From 7d406e241d65ae88508b3cbf15648deb3b2138ecb07476cc78413a0eb73411a4 Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.com>
Date: Wed, 22 Apr 2015 09:41:29 +0000
Subject: [PATCH] Accepting request 294859 from home:elvigia:branches:security

- Also create parent directory /run/lock/opencryptoki in
  tmpfiles snippet if it does not exists.

- spec: do not use -D__USE_BSD, a glibc-internal macro
  which no longer has any meaning.

- spec: use %{_unitdir}  %{_tmpfilesdir)
- spec: call tmpfiles_create macro, if defined in %post
- opencryptoki-run-lock.patch, openCryptoki-tmp.conf: use
  /run/lock instead of /var/lock.

OBS-URL: https://build.opensuse.org/request/show/294859
OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=27
---
 openCryptoki-tmp.conf       | 13 +++++++------
 openCryptoki.changes        | 20 ++++++++++++++++++++
 openCryptoki.spec           | 13 ++++++++-----
 opencryptoki-run-lock.patch | 11 +++++++++++
 4 files changed, 46 insertions(+), 11 deletions(-)
 create mode 100644 opencryptoki-run-lock.patch

diff --git a/openCryptoki-tmp.conf b/openCryptoki-tmp.conf
index d178e4b..12b46a6 100644
--- a/openCryptoki-tmp.conf
+++ b/openCryptoki-tmp.conf
@@ -1,7 +1,8 @@
 # Lock directories needed by openCryptoki
-D   /var/lock/opencryptoki/swtok 0770 root pkcs11
-D   /var/lock/opencryptoki/lite 0770 root pkcs11
-D   /var/lock/opencryptoki/tpm 0770 root pkcs11
-D   /var/lock/opencryptoki/ccatok 0770 root pkcs11
-D   /var/lock/opencryptoki/icsf 0770 root pkcs11
-D   /var/lock/opencryptoki/ep11tok 0770 root pkcs11
+D   /run/lock/opencryptoki 0770 root pkcs11
+D   /run/lock/opencryptoki/swtok 0770 root pkcs11
+D   /run/lock/opencryptoki/lite 0770 root pkcs11
+D   /run/lock/opencryptoki/tpm 0770 root pkcs11
+D   /run/lock/opencryptoki/ccatok 0770 root pkcs11
+D   /run/lock/opencryptoki/icsf 0770 root pkcs11
+D   /run/lock/opencryptoki/ep11tok 0770 root pkcs11
diff --git a/openCryptoki.changes b/openCryptoki.changes
index 7f2e868..64a9722 100644
--- a/openCryptoki.changes
+++ b/openCryptoki.changes
@@ -1,3 +1,23 @@
+-------------------------------------------------------------------
+Tue Apr  7 21:22:57 UTC 2015 - crrodriguez@opensuse.org
+
+- Also create parent directory /run/lock/opencryptoki in 
+  tmpfiles snippet if it does not exists.
+
+-------------------------------------------------------------------
+Tue Apr  7 21:19:43 UTC 2015 - crrodriguez@opensuse.org
+
+- spec: do not use -D__USE_BSD, a glibc-internal macro
+  which no longer has any meaning.
+
+-------------------------------------------------------------------
+Tue Apr  7 21:18:21 UTC 2015 - crrodriguez@opensuse.org
+
+- spec: use %{_unitdir}  %{_tmpfilesdir)
+- spec: call tmpfiles_create macro, if defined in %post
+- opencryptoki-run-lock.patch, openCryptoki-tmp.conf: use
+  /run/lock instead of /var/lock.
+
 -------------------------------------------------------------------
 Wed Dec 17 10:42:43 UTC 2014 - p.drouand@gmail.com
 
diff --git a/openCryptoki.spec b/openCryptoki.spec
index f3e22c2..05cbc34 100644
--- a/openCryptoki.spec
+++ b/openCryptoki.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package openCryptoki
 #
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -62,6 +62,7 @@ Patch1:         ocki-3.1-remove-make-install-chgrp-chmod.patch
 Patch2:         ocki-3.1-fix-init_d-path.patch
 Patch3:         ocki-3.1-fix-implicit-decl.patch
 Patch4:         ocki-3.1-fix-libica-link.patch
+Patch5:         opencryptoki-run-lock.patch
 Url:            http://sourceforge.net/projects/opencryptoki/
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 PreReq:         /usr/sbin/groupadd /usr/bin/id /usr/sbin/usermod /bin/sed
@@ -143,14 +144,15 @@ Cryptographic Accelerator (FC 4960 on pSeries).
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
 cp %{SOURCE2} .
 
 %build
 autoreconf --force --install
-CFLAGS="%optflags -D__USE_BSD" %configure \
+%configure \
 	--enable-tpmtok \
 %if %{uses_systemd}
-	--with-systemd=/usr/lib/systemd/system
+	--with-systemd=%{_unitdir}
 %endif
 make %{?_smp_mflags}
 
@@ -208,6 +210,7 @@ if [ ! -L %{_sysconfdir}/pkcs11 ] ; then
 fi
 /sbin/ldconfig
 %if %{uses_systemd}
+%{?tmpfiles_create:%tmpfiles_create %{_tmpfilesdir}/openCryptoki-tmp.conf}
 %{service_add_post pkcsslotd.service}
 %else
 %{fillup_and_insserv -f pkcsslotd}
@@ -266,8 +269,8 @@ ln -sf %{_libdir}/opencryptoki/libopencryptoki.so /usr/lib/pkcs11/PKCS11_API.so6
 %{_sbindir}/pkcsep11_migrate
 %endif
 %if %{uses_systemd}
-%{_prefix}/lib/systemd/system/pkcsslotd.service
-%{_prefix}/lib/tmpfiles.d/openCryptoki-tmp.conf
+%{_unitdir}/pkcsslotd.service
+%{_tmpfilesdir}/openCryptoki-tmp.conf
 %else
 %{_sysconfdir}/init.d/pkcsslotd
 %ghost %dir %attr(770,root,pkcs11) %{_localstatedir}/lock/opencryptoki
diff --git a/opencryptoki-run-lock.patch b/opencryptoki-run-lock.patch
new file mode 100644
index 0000000..b3d3ae2
--- /dev/null
+++ b/opencryptoki-run-lock.patch
@@ -0,0 +1,11 @@
+--- opencryptoki.orig/configure.in
++++ opencryptoki/configure.in
+@@ -40,7 +40,7 @@ AC_PROG_YACC
+ 
+ dnl Define custom variables
+ 
+-lockdir=$localstatedir/lock/opencryptoki
++lockdir=/run/lock/opencryptoki
+ AC_SUBST(lockdir)
+ 
+ dnl ---