From d37cb410c8bb1545be1b992cd9127424e5fa680b Mon Sep 17 00:00:00 2001 From: Oscar Reparaz Date: Mon, 12 Oct 2020 21:23:17 -0700 Subject: [PATCH 1/3] live: update nCipher security world to 12.60.11 nCipher released the Security World Software version 12.60.11 on 2020-07-02 as GA release. This change builds the live image with SecWorld_Lin64-12.60.11.iso and Codesafe_Lin64-12.63.0.iso. Tested with a test transaction. --- live-usb-creator/README.md | 8 ++-- live-usb-creator/bootstrap.sh | 5 +- .../install_scripts/0_post_install_nochroot | 46 +++++++++---------- 3 files changed, 29 insertions(+), 30 deletions(-) diff --git a/live-usb-creator/README.md b/live-usb-creator/README.md index 7f64711b..1a98f4b7 100644 --- a/live-usb-creator/README.md +++ b/live-usb-creator/README.md @@ -9,15 +9,17 @@ Three dependencies need to be fetched out-of-band. Set the following files in place in the same directory as the `Vagrantfile`. -* CodeSafe-linux64-dev-12.50.2.iso (2.6GB): supplied by the HSM vendor. +* SecWorld_Lin64-12.60.11.iso (316M): supplied by the HSM vendor +* Codesafe_Lin64-12.63.0.iso (281M): supplied by the HSM vendor. * CentOS-7-x86_64-Everything-1908.iso (10G): `curl -O http://mirror.seas.harvard.edu/centos/7.7.1908/isos/x86_64/CentOS-7-x86_64-Everything-1908.iso` * kernel-devel-3.10.0-957.12.2.el7.x86_64.rpm (17MB): `curl -O http://archive.kernel.org/centos-vault/centos/7.6.1810/updates/x86_64/Packages/kernel-devel-3.10.0-957.12.2.el7.x86_64.rpm` Verify the following SHA256 sums: ``` -$ shasum -a 256 CodeSafe-linux64-dev-12.50.2.iso CentOS-7-x86_64-Everything-1908.iso kernel-devel-3.10.0-957.12.2.el7.x86_64.rpm -23ca2c5fc2476887926409bc69f19b772c99191b1e0cce1a3bace8d1e4488528 CodeSafe-linux64-dev-12.50.2.iso +$ shasum -a 256 SecWorld_Lin64-12.60.11.iso Codesafe_Lin64-12.63.0.iso CentOS-7-x86_64-Everything-1908.iso kernel-devel-3.10.0-957.12.2.el7.x86_64.rpm +6eb82827d438f8dc315d1199772998d97679a0a317bcf540413792f18c3bc3a2 SecWorld_Lin64-12.60.11.iso +df928054888f466c263ef1d7de37877bdcf27c632b34c6934b6eee4e8697a6de Codesafe_Lin64-12.63.0.iso bd5e6ca18386e8a8e0b5a9e906297b5610095e375e4d02342f07f32022b13acf CentOS-7-x86_64-Everything-1908.iso a27c718efb2acec969b20023ea517d06317b838714cb359e4a80e8995ac289fc kernel-devel-3.10.0-957.12.2.el7.x86_64.rpm ``` diff --git a/live-usb-creator/bootstrap.sh b/live-usb-creator/bootstrap.sh index 41faf919..bb8567a0 100755 --- a/live-usb-creator/bootstrap.sh +++ b/live-usb-creator/bootstrap.sh @@ -1,4 +1,5 @@ #!/bin/bash -# mount the CodeSafe image so we can copy stuff off it to our target image -sudo mkdir /media/CodeSafe && sudo mount -t iso9660 -o ro /vagrant/CodeSafe-linux64-dev-12.50.2.iso /media/CodeSafe +# mount the SecWorld + CodeSafe image so we can copy stuff off it to our target image +sudo mkdir /media/SecWorld && sudo mount -t iso9660 -o ro /vagrant/SecWorld_Lin64-12.60.11.iso /media/SecWorld +sudo mkdir /media/CodeSafe && sudo mount -t iso9660 -o ro /vagrant/Codesafe_Lin64-12.63.0.iso /media/CodeSafe diff --git a/live-usb-creator/install_scripts/0_post_install_nochroot b/live-usb-creator/install_scripts/0_post_install_nochroot index cef676b0..53b4ff6b 100755 --- a/live-usb-creator/install_scripts/0_post_install_nochroot +++ b/live-usb-creator/install_scripts/0_post_install_nochroot @@ -11,42 +11,38 @@ mkdir /tmp/nfast_install pushd /tmp/nfast_install -# Hardware Support (mandatory) -tar -xf /media/CodeSafe/linux/libc6_11/amd64/nfast/hwsp/agg.tar +# CipherTools Developer +tar -xzf /media/SecWorld/linux/amd64/ctd.tar.gz # Core Tools (recommended) -tar -xf /media/CodeSafe/linux/libc6_11/amd64/nfast/ctls/agg.tar - -# Java Support (including KeySafe) -tar -xf /media/CodeSafe/linux/libc6_11/amd64/nfast/javasp/agg.tar +tar -xzf /media/SecWorld/linux/amd64/ctls.tar.gz -# nCipherKM JCA/JCE provider classes -tar -xf /media/CodeSafe/linux/libc6_11/amd64/nfast/jcecsp/user.tar +# nCore API Documentation +tar -xzf /media/SecWorld/linux/amd64/devref.tar.gz -# nCipher PKCS #11 library -tar -xf /media/CodeSafe/linux/libc6_11/amd64/nfast/pkcs11/user.tar +# Hardware Support (mandatory) +tar -xzf /media/SecWorld/linux/amd64/hwsp.tar.gz -# CHIL (Cryptographic Hardware Interface Library), -# apparently required for "generatekey" utility -tar -xf /media/CodeSafe/linux/libc6_11/amd64/nfast/hwcrhk/user.tar +# Java Support (including nCipherKM JCA/JCE provider, KeySafe) +tar -xzf /media/SecWorld/linux/amd64/javasp.tar.gz -# Remote Administration Service -tar -xf /media/CodeSafe/linux/libc6_11/amd64/nfast/dsserv/user.tar +# Java dev libs for nCore API +tar -xzf /media/SecWorld/linux/amd64/jd.tar.gz -# Remote Administration Client Tools -tar -xf /media/CodeSafe/linux/libc6_11/amd64/nfast/ratls/agg.tar +# nShield SNMP service and tools +tar -xzf /media/SecWorld/linux/amd64/ncsnmp.tar.gz -# nCore CodeSafe API Documentation (not in SecWorld; CodeSafe only) -tar -xf /media/CodeSafe/linux/libc6_11/amd64/nfast/csdref/agg.tar +# Remote Administration Service (before 12.60 this package was known as dsserv) +tar -xzf /media/SecWorld/linux/amd64/raserv.tar.gz -# nCore API Documentation (not in SecWorld; CodeSafe only) -tar -xf /media/CodeSafe/linux/libc6_11/amd64/nfast/devref/agg.tar +# Redistributable GNU C shared libs +tar -xzf /media/SecWorld/linux/amd64/redist.tar.gz -# CodeSafe Developer (not in SecWorld; CodeSafe only) -tar -xf /media/CodeSafe/linux/libc6_11/amd64/nfast/csd/agg.tar +# CodeSafe Developer; example programs, and SDK for CodeSafe +tar -xzf /media/CodeSafe/linux/amd64/csd.tar.gz -# Prebuilt powerpcm-gcc for Codesafe/C (not in SecWorld; CodeSafe only) -tar -xf /media/CodeSafe/linux/libc6_11/amd64/nfast/gccsrc/ppcdev.tar +# Documentation for CodeSafe +tar -xzf /media/CodeSafe/linux/amd64/csdref.tar.gz pushd opt mv nfast /mnt/sysimage/opt/ From ab7d9fd731b098b553f33d7da206c2d56252c124 Mon Sep 17 00:00:00 2001 From: Oscar Reparaz Date: Wed, 13 Jan 2021 09:08:55 -0800 Subject: [PATCH 2/3] Update live-usb-creator/README.md Co-authored-by: Ning Shang --- live-usb-creator/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/live-usb-creator/README.md b/live-usb-creator/README.md index 1a98f4b7..8ee20794 100644 --- a/live-usb-creator/README.md +++ b/live-usb-creator/README.md @@ -11,7 +11,7 @@ Set the following files in place in the same directory as the `Vagrantfile`. * SecWorld_Lin64-12.60.11.iso (316M): supplied by the HSM vendor * Codesafe_Lin64-12.63.0.iso (281M): supplied by the HSM vendor. -* CentOS-7-x86_64-Everything-1908.iso (10G): `curl -O http://mirror.seas.harvard.edu/centos/7.7.1908/isos/x86_64/CentOS-7-x86_64-Everything-1908.iso` +* CentOS-7-x86_64-Everything-1908.iso (10G): `curl -O https://vault.centos.org/7.7.1908/isos/x86_64/CentOS-7-x86_64-Everything-1908.iso` * kernel-devel-3.10.0-957.12.2.el7.x86_64.rpm (17MB): `curl -O http://archive.kernel.org/centos-vault/centos/7.6.1810/updates/x86_64/Packages/kernel-devel-3.10.0-957.12.2.el7.x86_64.rpm` Verify the following SHA256 sums: From 9f0e53ab01854926929805f5d0ff47c5685aa01b Mon Sep 17 00:00:00 2001 From: Oscar Reparaz Date: Wed, 13 Jan 2021 09:09:12 -0800 Subject: [PATCH 3/3] Update live-usb-creator/README.md Co-authored-by: Ning Shang --- live-usb-creator/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/live-usb-creator/README.md b/live-usb-creator/README.md index 8ee20794..e23c2e7b 100644 --- a/live-usb-creator/README.md +++ b/live-usb-creator/README.md @@ -12,7 +12,7 @@ Set the following files in place in the same directory as the `Vagrantfile`. * SecWorld_Lin64-12.60.11.iso (316M): supplied by the HSM vendor * Codesafe_Lin64-12.63.0.iso (281M): supplied by the HSM vendor. * CentOS-7-x86_64-Everything-1908.iso (10G): `curl -O https://vault.centos.org/7.7.1908/isos/x86_64/CentOS-7-x86_64-Everything-1908.iso` -* kernel-devel-3.10.0-957.12.2.el7.x86_64.rpm (17MB): `curl -O http://archive.kernel.org/centos-vault/centos/7.6.1810/updates/x86_64/Packages/kernel-devel-3.10.0-957.12.2.el7.x86_64.rpm` +* kernel-devel-3.10.0-957.12.2.el7.x86_64.rpm (17MB): `curl -L -O http://archive.kernel.org/centos-vault/centos/7.6.1810/updates/x86_64/Packages/kernel-devel-3.10.0-957.12.2.el7.x86_64.rpm` Verify the following SHA256 sums: