pool/openCryptoki
SHA256
17
0
Fork 1
Code Issues Pull Requests Activity

Compare commits

base: pool:slfo-main
Branches Tags
pool:factory pool:slfo-main pool:slfo-1.2
..
compare: pool:factory
Branches Tags
pool:factory pool:slfo-main pool:slfo-1.2

6 Commits
slfo-main ... factory

Author SHA256 Message Date
Ana Guerrero
4270ffd8d7 Accepting request 1325952 from security 
OBS-URL: https://build.opensuse.org/request/show/1325952
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openCryptoki?expand=0&rev=89
 2026-01-08 14:28:56 +00:00
Nikolay Gueorguiev
82bb75df6a - Modified the .spec file for Immutable Mode (jsc#PED-14798) 
OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=179
 2026-01-08 11:55:20 +00:00
Ana Guerrero
c68ee35ef8 Accepting request 1317282 from security 
OBS-URL: https://build.opensuse.org/request/show/1317282
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openCryptoki?expand=0&rev=88
 2025-11-12 20:15:03 +00:00
Nikolay Gueorguiev
c44bad3aba - Upgrade openCryptoki to 3.26 
* Soft: Add support for RSA keys up to 16K bits.
  * CCA: Add support for RSA keys up to 8K bits (requires CCA v8.4 or v7.6 or later).
  * p11sak: Add support for generating RSA keys up to 16K bits.
  * Soft/ICA: Add support for SHA512/224 and SHA512/256 key derivation mechanism (CKM_SHA512_224_KEY_DERIVATION and CKM_SHA512_256_KEY_DERIVATION).
  * Soft/ICA/CCA/EP11: Add support for SHA-HMAC key types CKK_SHAxxx_HMAC and key gen mechanisms CKM_SHAxxx_KEY_GEN.
  * p11sak: Add support for SHA-HMAC key types and key generation.
  * p11sak: Add support for key wrap and unwrap commands to export and import private and secret keys by means of key wrapping/unwrapping 
    with various key wrapping mechanism.
  * p11kmip: Add support for using an HSM-protected TLS client key via a PKCS#11 provider.
  * p11sak: Add support for exporting non-sensitive private keys to password protected PEM files.
  * Add support for canceling an operation via NULL mechanism pointer at C_XxxInit() call as an alternative to C_SessionCancel() (PKCS#11 v3.0).
  * EP11: Add support for pairing friendly BLS12-381 EC curve for sign/verify using CKM_IBM_ECDSA_OTHER and signature/public key aggregation using CKM_IBM_EC_AGGREGATE.
  * p11sak: Add support for generating BLS12-381 EC keys.
  * EP11: Add support for IBM-specific ML-DSA and ML-KEM key types and mechanisms (requires an EP11 host library v4.2 or later, and 
    a CEX8P crypto card with firmware v9.6 or later on IBM z17, and v8.39 or later on IBM z16).
  * CCA: Add support for IBM-specific ML-DSA and ML-KEM key types and mechanisms (requires CCA v8.4 or later).
  * Soft: Add support for IBM-specific ML-DSA and ML-KEM key types and mechanisms (requires OpenSSL 3.5 or later, or the OQS-provider must be configured).
  * p11sak: Add support for IBM-specific ML-DSA and ML-KEM key types.
  * Bug fixes. 
- Removed obsolete patches
  * ocki-3.25-remove-make-install-chgrp.patch 
  * ocki-3.25-PKCSSLOTD-Remove-the-use-of-MD5.patch
- Applied a new patch for version 3.26
  * ocki-3.26-remove-make-install-chgrp.patch

OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=177
 2025-11-12 09:51:57 +00:00
Ana Guerrero
09debdf754 Accepting request 1300040 from security 
OBS-URL: https://build.opensuse.org/request/show/1300040
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openCryptoki?expand=0&rev=87
 2025-08-18 14:07:55 +00:00
Nikolay Gueorguiev
d1ed782ea5 Corrected a 'typo'. 
OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=175
 2025-08-18 10:13:37 +00:00
2 changed files with 29 additions and 28 deletions
Expand all files Collapse all files

5
openCryptoki.changes
View File

@@ -1,3 +1,8 @@
-------------------------------------------------------------------
Thu Jan 8 10:14:17 UTC 2026 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
- Modified the .spec file for Immutable Mode (jsc#PED-14798)
-------------------------------------------------------------------
Wed Nov 12 09:04:02 UTC 2025 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>

52
openCryptoki.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package openCryptoki
#
# Copyright (c) 2025 SUSE LLC
# Copyright (c) 2026 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -169,10 +169,25 @@ dos2unix doc/README.ep11_stdll
%install
%make_install
install -d %{buildroot}%{_includedir}
install -d %{buildroot}%{_localstatedir}/lib/opencryptoki
# Move data templates from /var to /usr/share/opencryptoki for tmpfiles to use
install -d %{buildroot}%{_datadir}/opencryptoki/templates
install -d %{buildroot}%{_initddir}
install -d %{buildroot}%{_sbindir}
install -d %{buildroot}%{_prefix}/lib/tmpfiles.d
# Define the tmpfiles.d configuration
cat > %{buildroot}%{_prefix}/lib/tmpfiles.d/opencryptoki.conf <<EOF
# Type Path Mode UID GID Age Argument
d /var/lib/opencryptoki 0755 root pkcs11 - -
d /var/lib/opencryptoki/swtok 0770 root pkcs11 - -
d /var/lib/opencryptoki/swtok/TOK_OBJ 0770 root pkcs11 - -
d /var/lib/opencryptoki/tpm 0770 root pkcs11 - -
d /var/lib/opencryptoki/icsf 0770 root pkcs11 - -
d /var/log/opencryptoki 0770 root pkcs11 - -
L+ /etc/pkcs11 - - - - /var/lib/opencryptoki
EOF
# Remove manual directory creation in %install that belongs in /var
rm -rf %{buildroot}%{_localstatedir}/lib/opencryptoki
rm -rf %{buildroot}%{_localstatedir}/log/opencryptoki
#
mkdir -p %{buildroot}%{_datadir}/opencryptoki
cp %{buildroot}%{_datadir}/doc/opencryptoki/*.conf %{buildroot}%{_datadir}/opencryptoki
@@ -197,22 +212,13 @@ getent passwd pkcsslotd 2>/dev/null || %{_sbindir}/useradd -g %{pkcs_group} -r p
%{service_del_preun pkcsslotd.service}
%post
# Symlink from /var/lib/opencryptoki to /etc/pkcs11
if [ ! -L %{_sysconfdir}/pkcs11 ] ; then
if [ -e %{_sysconfdir}/pkcs11/pk_config_data ] ; then
mv %{_sysconfdir}/pkcs11/* %{_localstatedir}/lib/opencryptoki
cd %{_sysconfdir} && rm -rf pkcs11 && \
ln -sf %{_localstatedir}/lib/opencryptoki pkcs11
fi
fi
# Use the systemd-tmpfiles macro to ensure directories are created on next boot/transaction
%tmpfiles_create %{_tmpfilesdir}/opencryptoki.conf
/sbin/ldconfig
%{?tmpfiles_create:%tmpfiles_create %{_tmpfilesdir}/opencryptoki.conf}
%{service_add_post pkcsslotd.service}
%postun
if [ -L %{_sysconfdir}/pkcs11 ] ; then
rm %{_sysconfdir}/pkcs11
fi
/sbin/ldconfig
%{service_del_postun pkcsslotd.service}
%ifarch %{openCryptoki_32bit_arch}
@@ -280,8 +286,6 @@ ln -sf %{_libdir}/opencryptoki/libopencryptoki.so %{_prefix}/lib/pkcs11/PKCS11_A
%ifnarch i586
%config %{_sysconfdir}/opencryptoki/ccatok.conf
%{_sbindir}/pkcscca
%dir %attr(770,root,%{pkcs_group}) %{_localstatedir}/lib/opencryptoki/ccatok
%dir %attr(770,root,%{pkcs_group}) %{_localstatedir}/lib/opencryptoki/ccatok/TOK_OBJ
%endif
%{_sbindir}/p11kmip
%{_sbindir}/pkcsslotd
@@ -293,20 +297,12 @@ ln -sf %{_libdir}/opencryptoki/libopencryptoki.so %{_prefix}/lib/pkcs11/PKCS11_A
%dir %{_libdir}/opencryptoki
%dir %{_libdir}/opencryptoki/stdll
# State and lock directories
%dir %attr(755,root,%{pkcs_group}) %{_localstatedir}/lib/opencryptoki
%dir %attr(770,root,%{pkcs_group}) %{_localstatedir}/lib/opencryptoki/swtok
%dir %attr(770,root,%{pkcs_group}) %{_localstatedir}/lib/opencryptoki/swtok/TOK_OBJ
%dir %attr(770,root,%{pkcs_group}) %{_localstatedir}/lib/opencryptoki/tpm
%dir %attr(770,root,%{pkcs_group}) %{_localstatedir}/lib/opencryptoki/icsf
%ifarch s390 s390x
%dir %attr(770,root,%{pkcs_group}) %{_localstatedir}/lib/opencryptoki/ep11tok
%dir %attr(770,root,%{pkcs_group}) %{_localstatedir}/lib/opencryptoki/ep11tok/TOK_OBJ
%dir %attr(770,root,%{pkcs_group}) %{_localstatedir}/lib/opencryptoki/lite
%dir %attr(770,root,%{pkcs_group}) %{_localstatedir}/lib/opencryptoki/lite/TOK_OBJ
%endif
%dir %attr(770,root,%{pkcs_group}) %{_localstatedir}/log/opencryptoki/
%{_mandir}/man*/*
%{_sbindir}/pkcshsm_mk_change
#
%{_prefix}/lib/tmpfiles.d/opencryptoki.conf
# Ensure we don't package files in /var directly
%ghost %dir %attr(755,root,%{pkcs_group}) %{_localstatedir}/lib/opencryptoki
%files devel
%dir %{_libdir}/opencryptoki