openCryptoki/ocki-3.24-remove-make-install-chgrp.patch

111 lines
5.7 KiB
Diff
Raw Permalink Normal View History

- Upgrade openCrytoki to version 3.24 (jsc#PED-10291, jsc#PED-10290, jsc#PED-10241) * Add support for building Opencryptoki on the IBM AIX platform * Add support for the CCA token on non-IBM Z platforms (x86_64, ppc64) * Add support for protecting tokens with a token specific user group * EP11: Add support for combined CKA_EXTRACTABLE and CKA_IBM_PROTKEY_EXTRACTABLE * CCA: Add support for Koblitz curve secp256k1. Requires CCA v7.2 or later * CCA: Add support for IBM Dilithium (CKM_IBM_DILITHIUM). - On Linux on IBM Z: Requires CCA v7.1 or later for Round2-65, and CCA v8.0 for the Round 3 variants. - On other platforms: Requires CCA v7.2.43 or later for Round2-65, the Round 3 variants are currently not supported * CCA: Add support for RSA-OAEP with SHA224, SHA384, and SHA512 on en-/decrypt. - Requires CCA v8.1 or later on Linux on IBM Z, not supported on other platforms * CCA: Add support for PKCS#11 v3.0 SHA3 mechanisms. - Requires CCA v8.1 on Linux on IBM Z, not supported on other platforms * ICA: Support new libica AES-GCM api using the KMA instruction on z14 and later * ICA/Soft/ICSF: Add support for PKCS#11 v3.0 SHA3 mechanisms * ICA/Soft: Add support for SHA based key derivation mechanisms * ICA/Soft: Add support for CKD_*_SP800 KDFs for ECDH * EP11/CCA/ICA/Soft: Add support for CKA_ALWAYS_AUTHENTICATE * EP11/CCA: Support live guest relocation for protected key (PKEY) operations * Soft: Experimental support for IBM Dilithium via OpenSSL OQS provider * ICSF: Add support for SHA-2 mechanisms * ICSF: Performance improvements for attribute retrieval * p11sak: Add support for exporting a key or certificate as URI-PEM file * p11sak: Import/export of IBM Dilithium keys in 'oqsprovider' format PEM files * p11sak: Add option to show the master key verification patterns of secure keys * Bug fixes - Amended the .spec file - Removed obsolete patch ocki-3.23-remove-make-install-chgrp.patchi - Added a new patch ocki-3.24-remove-make-install-chgrp.patch OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=154
2024-09-20 10:45:31 +00:00
--- a/Makefile.am 2024-09-11 08:46:18.000000000 +0200
+++ b/Makefile.am 2024-09-20 11:31:30.709823171 +0200
@@ -51,19 +51,9 @@
include doc/doc.mk
install-data-hook:
-if AIX
- lsgroup $(pkcs_group) > /dev/null || $(GROUPADD) -a pkcs11
- lsuser $(pkcsslotd_user) > /dev/null || $(USERADD) -g $(pkcs_group) -d $(DESTDIR)$(RUN_PATH)/opencryptoki -c "Opencryptoki pkcsslotd user" $(pkcsslotd_user)
-else
- getent group $(pkcs_group) > /dev/null || $(GROUPADD) -r $(pkcs_group)
- getent passwd $(pkcsslotd_user) >/dev/null || $(USERADD) -r -g $(pkcs_group) -d $(RUN_PATH)/opencryptoki -s /sbin/nologin -c "Opencryptoki pkcsslotd user" $(pkcsslotd_user)
-endif
$(MKDIR_P) $(DESTDIR)$(RUN_PATH)/opencryptoki/
- $(CHOWN) $(pkcsslotd_user):$(pkcs_group) $(DESTDIR)$(RUN_PATH)/opencryptoki/
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(RUN_PATH)/opencryptoki/
$(CHMOD) 0710 $(DESTDIR)$(RUN_PATH)/opencryptoki/
$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki
$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki
if ENABLE_LIBRARY
$(MKDIR_P) $(DESTDIR)$(libdir)/opencryptoki/stdll
@@ -83,19 +73,15 @@
endif
if ENABLE_PKCSHSM_MK_CHANGE
$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/HSM_MK_CHANGE
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki/HSM_MK_CHANGE
$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/HSM_MK_CHANGE
endif
if ENABLE_CCATOK
cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
ln -fs libpkcs11_cca.$(SHLIBEXT) PKCS11_CCA.$(SHLIBEXT)
$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok
$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ
$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok
$(MKDIR_P) $(DESTDIR)$(lockdir)/ccatok
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(lockdir)/ccatok
$(CHMOD) 0770 $(DESTDIR)$(lockdir)/ccatok
test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true
test -f $(DESTDIR)$(sysconfdir)/opencryptoki/ccatok.conf || $(INSTALL) -m 644 $(srcdir)/usr/lib/cca_stdll/ccatok.conf $(DESTDIR)$(sysconfdir)/opencryptoki/ccatok.conf || true
@@ -104,12 +90,9 @@
cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
ln -fs libpkcs11_ep11.$(SHLIBEXT) PKCS11_EP11.$(SHLIBEXT)
$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok/TOK_OBJ
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok/TOK_OBJ
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok
$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok/TOK_OBJ
$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok
$(MKDIR_P) $(DESTDIR)$(lockdir)/ep11tok
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(lockdir)/ep11tok
$(CHMOD) 0770 $(DESTDIR)$(lockdir)/ep11tok
test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true
test -f $(DESTDIR)$(sysconfdir)/opencryptoki/ep11tok.conf || $(INSTALL) -m 644 $(srcdir)/usr/lib/ep11_stdll/ep11tok.conf $(DESTDIR)$(sysconfdir)/opencryptoki/ep11tok.conf || true
@@ -123,24 +106,18 @@
cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
ln -fs libpkcs11_ica.$(SHLIBEXT) PKCS11_ICA.$(SHLIBEXT)
$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite
$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ
$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite
$(MKDIR_P) $(DESTDIR)$(lockdir)/lite
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(lockdir)/lite
$(CHMOD) 0770 $(DESTDIR)$(lockdir)/lite
endif
if ENABLE_SWTOK
cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
ln -fs libpkcs11_sw.$(SHLIBEXT) PKCS11_SW.$(SHLIBEXT)
$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok
$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ
$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok
$(MKDIR_P) $(DESTDIR)$(lockdir)/swtok
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(lockdir)/swtok
$(CHMOD) 0770 $(DESTDIR)$(lockdir)/swtok
endif
if ENABLE_TPMTOK
@@ -148,10 +125,8 @@
cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
ln -fs libpkcs11_tpm.$(SHLIBEXT) PKCS11_TPM.$(SHLIBEXT)
$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm
$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm
$(MKDIR_P) $(DESTDIR)$(lockdir)/tpm
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(lockdir)/tpm
$(CHMOD) 0770 $(DESTDIR)$(lockdir)/tpm
endif
if ENABLE_ICSFTOK
@@ -159,10 +134,8 @@
cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
ln -fs libpkcs11_icsf.$(SHLIBEXT) PKCS11_ICSF.$(SHLIBEXT)
$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf
$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf
$(MKDIR_P) $(DESTDIR)$(lockdir)/icsf
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(lockdir)/icsf
$(CHMOD) 0770 $(DESTDIR)$(lockdir)/icsf
endif
if ENABLE_DAEMON
@@ -181,7 +154,6 @@
@echo "--------------------------------------------------------------"
endif
$(MKDIR_P) $(DESTDIR)$(lockdir) $(DESTDIR)$(logdir)
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(lockdir) $(DESTDIR)$(logdir)
$(CHMOD) 0770 $(DESTDIR)$(lockdir) $(DESTDIR)$(logdir)