pam_pkcs11/pam_pkcs11.spec

#
# spec file for package pam_pkcs11 (Version 0.6.0)
#
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#

# norootforbuild

Name:           pam_pkcs11
Version:        0.6.0
Release:        16
URL:            http://www.opensc-project.org/pam_pkcs11/
Group:          Productivity/Security
License:        LGPL v2 or later
Summary:        PKCS #11 PAM Module
Source:         %{name}-%{version}.tar.bz2
Source1:        pam_pkcs11-common-auth-smartcard.pam
Source2:        secutil.h
Patch:          %{name}-mapfile-syntax.patch
Patch1:         %{name}-0.5.3-nss-conf.patch
Patch2:         %{name}-0.6.0-ms-upn-oid.patch
Patch3:         %{name}-0.6.0-nss-autoconf.patch
Patch4:         %{name}-msnickname.patch
Patch5:         %{name}-implicit-declaration.patch
BuildRequires:  curl-devel libopenssl-devel libxslt mozilla-nss-devel openldap2-devel openssl-devel pam-devel pcsc-lite-devel pkg-config
BuildRoot:      %{_tmppath}/%{name}-%{version}-build

%description
This Linux PAM module allows X.509 a certificate-based user
authentication. The certificate and its dedicated private key are
thereby accessed by means of an appropriate PKCS #11 module. For the
verification of the users' certificates, locally stored CA certificates
as well as online or locally accessible CRLs are used.

Additionally, the package includes pam_pkcs11-related tools: *
   pkcs11_eventmgr: Generates actions on card insert, removal, or
   time-out events

* pklogin_finder: Gets the login name that maps to a certificate

* pkcs11_inspect: Inspects the contents of a certificate

* make_hash_links: Creates hash link directories for storing CAs and
CRLs



Authors:
--------
    Mario Strasser <mast@gmx.net>
    Juan Antonio Martinez <jonsito@teleline.es>
    Antti Tapaninen <aet@cc.hut.fi>
    Timo Sirainen <tss@iki.fi>
    Ludovic Rousseau <ludovic.rousseau@free.fr>
    Andreas Jellinghaus <aj@dungeon.inka.de>
    Dominik Fischer <dom_fischer@web.de>
    Ville Skytt<EFBFBD> <vskytta@gmail.com>

%prep
%setup -q
%patch
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5
cp -a %{S:1} common-auth-smartcard
cp -a %{S:2} src/common/

%build
# LDAP_DEPRECATED required for for ldap_simple_bind_s(), ldap_search_s(), ldap_unbind_s()
# -fno-strict-aliasing required for pam_pkcs11-0.6.0:
export CFLAGS="$RPM_OPT_FLAGS -DLDAP_DEPRECATED -fno-strict-aliasing"
export CPPFLAGS="`pkg-config --cflags xulrunner-xpcom | sed 's:  *:/system_wrappers&:g'`"
%configure\
	--datadir=%{_docdir}\
	--with-nss\
	--with-curl
make %{?jobs:-j%jobs}

%install
%makeinstall
mkdir -p $RPM_BUILD_ROOT/%{_lib}
mv $RPM_BUILD_ROOT%{_libdir}/security $RPM_BUILD_ROOT/%{_lib}
rm $RPM_BUILD_ROOT%{_libdir}/pam_pkcs11/*.*a #$RPM_BUILD_ROOT/%{_lib}/security/*.*a
# Hardcoded defaults... no sysconfdir
install -dm 755 $RPM_BUILD_ROOT%{_sysconfdir}/pam_pkcs11/cacerts
install -dm 755 $RPM_BUILD_ROOT%{_sysconfdir}/pam_pkcs11/crls
cd etc
for conf in *.conf.example ; do
    install -m 644 ${conf} $RPM_BUILD_ROOT%{_sysconfdir}/pam_pkcs11/${conf%.example}
done
cd ..
mkdir -p $RPM_BUILD_ROOT%{_docdir}/%{name}
cp -a AUTHORS COPYING ChangeLog ChangeLog.svn NEWS README TODO doc/pam_pkcs11.html doc/mappers_api.html doc/api doc/README.autologin doc/README.mappers $RPM_BUILD_ROOT%{_docdir}/%{name}
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pam.d
cp common-auth-smartcard $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/
%find_lang %{name}

%clean
rm -rf $RPM_BUILD_ROOT

%files -f  %{name}.lang
%defattr (-, root, root)
%doc %{_docdir}/%{name}
%{_bindir}/*
%{_libdir}/pam_pkcs11
/%{_lib}/security/*.so
%doc %{_mandir}/man?/*.*
%dir %{_sysconfdir}/pam_pkcs11
%dir %{_sysconfdir}/pam_pkcs11/cacerts
%dir %{_sysconfdir}/pam_pkcs11/crls
%config(noreplace) %{_sysconfdir}/pam_pkcs11/*.conf
%config(noreplace) %{_sysconfdir}/pam.d/common-auth-smartcard

%changelog
* Thu Sep 06 2007 - jberkman@novell.com
- use the same directory for nssdb as the kerberos pkinit plugin
* Tue Jul 31 2007 - sbrabec@suse.cz
- Build with NSS instead of openssl.
- Applied patches from Jacob Berkman: MS UPN OID and NSS
  configuration.
- Fixed implicit declaration.
* Thu Jul 26 2007 - sbrabec@suse.cz
- Updated to version 0.6.0:
  * compiler warning fixes
  * I18N support
  * new configuration options
  * support for new environment variables
  * new tool pkcs11_setup
  * support for the NSS crypto libraries (off by default)
  * for more changes see ChangeLog.svn
* Fri May 12 2006 - sbrabec@suse.cz
- New SuSE package, version 0.5.3.