d6c48bed19
Fixes for bnc#880217 - systemd enabled OBS-URL: https://build.opensuse.org/request/show/238818 OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=17
380 lines
12 KiB
RPMSpec
380 lines
12 KiB
RPMSpec
#
|
|
# spec file for package openCryptoki
|
|
#
|
|
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
|
#
|
|
|
|
|
|
%define openCryptoki_32bit_arch %ix86 s390 ppc %arm
|
|
# support in the workings for: ppc64
|
|
# no support in sight for: ia64
|
|
%define openCryptoki_64bit_arch s390x ppc64 ppc64le x86_64 aarch64
|
|
# autobuild:/work/cd/lib/misc/group
|
|
# openCryptoki pkcs11:x:64:
|
|
%define pkcs11_group_id 64
|
|
%define oc_cvs_tag opencryptoki
|
|
|
|
%if 0%{?suse_version} > 1220
|
|
%define uses_systemd 1
|
|
%else
|
|
%define uses_systemd 0
|
|
%endif
|
|
|
|
Name: openCryptoki
|
|
BuildRequires: bison
|
|
BuildRequires: flex
|
|
BuildRequires: gcc-c++
|
|
%ifarch s390 s390x
|
|
BuildRequires: libica-2_3_0-devel
|
|
%endif
|
|
BuildRequires: libtool
|
|
BuildRequires: openldap2-devel
|
|
BuildRequires: openssl-devel
|
|
BuildRequires: pwdutils
|
|
BuildRequires: trousers-devel
|
|
%if %{uses_systemd}
|
|
BuildRequires: pkgconfig(systemd)
|
|
%{?systemd_requires}
|
|
%endif
|
|
Summary: An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic Hardware
|
|
License: IPL-1.0
|
|
Group: Productivity/Security
|
|
Version: 3.1
|
|
Release: 0
|
|
# :pserver:anonymous@cvs.sourceforge.net:/cvsroot/opencryptoki
|
|
# cvs co -r openCryptoki-2-1-5 -d openCryptoki-2-1-5 .
|
|
Source: %{oc_cvs_tag}-v%{version}.tar.bz2
|
|
Source1: openCryptoki.pkcsslotd
|
|
Source2: openCryptoki-TFAQ.html
|
|
Source3: openCryptoki-tmp.conf
|
|
Patch1: ocki-3.1-remove-make-install-chgrp-chmod.patch
|
|
Patch2: ocki-3.1-fix-init_d-path.patch
|
|
Patch3: ocki-3.1-fix-implicit-decl.patch
|
|
Patch4: ocki-3.1-fix-libica-link.patch
|
|
Patch5: ocki-3.1_01_ep11_makefile.patch
|
|
Patch6: ocki-3.1_02_ep11_m_init.patch
|
|
Patch7: ocki-3.1_03_ock_obj_mgr.patch
|
|
Patch8: ocki-3.1_04_ep11_opaque2blob_error_handl.patch
|
|
Patch9: ocki-3.1_05_ep11_readme_update.patch
|
|
Patch10: ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch
|
|
Patch11: ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch
|
|
Patch12: ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch
|
|
Patch13: ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch
|
|
Patch14: ocki-3.1_06_0005-Small-reworks.patch
|
|
Patch15: ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch
|
|
Patch16: ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch
|
|
Url: http://oss.software.ibm.com/developerworks/opensource/opencryptoki
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
|
PreReq: /usr/sbin/groupadd /usr/bin/id /usr/sbin/usermod /bin/sed %insserv_prereq
|
|
# IBM maintains openCryptoki on these architectures:
|
|
ExclusiveArch: %openCryptoki_32bit_arch %openCryptoki_64bit_arch
|
|
#
|
|
|
|
%description
|
|
The PKCS#11 version 2.11 API implemented for the IBM cryptographic
|
|
cards. This package includes support for the IBM 4758 cryptographic
|
|
coprocessor (with the PKCS#11 firmware loaded) and the IBM eServer
|
|
Cryptographic Accelerator (FC 4960 on pSeries).
|
|
|
|
|
|
|
|
%package devel
|
|
Summary: An Implementation of PKCS#11 (Cryptoki) v2.01 for IBM Cryptographic Hardware
|
|
Group: Development/Languages/C and C++
|
|
Requires: glibc-devel
|
|
Requires: openCryptoki = %{version}-%{release}
|
|
Requires: openssl-devel
|
|
|
|
%description devel
|
|
The PKCS#11 version 2.01 API implemented for the IBM cryptographic
|
|
cards. This package includes support for the IBM 4758 cryptographic
|
|
co-processor (with the PKCS#11 firmware loaded) and the IBM eServer
|
|
Cryptographic Accelerator (FC 4960 on pSeries).
|
|
|
|
|
|
|
|
%ifarch %openCryptoki_32bit_arch
|
|
|
|
%package 32bit
|
|
Summary: An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic Hardware
|
|
Group: Productivity/Security
|
|
# this is needed to make sure the pkcs11 group exists before
|
|
# installation:
|
|
PreReq: openCryptoki
|
|
ExclusiveArch: %openCryptoki_32bit_arch
|
|
|
|
%description 32bit
|
|
This is a re-packaged binary rpm. For the package source, please look
|
|
for the source of the package without the "32bit" ending
|
|
|
|
The PKCS#11 version 2.11 API implemented for the IBM cryptographic
|
|
cards. This package includes support for the IBM 4758 cryptographic
|
|
coprocessor (with the PKCS#11 firmware loaded) and the IBM eServer
|
|
Cryptographic Accelerator (FC 4960 on pSeries).
|
|
|
|
|
|
|
|
%endif
|
|
%ifarch %openCryptoki_64bit_arch
|
|
|
|
%package 64bit
|
|
Summary: An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic Hardware
|
|
Group: Productivity/Security
|
|
# this is needed to make sure the pkcs11 group exists before
|
|
# installation:
|
|
PreReq: openCryptoki
|
|
ExclusiveArch: %openCryptoki_64bit_arch
|
|
|
|
%description 64bit
|
|
This is a re-packaged binary rpm. For the package source, please look
|
|
for the source of the package without the "64bit" ending
|
|
|
|
The PKCS#11 version 2.11 API implemented for the IBM cryptographic
|
|
cards. This package includes support for the IBM 4758 cryptographic
|
|
coprocessor (with the PKCS#11 firmware loaded) and the IBM eServer
|
|
Cryptographic Accelerator (FC 4960 on pSeries).
|
|
|
|
|
|
|
|
%endif
|
|
|
|
%prep
|
|
%setup -q -n %{oc_cvs_tag}
|
|
%patch1 -p1
|
|
%patch2 -p1
|
|
%patch3 -p1
|
|
%patch4 -p1
|
|
%patch5 -p1
|
|
%patch6 -p1
|
|
%patch7 -p1
|
|
%patch8 -p1
|
|
%patch9 -p1
|
|
%patch10 -p1
|
|
%patch11 -p1
|
|
%patch12 -p1
|
|
%patch13 -p1
|
|
%patch14 -p1
|
|
%patch15 -p1
|
|
%patch16 -p1
|
|
cp %{SOURCE2} .
|
|
|
|
%build
|
|
autoreconf --force --install
|
|
CFLAGS="$RPM_OPT_FLAGS -D__USE_BSD" ./configure \
|
|
--prefix=/usr \
|
|
--libdir=%{_libdir} \
|
|
--enable-tpmtok \
|
|
%if %{uses_systemd}
|
|
--with-systemd=/usr/lib/systemd/system \
|
|
%endif
|
|
--sysconfdir=%{_sysconfdir} \
|
|
--localstatedir=%{_localstatedir}
|
|
make
|
|
|
|
%install
|
|
make install DESTDIR=$RPM_BUILD_ROOT INSROOT=$RPM_BUILD_ROOT
|
|
install -d $RPM_BUILD_ROOT/usr/include
|
|
install -d $RPM_BUILD_ROOT/var/lib/opencryptoki
|
|
install -d $RPM_BUILD_ROOT/etc/init.d
|
|
install -d $RPM_BUILD_ROOT/usr/sbin
|
|
%if %{uses_systemd}
|
|
install -d $RPM_BUILD_ROOT/usr/lib/tmpfiles.d
|
|
install -m 644 %{S:3} $RPM_BUILD_ROOT/usr/lib/tmpfiles.d/openCryptoki-tmp.conf
|
|
ln -s /usr/sbin/service $RPM_BUILD_ROOT/usr/sbin/rcpkcsslotd
|
|
%else
|
|
install -m 544 %{S:1} $RPM_BUILD_ROOT/etc/init.d/pkcsslotd
|
|
ln -sfv ../../etc/init.d/pkcsslotd $RPM_BUILD_ROOT/usr/sbin/rcpkcsslotd
|
|
%endif
|
|
rm -rf $RPM_BUILD_ROOT/tmp
|
|
# Remove all development files
|
|
rm -f $RPM_BUILD_ROOT${_libdir}/opencryptoki/libopencryptoki.la
|
|
rm -f $RPM_BUILD_ROOT/%_libdir/opencryptoki/methods
|
|
|
|
%pre
|
|
%if %{uses_systemd}
|
|
%{service_add_pre pkcsslotd.service}
|
|
%endif
|
|
# autobuild:/work/cd/lib/misc/group
|
|
# openCryptoki pkcs11:x:64:
|
|
/usr/sbin/groupadd -g %pkcs11_group_id -r pkcs11 2>/dev/null || true
|
|
/usr/sbin/usermod -G $(/usr/bin/id --groups --name root | /bin/sed \
|
|
-e 's/root//' -e '
|
|
# add the pkcs group if it is missing
|
|
/(^| )pkcs11( |$)/!s/$/ pkcs11/
|
|
# replace spaces by commas
|
|
y/ /,/
|
|
# remove leading , if present
|
|
s/^,//
|
|
'),pkcs11 root
|
|
|
|
%preun
|
|
%if %{uses_systemd}
|
|
%{service_del_preun pkcsslotd.service}
|
|
%else
|
|
%{stop_on_removal pkcsslotd}
|
|
%endif
|
|
|
|
%post
|
|
# Symlink from /var/lib/opencryptoki to /etc/pkcs11
|
|
if [ ! -L %{_sysconfdir}/pkcs11 ] ; then
|
|
if [ -e %{_sysconfdir}/pkcs11/pk_config_data ] ; then
|
|
mv %{_sysconfdir}/pkcs11/* %{_localstatedir}/lib/opencryptoki
|
|
cd %{_sysconfdir} && rm -rf pkcs11 && \
|
|
ln -sf %{_localstatedir}/lib/opencryptoki pkcs11
|
|
fi
|
|
fi
|
|
/sbin/ldconfig
|
|
%if %{uses_systemd}
|
|
%{service_add_post pkcsslotd.service}
|
|
%else
|
|
%{fillup_and_insserv -f pkcsslotd}
|
|
%endif
|
|
|
|
%postun
|
|
if [ -L %{_sysconfdir}/pkcs11 ] ; then
|
|
rm %{_sysconfdir}/pkcs11
|
|
fi
|
|
%if %{uses_systemd}
|
|
%{service_del_postun pkcsslotd.service}
|
|
%else
|
|
%{restart_on_update pkcsslotd}
|
|
%{insserv_cleanup}
|
|
%endif
|
|
|
|
%ifarch %openCryptoki_32bit_arch
|
|
|
|
%postun 32bit
|
|
# remove the openCryptoki start script
|
|
%{insserv_cleanup}
|
|
|
|
%post 32bit
|
|
# Old library name links
|
|
cd %{_libdir}/opencryptoki && ln -sf ./libopencryptoki.so PKCS11_API.so
|
|
ln -sf %{_sbindir} %{_libdir}/opencryptoki/methods
|
|
rm -rf %{_libdir}/pkcs11/stdll
|
|
test -d /usr/lib/pkcs11 || mkdir -p /usr/lib/pkcs11
|
|
cd /usr/lib/pkcs11
|
|
ln -sf ../opencryptoki/stdll stdll
|
|
cd stdll
|
|
[ -f libpkcs11_cca.so ] && ln -sf ./libpkcs11_cca.so PKCS11_CCA.so || true
|
|
[ -f libpkcs11_tpm.so ] && ln -sf ./libpkcs11_tpm.so PKCS11_TPM.so || true
|
|
[ -f libpkcs11_ica.so ] && ln -sf ./libpkcs11_ica.so PKCS11_ICA.so || true
|
|
[ -f libpkcs11_sw.so ] && ln -sf ./libpkcs11_sw.so PKCS11_SW.so || true
|
|
/sbin/ldconfig
|
|
%endif
|
|
%ifarch %openCryptoki_64bit_arch
|
|
|
|
%post 64bit
|
|
# Old library name for 64bit libs were under /usr/lib/pkcs11. For migration purposes only.
|
|
test -d /usr/lib/pkcs11 || mkdir -p /usr/lib/pkcs11
|
|
ln -sf %{_libdir}/opencryptoki/libopencryptoki.so /usr/lib/pkcs11/PKCS11_API.so64
|
|
/sbin/ldconfig
|
|
%endif
|
|
|
|
%files
|
|
%defattr(-,root,root)
|
|
%doc openCryptoki-TFAQ.html
|
|
# configuration directory
|
|
%dir /etc/opencryptoki
|
|
%config /etc/opencryptoki/opencryptoki.conf
|
|
%ifarch s390 s390x
|
|
%config /etc/opencryptoki/ep11tok.conf
|
|
/usr/sbin/pkcsep11_migrate
|
|
%endif
|
|
%if %{uses_systemd}
|
|
/usr/lib/systemd/system/pkcsslotd.service
|
|
/usr/lib/tmpfiles.d/openCryptoki-tmp.conf
|
|
%else
|
|
/etc/init.d/pkcsslotd
|
|
%ghost %dir %attr(770,root,pkcs11) %{_localstatedir}/lock/opencryptoki
|
|
%ghost %dir %attr(770,root,pkcs11) %{_localstatedir}/lock/opencryptoki/ccatok
|
|
%ghost %dir %attr(770,root,pkcs11) %{_localstatedir}/lock/opencryptoki/swtok
|
|
%ghost %dir %attr(770,root,pkcs11) %{_localstatedir}/lock/opencryptoki/tpm
|
|
%endif
|
|
/usr/sbin/rcpkcsslotd
|
|
# utilities
|
|
/usr/sbin/pkcsslotd
|
|
/usr/sbin/pkcsconf
|
|
/usr/sbin/pkcsicsf
|
|
%dir %{_libdir}/opencryptoki
|
|
%dir %{_libdir}/opencryptoki/stdll
|
|
# State and lock directories
|
|
%dir %attr(755,root,pkcs11) %{_localstatedir}/lib/opencryptoki
|
|
%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/ccatok
|
|
%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/ccatok/TOK_OBJ
|
|
%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/swtok
|
|
%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/swtok/TOK_OBJ
|
|
%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/tpm
|
|
%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/icsf
|
|
%ifarch s390 s390x
|
|
%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/lite
|
|
%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/lite/TOK_OBJ
|
|
%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/ep11tok
|
|
%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/ep11tok/TOK_OBJ
|
|
%endif
|
|
%{_mandir}/man*/*
|
|
|
|
%files devel
|
|
%defattr(-,root,root)
|
|
%dir %{_libdir}/opencryptoki
|
|
%dir %{_libdir}/opencryptoki/stdll
|
|
%{_libdir}/opencryptoki/*.la
|
|
%{_libdir}/opencryptoki/stdll/*.la
|
|
%{_includedir}/opencryptoki
|
|
%ifarch %openCryptoki_32bit_arch
|
|
|
|
%files 32bit
|
|
%defattr(-,root,root)
|
|
# these don't conflict because they only exist as 64bit binaries if
|
|
# there is no 32bit version of them usable
|
|
%{_libdir}/opencryptoki/libopencryptoki.so
|
|
%ghost %{_libdir}/opencryptoki/PKCS11_API.so
|
|
%{_libdir}/opencryptoki/*.0
|
|
%{_libdir}/opencryptoki/stdll/libpkcs11_cca.so
|
|
%ghost %{_libdir}/opencryptoki/stdll/PKCS11_CCA.so
|
|
%{_libdir}/opencryptoki/stdll/libpkcs11_tpm.so
|
|
%ghost %{_libdir}/opencryptoki/stdll/PKCS11_TPM.so
|
|
%{_libdir}/opencryptoki/stdll/libpkcs11_sw.so
|
|
%ghost %{_libdir}/opencryptoki/stdll/PKCS11_SW.so
|
|
%{_libdir}/opencryptoki/stdll/libpkcs11_icsf.so
|
|
%ghost %{_libdir}/opencryptoki/stdll/PKCS11_ICSF.so
|
|
%ifarch s390 s390x
|
|
%{_libdir}/opencryptoki/stdll/libpkcs11_ica.so
|
|
%ghost %{_libdir}/opencryptoki/stdll/PKCS11_ICA.so
|
|
%{_libdir}/opencryptoki/stdll/libpkcs11_ep11.so
|
|
%ghost %{_libdir}/opencryptoki/stdll/PKCS11_EP11.so
|
|
%endif
|
|
%{_libdir}/opencryptoki/stdll/*.0
|
|
%dir %{_libdir}/pkcs11
|
|
%ghost %{_libdir}/pkcs11/stdll
|
|
%ghost %{_libdir}/pkcs11/methods
|
|
%{_libdir}/pkcs11/*.so
|
|
%{_sysconfdir}/ld.so.conf.d/*
|
|
%endif
|
|
%ifarch %openCryptoki_64bit_arch
|
|
|
|
%files 64bit
|
|
%defattr(-,root,root)
|
|
%dir %_libdir/opencryptoki
|
|
%{_libdir}/opencryptoki/*.so
|
|
%{_libdir}/opencryptoki/*.0
|
|
%dir %_libdir/opencryptoki/stdll
|
|
%{_libdir}/opencryptoki/stdll/*.so
|
|
%{_libdir}/opencryptoki/stdll/*.0
|
|
%{_libdir}/pkcs11
|
|
%{_sysconfdir}/ld.so.conf.d/*
|
|
%endif
|
|
|
|
%changelog
|