opencryptoki/opencryptoki.spec

451 lines
15 KiB
RPMSpec
Raw Normal View History

%global _hardened_build 1
2009-07-28 10:27:44 +00:00
Name: opencryptoki
Summary: Implementation of the PKCS#11 (Cryptoki) specification v2.11
2013-07-22 14:40:33 +00:00
Version: 3.0
Release: 8%{?dist}
2009-07-28 10:27:44 +00:00
License: CPL
Group: System Environment/Base
URL: http://sourceforge.net/projects/opencryptoki
2013-07-22 14:40:33 +00:00
Source0: http://downloads.sourceforge.net/%{name}/%{name}-v%{version}.tar.gz
Source1: %{name}-tmpfiles.conf
# https://bugzilla.redhat.com/show_bug.cgi?id=732756
2013-07-22 14:40:33 +00:00
Patch0: %{name}-2.4-group.patch
2013-07-23 06:21:32 +00:00
# https://bugzilla.redhat.com/show_bug.cgi?id=948460
# http://sourceforge.net/mailarchive/message.php?msg_id=31202168
Patch1: %{name}-3.0-pkcsconf-man.patch
2013-08-23 15:12:11 +00:00
# https://bugzilla.redhat.com/show_bug.cgi?id=995002
# http://sourceforge.net/mailarchive/message.php?msg_id=31321105
Patch2: %{name}-3.0-unit.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1001729
# http://sourceforge.net/p/opencryptoki/opencryptoki/ci/b50eb39e3cf8ccfdb735fbddfcdae10bdb70e1c4/
Patch3: %{name}-3.0-opencryptoki-man.patch
2013-11-22 09:33:31 +00:00
# https://bugzilla.redhat.com/show_bug.cgi?id=1033284
# post-3.0 upstream fixes
Patch4: %{name}-3.0-bz1033284.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1037228
Patch5: %{name}-3.0-format.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1054661
Patch6: %{name}-3.0-bz1054661.patch
2009-07-28 10:27:44 +00:00
Requires(pre): shadow-utils coreutils sed
BuildRequires: openssl-devel
BuildRequires: trousers-devel
2013-07-22 14:40:33 +00:00
BuildRequires: openldap-devel
2009-07-28 10:27:44 +00:00
BuildRequires: autoconf automake libtool
2013-07-22 14:40:33 +00:00
BuildRequires: bison flex
BuildRequires: systemd
2009-07-28 10:27:44 +00:00
%ifarch s390 s390x
2009-08-16 08:54:07 +00:00
BuildRequires: libica-devel >= 2.0
2009-07-28 10:27:44 +00:00
%endif
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Requires: %{name}(token)
2013-07-22 14:40:33 +00:00
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
2009-07-28 10:27:44 +00:00
%description
Opencryptoki implements the PKCS#11 specification v2.11 for a set of
cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the
Trusted Platform Module (TPM) chip. Opencryptoki also brings a software
token implementation that can be used without any cryptographic
hardware.
This package contains the Slot Daemon (pkcsslotd) and general utilities.
2009-07-28 10:27:44 +00:00
%package libs
Group: System Environment/Libraries
Summary: The run-time libraries for opencryptoki package
Requires: %{name}%{?_isa} = %{version}-%{release}
2009-07-28 10:27:44 +00:00
%description libs
Opencryptoki implements the PKCS#11 specification v2.11 for a set of
cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the
Trusted Platform Module (TPM) chip. Opencryptoki also brings a software
token implementation that can be used without any cryptographic
hardware.
This package contains the PKCS#11 library implementation, and requires
at least one token implementation (packaged separately) to be fully
functional.
2009-07-28 10:27:44 +00:00
%package devel
Group: Development/Libraries
Summary: Development files for openCryptoki
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
2009-07-28 10:27:44 +00:00
%description devel
This package contains the development header files for building
opencryptoki and PKCS#11 based applications
%package swtok
Group: System Environment/Libraries
Summary: The software token implementation for opencryptoki
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Provides: %{name}(token)
%description swtok
Opencryptoki implements the PKCS#11 specification v2.11 for a set of
cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the
Trusted Platform Module (TPM) chip. Opencryptoki also brings a software
token implementation that can be used without any cryptographic
hardware.
This package brings the software token implementation to use opencryptoki
without any specific cryptographic hardware.
%package tpmtok
Group: System Environment/Libraries
Summary: Trusted Platform Module (TPM) device support for opencryptoki
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Provides: %{name}(token)
%description tpmtok
Opencryptoki implements the PKCS#11 specification v2.11 for a set of
cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the
Trusted Platform Module (TPM) chip. Opencryptoki also brings a software
token implementation that can be used without any cryptographic
hardware.
This package brings the necessary libraries and files to support
Trusted Platform Module (TPM) devices in the opencryptoki stack.
2013-07-22 14:40:33 +00:00
%package icsftok
Group: System Environment/Libraries
Summary: ICSF token support for opencryptoki
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Provides: %{name}(token)
%description icsftok
Opencryptoki implements the PKCS#11 specification v2.11 for a set of
cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the
Trusted Platform Module (TPM) chip. Opencryptoki also brings a software
token implementation that can be used without any cryptographic
hardware.
This package brings the necessary libraries and files to support
ICSF token in the opencryptoki stack.
%ifarch s390 s390x
%package icatok
Group: System Environment/Libraries
Summary: ICA cryptographic devices (clear-key) support for opencryptoki
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Provides: %{name}(token)
%description icatok
Opencryptoki implements the PKCS#11 specification v2.11 for a set of
cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the
Trusted Platform Module (TPM) chip. Opencryptoki also brings a software
token implementation that can be used without any cryptographic
hardware.
This package brings the necessary libraries and files to support ICA
devices in the opencryptoki stack. ICA is an interface to IBM
cryptographic hardware such as IBM 4764 or 4765 that uses the
"accelerator" or "clear-key" path.
%package ccatok
Group: System Environment/Libraries
Summary: CCA cryptographic devices (secure-key) support for opencryptoki
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Provides: %{name}(token)
%description ccatok
Opencryptoki implements the PKCS#11 specification v2.11 for a set of
cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the
Trusted Platform Module (TPM) chip. Opencryptoki also brings a software
token implementation that can be used without any cryptographic
hardware.
This package brings the necessary libraries and files to support CCA
devices in the opencryptoki stack. CCA is an interface to IBM
cryptographic hardware such as IBM 4764 or 4765 that uses the
"co-processor" or "secure-key" path.
%endif
2009-07-28 10:27:44 +00:00
%prep
2013-07-22 14:40:33 +00:00
%setup -q -n %{name}
%patch0 -p1 -b .group
2013-07-23 06:21:32 +00:00
%patch1 -p1 -b .pkcsconf-man
2013-08-23 15:12:11 +00:00
%patch2 -p1 -b .unit
%patch3 -p1 -b .opencryptoki-man
2013-11-22 09:33:31 +00:00
%patch4 -p1 -b .bz1033284
%patch5 -p1 -b .format
%patch6 -p1 -b .bz1054661
2009-07-28 10:27:44 +00:00
# Upstream tarball has unnecessary executable perms set on the sources
find . -name '*.[ch]' -print0 | xargs -0 chmod -x
# append token specific subdirs to tmpfiles.d config
token_subdirs="icsf swtok tpm"
%ifarch s390 s390x
token_subdirs="$token_subdirs lite cca"
%endif
cp -p %{SOURCE1} %{name}-tmpfiles.conf
for d in $token_subdirs
do
echo "D /var/lock/opencryptoki/$d 0770 root pkcs11 -" >> %{name}-tmpfiles.conf
done
%build
2009-07-28 10:27:44 +00:00
./bootstrap.sh
2013-06-25 08:09:06 +00:00
%configure --with-systemd=%{_unitdir} \
%ifarch s390 s390x
--enable-icatok --enable-ccatok
%else
--disable-icatok --disable-ccatok
%endif
2013-07-22 14:40:33 +00:00
make %{?_smp_mflags} CHGRP=/bin/true
2009-07-28 10:27:44 +00:00
2009-07-28 10:27:44 +00:00
%install
2013-07-22 14:40:33 +00:00
make install DESTDIR=$RPM_BUILD_ROOT CHGRP=/bin/true
2009-07-28 10:27:44 +00:00
# Remove unwanted cruft
rm -f $RPM_BUILD_ROOT/%{_libdir}/%{name}/*.la
rm -f $RPM_BUILD_ROOT/%{_libdir}/%{name}/stdll/*.la
# systemd must create /var/lock/opencryptoki
mkdir -p $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d
install -m 0644 %{name}-tmpfiles.conf $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d/%{name}.conf
2009-07-28 10:27:44 +00:00
%post libs -p /sbin/ldconfig
%post swtok -p /sbin/ldconfig
%post tpmtok -p /sbin/ldconfig
2013-07-22 14:40:33 +00:00
%post icsftok -p /sbin/ldconfig
%ifarch s390 s390x
%post icatok -p /sbin/ldconfig
%post ccatok -p /sbin/ldconfig
%endif
%postun libs -p /sbin/ldconfig
%postun swtok -p /sbin/ldconfig
%postun tpmtok -p /sbin/ldconfig
2013-07-22 14:40:33 +00:00
%postun icsftok -p /sbin/ldconfig
%ifarch s390 s390x
%postun icatok -p /sbin/ldconfig
%postun ccatok -p /sbin/ldconfig
%endif
%pre libs
getent group pkcs11 >/dev/null || groupadd -r pkcs11
2009-07-28 10:27:44 +00:00
exit 0
%post
%systemd_post pkcsslotd.service
2009-07-28 10:27:44 +00:00
%preun
%systemd_preun pkcsslotd.service
%postun
%systemd_postun_with_restart pkcsslotd.service
2009-07-28 10:27:44 +00:00
%files
%doc ChangeLog FAQ README
%doc doc/openCryptoki-HOWTO.pdf
2013-07-22 14:40:33 +00:00
%doc doc/README.token_data
%dir %{_sysconfdir}/%{name}
%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
%{_prefix}/lib/tmpfiles.d/%{name}.conf
%{_unitdir}/pkcsslotd.service
2013-07-22 14:40:33 +00:00
%{_sbindir}/pkcsconf
%{_sbindir}/pkcsslotd
%{_mandir}/man1/pkcsconf.1*
%{_mandir}/man5/%{name}.conf.5*
%{_mandir}/man7/%{name}.7*
%{_mandir}/man8/pkcsslotd.8*
%{_libdir}/opencryptoki/methods
%{_libdir}/pkcs11/methods
2009-07-28 10:27:44 +00:00
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}
%dir %attr(770,root,pkcs11) %{_localstatedir}/lock/%{name}
%dir %attr(770,root,pkcs11) %{_localstatedir}/lock/%{name}/*
2009-07-28 10:27:44 +00:00
%files libs
%doc LICENSE
2009-07-28 10:27:44 +00:00
%{_sysconfdir}/ld.so.conf.d/*
# Unversioned .so symlinks usually belong to -devel packages, but opencryptoki
# needs them in the main package, because:
# pkcs11_startup looks for opencryptoki/stdll/*.so, and
# documentation suggests that programs should dlopen "PKCS11_API.so".
%dir %{_libdir}/opencryptoki/
%{_libdir}/opencryptoki/libopencryptoki.*
%{_libdir}/opencryptoki/PKCS11_API.so
%dir %{_libdir}/opencryptoki/stdll
%dir %{_libdir}/pkcs11
%{_libdir}/pkcs11/libopencryptoki.so
%{_libdir}/pkcs11/PKCS11_API.so
%{_libdir}/pkcs11/stdll
2009-07-28 10:27:44 +00:00
%files devel
%{_includedir}/%{name}/
2009-07-28 10:27:44 +00:00
%files swtok
%{_libdir}/opencryptoki/stdll/libpkcs11_sw.*
%{_libdir}/opencryptoki/stdll/PKCS11_SW.so
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/swtok/
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/swtok/TOK_OBJ/
%files tpmtok
%doc doc/README.tpm_stdll
%{_libdir}/opencryptoki/stdll/libpkcs11_tpm.*
%{_libdir}/opencryptoki/stdll/PKCS11_TPM.so
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/tpm/
2013-07-22 14:40:33 +00:00
%files icsftok
%doc doc/README.icsf_stdll
%{_sbindir}/pkcsicsf
%{_mandir}/man1/pkcsicsf.1*
%{_libdir}/opencryptoki/stdll/libpkcs11_icsf.*
%{_libdir}/opencryptoki/stdll/PKCS11_ICSF.so
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/icsf/
2013-07-22 14:40:33 +00:00
%ifarch s390 s390x
%files icatok
%{_libdir}/opencryptoki/stdll/libpkcs11_ica.*
%{_libdir}/opencryptoki/stdll/PKCS11_ICA.so
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/lite/
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/lite/TOK_OBJ/
%files ccatok
%doc doc/README-IBM_CCA_users
%doc doc/README.cca_stdll
%{_libdir}/opencryptoki/stdll/libpkcs11_cca.*
%{_libdir}/opencryptoki/stdll/PKCS11_CCA.so
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/ccatok/
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/ccatok/TOK_OBJ/
%endif
2009-07-28 10:27:44 +00:00
%changelog
* Mon Jan 20 2014 Dan Horák <dan[at]danny.cz> - 3.0-8
- include token specific directories (#1013017, #1045775, #1054442)
- fix pkcsconf crash for non-root users (#10054661)
- the libs subpackage must care of creating the pkcs11 group, it's the first to be installed
* Tue Dec 03 2013 Dan Horák <dan[at]danny.cz> - 3.0-7
- fix build with -Werror=format-security (#1037228)
2013-11-22 09:33:31 +00:00
* Fri Nov 22 2013 Dan Horák <dan[at]danny.cz> - 3.0-6
- apply post-3.0 fixes (#1033284)
* Tue Nov 19 2013 Dan Horák <dan[at]danny.cz> - 3.0-5
- update opencryptoki man page (#1001729)
2013-08-23 15:12:11 +00:00
* Fri Aug 23 2013 Dan Horák <dan[at]danny.cz> - 3.0-4
- update unit file (#995002)
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
2013-07-23 06:21:32 +00:00
* Tue Jul 23 2013 Dan Horák <dan[at]danny.cz> - 3.0-2
- update pkcsconf man page (#948460)
2013-07-22 14:40:33 +00:00
* Mon Jul 22 2013 Dan Horák <dan[at]danny.cz> - 3.0-1
- new upstream release 3.0
2013-06-25 08:09:06 +00:00
* Tue Jun 25 2013 Dan Horák <dan[at]danny.cz> - 2.4.3.1-1
- new upstream release 2.4.3.1
* Fri May 03 2013 Dan Horák <dan[at]danny.cz> - 2.4.3-1
- new upstream release 2.4.3
* Thu Apr 04 2013 Dan Horák <dan[at]danny.cz> - 2.4.2-4
- enable hardened build
- switch to systemd macros in scriptlets (#850240)
* Mon Jan 28 2013 Dan Horák <dan[at]danny.cz> - 2.4.2-3
- add virtual opencryptoki(token) Provides to token modules and as Requires
to main package (#904986)
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Thu Jun 21 2012 Dan Horák <dan[at]danny.cz> - 2.4.2-1
- new upstream release 2.4.2
- add pkcs_slot man page
- don't add root to the pkcs11 group
* Mon Jun 11 2012 Dan Horák <dan[at]danny.cz> - 2.4.1-2
- fix unresolved symbols in TPM module (#830129)
* Sat Feb 25 2012 Dan Horák <dan[at]danny.cz> - 2.4.1-1
- new upstream release 2.4.1
- convert from initscript to systemd unit
- import fixes from RHEL-6 about root's group membership (#732756, #730903)
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
2011-07-07 12:44:04 +00:00
* Thu Jul 07 2011 Dan Horák <dan[at]danny.cz> - 2.4-1
- new upstream release 2.4
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
2011-01-19 13:38:10 +00:00
* Mon Jan 17 2011 Dan Horák <dan[at]danny.cz> 2.3.3-1
- new upstream release 2.3.3
* Tue Nov 09 2010 Michal Schmidt <mschmidt@redhat.com> 2.3.2-2
- Apply Obsoletes to package names, not provides.
* Tue Sep 14 2010 Dan Horák <dan[at]danny.cz> 2.3.2-1
- new upstream release 2.3.2
- put STDLLs in separate packages to match upstream package design
* Thu Jul 08 2010 Michal Schmidt <mschmidt@redhat.com> 2.3.1-7
- Move the LICENSE file to the -libs subpackage.
* Tue Jun 29 2010 Dan Horák <dan[at]danny.cz> 2.3.1-6
- rebuilt with CCA enabled (#604287)
- fixed issues from #546274
* Fri Apr 30 2010 Dan Horák <dan[at]danny.cz> 2.3.1-5
- fixed one more issue in the initscript (#547324)
* Mon Apr 26 2010 Dan Horák <dan[at]danny.cz> 2.3.1-4
- fixed pidfile creating and usage (#547324)
* Mon Feb 08 2010 Michal Schmidt <mschmidt@redhat.com> 2.3.1-3
- Also list 'reload' and 'force-reload' in "Usage: ...".
* Mon Feb 08 2010 Michal Schmidt <mschmidt@redhat.com> 2.3.1-2
- Support 'force-reload' in the initscript.
* Wed Jan 27 2010 Michal Schmidt <mschmidt@redhat.com> 2.3.1-1
- New upstream release 2.3.1.
- opencryptoki-2.3.0-fix-nss-breakage.patch was merged.
* Fri Jan 22 2010 Dan Horák <dan[at]danny.cz> 2.3.0-5
- made pkcsslotd initscript LSB compliant (#522149)
* Mon Sep 07 2009 Michal Schmidt <mschmidt@redhat.com> 2.3.0-4
- Added opencryptoki-2.3.0-fix-nss-breakage.patch on upstream request.
2009-08-21 14:51:25 +00:00
* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 2.3.0-3
- rebuilt with new openssl
2009-08-16 08:54:07 +00:00
* Sun Aug 16 2009 Michal Schmidt <mschmidt@redhat.com> 2.3.0-2
- Require libica-2.0.
* Fri Aug 07 2009 Michal Schmidt <mschmidt@redhat.com> 2.3.0-1
- New upstream release 2.3.0:
- adds support for RSA 4096 bit keys in the ICA token.
2009-07-28 10:27:44 +00:00
* Tue Jul 21 2009 Michal Schmidt <mschmidt@redhat.com> - 2.2.8-5
- Require arch-specific dependency on -libs.
* Tue Jul 21 2009 Michal Schmidt <mschmidt@redhat.com> - 2.2.8-4
- Return support for crypto hw on s390.
- Renamed to opencryptoki.
- Simplified multilib by putting libs in subpackage as suggested by Dan Horák.
* Tue Jul 21 2009 Michal Schmidt <mschmidt@redhat.com> - 2.2.8-2
- Fedora package based on RHEL-5 package.