SLFO-pool/keyutils
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main keyutils revision c4df76c0e03f37dd7e65e428cfca945c

Browse Source
This commit is contained in:
Adrian Schröter 2024-05-03 14:14:31 +02:00
commit bc3e2affda
10 changed files with 556 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

4
baselibs.conf Normal file
View File

@ -0,0 +1,4 @@
libkeyutils1
obsoletes "keyutils-libs-<targettype> < <version>"
provides "keyutils-libs-<targettype> = <version>"
keyutils-devel

BIN
keyutils-1.6.3.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

13
keyutils-nodate.patch Normal file
View File

@ -0,0 +1,13 @@
Index: keyutils-1.5.10/Makefile
===================================================================
--- keyutils-1.5.10.orig/Makefile
+++ keyutils-1.5.10/Makefile
@@ -104,7 +104,7 @@ all: keyctl request-key key.dns_resolver
###############################################################################
#RPATH = -Wl,-rpath,$(LIBDIR)
-VCPPFLAGS := -DPKGBUILD="\"$(shell date -u +%F)\""
+VCPPFLAGS := -DPKGBUILD="\"no timestamp to avoid rebuilds\""
VCPPFLAGS += -DPKGVERSION="\"keyutils-$(VERSION)\""
VCPPFLAGS += -DAPIVERSION="\"libkeyutils-$(APIVERSION)\""

25
keyutils-usr-move.patch Normal file
View File

@ -0,0 +1,25 @@
Index: keyutils-1.5.9/request-key.conf
===================================================================
--- keyutils-1.5.9.orig/request-key.conf
+++ keyutils-1.5.9/request-key.conf
@@ -31,14 +31,14 @@
#OP TYPE DESCRIPTION CALLOUT INFO PROGRAM ARG1 ARG2 ARG3 ...
#====== ======= =============== =============== ===============================
-create dns_resolver * * /sbin/key.dns_resolver %k
-create user debug:* negate /bin/keyctl negate %k 30 %S
-create user debug:* rejected /bin/keyctl reject %k 30 %c %S
-create user debug:* expired /bin/keyctl reject %k 30 %c %S
-create user debug:* revoked /bin/keyctl reject %k 30 %c %S
+create dns_resolver * * /usr/sbin/key.dns_resolver %k
+create user debug:* negate /usr/bin/keyctl negate %k 30 %S
+create user debug:* rejected /usr/bin/keyctl reject %k 30 %c %S
+create user debug:* expired /usr/bin/keyctl reject %k 30 %c %S
+create user debug:* revoked /usr/bin/keyctl reject %k 30 %c %S
create user debug:loop:* * |/bin/cat
create user debug:* * /usr/share/keyutils/request-key-debug.sh %k %d %c %S
create cifs.spnego * * /usr/sbin/cifs.upcall %k
-negate * * * /bin/keyctl negate %k 30 %S
+negate * * * /usr/bin/keyctl negate %k 30 %S
create id_resolver * * /usr/sbin/nfsidmap %k %d -t 600

273
keyutils.changes Normal file
View File

@ -0,0 +1,273 @@
-------------------------------------------------------------------
Thu Mar 23 10:22:28 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>
- Drop pkgconfig(krb5) BuildRequires: this dependency was dropped
upstream in commit f9c7b4e4 (2018-11-02).
-------------------------------------------------------------------
Tue Dec 27 12:37:34 UTC 2022 - Ludwig Nussel <lnussel@suse.com>
- Replace transitional %usrmerged macro with regular version check (boo#1206798)
-------------------------------------------------------------------
Tue Jun 21 08:26:54 UTC 2022 - Alberto Planas Dominguez <aplanas@suse.com>
- Add /etc/keys/evn and /usr/etc/keys/evm together with the IMA ones
-------------------------------------------------------------------
Thu Jun 24 12:54:11 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>
- Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654)
-------------------------------------------------------------------
Wed Jan 6 10:27:14 UTC 2021 - Marcus Meissner <meissner@suse.com>
- adjust the library license to be LPGL-2.1+ only (the tools are GPL2+,
the library is just LGPL-2.1+) (bsc#1180603)
-------------------------------------------------------------------
Mon Jan 4 10:50:03 UTC 2021 - Dirk Müller <dmueller@suse.com>
- update to 1.6.3:
* Revert the change notifications that were using /dev/watch_queue.
* Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE).
* Allow "keyctl supports" to retrieve raw capability data.
* Allow "keyctl id" to turn a symbolic key ID into a numeric ID.
* Allow "keyctl new_session" to name the keyring.
* Allow "keyctl add/padd/etc." to take hex-encoded data.
* Add "keyctl watch*" to expose kernel change notifications on keys.
* Add caps for namespacing and notifications.
* Set a default TTL on keys that upcall for name resolution.
* Explicitly clear memory after it's held sensitive information.
* Various manual page fixes.
* Fix C++-related errors.
* Add support for keyctl_move().
* Add support for keyctl_capabilities().
* Make key=val list optional for various public-key ops.
* Fix system call signature for KEYCTL_PKEY_QUERY.
* Fix 'keyctl pkey_query' argument passing.
* Use keyctl_read_alloc() in dump_key_tree_aux().
* Various manual page fixes.
- spec-cleaner run (fixup failing homepage url)
-------------------------------------------------------------------
Fri Oct 16 09:59:07 UTC 2020 - Ludwig Nussel <lnussel@suse.de>
- prepare usrmerge (boo#1029961)
-------------------------------------------------------------------
Mon Jul 1 14:28:52 UTC 2019 - Wolfgang Frisch <wolfgang.frisch@suse.com>
- updated to 1.6
- Apply various specfile cleanups from Fedora.
- request-key: Provide a command line option to suppress helper execution.
- request-key: Find least-wildcard match rather than first match.
- Remove the dependency on MIT Kerberos.
- Fix some error messages
- keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes.
- Fix doc and comment typos.
- Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20).
- Add pkg-config support for finding libkeyutils.
- upstream isn't offering PGP signatures for the source tarballs anymore
-------------------------------------------------------------------
Mon Mar 4 09:41:58 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
- Replace krb5-devel BuildRequires with pkgconfig(krb5): Allow OBS
to shortcut the ring0 bootstrap cycle by also using krb5-mini.
-------------------------------------------------------------------
Mon Oct 29 16:36:11 UTC 2018 - astieger@suse.com
- add upstream signing key and verify source signature
-------------------------------------------------------------------
Mon Oct 29 15:37:31 UTC 2018 - meissner@suse.com
- updated to 1.5.11 (bsc#1113013)
- Add keyring restriction support.
- Add KDF support to the Diffie-Helman function.
- DNS: Add support for AFS config files and SRV records
-------------------------------------------------------------------
Thu Feb 22 15:10:34 UTC 2018 - fvogt@suse.com
- Use %license (boo#1082318)
-------------------------------------------------------------------
Mon Nov 6 10:18:56 UTC 2017 - meissner@suse.com
- add keyutils-devel for baselibs, to allow biarch LTP builds.
(bsc#1061591)
-------------------------------------------------------------------
Fri May 5 13:46:43 UTC 2017 - meissner@suse.com
- updated to 1.5.10
- added "dh_compute" callback
- manpage improvements
-------------------------------------------------------------------
Tue Mar 21 15:31:03 UTC 2017 - meissner@suse.com
- move binaries from /bin to /usr/bin (bsc#1029969)
- keyutils-usr-move.patch: also adjust the request-key.conf file
-------------------------------------------------------------------
Wed Feb 4 13:11:19 UTC 2015 - meissner@suse.com
- keyutils-nodate.patch: avoid including the timestamp. bsc#916180
-------------------------------------------------------------------
Thu Jun 5 13:58:56 UTC 2014 - meissner@suse.com
- correct the obsoletes and provides in baselibs.conf to be correct.
bnc#881533
-------------------------------------------------------------------
Wed May 14 02:19:52 UTC 2014 - nfbrown@suse.com
- New upstream release 1.5.9.
Particularly adds keyctl_invalidate, needed for latest nfs-utils.
A few minor bugfixes and usability improvements.
-------------------------------------------------------------------
Mon Jul 29 08:37:36 UTC 2013 - tchvatal@suse.com
- Use macros bit more and fix noreplace on folder, which is not
good.
-------------------------------------------------------------------
Sun Jun 16 16:59:30 UTC 2013 - lmuelle@suse.com
- Remove deprecated -c arg while calling cifs.upcall from request-key.conf.
-------------------------------------------------------------------
Fri Feb 1 18:53:40 UTC 2013 - coolo@suse.com
- update license to new format
-------------------------------------------------------------------
Wed Jun 20 07:40:08 UTC 2012 - meissner@suse.com
- various small improvements
- added a /etc/request-key.d/ snippet drop directory
-------------------------------------------------------------------
Mon Jun 4 18:00:41 UTC 2012 - jeffm@suse.com
- Update nfs4 idmap support, nfs-client 1.2.6 changed parameters.
-------------------------------------------------------------------
Wed Apr 11 03:43:35 UTC 2012 - jeffm@suse.com
- Add nfs4 idmap support
-------------------------------------------------------------------
Wed Oct 5 15:04:53 UTC 2011 - uli@suse.com
- cross-build fix: use %__cc macro
-------------------------------------------------------------------
Thu Sep 22 18:05:05 CEST 2011 - meissner@suse.de
- Updated to 1.5.3
- Fix unread variables.
- Licence file update.
- Updated to 1.5
- Disable RPATH setting in Makefile.
- Add -I. to build to get this keyutils.h.
- Make CFLAGS override on make command line work right.
- Make specfile UTF-8.
- Support KEYCTL_REJECT.
- Support KEYCTL_INSTANTIATE_IOV.
- Add AFSDB DNS lookup program from Wang Lei.
- Generalise DNS lookup program.
- Add recursive scan utility function.
- Add bad key reap command to keyctl.
- Add multi-unlink variant to keyctl unlink command.
- Add multi key purger command to keyctl.
- Handle multi-line commands in keyctl command table.
- Move the package to version to 1.5.
- Update to 1.4-4
- Make build guess at default libdirs and word size.
- Make program build depend on library in Makefile.
- Don't include $(DESTDIR) in MAN* macros.
- Remove NO_GLIBC_KEYSYS as it is obsolete.
- Have Makefile extract version info from specfile and version script.
- Provide RPM build rule in Makefile.
- Provide distclean rule in Makefile.
- Fix local linking and RPATH.
- Fix prototypes in manual pages (some char* should be void*).
- Rename the keyctl_security.3 manpage to keyctl_get_security.3.
-------------------------------------------------------------------
Thu Sep 22 12:41:50 UTC 2011 - jengelh@medozas.de
- Implement shlib package (libkeyutils1)
- Cleanup per Specfile Guidelines
-------------------------------------------------------------------
Tue Apr 19 13:45:30 CEST 2011 - meissner@suse.de
- Upgraded to 1.4
- Fix the library naming wrt the version.
- Move the package to version to 1.4.
- Fix spelling mistakes in manpages.
- Add an index manpage for all the keyctl functions.
- Fix rpmlint warnings.
- fixed parallel make
- do not include empty rpaths
-------------------------------------------------------------------
Thu Mar 18 13:27:59 CET 2010 - meissner@suse.de
- Upgraded to 1.3
- Expose the kernel function to get a key's security context.
- Expose the kernel function to set a processes keyring onto its parent.
- Move libkeyutils library version to 1.3.
-------------------------------------------------------------------
Mon Dec 14 16:33:36 CET 2009 - jengelh@medozas.de
- add baselibs.conf as a source
- enable parallel building
-------------------------------------------------------------------
Mon Nov 24 12:52:44 CET 2008 - meissner@suse.de
- added 2 cifs helpers to request-key.conf (for CIFS DFS support)
bnc#432494, FATE#303758
-------------------------------------------------------------------
Thu Nov 13 00:03:14 CET 2008 - crrodriguez@suse.de
- build request-key.c with -fno-strict-aliasing to avoid
possible breakages
-------------------------------------------------------------------
Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de
- added baselibs.conf file to build xxbit packages
for multilib support
-------------------------------------------------------------------
Thu Dec 14 16:33:24 CET 2006 - meissner@suse.de
- Upgraded to 1.2.
- call ldconfig
- removed manpages (now in global man-pages)
-------------------------------------------------------------------
Wed Jul 19 14:35:25 CEST 2006 - meissner@suse.de
- Upgraded to 1.1.
- cleanups, new manpage.
- no static lib anymore (like upstream).
-------------------------------------------------------------------
Fri Apr 21 15:30:31 CEST 2006 - meissner@suse.de
- initial import of version 1.0.

63
keyutils.keyring Normal file
View File

@ -0,0 +1,63 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBE6MQAUBEACh/QJTf+QLTHo5Vk7Bq/U7lMpzO+9iGuRJDFkS9HbT1NFMrJi6
O/udOfGky1+9BOU7dGg5hB2qWzp/IMTHzIOtcRUBz7AkdQxCDkBPpdJkWQMG8AkA
DK4xvHTtdHZ7TQnmtrSRFjkb0MuyQd31bBlXv3WzLAnzVpdsTyG8sevnjOojvrxu
dQ1pYjlTSh5CX2cntOM72Zk8jWZ4X5q7hp1f7mu4sKVjzq8uoGAq/05JTRajZuyl
Hn0aMP+WZlmFs7KAbqohgdzYy/8bo6kfyn0d5YOJn+a7G09wpxWK4G3iek6b4/l3
3EQwd6mvm69DgdWMjHNs7+dhH3sNIHH6jlxtx+z96qAN6ntAirAIBV6xRob/OP9T
2femC84lWJljNh6Bc0gRt3pDtrAiZaWqFGZ9e68qZ6K+LsWfcW4oapXTWp/ELErg
a7FkrmfnPD9upt1yLEE2/nlzXJoIT5r+IMiNPoIddkciXJDGe4IBc3QOcl/sfz5h
ET8n93XyNBifsgQHw/rqQGfzMiqgCP0WjScU0D/DlhT9bVcheCEWQ5Ghk3DpP8gD
adlQEr/4YU+PrHLyFoj/65MkFRpYodcrzU7gyuboo3rAPrO4FcR2M7gkxyVFswg7
AeTclTzxLdb1KxNfSsL7tK0AfhkrDBv5N2xmxRSNcK0SHRKz4Sc6Kq/rtwARAQAB
tCNEYXZpZCBIb3dlbGxzIDxkaG93ZWxsc0ByZWRoYXQuY29tPokCOAQTAQIAIgUC
TozmuAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ+7dXa6fLC2t6pg/+
PCr5Ienbgwzv8Chc5CqnXCmSMkWCUTjQQuxICq9EpBopOAaAdTuAvVCFVICSBeoH
nnDO/CjVmv72o3DcG0jxWcP40+oBGOXZChRshahyzLEOJ1JK34UAcYavN8r69tWJ
7PQ+g/cwL/On0L4cYYqjhKGpmYlMRSjS7icjygAnTmGz8CnI6KG/0K0cDxNtoMsc
rMX1UoDgkIgTJi0Jb2TlyBbi6QeZyrEExEp2RuepZDx8XLvnXy/rm/qniFZMeQcG
eF4ercc9z6DXc9gJhOtehphkAk967VPYBzrXTzuF3rsXYB546ZvsvvKsi7w+Cc8C
6JbLNbJ0pJsSCydZL44QOGuPM0dpTIHUZeo2DdPcUcUsoxvCOmmvXWbiWxSFlO1D
MMGna2dJFrDvPedJudd8hXxWRyoPG1X5oxyHAvpYB7sRPuVW5udAbiDeKPXEY8jP
0fT/BBM9+ihdblVofwzLI9Bch6xSq9g7VQo7t3wUI5+Wn3i5QNUGMEyz2L9rS4Cs
vGCULdN5E+/4cQcuNt4rcPPusQl3RoOOsqXBSuDYTXBwOCHTJ6L9NVGQH7cGlVAD
PmO9vMA8MGrt825RnLz/6w5kyA7BOGgZ8QOEAOGp8Way5H9gbMUmBebofBaxoWiH
W8MEQf+/FtsY1A8noOU2U1VnGFDfhVAQO9jbUFMWhLS0JERhdmlkIEhvd2VsbHMg
PGRob3dlbGxzNzRAZ21haWwuY29tPokCOAQTAQIAIgUCToxABQIbAwYLCQgHAwIG
FQgCCQoLBBYCAwECHgECF4AACgkQ+7dXa6fLC2v3Pg//RiZQ1YdjmRbQThZAH5Kh
WuhkN7cSfQHz7UlxQaW/pqUnTN/PgBADALXZeMALmUVCBpiY2Jc+UiX3ixzkc3PO
MAWG61xxGy90xBVkYqDVNzMR+wiTUZUCzKdqXUzoWrXHkQnkRm2iDHR5JiUR/CjM
KJf0lAegAxGw3Npdz9QKWoTZLJJnBf0WOD1Ld+rMaVixDc8bD1fSwNfGrFfiOFVe
xvugQagHw8peGg4EbQ0dll4P5/+SrJsYCCAYBLc+lKWG+G9qYC75MbWtg4R+RJWv
fu2Gl64OJvVnGq70X9gW6W93MD/S+MskpI8Si8QsfWreVY3Q0t25nBY7jvoh+gaX
Jyiih6Tei8LS2WLhedHCdMuh9ZM0TBaaJlBBhyG6X8wO1IzRFMmvlHKulTkfXqSP
ILPkLBzhBIhNlZzVDI1Bzh3kjq48AfO+eK4ZZRALxnqffObJAydKRm+FGmLzrO5h
Ww1MJoS3n3khnvqFSjQBI/xkC5qNqDMBU4hQgUPQBka8fIyvpbj2pIL7Iv1wuJR8
E/0qO10G1+G4ZU2EeVakQgKgbL/+4NK29J8Xn2VaeAMpcr2I9eJIRHeKlGTK1I3D
kCkxFBKVfdLngvVFa544OKW9lGCY1C2kenPBEH17pQdejLESR+iqnkYGGdf6zoWz
aFGFKNC/yG5x2NVGdk724my5Ag0EToxABQEQAKl9mbsMzHOkAG0YBrJkl6UwkiNR
AOYnHgVUfQ6ZnlT8PwnQc1FSKDdqO1e/GVaGsyo3VYQnkLp9KKW2El7srY+vFOMG
hLtZR9nJrtX54YOyg85RY1q7jXam2AqW8y26QX7PqA+XZ2OpRZ9ohkUJTvStQ4Yq
XgAn3f00YQ+eKhqoT79PPwW6fSUgjqApbhGkQX/IrSOLlI4LsfA1JuSd8PNsC5LZ
ad0fKEKyvPRHMmw36wcG/4cspPi5gOyk04hFZ1EewT+lQ5cs+32ZANww88CDBOR9
smUuWkkA9V0qWBP6P7i6bTHxTNZ3G6LutqahXnCm6xcfyRCBFYr5u62J3bFnEfFO
tqoTzB3pLePuxBHxqcx7iI6EM66JM30euIb+5d61g9YNcJeY85EXCGTamNDsGcaJ
xtiQwdRfK3PBBndABAswB/uRrB9ed07LMu9O0FPD+pqxhKp45tr00XFJB5dcqWKL
1aa+F62kFEIrU0RXCEVYaQXUKY/9tvkABbGBcUJ8ASw7O4vgkPbiqQ1FgRlCf0Pq
PBS28x9orV7YX+bMxUtiSlCsDXXos9G+vNp5aPDdGb24Jj0z9uIj3AhiNd89KwtA
qPBYO3471IJmc5+y0hIF4NAwh5KT2Bq3BdjL3M6W957PObMYgJWQKGBoAxnbyWng
+lUV+MST6CYaSAizABEBAAGJAh8EGAECAAkFAk6MQAUCGwwACgkQ+7dXa6fLC2um
RQ/6AqE32NIlfduy4Avc4Z1IPO6OZuDpwNYaopuHW0K9Hk5yZLk1Avk4COOK/w0E
1TLYXRkDUBN0D5K3eW9efPvUvm/aRsPLeOhdUqwjAZrdbjJufqSikqr+0LVECA8j
HsEntnvTGmY5sX+Ufuh+/cH8kCx2ascO6G6cT5RyqeJN71VDMajFq347+S5w7qIG
/GbICLP2f678tiiRyYr7XocnJC95b8tyHxCrOc7/ZD2b8ZAmbOUi6GEP6hXVoAxB
VRJJ4Y9cH7ZAbKfgWsopfHDTrQU9gOeyYHuZex4dQSB/e7nphCeAeyr/DnR5VNIx
ypqXoFEJ5aDMXvh806qUykz/vDdJrT6T5ReI+V4n6e+dtyKj+7t5OJ9ibY+EcIQh
wXWa73zBlt+42ZMaYccaZAadbRrvjqCivNlceq/0W76HWwV6EQ/Q8CcVggOwggrA
T7WW5berTthwvloeSSHl+w8JPWfNMZXwDO/ItFesZQ532NpOGoF0AP3ID5Xry36W
X/IKFhWtzjBY/j2JkcWjoBk+Md3vgcIOfityege/HvlmOeFnonp6kCBRqTkZwRlR
KFkraSBgzdmMqC4xip7C+3WFIV+1ki/Dixwk6hh0jlPw53anPxyA1a3/Uc5vIOeA
hohMBKGGIXz0cCaD64EQLY7Svd4AoIVM72pzkX7Y+ZvfrbM=
=U2Rm
-----END PGP PUBLIC KEY BLOCK-----

130
keyutils.spec Normal file
View File

@ -0,0 +1,130 @@
#
# spec file for package keyutils
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%if ! %{defined _distconfdir}
%define _distconfdir %{_sysconfdir}
%else
%define use_usretc 1
%endif
%define lname libkeyutils1
Name: keyutils
Version: 1.6.3
Release: 0
Summary: Linux Key Management Utilities
License: GPL-2.0-or-later AND LGPL-2.1-or-later
Group: System/Kernel
URL: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/
Source0: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/snapshot/keyutils-%{version}.tar.gz
Source1: baselibs.conf
Source3: %{name}.keyring
Patch1: request-key-cifs.patch
Patch2: request-key-nfs4.patch
Patch3: keyutils-nodate.patch
Patch4: keyutils-usr-move.patch
BuildRequires: gcc-c++
BuildRequires: pkgconfig
%description
Utilities to control the kernel key management facility and to provide
a mechanism by which the kernel can call back to user space to get a
key instantiated.
%package -n %{lname}
Summary: Key utilities library
License: LGPL-2.1-or-later
Group: System/Kernel
Obsoletes: keyutils-libs < %{version}-%{release}
Provides: keyutils-libs = %{version}-%{release}
%description -n %{lname}
This package provides a wrapper library for the key management facility
system calls.
%package devel
Summary: Development package for building linux key management utilities
License: LGPL-2.1-or-later
Group: System/Kernel
Requires: %{lname} = %{version}
Requires: glibc-devel
%description devel
This package provides headers and libraries for building key utilities.
%prep
%setup -q
%patch1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%build
%make_build NO_ARLIB=1 CFLAGS="%{optflags}" CC="gcc"
%install
make install NO_ARLIB=1 DESTDIR=%{buildroot} BINDIR=/%{_bindir} SBINDIR=/%{_sbindir} LIBDIR=/%{_libdir} USRLIBDIR=%{_libdir}
%if 0%{?suse_version} < 1550
mkdir -p %{buildroot}/bin %{buildroot}/sbin
ln -s /%{_bindir}/keyctl %{buildroot}/bin
ln -s /%{_sbindir}/key.dns_resolver %{buildroot}/sbin
ln -s /%{_sbindir}/request-key %{buildroot}/sbin
%endif
install -m 0750 -d \
%{buildroot}%{_sysconfdir}/keys \
%{buildroot}%{_sysconfdir}/keys/ima \
%{buildroot}%{_sysconfdir}/keys/evm \
%{buildroot}%{_distconfdir}/keys \
%{buildroot}%{_distconfdir}/keys/ima \
%{buildroot}%{_distconfdir}/keys/evm
%post -n %{lname} -p /sbin/ldconfig
%postun -n %{lname} -p /sbin/ldconfig
%files
%license LICENCE.GPL
%doc README
%if 0%{?suse_version} < 1550
/sbin/*
/bin/*
%endif
/%{_sbindir}/*
/%{_bindir}/*
%{_datadir}/keyutils
%{_mandir}/*/*
%config(noreplace) %{_sysconfdir}/request-key.conf
%dir %{_sysconfdir}/request-key.d/
%dir %{_sysconfdir}/keys/
%dir %{_sysconfdir}/keys/ima/
%dir %{_sysconfdir}/keys/evm/
%if %{defined use_usretc}
%dir %{_distconfdir}/keys/
%dir %{_distconfdir}/keys/ima/
%dir %{_distconfdir}/keys/evm/
%endif
%files -n %{lname}
%license LICENCE.LGPL
/%{_libdir}/libkeyutils.so.*
%files devel
%{_libdir}/libkeyutils.so
%{_includedir}/*
%attr(0644, root, root) %{_libdir}/pkgconfig/libkeyutils.pc
%changelog

10
request-key-cifs.patch Normal file
View File

@ -0,0 +1,10 @@
Index: request-key.conf
===================================================================
--- request-key.conf.orig
+++ request-key.conf
@@ -38,4 +38,5 @@ create user debug:* expired
create user debug:* revoked /bin/keyctl reject %k 30 %c %S
create user debug:loop:* * |/bin/cat
create user debug:* * /usr/share/keyutils/request-key-debug.sh %k %d %c %S
+create cifs.spnego * * /usr/sbin/cifs.upcall %k
negate * * * /bin/keyctl negate %k 30 %S

12
request-key-nfs4.patch Normal file
View File

@ -0,0 +1,12 @@
---
request-key.conf | 2 ++
1 file changed, 2 insertions(+)
--- a/request-key.conf
+++ b/request-key.conf
@@ -40,3 +40,5 @@ create user debug:loop:* * |/bin/cat
create user debug:* * /usr/share/keyutils/request-key-debug.sh %k %d %c %S
create cifs.spnego * * /usr/sbin/cifs.upcall %k
negate * * * /bin/keyctl negate %k 30 %S
+create id_resolver * * /usr/sbin/nfsidmap %k %d -t 600
+