Check-in [a8231fc377]
Overview
Comment:Added CACKey Uninstaller for macOS into the installer package (/usr/local/bin/cackey_osx_uninstall.sh), removed the extra macOS uninstaller script from the build tree, and updated the macOS build script to use the new SHA-256 hash of the external PKCS11.tokend (which now supports SHA-2 (256/384/512))
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: a8231fc3777f178dd80df798c426baac47428c4d
User & Date: kvanals on 2016-10-18 18:14:49
Other Links: manifest | tags
Context
2016-10-18
18:23
CACKey 0.7.7 check-in: 458e2fe6b9 user: kvanals tags: trunk, 0.7.7
18:14
Added CACKey Uninstaller for macOS into the installer package (/usr/local/bin/cackey_osx_uninstall.sh), removed the extra macOS uninstaller script from the build tree, and updated the macOS build script to use the new SHA-256 hash of the external PKCS11.tokend (which now supports SHA-2 (256/384/512)) check-in: a8231fc377 user: kvanals tags: trunk
2016-09-22
19:59
Updated CACKey macOS Install and Uninstall Scripts to try harder to disable CryptoTokenKit support after the GM release started ignoring some methods check-in: 56006440a0 user: kvanals tags: trunk
Changes

Modified build/cackey_osx_build/Template_pmbuild/scripts/04pkcs11tokend-post.sh from [e76bd4c2b0] to [f124b9f8c8].

1
2
3






































4
5
6
7
8
9
#!/bin/bash
chmod -R go+rX /Library/Security/tokend/PKCS11.tokend
chown -R root:wheel /Library/Security/tokend/PKCS11.tokend







































# If on Sierra or newer, disable the pivtoken CryptoTokenKit
if [ "`uname -r | cut -d '.' -f 1`" -ge "16" ]; then
	security smartcards token -d com.apple.CryptoTokenKit.pivtoken
	defaults write /Library/Preferences/com.apple.security.smartcard DisabledTokens -array com.apple.CryptoTokenKit.pivtoken
fi



>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>






1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
#!/bin/bash
chmod -R go+rX /Library/Security/tokend/PKCS11.tokend
chown -R root:wheel /Library/Security/tokend/PKCS11.tokend

# Write Out Uninstaller (For our users' convenience)
cat << 'EOF' >> /usr/local/bin/cackey_osx_uninstall.sh
#!/bin/bash
# Script to remove current and previous releases of CACKey from Mac OS X

if [ "`whoami`" != "root" ]; then
	echo "Please rerun this script with sudo or directly as root."
	exit 1
fi

# Remove Directories and Files
echo "Removing CACKey-related files and directories, if they exist..."
rm -rf /usr/lib/pkcs11/*cackey*
rm -rf /usr/local/lib/pkcs11/*cackey*
rm -rf /Library/CACKey
rm -rf /System/Library/Security/tokend/PKCS11.tokend
rm -rf /Library/Security/tokend/PKCS11.tokend

# Forget about packages installed
echo "Removing saved Mac OS X package information for CACKey..."
for package in `pkgutil --pkgs | grep -i CACKey`; do
	pkgutil --forget ${package}
done

# If on Sierra or newer, reenable the pivtoken CryptoTokenKit
echo "Reenabling the builtin pivtoken CryptoTokenKit..."
if [ "`uname -r | cut -d '.' -f 1`" -ge "16" ]; then
	defaults delete /Library/Preferences/com.apple.security.smartcard
	security smartcards token -e com.apple.CryptoTokenKit.pivtoken
fi

# Remove myself
rm -f /usr/local/bin/cackey_osx_uninstall.sh
EOF

chown root:wheel /usr/local/bin/cackey_osx_uninstall.sh
chmod 755 /usr/local/bin/cackey_osx_uninstall.sh

# If on Sierra or newer, disable the pivtoken CryptoTokenKit
if [ "`uname -r | cut -d '.' -f 1`" -ge "16" ]; then
	security smartcards token -d com.apple.CryptoTokenKit.pivtoken
	defaults write /Library/Preferences/com.apple.security.smartcard DisabledTokens -array com.apple.CryptoTokenKit.pivtoken
fi

Modified build/cackey_osx_build/build_osx.sh from [37f2acc21e] to [b6fc0d5cbb].

144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
	ln macbuild/${OSX}/libcackey.dylib build/cackey_osx_build/cackey.dylib
	rm -rf build/cackey_osx_build/PKCS11.tokend
	if [ "${LIONBUILD}" = 1 ]; then
		TAR=gnutar
	else
		TAR=tar
	fi
	TOKENDSHA256="800a1d307df4117b2096a824dfc7ccca1ebecb5caf5fa98c1e531ac6f6b672a0"
	curl http://devel.kvanals.org/PKCS11_Tokend/PKCS11_tokend-latest.tar.gz > PKCS11_tokend-latest.tar.gz
	if [ "${TOKENDSHA256}" != "`shasum -a 256 PKCS11_tokend-latest.tar.gz | awk '{print $1}'`" ]; then
		echo "SHA-256 Checksum does NOT match for TokenD!  Verify there was a new upstream release and update the build script!"
		rm -f PKCS11_tokend-latest.tar.gz
		exit 1
	fi
	if [ "${OSX}" = "Leopard" ]; then







|







144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
	ln macbuild/${OSX}/libcackey.dylib build/cackey_osx_build/cackey.dylib
	rm -rf build/cackey_osx_build/PKCS11.tokend
	if [ "${LIONBUILD}" = 1 ]; then
		TAR=gnutar
	else
		TAR=tar
	fi
	TOKENDSHA256="f4a27bcec02effc39f1bc9a6dc7943b8c1c3e570431782a874a1082bb1332ef3"
	curl http://devel.kvanals.org/PKCS11_Tokend/PKCS11_tokend-latest.tar.gz > PKCS11_tokend-latest.tar.gz
	if [ "${TOKENDSHA256}" != "`shasum -a 256 PKCS11_tokend-latest.tar.gz | awk '{print $1}'`" ]; then
		echo "SHA-256 Checksum does NOT match for TokenD!  Verify there was a new upstream release and update the build script!"
		rm -f PKCS11_tokend-latest.tar.gz
		exit 1
	fi
	if [ "${OSX}" = "Leopard" ]; then

Deleted build/cackey_osx_build/cackey_osx_uninstall.sh version [92a8124c4c].

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
#!/bin/bash
# Script to remove current and previous releases of CACKey from Mac OS X

if [ "`whoami`" != "root" ]; then
	echo "Please rerun this script with sudo or directly as root."
	exit 1
fi

# Remove Directories and Files
echo "Removing CACKey-related files and directories, if they exist..."
rm -rf /usr/lib/pkcs11/*cackey*
rm -rf /usr/local/lib/pkcs11/*cackey*
rm -rf /Library/CACKey
rm -rf /System/Library/Security/tokend/PKCS11.tokend
rm -rf /Library/Security/tokend/PKCS11.tokend

# Forget about packages installed
echo "Removing saved Mac OS X package information for CACKey..."
for package in `pkgutil --pkgs | grep -i CACKey`; do
	pkgutil --forget ${package}
done

# If on Sierra or newer, reenable the pivtoken CryptoTokenKit
echo "Reenabling the builtin pivtoken CryptoTokenKit..."
if [ "`uname -r | cut -d '.' -f 1`" -ge "16" ]; then
	security smartcards token -e com.apple.CryptoTokenKit.pivtoken
	defaults delete /Library/Preferences/com.apple.security.smartcard DisabledTokens -array com.apple.CryptoTokenKit.pivtoken
fi
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<