2007-01-16 00:27:33 +01:00
|
|
|
#
|
2011-11-28 12:55:09 +01:00
|
|
|
# spec file for package openCryptoki
|
2007-01-16 00:27:33 +01:00
|
|
|
#
|
2021-01-21 22:07:16 +01:00
|
|
|
# Copyright (c) 2018-2021 SUSE LLC
|
2007-01-16 00:27:33 +01:00
|
|
|
#
|
2008-08-29 01:19:19 +02:00
|
|
|
# All modifications and additions to the file contributed by third parties
|
|
|
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
|
|
|
# upon. The license for this file, and modifications and additions to the
|
|
|
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
|
|
|
# license for the pristine package is not an Open Source License, in which
|
|
|
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
|
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
|
|
|
# published by the Open Source Initiative.
|
|
|
|
|
|
2019-12-02 22:42:49 +01:00
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
2007-01-16 00:27:33 +01:00
|
|
|
#
|
|
|
|
|
|
2019-11-12 07:00:01 +01:00
|
|
|
|
2019-09-05 00:38:50 +02:00
|
|
|
%define openCryptoki_32bit_arch %{ix86} s390 ppc %{arm}
|
2008-11-06 22:23:05 +01:00
|
|
|
# support in the workings for: ppc64
|
2008-12-15 14:58:47 +01:00
|
|
|
# no support in sight for: ia64
|
2019-09-05 00:38:50 +02:00
|
|
|
%define openCryptoki_64bit_arch s390x ppc64 ppc64le x86_64 aarch64
|
2008-11-06 22:23:05 +01:00
|
|
|
# autobuild:/work/cd/lib/misc/group
|
|
|
|
|
# openCryptoki pkcs11:x:64:
|
|
|
|
|
%define pkcs11_group_id 64
|
2014-02-06 10:10:48 +01:00
|
|
|
%define oc_cvs_tag opencryptoki
|
2008-08-29 01:19:19 +02:00
|
|
|
|
2007-01-16 00:27:33 +01:00
|
|
|
Name: openCryptoki
|
Accepting request 844927 from home:markkp:branches:security
- Upgraded to version 3.15.1 (jsc#SLE-13749, jsc#SLE-13666,
jsc#SLE-13813, jsc#SLE-13812, jsc#SLE-13723, jsc#SLE-13714,
jsc#SLE-13715, jsc#SLE-13710, jsc#SLE-13774, jsc#SLE-13786)
* openCryptoki 3.15.1
- Bug fixes
* openCryptoki 3.15.0
- common: conform to PKCS 11 3.0 Baseline Provider profile
- Introduce new vendor defined interface named "Vendor IBM"
- Support C_IBM_ReencryptSingle via "Vendor IBM" interface
- CCA: support key wrapping
- SOFT: support ECC
- p11sak tool: add remove-key command
- Bug fixes
* openCryptoki 3.14.0
- EP11: Dilitium support stage 2
- Common: Rework on process and thread locking
- Common: Rework on btree and object locking
- ICSF: minor fixes
- TPM, ICA, ICSF: support multiple token instances
- new tool p11sak
* openCryptoki 3.13.0
- EP11: Dilithium support
- EP11: EdDSA support
- EP11: support RSA-OAEP with non-SHA1 hash and MGF
- Removed obsolete oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch
- Added oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch (bsc#1159114)
The EP11 token may fail to import an ECC public key. Function
C_CreateObject returns CKR_BUFFER_TOO_SMALL in this case.
- Upgraded to version 3.12.1 (bsc#1157863)
* Fix pkcsep11_migrate tool
- Upgraded to version 3.12.0 (jsc#SLE-7647, jsc#SLE-7915, jsc#SLE-7918)
* Update token pin and data store encryption for soft,ica,cca and ep11
* EP11: Allow importing of compressed EC public keys
* EP11: Add support for the CMAC mechanisms
* EP11: Add support for the IBM-SHA3 mechanisms
* SOFT: Add AES-CMAC and 3DES-CMAC support to the soft token
* ICA: Add AES-CMAC and 3DES-CMAC support to the ICA token
* EP11: Add config option USE_PRANDOM
* CCA: Use Random Number Generate Long for token_specific_rng()
* Common rng function: Prefer /dev/prandom over /dev/urandom
* ICA: add SHA*_RSA_PKCS_PSS mechanisms
* Bug fixes
- Removed obsolete ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch
- Added ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch
(bsc#1152015)
Add support for new IBM crypto card.
- Upgraded to version 3.11.1 (Fate#327837)
Bug fixes.
- Dropped obsolete ocki-3.11-Fix-target_list-passing-for-EP11-session.patch
- Added ocki-3.11-Fix-target_list-passing-for-EP11-session.patch
(bsc#1123988)
- Do not ignore errors from groupadd. If groupadd fails,
installation ought not to proceed because files would have the
wrong ownership.
- Don't hide error messages from the groupadd command. To eliminate
a potentially common one, check to see if the pkcs11 group is
already defined before trying to add it.
- Update the summary for the -devel package.
- Changed several PreReq entries to Requires(pre) as a result of
the output from spec-cleaner. Removed a couple of obsolete lines.
- Removed obsolete check for whether systemd is in use or not.
- Upgraded to version 3.11.0 (Fate#325685)
* opencryptoki 3.11.0
EP11 enhancements
A lot of bug fixes
- Reworked the ocki-3.1-remove-make-install-chgrp.patch to apply
properly to 3.11, and renamed it to
ocki-3.11-remove-make-install-chgrp.patch
- Removed obsolete patch ocki-3.5-icsf-coverity-memoryleakfix.patch
- Upgraded to version 3.10.0 (Fate#325685)
* opencryptoki 3.10.0
Add support to ECC on ICA token and to common code.
Add SHA224 support to SOFT token.
Improve pkcsslotd logging.
Fix sha512_hmac_sign and rsa_x509_verify for ICA token.
Fix tracing of session id.
Fix and improve testcases.
Fix spec file permission for log directory.
Fix build warnings.
* opencryptoki 3.9.0
Fix token reinitialization
Fix conditional man pages
EP11 enhancements
EP11 EC Key import
Increase RSA max key length
Fix broken links on documentation
Define CK_FALSE and CK_TRUE macros
Improve build flags
- Dropped obsolete patch ocki-3.8.2-Fix-Hardware-Feature-Object-validation-and-tests.patch
- Made multiple changes to the spec file based on spec-cleaner output.
- Added an rpmlintrc file to squelch warnings about adding ghost
entries for files under /var/lock/opencryptoki/
- Added ocki-3.8.2-Fix-Hardware-Feature-Object-validation-and-tests.patch
(bsc#1086678)
- Re-enabled ARM architectures now that gcc6 is in SLE15. (bsc#1084617)
- Upgraded to version 3.8.2 (fate#323295, bsc#1066412)
* v3.8.2
Update man pages.
Improve ock_tests for parallel execution.
Fix FindObjectsInit for hidden HW-feature.
Fix to allow vendor defined hardware features.
Fix unresolved symbols.
Fix tracing.
Code/project cleanup.
* v3.8.1
Fix TPM data-structure reset function.
Fix error message when dlsym fails.
Update configure.ac
Update travis.
* v3.8.0
Multi token instance feature.
Added possibility to run opencryptoki with transactional memory or locks
(--enable-locks on configure step).
Updated documentation.
Fix segfault on ec_test.
Bunch of small fixes.
- Removed ARM architectures from the build list until gcc6 becomes
available for SLES. (bsc#1039510).
- Updated to version 3.7.0 (Fate#321451) (bsc#1036640)
- Update example spec file
- Performance improvement. Moving from mutexes to transactional memory.
- Add ECDSA SHA2 support for EP11 and CCA.
- Fix declaration of inline functions.
- Fix wrong testcase and ber en/decoding for integers.
- Check for 'flex' and 'YACC' on configure.
- EP11 config file rework.
- Add enable-debug on travis build.
- Add testcase for C_GetOperationState/C_SetOperationState.
- Upgrade License to CPL-1.0
- Ica token: fix openssh/ibmpkcs11 engine/libica crash.
- Fix segfault and logic in hardware feature test.
- Fix spelling of documentation and manuals.
- Fix the retrieval of p from a generated rsa key.
- Coverity scan fixes - incompatible pointer type and unused variables.
- Added libica-tools to the BuildRequires due to repackaging of libica.
- Modified the spec file
- Changed libca3-devel BuildRequires to just libica-devel
- Check for systemd in the 32bit postun scriptlet.
- Upgraded to version 3.6.2 (fate#321451)
- Support OpenSSL-1.1.
- Add Travis CI support.
- Update autotools scripts and documentation.
- Fix SegFault when a invalid session handle is passed in
SC_EncryptUpdate and SC_DecryptUpdate.
- Updated spec file to use libica3-devel instead of libica2-devel.
- Upgraded to version 3.6.1 (fate#321451)
- opencryptoki 3.6.1
- Fix SOFT token implementation of digest functions.
- Replace deprecated OpenSSL interfaces.
- opencryptoki 3.6
- Replace deprecated libica interfaces.
- Performance improvement for ICA.
- Improvement in documentation on system resources.
- Improvement in testcases.
- Added support for rc=8, reasoncode=2028 in icsf token.
- Fix for session handle not set in session issue.
- Multiple fixes for lock and log directories.
- Downgraded a syslog error to warning.
- Multiple fixes based on coverity scan results.
- Added pkcs11 mapping for icsf reason code 72 for return code 8.
- opencryptoki 3.5.1
- Fix Illegal Intruction on pkcscca tool.
- Removed the following obsolete patches:
- ocki-3.5-sanity-checking.patch
- ocki-3.5-icsf-reasoncode72-support.patch
- ocki-3.5-downgrade-syslogerror.patch
- ocki-3.5-icsf-sessionhandle-missing-fix.patch
- ocki-3.5-icsf-reasoncode-2028-added.patch
- ocki-3.5-added-NULLreturn-check.patch
- ocki-3.5-create-missing-tpm-token-lock-directory.patch
- ocki-3.5-fix-pkcscca-calls.patch
- Removed reference to pkcs1_startup from pkcsslotd (bsc#1007081)
- Added ocki-3.5-fix-pkcscca-calls.patch (bsc#996867).
- Added %doc FAQ to the spec file (bsc#991168).
- Added ocki-3.5-create-missing-tpm-token-lock-directory.patch
(bsc#989602).
- Added the following patches (bsc#986854)
- ocki-3.5-icsf-reasoncode72-support.patch
- ocki-3.5-icsf-coverity-memoryleakfix.patch
- ocki-3.5-downgrade-syslogerror.patch
- ocki-3.5-icsf-sessionhandle-missing-fix.patch
- ocki-3.5-icsf-reasoncode-2028-added.patch
- ocki-3.5-added-NULLreturn-check.patch
- Added ocki-3.5-sanity-checking.patch (bsc#983496).
- Added %dir entry for %{_localstatedir}/log/opencryptoki/
(bsc#983990)
- Upgraded to openCryptoki 3.5 (bsc#978005).
- Full Coverity scan fixes.
- Fixes for compiler warnings.
- Added support for C_GetObjectSize in icsf token.
- Various bug fixes and memory leak fixes.
- Removed global read permissions from token files
- Added missing PKCS#11v2.2 constants.
- Fix for symbol resolution issue seen in Fedora 22 and 23 for
ep11 and cca tokens.
- Improvements in socket read operation when a token comes up.
- Replaced 32 bit CCA API declarations with latest header from
version 5.0 libsculcca rpm.
- Upgraded to openCryptoki v3.4.1 (Fate#319576, 319585, 319592, 319938).
- Changed BuildRequires for libica_2_3_0-devel to libica2-devel.
- Changed BuildRequires for openssl-devel to specify >= 1.0
Contrary to what the README says, version 0.9.7 isn't
sufficient.
- Removed the redundant DESTDIR= parameter from the %make_install
- Removed the following obsolete patches
opencryptoki-run-lock.patch (/var/lock and run/lock are actually the
same place) Also reverted the changed to openCryptoki-tmp.conf to match.
ocki-3.1_10_0001-ica-sha-update-empty-msg.patch
ocki-3.1-fix-implicit-decl.patch
ocki-3.1-fix-init_d-path.patch
ocki-3.1-fix-libica-link.patch
ocki-3.2_01_fix-return-type-error.patch
ocki-3.2_02_ep11-token-incorrectly-copied-the-public-key-object-.patch
ocki-3.2_03_ICSF-Token-C_SignUpdate-was-sometimes-segfaulting-an.patch
ocki-3.2_04_CKA_EC_POINT-is-not-required-in-the-ECDSA-private-ke.patch
ocki-3.2_05_icsf_ldap_handles.patch
ocki-3.2_06_icsf_sign_verify.patch
- renamed: ocki-3.1-remove-make-install-chgrp-chmod.patch to
ocki-3.1-remove-make-install-chgrp.patch
- Get a new ldap handle for each session opened in the icsf token,
once the user has authenticated. (bsc#953347,LTC#130078)
- ocki-3.2_05_icsf_ldap_handles.patch
- ocki-3.2_06_icsf_sign_verify.patch
- Added /var/lib/opencryptoki/lite/TOK_OBJ token directory (bsc#943070)
- Added ocki-3.2_02_ep11-token-incorrectly-copied-the-public-key-object-.patch
- Fixed two public key object inclusion in EP11 token (bsc#946808)
- Added ocki-3.2_03_ICSF-Token-C_SignUpdate-was-sometimes-segfaulting-an.patch
- Fixed GPF when calling C_SignUpdate using ICFS toekn (bsc#946172)
- Added ocki-3.2_04_CKA_EC_POINT-is-not-required-in-the-ECDSA-private-ke.patch
- Fixed failure to import ECDSA because of lack of attribute (bsc#948114)
- Fixed BuildRequires: libica2-devel
- Added ocki-3.2_01_fix-return-type-error.patch
- Changing doc/README.ep11_stdll to unix-style EOL
- Added BuildRequires: dos2unix
- Removed globbing in %files and specified libraries to include (bsc#942162)
- Updated to openCryptoki v3.2 (FATE#318240)
- Removed unnecessary patches:
- ocki-3.1_01_ep11_makefile.patch
- ocki-3.1_02_ep11_m_init.patch
- ocki-3.1_03_ock_obj_mgr.patch
- ocki-3.1_04_ep11_opaque2blob_error_handl.patch
- ocki-3.1_05_ep11_readme_update.patch
- ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch
- ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch
- ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch
- ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch
- ocki-3.1_06_0005-Small-reworks.patch
- ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch
- ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch
- ocki-3.1_07_0001-Man-page-corrections.patch
- ocki-3.1_08_0001-Add-a-pkcscca-tool-to-help-migrate-cca-private-token.patch
- ocki-3.1_08_0002-Add-documentation-pkcscca-manpage-and-README.cca_std.patch
- ocki-3.1_09_0001-Fix-EOL-encoding-in-README.patch
- Also create parent directory /run/lock/opencryptoki in
tmpfiles snippet if it does not exists.
- spec: do not use -D__USE_BSD, a glibc-internal macro
which no longer has any meaning.
- spec: use %{_unitdir} %{_tmpfilesdir)
- spec: call tmpfiles_create macro, if defined in %post
- opencryptoki-run-lock.patch, openCryptoki-tmp.conf: use
/run/lock instead of /var/lock.
- Update to version 3.2
+New pkcscca tool. Currently it assists in migrating cca private token
objects from opencryptoki version 2 to the clear key encryption method
used in opencryptoki version 3. Includes a manpage for pkcscca tool.
Changes to README.cca_stdll to assist in using the CCA token and
migrating the private token objects.
+ Support for CKM_RSA_PKCS_OAEP and CKM_RSA_PKCS_PSS algorithms.
+ Various bugfixes.
+ New testcases for various crypto algorithms.
- Only depend on insserv if builded with sysvinit support
- Remove obsolete patches; merged on upstream release
+ ocki-3.1_01_ep11_makefile.patch
+ ocki-3.1_02_ep11_m_init.patch
+ ocki-3.1_03_ock_obj_mgr.patch
+ ocki-3.1_04_ep11_opaque2blob_error_handl.patch
+ ocki-3.1_05_ep11_readme_update.patch
+ ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch
+ ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch
+ ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch
+ ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch
+ ocki-3.1_06_0005-Small-reworks.patch
+ ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch
+ ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch
+ ocki-3.1_07_0001-Man-page-corrections.patch
+ ocki-3.1_08_0001-Add-a-pkcscca-tool-to-help-migrate-cca-private-token.patch
+ ocki-3.1_08_0002-Add-documentation-pkcscca-manpage-and-README.cca_std.patch
+ ocki-3.1_09_0001-Fix-EOL-encoding-in-README.patch
+ ocki-3.1_10_0001-ica-sha-update-empty-msg.patch
- Project is now hosted on sourceforge; fix the Url
- Remove cvs related stuff; tarball is produced by upstream
- Use %configure macro instead of manually defined options
- Build with parallel support; use %{?_smp_mflags} macro
- Fixed ica token's SHA update function when passing zero message
size (bnc#892644)
- Added patch ocki-3.1_10_0001-ica-sha-update-empty-msg.patch
- Fixed README.ep11_stdll to have Unix-style EOL characters.
- Added patch ocki-3.1_09_0001-Fix-EOL-encoding-in-README.patch
- Added all files from %src/doc as rpm %doc (bnc#894780)
- Added pkcscca utility and documentation to convert private
token objects from v2 to v3. (bnc#893757)
- Added patches:
- ocki-3.1_08_0001-Add-a-pkcscca-tool-to-help-migrate-cca-private-token.patch
- ocki-3.1_08_0002-Add-documentation-pkcscca-manpage-and-README.cca_std.patch
- Fixed pkcsslotd and opencryptoki.conf man pages (bnc#889183)
- Added patch ocki-3.1_07_0001-Man-page-corrections.patch
- Specfile Cleanup, Added directory macros in appropriate places
- Several package changes as per bnc#880217
- Added openCryptoki-tmp.conf for lock directory management
- Added 'lite' token support
- Changed from init.d daemon to systemd service
- Updated macros in %pre %post %preun and %postun sections
- Added missing icsf and ep11tok directories to %files section
ocki-3.1_01_ep11_makefile.patch
ocki-3.1_02_ep11_m_init.patch
- Patches added:
ocki-3.1-fix-libica-link.patch
ocki-3.1_03_ock_obj_mgr.patch
ocki-3.1_04_ep11_opaque2blob_error_handl.patch
ocki-3.1_05_ep11_readme_update.patch
ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch
ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch
ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch
ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch
ocki-3.1_06_0005-Small-reworks.patch
ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch
ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch
- Moved libpkcs11_icsf 32-bit out of s390-specific files
- Made ep11tok.conf and pkcsep11_migrate specific to s390/s390x
- Added libpkcs11_ep11.so and libpkcs11_icsf.so to 32-bit s390/s390x
- EP11 token available in the opencryptoki V3.1 package (bnc#879303)
- Specfile changed to include ep11tok.conf
- Specfile changed to include pkcsep11_migrate and pkcsicsf tools
- Specfile changed to BuildRequires openldap2-devel
- ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch
- print_mechanism() ignored bad returncodes from the called
function token_specific_get_mechanism_list()
- ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch
- Fix failure when confname is not given, use default
ep11tok.conf instead
- ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch
- Removed check for ep11 lib at configure
- ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch
- Move stdint.h before zcrypt.h to resolve dependencies
- ocki-3.1_06_0005-Small-reworks.patch
- testcase fixes and file permission changes
- ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch
- Fix for s390 31-bit build error
- ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch
- zcrypt library included in build by default
- Patches applied (bnc#865549)
- Fixed Makefile to complement common code dependencies
- switched to official m_init() function based on library change
- checking the global token object count
- catch the return code from object_mgr_find_in_map1
- some README updates about usage and restrictions
- fix build on x86 (add CCA and TPM to filelist)
- fix libica detection on s390/s390x to get ICA module built
- Updated to openCryptoki v3.1: See ChangeLog for complete details
(FATE#315426)
- opencryptoki-3.1
- New ep11 token to support IBM Crypto Express adpaters
(starting with Crypto Express 4S adapters) configured with
Enterprise PKCS#11(EP11) firmware. (FATE#315330)
- opencryptoki-3.0
- New opencryptoki.conf file to replace pk_config_data and
pkcs11_starup. The opencryptoki.conf contains slot entry
information for tokens.
- Removed pkcs_slot and pkcs11_startup shell scripts.
- ICA token supports CKM_DES_OFB64, CKM_DES_CFB8, CKM_DES_CFB6
mechanisms using 3DES keys. (FATE#315323)
- ICA token supports CKM_DES3_MAC and CKM_DES3_MAC_GENERAL
mechanisms. (FATE#315323)
- ICA token supports CKM_AES_OFB, CKM_AES_CFB8, CKM_AES_CFB64,
CKM_AES_CFB128, CKM_AES_MAC, and CKM_AES_MAC_GENERAL
mechanisms. (FATE#315323)
- opencryptoki-2.4.1 (21 Feb 2012)
- SHA256 support added for CCA token (FATE#315289)
- Using insserv macros in %post, %preun and %postun sections
- Cleaned up spec file
- removed patches:
- ocki-2.2.6-PIN-backspace.patch
- added patches:
- ocki-3.1-fix-implicit-decl.patch
- ocki-3.1-remove-make-install-chgrp-chmod.patch
- ocki-3.1-fix-init_d-path.patch
- add aarch64 to 64bit archs
- enable ppc64le
- remove -o from groupadd
- fixed sed script to not a grouplist with leading ,
- don't package man pages twice
- add libtool as buildrequire to avoid implicit dependency
- enable TPM support (bnc#641919)
- pkcsslotd: Updated to use new pidfile location (bnc#475800)
- Added fix to allow backspacing during PIN entry (bnc#448089)
- run ldconfig in postinstall [bnc#417925]
- Enable build on x86_64 [bnc#417925]
- Overhaul of the specfile. All platforms build the base package
and each architecture builds the appropriate 32 or 64 bit package
- Updated to openCryptoki v2.2.6
- fix init script
- added pwdutils to buildreq
- fix missing return values from non-void funcs
- pkcsslotd: create PID file in the right place, delete it on
exit (bug #164664)
- added 64-bit patches from IBM (bug #145666)
- added small change missing from patch for bug #156651
- fixed location of pkcs11_startup in init script (bug #162372)
- fixed proc_t structure mixup (bug #156651)
- initialize head pointer (bug #156229)
- %ghost symlinks that are generated in %post (bug #154961)
- stuffed memleak (patch by IBM, bug #147036)
- changed RPM layout to meet IBM's demands (based on patch by IBM,
bug #145666)
- removed mmap, per-user data store support (patch by IBM, bug
#145666)
- converted neededforbuild to BuildRequires
- Update to 2.2.2-rc2
- Update to 2.2.1-rc2
- Fixed build errors
- Cleaned up spec file.
- copy TFAQ to build directory (fix build)
- Update to 2.1.6-rc5.
- Port fixes from SLES9 SP3.
- enabled for ARM
- fix #50050:
- ./configure.in: wrong test against $host makes ppc(64) miss
-DPKCS64 in CFLAGS
- corrected: S390 flag was set for ppc in this conditional
- run full autoreconf / simplify specfile a little
- Print correct error message (#37427 again).
- Check for the correct module on startup (#37427)
- update to openCryptoki-2.1.5, ppc64 version (#39026)
- adapt filelist on ppc
- Fix owner/group of files/directories
- no need to specify "root" as supplementary group for root,
it's already primary
- Update to openCryptoki-2.1.3
- Fixed configure errors.
- added directories to filelist
- remove CVS subdirs
- remove unpackaged files from buildroot
- removed duplicates from configure.in
- exclude ppc64 from the architectures, the package is built for.
64bit mode is not supported by IBM yet; dlopen wrappers are also
missing 64bit filename handling. (#20380)
- actually compress the openCryptoki-1.4*.tar.bz2
- make it even build ...
- make openCryptoki-XXbit PreReq: openCryptoki to enforce pkcs11 group
creation before package installation (#20079)
- correct version number (the patch actiually lifts openCryptoki to 1.5)
- fix groupadd call to no longer silently ignore errors in all cases
using (hopefully) posix exit codes. alternative would be to use
undocumented '-f' option of groupadd.
- add user root to group pkcs11 to enable root to administrate the
crypto hardware support (#19566)
- misc security fixes (#18377)
- replaced openCryptoki-tools with openCryptoki-32bit and
openCryptoki-64bit
- moved dlopen objects that are available for non-x86 out of the
ifarch ix86
- moved postun to tools subpackge (which contains the daemon)
- removed include files. no development support for now.
- replaced %%ix86, etc by appropriate generic %%openCryptoki_tools_arch
and %%openCryptoki_no_tools_arch
- replaced all i386 occurrences with %ix86
- changed filelist to what's really built
- split package to openCryptoki and openCryptoki-tools to allow
parallel installation of 32bit tools with 64bit dlopen objects for
foreign middleware.
- removed automatical insserv on install, because the package needs
manual configuration (#18031)
- added missing %post before insserv (Bug #17600)
- Fix path in PreReq.
- add groupadd pkcs11 in %pre install
- updated to current version
- removed old START_ variable
- always use macros when calling insserv
- add lib64 support
- Added openssl to #neededforbuild, which is needed in addition to
openssl-devel
- initial version
OBS-URL: https://build.opensuse.org/request/show/844927
OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=109
2020-10-29 22:42:20 +01:00
|
|
|
Version: 3.15.1
|
2018-11-16 17:33:50 +01:00
|
|
|
Release: 0
|
|
|
|
|
Summary: An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic Hardware
|
|
|
|
|
License: CPL-1.0
|
|
|
|
|
Group: Productivity/Security
|
2019-12-02 22:42:49 +01:00
|
|
|
URL: https://github.com/opencryptoki/opencryptoki
|
2019-09-05 00:38:50 +02:00
|
|
|
Source: https://github.com/opencryptoki/%{oc_cvs_tag}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
|
2018-11-16 17:33:50 +01:00
|
|
|
Source1: openCryptoki.pkcsslotd
|
|
|
|
|
Source2: openCryptoki-TFAQ.html
|
2019-09-05 00:38:50 +02:00
|
|
|
Source3: openCryptoki-rpmlintrc
|
2018-11-16 17:33:50 +01:00
|
|
|
# Patch 1 is needed because group pkcs11 doesn't exist in the build environment
|
|
|
|
|
# and because we don't want(?) various file and directory permissions to be 0700.
|
|
|
|
|
Patch1: ocki-3.11-remove-make-install-chgrp.patch
|
2021-01-25 21:49:50 +01:00
|
|
|
Patch2: ocki-3.15.1-Added-error-message-handling-for-p11sak-remove-key-c.patch
|
|
|
|
|
Patch3: ocki-3.15.1-Fix-compiling-with-c.patch
|
2021-02-16 22:24:55 +01:00
|
|
|
Patch4: ocki-3.15.1-A-slot-ID-has-nothing-to-do-with-the-number-of-slots.patch
|
|
|
|
|
Patch5: ocki-3.15.1-SOFT-Fix-problem-with-C_Get-SetOperationState-and-di.patch
|
2014-02-06 10:10:48 +01:00
|
|
|
BuildRequires: bison
|
2018-11-16 17:33:50 +01:00
|
|
|
BuildRequires: dos2unix
|
2014-02-06 10:10:48 +01:00
|
|
|
BuildRequires: flex
|
2012-12-08 19:43:00 +01:00
|
|
|
BuildRequires: gcc-c++
|
2019-09-05 00:38:50 +02:00
|
|
|
BuildRequires: libitm1
|
2012-12-08 19:43:00 +01:00
|
|
|
BuildRequires: libtool
|
2014-07-02 11:29:50 +02:00
|
|
|
BuildRequires: openldap2-devel
|
2016-04-16 19:18:42 +02:00
|
|
|
BuildRequires: openssl-devel >= 1.0
|
2018-11-16 17:33:50 +01:00
|
|
|
BuildRequires: pkgconfig
|
2014-02-06 10:10:48 +01:00
|
|
|
BuildRequires: trousers-devel
|
2014-07-02 11:29:50 +02:00
|
|
|
BuildRequires: pkgconfig(systemd)
|
2018-11-29 23:49:07 +01:00
|
|
|
Requires(pre): %{_sbindir}/groupadd
|
|
|
|
|
Requires(pre): %{_sbindir}/usermod
|
|
|
|
|
|
2018-11-16 17:33:50 +01:00
|
|
|
# IBM maintains openCryptoki on these architectures:
|
|
|
|
|
ExclusiveArch: %{openCryptoki_32bit_arch} %{openCryptoki_64bit_arch}
|
2014-07-02 11:29:50 +02:00
|
|
|
%{?systemd_requires}
|
2018-11-16 17:33:50 +01:00
|
|
|
%ifarch s390 s390x
|
|
|
|
|
BuildRequires: libica-devel
|
|
|
|
|
BuildRequires: libica-tools
|
2014-07-02 11:29:50 +02:00
|
|
|
%endif
|
2007-01-16 00:27:33 +01:00
|
|
|
|
|
|
|
|
%description
|
2008-08-29 01:19:19 +02:00
|
|
|
The PKCS#11 version 2.11 API implemented for the IBM cryptographic
|
2007-01-16 00:27:33 +01:00
|
|
|
cards. This package includes support for the IBM 4758 cryptographic
|
|
|
|
|
coprocessor (with the PKCS#11 firmware loaded) and the IBM eServer
|
|
|
|
|
Cryptographic Accelerator (FC 4960 on pSeries).
|
|
|
|
|
|
2008-11-06 22:23:05 +01:00
|
|
|
%package devel
|
2018-11-29 23:49:07 +01:00
|
|
|
Summary: Development files for openCryptoki, a PKCS#11 implementation for IBM hardware
|
2008-12-15 14:58:47 +01:00
|
|
|
Group: Development/Languages/C and C++
|
2012-12-08 19:43:00 +01:00
|
|
|
Requires: glibc-devel
|
2016-04-16 19:18:42 +02:00
|
|
|
Requires: libopenssl-devel
|
|
|
|
|
Requires: openldap2-devel
|
|
|
|
|
Requires: trousers-devel
|
2018-11-16 17:33:50 +01:00
|
|
|
%ifarch s390 s390x
|
|
|
|
|
Requires: libica-devel
|
|
|
|
|
%endif
|
2008-11-06 22:23:05 +01:00
|
|
|
|
|
|
|
|
%description devel
|
|
|
|
|
The PKCS#11 version 2.01 API implemented for the IBM cryptographic
|
|
|
|
|
cards. This package includes support for the IBM 4758 cryptographic
|
|
|
|
|
co-processor (with the PKCS#11 firmware loaded) and the IBM eServer
|
|
|
|
|
Cryptographic Accelerator (FC 4960 on pSeries).
|
|
|
|
|
|
2018-11-16 17:33:50 +01:00
|
|
|
%ifarch %{openCryptoki_32bit_arch}
|
2007-01-16 00:27:33 +01:00
|
|
|
%package 32bit
|
2009-06-19 00:43:16 +02:00
|
|
|
Summary: An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic Hardware
|
2007-01-16 00:27:33 +01:00
|
|
|
# this is needed to make sure the pkcs11 group exists before
|
|
|
|
|
# installation:
|
2017-01-17 18:19:02 +01:00
|
|
|
Group: Productivity/Security
|
2019-09-05 00:38:50 +02:00
|
|
|
Requires: openCryptoki
|
2018-11-16 17:33:50 +01:00
|
|
|
ExclusiveArch: %{openCryptoki_32bit_arch}
|
2007-01-16 00:27:33 +01:00
|
|
|
|
|
|
|
|
%description 32bit
|
|
|
|
|
This is a re-packaged binary rpm. For the package source, please look
|
|
|
|
|
for the source of the package without the "32bit" ending
|
|
|
|
|
|
2009-06-19 00:43:16 +02:00
|
|
|
The PKCS#11 version 2.11 API implemented for the IBM cryptographic
|
2007-01-16 00:27:33 +01:00
|
|
|
cards. This package includes support for the IBM 4758 cryptographic
|
2009-06-19 00:43:16 +02:00
|
|
|
coprocessor (with the PKCS#11 firmware loaded) and the IBM eServer
|
2007-01-16 00:27:33 +01:00
|
|
|
Cryptographic Accelerator (FC 4960 on pSeries).
|
|
|
|
|
|
2008-11-06 22:23:05 +01:00
|
|
|
%endif
|
2018-11-16 17:33:50 +01:00
|
|
|
|
|
|
|
|
%ifarch %{openCryptoki_64bit_arch}
|
2008-11-06 22:23:05 +01:00
|
|
|
%package 64bit
|
2009-06-19 00:43:16 +02:00
|
|
|
Summary: An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic Hardware
|
2008-11-06 22:23:05 +01:00
|
|
|
# this is needed to make sure the pkcs11 group exists before
|
|
|
|
|
# installation:
|
2017-01-17 18:19:02 +01:00
|
|
|
Group: Productivity/Security
|
2019-09-05 00:38:50 +02:00
|
|
|
Requires: openCryptoki
|
2018-11-16 17:33:50 +01:00
|
|
|
ExclusiveArch: %{openCryptoki_64bit_arch}
|
2007-01-16 00:27:33 +01:00
|
|
|
|
|
|
|
|
%description 64bit
|
|
|
|
|
This is a re-packaged binary rpm. For the package source, please look
|
|
|
|
|
for the source of the package without the "64bit" ending
|
|
|
|
|
|
2009-06-19 00:43:16 +02:00
|
|
|
The PKCS#11 version 2.11 API implemented for the IBM cryptographic
|
|
|
|
|
cards. This package includes support for the IBM 4758 cryptographic
|
|
|
|
|
coprocessor (with the PKCS#11 firmware loaded) and the IBM eServer
|
|
|
|
|
Cryptographic Accelerator (FC 4960 on pSeries).
|
2007-01-16 00:27:33 +01:00
|
|
|
|
|
|
|
|
%endif
|
2008-08-29 01:19:19 +02:00
|
|
|
|
2007-01-16 00:27:33 +01:00
|
|
|
%prep
|
2017-02-28 18:15:00 +01:00
|
|
|
%setup -q -n %{oc_cvs_tag}-%{version}
|
2014-02-06 10:10:48 +01:00
|
|
|
%patch1 -p1
|
2021-01-25 21:49:50 +01:00
|
|
|
%patch2 -p1
|
|
|
|
|
%patch3 -p1
|
2021-02-16 22:24:55 +01:00
|
|
|
%patch4 -p1
|
|
|
|
|
%patch5 -p1
|
2016-07-08 22:30:53 +02:00
|
|
|
|
2007-01-16 00:27:33 +01:00
|
|
|
cp %{SOURCE2} .
|
|
|
|
|
|
|
|
|
|
%build
|
2019-09-05 00:38:50 +02:00
|
|
|
./bootstrap.sh
|
|
|
|
|
|
|
|
|
|
%configure --with-systemd=%{_unitdir} \
|
|
|
|
|
--enable-tpmtok \
|
|
|
|
|
%ifarch aarch64 # Apparently, gcc for aarch64 doesn't support transactional memory
|
|
|
|
|
--enable-locks \
|
|
|
|
|
%endif
|
|
|
|
|
%ifarch s390 s390x
|
|
|
|
|
--enable-pkcsep11_migrate
|
|
|
|
|
%else
|
|
|
|
|
--disable-ccatok
|
|
|
|
|
%endif
|
|
|
|
|
|
2014-12-18 15:21:44 +01:00
|
|
|
make %{?_smp_mflags}
|
2016-04-16 19:18:42 +02:00
|
|
|
dos2unix doc/README.ep11_stdll
|
2007-01-16 00:27:33 +01:00
|
|
|
|
|
|
|
|
%install
|
2016-04-16 19:18:42 +02:00
|
|
|
%make_install
|
2018-11-16 17:33:50 +01:00
|
|
|
install -d %{buildroot}%{_includedir}
|
|
|
|
|
install -d %{buildroot}%{_localstatedir}/lib/opencryptoki
|
|
|
|
|
install -d %{buildroot}%{_initddir}
|
|
|
|
|
install -d %{buildroot}%{_sbindir}
|
|
|
|
|
install -d %{buildroot}%{_prefix}/lib/tmpfiles.d
|
|
|
|
|
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcpkcsslotd
|
|
|
|
|
rm -rf %{buildroot}/tmp
|
2019-09-05 00:38:50 +02:00
|
|
|
|
2007-01-16 00:27:33 +01:00
|
|
|
# Remove all development files
|
2018-11-16 17:33:50 +01:00
|
|
|
find %{buildroot} -type f -name "*.la" -delete -print
|
|
|
|
|
rm -f %{buildroot}%{_libdir}/opencryptoki/methods
|
2007-01-16 00:27:33 +01:00
|
|
|
|
|
|
|
|
%pre
|
2019-09-05 00:38:50 +02:00
|
|
|
%{service_add_pre pkcsslotd.service}
|
2007-01-16 00:27:33 +01:00
|
|
|
# autobuild:/work/cd/lib/misc/group
|
|
|
|
|
# openCryptoki pkcs11:x:64:
|
2019-09-05 00:38:50 +02:00
|
|
|
%{_sbindir}/groupadd -g %{pkcs11_group_id} -r pkcs11 2>/dev/null || true
|
2018-11-16 17:33:50 +01:00
|
|
|
%{_sbindir}/usermod -a -G pkcs11 root
|
2008-11-06 22:23:05 +01:00
|
|
|
|
2014-02-06 10:10:48 +01:00
|
|
|
%preun
|
2014-07-02 11:29:50 +02:00
|
|
|
%{service_del_preun pkcsslotd.service}
|
2014-02-06 10:10:48 +01:00
|
|
|
|
2008-11-06 22:23:05 +01:00
|
|
|
%post
|
|
|
|
|
# Symlink from /var/lib/opencryptoki to /etc/pkcs11
|
|
|
|
|
if [ ! -L %{_sysconfdir}/pkcs11 ] ; then
|
|
|
|
|
if [ -e %{_sysconfdir}/pkcs11/pk_config_data ] ; then
|
|
|
|
|
mv %{_sysconfdir}/pkcs11/* %{_localstatedir}/lib/opencryptoki
|
|
|
|
|
cd %{_sysconfdir} && rm -rf pkcs11 && \
|
|
|
|
|
ln -sf %{_localstatedir}/lib/opencryptoki pkcs11
|
|
|
|
|
fi
|
|
|
|
|
fi
|
2009-01-23 14:33:04 +01:00
|
|
|
/sbin/ldconfig
|
2017-12-01 03:02:32 +01:00
|
|
|
%{?tmpfiles_create:%tmpfiles_create %{_tmpfilesdir}/opencryptoki.conf}
|
2014-07-02 11:29:50 +02:00
|
|
|
%{service_add_post pkcsslotd.service}
|
2007-01-16 00:27:33 +01:00
|
|
|
|
|
|
|
|
%postun
|
|
|
|
|
if [ -L %{_sysconfdir}/pkcs11 ] ; then
|
|
|
|
|
rm %{_sysconfdir}/pkcs11
|
|
|
|
|
fi
|
2014-07-02 11:29:50 +02:00
|
|
|
%{service_del_postun pkcsslotd.service}
|
2014-02-06 10:10:48 +01:00
|
|
|
|
2018-11-16 17:33:50 +01:00
|
|
|
%ifarch %{openCryptoki_32bit_arch}
|
2007-01-16 00:27:33 +01:00
|
|
|
%postun 32bit
|
2017-03-17 23:13:25 +01:00
|
|
|
if [ -L %{_sysconfdir}/pkcs11 ] ; then
|
|
|
|
|
rm %{_sysconfdir}/pkcs11
|
|
|
|
|
fi
|
|
|
|
|
%{service_del_postun pkcsslotd.service}
|
2007-01-16 00:27:33 +01:00
|
|
|
|
|
|
|
|
%post 32bit
|
|
|
|
|
# Old library name links
|
|
|
|
|
cd %{_libdir}/opencryptoki && ln -sf ./libopencryptoki.so PKCS11_API.so
|
|
|
|
|
ln -sf %{_sbindir} %{_libdir}/opencryptoki/methods
|
|
|
|
|
rm -rf %{_libdir}/pkcs11/stdll
|
2018-11-16 17:33:50 +01:00
|
|
|
test -d %{_prefix}/lib/pkcs11 || mkdir -p %{_prefix}/lib/pkcs11
|
|
|
|
|
cd %{_prefix}/lib/pkcs11
|
2014-07-02 11:29:50 +02:00
|
|
|
ln -sf ../opencryptoki/stdll stdll
|
|
|
|
|
cd stdll
|
|
|
|
|
[ -f libpkcs11_cca.so ] && ln -sf ./libpkcs11_cca.so PKCS11_CCA.so || true
|
|
|
|
|
[ -f libpkcs11_tpm.so ] && ln -sf ./libpkcs11_tpm.so PKCS11_TPM.so || true
|
|
|
|
|
[ -f libpkcs11_ica.so ] && ln -sf ./libpkcs11_ica.so PKCS11_ICA.so || true
|
|
|
|
|
[ -f libpkcs11_sw.so ] && ln -sf ./libpkcs11_sw.so PKCS11_SW.so || true
|
2009-01-23 14:33:04 +01:00
|
|
|
/sbin/ldconfig
|
2008-11-06 22:23:05 +01:00
|
|
|
%endif
|
2018-11-16 17:33:50 +01:00
|
|
|
|
|
|
|
|
%ifarch %{openCryptoki_64bit_arch}
|
2007-01-16 00:27:33 +01:00
|
|
|
%post 64bit
|
|
|
|
|
# Old library name for 64bit libs were under /usr/lib/pkcs11. For migration purposes only.
|
2018-11-16 17:33:50 +01:00
|
|
|
test -d %{_prefix}/lib/pkcs11 || mkdir -p %{_prefix}/lib/pkcs11
|
|
|
|
|
ln -sf %{_libdir}/opencryptoki/libopencryptoki.so %{_prefix}/lib/pkcs11/PKCS11_API.so64
|
2009-01-23 14:33:04 +01:00
|
|
|
/sbin/ldconfig
|
2007-01-16 00:27:33 +01:00
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
%files
|
2016-08-04 13:44:34 +02:00
|
|
|
%doc openCryptoki-TFAQ.html FAQ
|
2014-09-05 12:54:00 +02:00
|
|
|
%doc doc/*
|
2007-01-16 00:27:33 +01:00
|
|
|
# configuration directory
|
2014-09-02 16:33:18 +02:00
|
|
|
%dir %{_sysconfdir}/opencryptoki
|
|
|
|
|
%config %{_sysconfdir}/opencryptoki/opencryptoki.conf
|
2014-07-02 11:29:50 +02:00
|
|
|
%ifarch s390 s390x
|
2018-11-16 17:33:50 +01:00
|
|
|
%config %{_sysconfdir}/opencryptoki/ep11cpfilter.conf
|
2019-09-05 00:38:50 +02:00
|
|
|
%config %{_sysconfdir}/opencryptoki/ep11tok.conf
|
2014-09-02 16:33:18 +02:00
|
|
|
%{_sbindir}/pkcsep11_migrate
|
2014-07-02 11:29:50 +02:00
|
|
|
%endif
|
Accepting request 843288 from home:markkp:branches:security
- Upgraded to version 3.15.0 (jsc#SLE-13749, jsc#SLE-13666,
jsc#SLE-13813, jsc#SLE-13812, jsc#SLE-13723, jsc#SLE-13714
jsc#SLE-13715, jsc#SLE-13710, jsc#SLE-13774, jsc#SLE-13786)
* openCryptoki 3.15.0
- common: conform to PKCS 11 3.0 Baseline Provider profile
- Introduce new vendor defined interface named "Vendor IBM"
- Support C_IBM_ReencryptSingle via "Vendor IBM" interface
- CCA: support key wrapping
- SOFT: support ECC
- p11sak tool: add remove-key command
- Bug fixes
* openCryptoki 3.14.0
- EP11: Dilitium support stage 2
- Common: Rework on process and thread locking
- Common: Rework on btree and object locking
- ICSF: minor fixes
- TPM, ICA, ICSF: support multiple token instances
- new tool p11sak
* openCryptoki 3.13.0
- EP11: Dilithium support
- EP11: EdDSA support
- EP11: support RSA-OAEP with non-SHA1 hash and MGF
- Removed obsolete oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch
OBS-URL: https://build.opensuse.org/request/show/843288
OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=106
2020-10-22 01:12:00 +02:00
|
|
|
%{_sbindir}/p11sak
|
2015-04-22 11:41:29 +02:00
|
|
|
%{_unitdir}/pkcsslotd.service
|
2017-12-01 03:02:32 +01:00
|
|
|
%{_tmpfilesdir}/opencryptoki.conf
|
2014-09-02 16:33:18 +02:00
|
|
|
%{_sbindir}/rcpkcsslotd
|
2007-01-16 00:27:33 +01:00
|
|
|
# utilities
|
2019-09-05 00:38:50 +02:00
|
|
|
%ifarch s390 s390x
|
|
|
|
|
%{_sbindir}/pkcsep11_session
|
|
|
|
|
%{_sbindir}/pkcscca
|
|
|
|
|
%endif
|
2014-09-02 16:33:18 +02:00
|
|
|
%{_sbindir}/pkcsslotd
|
|
|
|
|
%{_sbindir}/pkcsconf
|
|
|
|
|
%{_sbindir}/pkcsicsf
|
Accepting request 843288 from home:markkp:branches:security
- Upgraded to version 3.15.0 (jsc#SLE-13749, jsc#SLE-13666,
jsc#SLE-13813, jsc#SLE-13812, jsc#SLE-13723, jsc#SLE-13714
jsc#SLE-13715, jsc#SLE-13710, jsc#SLE-13774, jsc#SLE-13786)
* openCryptoki 3.15.0
- common: conform to PKCS 11 3.0 Baseline Provider profile
- Introduce new vendor defined interface named "Vendor IBM"
- Support C_IBM_ReencryptSingle via "Vendor IBM" interface
- CCA: support key wrapping
- SOFT: support ECC
- p11sak tool: add remove-key command
- Bug fixes
* openCryptoki 3.14.0
- EP11: Dilitium support stage 2
- Common: Rework on process and thread locking
- Common: Rework on btree and object locking
- ICSF: minor fixes
- TPM, ICA, ICSF: support multiple token instances
- new tool p11sak
* openCryptoki 3.13.0
- EP11: Dilithium support
- EP11: EdDSA support
- EP11: support RSA-OAEP with non-SHA1 hash and MGF
- Removed obsolete oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch
OBS-URL: https://build.opensuse.org/request/show/843288
OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=106
2020-10-22 01:12:00 +02:00
|
|
|
%{_sbindir}/pkcstok_migrate
|
2007-01-16 00:27:33 +01:00
|
|
|
%dir %{_libdir}/opencryptoki
|
|
|
|
|
%dir %{_libdir}/opencryptoki/stdll
|
2014-02-06 10:10:48 +01:00
|
|
|
# State and lock directories
|
|
|
|
|
%dir %attr(755,root,pkcs11) %{_localstatedir}/lib/opencryptoki
|
2019-09-05 00:38:50 +02:00
|
|
|
%ifarch s390 s390x
|
2014-02-06 10:10:48 +01:00
|
|
|
%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/ccatok
|
|
|
|
|
%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/ccatok/TOK_OBJ
|
2019-09-05 00:38:50 +02:00
|
|
|
%endif
|
2014-02-06 10:10:48 +01:00
|
|
|
%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/swtok
|
|
|
|
|
%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/swtok/TOK_OBJ
|
|
|
|
|
%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/tpm
|
2014-07-02 11:29:50 +02:00
|
|
|
%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/icsf
|
|
|
|
|
%ifarch s390 s390x
|
|
|
|
|
%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/ep11tok
|
|
|
|
|
%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/ep11tok/TOK_OBJ
|
2016-04-16 19:18:42 +02:00
|
|
|
%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/lite
|
|
|
|
|
%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/lite/TOK_OBJ
|
2014-07-02 11:29:50 +02:00
|
|
|
%endif
|
2016-06-13 22:42:21 +02:00
|
|
|
%dir %attr(770,root,pkcs11) %{_localstatedir}/log/opencryptoki/
|
2008-09-15 12:20:22 +02:00
|
|
|
%{_mandir}/man*/*
|
2007-01-16 00:27:33 +01:00
|
|
|
|
2008-11-06 22:23:05 +01:00
|
|
|
%files devel
|
|
|
|
|
%dir %{_libdir}/opencryptoki
|
|
|
|
|
%dir %{_libdir}/opencryptoki/stdll
|
|
|
|
|
%{_includedir}/opencryptoki
|
|
|
|
|
|
2018-11-16 17:33:50 +01:00
|
|
|
%ifarch %{openCryptoki_32bit_arch}
|
2007-01-16 00:27:33 +01:00
|
|
|
%files 32bit
|
|
|
|
|
# these don't conflict because they only exist as 64bit binaries if
|
|
|
|
|
# there is no 32bit version of them usable
|
|
|
|
|
%{_libdir}/opencryptoki/libopencryptoki.so
|
|
|
|
|
%ghost %{_libdir}/opencryptoki/PKCS11_API.so
|
|
|
|
|
%{_libdir}/opencryptoki/*.0
|
2019-09-05 00:38:50 +02:00
|
|
|
%ifarch s390
|
2014-02-06 13:42:44 +01:00
|
|
|
%{_libdir}/opencryptoki/stdll/libpkcs11_cca.so
|
|
|
|
|
%ghost %{_libdir}/opencryptoki/stdll/PKCS11_CCA.so
|
2019-09-05 00:38:50 +02:00
|
|
|
%endif
|
2014-07-02 11:29:50 +02:00
|
|
|
%{_libdir}/opencryptoki/stdll/libpkcs11_tpm.so
|
2014-02-06 13:42:44 +01:00
|
|
|
%ghost %{_libdir}/opencryptoki/stdll/PKCS11_TPM.so
|
2014-07-02 11:29:50 +02:00
|
|
|
%{_libdir}/opencryptoki/stdll/libpkcs11_sw.so
|
|
|
|
|
%ghost %{_libdir}/opencryptoki/stdll/PKCS11_SW.so
|
|
|
|
|
%{_libdir}/opencryptoki/stdll/libpkcs11_icsf.so
|
|
|
|
|
%ghost %{_libdir}/opencryptoki/stdll/PKCS11_ICSF.so
|
|
|
|
|
%ifarch s390 s390x
|
2008-09-15 12:20:22 +02:00
|
|
|
%{_libdir}/opencryptoki/stdll/libpkcs11_ica.so
|
|
|
|
|
%ghost %{_libdir}/opencryptoki/stdll/PKCS11_ICA.so
|
2014-07-02 11:29:50 +02:00
|
|
|
%{_libdir}/opencryptoki/stdll/libpkcs11_ep11.so
|
|
|
|
|
%ghost %{_libdir}/opencryptoki/stdll/PKCS11_EP11.so
|
2007-01-16 00:27:33 +01:00
|
|
|
%endif
|
|
|
|
|
%{_libdir}/opencryptoki/stdll/*.0
|
|
|
|
|
%dir %{_libdir}/pkcs11
|
|
|
|
|
%ghost %{_libdir}/pkcs11/stdll
|
|
|
|
|
%ghost %{_libdir}/pkcs11/methods
|
|
|
|
|
%{_libdir}/pkcs11/*.so
|
2008-09-15 12:20:22 +02:00
|
|
|
%{_sysconfdir}/ld.so.conf.d/*
|
2008-11-06 22:23:05 +01:00
|
|
|
%endif
|
2007-01-16 00:27:33 +01:00
|
|
|
|
2018-11-16 17:33:50 +01:00
|
|
|
%ifarch %{openCryptoki_64bit_arch}
|
2007-01-16 00:27:33 +01:00
|
|
|
%files 64bit
|
2016-04-16 19:18:42 +02:00
|
|
|
%dir %{_libdir}/opencryptoki
|
2007-01-16 00:27:33 +01:00
|
|
|
%{_libdir}/opencryptoki/*.so
|
|
|
|
|
%{_libdir}/opencryptoki/*.0
|
2016-04-16 19:18:42 +02:00
|
|
|
%dir %{_libdir}/opencryptoki/stdll
|
2007-01-16 00:27:33 +01:00
|
|
|
%{_libdir}/opencryptoki/stdll/*.so
|
|
|
|
|
%{_libdir}/opencryptoki/stdll/*.0
|
|
|
|
|
%{_libdir}/pkcs11
|
2008-09-15 12:20:22 +02:00
|
|
|
%{_sysconfdir}/ld.so.conf.d/*
|
2007-01-16 00:27:33 +01:00
|
|
|
%endif
|
|
|
|
|
|
2007-03-30 01:37:00 +02:00
|
|
|
%changelog
|
