[arch-commits] Commit in (4 files)

Massimiliano Torromeo mtorromeo at archlinux.org
Wed May 20 07:49:03 UTC 2020


    Date: Wednesday, May 20, 2020 @ 07:49:02
  Author: mtorromeo
Revision: 630373

Added softhsm as checkdepends for sssd

Added:
  softhsm/
  softhsm/trunk/
  softhsm/trunk/PKGBUILD
  softhsm/trunk/softhsm-2.6.1-rh1831086-exit.patch

------------------------------------+
 PKGBUILD                           |   58 ++++++++++++++++++++++++++++
 softhsm-2.6.1-rh1831086-exit.patch |   72 +++++++++++++++++++++++++++++++++++
 2 files changed, 130 insertions(+)

Added: softhsm/trunk/PKGBUILD
===================================================================
--- softhsm/trunk/PKGBUILD	                        (rev 0)
+++ softhsm/trunk/PKGBUILD	2020-05-20 07:49:02 UTC (rev 630373)
@@ -0,0 +1,58 @@
+# Maintainer: Massimiliano Torromeo <massimiliano.torromeo at gmail.com>
+# Contributor: Javier Torres <javitonino [at] gmail [dot] com>
+
+pkgname=softhsm
+pkgver=2.6.1
+pkgrel=1
+pkgdesc="Software PKCS#11 store"
+arch=('x86_64')
+url="https://www.opendnssec.org/softhsm/"
+license=('BSD')
+depends=('botan' 'sqlite3' 'openssl' 'p11-kit')
+checkdepends=('cppunit')
+backup=("etc/softhsm2.conf")
+options=(!libtool)
+source=("https://dist.opendnssec.org/source/$pkgname-$pkgver.tar.gz"{,.sig}
+        "softhsm-2.6.1-rh1831086-exit.patch")
+sha256sums=('61249473054bcd1811519ef9a989a880a7bdcc36d317c9c25457fc614df475f2'
+            'SKIP'
+            '163338a73ab1bcc475e07b96f054d3c8f67ac9d2637b8f74ddaa97aa6b4171e1')
+validpgpkeys=('4D0388CE86BB398B387B663041F623BE4FCB0B94')
+
+build() {
+  cd "$srcdir/$pkgname-$pkgver"
+  patch -p1 -i "$srcdir/softhsm-2.6.1-rh1831086-exit.patch"
+  sed -i 's:^full_libdir=":#full_libdir=":g' configure.ac
+  sed -i "s:libdir)/@PACKAGE@:libdir):" Makefile.in
+  autoreconf -vfi
+  ./configure \
+    --prefix=/usr \
+    --libdir=/usr/lib/pkcs11 \
+    --datarootdir=/usr/share \
+    --localstatedir=/var \
+    --sysconfdir=/etc \
+    --with-p11-kit=/usr/share/p11-kit/modules/ \
+    --with-migrate \
+    --enable-visibility \
+    --enable-ecc \
+    --enable-eddsa \
+    --disable-gost
+  make
+}
+
+check() {
+  cd "$srcdir/$pkgname-$pkgver"
+  make check
+}
+
+package() {
+  cd "$srcdir/$pkgname-$pkgver"
+  make DESTDIR="$pkgdir/" install
+  install -Dm0644 "LICENSE" "$pkgdir/usr/share/licenses/softhsm/LICENSE"
+  rm "$pkgdir/etc/softhsm2.conf.sample"
+
+  cd "$pkgdir/usr/lib"
+  install -dm0755 softhsm
+  ln -s pkcs11/libsofthsm2.so softhsm/
+  ln -s pkcs11/libsofthsm2.so
+}

Added: softhsm/trunk/softhsm-2.6.1-rh1831086-exit.patch
===================================================================
--- softhsm/trunk/softhsm-2.6.1-rh1831086-exit.patch	                        (rev 0)
+++ softhsm/trunk/softhsm-2.6.1-rh1831086-exit.patch	2020-05-20 07:49:02 UTC (rev 630373)
@@ -0,0 +1,72 @@
+diff --git a/src/lib/crypto/OSSLCryptoFactory.cpp b/src/lib/crypto/OSSLCryptoFactory.cpp
+index 32daca2..ace4bcb 100644
+--- a/src/lib/crypto/OSSLCryptoFactory.cpp
++++ b/src/lib/crypto/OSSLCryptoFactory.cpp
+@@ -226,31 +226,49 @@ err:
+ // Destructor
+ OSSLCryptoFactory::~OSSLCryptoFactory()
+ {
+-#ifdef WITH_GOST
+-	// Finish the GOST engine
+-	if (eg != NULL)
++	bool ossl_shutdown = false;
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++	// OpenSSL 1.1.0+ will register an atexit() handler to run
++	// OPENSSL_cleanup(). If that has already happened we must
++	// not attempt to free any ENGINEs because they'll already
++	// have been destroyed and the use-after-free would cause
++	// a deadlock or crash.
++	//
++	// Detect that situation because reinitialisation will fail
++	// after OPENSSL_cleanup() has run.
++	(void)ERR_set_mark();
++	ossl_shutdown = !OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_RDRAND, NULL);
++	(void)ERR_pop_to_mark();
++#endif
++	if (!ossl_shutdown)
+ 	{
+-		ENGINE_finish(eg);
+-		ENGINE_free(eg);
+-		eg = NULL;
+-	}
++#ifdef WITH_GOST
++		// Finish the GOST engine
++		if (eg != NULL)
++		{
++			ENGINE_finish(eg);
++			ENGINE_free(eg);
++			eg = NULL;
++		}
+ #endif
+ 
+-	// Finish the rd_rand engine
+-	ENGINE_finish(rdrand_engine);
+-	ENGINE_free(rdrand_engine);
+-	rdrand_engine = NULL;
++		// Finish the rd_rand engine
++		ENGINE_finish(rdrand_engine);
++		ENGINE_free(rdrand_engine);
++		rdrand_engine = NULL;
+ 
++		// Recycle locks
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++		if (setLockingCallback)
++		{
++			CRYPTO_set_locking_callback(NULL);
++		}
++#endif
++	}
+ 	// Destroy the one-and-only RNG
+ 	delete rng;
+ 
+-	// Recycle locks
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+-	if (setLockingCallback)
+-	{
+-		CRYPTO_set_locking_callback(NULL);
+-	}
+-#endif
+ 	for (unsigned i = 0; i < nlocks; i++)
+ 	{
+ 		MutexFactory::i()->recycleMutex(locks[i]);


More information about the arch-commits mailing list