commit eb7d79b7de6fb49fba71e3b3ce1a596a6954b60c Author: Adrian Schröter Date: Mon Oct 14 14:39:32 2024 +0200 Sync from SUSE:ALP:Source:Standard:1.0 keyutils revision c4df76c0e03f37dd7e65e428cfca945c diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..fecc750 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..1992a71 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,4 @@ +libkeyutils1 + obsoletes "keyutils-libs- < " + provides "keyutils-libs- = " +keyutils-devel diff --git a/keyutils-1.6.3.tar.gz b/keyutils-1.6.3.tar.gz new file mode 100644 index 0000000..931b7b9 --- /dev/null +++ b/keyutils-1.6.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a61d5706136ae4c05bd48f86186bcfdbd88dd8bd5107e3e195c924cfc1b39bb4 +size 137022 diff --git a/keyutils-nodate.patch b/keyutils-nodate.patch new file mode 100644 index 0000000..6c33220 --- /dev/null +++ b/keyutils-nodate.patch @@ -0,0 +1,13 @@ +Index: keyutils-1.5.10/Makefile +=================================================================== +--- keyutils-1.5.10.orig/Makefile ++++ keyutils-1.5.10/Makefile +@@ -104,7 +104,7 @@ all: keyctl request-key key.dns_resolver + ############################################################################### + #RPATH = -Wl,-rpath,$(LIBDIR) + +-VCPPFLAGS := -DPKGBUILD="\"$(shell date -u +%F)\"" ++VCPPFLAGS := -DPKGBUILD="\"no timestamp to avoid rebuilds\"" + VCPPFLAGS += -DPKGVERSION="\"keyutils-$(VERSION)\"" + VCPPFLAGS += -DAPIVERSION="\"libkeyutils-$(APIVERSION)\"" + diff --git a/keyutils-usr-move.patch b/keyutils-usr-move.patch new file mode 100644 index 0000000..3153017 --- /dev/null +++ b/keyutils-usr-move.patch @@ -0,0 +1,25 @@ +Index: keyutils-1.5.9/request-key.conf +=================================================================== +--- keyutils-1.5.9.orig/request-key.conf ++++ keyutils-1.5.9/request-key.conf +@@ -31,14 +31,14 @@ + + #OP TYPE DESCRIPTION CALLOUT INFO PROGRAM ARG1 ARG2 ARG3 ... + #====== ======= =============== =============== =============================== +-create dns_resolver * * /sbin/key.dns_resolver %k +-create user debug:* negate /bin/keyctl negate %k 30 %S +-create user debug:* rejected /bin/keyctl reject %k 30 %c %S +-create user debug:* expired /bin/keyctl reject %k 30 %c %S +-create user debug:* revoked /bin/keyctl reject %k 30 %c %S ++create dns_resolver * * /usr/sbin/key.dns_resolver %k ++create user debug:* negate /usr/bin/keyctl negate %k 30 %S ++create user debug:* rejected /usr/bin/keyctl reject %k 30 %c %S ++create user debug:* expired /usr/bin/keyctl reject %k 30 %c %S ++create user debug:* revoked /usr/bin/keyctl reject %k 30 %c %S + create user debug:loop:* * |/bin/cat + create user debug:* * /usr/share/keyutils/request-key-debug.sh %k %d %c %S + create cifs.spnego * * /usr/sbin/cifs.upcall %k +-negate * * * /bin/keyctl negate %k 30 %S ++negate * * * /usr/bin/keyctl negate %k 30 %S + create id_resolver * * /usr/sbin/nfsidmap %k %d -t 600 + diff --git a/keyutils.changes b/keyutils.changes new file mode 100644 index 0000000..355e1eb --- /dev/null +++ b/keyutils.changes @@ -0,0 +1,273 @@ +------------------------------------------------------------------- +Thu Mar 23 10:22:28 UTC 2023 - Dominique Leuenberger + +- Drop pkgconfig(krb5) BuildRequires: this dependency was dropped + upstream in commit f9c7b4e4 (2018-11-02). + +------------------------------------------------------------------- +Tue Dec 27 12:37:34 UTC 2022 - Ludwig Nussel + +- Replace transitional %usrmerged macro with regular version check (boo#1206798) + +------------------------------------------------------------------- +Tue Jun 21 08:26:54 UTC 2022 - Alberto Planas Dominguez + +- Add /etc/keys/evn and /usr/etc/keys/evm together with the IMA ones + +------------------------------------------------------------------- +Thu Jun 24 12:54:11 UTC 2021 - Alberto Planas Dominguez + +- Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) + +------------------------------------------------------------------- +Wed Jan 6 10:27:14 UTC 2021 - Marcus Meissner + +- adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, + the library is just LGPL-2.1+) (bsc#1180603) + +------------------------------------------------------------------- +Mon Jan 4 10:50:03 UTC 2021 - Dirk Müller + +- update to 1.6.3: + * Revert the change notifications that were using /dev/watch_queue. + * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). + * Allow "keyctl supports" to retrieve raw capability data. + * Allow "keyctl id" to turn a symbolic key ID into a numeric ID. + * Allow "keyctl new_session" to name the keyring. + * Allow "keyctl add/padd/etc." to take hex-encoded data. + * Add "keyctl watch*" to expose kernel change notifications on keys. + * Add caps for namespacing and notifications. + * Set a default TTL on keys that upcall for name resolution. + * Explicitly clear memory after it's held sensitive information. + * Various manual page fixes. + * Fix C++-related errors. + * Add support for keyctl_move(). + * Add support for keyctl_capabilities(). + * Make key=val list optional for various public-key ops. + * Fix system call signature for KEYCTL_PKEY_QUERY. + * Fix 'keyctl pkey_query' argument passing. + * Use keyctl_read_alloc() in dump_key_tree_aux(). + * Various manual page fixes. +- spec-cleaner run (fixup failing homepage url) + +------------------------------------------------------------------- +Fri Oct 16 09:59:07 UTC 2020 - Ludwig Nussel + +- prepare usrmerge (boo#1029961) + +------------------------------------------------------------------- +Mon Jul 1 14:28:52 UTC 2019 - Wolfgang Frisch + +- updated to 1.6 + - Apply various specfile cleanups from Fedora. + - request-key: Provide a command line option to suppress helper execution. + - request-key: Find least-wildcard match rather than first match. + - Remove the dependency on MIT Kerberos. + - Fix some error messages + - keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. + - Fix doc and comment typos. + - Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). + - Add pkg-config support for finding libkeyutils. +- upstream isn't offering PGP signatures for the source tarballs anymore + +------------------------------------------------------------------- +Mon Mar 4 09:41:58 UTC 2019 - Dominique Leuenberger + +- Replace krb5-devel BuildRequires with pkgconfig(krb5): Allow OBS + to shortcut the ring0 bootstrap cycle by also using krb5-mini. + +------------------------------------------------------------------- +Mon Oct 29 16:36:11 UTC 2018 - astieger@suse.com + +- add upstream signing key and verify source signature + +------------------------------------------------------------------- +Mon Oct 29 15:37:31 UTC 2018 - meissner@suse.com + +- updated to 1.5.11 (bsc#1113013) + - Add keyring restriction support. + - Add KDF support to the Diffie-Helman function. + - DNS: Add support for AFS config files and SRV records + +------------------------------------------------------------------- +Thu Feb 22 15:10:34 UTC 2018 - fvogt@suse.com + +- Use %license (boo#1082318) + +------------------------------------------------------------------- +Mon Nov 6 10:18:56 UTC 2017 - meissner@suse.com + +- add keyutils-devel for baselibs, to allow biarch LTP builds. + (bsc#1061591) + +------------------------------------------------------------------- +Fri May 5 13:46:43 UTC 2017 - meissner@suse.com + +- updated to 1.5.10 + - added "dh_compute" callback + - manpage improvements + +------------------------------------------------------------------- +Tue Mar 21 15:31:03 UTC 2017 - meissner@suse.com + +- move binaries from /bin to /usr/bin (bsc#1029969) +- keyutils-usr-move.patch: also adjust the request-key.conf file + +------------------------------------------------------------------- +Wed Feb 4 13:11:19 UTC 2015 - meissner@suse.com + +- keyutils-nodate.patch: avoid including the timestamp. bsc#916180 + +------------------------------------------------------------------- +Thu Jun 5 13:58:56 UTC 2014 - meissner@suse.com + +- correct the obsoletes and provides in baselibs.conf to be correct. + bnc#881533 + +------------------------------------------------------------------- +Wed May 14 02:19:52 UTC 2014 - nfbrown@suse.com + +- New upstream release 1.5.9. + Particularly adds keyctl_invalidate, needed for latest nfs-utils. + A few minor bugfixes and usability improvements. + +------------------------------------------------------------------- +Mon Jul 29 08:37:36 UTC 2013 - tchvatal@suse.com + +- Use macros bit more and fix noreplace on folder, which is not + good. + +------------------------------------------------------------------- +Sun Jun 16 16:59:30 UTC 2013 - lmuelle@suse.com + +- Remove deprecated -c arg while calling cifs.upcall from request-key.conf. + +------------------------------------------------------------------- +Fri Feb 1 18:53:40 UTC 2013 - coolo@suse.com + +- update license to new format + +------------------------------------------------------------------- +Wed Jun 20 07:40:08 UTC 2012 - meissner@suse.com + +- various small improvements +- added a /etc/request-key.d/ snippet drop directory + +------------------------------------------------------------------- +Mon Jun 4 18:00:41 UTC 2012 - jeffm@suse.com + +- Update nfs4 idmap support, nfs-client 1.2.6 changed parameters. + +------------------------------------------------------------------- +Wed Apr 11 03:43:35 UTC 2012 - jeffm@suse.com + +- Add nfs4 idmap support +------------------------------------------------------------------- +Wed Oct 5 15:04:53 UTC 2011 - uli@suse.com + +- cross-build fix: use %__cc macro + +------------------------------------------------------------------- +Thu Sep 22 18:05:05 CEST 2011 - meissner@suse.de + +- Updated to 1.5.3 + - Fix unread variables. + - Licence file update. + +- Updated to 1.5 + - Disable RPATH setting in Makefile. + - Add -I. to build to get this keyutils.h. + - Make CFLAGS override on make command line work right. + - Make specfile UTF-8. + - Support KEYCTL_REJECT. + - Support KEYCTL_INSTANTIATE_IOV. + - Add AFSDB DNS lookup program from Wang Lei. + - Generalise DNS lookup program. + - Add recursive scan utility function. + - Add bad key reap command to keyctl. + - Add multi-unlink variant to keyctl unlink command. + - Add multi key purger command to keyctl. + - Handle multi-line commands in keyctl command table. + - Move the package to version to 1.5. + +- Update to 1.4-4 + - Make build guess at default libdirs and word size. + - Make program build depend on library in Makefile. + - Don't include $(DESTDIR) in MAN* macros. + - Remove NO_GLIBC_KEYSYS as it is obsolete. + - Have Makefile extract version info from specfile and version script. + - Provide RPM build rule in Makefile. + - Provide distclean rule in Makefile. + - Fix local linking and RPATH. + - Fix prototypes in manual pages (some char* should be void*). + - Rename the keyctl_security.3 manpage to keyctl_get_security.3. + +------------------------------------------------------------------- +Thu Sep 22 12:41:50 UTC 2011 - jengelh@medozas.de + +- Implement shlib package (libkeyutils1) +- Cleanup per Specfile Guidelines + +------------------------------------------------------------------- +Tue Apr 19 13:45:30 CEST 2011 - meissner@suse.de + +- Upgraded to 1.4 + - Fix the library naming wrt the version. + - Move the package to version to 1.4. + - Fix spelling mistakes in manpages. + - Add an index manpage for all the keyctl functions. + - Fix rpmlint warnings. +- fixed parallel make +- do not include empty rpaths + +------------------------------------------------------------------- +Thu Mar 18 13:27:59 CET 2010 - meissner@suse.de + +- Upgraded to 1.3 + - Expose the kernel function to get a key's security context. + - Expose the kernel function to set a processes keyring onto its parent. + - Move libkeyutils library version to 1.3. + +------------------------------------------------------------------- +Mon Dec 14 16:33:36 CET 2009 - jengelh@medozas.de + +- add baselibs.conf as a source +- enable parallel building + +------------------------------------------------------------------- +Mon Nov 24 12:52:44 CET 2008 - meissner@suse.de + +- added 2 cifs helpers to request-key.conf (for CIFS DFS support) + bnc#432494, FATE#303758 + +------------------------------------------------------------------- +Thu Nov 13 00:03:14 CET 2008 - crrodriguez@suse.de + +- build request-key.c with -fno-strict-aliasing to avoid + possible breakages + +------------------------------------------------------------------- +Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de + +- added baselibs.conf file to build xxbit packages + for multilib support + +------------------------------------------------------------------- +Thu Dec 14 16:33:24 CET 2006 - meissner@suse.de + +- Upgraded to 1.2. + - call ldconfig + - removed manpages (now in global man-pages) + +------------------------------------------------------------------- +Wed Jul 19 14:35:25 CEST 2006 - meissner@suse.de + +- Upgraded to 1.1. + - cleanups, new manpage. +- no static lib anymore (like upstream). + +------------------------------------------------------------------- +Fri Apr 21 15:30:31 CEST 2006 - meissner@suse.de + +- initial import of version 1.0. + diff --git a/keyutils.keyring b/keyutils.keyring new file mode 100644 index 0000000..2bfef52 --- /dev/null +++ b/keyutils.keyring @@ -0,0 +1,63 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBE6MQAUBEACh/QJTf+QLTHo5Vk7Bq/U7lMpzO+9iGuRJDFkS9HbT1NFMrJi6 +O/udOfGky1+9BOU7dGg5hB2qWzp/IMTHzIOtcRUBz7AkdQxCDkBPpdJkWQMG8AkA +DK4xvHTtdHZ7TQnmtrSRFjkb0MuyQd31bBlXv3WzLAnzVpdsTyG8sevnjOojvrxu +dQ1pYjlTSh5CX2cntOM72Zk8jWZ4X5q7hp1f7mu4sKVjzq8uoGAq/05JTRajZuyl +Hn0aMP+WZlmFs7KAbqohgdzYy/8bo6kfyn0d5YOJn+a7G09wpxWK4G3iek6b4/l3 +3EQwd6mvm69DgdWMjHNs7+dhH3sNIHH6jlxtx+z96qAN6ntAirAIBV6xRob/OP9T +2femC84lWJljNh6Bc0gRt3pDtrAiZaWqFGZ9e68qZ6K+LsWfcW4oapXTWp/ELErg +a7FkrmfnPD9upt1yLEE2/nlzXJoIT5r+IMiNPoIddkciXJDGe4IBc3QOcl/sfz5h +ET8n93XyNBifsgQHw/rqQGfzMiqgCP0WjScU0D/DlhT9bVcheCEWQ5Ghk3DpP8gD +adlQEr/4YU+PrHLyFoj/65MkFRpYodcrzU7gyuboo3rAPrO4FcR2M7gkxyVFswg7 +AeTclTzxLdb1KxNfSsL7tK0AfhkrDBv5N2xmxRSNcK0SHRKz4Sc6Kq/rtwARAQAB +tCNEYXZpZCBIb3dlbGxzIDxkaG93ZWxsc0ByZWRoYXQuY29tPokCOAQTAQIAIgUC +TozmuAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ+7dXa6fLC2t6pg/+ +PCr5Ienbgwzv8Chc5CqnXCmSMkWCUTjQQuxICq9EpBopOAaAdTuAvVCFVICSBeoH +nnDO/CjVmv72o3DcG0jxWcP40+oBGOXZChRshahyzLEOJ1JK34UAcYavN8r69tWJ +7PQ+g/cwL/On0L4cYYqjhKGpmYlMRSjS7icjygAnTmGz8CnI6KG/0K0cDxNtoMsc +rMX1UoDgkIgTJi0Jb2TlyBbi6QeZyrEExEp2RuepZDx8XLvnXy/rm/qniFZMeQcG +eF4ercc9z6DXc9gJhOtehphkAk967VPYBzrXTzuF3rsXYB546ZvsvvKsi7w+Cc8C +6JbLNbJ0pJsSCydZL44QOGuPM0dpTIHUZeo2DdPcUcUsoxvCOmmvXWbiWxSFlO1D +MMGna2dJFrDvPedJudd8hXxWRyoPG1X5oxyHAvpYB7sRPuVW5udAbiDeKPXEY8jP +0fT/BBM9+ihdblVofwzLI9Bch6xSq9g7VQo7t3wUI5+Wn3i5QNUGMEyz2L9rS4Cs +vGCULdN5E+/4cQcuNt4rcPPusQl3RoOOsqXBSuDYTXBwOCHTJ6L9NVGQH7cGlVAD +PmO9vMA8MGrt825RnLz/6w5kyA7BOGgZ8QOEAOGp8Way5H9gbMUmBebofBaxoWiH +W8MEQf+/FtsY1A8noOU2U1VnGFDfhVAQO9jbUFMWhLS0JERhdmlkIEhvd2VsbHMg +PGRob3dlbGxzNzRAZ21haWwuY29tPokCOAQTAQIAIgUCToxABQIbAwYLCQgHAwIG +FQgCCQoLBBYCAwECHgECF4AACgkQ+7dXa6fLC2v3Pg//RiZQ1YdjmRbQThZAH5Kh +WuhkN7cSfQHz7UlxQaW/pqUnTN/PgBADALXZeMALmUVCBpiY2Jc+UiX3ixzkc3PO +MAWG61xxGy90xBVkYqDVNzMR+wiTUZUCzKdqXUzoWrXHkQnkRm2iDHR5JiUR/CjM +KJf0lAegAxGw3Npdz9QKWoTZLJJnBf0WOD1Ld+rMaVixDc8bD1fSwNfGrFfiOFVe +xvugQagHw8peGg4EbQ0dll4P5/+SrJsYCCAYBLc+lKWG+G9qYC75MbWtg4R+RJWv +fu2Gl64OJvVnGq70X9gW6W93MD/S+MskpI8Si8QsfWreVY3Q0t25nBY7jvoh+gaX +Jyiih6Tei8LS2WLhedHCdMuh9ZM0TBaaJlBBhyG6X8wO1IzRFMmvlHKulTkfXqSP +ILPkLBzhBIhNlZzVDI1Bzh3kjq48AfO+eK4ZZRALxnqffObJAydKRm+FGmLzrO5h +Ww1MJoS3n3khnvqFSjQBI/xkC5qNqDMBU4hQgUPQBka8fIyvpbj2pIL7Iv1wuJR8 +E/0qO10G1+G4ZU2EeVakQgKgbL/+4NK29J8Xn2VaeAMpcr2I9eJIRHeKlGTK1I3D +kCkxFBKVfdLngvVFa544OKW9lGCY1C2kenPBEH17pQdejLESR+iqnkYGGdf6zoWz +aFGFKNC/yG5x2NVGdk724my5Ag0EToxABQEQAKl9mbsMzHOkAG0YBrJkl6UwkiNR +AOYnHgVUfQ6ZnlT8PwnQc1FSKDdqO1e/GVaGsyo3VYQnkLp9KKW2El7srY+vFOMG +hLtZR9nJrtX54YOyg85RY1q7jXam2AqW8y26QX7PqA+XZ2OpRZ9ohkUJTvStQ4Yq +XgAn3f00YQ+eKhqoT79PPwW6fSUgjqApbhGkQX/IrSOLlI4LsfA1JuSd8PNsC5LZ +ad0fKEKyvPRHMmw36wcG/4cspPi5gOyk04hFZ1EewT+lQ5cs+32ZANww88CDBOR9 +smUuWkkA9V0qWBP6P7i6bTHxTNZ3G6LutqahXnCm6xcfyRCBFYr5u62J3bFnEfFO +tqoTzB3pLePuxBHxqcx7iI6EM66JM30euIb+5d61g9YNcJeY85EXCGTamNDsGcaJ +xtiQwdRfK3PBBndABAswB/uRrB9ed07LMu9O0FPD+pqxhKp45tr00XFJB5dcqWKL +1aa+F62kFEIrU0RXCEVYaQXUKY/9tvkABbGBcUJ8ASw7O4vgkPbiqQ1FgRlCf0Pq +PBS28x9orV7YX+bMxUtiSlCsDXXos9G+vNp5aPDdGb24Jj0z9uIj3AhiNd89KwtA +qPBYO3471IJmc5+y0hIF4NAwh5KT2Bq3BdjL3M6W957PObMYgJWQKGBoAxnbyWng ++lUV+MST6CYaSAizABEBAAGJAh8EGAECAAkFAk6MQAUCGwwACgkQ+7dXa6fLC2um +RQ/6AqE32NIlfduy4Avc4Z1IPO6OZuDpwNYaopuHW0K9Hk5yZLk1Avk4COOK/w0E +1TLYXRkDUBN0D5K3eW9efPvUvm/aRsPLeOhdUqwjAZrdbjJufqSikqr+0LVECA8j +HsEntnvTGmY5sX+Ufuh+/cH8kCx2ascO6G6cT5RyqeJN71VDMajFq347+S5w7qIG +/GbICLP2f678tiiRyYr7XocnJC95b8tyHxCrOc7/ZD2b8ZAmbOUi6GEP6hXVoAxB +VRJJ4Y9cH7ZAbKfgWsopfHDTrQU9gOeyYHuZex4dQSB/e7nphCeAeyr/DnR5VNIx +ypqXoFEJ5aDMXvh806qUykz/vDdJrT6T5ReI+V4n6e+dtyKj+7t5OJ9ibY+EcIQh +wXWa73zBlt+42ZMaYccaZAadbRrvjqCivNlceq/0W76HWwV6EQ/Q8CcVggOwggrA +T7WW5berTthwvloeSSHl+w8JPWfNMZXwDO/ItFesZQ532NpOGoF0AP3ID5Xry36W +X/IKFhWtzjBY/j2JkcWjoBk+Md3vgcIOfityege/HvlmOeFnonp6kCBRqTkZwRlR +KFkraSBgzdmMqC4xip7C+3WFIV+1ki/Dixwk6hh0jlPw53anPxyA1a3/Uc5vIOeA +hohMBKGGIXz0cCaD64EQLY7Svd4AoIVM72pzkX7Y+ZvfrbM= +=U2Rm +-----END PGP PUBLIC KEY BLOCK----- diff --git a/keyutils.spec b/keyutils.spec new file mode 100644 index 0000000..02244a8 --- /dev/null +++ b/keyutils.spec @@ -0,0 +1,130 @@ +# +# spec file for package keyutils +# +# Copyright (c) 2023 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%if ! %{defined _distconfdir} +%define _distconfdir %{_sysconfdir} +%else +%define use_usretc 1 +%endif + +%define lname libkeyutils1 +Name: keyutils +Version: 1.6.3 +Release: 0 +Summary: Linux Key Management Utilities +License: GPL-2.0-or-later AND LGPL-2.1-or-later +Group: System/Kernel +URL: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/ +Source0: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/snapshot/keyutils-%{version}.tar.gz +Source1: baselibs.conf +Source3: %{name}.keyring +Patch1: request-key-cifs.patch +Patch2: request-key-nfs4.patch +Patch3: keyutils-nodate.patch +Patch4: keyutils-usr-move.patch +BuildRequires: gcc-c++ +BuildRequires: pkgconfig + +%description +Utilities to control the kernel key management facility and to provide +a mechanism by which the kernel can call back to user space to get a +key instantiated. + +%package -n %{lname} +Summary: Key utilities library +License: LGPL-2.1-or-later +Group: System/Kernel +Obsoletes: keyutils-libs < %{version}-%{release} +Provides: keyutils-libs = %{version}-%{release} + +%description -n %{lname} +This package provides a wrapper library for the key management facility +system calls. + +%package devel +Summary: Development package for building linux key management utilities +License: LGPL-2.1-or-later +Group: System/Kernel +Requires: %{lname} = %{version} +Requires: glibc-devel + +%description devel +This package provides headers and libraries for building key utilities. + +%prep +%setup -q +%patch1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 + +%build +%make_build NO_ARLIB=1 CFLAGS="%{optflags}" CC="gcc" + +%install +make install NO_ARLIB=1 DESTDIR=%{buildroot} BINDIR=/%{_bindir} SBINDIR=/%{_sbindir} LIBDIR=/%{_libdir} USRLIBDIR=%{_libdir} +%if 0%{?suse_version} < 1550 +mkdir -p %{buildroot}/bin %{buildroot}/sbin +ln -s /%{_bindir}/keyctl %{buildroot}/bin +ln -s /%{_sbindir}/key.dns_resolver %{buildroot}/sbin +ln -s /%{_sbindir}/request-key %{buildroot}/sbin +%endif + +install -m 0750 -d \ + %{buildroot}%{_sysconfdir}/keys \ + %{buildroot}%{_sysconfdir}/keys/ima \ + %{buildroot}%{_sysconfdir}/keys/evm \ + %{buildroot}%{_distconfdir}/keys \ + %{buildroot}%{_distconfdir}/keys/ima \ + %{buildroot}%{_distconfdir}/keys/evm + +%post -n %{lname} -p /sbin/ldconfig +%postun -n %{lname} -p /sbin/ldconfig + +%files +%license LICENCE.GPL +%doc README +%if 0%{?suse_version} < 1550 +/sbin/* +/bin/* +%endif +/%{_sbindir}/* +/%{_bindir}/* +%{_datadir}/keyutils +%{_mandir}/*/* +%config(noreplace) %{_sysconfdir}/request-key.conf +%dir %{_sysconfdir}/request-key.d/ +%dir %{_sysconfdir}/keys/ +%dir %{_sysconfdir}/keys/ima/ +%dir %{_sysconfdir}/keys/evm/ +%if %{defined use_usretc} +%dir %{_distconfdir}/keys/ +%dir %{_distconfdir}/keys/ima/ +%dir %{_distconfdir}/keys/evm/ +%endif + +%files -n %{lname} +%license LICENCE.LGPL +/%{_libdir}/libkeyutils.so.* + +%files devel +%{_libdir}/libkeyutils.so +%{_includedir}/* +%attr(0644, root, root) %{_libdir}/pkgconfig/libkeyutils.pc + +%changelog diff --git a/request-key-cifs.patch b/request-key-cifs.patch new file mode 100644 index 0000000..9060102 --- /dev/null +++ b/request-key-cifs.patch @@ -0,0 +1,10 @@ +Index: request-key.conf +=================================================================== +--- request-key.conf.orig ++++ request-key.conf +@@ -38,4 +38,5 @@ create user debug:* expired + create user debug:* revoked /bin/keyctl reject %k 30 %c %S + create user debug:loop:* * |/bin/cat + create user debug:* * /usr/share/keyutils/request-key-debug.sh %k %d %c %S ++create cifs.spnego * * /usr/sbin/cifs.upcall %k + negate * * * /bin/keyctl negate %k 30 %S diff --git a/request-key-nfs4.patch b/request-key-nfs4.patch new file mode 100644 index 0000000..9b5c625 --- /dev/null +++ b/request-key-nfs4.patch @@ -0,0 +1,12 @@ +--- + request-key.conf | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/request-key.conf ++++ b/request-key.conf +@@ -40,3 +40,5 @@ create user debug:loop:* * |/bin/cat + create user debug:* * /usr/share/keyutils/request-key-debug.sh %k %d %c %S + create cifs.spnego * * /usr/sbin/cifs.upcall %k + negate * * * /bin/keyctl negate %k 30 %S ++create id_resolver * * /usr/sbin/nfsidmap %k %d -t 600 ++