openCryptoki/openCryptoki.spec

406 lines
14 KiB
RPMSpec

#
# spec file for package openCryptoki (Version 2.2.6)
#
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
%define openCryptoki_32bit_arch %ix86 s390 ppc %arm
# support in the workings for: ppc64
# no support in sight for: ia64
%define openCryptoki_64bit_arch s390x ppc64 x86_64
# autobuild:/work/cd/lib/misc/group
# openCryptoki pkcs11:x:64:
%define pkcs11_group_id 64
%define oc_cvs_tag opencryptoki-%{version}
Name: openCryptoki
BuildRequires: gcc-c++ libica openssl-devel pwdutils
Summary: An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic Hardware
Version: 2.2.6
Release: 10
License: IBM Public License
Group: Productivity/Security
# :pserver:anonymous@cvs.sourceforge.net:/cvsroot/opencryptoki
# cvs co -r openCryptoki-2-1-5 -d openCryptoki-2-1-5 .
Source: %{oc_cvs_tag}.tar.bz2
Source1: openCryptoki.pkcsslotd
Source2: openCryptoki-TFAQ.html
Patch1: ocki-2.2.6-PIN-backspace.patch
Url: http://oss.software.ibm.com/developerworks/opensource/opencryptoki
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: /usr/sbin/groupadd /usr/bin/id /usr/sbin/usermod /bin/sed
# IBM maintains openCryptoki on these architectures:
ExclusiveArch: %openCryptoki_32bit_arch %openCryptoki_64bit_arch
#
%description
The PKCS#11 version 2.11 API implemented for the IBM cryptographic
cards. This package includes support for the IBM 4758 cryptographic
coprocessor (with the PKCS#11 firmware loaded) and the IBM eServer
Cryptographic Accelerator (FC 4960 on pSeries).
%package devel
License: IBM Public License
Summary: An Implementation of PKCS#11 (Cryptoki) v2.01 for IBM Cryptographic Hardware
Group: Development/Languages/C and C++
Requires: openCryptoki = %{version}-%{release}, glibc-devel, openssl-devel
%description devel
The PKCS#11 version 2.01 API implemented for the IBM cryptographic
cards. This package includes support for the IBM 4758 cryptographic
co-processor (with the PKCS#11 firmware loaded) and the IBM eServer
Cryptographic Accelerator (FC 4960 on pSeries).
%ifarch %openCryptoki_32bit_arch
%package 32bit
License: IBM Public License
Summary: An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic Hardware
Group: Productivity/Security
# this is needed to make sure the pkcs11 group exists before
# installation:
PreReq: openCryptoki
ExclusiveArch: %openCryptoki_32bit_arch
%description 32bit
This is a re-packaged binary rpm. For the package source, please look
for the source of the package without the "32bit" ending
The PKCS#11 version 2.11 API implemented for the IBM cryptographic
cards. This package includes support for the IBM 4758 cryptographic
coprocessor (with the PKCS#11 firmware loaded) and the IBM eServer
Cryptographic Accelerator (FC 4960 on pSeries).
%endif
%ifarch %openCryptoki_64bit_arch
%package 64bit
License: IBM Public License
Summary: An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic Hardware
Group: Productivity/Security
# this is needed to make sure the pkcs11 group exists before
# installation:
PreReq: openCryptoki
ExclusiveArch: %openCryptoki_64bit_arch
%description 64bit
This is a re-packaged binary rpm. For the package source, please look
for the source of the package without the "64bit" ending
The PKCS#11 version 2.11 API implemented for the IBM cryptographic
cards. This package includes support for the IBM 4758 cryptographic
coprocessor (with the PKCS#11 firmware loaded) and the IBM eServer
Cryptographic Accelerator (FC 4960 on pSeries).
%endif
%prep
%setup -q -n %{oc_cvs_tag}
cp %{SOURCE2} .
%patch1
%build
autoreconf --force --install
CFLAGS="$RPM_OPT_FLAGS -D__USE_BSD" ./configure --prefix=/usr --libdir=%{_libdir}
make
%install
make install DESTDIR=$RPM_BUILD_ROOT INSROOT=$RPM_BUILD_ROOT
install -d $RPM_BUILD_ROOT/usr/include
install -d $RPM_BUILD_ROOT/var/lib/opencryptoki
install -d $RPM_BUILD_ROOT/etc/init.d
install -d $RPM_BUILD_ROOT/usr/sbin
install -m 544 %{S:1} $RPM_BUILD_ROOT/etc/init.d/pkcsslotd
ln -sfv ../../etc/init.d/pkcsslotd $RPM_BUILD_ROOT/usr/sbin/rcpkcsslotd
rm -rf $RPM_BUILD_ROOT/tmp
# Remove all development files
rm -f $RPM_BUILD_ROOT${_libdir}/opencryptoki/libopencryptoki.la
rm -f $RPM_BUILD_ROOT/%_libdir/opencryptoki/methods
%pre
# autobuild:/work/cd/lib/misc/group
# openCryptoki pkcs11:x:64:
/usr/sbin/groupadd -g %pkcs11_group_id -o -r pkcs11 2>/dev/null || true
# add root to group pkcs11 to enable root to run pkcsconf
/usr/sbin/usermod -G $(/usr/bin/id --groups --name root | /bin/sed \
-e 's/root//' -e '
# add the pkcs group if it is missing
/(^| )pkcs11( |$)/!s/$/ pkcs11/
# replace spaces by commas
y/ /,/
'),pkcs11 root
%post
# Symlink from /var/lib/opencryptoki to /etc/pkcs11
if [ ! -L %{_sysconfdir}/pkcs11 ] ; then
if [ -e %{_sysconfdir}/pkcs11/pk_config_data ] ; then
mv %{_sysconfdir}/pkcs11/* %{_localstatedir}/lib/opencryptoki
cd %{_sysconfdir} && rm -rf pkcs11 && \
ln -sf %{_localstatedir}/lib/opencryptoki pkcs11
fi
fi
/sbin/ldconfig
%postun
if [ -L %{_sysconfdir}/pkcs11 ] ; then
rm %{_sysconfdir}/pkcs11
fi
%ifarch %openCryptoki_32bit_arch
%postun 32bit
# remove the openCryptoki start script
%{insserv_cleanup}
%post 32bit
# Old library name links
cd %{_libdir}/opencryptoki && ln -sf ./libopencryptoki.so PKCS11_API.so
ln -sf %{_sbindir} %{_libdir}/opencryptoki/methods
rm -rf %{_libdir}/pkcs11/stdll
if [ -d %{_libdir}/pkcs11 ] ; then
cd %{_libdir}/pkcs11
ln -sf ../opencryptoki/stdll stdll
cd stdll
[ -f libpkcs11_ica.so ] && ln -sf ./libpkcs11_ica.so PKCS11_ICA.so || true
[ -f libpkcs11_sw.so ] && ln -sf ./libpkcs11_sw.so PKCS11_SW.so || true
fi
/sbin/ldconfig
%endif
%ifarch %openCryptoki_64bit_arch
%post 64bit
# Old library name for 64bit libs were under /usr/lib/pkcs11. For migration purposes only.
test -d /usr/lib/pkcs11 || mkdir -p /usr/lib/pkcs11
ln -sf %{_libdir}/opencryptoki/libopencryptoki.so /usr/lib/pkcs11/PKCS11_API.so64
/sbin/ldconfig
%endif
%files
%defattr(-,root,root)
%doc openCryptoki-TFAQ.html
# configuration directory
%dir %attr(755,root,pkcs11) /var/lib/opencryptoki
/etc/init.d/pkcsslotd
/usr/sbin/rcpkcsslotd
# utilities
/usr/sbin/pkcsslotd
/usr/sbin/pkcs11_startup
/usr/sbin/pkcsconf
/usr/sbin/pkcs_slot
%dir %{_libdir}/opencryptoki
%dir %{_libdir}/opencryptoki/stdll
%{_mandir}/man*/*
%files devel
%defattr(-,root,root)
%dir %{_libdir}/opencryptoki
%dir %{_libdir}/opencryptoki/stdll
%{_libdir}/opencryptoki/*.la
%{_libdir}/opencryptoki/stdll/*.la
%{_includedir}/opencryptoki
%ifarch %openCryptoki_32bit_arch
%files 32bit
%defattr(-,root,root)
# these don't conflict because they only exist as 64bit binaries if
# there is no 32bit version of them usable
%{_libdir}/opencryptoki/libopencryptoki.so
%ghost %{_libdir}/opencryptoki/PKCS11_API.so
%{_libdir}/opencryptoki/*.0
%ifnarch s390 s390x
%{_libdir}/opencryptoki/stdll/libpkcs11_sw.so
%ghost %{_libdir}/opencryptoki/stdll/PKCS11_SW.so
%else
%{_libdir}/opencryptoki/stdll/libpkcs11_ica.so
%ghost %{_libdir}/opencryptoki/stdll/PKCS11_ICA.so
%endif
%{_libdir}/opencryptoki/stdll/*.0
%dir %{_libdir}/pkcs11
%ghost %{_libdir}/pkcs11/stdll
%ghost %{_libdir}/pkcs11/methods
%{_libdir}/pkcs11/*.so
# %{_libdir}/libopencryptoki.so
# %{_libdir}/libopencryptoki.so.0
%{_sysconfdir}/ld.so.conf.d/*
%endif
%ifarch %openCryptoki_64bit_arch
%files 64bit
%defattr(-,root,root)
%dir %_libdir/opencryptoki
%{_libdir}/opencryptoki/*.so
%{_libdir}/opencryptoki/*.0
%dir %_libdir/opencryptoki/stdll
%{_libdir}/opencryptoki/stdll/*.so
%{_libdir}/opencryptoki/stdll/*.0
%{_libdir}/pkcs11
# %{_libdir}/libopencryptoki.so
# %{_libdir}/libopencryptoki.so.0
%{_sysconfdir}/ld.so.conf.d/*
%{_mandir}/man*/*
%endif
%changelog
* Fri Feb 20 2009 jjolly@suse.de
- pkcsslotd: Updated to use new pidfile location (bnc#475800)
* Fri Jan 23 2009 jjolly@suse.de
- Added fix to allow backspacing during PIN entry (bnc#448089)
* Fri Jan 23 2009 olh@suse.de
- run ldconfig in postinstall [bnc#417925]
* Tue Dec 09 2008 kukuk@suse.de
- Enable build on x86_64 [bnc#417925]
* Thu Nov 06 2008 jjolly@suse.de
- Overhaul of the specfile. All platforms build the base package
and each architecture builds the appropriate 32 or 64 bit package
* Fri Sep 12 2008 jjolly@suse.de
- Updated to openCryptoki v2.2.6
* Thu Aug 28 2008 ro@suse.de
- fix init script
* Fri Mar 30 2007 ro@suse.de
- added pwdutils to buildreq
* Fri Oct 20 2006 ro@suse.de
- fix missing return values from non-void funcs
* Fri Apr 21 2006 uli@suse.de
- pkcsslotd: create PID file in the right place, delete it on
exit (bug #164664)
* Tue Apr 11 2006 uli@suse.de
- added 64-bit patches from IBM (bug #145666)
* Mon Apr 10 2006 uli@suse.de
- added small change missing from patch for bug #156651
* Mon Apr 03 2006 uli@suse.de
- fixed location of pkcs11_startup in init script (bug #162372)
* Mon Mar 13 2006 uli@suse.de
- fixed proc_t structure mixup (bug #156651)
* Thu Mar 09 2006 uli@suse.de
- initialize head pointer (bug #156229)
* Mon Mar 06 2006 uli@suse.de
- %%ghost symlinks that are generated in %%post (bug #154961)
* Thu Feb 02 2006 uli@suse.de
- stuffed memleak (patch by IBM, bug #147036)
* Wed Feb 01 2006 uli@suse.de
- changed RPM layout to meet IBM's demands (based on patch by IBM,
bug #145666)
- removed mmap, per-user data store support (patch by IBM, bug
[#145666])
* Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires
* Thu Jan 12 2006 hare@suse.de
- Update to 2.2.2-rc2
* Wed Jan 11 2006 hare@suse.de
- Update to 2.2.1-rc2
- Fixed build errors
- Cleaned up spec file.
* Wed Dec 14 2005 ro@suse.de
- copy TFAQ to build directory (fix build)
* Mon Dec 12 2005 hare@suse.de
- Update to 2.1.6-rc5.
- Port fixes from SLES9 SP3.
* Tue Nov 15 2005 uli@suse.de
- enabled for ARM
* Thu Feb 17 2005 od@suse.de
- fix #50050:
- ./configure.in: wrong test against $host makes ppc(64) miss
-DPKCS64 in CFLAGS
- corrected: S390 flag was set for ppc in this conditional
* Mon Aug 16 2004 ro@suse.de
- run full autoreconf / simplify specfile a little
* Tue Apr 27 2004 hare@suse.de
- Print correct error message (#37427 again).
* Fri Apr 23 2004 hare@suse.de
- Check for the correct module on startup (#37427)
* Sun Apr 18 2004 olh@suse.de
- update to openCryptoki-2.1.5, ppc64 version (#39026)
* Wed Feb 18 2004 ro@suse.de
- adapt filelist on ppc
* Thu Feb 12 2004 kukuk@suse.de
- Fix owner/group of files/directories
* Fri Dec 05 2003 ro@suse.de
- no need to specify "root" as supplementary group for root,
it's already primary
* Wed Jul 30 2003 hare@suse.de
- Update to openCryptoki-2.1.3
- Fixed configure errors.
* Mon Jun 23 2003 ro@suse.de
- added directories to filelist
* Tue Jun 03 2003 ro@suse.de
- remove CVS subdirs
- remove unpackaged files from buildroot
* Thu Nov 21 2002 ro@suse.de
- removed duplicates from configure.in
* Tue Oct 01 2002 froh@suse.de
- exclude ppc64 from the architectures, the package is built for.
64bit mode is not supported by IBM yet; dlopen wrappers are also
missing 64bit filename handling. (#20380)
- actually compress the openCryptoki-1.4*.tar.bz2
* Tue Sep 24 2002 ro@suse.de
- make it even build ...
* Tue Sep 24 2002 froh@suse.de
- make openCryptoki-XXbit PreReq: openCryptoki to enforce pkcs11 group
creation before package installation (#20079)
- correct version number (the patch actiually lifts openCryptoki to 1.5)
- fix groupadd call to no longer silently ignore errors in all cases
using (hopefully) posix exit codes. alternative would be to use
undocumented '-f' option of groupadd.
* Fri Sep 20 2002 froh@suse.de
- add user root to group pkcs11 to enable root to administrate the
crypto hardware support (#19566)
* Mon Aug 26 2002 okir@suse.de
- misc security fixes (#18377)
* Fri Aug 23 2002 froh@suse.de
- replaced openCryptoki-tools with openCryptoki-32bit and
openCryptoki-64bit
* Thu Aug 22 2002 froh@suse.de
- moved dlopen objects that are available for non-x86 out of the
ifarch ix86
- moved postun to tools subpackge (which contains the daemon)
- removed include files. no development support for now.
- replaced %%ix86, etc by appropriate generic %%openCryptoki_tools_arch
and %%openCryptoki_no_tools_arch
* Wed Aug 21 2002 ro@suse.de
- replaced all i386 occurrences with %%ix86
- changed filelist to what's really built
* Tue Aug 20 2002 froh@suse.de
- split package to openCryptoki and openCryptoki-tools to allow
parallel installation of 32bit tools with 64bit dlopen objects for
foreign middleware.
- removed automatical insserv on install, because the package needs
manual configuration (#18031)
* Mon Aug 12 2002 froh@suse.de
- added missing %%post before insserv (Bug #17600)
* Fri Aug 09 2002 kukuk@suse.de
- Fix path in PreReq.
* Wed Aug 07 2002 froh@suse.de
- add groupadd pkcs11 in %%pre install
* Mon Jul 29 2002 froh@suse.de
- updated to current version
- removed old START_ variable
* Thu Jun 13 2002 ro@suse.de
- always use macros when calling insserv
* Tue Apr 09 2002 bk@suse.de
- add lib64 support
* Tue Feb 05 2002 froh@suse.de
- Added openssl to #neededforbuild, which is needed in addition to
openssl-devel
* Wed Jan 30 2002 froh@suse.de
- initial version