diff options
author | Peter Wu <peter@lekensteyn.nl> | 2018-12-12 14:34:00 +0100 |
---|---|---|
committer | Peter Wu <peter@lekensteyn.nl> | 2018-12-29 10:40:16 +0000 |
commit | ac58eafa3223ef40b9b60765b0b3d118f338fffc (patch) | |
tree | 8403b9749b31cd0f3a1baab3f5dac1072980f1ae /tools/debian-setup.sh | |
parent | 53d8e6dcf8c639a13f8c52a11df829b854c1b9ac (diff) |
Add support for RSA decryption using PKCS #11 tokens
Add support for loading RSA private key files from PKCS #11 tokens,
identified by PKCS #11 URIs. Add a new 'pkcs11_libs' UAT which can
dynamically load PKCS #11 provider libraries that are not found by
p11-kit.
The configuration GUI will need additional code to discover available
PKCS #11 tokens and will be added later.
This feature requires GnuTLS 3.4 with PKCS #11 support, so Windows,
macOS via Homebrew, Ubuntu 16.04, Debian Stretch. Not supported: RHEL7.
Currently macOS via official packages disables PKCS #11 support, so that
will also not work.
Change-Id: I20646bfd69c6bd13c8c2d27cb65c164a4b0b7a66
Reviewed-on: https://code.wireshark.org/review/30855
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Diffstat (limited to 'tools/debian-setup.sh')
-rwxr-xr-x | tools/debian-setup.sh | 51 |
1 files changed, 39 insertions, 12 deletions
diff --git a/tools/debian-setup.sh b/tools/debian-setup.sh index 678ddf8a2d..51b3bce8ab 100755 --- a/tools/debian-setup.sh +++ b/tools/debian-setup.sh @@ -18,6 +18,7 @@ then printf "Usage: %s [--install-optional] [--install-deb-deps] [...other options...]\\n" "$0" printf "\\t--install-optional: install optional software as well\\n" printf "\\t--install-deb-deps: install packages required to build the .deb file\\n" + printf "\\t--install-test-deps: install packages required to run all tests\\n" printf "\\t[other]: other options are passed as-is to apt\\n" exit 1 fi @@ -29,17 +30,24 @@ then exit 1 fi -for op -do - if [ "$op" = "--install-optional" ] - then - ADDITIONAL=1 - elif [ "$op" = "--install-deb-deps" ] - then - DEBDEPS=1 - else - OPTIONS="$OPTIONS $op" - fi +ADDITIONAL=0 +DEBDEPS=0 +TESTDEPS=0 +for arg; do + case $arg in + --install-optional) + ADDITIONAL=1 + ;; + --install-deb-deps) + DEBDEPS=1 + ;; + --install-test-deps) + TESTDEPS=1 + ;; + *) + OPTIONS="$OPTIONS $arg" + ;; + esac done BASIC_LIST="libglib2.0-dev \ @@ -83,6 +91,8 @@ DEBDEPS_LIST="debhelper \ libxml2-utils \ quilt" +TESTDEPS_LIST= + # Adds package $2 to list variable $1 if the package is found. # If $3 is given, then this version requirement must be satisfied. add_package() { @@ -122,7 +132,7 @@ echo "libssh-gcrypt-dev and libssh-dev are unavailable" >&2 add_package ADDITIONAL_LIST libgnutls28-dev || echo "libgnutls28-dev is unavailable" >&2 -# mmdbresolve +# Debian >= jessie-backports, Ubuntu >= 16.04 add_package ADDITIONAL_LIST libmaxminddb-dev || echo "libmaxminddb-dev is unavailable" >&2 @@ -132,6 +142,18 @@ add_package DEBDEPS_LIST libsystemd-dev || add_package DEBDEPS_LIST libsystemd-journal-dev || echo "libsystemd-dev is unavailable" +# softhsm2 2.0.0: Ubuntu 16.04 +# softhsm2 2.2.0: Debian >= jessie-backports, Ubuntu 18.04 +# softhsm2 >= 2.4.0: Debian >= buster, Ubuntu >= 18.10 +if ! add_package TESTDEPS_LIST softhsm2 '>= 2.3.0'; then + if add_package TESTDEPS_LIST softhsm2; then + # If SoftHSM 2.3.0 is unavailble, install p11tool. + TESTDEPS_LIST="$TESTDEPS_LIST gnutls-bin" + else + echo "softhsm2 is unavailable" >&2 + fi +fi + ACTUAL_LIST=$BASIC_LIST # Now arrange for optional support libraries @@ -145,6 +167,11 @@ then ACTUAL_LIST="$ACTUAL_LIST $DEBDEPS_LIST" fi +if [ $TESTDEPS ] +then + ACTUAL_LIST="$ACTUAL_LIST $TESTDEPS_LIST" +fi + apt-get update || exit 2 # shellcheck disable=SC2086 apt-get install $ACTUAL_LIST $OPTIONS || exit 2 |