192 lines
6.9 KiB
RPMSpec
192 lines
6.9 KiB
RPMSpec
#
|
|
# spec file for package softhsm
|
|
#
|
|
# Copyright (c) 2024 SUSE LLC
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
|
#
|
|
|
|
|
|
%global softhsm_module "SoftHSM PKCS #11 Module"
|
|
%global nssdb %{_sysconfdir}/pki/nssdb
|
|
Name: softhsm
|
|
Version: 2.6.1
|
|
Release: 0
|
|
Summary: Software version of a PKCS#11 Hardware Security Module
|
|
License: BSD-2-Clause
|
|
#Git-Web: https://github.com/opendnssec/SoftHSMv2
|
|
URL: https://www.opendnssec.org/
|
|
Source0: https://dist.opendnssec.org/source/%{name}-%{version}.tar.gz
|
|
Source1: https://dist.opendnssec.org/source/%{name}-%{version}.tar.gz.sig
|
|
# taken from coolkey which is not build on all arches we build on
|
|
Source2: softhsm2-pk11install.c
|
|
Source5: softhsm.module
|
|
Source6: ods-user.conf
|
|
Source9: softhsm.keyring
|
|
Source99: fedora.changelog
|
|
# PATCH-FIX-UPSTREAM softhsm-2.6.1-rh1831086-exit.patch rh#1831086
|
|
# Patch from the Fedora package (other solution is
|
|
# gh#opendnssec/SoftHSMv2!551, upstream ticket is
|
|
# gh#opendnssec/SoftHSMv2#548).
|
|
Patch0: softhsm-2.6.1-rh1831086-exit.patch
|
|
# PATCH-FIX-UPSTREAM softhsm-openssl3-tests.patch gh#opendnssec/SoftHSMv2!633
|
|
# Make the patch compatible with OpenSSL 3
|
|
Patch1: softhsm-openssl3-tests.patch
|
|
# PATCH-FIX-UPSTREAM softhsm-2.6.1-uninitialized.patch
|
|
# loosely inspired by gh#opendnssec/SoftHSMv2@f94aaffc879a
|
|
Patch2: softhsm-2.6.1-uninitialized.patch
|
|
# PATCH-FIX-UPSTREAM softhsm-prevent-global-deleted-objects-access.patch gh#opendnssec/SoftHSMv2#729
|
|
# code from https://github.com/Emantor/SoftHSMv2/tree/fix/openssl3
|
|
Patch3: softhsm-prevent-global-deleted-objects-access.patch
|
|
BuildRequires: autoconf
|
|
BuildRequires: automake
|
|
BuildRequires: cppunit-devel
|
|
BuildRequires: gcc-c++
|
|
BuildRequires: libopenssl-3-devel
|
|
BuildRequires: libtool
|
|
BuildRequires: make
|
|
BuildRequires: mozilla-nss-devel
|
|
BuildRequires: mozilla-nss-tools
|
|
# Because of directory ownership
|
|
BuildRequires: p11-kit
|
|
BuildRequires: p11-kit-devel
|
|
BuildRequires: pkgconfig
|
|
BuildRequires: sqlite3 >= 3.4.2
|
|
BuildRequires: sqlite3-devel >= 3.4.2
|
|
BuildRequires: sysuser-tools
|
|
BuildRequires: pkgconfig(zlib)
|
|
Requires: mozilla-nss-tools
|
|
Requires: p11-kit
|
|
Requires(pre): shadow
|
|
%sysusers_requires
|
|
|
|
%description
|
|
OpenDNSSEC is providing a software implementation of a generic
|
|
cryptographic device with a PKCS#11 interface, the SoftHSM. SoftHSM is
|
|
designed to meet the requirements of OpenDNSSEC, but can also work together
|
|
with other cryptographic products because of the PKCS#11 interface.
|
|
|
|
%package devel
|
|
Summary: Development package of softhsm
|
|
Requires: %{name} = %{version}-%{release}
|
|
Requires: openssl-devel
|
|
Requires: sqlite3-devel
|
|
|
|
%description devel
|
|
The devel package contains the libsofthsm include files
|
|
|
|
%prep
|
|
%autosetup -p1
|
|
cp -p %{SOURCE99} .
|
|
|
|
# remove softhsm/ subdir auto-added to --libdir
|
|
sed -i "s:full_libdir/softhsm:full_libdir:g" configure
|
|
sed -i 's:^full_libdir=":#full_libdir=":g' configure.ac
|
|
sed -i "s:libdir)/@PACKAGE@:libdir):" Makefile.in
|
|
autoreconf -fiv
|
|
|
|
%build
|
|
# This package fails its testsuite with LTO enabled and needs further
|
|
# investigation
|
|
%define _lto_cflags %{nil}
|
|
autoreconf --install
|
|
%configure --libdir=%{_libdir}/pkcs11 --with-openssl=%{_prefix} --enable-ecc --enable-eddsa --disable-gost \
|
|
--with-migrate --enable-visibility --with-p11-kit=%{_datadir}/p11-kit/modules/
|
|
|
|
%make_build
|
|
# install our copy of pk11install taken from coolkey package
|
|
cp %{SOURCE2} .
|
|
gcc $(pkg-config --cflags nss) %{optflags} -c softhsm2-pk11install.c
|
|
# Some environment variables prevent linking from being done, therefore clean up the env.
|
|
env -i PATH=%{_prefix}/sbin:%{_prefix}/bin:/sbin:/bin gcc $(pkg-config --libs nss) -lpthread -lsoftokn3 -ldl -lz %{optflags} softhsm2-pk11install.o -o softhsm2-pk11install
|
|
|
|
%sysusers_generate_pre %{SOURCE6} ods ods-user.conf
|
|
|
|
%install
|
|
%make_install
|
|
install -D %{SOURCE5} %{buildroot}/%{_datadir}/p11-kit/modules/softhsm.module
|
|
|
|
rm %{buildroot}/%{_sysconfdir}/softhsm2.conf.sample
|
|
rm -f %{buildroot}/%{_libdir}/pkcs11/*a
|
|
mkdir -p %{buildroot}%{_includedir}/softhsm
|
|
cp src/lib/*.h %{buildroot}%{_includedir}/softhsm
|
|
mkdir -p %{buildroot}/%{_sharedstatedir}/softhsm/tokens
|
|
install -m0755 -D softhsm2-pk11install %{buildroot}/%{_bindir}/softhsm2-pk11install
|
|
|
|
# leave a softlink where softhsm-1 installed its library. Programs like
|
|
# opendnssec have that filename in their configuration file.
|
|
mkdir -p %{buildroot}/%{_libdir}/softhsm/
|
|
ln -s ../pkcs11/libsofthsm2.so %{buildroot}/%{_libdir}/softhsm/libsofthsm.so
|
|
# rhbz#1272423 NSS needs it to be in the search path too
|
|
( cd %{buildroot}/%{_libdir} ; ln -s pkcs11/libsofthsm2.so)
|
|
|
|
install -D -m 0644 %{SOURCE6} %{buildroot}%{_sysusersdir}/ods-user.conf
|
|
|
|
%pre -f ods.pre
|
|
|
|
%check
|
|
for d in crypto data_mgr handle_mgr object_store session_mgr slot_mgr ; do
|
|
%make_build check -C src/lib/$d
|
|
done
|
|
|
|
pushd src/lib/test
|
|
%make_build p11test
|
|
for t in TokenTests AsymWrapUnwrapTests DigestTests ForkTests \
|
|
InitTests InfoTests SessionTests UserTests RandomTests \
|
|
SignVerifyTests AsymEncryptDecryptTests DeriveTests \
|
|
ObjectTests SymmetricAlgorithmTests ; do
|
|
./p11test $t
|
|
done
|
|
popd
|
|
|
|
%post
|
|
isThere=`modutil -rawlist -dbdir %{nssdb} | grep %{softhsm_module} || echo NO`
|
|
if [ "$isThere" == "NO" ]; then
|
|
softhsm2-pk11install -p %{nssdb} 'name=%{softhsm_module} library=libsofthsm2.so'
|
|
fi
|
|
|
|
if [ $1 -eq 0 ]; then
|
|
modutil -delete %{softhsm_module} -dbdir %{nssdb} -force || :
|
|
fi
|
|
|
|
%clean
|
|
|
|
%files
|
|
%config(noreplace) %{_sysconfdir}/softhsm2.conf
|
|
%license LICENSE
|
|
%doc README.md FIPS-NOTES.md NEWS fedora.changelog
|
|
%{_bindir}/softhsm2-dump-file
|
|
%{_bindir}/softhsm2-keyconv
|
|
%{_bindir}/softhsm2-migrate
|
|
%{_bindir}/softhsm2-pk11install
|
|
%{_bindir}/softhsm2-util
|
|
%dir %{_libdir}/softhsm
|
|
%{_libdir}/pkcs11/libsofthsm2.so
|
|
%{_libdir}/softhsm/libsofthsm.so
|
|
%{_datadir}/p11-kit/modules/softhsm.module
|
|
%{_datadir}/p11-kit/modules/softhsm2.module
|
|
%attr(0750,ods,ods) %dir %{_sharedstatedir}/softhsm
|
|
%attr(1770,ods,ods) %dir %{_sharedstatedir}/softhsm/tokens
|
|
%{_mandir}/man1/softhsm2-dump-file.1%{?ext_man}
|
|
%{_mandir}/man1/softhsm2-keyconv.1%{?ext_man}
|
|
%{_mandir}/man1/softhsm2-migrate.1%{?ext_man}
|
|
%{_mandir}/man1/softhsm2-util.1%{?ext_man}
|
|
%{_mandir}/man5/softhsm2.conf.5%{?ext_man}
|
|
%{_sysusersdir}/ods-user.conf
|
|
|
|
%files devel
|
|
%attr(0755,root,root) %dir %{_includedir}/softhsm
|
|
%{_includedir}/softhsm/*.h
|
|
%{_libdir}/libsofthsm2.so
|
|
|
|
%changelog
|