Marcus Meissner
58a54abac4
- Updated to openCryptoki v3.1: See ChangeLog for complete details (FATE#315426) - opencryptoki-3.1 - New ep11 token to support IBM Crypto Express adpaters (starting with Crypto Express 4S adapters) configured with Enterprise PKCS#11(EP11) firmware. (FATE#315330) - opencryptoki-3.0 - New opencryptoki.conf file to replace pk_config_data and pkcs11_starup. The opencryptoki.conf contains slot entry information for tokens. - Removed pkcs_slot and pkcs11_startup shell scripts. - ICA token supports CKM_DES_OFB64, CKM_DES_CFB8, CKM_DES_CFB6 mechanisms using 3DES keys. (FATE#315323) - ICA token supports CKM_DES3_MAC and CKM_DES3_MAC_GENERAL mechanisms. (FATE#315323) - ICA token supports CKM_AES_OFB, CKM_AES_CFB8, CKM_AES_CFB64, CKM_AES_CFB128, CKM_AES_MAC, and CKM_AES_MAC_GENERAL mechanisms. (FATE#315323) - opencryptoki-2.4.1 (21 Feb 2012) - SHA256 support added for CCA token (FATE#315289) - Using insserv macros in %post, %preun and %postun sections - Cleaned up spec file - removed patches: - ocki-2.2.6-PIN-backspace.patch - added patches: - ocki-3.1-fix-implicit-decl.patch - ocki-3.1-remove-make-install-chgrp-chmod.patch - ocki-3.1-fix-init_d-path.patch - add aarch64 to 64bit archs OBS-URL: https://build.opensuse.org/request/show/220960 OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=13
154 lines
4.3 KiB
Bash
154 lines
4.3 KiB
Bash
#! /bin/sh
|
|
# Copyright (c) 1995-2000 SuSE GmbH Nuernberg, Germany.
|
|
#
|
|
# Author: Jiri Smid <feedback@suse.de>
|
|
#
|
|
# /etc/init.d/pkcsslotd
|
|
#
|
|
# and symbolic its link
|
|
#
|
|
# /usr/sbin/rcpkcsslotd
|
|
#
|
|
### BEGIN INIT INFO
|
|
# Provides: pkcsslotd
|
|
# Required-Start: $remote_fs
|
|
# Required-Stop: $null
|
|
# Should-Start: z90crypt
|
|
# Should-Stop: z90crypt
|
|
# Default-Start: 3 5
|
|
# Default-Stop: 0 1 2 6
|
|
# Description: Start the pkcsslotd daemon
|
|
# Short-Description: Start the pkcsslotd daemon
|
|
### END INIT INFO
|
|
|
|
. /etc/rc.status
|
|
|
|
PKCSSLOTD_PID_FILE=/var/lib/opencryptoki/.slotpid
|
|
# Check for missing binaries (stale symlinks should not happen)
|
|
PKCSSLOTD_BIN=/usr/sbin/pkcsslotd
|
|
test -x $PKCSSLOTD_BIN || exit 5
|
|
|
|
# Shell functions sourced from /etc/rc.status:
|
|
# rc_check check and set local and overall rc status
|
|
# rc_status check and set local and overall rc status
|
|
# rc_status -v ditto but be verbose in local rc status
|
|
# rc_status -v -r ditto and clear the local rc status
|
|
# rc_failed set local and overall rc status to failed
|
|
# rc_reset clear local rc status (overall remains)
|
|
# rc_exit exit appropriate to overall rc status
|
|
|
|
# Check for machine architecture
|
|
PKCS_ARCH=$(/bin/uname -m)
|
|
|
|
# First reset status of this service
|
|
rc_reset
|
|
case "$1" in
|
|
start)
|
|
case "$PKCS_ARCH" in
|
|
s390|s390x)
|
|
PKCS_MODULE="z90crypt"
|
|
;;
|
|
*)
|
|
PKCS_MODULE="leedslite"
|
|
;;
|
|
esac
|
|
lsmod | grep $PKCS_MODULE > /dev/null 2>&1 \
|
|
|| echo "$PKCS_MODULE module is not installed - PKCS#11 will not be hardware accelerated"
|
|
|
|
echo -n "Starting pkcsslotd daemon:"
|
|
|
|
# Generate the configuration information
|
|
/usr/sbin/pkcs11_startup
|
|
|
|
## Start daemon with startproc(8). If this fails
|
|
## the echo return value is set appropriate.
|
|
|
|
if [ ! -f $PKCSSLOTD_PID_FILE ]; then
|
|
# $PKCSSLOTD_PID_FILE does not exist
|
|
startproc -f $PKCSSLOTD_BIN
|
|
elif ! ps -h --pid `cat $PKCSSLOTD_PID_FILE` | grep "$PKCSSLOTD_BIN" 2>&1 >/dev/null; then
|
|
# $PKCSSLOTD_PID_FILE exists but named pid not
|
|
rm -f $PKCSSLOTD_PID_FILE
|
|
startproc -f $PKCSSLOTD_BIN
|
|
else
|
|
# just to have "failed" message
|
|
startproc $PKCSSLOTD_BIN
|
|
fi
|
|
|
|
# Remember status and be verbose
|
|
rc_status -v
|
|
;;
|
|
stop)
|
|
echo -n "Shutting down pkcsslotd daemon:"
|
|
## Stop daemon with killproc(8) and if this fails
|
|
## set echo the echo return value.
|
|
|
|
killproc -p $PKCSSLOTD_PID_FILE -TERM $PKCSSLOTD_BIN
|
|
|
|
# Remember status and be verbose
|
|
rc_status -v
|
|
;;
|
|
try-restart)
|
|
## Stop the service and if this succeeds (i.e. the
|
|
## service was running before), start it again.
|
|
$0 status >/dev/null && $0 restart
|
|
|
|
# Remember status and be quiet
|
|
rc_status
|
|
;;
|
|
restart)
|
|
## Stop the service and regardless of whether it was
|
|
## running or not, start it again.
|
|
$0 stop
|
|
$0 start
|
|
|
|
# Remember status and be quiet
|
|
rc_status
|
|
;;
|
|
force-reload)
|
|
## Signal the daemon to reload its config. Most daemons
|
|
## do this on signal 1 (SIGHUP).
|
|
## If it does not support it, restart.
|
|
|
|
echo -n "Reload service pkcsslotd"
|
|
## if it supports it:
|
|
killproc -p $PKCSSLOTD_PID_FILE -HUP $PKCSSLOTD_BIN
|
|
#touch $PKCSSLOTD_PID_FILE
|
|
rc_status -v
|
|
|
|
;;
|
|
reload)
|
|
## Like force-reload, but if daemon does not support
|
|
## signalling, do nothing (!)
|
|
|
|
# If it supports signalling:
|
|
echo -n "Reload service pkcsslotd"
|
|
killproc -p $PKCSSLOTD_PID_FILE -HUP $PKCSSLOTD_BIN
|
|
#touch $PKCSSLOTD_PID_FILE
|
|
rc_status -v
|
|
|
|
# If it does not support reload:
|
|
#exit 3
|
|
;;
|
|
status)
|
|
echo -n "Checking for service pkcsslotd: "
|
|
## Check status with checkproc(8), if process is running
|
|
## checkproc will return with exit status 0.
|
|
|
|
# Status has a slightly different for the status command:
|
|
# 0 - service running
|
|
# 1 - service dead, but /var/run/ pid file exists
|
|
# 2 - service dead, but /var/lock/ lock file exists
|
|
# 3 - service not running
|
|
|
|
# NOTE: checkproc returns LSB compliant status values.
|
|
checkproc $PKCSSLOTD_BIN
|
|
rc_status -v
|
|
;;
|
|
*)
|
|
echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload}"
|
|
exit 1
|
|
;;
|
|
esac
|
|
rc_exit
|