Loading pkgs/misc/tpm2-pkcs11/default.nix +10 −1 Original line number Diff line number Diff line Loading @@ -2,6 +2,7 @@ , pkg-config, autoreconfHook, autoconf-archive, makeWrapper, patchelf , tpm2-tss, tpm2-tools, opensc, openssl, sqlite, python3, glibc, libyaml , abrmdSupport ? true, tpm2-abrmd ? null , fapiSupport ? true }: stdenv.mkDerivation rec { Loading @@ -15,7 +16,10 @@ stdenv.mkDerivation rec { sha256 = "sha256-SoHtgZRIYNJg4/w1MIocZAM26mkrM+UOQ+RKCh6nwCk="; }; patches = [ ./version.patch ]; patches = [ ./version.patch ./graceful-fapi-fail.patch ]; # The preConfigure phase doesn't seem to be working here # ./bootstrap MUST be executed as the first step, before all Loading @@ -25,6 +29,11 @@ stdenv.mkDerivation rec { ./bootstrap ''; configureFlags = lib.optionals (!fapiSupport) [ # Note: this will be renamed to with-fapi in next release. "--enable-fapi=no" ]; nativeBuildInputs = [ pkg-config autoreconfHook autoconf-archive makeWrapper patchelf ]; Loading pkgs/misc/tpm2-pkcs11/graceful-fapi-fail.patch 0 → 100644 +51 −0 Original line number Diff line number Diff line From 2e3e3c0b0f4e0c19e411fd46358930bf158ad3f5 Mon Sep 17 00:00:00 2001 From: Jonathan McDowell <noodles@earth.li> Date: Wed, 1 Feb 2023 09:29:58 +0000 Subject: [PATCH] Gracefully fail FAPI init when it's not compiled in Instead of emitting: WARNING: Getting tokens from fapi backend failed. errors when FAPI support is not compiled in gracefully fail the FAPI init and don't log any warnings. We'll still produce a message indicating this is what's happened in verbose mode, but normal operation no longer gets an unnecessary message. Fixes #792 Signed-off-by: Jonathan McDowell <noodles@earth.li> --- src/lib/backend.c | 4 +++- src/lib/backend_fapi.c | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/lib/backend.c b/src/lib/backend.c index ca5e2ccf..128f58b9 100644 --- a/src/lib/backend.c +++ b/src/lib/backend.c @@ -53,7 +53,9 @@ CK_RV backend_init(void) { LOGE(msg); return rv; } - LOGW(msg); + if (rv != CKR_FUNCTION_NOT_SUPPORTED) { + LOGW(msg); + } } else { fapi_init = true; } diff --git a/src/lib/backend_fapi.c b/src/lib/backend_fapi.c index fe594f0e..3a203632 100644 --- a/src/lib/backend_fapi.c +++ b/src/lib/backend_fapi.c @@ -977,7 +977,8 @@ CK_RV backend_fapi_token_changeauth(token *tok, bool user, twist toldpin, twist CK_RV backend_fapi_init(void) { - return CKR_OK; + LOGV("FAPI not enabled, failing init"); + return CKR_FUNCTION_NOT_SUPPORTED; } CK_RV backend_fapi_destroy(void) { Loading
pkgs/misc/tpm2-pkcs11/default.nix +10 −1 Original line number Diff line number Diff line Loading @@ -2,6 +2,7 @@ , pkg-config, autoreconfHook, autoconf-archive, makeWrapper, patchelf , tpm2-tss, tpm2-tools, opensc, openssl, sqlite, python3, glibc, libyaml , abrmdSupport ? true, tpm2-abrmd ? null , fapiSupport ? true }: stdenv.mkDerivation rec { Loading @@ -15,7 +16,10 @@ stdenv.mkDerivation rec { sha256 = "sha256-SoHtgZRIYNJg4/w1MIocZAM26mkrM+UOQ+RKCh6nwCk="; }; patches = [ ./version.patch ]; patches = [ ./version.patch ./graceful-fapi-fail.patch ]; # The preConfigure phase doesn't seem to be working here # ./bootstrap MUST be executed as the first step, before all Loading @@ -25,6 +29,11 @@ stdenv.mkDerivation rec { ./bootstrap ''; configureFlags = lib.optionals (!fapiSupport) [ # Note: this will be renamed to with-fapi in next release. "--enable-fapi=no" ]; nativeBuildInputs = [ pkg-config autoreconfHook autoconf-archive makeWrapper patchelf ]; Loading
pkgs/misc/tpm2-pkcs11/graceful-fapi-fail.patch 0 → 100644 +51 −0 Original line number Diff line number Diff line From 2e3e3c0b0f4e0c19e411fd46358930bf158ad3f5 Mon Sep 17 00:00:00 2001 From: Jonathan McDowell <noodles@earth.li> Date: Wed, 1 Feb 2023 09:29:58 +0000 Subject: [PATCH] Gracefully fail FAPI init when it's not compiled in Instead of emitting: WARNING: Getting tokens from fapi backend failed. errors when FAPI support is not compiled in gracefully fail the FAPI init and don't log any warnings. We'll still produce a message indicating this is what's happened in verbose mode, but normal operation no longer gets an unnecessary message. Fixes #792 Signed-off-by: Jonathan McDowell <noodles@earth.li> --- src/lib/backend.c | 4 +++- src/lib/backend_fapi.c | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/lib/backend.c b/src/lib/backend.c index ca5e2ccf..128f58b9 100644 --- a/src/lib/backend.c +++ b/src/lib/backend.c @@ -53,7 +53,9 @@ CK_RV backend_init(void) { LOGE(msg); return rv; } - LOGW(msg); + if (rv != CKR_FUNCTION_NOT_SUPPORTED) { + LOGW(msg); + } } else { fapi_init = true; } diff --git a/src/lib/backend_fapi.c b/src/lib/backend_fapi.c index fe594f0e..3a203632 100644 --- a/src/lib/backend_fapi.c +++ b/src/lib/backend_fapi.c @@ -977,7 +977,8 @@ CK_RV backend_fapi_token_changeauth(token *tok, bool user, twist toldpin, twist CK_RV backend_fapi_init(void) { - return CKR_OK; + LOGV("FAPI not enabled, failing init"); + return CKR_FUNCTION_NOT_SUPPORTED; } CK_RV backend_fapi_destroy(void) {
