406 lines
14 KiB
RPMSpec
406 lines
14 KiB
RPMSpec
#
|
|
# spec file for package openCryptoki (Version 2.2.6)
|
|
#
|
|
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
|
#
|
|
|
|
# norootforbuild
|
|
|
|
%define openCryptoki_32bit_arch %ix86 s390 ppc %arm
|
|
# support in the workings for: ppc64
|
|
# no support in sight for: ia64
|
|
%define openCryptoki_64bit_arch s390x ppc64 x86_64
|
|
# autobuild:/work/cd/lib/misc/group
|
|
# openCryptoki pkcs11:x:64:
|
|
%define pkcs11_group_id 64
|
|
%define oc_cvs_tag opencryptoki-%{version}
|
|
|
|
Name: openCryptoki
|
|
BuildRequires: gcc-c++ libica openssl-devel pwdutils
|
|
Summary: An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic Hardware
|
|
Version: 2.2.6
|
|
Release: 10
|
|
License: IBM Public License
|
|
Group: Productivity/Security
|
|
# :pserver:anonymous@cvs.sourceforge.net:/cvsroot/opencryptoki
|
|
# cvs co -r openCryptoki-2-1-5 -d openCryptoki-2-1-5 .
|
|
Source: %{oc_cvs_tag}.tar.bz2
|
|
Source1: openCryptoki.pkcsslotd
|
|
Source2: openCryptoki-TFAQ.html
|
|
Patch1: ocki-2.2.6-PIN-backspace.patch
|
|
Url: http://oss.software.ibm.com/developerworks/opensource/opencryptoki
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
|
PreReq: /usr/sbin/groupadd /usr/bin/id /usr/sbin/usermod /bin/sed
|
|
# IBM maintains openCryptoki on these architectures:
|
|
ExclusiveArch: %openCryptoki_32bit_arch %openCryptoki_64bit_arch
|
|
#
|
|
|
|
%description
|
|
The PKCS#11 version 2.11 API implemented for the IBM cryptographic
|
|
cards. This package includes support for the IBM 4758 cryptographic
|
|
coprocessor (with the PKCS#11 firmware loaded) and the IBM eServer
|
|
Cryptographic Accelerator (FC 4960 on pSeries).
|
|
|
|
|
|
|
|
%package devel
|
|
License: IBM Public License
|
|
Summary: An Implementation of PKCS#11 (Cryptoki) v2.01 for IBM Cryptographic Hardware
|
|
Group: Development/Languages/C and C++
|
|
Requires: openCryptoki = %{version}-%{release}, glibc-devel, openssl-devel
|
|
|
|
%description devel
|
|
The PKCS#11 version 2.01 API implemented for the IBM cryptographic
|
|
cards. This package includes support for the IBM 4758 cryptographic
|
|
co-processor (with the PKCS#11 firmware loaded) and the IBM eServer
|
|
Cryptographic Accelerator (FC 4960 on pSeries).
|
|
|
|
|
|
|
|
%ifarch %openCryptoki_32bit_arch
|
|
|
|
%package 32bit
|
|
License: IBM Public License
|
|
Summary: An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic Hardware
|
|
Group: Productivity/Security
|
|
# this is needed to make sure the pkcs11 group exists before
|
|
# installation:
|
|
PreReq: openCryptoki
|
|
ExclusiveArch: %openCryptoki_32bit_arch
|
|
|
|
%description 32bit
|
|
This is a re-packaged binary rpm. For the package source, please look
|
|
for the source of the package without the "32bit" ending
|
|
|
|
The PKCS#11 version 2.11 API implemented for the IBM cryptographic
|
|
cards. This package includes support for the IBM 4758 cryptographic
|
|
coprocessor (with the PKCS#11 firmware loaded) and the IBM eServer
|
|
Cryptographic Accelerator (FC 4960 on pSeries).
|
|
|
|
|
|
|
|
%endif
|
|
%ifarch %openCryptoki_64bit_arch
|
|
|
|
%package 64bit
|
|
License: IBM Public License
|
|
Summary: An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic Hardware
|
|
Group: Productivity/Security
|
|
# this is needed to make sure the pkcs11 group exists before
|
|
# installation:
|
|
PreReq: openCryptoki
|
|
ExclusiveArch: %openCryptoki_64bit_arch
|
|
|
|
%description 64bit
|
|
This is a re-packaged binary rpm. For the package source, please look
|
|
for the source of the package without the "64bit" ending
|
|
|
|
The PKCS#11 version 2.11 API implemented for the IBM cryptographic
|
|
cards. This package includes support for the IBM 4758 cryptographic
|
|
coprocessor (with the PKCS#11 firmware loaded) and the IBM eServer
|
|
Cryptographic Accelerator (FC 4960 on pSeries).
|
|
|
|
|
|
|
|
%endif
|
|
|
|
%prep
|
|
%setup -q -n %{oc_cvs_tag}
|
|
cp %{SOURCE2} .
|
|
%patch1
|
|
|
|
%build
|
|
autoreconf --force --install
|
|
CFLAGS="$RPM_OPT_FLAGS -D__USE_BSD" ./configure --prefix=/usr --libdir=%{_libdir}
|
|
make
|
|
|
|
%install
|
|
make install DESTDIR=$RPM_BUILD_ROOT INSROOT=$RPM_BUILD_ROOT
|
|
install -d $RPM_BUILD_ROOT/usr/include
|
|
install -d $RPM_BUILD_ROOT/var/lib/opencryptoki
|
|
install -d $RPM_BUILD_ROOT/etc/init.d
|
|
install -d $RPM_BUILD_ROOT/usr/sbin
|
|
install -m 544 %{S:1} $RPM_BUILD_ROOT/etc/init.d/pkcsslotd
|
|
ln -sfv ../../etc/init.d/pkcsslotd $RPM_BUILD_ROOT/usr/sbin/rcpkcsslotd
|
|
rm -rf $RPM_BUILD_ROOT/tmp
|
|
# Remove all development files
|
|
rm -f $RPM_BUILD_ROOT${_libdir}/opencryptoki/libopencryptoki.la
|
|
rm -f $RPM_BUILD_ROOT/%_libdir/opencryptoki/methods
|
|
|
|
%pre
|
|
# autobuild:/work/cd/lib/misc/group
|
|
# openCryptoki pkcs11:x:64:
|
|
/usr/sbin/groupadd -g %pkcs11_group_id -o -r pkcs11 2>/dev/null || true
|
|
# add root to group pkcs11 to enable root to run pkcsconf
|
|
/usr/sbin/usermod -G $(/usr/bin/id --groups --name root | /bin/sed \
|
|
-e 's/root//' -e '
|
|
# add the pkcs group if it is missing
|
|
/(^| )pkcs11( |$)/!s/$/ pkcs11/
|
|
# replace spaces by commas
|
|
y/ /,/
|
|
'),pkcs11 root
|
|
|
|
%post
|
|
# Symlink from /var/lib/opencryptoki to /etc/pkcs11
|
|
if [ ! -L %{_sysconfdir}/pkcs11 ] ; then
|
|
if [ -e %{_sysconfdir}/pkcs11/pk_config_data ] ; then
|
|
mv %{_sysconfdir}/pkcs11/* %{_localstatedir}/lib/opencryptoki
|
|
cd %{_sysconfdir} && rm -rf pkcs11 && \
|
|
ln -sf %{_localstatedir}/lib/opencryptoki pkcs11
|
|
fi
|
|
fi
|
|
/sbin/ldconfig
|
|
|
|
%postun
|
|
if [ -L %{_sysconfdir}/pkcs11 ] ; then
|
|
rm %{_sysconfdir}/pkcs11
|
|
fi
|
|
%ifarch %openCryptoki_32bit_arch
|
|
|
|
%postun 32bit
|
|
# remove the openCryptoki start script
|
|
%{insserv_cleanup}
|
|
|
|
%post 32bit
|
|
# Old library name links
|
|
cd %{_libdir}/opencryptoki && ln -sf ./libopencryptoki.so PKCS11_API.so
|
|
ln -sf %{_sbindir} %{_libdir}/opencryptoki/methods
|
|
rm -rf %{_libdir}/pkcs11/stdll
|
|
if [ -d %{_libdir}/pkcs11 ] ; then
|
|
cd %{_libdir}/pkcs11
|
|
ln -sf ../opencryptoki/stdll stdll
|
|
cd stdll
|
|
[ -f libpkcs11_ica.so ] && ln -sf ./libpkcs11_ica.so PKCS11_ICA.so || true
|
|
[ -f libpkcs11_sw.so ] && ln -sf ./libpkcs11_sw.so PKCS11_SW.so || true
|
|
fi
|
|
/sbin/ldconfig
|
|
%endif
|
|
%ifarch %openCryptoki_64bit_arch
|
|
|
|
%post 64bit
|
|
# Old library name for 64bit libs were under /usr/lib/pkcs11. For migration purposes only.
|
|
test -d /usr/lib/pkcs11 || mkdir -p /usr/lib/pkcs11
|
|
ln -sf %{_libdir}/opencryptoki/libopencryptoki.so /usr/lib/pkcs11/PKCS11_API.so64
|
|
/sbin/ldconfig
|
|
%endif
|
|
|
|
%files
|
|
%defattr(-,root,root)
|
|
%doc openCryptoki-TFAQ.html
|
|
# configuration directory
|
|
%dir %attr(755,root,pkcs11) /var/lib/opencryptoki
|
|
/etc/init.d/pkcsslotd
|
|
/usr/sbin/rcpkcsslotd
|
|
# utilities
|
|
/usr/sbin/pkcsslotd
|
|
/usr/sbin/pkcs11_startup
|
|
/usr/sbin/pkcsconf
|
|
/usr/sbin/pkcs_slot
|
|
%dir %{_libdir}/opencryptoki
|
|
%dir %{_libdir}/opencryptoki/stdll
|
|
%{_mandir}/man*/*
|
|
|
|
%files devel
|
|
%defattr(-,root,root)
|
|
%dir %{_libdir}/opencryptoki
|
|
%dir %{_libdir}/opencryptoki/stdll
|
|
%{_libdir}/opencryptoki/*.la
|
|
%{_libdir}/opencryptoki/stdll/*.la
|
|
%{_includedir}/opencryptoki
|
|
%ifarch %openCryptoki_32bit_arch
|
|
|
|
%files 32bit
|
|
%defattr(-,root,root)
|
|
# these don't conflict because they only exist as 64bit binaries if
|
|
# there is no 32bit version of them usable
|
|
%{_libdir}/opencryptoki/libopencryptoki.so
|
|
%ghost %{_libdir}/opencryptoki/PKCS11_API.so
|
|
%{_libdir}/opencryptoki/*.0
|
|
%ifnarch s390 s390x
|
|
%{_libdir}/opencryptoki/stdll/libpkcs11_sw.so
|
|
%ghost %{_libdir}/opencryptoki/stdll/PKCS11_SW.so
|
|
%else
|
|
%{_libdir}/opencryptoki/stdll/libpkcs11_ica.so
|
|
%ghost %{_libdir}/opencryptoki/stdll/PKCS11_ICA.so
|
|
%endif
|
|
%{_libdir}/opencryptoki/stdll/*.0
|
|
%dir %{_libdir}/pkcs11
|
|
%ghost %{_libdir}/pkcs11/stdll
|
|
%ghost %{_libdir}/pkcs11/methods
|
|
%{_libdir}/pkcs11/*.so
|
|
# %{_libdir}/libopencryptoki.so
|
|
# %{_libdir}/libopencryptoki.so.0
|
|
%{_sysconfdir}/ld.so.conf.d/*
|
|
%endif
|
|
%ifarch %openCryptoki_64bit_arch
|
|
|
|
%files 64bit
|
|
%defattr(-,root,root)
|
|
%dir %_libdir/opencryptoki
|
|
%{_libdir}/opencryptoki/*.so
|
|
%{_libdir}/opencryptoki/*.0
|
|
%dir %_libdir/opencryptoki/stdll
|
|
%{_libdir}/opencryptoki/stdll/*.so
|
|
%{_libdir}/opencryptoki/stdll/*.0
|
|
%{_libdir}/pkcs11
|
|
# %{_libdir}/libopencryptoki.so
|
|
# %{_libdir}/libopencryptoki.so.0
|
|
%{_sysconfdir}/ld.so.conf.d/*
|
|
%{_mandir}/man*/*
|
|
%endif
|
|
|
|
%changelog
|
|
* Fri Feb 20 2009 jjolly@suse.de
|
|
- pkcsslotd: Updated to use new pidfile location (bnc#475800)
|
|
* Fri Jan 23 2009 jjolly@suse.de
|
|
- Added fix to allow backspacing during PIN entry (bnc#448089)
|
|
* Fri Jan 23 2009 olh@suse.de
|
|
- run ldconfig in postinstall [bnc#417925]
|
|
* Tue Dec 09 2008 kukuk@suse.de
|
|
- Enable build on x86_64 [bnc#417925]
|
|
* Thu Nov 06 2008 jjolly@suse.de
|
|
- Overhaul of the specfile. All platforms build the base package
|
|
and each architecture builds the appropriate 32 or 64 bit package
|
|
* Fri Sep 12 2008 jjolly@suse.de
|
|
- Updated to openCryptoki v2.2.6
|
|
* Thu Aug 28 2008 ro@suse.de
|
|
- fix init script
|
|
* Fri Mar 30 2007 ro@suse.de
|
|
- added pwdutils to buildreq
|
|
* Fri Oct 20 2006 ro@suse.de
|
|
- fix missing return values from non-void funcs
|
|
* Fri Apr 21 2006 uli@suse.de
|
|
- pkcsslotd: create PID file in the right place, delete it on
|
|
exit (bug #164664)
|
|
* Tue Apr 11 2006 uli@suse.de
|
|
- added 64-bit patches from IBM (bug #145666)
|
|
* Mon Apr 10 2006 uli@suse.de
|
|
- added small change missing from patch for bug #156651
|
|
* Mon Apr 03 2006 uli@suse.de
|
|
- fixed location of pkcs11_startup in init script (bug #162372)
|
|
* Mon Mar 13 2006 uli@suse.de
|
|
- fixed proc_t structure mixup (bug #156651)
|
|
* Thu Mar 09 2006 uli@suse.de
|
|
- initialize head pointer (bug #156229)
|
|
* Mon Mar 06 2006 uli@suse.de
|
|
- %%ghost symlinks that are generated in %%post (bug #154961)
|
|
* Thu Feb 02 2006 uli@suse.de
|
|
- stuffed memleak (patch by IBM, bug #147036)
|
|
* Wed Feb 01 2006 uli@suse.de
|
|
- changed RPM layout to meet IBM's demands (based on patch by IBM,
|
|
bug #145666)
|
|
- removed mmap, per-user data store support (patch by IBM, bug
|
|
[#145666])
|
|
* Wed Jan 25 2006 mls@suse.de
|
|
- converted neededforbuild to BuildRequires
|
|
* Thu Jan 12 2006 hare@suse.de
|
|
- Update to 2.2.2-rc2
|
|
* Wed Jan 11 2006 hare@suse.de
|
|
- Update to 2.2.1-rc2
|
|
- Fixed build errors
|
|
- Cleaned up spec file.
|
|
* Wed Dec 14 2005 ro@suse.de
|
|
- copy TFAQ to build directory (fix build)
|
|
* Mon Dec 12 2005 hare@suse.de
|
|
- Update to 2.1.6-rc5.
|
|
- Port fixes from SLES9 SP3.
|
|
* Tue Nov 15 2005 uli@suse.de
|
|
- enabled for ARM
|
|
* Thu Feb 17 2005 od@suse.de
|
|
- fix #50050:
|
|
- ./configure.in: wrong test against $host makes ppc(64) miss
|
|
-DPKCS64 in CFLAGS
|
|
- corrected: S390 flag was set for ppc in this conditional
|
|
* Mon Aug 16 2004 ro@suse.de
|
|
- run full autoreconf / simplify specfile a little
|
|
* Tue Apr 27 2004 hare@suse.de
|
|
- Print correct error message (#37427 again).
|
|
* Fri Apr 23 2004 hare@suse.de
|
|
- Check for the correct module on startup (#37427)
|
|
* Sun Apr 18 2004 olh@suse.de
|
|
- update to openCryptoki-2.1.5, ppc64 version (#39026)
|
|
* Wed Feb 18 2004 ro@suse.de
|
|
- adapt filelist on ppc
|
|
* Thu Feb 12 2004 kukuk@suse.de
|
|
- Fix owner/group of files/directories
|
|
* Fri Dec 05 2003 ro@suse.de
|
|
- no need to specify "root" as supplementary group for root,
|
|
it's already primary
|
|
* Wed Jul 30 2003 hare@suse.de
|
|
- Update to openCryptoki-2.1.3
|
|
- Fixed configure errors.
|
|
* Mon Jun 23 2003 ro@suse.de
|
|
- added directories to filelist
|
|
* Tue Jun 03 2003 ro@suse.de
|
|
- remove CVS subdirs
|
|
- remove unpackaged files from buildroot
|
|
* Thu Nov 21 2002 ro@suse.de
|
|
- removed duplicates from configure.in
|
|
* Tue Oct 01 2002 froh@suse.de
|
|
- exclude ppc64 from the architectures, the package is built for.
|
|
64bit mode is not supported by IBM yet; dlopen wrappers are also
|
|
missing 64bit filename handling. (#20380)
|
|
- actually compress the openCryptoki-1.4*.tar.bz2
|
|
* Tue Sep 24 2002 ro@suse.de
|
|
- make it even build ...
|
|
* Tue Sep 24 2002 froh@suse.de
|
|
- make openCryptoki-XXbit PreReq: openCryptoki to enforce pkcs11 group
|
|
creation before package installation (#20079)
|
|
- correct version number (the patch actiually lifts openCryptoki to 1.5)
|
|
- fix groupadd call to no longer silently ignore errors in all cases
|
|
using (hopefully) posix exit codes. alternative would be to use
|
|
undocumented '-f' option of groupadd.
|
|
* Fri Sep 20 2002 froh@suse.de
|
|
- add user root to group pkcs11 to enable root to administrate the
|
|
crypto hardware support (#19566)
|
|
* Mon Aug 26 2002 okir@suse.de
|
|
- misc security fixes (#18377)
|
|
* Fri Aug 23 2002 froh@suse.de
|
|
- replaced openCryptoki-tools with openCryptoki-32bit and
|
|
openCryptoki-64bit
|
|
* Thu Aug 22 2002 froh@suse.de
|
|
- moved dlopen objects that are available for non-x86 out of the
|
|
ifarch ix86
|
|
- moved postun to tools subpackge (which contains the daemon)
|
|
- removed include files. no development support for now.
|
|
- replaced %%ix86, etc by appropriate generic %%openCryptoki_tools_arch
|
|
and %%openCryptoki_no_tools_arch
|
|
* Wed Aug 21 2002 ro@suse.de
|
|
- replaced all i386 occurrences with %%ix86
|
|
- changed filelist to what's really built
|
|
* Tue Aug 20 2002 froh@suse.de
|
|
- split package to openCryptoki and openCryptoki-tools to allow
|
|
parallel installation of 32bit tools with 64bit dlopen objects for
|
|
foreign middleware.
|
|
- removed automatical insserv on install, because the package needs
|
|
manual configuration (#18031)
|
|
* Mon Aug 12 2002 froh@suse.de
|
|
- added missing %%post before insserv (Bug #17600)
|
|
* Fri Aug 09 2002 kukuk@suse.de
|
|
- Fix path in PreReq.
|
|
* Wed Aug 07 2002 froh@suse.de
|
|
- add groupadd pkcs11 in %%pre install
|
|
* Mon Jul 29 2002 froh@suse.de
|
|
- updated to current version
|
|
- removed old START_ variable
|
|
* Thu Jun 13 2002 ro@suse.de
|
|
- always use macros when calling insserv
|
|
* Tue Apr 09 2002 bk@suse.de
|
|
- add lib64 support
|
|
* Tue Feb 05 2002 froh@suse.de
|
|
- Added openssl to #neededforbuild, which is needed in addition to
|
|
openssl-devel
|
|
* Wed Jan 30 2002 froh@suse.de
|
|
- initial version
|