keyutils-1.6.3

Introduction to keyutils

Keyutils is a set of utilities for managing the key retention facility in the kernel, which can be used by filesystems, block devices and more to gain and retain the authorization and encryption keys required to perform secure operations.

This package is known to build and work properly using an LFS 12.4 platform.

Package Information

Download (HTTP): https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/snapshot/keyutils-1.6.3.tar.gz
Download SHA256 Sum: a61d5706136ae4c05bd48f86186bcfdbd88dd8bd5107e3e195c924cfc1b39bb4
Download MD5 sum: 6b70b2b381c1b6d9adfaf66d5d3e7c00
Download size: 588.9 KB
Estimated disk space required: 1,158.3 KB
Estimated build time: less than 0.1 SBU

Keyutils Dependencies

Optional

"lsb-tools" (referred by the test suite)

Kernel Configuration

If running the test suite, some tests needs the following kernel features enabled:

Security options --->
  [*] Enable access key retention support                                 [KEYS]
  [*]   Large payload keys                                            [BIG_KEYS]
  [*]   Diffie-Hellman operations on retained keys           [KEY_DH_OPERATIONS]

-*- Cryptographic API --->                                              [CRYPTO]
  Public-key cryptography --->
    <*/M> RSA (Rivest-Shamir-Adleman)                               [CRYPTO_RSA]
  Hashes, digests, and MACs --->
    <*/M> SHA-1                                                    [CRYPTO_SHA1]
  [*] Asymmetric (public-key cryptographic) key type --->  [ASYMMETRIC_KEY_TYPE]
    <*> Asymmetric public-key crypto algorithm subtype
                                            ...  [ASYMMETRIC_PUBLIC_KEY_SUBTYPE]
    # If not built into the kernel, [SYSTEM_TRUSTED_KEYRING] won't show up;
    # building as a module won't work:
    <*>   X.509 certificate parser                     [X509_CERTIFICATE_PARSER]
  Certificates for signature checking --->
    [*] Provide system-wide ring of trusted keys        [SYSTEM_TRUSTED_KEYRING]
    [*]   Provide a keyring to which extra trustable keys may be added
                                                ...  [SECONDARY_TRUSTED_KEYRING]
    [*] Provide system-wide ring of blacklisted keys  [SYSTEM_BLACKLIST_KEYRING]

Installation of keyutils

Prepare keyutils by running the following commands:

make

Now Install the package, as the root user:

make NO_ARLIB=1 LIBDIR=/usr/lib BINDIR=/usr/bin SBINDIR=/usr/sbin install

Note

The test suite can only run after installing this package. To test the results, issue, as the root user:

make -k test

If "lsb-tools" is not installed, the test suite will output some lines complaining the lsb_release command not available but it won't affect the test result.

Command Explanations

NO_ARLIB=1: This make flag disables installing the static library.

Configuring keyutils

Config Files

/etc/request-key.conf and /etc/request-key.d/*

Installed Programs: keyctl, key.dns_resolver, and request-key

Installed Library: libkeyutils.so

Installed Directory: /etc/keyutils, /etc/request-key.d, and /usr/share/keyutils

Short Descriptions

keyctl	controls the key management facility with a variety of subcommands
key.dns_resolver	is invoked by request-key on behalf of the kernel when kernel services (such as NFS, CIFS and AFS) need to perform a hostname lookup and the kernel does not have the key cached. It is not ordinarily intended to be called directly
request-key	is invoked by the kernel when the kernel is asked for a key that it doesn't have immediately available. The kernel creates a temporary key and then calls out to this program to instantiate it. It is not intended to be called directly
`libkeyutils.so`	contains the keyutils library API instantiation

Prev
libatasmart-0.19
Next
JSON-C-0.18
Up
Home

Zirconium Linux From Scratch - Version r12.4-45-systemd

Chapter 14. Build Qt6 and Support