
@ -0,0 +1,183 @@
 %global sysctl_prio       50
 %global sysctl_optmem_max 81920
 %global distroname_ext    %{_vendor}
 Name:           libkcapi
 Version:        1.1.5
 Release:        1
 Summary:        libkcapi - Linux Kernel Crypto API User Space Interface Library
 License:        BSD or GPLv2
 URL:            http://www.chronox.de/%{name}.html
 Source0:        http://www.chronox.de/%{name}/%{name}-%{version}.tar.xz
 Source1:        http://www.chronox.de/%{name}/%{name}-%{version}.tar.xz.asc
 Patch0:       libkcapi-1.1.1-lib_Fix_kcapi_handle_destroy_closing_FD_0.patch
 BuildRequires:  clang coreutils cppcheck docbook-utils-pdf gcc git hardlink
 BuildRequires:  libtool openssl perl systemd xmlto  kernel-headers >= 4.10.0
 Requires:       systemd
 Obsoletes:      %{name}-replacements <= %{version}-%{release}
 Obsoletes:      %{name}-tools
 Provides:       %{name}-tools
 %description
 The Linux kernel exports a Netlink interface of type AF_ALG to allow user space to utilize the kernel crypto API.
 libkcapi uses this Netlink interface and exports easy to use APIs so that a developer does not need to consider the low-level Netlink interface handling.
 The library does not implement any cipher algorithms. All consumer requests are sent to the kernel for processing.
 Results from the kernel crypto API are returned to the consumer via the library API.
 %package        devel
 Summary:        Development files for the %{name} package
 Requires:       %{name} == %{version}-%{release}
 Requires:       coreutils
 Requires:       openssl
 Requires:       perl
 Obsoletes:      hmaccalc          <= 0.9.14-10
 Provides:       hmaccalc          == 0.9.14-10.1
 Obsoletes:      %{name}-hmaccalc
 Provides:       %{name}-hmaccalc
 Obsoletes:      %{name}-static
 Provides:       %{name}-static
 Obsoletes:      %{name}-tests
 Provides:       %{name}-tests
 %description    devel
 Header files for applications that use %{name}.
 %package_help
 %prep
 %autosetup -p 1 -S git
 cat << EOF > README.%{distroname_ext}
 This package increases the default limit of the ancillary buffer size
 per kernel socket defined in \`net.core.optmem_max\` to %{sysctl_optmem_max} bytes.
 For this preset to become active it requires a reboot after the
 installation of this package.  You can also manually increase this
 limit by invocing \`sysctl net.core.optmem_max=%{sysctl_optmem_max}\` as the
 super-user, e.g. using \`su\` or \`sudo\` on the terminal.
 This is done to provide consumers of the new Linux Kernel Crypto API
 User Space Interface a well sufficient and reasonable maximum limit
 by default, especially when using AIO with a larger amount of IOVECs.
 For further information about the AF_ALG kernel socket and AIO, see
 the discussion at the kernel-crypto mailing-list:
 https://www.mail-archive.com/linux-crypto@vger.kernel.org/msg30417.html
 See the instructions given in '%{_sysctldir}/50-default.conf',
 if you need or want to override the preset made by this package.
 EOF
 cat << EOF > %{sysctl_prio}-%{name}-optmem_max.conf
 # See the 'README.%{distroname_ext}' file shipped in %%doc
 # with the %{name} package.
 #
 # See '%{_sysctldir}/50-default.conf',
 # if you need or want to override this preset.
 # Increase the ancillary buffer size per socket.
 net.core.optmem_max = %{sysctl_optmem_max}
 EOF
 %{_bindir}/autoreconf -fiv
 %build
 %configure               \
  --libdir=/%{_lib}      \
  --disable-silent-rules \
  --enable-kcapi-encapp  \
  --enable-kcapi-dgstapp \
  --enable-kcapi-hasher  \
  --enable-kcapi-rngapp  \
  --enable-kcapi-speed   \
  --enable-kcapi-test    \
  --enable-shared        \
  --enable-static        \
  --enable-sum-prefix=   \
  --enable-sum-dir=/%{_lib} \
  --with-pkgconfigdir=%{_libdir}/pkgconfig
 %make_build all doc
 %install
 %make_install
 # Install sysctl.d preset.
 mkdir -p %{buildroot}%{_sysctldir}
 install -Dpm 0644 -t %{buildroot}%{_sysctldir} %{sysctl_prio}-%{name}-optmem_max.conf
 # Install into proper location for inclusion by %%doc.
 mkdir -p %{buildroot}%{_pkgdocdir}
 install -Dpm 0644 -t %{buildroot}%{_pkgdocdir} README.%{distroname_ext}  README.md CHANGES.md TODO doc/%{name}.p{df,s}
 cp -pr lib/doc/html %{buildroot}%{_pkgdocdir}
 # Install replacement tools, if enabled.
 rm -f %{buildroot}%{_bindir}/md5sum       \
      %{buildroot}%{_bindir}/sha*sum      \
      %{buildroot}%{_bindir}/fips*
 find %{buildroot} -type f -name '*.la' -print -delete
 find %{buildroot} -type f -name '*.hmac' -print -delete
 find %{buildroot} -type f -size 0 -print -delete
 find %{buildroot}%{_pkgdocdir} -type f -print | xargs %{__chmod} -c 0644
 find %{buildroot}%{_pkgdocdir} -type d -print | xargs %{__chmod} -c 0755
 for d in %{_mandir} %{_pkgdocdir}; do
  %{_sbindir}/hardlink -cfv %{buildroot}$d
 done
 %ldconfig_scriptlets
 bin/kcapi-hasher -n sha512hmac %{buildroot}%{_bindir}/sha1hmac   | cut -f 1 -d ' ' > %{buildroot}/%{_lib}/hmaccalc/sha1hmac.hmac
 bin/kcapi-hasher -n sha512hmac %{buildroot}%{_bindir}/sha224hmac | cut -f 1 -d ' ' > %{buildroot}/%{_lib}/hmaccalc/sha224hmac.hmac
 bin/kcapi-hasher -n sha512hmac %{buildroot}%{_bindir}/sha256hmac | cut -f 1 -d ' ' > %{buildroot}/%{_lib}/hmaccalc/sha256hmac.hmac
 bin/kcapi-hasher -n sha512hmac %{buildroot}%{_bindir}/sha384hmac | cut -f 1 -d ' ' > %{buildroot}/%{_lib}/hmaccalc/sha384hmac.hmac
 bin/kcapi-hasher -n sha512hmac %{buildroot}%{_bindir}/sha512hmac | cut -f 1 -d ' ' > %{buildroot}/%{_lib}/hmaccalc/sha512hmac.hmac
 %{_sbindir}/hardlink -cfv %{buildroot}%{_bindir}
 bin/kcapi-hasher -n fipshmac -d %{buildroot}/%{_lib}/fipscheck   %{buildroot}/%{_lib}/libkcapi.so.%{version} || exit 1
 ln -s libkcapi.so.%{version}.hmac    %{buildroot}/%{_lib}/fipscheck/libkcapi.so.1.hmac
 %check
 %files
 %doc %dir %{_pkgdocdir}
 %doc %{_pkgdocdir}/README.md
 %license COPYING*
 /%{_lib}/%{name}.so.*
 /%{_lib}/fipscheck/%{name}.so.*
 %doc %{_pkgdocdir}/README.%{distroname_ext}
 %{_sysctldir}/%{sysctl_prio}-%{name}-optmem_max.conf
 %{_bindir}/kcapi*
 %files          devel
 %doc %{_pkgdocdir}/CHANGES.md
 %doc %{_pkgdocdir}/TODO
 %{_includedir}/kcapi.h
 /%{_lib}/%{name}.so
 %{_libdir}/pkgconfig/%{name}.pc
 %{_bindir}/sha*hmac
 /%{_lib}/hmaccalc/sha*hmac.hmac
 /%{_lib}/%{name}.a
 %{_libexecdir}/%{name}/*
 %files          help
 %doc %{_pkgdocdir}
 %{_mandir}/man1/kcapi*.1.*
 %{_mandir}/man3/kcapi_*.3.*
 %changelog
 * Tue Sep 3 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.1.5-1
 - Package init