# # spec file for package openCryptoki # # Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %define openCryptoki_32bit_arch %ix86 s390 ppc %arm # support in the workings for: ppc64 # no support in sight for: ia64 %define openCryptoki_64bit_arch s390x ppc64 ppc64le x86_64 aarch64 # autobuild:/work/cd/lib/misc/group # openCryptoki pkcs11:x:64: %define pkcs11_group_id 64 %define oc_cvs_tag opencryptoki %if 0%{?suse_version} > 1220 %define uses_systemd 1 %else %define uses_systemd 0 %endif Name: openCryptoki BuildRequires: bison BuildRequires: flex BuildRequires: gcc-c++ %ifarch s390 s390x BuildRequires: libica-2_3_0-devel %endif BuildRequires: libtool BuildRequires: openldap2-devel BuildRequires: openssl-devel BuildRequires: pwdutils BuildRequires: trousers-devel %if %{uses_systemd} BuildRequires: pkgconfig(systemd) %{?systemd_requires} %endif Summary: An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic Hardware License: IPL-1.0 Group: Productivity/Security Version: 3.1 Release: 0 # :pserver:anonymous@cvs.sourceforge.net:/cvsroot/opencryptoki # cvs co -r openCryptoki-2-1-5 -d openCryptoki-2-1-5 . Source: %{oc_cvs_tag}-v%{version}.tar.bz2 Source1: openCryptoki.pkcsslotd Source2: openCryptoki-TFAQ.html Source3: openCryptoki-tmp.conf Patch1: ocki-3.1-remove-make-install-chgrp-chmod.patch Patch2: ocki-3.1-fix-init_d-path.patch Patch3: ocki-3.1-fix-implicit-decl.patch Patch4: ocki-3.1-fix-libica-link.patch Patch5: ocki-3.1_01_ep11_makefile.patch Patch6: ocki-3.1_02_ep11_m_init.patch Patch7: ocki-3.1_03_ock_obj_mgr.patch Patch8: ocki-3.1_04_ep11_opaque2blob_error_handl.patch Patch9: ocki-3.1_05_ep11_readme_update.patch Patch10: ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch Patch11: ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch Patch12: ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch Patch13: ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch Patch14: ocki-3.1_06_0005-Small-reworks.patch Patch15: ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch Patch16: ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch Url: http://oss.software.ibm.com/developerworks/opensource/opencryptoki BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: /usr/sbin/groupadd /usr/bin/id /usr/sbin/usermod /bin/sed %insserv_prereq # IBM maintains openCryptoki on these architectures: ExclusiveArch: %openCryptoki_32bit_arch %openCryptoki_64bit_arch # %description The PKCS#11 version 2.11 API implemented for the IBM cryptographic cards. This package includes support for the IBM 4758 cryptographic coprocessor (with the PKCS#11 firmware loaded) and the IBM eServer Cryptographic Accelerator (FC 4960 on pSeries). %package devel Summary: An Implementation of PKCS#11 (Cryptoki) v2.01 for IBM Cryptographic Hardware Group: Development/Languages/C and C++ Requires: glibc-devel Requires: openCryptoki = %{version}-%{release} Requires: openssl-devel %description devel The PKCS#11 version 2.01 API implemented for the IBM cryptographic cards. This package includes support for the IBM 4758 cryptographic co-processor (with the PKCS#11 firmware loaded) and the IBM eServer Cryptographic Accelerator (FC 4960 on pSeries). %ifarch %openCryptoki_32bit_arch %package 32bit Summary: An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic Hardware Group: Productivity/Security # this is needed to make sure the pkcs11 group exists before # installation: PreReq: openCryptoki ExclusiveArch: %openCryptoki_32bit_arch %description 32bit This is a re-packaged binary rpm. For the package source, please look for the source of the package without the "32bit" ending The PKCS#11 version 2.11 API implemented for the IBM cryptographic cards. This package includes support for the IBM 4758 cryptographic coprocessor (with the PKCS#11 firmware loaded) and the IBM eServer Cryptographic Accelerator (FC 4960 on pSeries). %endif %ifarch %openCryptoki_64bit_arch %package 64bit Summary: An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic Hardware Group: Productivity/Security # this is needed to make sure the pkcs11 group exists before # installation: PreReq: openCryptoki ExclusiveArch: %openCryptoki_64bit_arch %description 64bit This is a re-packaged binary rpm. For the package source, please look for the source of the package without the "64bit" ending The PKCS#11 version 2.11 API implemented for the IBM cryptographic cards. This package includes support for the IBM 4758 cryptographic coprocessor (with the PKCS#11 firmware loaded) and the IBM eServer Cryptographic Accelerator (FC 4960 on pSeries). %endif %prep %setup -q -n %{oc_cvs_tag} %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 %patch6 -p1 %patch7 -p1 %patch8 -p1 %patch9 -p1 %patch10 -p1 %patch11 -p1 %patch12 -p1 %patch13 -p1 %patch14 -p1 %patch15 -p1 %patch16 -p1 cp %{SOURCE2} . %build autoreconf --force --install CFLAGS="$RPM_OPT_FLAGS -D__USE_BSD" ./configure \ --prefix=/usr \ --libdir=%{_libdir} \ --enable-tpmtok \ %if %{uses_systemd} --with-systemd=/usr/lib/systemd/system \ %endif --sysconfdir=%{_sysconfdir} \ --localstatedir=%{_localstatedir} %__make %install %make_install DESTDIR=$RPM_BUILD_ROOT INSROOT=$RPM_BUILD_ROOT install -d $RPM_BUILD_ROOT/usr/include install -d $RPM_BUILD_ROOT/var/lib/opencryptoki install -d $RPM_BUILD_ROOT/etc/init.d install -d $RPM_BUILD_ROOT/usr/sbin %if %{uses_systemd} install -d $RPM_BUILD_ROOT/usr/lib/tmpfiles.d install -m 644 %{S:3} $RPM_BUILD_ROOT/usr/lib/tmpfiles.d/openCryptoki-tmp.conf ln -s /usr/sbin/service $RPM_BUILD_ROOT/usr/sbin/rcpkcsslotd %else install -m 544 %{S:1} $RPM_BUILD_ROOT/etc/init.d/pkcsslotd ln -sfv ../../etc/init.d/pkcsslotd $RPM_BUILD_ROOT/usr/sbin/rcpkcsslotd %endif rm -rf $RPM_BUILD_ROOT/tmp # Remove all development files rm -f $RPM_BUILD_ROOT${_libdir}/opencryptoki/libopencryptoki.la rm -f $RPM_BUILD_ROOT/%_libdir/opencryptoki/methods %pre %if %{uses_systemd} %{service_add_pre pkcsslotd.service} %endif # autobuild:/work/cd/lib/misc/group # openCryptoki pkcs11:x:64: /usr/sbin/groupadd -g %pkcs11_group_id -r pkcs11 2>/dev/null || true /usr/sbin/usermod -G $(/usr/bin/id --groups --name root | /bin/sed \ -e 's/root//' -e ' # add the pkcs group if it is missing /(^| )pkcs11( |$)/!s/$/ pkcs11/ # replace spaces by commas y/ /,/ # remove leading , if present s/^,// '),pkcs11 root %preun %if %{uses_systemd} %{service_del_preun pkcsslotd.service} %else %{stop_on_removal pkcsslotd} %endif %post # Symlink from /var/lib/opencryptoki to /etc/pkcs11 if [ ! -L %{_sysconfdir}/pkcs11 ] ; then if [ -e %{_sysconfdir}/pkcs11/pk_config_data ] ; then mv %{_sysconfdir}/pkcs11/* %{_localstatedir}/lib/opencryptoki cd %{_sysconfdir} && rm -rf pkcs11 && \ ln -sf %{_localstatedir}/lib/opencryptoki pkcs11 fi fi /sbin/ldconfig %if %{uses_systemd} %{service_add_post pkcsslotd.service} %else %{fillup_and_insserv -f pkcsslotd} %endif %postun if [ -L %{_sysconfdir}/pkcs11 ] ; then rm %{_sysconfdir}/pkcs11 fi %if %{uses_systemd} %{service_del_postun pkcsslotd.service} %else %{restart_on_update pkcsslotd} %{insserv_cleanup} %endif %ifarch %openCryptoki_32bit_arch %postun 32bit # remove the openCryptoki start script %{insserv_cleanup} %post 32bit # Old library name links cd %{_libdir}/opencryptoki && ln -sf ./libopencryptoki.so PKCS11_API.so ln -sf %{_sbindir} %{_libdir}/opencryptoki/methods rm -rf %{_libdir}/pkcs11/stdll test -d /usr/lib/pkcs11 || mkdir -p /usr/lib/pkcs11 cd /usr/lib/pkcs11 ln -sf ../opencryptoki/stdll stdll cd stdll [ -f libpkcs11_cca.so ] && ln -sf ./libpkcs11_cca.so PKCS11_CCA.so || true [ -f libpkcs11_tpm.so ] && ln -sf ./libpkcs11_tpm.so PKCS11_TPM.so || true [ -f libpkcs11_ica.so ] && ln -sf ./libpkcs11_ica.so PKCS11_ICA.so || true [ -f libpkcs11_sw.so ] && ln -sf ./libpkcs11_sw.so PKCS11_SW.so || true /sbin/ldconfig %endif %ifarch %openCryptoki_64bit_arch %post 64bit # Old library name for 64bit libs were under /usr/lib/pkcs11. For migration purposes only. test -d /usr/lib/pkcs11 || mkdir -p /usr/lib/pkcs11 ln -sf %{_libdir}/opencryptoki/libopencryptoki.so /usr/lib/pkcs11/PKCS11_API.so64 /sbin/ldconfig %endif %files %defattr(-,root,root) %doc openCryptoki-TFAQ.html # configuration directory %dir %{_sysconfdir}/opencryptoki %config %{_sysconfdir}/opencryptoki/opencryptoki.conf %ifarch s390 s390x %config %{_sysconfdir}/opencryptoki/ep11tok.conf %{_sbindir}/pkcsep11_migrate %endif %if %{uses_systemd} %{_prefix}/lib/systemd/system/pkcsslotd.service %{_prefix}/lib/tmpfiles.d/openCryptoki-tmp.conf %else %{_sysconfdir}/init.d/pkcsslotd %ghost %dir %attr(770,root,pkcs11) %{_localstatedir}/lock/opencryptoki %ghost %dir %attr(770,root,pkcs11) %{_localstatedir}/lock/opencryptoki/ccatok %ghost %dir %attr(770,root,pkcs11) %{_localstatedir}/lock/opencryptoki/swtok %ghost %dir %attr(770,root,pkcs11) %{_localstatedir}/lock/opencryptoki/tpm %endif %{_sbindir}/rcpkcsslotd # utilities %{_sbindir}/pkcsslotd %{_sbindir}/pkcsconf %{_sbindir}/pkcsicsf %dir %{_libdir}/opencryptoki %dir %{_libdir}/opencryptoki/stdll # State and lock directories %dir %attr(755,root,pkcs11) %{_localstatedir}/lib/opencryptoki %dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/ccatok %dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/ccatok/TOK_OBJ %dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/swtok %dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/swtok/TOK_OBJ %dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/tpm %dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/icsf %ifarch s390 s390x %dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/lite %dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/lite/TOK_OBJ %dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/ep11tok %dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/ep11tok/TOK_OBJ %endif %{_mandir}/man*/* %files devel %defattr(-,root,root) %dir %{_libdir}/opencryptoki %dir %{_libdir}/opencryptoki/stdll %{_libdir}/opencryptoki/*.la %{_libdir}/opencryptoki/stdll/*.la %{_includedir}/opencryptoki %ifarch %openCryptoki_32bit_arch %files 32bit %defattr(-,root,root) # these don't conflict because they only exist as 64bit binaries if # there is no 32bit version of them usable %{_libdir}/opencryptoki/libopencryptoki.so %ghost %{_libdir}/opencryptoki/PKCS11_API.so %{_libdir}/opencryptoki/*.0 %{_libdir}/opencryptoki/stdll/libpkcs11_cca.so %ghost %{_libdir}/opencryptoki/stdll/PKCS11_CCA.so %{_libdir}/opencryptoki/stdll/libpkcs11_tpm.so %ghost %{_libdir}/opencryptoki/stdll/PKCS11_TPM.so %{_libdir}/opencryptoki/stdll/libpkcs11_sw.so %ghost %{_libdir}/opencryptoki/stdll/PKCS11_SW.so %{_libdir}/opencryptoki/stdll/libpkcs11_icsf.so %ghost %{_libdir}/opencryptoki/stdll/PKCS11_ICSF.so %ifarch s390 s390x %{_libdir}/opencryptoki/stdll/libpkcs11_ica.so %ghost %{_libdir}/opencryptoki/stdll/PKCS11_ICA.so %{_libdir}/opencryptoki/stdll/libpkcs11_ep11.so %ghost %{_libdir}/opencryptoki/stdll/PKCS11_EP11.so %endif %{_libdir}/opencryptoki/stdll/*.0 %dir %{_libdir}/pkcs11 %ghost %{_libdir}/pkcs11/stdll %ghost %{_libdir}/pkcs11/methods %{_libdir}/pkcs11/*.so %{_sysconfdir}/ld.so.conf.d/* %endif %ifarch %openCryptoki_64bit_arch %files 64bit %defattr(-,root,root) %dir %_libdir/opencryptoki %{_libdir}/opencryptoki/*.so %{_libdir}/opencryptoki/*.0 %dir %_libdir/opencryptoki/stdll %{_libdir}/opencryptoki/stdll/*.so %{_libdir}/opencryptoki/stdll/*.0 %{_libdir}/pkcs11 %{_sysconfdir}/ld.so.conf.d/* %endif %changelog