[Bug 1982842] Re: [22.10 FEAT] [SEC2209] openCryptoki: PKCS #11 3.1 - support CKA_DERIVE_TEMPLATE
Frank Heimes
1982842 at bugs.launchpad.net
Wed Aug 17 16:40:42 UTC 2022
Ok, so that is what I did to solve this:
I created the following quilt patch:
lp-1982842-move-pkcs11-group-assigment-from-makefile-to-postinst.patch
that removes " -g pkcs11" for p11sak_defined_attrs.conf and strength.conf from Makefile.am
and does the pkcs11 group assinment instead in the postinst script:
In addition I've added "/etc/opencryptoki/p11sak_defined_attrs.conf"
and "/etc/opencryptoki/strength.conf" to the debian/opencryptoki.install(.s390x) file(s)
to get them incl. in the packages.
The changelog was expanded with:
- Assign pkcs11 group to p11sak_defined_attrs.conf and strength.conf
in debian/opencryptoki.postinst rather than of Makefile.am
to solve "invalid group ‘pkcs11’" issues during build.
Also extend debian/opencryptoki.install and
debian/opencryptoki.install.s390x to pick up
/etc/opencryptoki/p11sak_defined_attrs.conf and
/etc/opencryptoki/strength.conf.
I did a PPA test build (on all major architectures):
https://launchpad.net/~fheimes/+archive/ubuntu/lp1982842-2nd
and also a package install test (amd64 and s390x).
Looks like this on a target system:
# ls -l /etc/opencryptoki/
total 12
-rw-r--r-- 1 root root 773 Aug 15 10:29 opencryptoki.conf
-rw-r--r-- 1 root pkcs11 584 Aug 15 10:29 p11sak_defined_attrs.conf
-rw-r--r-- 1 root pkcs11 866 Aug 15 10:29 strength.conf
Please see attached the updated / new debdiff.
** Patch added: "new_debdiff_opencryptoki_kinetic_from_3.17.0+dfsg+20220202.b40982e-0ubuntu2_to_3.18.0+dfsg-0ubuntu1.diff"
https://bugs.launchpad.net/ubuntu/+source/opencryptoki/+bug/1982842/+attachment/5609367/+files/new_debdiff_opencryptoki_kinetic_from_3.17.0+dfsg+20220202.b40982e-0ubuntu2_to_3.18.0+dfsg-0ubuntu1.diff
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1982842
Title:
[22.10 FEAT] [SEC2209] openCryptoki: PKCS #11 3.1 - support
CKA_DERIVE_TEMPLATE
Status in Ubuntu on IBM z Systems:
In Progress
Status in opencryptoki package in Ubuntu:
In Progress
Bug description:
Support the new attribute CKA_DERIVE_TEMPLATE introduced with PKCS #11
v 3.1
Upstream Target: openCryptoki 3.18.0
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1982842/+subscriptions
More information about the Ubuntu-sponsors
mailing list