From 695604103a5da4727ec66f4e12fe2c5b4f5b0d7b28db46c65b112688dfd9909b Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Sat, 16 Apr 2016 17:18:42 +0000 Subject: [PATCH] Accepting request 390252 from home:markkp:branches:security Reconciled all the differences between the OBS and IBS versions of the package. Merged the changelog files so that everything is in there. OBS-URL: https://build.opensuse.org/request/show/390252 OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=29 --- ocki-3.1-fix-implicit-decl.patch | 66 ----------------- ocki-3.1-fix-init_d-path.patch | 11 --- ocki-3.1-fix-libica-link.patch | 11 --- ...> ocki-3.1-remove-make-install-chgrp.patch | 58 +++++++-------- openCryptoki-tmp.conf | 13 ++-- openCryptoki.changes | 73 +++++++++++++++++++ openCryptoki.spec | 71 ++++++++---------- opencryptoki-run-lock.patch | 11 --- opencryptoki-v3.2.tgz | 3 - opencryptoki-v3.4.1.tgz | 3 + 10 files changed, 137 insertions(+), 183 deletions(-) delete mode 100644 ocki-3.1-fix-implicit-decl.patch delete mode 100644 ocki-3.1-fix-init_d-path.patch delete mode 100644 ocki-3.1-fix-libica-link.patch rename ocki-3.1-remove-make-install-chgrp-chmod.patch => ocki-3.1-remove-make-install-chgrp.patch (67%) delete mode 100644 opencryptoki-run-lock.patch delete mode 100644 opencryptoki-v3.2.tgz create mode 100644 opencryptoki-v3.4.1.tgz diff --git a/ocki-3.1-fix-implicit-decl.patch b/ocki-3.1-fix-implicit-decl.patch deleted file mode 100644 index ed6e40c..0000000 --- a/ocki-3.1-fix-implicit-decl.patch +++ /dev/null @@ -1,66 +0,0 @@ ---- opencryptoki/usr/lib/pkcs11/common/loadsave.c -+++ opencryptoki/usr/lib/pkcs11/common/loadsave.c -@@ -287,6 +287,9 @@ - // - // - -+/* _GNU_SOURCE necessary for asprintf */ -+#define _GNU_SOURCE -+ - #include - #include - #include ---- opencryptoki/usr/lib/pkcs11/common/mech_rng.c -+++ opencryptoki/usr/lib/pkcs11/common/mech_rng.c -@@ -301,6 +301,7 @@ - #include - #include - #include -+#include - - - #include "pkcs11types.h" ---- opencryptoki/usr/lib/pkcs11/tpm_stdll/tpm_specific.c -+++ opencryptoki/usr/lib/pkcs11/tpm_stdll/tpm_specific.c -@@ -31,6 +31,9 @@ - * - */ - -+#define _GNU_SOURCE -+#include -+ - #include - #include - #include ---- opencryptoki/usr/sbin/pkcsslotd/garbage_linux.c -+++ opencryptoki/usr/sbin/pkcsslotd/garbage_linux.c -@@ -294,6 +294,7 @@ - #include - #include - #include -+#include - - #include "log.h" - #include "slotmgr.h" ---- opencryptoki/usr/sbin/pkcsslotd/mutex.c -+++ opencryptoki/usr/sbin/pkcsslotd/mutex.c -@@ -293,6 +293,9 @@ - #include - #include - #include -+#include -+#include -+#include - - #include "log.h" - #include "slotmgr.h" ---- opencryptoki/usr/sbin/pkcsslotd/slotmgr.c -+++ opencryptoki/usr/sbin/pkcsslotd/slotmgr.c -@@ -292,6 +292,7 @@ - #include - #include - #include -+#include - - #include "log.h" - #include "slotmgr.h" diff --git a/ocki-3.1-fix-init_d-path.patch b/ocki-3.1-fix-init_d-path.patch deleted file mode 100644 index 8102c32..0000000 --- a/ocki-3.1-fix-init_d-path.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- opencryptoki.orig/misc/Makefile.am 2014-01-27 15:01:57.000000000 -0700 -+++ opencryptoki/misc/Makefile.am 2014-01-31 09:15:15.816980000 -0700 -@@ -11,7 +11,7 @@ pkcsslotd.service: pkcsslotd.service.in - @SED@ -e s!\@sbindir\@!"@sbindir@"!g < $< > $@-t - mv $@-t $@ - else --initddir = $(sysconfdir)/rc.d/init.d -+initddir = $(sysconfdir)/init.d - initd_SCRIPTS = pkcsslotd - - CLEANFILES = pkcsslotd diff --git a/ocki-3.1-fix-libica-link.patch b/ocki-3.1-fix-libica-link.patch deleted file mode 100644 index d319258..0000000 --- a/ocki-3.1-fix-libica-link.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- opencryptoki/configure.in -+++ opencryptoki/configure.in -@@ -328,7 +328,7 @@ - old_cflags="$CFLAGS" - old_libs="$LIBS" - CFLAGS="$CFLAGS $LIBICA_CFLAGS" -- LIBS="$LIBS $LIBICA_LIBS" -+ LIBS="$LIBS $LIBICA_LIBS -lrt -lcrypto -lpthread" - AC_CHECK_HEADER([ica_api.h], [], [ - if test "x$with_libica" != "xcheck"; then - AC_MSG_ERROR([Build with Libica requested but Libica headers couldn't be found]) diff --git a/ocki-3.1-remove-make-install-chgrp-chmod.patch b/ocki-3.1-remove-make-install-chgrp.patch similarity index 67% rename from ocki-3.1-remove-make-install-chgrp-chmod.patch rename to ocki-3.1-remove-make-install-chgrp.patch index cefa3c7..73bfc7c 100644 --- a/ocki-3.1-remove-make-install-chgrp-chmod.patch +++ b/ocki-3.1-remove-make-install-chgrp.patch @@ -1,100 +1,94 @@ --- opencryptoki/usr/Makefile.am +++ opencryptoki/usr/Makefile.am -@@ -6,5 +6,3 @@ +@@ -6,5 +6,4 @@ install-data-hook: - $(MKDIR_P) $(DESTDIR)$(lockdir) -- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir) -- $(CHMOD) 0770 $(DESTDIR)$(lockdir) + $(MKDIR_P) $(DESTDIR)$(lockdir) $(DESTDIR)$(logdir) +- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir) $(DESTDIR)$(logdir) + $(CHMOD) 0770 $(DESTDIR)$(lockdir) $(DESTDIR)$(logdir) --- opencryptoki/usr/lib/pkcs11/cca_stdll/Makefile.am +++ opencryptoki/usr/lib/pkcs11/cca_stdll/Makefile.am -@@ -66,13 +66,7 @@ +@@ -66,12 +66,9 @@ cd $(DESTDIR)/$(libdir)/opencryptoki/stdll && \ ln -sf libpkcs11_cca.so PKCS11_CCA.so $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ - $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ - $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok -- $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ -- $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok $(MKDIR_P) $(DESTDIR)$(lockdir)/ccatok - $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/ccatok -- $(CHMOD) 0770 $(DESTDIR)$(lockdir)/ccatok + $(CHMOD) 0770 $(DESTDIR)$(lockdir)/ccatok uninstall-hook: - if test -d $(DESTDIR)/$(libdir)/opencryptoki/stdll; then \ --- opencryptoki/usr/lib/pkcs11/ep11_stdll/Makefile.am +++ opencryptoki/usr/lib/pkcs11/ep11_stdll/Makefile.am -@@ -54,13 +54,7 @@ +@@ -49,12 +49,9 @@ cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ ln -sf libpkcs11_ep11.so PKCS11_EP11.so $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok/TOK_OBJ - $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok/TOK_OBJ - $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok -- $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok/TOK_OBJ -- $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok/TOK_OBJ + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok $(MKDIR_P) $(DESTDIR)$(lockdir)/ep11tok - $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/ep11tok -- $(CHMOD) 0770 $(DESTDIR)$(lockdir)/ep11tok + $(CHMOD) 0770 $(DESTDIR)$(lockdir)/ep11tok uninstall-hook: - if test -d $(DESTDIR)$(libdir)/opencryptoki/stdll; then \ --- opencryptoki/usr/lib/pkcs11/ica_s390_stdll/Makefile.am +++ opencryptoki/usr/lib/pkcs11/ica_s390_stdll/Makefile.am -@@ -62,13 +62,7 @@ +@@ -64,12 +64,9 @@ cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ ln -sf libpkcs11_ica.so PKCS11_ICA.so $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ - $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ - $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite -- $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ -- $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite $(MKDIR_P) $(DESTDIR)$(lockdir)/lite - $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/lite -- $(CHMOD) 0770 $(DESTDIR)$(lockdir)/lite + $(CHMOD) 0770 $(DESTDIR)$(lockdir)/lite uninstall-hook: - if test -d $(DESTDIR)$(libdir)/opencryptoki/stdll; then \ --- opencryptoki/usr/lib/pkcs11/icsf_stdll/Makefile.am +++ opencryptoki/usr/lib/pkcs11/icsf_stdll/Makefile.am -@@ -76,11 +76,7 @@ +@@ -79,10 +79,8 @@ cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ ln -sf libpkcs11_icsf.so PKCS11_ICSF.so $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf - $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf -- $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf $(MKDIR_P) $(DESTDIR)$(lockdir)/icsf - $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/icsf -- $(CHMOD) 0770 $(DESTDIR)$(lockdir)/icsf + $(CHMOD) 0770 $(DESTDIR)$(lockdir)/icsf uninstall-hook: - if test -d $(DESTDIR)$(libdir)/opencryptoki/stdll; then \ --- opencryptoki/usr/lib/pkcs11/soft_stdll/Makefile.am +++ opencryptoki/usr/lib/pkcs11/soft_stdll/Makefile.am -@@ -54,13 +54,7 @@ +@@ -56,12 +56,9 @@ cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ ln -sf libpkcs11_sw.so PKCS11_SW.so $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ - $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ - $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok -- $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ -- $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok $(MKDIR_P) $(DESTDIR)$(lockdir)/swtok - $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/swtok -- $(CHMOD) 0770 $(DESTDIR)$(lockdir)/swtok + $(CHMOD) 0770 $(DESTDIR)$(lockdir)/swtok uninstall-hook: - if test -d $(DESTDIR)$(libdir)/opencryptoki/stdll; then \ --- opencryptoki/usr/lib/pkcs11/tpm_stdll/Makefile.am +++ opencryptoki/usr/lib/pkcs11/tpm_stdll/Makefile.am -@@ -69,11 +69,7 @@ +@@ -71,10 +71,8 @@ cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ ln -sf libpkcs11_tpm.so PKCS11_TPM.so $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm - $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm -- $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm $(MKDIR_P) $(DESTDIR)$(lockdir)/tpm - $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/tpm -- $(CHMOD) 0770 $(DESTDIR)$(lockdir)/tpm + $(CHMOD) 0770 $(DESTDIR)$(lockdir)/tpm uninstall-hook: - if test -d $(DESTDIR)$(libdir)/opencryptoki/stdll; then \ diff --git a/openCryptoki-tmp.conf b/openCryptoki-tmp.conf index 12b46a6..d178e4b 100644 --- a/openCryptoki-tmp.conf +++ b/openCryptoki-tmp.conf @@ -1,8 +1,7 @@ # Lock directories needed by openCryptoki -D /run/lock/opencryptoki 0770 root pkcs11 -D /run/lock/opencryptoki/swtok 0770 root pkcs11 -D /run/lock/opencryptoki/lite 0770 root pkcs11 -D /run/lock/opencryptoki/tpm 0770 root pkcs11 -D /run/lock/opencryptoki/ccatok 0770 root pkcs11 -D /run/lock/opencryptoki/icsf 0770 root pkcs11 -D /run/lock/opencryptoki/ep11tok 0770 root pkcs11 +D /var/lock/opencryptoki/swtok 0770 root pkcs11 +D /var/lock/opencryptoki/lite 0770 root pkcs11 +D /var/lock/opencryptoki/tpm 0770 root pkcs11 +D /var/lock/opencryptoki/ccatok 0770 root pkcs11 +D /var/lock/opencryptoki/icsf 0770 root pkcs11 +D /var/lock/opencryptoki/ep11tok 0770 root pkcs11 diff --git a/openCryptoki.changes b/openCryptoki.changes index 64a9722..1f1a43c 100644 --- a/openCryptoki.changes +++ b/openCryptoki.changes @@ -1,3 +1,76 @@ +------------------------------------------------------------------- +Thu Apr 14 01:47:08 UTC 2016 - mpost@suse.com + +- Upgraded to openCryptoki v3.4.1 (Fate#319576, 319585, 319592, 319938). +- Changed BuildRequires for libica_2_3_0-devel to libica2-devel. +- Changed BuildRequires for openssl-devel to specify >= 1.0 + Contrary to what the README says, version 0.9.7 isn't + sufficient. +- Removed the redundant DESTDIR= parameter from the %make_install +- Removed the following obsolete patches + opencryptoki-run-lock.patch (/var/lock and run/lock are actually the + same place) Also reverted the changed to openCryptoki-tmp.conf to match. + ocki-3.1_10_0001-ica-sha-update-empty-msg.patch + ocki-3.1-fix-implicit-decl.patch + ocki-3.1-fix-init_d-path.patch + ocki-3.1-fix-libica-link.patch + ocki-3.2_01_fix-return-type-error.patch + ocki-3.2_02_ep11-token-incorrectly-copied-the-public-key-object-.patch + ocki-3.2_03_ICSF-Token-C_SignUpdate-was-sometimes-segfaulting-an.patch + ocki-3.2_04_CKA_EC_POINT-is-not-required-in-the-ECDSA-private-ke.patch + ocki-3.2_05_icsf_ldap_handles.patch + ocki-3.2_06_icsf_sign_verify.patch + +------------------------------------------------------------------- +Fri Nov 6 14:00:42 UTC 2015 - jjolly@suse.com + +- Get a new ldap handle for each session opened in the icsf token, + once the user has authenticated. (bsc#953347,LTC#130078) + - ocki-3.2_05_icsf_ldap_handles.patch + - ocki-3.2_06_icsf_sign_verify.patch + +------------------------------------------------------------------- +Fri Oct 2 04:05:45 UTC 2015 - jjolly@suse.com + +- Added /var/lib/opencryptoki/lite/TOK_OBJ token directory (bsc#943070) +- Added ocki-3.2_02_ep11-token-incorrectly-copied-the-public-key-object-.patch + - Fixed two public key object inclusion in EP11 token (bsc#946808) +- Added ocki-3.2_03_ICSF-Token-C_SignUpdate-was-sometimes-segfaulting-an.patch + - Fixed GPF when calling C_SignUpdate using ICFS toekn (bsc#946172) +- Added ocki-3.2_04_CKA_EC_POINT-is-not-required-in-the-ECDSA-private-ke.patch + - Fixed failure to import ECDSA because of lack of attribute (bsc#948114) + +------------------------------------------------------------------- +Thu Aug 20 00:49:21 UTC 2015 - jjolly@suse.com + +- Fixed BuildRequires: libica2-devel +- Added ocki-3.2_01_fix-return-type-error.patch +- Changing doc/README.ep11_stdll to unix-style EOL + - Added BuildRequires: dos2unix +- Removed globbing in %files and specified libraries to include (bsc#942162) + +------------------------------------------------------------------- +Tue Aug 18 02:50:08 UTC 2015 - jjolly@suse.com + +- Updated to openCryptoki v3.2 (FATE#318240) +- Removed unnecessary patches: + - ocki-3.1_01_ep11_makefile.patch + - ocki-3.1_02_ep11_m_init.patch + - ocki-3.1_03_ock_obj_mgr.patch + - ocki-3.1_04_ep11_opaque2blob_error_handl.patch + - ocki-3.1_05_ep11_readme_update.patch + - ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch + - ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch + - ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch + - ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch + - ocki-3.1_06_0005-Small-reworks.patch + - ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch + - ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch + - ocki-3.1_07_0001-Man-page-corrections.patch + - ocki-3.1_08_0001-Add-a-pkcscca-tool-to-help-migrate-cca-private-token.patch + - ocki-3.1_08_0002-Add-documentation-pkcscca-manpage-and-README.cca_std.patch + - ocki-3.1_09_0001-Fix-EOL-encoding-in-README.patch + ------------------------------------------------------------------- Tue Apr 7 21:22:57 UTC 2015 - crrodriguez@opensuse.org diff --git a/openCryptoki.spec b/openCryptoki.spec index 05cbc34..2885da8 100644 --- a/openCryptoki.spec +++ b/openCryptoki.spec @@ -1,7 +1,7 @@ # # spec file for package openCryptoki # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -36,34 +36,34 @@ BuildRequires: bison BuildRequires: flex BuildRequires: gcc-c++ %ifarch s390 s390x -BuildRequires: libica-2_3_0-devel +BuildRequires: libica2-devel %endif BuildRequires: libtool BuildRequires: openldap2-devel -BuildRequires: openssl-devel +BuildRequires: openssl-devel >= 1.0 BuildRequires: pwdutils BuildRequires: trousers-devel %if %{uses_systemd} BuildRequires: pkgconfig(systemd) %{?systemd_requires} %else -%insserv_prereq +BuildRequires: %insserv_prereq %endif +BuildRequires: dos2unix + Summary: An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic Hardware License: IPL-1.0 Group: Productivity/Security -Version: 3.2 +Version: 3.4.1 Release: 0 -Source: http://downloads.sourceforge.net/project/opencryptoki/opencryptoki/v3.2/opencryptoki-v3.2.tgz +Source: %{oc_cvs_tag}-v%{version}.tgz Source1: openCryptoki.pkcsslotd Source2: openCryptoki-TFAQ.html Source3: openCryptoki-tmp.conf -Patch1: ocki-3.1-remove-make-install-chgrp-chmod.patch -Patch2: ocki-3.1-fix-init_d-path.patch -Patch3: ocki-3.1-fix-implicit-decl.patch -Patch4: ocki-3.1-fix-libica-link.patch -Patch5: opencryptoki-run-lock.patch -Url: http://sourceforge.net/projects/opencryptoki/ +# Patch 1 is needed because group pkcs11 doesn't exist in the build environment +# and because we don't want(?) various file and directory permissions to be 0700. +Patch1: ocki-3.1-remove-make-install-chgrp.patch +Url: https://sourceforge.net/projects/opencryptoki/ BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: /usr/sbin/groupadd /usr/bin/id /usr/sbin/usermod /bin/sed # IBM maintains openCryptoki on these architectures: @@ -77,13 +77,16 @@ coprocessor (with the PKCS#11 firmware loaded) and the IBM eServer Cryptographic Accelerator (FC 4960 on pSeries). - %package devel Summary: An Implementation of PKCS#11 (Cryptoki) v2.01 for IBM Cryptographic Hardware Group: Development/Languages/C and C++ Requires: glibc-devel -Requires: openCryptoki = %{version}-%{release} -Requires: openssl-devel +%ifarch s390 s390x +Requires: libica2-devel +%endif +Requires: libopenssl-devel +Requires: openldap2-devel +Requires: trousers-devel %description devel The PKCS#11 version 2.01 API implemented for the IBM cryptographic @@ -92,7 +95,6 @@ co-processor (with the PKCS#11 firmware loaded) and the IBM eServer Cryptographic Accelerator (FC 4960 on pSeries). - %ifarch %openCryptoki_32bit_arch %package 32bit @@ -113,7 +115,6 @@ coprocessor (with the PKCS#11 firmware loaded) and the IBM eServer Cryptographic Accelerator (FC 4960 on pSeries). - %endif %ifarch %openCryptoki_64bit_arch @@ -135,16 +136,11 @@ coprocessor (with the PKCS#11 firmware loaded) and the IBM eServer Cryptographic Accelerator (FC 4960 on pSeries). - %endif %prep %setup -q -n %{oc_cvs_tag} %patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 cp %{SOURCE2} . %build @@ -155,9 +151,10 @@ autoreconf --force --install --with-systemd=%{_unitdir} %endif make %{?_smp_mflags} +dos2unix doc/README.ep11_stdll %install -%make_install DESTDIR=$RPM_BUILD_ROOT INSROOT=$RPM_BUILD_ROOT +%make_install install -d $RPM_BUILD_ROOT/usr/include install -d $RPM_BUILD_ROOT/var/lib/opencryptoki install -d $RPM_BUILD_ROOT/etc/init.d @@ -172,8 +169,8 @@ ln -sfv ../../etc/init.d/pkcsslotd $RPM_BUILD_ROOT/usr/sbin/rcpkcsslotd %endif rm -rf $RPM_BUILD_ROOT/tmp # Remove all development files -rm -f $RPM_BUILD_ROOT${_libdir}/opencryptoki/libopencryptoki.la -rm -f $RPM_BUILD_ROOT/%_libdir/opencryptoki/methods +find $RPM_BUILD_ROOT%{_libdir} -type f -name "*.la" -delete +rm -f $RPM_BUILD_ROOT%{_libdir}/opencryptoki/methods %pre %if %{uses_systemd} @@ -182,15 +179,7 @@ rm -f $RPM_BUILD_ROOT/%_libdir/opencryptoki/methods # autobuild:/work/cd/lib/misc/group # openCryptoki pkcs11:x:64: /usr/sbin/groupadd -g %pkcs11_group_id -r pkcs11 2>/dev/null || true -/usr/sbin/usermod -G $(/usr/bin/id --groups --name root | /bin/sed \ --e 's/root//' -e ' -# add the pkcs group if it is missing -/(^| )pkcs11( |$)/!s/$/ pkcs11/ -# replace spaces by commas -y/ /,/ -# remove leading , if present -s/^,// -'),pkcs11 root +/usr/sbin/usermod -a -G pkcs11 root %preun %if %{uses_systemd} @@ -295,10 +284,10 @@ ln -sf %{_libdir}/opencryptoki/libopencryptoki.so /usr/lib/pkcs11/PKCS11_API.so6 %dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/tpm %dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/icsf %ifarch s390 s390x -%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/lite -%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/lite/TOK_OBJ %dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/ep11tok %dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/ep11tok/TOK_OBJ +%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/lite +%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/lite/TOK_OBJ %endif %{_mandir}/man*/* @@ -306,11 +295,9 @@ ln -sf %{_libdir}/opencryptoki/libopencryptoki.so /usr/lib/pkcs11/PKCS11_API.so6 %defattr(-,root,root) %dir %{_libdir}/opencryptoki %dir %{_libdir}/opencryptoki/stdll -%{_libdir}/opencryptoki/*.la -%{_libdir}/opencryptoki/stdll/*.la %{_includedir}/opencryptoki -%ifarch %openCryptoki_32bit_arch +%ifarch %openCryptoki_32bit_arch %files 32bit %defattr(-,root,root) # these don't conflict because they only exist as 64bit binaries if @@ -339,14 +326,14 @@ ln -sf %{_libdir}/opencryptoki/libopencryptoki.so /usr/lib/pkcs11/PKCS11_API.so6 %{_libdir}/pkcs11/*.so %{_sysconfdir}/ld.so.conf.d/* %endif -%ifarch %openCryptoki_64bit_arch +%ifarch %openCryptoki_64bit_arch %files 64bit %defattr(-,root,root) -%dir %_libdir/opencryptoki +%dir %{_libdir}/opencryptoki %{_libdir}/opencryptoki/*.so %{_libdir}/opencryptoki/*.0 -%dir %_libdir/opencryptoki/stdll +%dir %{_libdir}/opencryptoki/stdll %{_libdir}/opencryptoki/stdll/*.so %{_libdir}/opencryptoki/stdll/*.0 %{_libdir}/pkcs11 diff --git a/opencryptoki-run-lock.patch b/opencryptoki-run-lock.patch deleted file mode 100644 index b3d3ae2..0000000 --- a/opencryptoki-run-lock.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- opencryptoki.orig/configure.in -+++ opencryptoki/configure.in -@@ -40,7 +40,7 @@ AC_PROG_YACC - - dnl Define custom variables - --lockdir=$localstatedir/lock/opencryptoki -+lockdir=/run/lock/opencryptoki - AC_SUBST(lockdir) - - dnl --- diff --git a/opencryptoki-v3.2.tgz b/opencryptoki-v3.2.tgz deleted file mode 100644 index 43b2a94..0000000 --- a/opencryptoki-v3.2.tgz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d0b4676766753449f4d9001436cf8371812ddff7b59869e8d5adef94c4fd261b -size 911965 diff --git a/opencryptoki-v3.4.1.tgz b/opencryptoki-v3.4.1.tgz new file mode 100644 index 0000000..e13f4c6 --- /dev/null +++ b/opencryptoki-v3.4.1.tgz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:018ea402f3a1b38b203282fb047dfac209d94bf2988f2c29793eca65455452c4 +size 1014416