# # spec file for package openCryptoki (Version 2.2.2) # # Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine # package are under the same license as the package itself. # # Please submit bugfixes or comments via http://bugs.opensuse.org/ # # norootforbuild Name: openCryptoki BuildRequires: gcc-c++ libica openssl-devel Summary: An Implementation of PKCS#11 (Cryptoki) v2.01 for IBM Cryptographic Hardware Version: 2.2.2 Release: 27 License: Other License(s), see package, IBM Public License Group: Productivity/Security # :pserver:anonymous@cvs.sourceforge.net:/cvsroot/opencryptoki # cvs co -r openCryptoki-2-1-5 -d openCryptoki-2-1-5 . Source: openCryptoki-2.2.2-rc2.tar.bz2 Source1: openCryptoki.pkcsslotd Source2: openCryptoki-TFAQ.html Patch0: openCryptoki-autoconf.patch Patch1: openCryptoki-config.patch Patch3: openCryptoki-compile-fixes.patch Patch4: openCryptoki-no_mmap.patch Patch5: openCryptoki-per_user.patch Patch6: openCryptoki-prototypes.patch Patch7: ock_add_free_mech_list_20060131.diff Patch8: ock_head_ptr_to_null_20060308.diff Patch9: ock_222_proc_struct_cmd_20060309.diff Patch10: ock_222_cmd_fix_ptr_to_arr.diff Patch11: ock_64_bit_fixes.diff Patch12: openCryptoki-pkcsslotd-removepidfile.patch Patch13: openCryptoki-retval.patch URL: http://oss.software.ibm.com/developerworks/opensource/opencryptoki BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: /usr/sbin/groupadd /usr/bin/id /usr/sbin/usermod /bin/sed Requires: libica %define oc_cvs_tag openCryptoki-2.2.2-rc2 # the userland tools are only maintained in 32bit, when a 32bit # userland compatibility is available for the corresponding 64bit # architecture. # # Thus, the user is supposed to install the 32bit package and the # additional 64bit package together. # # # openCryptoki contains the common files. is always installed natively # openCryptoki-32bit contains the 32bit binaries for native use and # for the 'other' distribution # openCryptoki-64bit contains the 64bit binaries for use on the 'other' distribution %define openCryptoki_32bit_arch %ix86 s390 ppc %arm # support in the workings for: ppc64 # no support in sight for: ia64 x86_64 %define openCryptoki_64bit_arch s390x ppc64 # autobuild:/work/cd/lib/misc/group # openCryptoki pkcs11:x:64: %define pkcs11_group_id 64 # IBM maintains openCryptoki on these architectures: ExclusiveArch: %openCryptoki_32bit_arch %openCryptoki_64bit_arch # %description The PKCS#11 version 2.01 API implemented for the IBM cryptographic cards. This package includes support for the IBM 4758 cryptographic coprocessor (with the PKCS#11 firmware loaded) and the IBM eServer Cryptographic Accelerator (FC 4960 on pSeries). %ifarch %openCryptoki_32bit_arch %package 32bit %else %package 64bit %endif Summary: Implementation of PKCS#11 (Cryptoki) v2.01 for IBM Crypto Hardware Group: Productivity/Security # this is needed to make sure the pkcs11 group exists before # installation: PreReq: openCryptoki %ifarch %openCryptoki_32bit_arch %description 32bit This is a re-packaged binary rpm. For the package source, please look for the source of the package without the "32bit" ending The PKCS#11 version 2.01 API implemented for the IBM cryptographic cards. This package includes support for the IBM 4758 cryptographic co-processor (with the PKCS#11 firmware loaded) and the IBM eServer Cryptographic Accelerator (FC 4960 on pSeries). %else %description 64bit This is a re-packaged binary rpm. For the package source, please look for the source of the package without the "64bit" ending The PKCS#11 Version 2.01 api implemented for the IBM Crypto cards. This package includes support for the IBM 4758 Cryptographic CoProcessor (with the PKCS#11 firmware loaded) and the IBM eServer Cryptographic Accelerator (FC 4960 on pSeries) %endif %package devel Summary: An Implementation of PKCS#11 (Cryptoki) v2.01 for IBM Cryptographic Hardware Group: Productivity/Security Requires: openCryptoki = %{version}-%{release}, glibc-devel, openssl-devel %description devel The PKCS#11 version 2.01 API implemented for the IBM cryptographic cards. This package includes support for the IBM 4758 cryptographic co-processor (with the PKCS#11 firmware loaded) and the IBM eServer Cryptographic Accelerator (FC 4960 on pSeries). %prep %setup -n %{oc_cvs_tag} %patch1 %patch3 %patch4 %patch5 %patch6 %patch7 %patch8 -p1 %patch9 %patch10 -p1 %patch11 -p2 %patch12 %patch13 cp %{SOURCE2} . #find -name CVS -type d -print0 | xargs -0 rm -rfv %build autoreconf --force --install CFLAGS="$RPM_OPT_FLAGS -D__USE_BSD" ./configure --prefix=/usr --libdir=%{_libdir} make %install make install DESTDIR=$RPM_BUILD_ROOT INSROOT=$RPM_BUILD_ROOT mkdir -p $RPM_BUILD_ROOT/usr/include mkdir -p $RPM_BUILD_ROOT/var/lib/opencryptoki mkdir -p $RPM_BUILD_ROOT/etc/init.d mkdir -p $RPM_BUILD_ROOT/usr/sbin cp -av %{S:1} $RPM_BUILD_ROOT/etc/init.d/pkcsslotd ln -sfv ../../etc/init.d/pkcsslotd $RPM_BUILD_ROOT/usr/sbin/rcpkcsslotd rm -rf $RPM_BUILD_ROOT/tmp # Remove all development files rm -f $RPM_BUILD_ROOT${_libdir}/opencryptoki/libopencryptoki.la # # FIX to build it on ppc64 # # %ifarch ppc64 # rm -f $RPM_BUILD_ROOT/usr/lib/pkcs11/methods/pkcs11_startup # rm -f $RPM_BUILD_ROOT/usr/lib/pkcs11/methods/pkcs_slot # rm -f $RPM_BUILD_ROOT/usr/lib/pkcs11/stdll/PKCS11_SW.so # rm -f $RPM_BUILD_ROOT/usr/sbin/pkcsslotd # %endif %ifnarch %openCryptoki_32bit_arch rm -f $RPM_BUILD_ROOT/etc/init.d/pkcsslotd rm -f $RPM_BUILD_ROOT/usr/include/opencryptoki/apiclient.h rm -f $RPM_BUILD_ROOT/usr/include/opencryptoki/pkcs11.h rm -f $RPM_BUILD_ROOT/usr/include/opencryptoki/pkcs11types.h rm -f $RPM_BUILD_ROOT/usr/lib64/opencryptoki/libopencryptoki.la rm -f $RPM_BUILD_ROOT/usr/lib64/opencryptoki/stdll/libpkcs11_ica.la rm -f $RPM_BUILD_ROOT/usr/lib64/opencryptoki/stdll/libpkcs11_sw.la rm -f $RPM_BUILD_ROOT/usr/sbin/pkcs11_startup rm -f $RPM_BUILD_ROOT/usr/sbin/pkcs_slot rm -f $RPM_BUILD_ROOT/usr/sbin/pkcsconf rm -f $RPM_BUILD_ROOT/usr/sbin/pkcsslotd rm -f $RPM_BUILD_ROOT/usr/sbin/rcpkcsslotd %endif rm -f $RPM_BUILD_ROOT/%_libdir/opencryptoki/methods %pre # autobuild:/work/cd/lib/misc/group # openCryptoki pkcs11:x:64: /usr/sbin/groupadd -g %pkcs11_group_id -o -r pkcs11 2>/dev/null || true # add root to group pkcs11 to enable root to run pkcsconf /usr/sbin/usermod -G $(/usr/bin/id --groups --name root | /bin/sed \ -e 's/root//' -e ' # add the pkcs group if it is missing /(^| )pkcs11( |$)/!s/$/ pkcs11/ # replace spaces by commas y/ /,/ '),pkcs11 root %ifarch %openCryptoki_32bit_arch %postun if [ -L %{_sysconfdir}/pkcs11 ] ; then rm %{_sysconfdir}/pkcs11 fi %postun 32bit # remove the openCryptoki start script %{insserv_cleanup} %endif %ifarch %openCryptoki_32bit_arch %post 32bit # Old library name links cd %{_libdir}/opencryptoki && ln -sf ./libopencryptoki.so PKCS11_API.so ln -sf %{_sbindir} %{_libdir}/opencryptoki/methods rm -rf %{_libdir}/pkcs11/stdll if [ -d %{_libdir}/pkcs11 ] ; then cd %{_libdir}/pkcs11 ln -sf ../opencryptoki/stdll stdll cd stdll [ -f libpkcs11_ica.so ] && ln -sf ./libpkcs11_ica.so PKCS11_ICA.so || true [ -f libpkcs11_sw.so ] && ln -sf ./libpkcs11_sw.so PKCS11_SW.so || true fi %else %post 64bit # Old library name for 64bit libs were under /usr/lib/pkcs11. For migration purposes only. test -d /usr/lib/pkcs11 || mkdir -p /usr/lib/pkcs11 ln -sf %{_libdir}/opencryptoki/libopencryptoki.so /usr/lib/pkcs11/PKCS11_API.so64 %endif %post # Symlink from /var/lib/opencryptoki to /etc/pkcs11 if [ ! -L %{_sysconfdir}/pkcs11 ] ; then if [ -e %{_sysconfdir}/pkcs11/pk_config_data ] ; then mv %{_sysconfdir}/pkcs11/* %{_localstatedir}/lib/opencryptoki cd %{_sysconfdir} && rm -rf pkcs11 && \ ln -sf %{_localstatedir}/lib/opencryptoki pkcs11 fi fi ################################################################### %ifarch %openCryptoki_32bit_arch %files %defattr(-,root,root) %doc openCryptoki-TFAQ.html # configuration directory %dir %attr(755,root,pkcs11) /var/lib/opencryptoki /etc/init.d/pkcsslotd /usr/sbin/rcpkcsslotd # utilities /usr/sbin/pkcsslotd /usr/sbin/pkcs11_startup /usr/sbin/pkcsconf /usr/sbin/pkcs_slot %dir %{_libdir}/opencryptoki %dir %{_libdir}/opencryptoki/stdll %files 32bit %defattr(-,root,root) # these don't conflict because they only exist as 64bit binaries if # there is no 32bit version of them usable %{_libdir}/opencryptoki/libopencryptoki.so %ghost %{_libdir}/opencryptoki/PKCS11_API.so %{_libdir}/opencryptoki/*.0 %{_libdir}/opencryptoki/stdll/libpkcs11_ica.so %ghost %{_libdir}/opencryptoki/stdll/PKCS11_ICA.so %ifnarch s390 s390x %{_libdir}/opencryptoki/stdll/libpkcs11_sw.so %ghost %{_libdir}/opencryptoki/stdll/PKCS11_SW.so %endif %{_libdir}/opencryptoki/stdll/*.0 %dir %{_libdir}/pkcs11 %ghost %{_libdir}/pkcs11/stdll %ghost %{_libdir}/pkcs11/methods %{_libdir}/pkcs11/*.so %{_libdir}/libopencryptoki.so %{_libdir}/libopencryptoki.so.0 %files devel %defattr(-,root,root) %dir %{_libdir}/opencryptoki %dir %{_libdir}/opencryptoki/stdll %{_libdir}/opencryptoki/*.la %{_libdir}/opencryptoki/stdll/*.la %{_includedir}/opencryptoki ################################################################### %else # not openCryptoki_32bit_arch but 64bit arch %files 64bit %defattr(-,root,root) %dir %_libdir/opencryptoki %{_libdir}/opencryptoki/*.so %{_libdir}/opencryptoki/*.0 %dir %_libdir/opencryptoki/stdll %{_libdir}/opencryptoki/stdll/*.so %{_libdir}/opencryptoki/stdll/*.0 %{_libdir}/pkcs11 %{_libdir}/libopencryptoki.so %{_libdir}/libopencryptoki.so.0 %endif %changelog -n openCryptoki * Fri Oct 20 2006 - ro@suse.de - fix missing return values from non-void funcs * Fri Apr 21 2006 - uli@suse.de - pkcsslotd: create PID file in the right place, delete it on exit (bug #164664) * Tue Apr 11 2006 - uli@suse.de - added 64-bit patches from IBM (bug #145666) * Mon Apr 10 2006 - uli@suse.de - added small change missing from patch for bug #156651 * Mon Apr 03 2006 - uli@suse.de - fixed location of pkcs11_startup in init script (bug #162372) * Mon Mar 13 2006 - uli@suse.de - fixed proc_t structure mixup (bug #156651) * Thu Mar 09 2006 - uli@suse.de - initialize head pointer (bug #156229) * Mon Mar 06 2006 - uli@suse.de - %%ghost symlinks that are generated in %%post (bug #154961) * Thu Feb 02 2006 - uli@suse.de - stuffed memleak (patch by IBM, bug #147036) * Wed Feb 01 2006 - uli@suse.de - changed RPM layout to meet IBM's demands (based on patch by IBM, bug #145666) - removed mmap, per-user data store support (patch by IBM, bug [#145666]) * Wed Jan 25 2006 - mls@suse.de - converted neededforbuild to BuildRequires * Thu Jan 12 2006 - hare@suse.de - Update to 2.2.2-rc2 * Wed Jan 11 2006 - hare@suse.de - Update to 2.2.1-rc2 - Fixed build errors - Cleaned up spec file. * Wed Dec 14 2005 - ro@suse.de - copy TFAQ to build directory (fix build) * Mon Dec 12 2005 - hare@suse.de - Update to 2.1.6-rc5. - Port fixes from SLES9 SP3. * Tue Nov 15 2005 - uli@suse.de - enabled for ARM * Thu Feb 17 2005 - od@suse.de - fix #50050: - ./configure.in: wrong test against $host makes ppc(64) miss -DPKCS64 in CFLAGS - corrected: S390 flag was set for ppc in this conditional * Mon Aug 16 2004 - ro@suse.de - run full autoreconf / simplify specfile a little * Tue Apr 27 2004 - hare@suse.de - Print correct error message (#37427 again). * Fri Apr 23 2004 - hare@suse.de - Check for the correct module on startup (#37427) * Sun Apr 18 2004 - olh@suse.de - update to openCryptoki-2.1.5, ppc64 version (#39026) * Wed Feb 18 2004 - ro@suse.de - adapt filelist on ppc * Thu Feb 12 2004 - kukuk@suse.de - Fix owner/group of files/directories * Fri Dec 05 2003 - ro@suse.de - no need to specify "root" as supplementary group for root, it's already primary * Wed Jul 30 2003 - hare@suse.de - Update to openCryptoki-2.1.3 - Fixed configure errors. * Mon Jun 23 2003 - ro@suse.de - added directories to filelist * Wed Jun 04 2003 - ro@suse.de - remove CVS subdirs - remove unpackaged files from buildroot * Thu Nov 21 2002 - ro@suse.de - removed duplicates from configure.in * Tue Oct 01 2002 - froh@suse.de - exclude ppc64 from the architectures, the package is built for. 64bit mode is not supported by IBM yet; dlopen wrappers are also missing 64bit filename handling. (#20380) - actually compress the openCryptoki-1.4*.tar.bz2 * Tue Sep 24 2002 - ro@suse.de - make it even build ... * Tue Sep 24 2002 - froh@suse.de - make openCryptoki-XXbit PreReq: openCryptoki to enforce pkcs11 group creation before package installation (#20079) - correct version number (the patch actiually lifts openCryptoki to 1.5) - fix groupadd call to no longer silently ignore errors in all cases using (hopefully) posix exit codes. alternative would be to use undocumented '-f' option of groupadd. * Fri Sep 20 2002 - froh@suse.de - add user root to group pkcs11 to enable root to administrate the crypto hardware support (#19566) * Mon Aug 26 2002 - okir@suse.de - misc security fixes (#18377) * Fri Aug 23 2002 - froh@suse.de - replaced openCryptoki-tools with openCryptoki-32bit and openCryptoki-64bit * Thu Aug 22 2002 - froh@suse.de - moved dlopen objects that are available for non-x86 out of the ifarch ix86 - moved postun to tools subpackge (which contains the daemon) - removed include files. no development support for now. - replaced %%ix86, etc by appropriate generic %%openCryptoki_tools_arch and %%openCryptoki_no_tools_arch * Wed Aug 21 2002 - ro@suse.de - replaced all i386 occurrences with %%ix86 - changed filelist to what's really built * Tue Aug 20 2002 - froh@suse.de - split package to openCryptoki and openCryptoki-tools to allow parallel installation of 32bit tools with 64bit dlopen objects for foreign middleware. - removed automatical insserv on install, because the package needs manual configuration (#18031) * Mon Aug 12 2002 - froh@suse.de - added missing %%post before insserv (Bug #17600) * Fri Aug 09 2002 - kukuk@suse.de - Fix path in PreReq. * Wed Aug 07 2002 - froh@suse.de - add groupadd pkcs11 in %%pre install * Mon Jul 29 2002 - froh@suse.de - updated to current version - removed old START_ variable * Fri Jun 14 2002 - ro@suse.de - always use macros when calling insserv * Tue Apr 09 2002 - bk@suse.de - add lib64 support * Tue Feb 05 2002 - froh@suse.de - Added openssl to #neededforbuild, which is needed in addition to openssl-devel * Wed Jan 30 2002 - froh@suse.de - initial version