bin/fix_pkcs11_token.sh - Issue 3107031: entd: Restart on token init failure

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: bin/fix_pkcs11_token.sh

Issue 3107031: entd: Restart on token init failure (Closed) Base URL: http://src.chromium.org/git/entd.git

Patch Set: Created 10 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 #!/bin/sh

	2

	3 if [ -z "$1" ]; then

	4 USERNAME="chronos"

	5 else

	6 USERNAME="$1"

	7 fi

	8

	9 PKCS11_GROUP="pkcs11"

	10

	11 OPENCRYPTOKI_DIR="/var/lib/opencryptoki"

	12 USER_TOKEN_LINK="$OPENCRYPTOKI_DIR/tpm/$USERNAME"

	13 ROOT_TOKEN_LINK="$OPENCRYPTOKI_DIR/tpm/root"

	14

	15 USER_TOKEN_DIR="/home/$USERNAME/user/.tpm"

	16

	17 if [ -e "$USER_TOKEN_DIR/PUBLIC_ROOT_KEY.pem" -a \

	18 ! -e "$USER_TOKEN_DIR/PRIVATE_ROOT_KEY.pem" ]; then

	19 # A token with a public key but no private key is a sign that

	20 # initialization timed out. The only way to recover seems to be to wipe

	21 # out the whole token and try again.

	22 logger "PKCS#11 token appears to be broken, deleting: $USER_TOKEN_DIR/*"

	23 rm -rf $USER_TOKEN_DIR/*
	Chris Masone 2010/08/23 23:56:28 perhaps "$USER_TOKEN_DIR"/* to be as consistent a perhaps "$USER_TOKEN_DIR"/* to be as consistent as you can?
	24 fi

	25

	26 # Ensure the directories exist

	27 mkdir -p "$OPENCRYPTOKI_DIR/tpm"

	28 chown -R "root:$PKCS11_GROUP" "$OPENCRYPTOKI_DIR"

	29

	30 # Ensure that they point to the user volume

	31 [ -L "$USER_TOKEN_LINK" ] \|\| \

	32 ln -sf "$USER_TOKEN_DIR" "$USER_TOKEN_LINK"

	33 [ -L "$ROOT_TOKEN_LINK" ] \|\| \

	34 ln -sf "./$USERNAME" "$ROOT_TOKEN_LINK"

	35

	36 # Always remove the old token entry.

	37 rm -f /var/lib/opencryptoki/pk_config_data

	38

	39 # Creating this directory because if it's not there, token initialization

	40 # will neither create it nor populate it.

	41 mkdir -p "$USER_TOKEN_DIR/TOK_OBJ"

	42

	43 # Configure the tpm as a token

	44 pkcs_slot 0 tpm

	45

	46 # Make sure the user can access their own data

	47 chown -R "$USERNAME:$PKCS11_GROUP" "$USER_TOKEN_DIR"

OLD	NEW

« no previous file with comments | « base_policy/policy-utils.js ('k') | reference_extension/client.js » ('j') | no next file with comments »