keyutils-1.6.1

Introduction to keyutils

Keyutils is a set of utilities for managing the key retention facility in the kernel, which can be used by filesystems, block devices and more to gain and retain the authorization and encryption keys required to perform secure operations.

Note

Development versions of BLFS may not build or run some packages properly if LFS or dependencies have been updated since the most recent stable versions of the books.

Package Information

Download (HTTP): https://people.redhat.com/~dhowells/keyutils/keyutils-1.6.1.tar.bz2
Download MD5 sum: 919af7f33576816b423d537f8a8692e8
Download size: 96 KB
Estimated disk space required: 1.9 MB (with tests)
Estimated build time: less than 0.1 SBU (add 0.6 SBU for tests)

keyutils Dependencies

Required

MIT Kerberos V5-1.21.2

Installation of keyutils

Install keyutils by running the following commands:

sed -i 's:$(LIBDIR)/$(PKGCONFIG_DIR):/usr/lib/pkgconfig:' Makefile &&
make

Now, as the root user:

make NO_ARLIB=1 LIBDIR=/usr/lib BINDIR=/usr/bin SBINDIR=/usr/sbin install

The test suite can only run after installing this package. To test the results, issue, as the root user:

sed -e 's/executable/\\(pie \\)?/' \
    -i tests/toolbox.inc.sh        &&
make -k test

Note that several tests will fail if certain uncommon kernel options were not used when the kernel was built. These include CONFIG_BIG_KEYS, CONFIG_KEY_DH_OPERATIONS, and CONFIG_CRYPTO_DH.

Command Explanations

sed ... Makefile: This command ensures the pkgconfig file is placed in the correct directory.

sed ... tests/toolbox.inc.sh: In LFS, GCC has been configured with --enable-default-pie so /usr/bin/bash is a PIE, but the test script does not anticipate it. Fix this oversight so the test can run on a LFS system.

NO_ARLIB=1: This make flag disables installing the static library.

Configuring keyutils

Config Files

/etc/request-key.conf and /etc/request-key.d/*

Installed Programs: keyctl, key.dns_resolver, and request-key

Installed Library: libkeyutils.so

Installed Directory: /etc/request-key.d and /usr/share/keyutils

Short Descriptions

keyctl	controls the key management facility with a variety of subcommands
key.dns_resolver	is invoked by request-key on behalf of the kernel when kernel services (such as NFS, CIFS and AFS) need to perform a hostname lookup and the kernel does not have the key cached. It is not ordinarily intended to be called directly
request-key	is invoked by the kernel when the kernel is asked for a key that it doesn't have immediately available. The kernel creates a temporary key and then calls out to this program to instantiate it. It is not intended to be called directly
`libkeyutils.so`	contains the keyutils library API instantiation

Prev
JSON-GLib-1.8.0
Next
libaio-0.3.113
Up
Home

Beyond Linux® From Scratch (System V Edition) - Version r12.0-1306-wip

Chapter 9. General Libraries