1cfa0e9e91
(jsc#PED-10291, jsc#PED-10290, jsc#PED-10241)
* Add support for building Opencryptoki on the IBM AIX platform
* Add support for the CCA token on non-IBM Z platforms (x86_64, ppc64)
* Add support for protecting tokens with a token specific user group
* EP11: Add support for combined CKA_EXTRACTABLE and CKA_IBM_PROTKEY_EXTRACTABLE
* CCA: Add support for Koblitz curve secp256k1. Requires CCA v7.2 or later
* CCA: Add support for IBM Dilithium (CKM_IBM_DILITHIUM).
- On Linux on IBM Z: Requires CCA v7.1 or later for Round2-65, and
CCA v8.0 for the Round 3 variants.
- On other platforms:
Requires CCA v7.2.43 or later for Round2-65, the Round 3 variants are currently not supported
* CCA: Add support for RSA-OAEP with SHA224, SHA384, and SHA512 on en-/decrypt.
- Requires CCA v8.1 or later on Linux on IBM Z, not supported on other platforms
* CCA: Add support for PKCS#11 v3.0 SHA3 mechanisms.
- Requires CCA v8.1 on Linux on IBM Z, not supported on other platforms
* ICA: Support new libica AES-GCM api using the KMA instruction on z14 and later
* ICA/Soft/ICSF: Add support for PKCS#11 v3.0 SHA3 mechanisms
* ICA/Soft: Add support for SHA based key derivation mechanisms
* ICA/Soft: Add support for CKD_*_SP800 KDFs for ECDH
* EP11/CCA/ICA/Soft: Add support for CKA_ALWAYS_AUTHENTICATE
* EP11/CCA: Support live guest relocation for protected key (PKEY) operations
* Soft: Experimental support for IBM Dilithium via OpenSSL OQS provider
* ICSF: Add support for SHA-2 mechanisms
* ICSF: Performance improvements for attribute retrieval
* p11sak: Add support for exporting a key or certificate as URI-PEM file
* p11sak: Import/export of IBM Dilithium keys in 'oqsprovider' format PEM files
* p11sak: Add option to show the master key verification patterns of secure keys
* Bug fixes
- Amended the .spec file
- Removed obsolete patch ocki-3.23-remove-make-install-chgrp.patchi
- Added a new patch ocki-3.24-remove-make-install-chgrp.patch
OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=154
111 lines
5.7 KiB
Diff
111 lines
5.7 KiB
Diff
--- a/Makefile.am 2024-09-11 08:46:18.000000000 +0200
|
|
+++ b/Makefile.am 2024-09-20 11:31:30.709823171 +0200
|
|
@@ -51,19 +51,9 @@
|
|
include doc/doc.mk
|
|
|
|
install-data-hook:
|
|
-if AIX
|
|
- lsgroup $(pkcs_group) > /dev/null || $(GROUPADD) -a pkcs11
|
|
- lsuser $(pkcsslotd_user) > /dev/null || $(USERADD) -g $(pkcs_group) -d $(DESTDIR)$(RUN_PATH)/opencryptoki -c "Opencryptoki pkcsslotd user" $(pkcsslotd_user)
|
|
-else
|
|
- getent group $(pkcs_group) > /dev/null || $(GROUPADD) -r $(pkcs_group)
|
|
- getent passwd $(pkcsslotd_user) >/dev/null || $(USERADD) -r -g $(pkcs_group) -d $(RUN_PATH)/opencryptoki -s /sbin/nologin -c "Opencryptoki pkcsslotd user" $(pkcsslotd_user)
|
|
-endif
|
|
$(MKDIR_P) $(DESTDIR)$(RUN_PATH)/opencryptoki/
|
|
- $(CHOWN) $(pkcsslotd_user):$(pkcs_group) $(DESTDIR)$(RUN_PATH)/opencryptoki/
|
|
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(RUN_PATH)/opencryptoki/
|
|
$(CHMOD) 0710 $(DESTDIR)$(RUN_PATH)/opencryptoki/
|
|
$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki
|
|
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki
|
|
$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki
|
|
if ENABLE_LIBRARY
|
|
$(MKDIR_P) $(DESTDIR)$(libdir)/opencryptoki/stdll
|
|
@@ -83,19 +73,15 @@
|
|
endif
|
|
if ENABLE_PKCSHSM_MK_CHANGE
|
|
$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/HSM_MK_CHANGE
|
|
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki/HSM_MK_CHANGE
|
|
$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/HSM_MK_CHANGE
|
|
endif
|
|
if ENABLE_CCATOK
|
|
cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
|
|
ln -fs libpkcs11_cca.$(SHLIBEXT) PKCS11_CCA.$(SHLIBEXT)
|
|
$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ
|
|
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ
|
|
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok
|
|
$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ
|
|
$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok
|
|
$(MKDIR_P) $(DESTDIR)$(lockdir)/ccatok
|
|
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(lockdir)/ccatok
|
|
$(CHMOD) 0770 $(DESTDIR)$(lockdir)/ccatok
|
|
test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true
|
|
test -f $(DESTDIR)$(sysconfdir)/opencryptoki/ccatok.conf || $(INSTALL) -m 644 $(srcdir)/usr/lib/cca_stdll/ccatok.conf $(DESTDIR)$(sysconfdir)/opencryptoki/ccatok.conf || true
|
|
@@ -104,12 +90,9 @@
|
|
cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
|
|
ln -fs libpkcs11_ep11.$(SHLIBEXT) PKCS11_EP11.$(SHLIBEXT)
|
|
$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok/TOK_OBJ
|
|
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok/TOK_OBJ
|
|
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok
|
|
$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok/TOK_OBJ
|
|
$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok
|
|
$(MKDIR_P) $(DESTDIR)$(lockdir)/ep11tok
|
|
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(lockdir)/ep11tok
|
|
$(CHMOD) 0770 $(DESTDIR)$(lockdir)/ep11tok
|
|
test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true
|
|
test -f $(DESTDIR)$(sysconfdir)/opencryptoki/ep11tok.conf || $(INSTALL) -m 644 $(srcdir)/usr/lib/ep11_stdll/ep11tok.conf $(DESTDIR)$(sysconfdir)/opencryptoki/ep11tok.conf || true
|
|
@@ -123,24 +106,18 @@
|
|
cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
|
|
ln -fs libpkcs11_ica.$(SHLIBEXT) PKCS11_ICA.$(SHLIBEXT)
|
|
$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ
|
|
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ
|
|
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite
|
|
$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ
|
|
$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite
|
|
$(MKDIR_P) $(DESTDIR)$(lockdir)/lite
|
|
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(lockdir)/lite
|
|
$(CHMOD) 0770 $(DESTDIR)$(lockdir)/lite
|
|
endif
|
|
if ENABLE_SWTOK
|
|
cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
|
|
ln -fs libpkcs11_sw.$(SHLIBEXT) PKCS11_SW.$(SHLIBEXT)
|
|
$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ
|
|
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ
|
|
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok
|
|
$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ
|
|
$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok
|
|
$(MKDIR_P) $(DESTDIR)$(lockdir)/swtok
|
|
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(lockdir)/swtok
|
|
$(CHMOD) 0770 $(DESTDIR)$(lockdir)/swtok
|
|
endif
|
|
if ENABLE_TPMTOK
|
|
@@ -148,10 +125,8 @@
|
|
cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
|
|
ln -fs libpkcs11_tpm.$(SHLIBEXT) PKCS11_TPM.$(SHLIBEXT)
|
|
$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm
|
|
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm
|
|
$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm
|
|
$(MKDIR_P) $(DESTDIR)$(lockdir)/tpm
|
|
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(lockdir)/tpm
|
|
$(CHMOD) 0770 $(DESTDIR)$(lockdir)/tpm
|
|
endif
|
|
if ENABLE_ICSFTOK
|
|
@@ -159,10 +134,8 @@
|
|
cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
|
|
ln -fs libpkcs11_icsf.$(SHLIBEXT) PKCS11_ICSF.$(SHLIBEXT)
|
|
$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf
|
|
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf
|
|
$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf
|
|
$(MKDIR_P) $(DESTDIR)$(lockdir)/icsf
|
|
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(lockdir)/icsf
|
|
$(CHMOD) 0770 $(DESTDIR)$(lockdir)/icsf
|
|
endif
|
|
if ENABLE_DAEMON
|
|
@@ -181,7 +154,6 @@
|
|
@echo "--------------------------------------------------------------"
|
|
endif
|
|
$(MKDIR_P) $(DESTDIR)$(lockdir) $(DESTDIR)$(logdir)
|
|
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(lockdir) $(DESTDIR)$(logdir)
|
|
$(CHMOD) 0770 $(DESTDIR)$(lockdir) $(DESTDIR)$(logdir)
|
|
|
|
|