SHA256
1
0
forked from pool/openCryptoki
openCryptoki/openCryptoki.pkcsslotd
Marcus Meissner 58a54abac4 Accepting request 220960 from home:oertel:branches:security
- Updated to openCryptoki v3.1: See ChangeLog for complete details
  (FATE#315426)
  - opencryptoki-3.1
    - New ep11 token to support IBM Crypto Express adpaters
      (starting with Crypto Express 4S adapters) configured with
      Enterprise PKCS#11(EP11) firmware. (FATE#315330)
  - opencryptoki-3.0
    - New opencryptoki.conf file to replace pk_config_data and
      pkcs11_starup.  The opencryptoki.conf contains slot entry
      information for tokens.
    - Removed pkcs_slot and pkcs11_startup shell scripts.
    - ICA token supports CKM_DES_OFB64, CKM_DES_CFB8, CKM_DES_CFB6
      mechanisms using 3DES keys. (FATE#315323)
    - ICA token supports CKM_DES3_MAC and CKM_DES3_MAC_GENERAL
      mechanisms. (FATE#315323)
    - ICA token supports CKM_AES_OFB, CKM_AES_CFB8, CKM_AES_CFB64,
      CKM_AES_CFB128, CKM_AES_MAC, and CKM_AES_MAC_GENERAL
      mechanisms. (FATE#315323)
  - opencryptoki-2.4.1 (21 Feb 2012)
    - SHA256 support added for CCA token (FATE#315289)
- Using insserv macros in %post, %preun and %postun sections
- Cleaned up spec file
- removed patches:
  - ocki-2.2.6-PIN-backspace.patch
- added patches:
  - ocki-3.1-fix-implicit-decl.patch
  - ocki-3.1-remove-make-install-chgrp-chmod.patch
  - ocki-3.1-fix-init_d-path.patch

- add aarch64 to 64bit archs

OBS-URL: https://build.opensuse.org/request/show/220960
OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=13
2014-02-06 09:10:48 +00:00

154 lines
4.3 KiB
Bash

#! /bin/sh
# Copyright (c) 1995-2000 SuSE GmbH Nuernberg, Germany.
#
# Author: Jiri Smid <feedback@suse.de>
#
# /etc/init.d/pkcsslotd
#
# and symbolic its link
#
# /usr/sbin/rcpkcsslotd
#
### BEGIN INIT INFO
# Provides: pkcsslotd
# Required-Start: $remote_fs
# Required-Stop: $null
# Should-Start: z90crypt
# Should-Stop: z90crypt
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Description: Start the pkcsslotd daemon
# Short-Description: Start the pkcsslotd daemon
### END INIT INFO
. /etc/rc.status
PKCSSLOTD_PID_FILE=/var/lib/opencryptoki/.slotpid
# Check for missing binaries (stale symlinks should not happen)
PKCSSLOTD_BIN=/usr/sbin/pkcsslotd
test -x $PKCSSLOTD_BIN || exit 5
# Shell functions sourced from /etc/rc.status:
# rc_check check and set local and overall rc status
# rc_status check and set local and overall rc status
# rc_status -v ditto but be verbose in local rc status
# rc_status -v -r ditto and clear the local rc status
# rc_failed set local and overall rc status to failed
# rc_reset clear local rc status (overall remains)
# rc_exit exit appropriate to overall rc status
# Check for machine architecture
PKCS_ARCH=$(/bin/uname -m)
# First reset status of this service
rc_reset
case "$1" in
start)
case "$PKCS_ARCH" in
s390|s390x)
PKCS_MODULE="z90crypt"
;;
*)
PKCS_MODULE="leedslite"
;;
esac
lsmod | grep $PKCS_MODULE > /dev/null 2>&1 \
|| echo "$PKCS_MODULE module is not installed - PKCS#11 will not be hardware accelerated"
echo -n "Starting pkcsslotd daemon:"
# Generate the configuration information
/usr/sbin/pkcs11_startup
## Start daemon with startproc(8). If this fails
## the echo return value is set appropriate.
if [ ! -f $PKCSSLOTD_PID_FILE ]; then
# $PKCSSLOTD_PID_FILE does not exist
startproc -f $PKCSSLOTD_BIN
elif ! ps -h --pid `cat $PKCSSLOTD_PID_FILE` | grep "$PKCSSLOTD_BIN" 2>&1 >/dev/null; then
# $PKCSSLOTD_PID_FILE exists but named pid not
rm -f $PKCSSLOTD_PID_FILE
startproc -f $PKCSSLOTD_BIN
else
# just to have "failed" message
startproc $PKCSSLOTD_BIN
fi
# Remember status and be verbose
rc_status -v
;;
stop)
echo -n "Shutting down pkcsslotd daemon:"
## Stop daemon with killproc(8) and if this fails
## set echo the echo return value.
killproc -p $PKCSSLOTD_PID_FILE -TERM $PKCSSLOTD_BIN
# Remember status and be verbose
rc_status -v
;;
try-restart)
## Stop the service and if this succeeds (i.e. the
## service was running before), start it again.
$0 status >/dev/null && $0 restart
# Remember status and be quiet
rc_status
;;
restart)
## Stop the service and regardless of whether it was
## running or not, start it again.
$0 stop
$0 start
# Remember status and be quiet
rc_status
;;
force-reload)
## Signal the daemon to reload its config. Most daemons
## do this on signal 1 (SIGHUP).
## If it does not support it, restart.
echo -n "Reload service pkcsslotd"
## if it supports it:
killproc -p $PKCSSLOTD_PID_FILE -HUP $PKCSSLOTD_BIN
#touch $PKCSSLOTD_PID_FILE
rc_status -v
;;
reload)
## Like force-reload, but if daemon does not support
## signalling, do nothing (!)
# If it supports signalling:
echo -n "Reload service pkcsslotd"
killproc -p $PKCSSLOTD_PID_FILE -HUP $PKCSSLOTD_BIN
#touch $PKCSSLOTD_PID_FILE
rc_status -v
# If it does not support reload:
#exit 3
;;
status)
echo -n "Checking for service pkcsslotd: "
## Check status with checkproc(8), if process is running
## checkproc will return with exit status 0.
# Status has a slightly different for the status command:
# 0 - service running
# 1 - service dead, but /var/run/ pid file exists
# 2 - service dead, but /var/lock/ lock file exists
# 3 - service not running
# NOTE: checkproc returns LSB compliant status values.
checkproc $PKCSSLOTD_BIN
rc_status -v
;;
*)
echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload}"
exit 1
;;
esac
rc_exit