rpms/opencryptoki
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- new upstream release 2.4.3.1

Browse Source
This commit is contained in:
Dan Horák 2013-06-25 10:09:06 +02:00
parent f35b1ba8b2
commit 017e821c7e
7 changed files with 16 additions and 283 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -4,3 +4,5 @@ opencryptoki-2.3.1.tar.gz
/opencryptoki-2.4.tar.gz
/opencryptoki-2.4.1.tar.gz
/opencryptoki-2.4.2.tar.gz
/opencryptoki-2.4.3.tar.gz
/opencryptoki-2.4.3.1-tar.gz

99
opencryptoki-2.4.1-830129.patch
View File

@ -1,99 +0,0 @@
diff -X /root/gitignore -pburN opencryptoki-2.4.1/usr/lib/pkcs11/cca_stdll/h_extern.h opencryptoki-2.4.1-key/usr/lib/pkcs11/cca_stdll/h_extern.h
--- opencryptoki-2.4.1/usr/lib/pkcs11/cca_stdll/h_extern.h 2012-02-22 13:37:51.000000000 -0600
+++ opencryptoki-2.4.1-key/usr/lib/pkcs11/cca_stdll/h_extern.h 2012-06-11 09:56:02.509036554 -0500
@@ -1642,10 +1642,6 @@ CK_RV object_mgr_get_attribute_values
CK_RV object_mgr_get_object_size( CK_OBJECT_HANDLE handle,
CK_ULONG * size );
-CK_BBOOL object_mgr_invalidate_handle1( CK_OBJECT_HANDLE handle );
-
-CK_BBOOL object_mgr_invalidate_handle2( OBJECT *obj );
-
CK_BBOOL object_mgr_purge_session_objects( SESSION * sess,
SESS_OBJ_TYPE type );
diff -X /root/gitignore -pburN opencryptoki-2.4.1/usr/lib/pkcs11/common/h_extern.h opencryptoki-2.4.1-key/usr/lib/pkcs11/common/h_extern.h
--- opencryptoki-2.4.1/usr/lib/pkcs11/common/h_extern.h 2012-02-22 13:37:51.000000000 -0600
+++ opencryptoki-2.4.1-key/usr/lib/pkcs11/common/h_extern.h 2012-06-11 09:56:02.510036534 -0500
@@ -1955,10 +1955,6 @@ CK_RV object_mgr_get_attribute_values
CK_RV object_mgr_get_object_size( CK_OBJECT_HANDLE handle,
CK_ULONG * size );
-CK_BBOOL object_mgr_invalidate_handle1( CK_OBJECT_HANDLE handle );
-
-CK_BBOOL object_mgr_invalidate_handle2( OBJECT *obj );
-
CK_BBOOL object_mgr_purge_session_objects( SESSION * sess,
SESS_OBJ_TYPE type );
diff -X /root/gitignore -pburN opencryptoki-2.4.1/usr/lib/pkcs11/common/mech_ssl3.c opencryptoki-2.4.1-key/usr/lib/pkcs11/common/mech_ssl3.c
--- opencryptoki-2.4.1/usr/lib/pkcs11/common/mech_ssl3.c 2012-02-22 13:37:51.000000000 -0600
+++ opencryptoki-2.4.1-key/usr/lib/pkcs11/common/mech_ssl3.c 2012-06-11 09:56:02.510036534 -0500
@@ -1746,16 +1746,7 @@ ssl3_key_and_mac_derive( SESSION
#endif
}
- return rc;
-
error:
-
- if (client_write_handle != 0)
- object_mgr_invalidate_handle1( client_write_handle );
-
- if (server_write_handle != 0)
- object_mgr_invalidate_handle1( server_write_handle );
-
return rc;
}
@@ -1917,8 +1908,8 @@ ssl3_kmd_process_mac_keys( SESSION
return CKR_OK;
error:
- if (*client_handle != 0) object_mgr_invalidate_handle1( *client_handle );
- if (*server_handle != 0) object_mgr_invalidate_handle1( *server_handle );
+ *client_handle = 0;
+ *server_handle = 0;
if (client_obj) {
object_free( client_obj );
@@ -2173,11 +2164,8 @@ ssl3_kmd_process_write_keys( SESSION
return CKR_OK;
error:
- if (*client_handle != 0)
- object_mgr_invalidate_handle1( *client_handle );
-
- if (*server_handle != 0)
- object_mgr_invalidate_handle1( *server_handle );
+ *client_handle = 0;
+ *server_handle = 0;
if (client_obj)
object_free( client_obj );
diff -X /root/gitignore -pburN opencryptoki-2.4.1/usr/lib/pkcs11/tpm_stdll/h_extern.h opencryptoki-2.4.1-key/usr/lib/pkcs11/tpm_stdll/h_extern.h
--- opencryptoki-2.4.1/usr/lib/pkcs11/tpm_stdll/h_extern.h 2012-02-22 13:37:51.000000000 -0600
+++ opencryptoki-2.4.1-key/usr/lib/pkcs11/tpm_stdll/h_extern.h 2012-06-11 09:56:02.511036516 -0500
@@ -1533,10 +1533,6 @@ CK_RV object_mgr_get_attribute_values
CK_RV object_mgr_get_object_size( CK_OBJECT_HANDLE handle,
CK_ULONG * size );
-CK_BBOOL object_mgr_invalidate_handle1( CK_OBJECT_HANDLE handle );
-
-CK_BBOOL object_mgr_invalidate_handle2( OBJECT *obj );
-
CK_BBOOL object_mgr_purge_session_objects( SESSION * sess,
SESS_OBJ_TYPE type );
diff -X /root/gitignore -pburN opencryptoki-2.4.1/usr/lib/pkcs11/tpm_stdll/key_mgr.c opencryptoki-2.4.1-key/usr/lib/pkcs11/tpm_stdll/key_mgr.c
--- opencryptoki-2.4.1/usr/lib/pkcs11/tpm_stdll/key_mgr.c 2012-02-22 13:37:51.000000000 -0600
+++ opencryptoki-2.4.1-key/usr/lib/pkcs11/tpm_stdll/key_mgr.c 2012-06-11 09:42:48.351005308 -0500
@@ -844,7 +844,7 @@ key_mgr_unwrap_key( SESSION *
//
break;
default:
- OCK_LOG_ERROR(ERR_MECHANISM_INVALID);
+ OCK_LOG_ERR(ERR_MECHANISM_INVALID);
return CKR_MECHANISM_INVALID;
}

49
opencryptoki-2.4.1-man.patch
View File

@ -1,49 +0,0 @@
diff --git a/configure.in b/configure.in
index 483a092..083a766 100644
--- a/configure.in
+++ b/configure.in
@@ -663,6 +663,7 @@ AC_CONFIG_FILES([Makefile usr/Makefile \
man/Makefile \
man/man1/Makefile \
man/man1/pkcsconf.1 \
+ man/man1/pkcs_slot.1 \
man/man1/pkcs11_startup.1 \
man/man5/Makefile \
man/man5/pk_config_data.5 \
diff --git a/man/man1/Makefile.am b/man/man1/Makefile.am
index 8f0e5ee..1560fec 100644
--- a/man/man1/Makefile.am
+++ b/man/man1/Makefile.am
@@ -1,2 +1,2 @@
-man1_MANS=pkcs11_startup.1 pkcsconf.1
+man1_MANS=pkcs11_startup.1 pkcs_slot.1 pkcsconf.1
EXTRA_DIST = $(man1_MANS)
diff --git a/man/man1/pkcs_slot.1.in b/man/man1/pkcs_slot.1.in
new file mode 100644
index 0000000..8d55c9a
--- /dev/null
+++ b/man/man1/pkcs_slot.1.in
@@ -0,0 +1,23 @@
+.TH PKCS_SLOT 1 "February 2010" "@PACKAGE_VERSION@" "openCryptoki"
+.SH NAME
+pkcs_slot \- configuration program for opencryptoki
+.SH SYNOPSIS
+.B pkcs_slot
+\fIdevicenumber depth\fR
+.SH DESCRIPTION
+
+This utility is used internal by pkcs11_startup.
+It writes the configuration file to disk as @localstatedir@/lib/opencryptoki/pk_config_data.
+
+.SH "SEE ALSO"
+.PD 0
+.TP
+\fBpkcs11_startup\fP(1),
+.TP
+\fBopencryptoki\fP(7),
+.TP
+\fBpkcsslotd\fP(8),
+.TP
+\fBpk_config_data\fP(5).
+.PD
+

104
opencryptoki-2.4.1-systemd.patch
View File

@ -1,104 +0,0 @@
From 5f9d27ae7180324a9a808790356d842df87ca695 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
Date: Mon, 27 Feb 2012 11:43:49 +0100
Subject: [PATCH] add support for systemd
New configure parameter is introduced (--with-systemdsystemunitdir) and when set
it means that systemd service file will be installed instead of the classis initscript.
---
.gitignore | 1 +
configure.in | 12 ++++++++++++
misc/Makefile.am | 16 +++++++++++++---
misc/pkcsslotd.service.in | 13 +++++++++++++
4 files changed, 39 insertions(+), 3 deletions(-)
create mode 100644 misc/pkcsslotd.service.in
diff --git a/configure.in b/configure.in
index 483a092..577b148 100644
--- a/configure.in
+++ b/configure.in
@@ -175,6 +175,12 @@ AC_ARG_WITH([xcryptolinz],
[],
[with_xcryptolinz=check])
+dnl --- systemd system unit files location
+AC_ARG_WITH([systemdsystemunitdir],
+ AS_HELP_STRING([--with-systemdsystemunitdir@<:@=DIR@:>@],[systemd system unit files location]),
+ [enable_systemd=yes],
+ [enable_systemd=no])
+
dnl ---
dnl ---
dnl --- Now that we have all the options, let's check for a valid build
@@ -495,6 +501,11 @@ AM_CONDITIONAL([ENABLE_DAEMON], [test "x$enable_daemon" = "xyes"])
dnl --- enable_library
AM_CONDITIONAL([ENABLE_LIBRARY], [test "x$enable_library" = "xyes"])
+dnl --- enable systemd and set unit dir
+AM_CONDITIONAL([ENABLE_SYSTEMD], [test "x$enable_systemd" = "xyes"])
+unitdir=$with_systemdsystemunitdir
+AC_SUBST(unitdir)
+
dnl --- enable_icatok
if test "x$enable_icatok" = "xyes"; then
if test "x$with_libica" != "xyes"; then
@@ -677,6 +688,7 @@ echo " Debug build: $enable_debug"
echo " Testcases: $enable_testcases"
echo " Daemon build: $enable_daemon"
echo " Library build: $enable_library"
+echo " Systemd service: $enable_systemd"
echo
echo "Enabled token types:"
echo " ICA token: $enable_icatok"
diff --git a/misc/Makefile.am b/misc/Makefile.am
index d0c6e9b..2954483 100644
--- a/misc/Makefile.am
+++ b/misc/Makefile.am
@@ -1,8 +1,17 @@
-initddir = $(sysconfdir)/rc.d/init.d
-
-EXTRA_DIST = pkcsslotd.in
+EXTRA_DIST = pkcsslotd.in pkcsslotd.service.in
if ENABLE_DAEMON
+if ENABLE_SYSTEMD
+servicedir = $(unitdir)
+service_SCRIPTS = pkcsslotd.service
+
+CLEANFILES = pkcsslotd.service
+
+pkcsslotd.service: pkcsslotd.service.in
+ @SED@ -e s!\@sbindir\@!"@sbindir@"!g < $< > $@-t
+ mv $@-t $@
+else
+initddir = $(sysconfdir)/rc.d/init.d
initd_SCRIPTS = pkcsslotd
CLEANFILES = pkcsslotd
@@ -12,3 +21,4 @@ pkcsslotd: pkcsslotd.in
@CHMOD@ a+x $@-t
mv $@-t $@
endif
+endif
diff --git a/misc/pkcsslotd.service.in b/misc/pkcsslotd.service.in
new file mode 100644
index 0000000..3e64363
--- /dev/null
+++ b/misc/pkcsslotd.service.in
@@ -0,0 +1,13 @@
+[Unit]
+Description=Daemon which manages cryptographic hardware tokens for the openCryptoki package
+After=syslog.target
+
+[Service]
+Type=forking
+PIDFile=/var/run/pkcsslotd.pid
+ExecStartPre=@sbindir@/pkcs11_startup
+ExecStart=@sbindir@/pkcsslotd
+
+[Install]
+WantedBy=multi-user.target
+
--
1.7.7.6

14
opencryptoki-2.4.2-locks.patch → opencryptoki-2.4.3-locks.patch
View File

@ -1,18 +1,4 @@
diff --git a/usr/Makefile.am b/usr/Makefile.am
index bced120..20352d5 100644
--- a/usr/Makefile.am
+++ b/usr/Makefile.am
@@ -5,6 +5,6 @@ endif
SUBDIRS = lib $(DAEMONDIRS)
install-data-hook:
- $(MKDIR_P) $(lockdir)
- $(CHGRP) pkcs11 $(lockdir)
- $(CHMOD) 0770 $(lockdir)
+ $(MKDIR_P) $(DESTDIR)$(lockdir)
+ $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)
+ $(CHMOD) 0770 $(DESTDIR)$(lockdir)
diff --git a/usr/Makefile.am b/usr/Makefile.am
index 20352d5..5d42b0f 100644
--- a/usr/Makefile.am
+++ b/usr/Makefile.am

29
opencryptoki.spec
View File

@ -2,25 +2,19 @@
Name: opencryptoki
Summary: Implementation of the PKCS#11 (Cryptoki) specification v2.11
Version: 2.4.2
Release: 4%{?dist}
Version: 2.4.3.1
Release: 1%{?dist}
License: CPL
Group: System Environment/Base
URL: http://sourceforge.net/projects/opencryptoki
Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}-tar.gz
Source1: %{name}-tmpfiles.conf
# the pkcs11 group is created and populated in scriptlet
Patch0: %{name}-2.3.2-do-not-create-group-in-pkcs11_startup.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=732756
Patch1: %{name}-2.4-group.patch
# convert from initscript to systemd unit
Patch2: %{name}-2.4.1-systemd.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=830129
Patch3: %{name}-2.4.1-830129.patch
# add pkcs_slot man page
Patch4: %{name}-2.4.1-man.patch
# fix locks dir installation
Patch5: %{name}-2.4.2-locks.patch
Patch2: %{name}-2.4.3-locks.patch
Requires(pre): shadow-utils coreutils sed
BuildRequires: openssl-devel
BuildRequires: trousers-devel
@ -146,13 +140,10 @@ cryptographic hardware such as IBM 4764 or 4765 that uses the
%prep
%setup -q
%setup -q -n %{name}-%{name}
%patch0 -p1
%patch1 -p1 -b .group
%patch2 -p1 -b .systemd
%patch3 -p1 -b .bz830129
%patch4 -p1 -b .man
%patch5 -p1 -b .locks
%patch2 -p1 -b .locks
# Upstream tarball has unnecessary executable perms set on the sources
find . -name '*.[ch]' -print0 | xargs -0 chmod -x
@ -161,7 +152,7 @@ find . -name '*.[ch]' -print0 | xargs -0 chmod -x
%build
./bootstrap.sh
%configure --with-systemdsystemunitdir=%{_unitdir} \
%configure --with-systemd=%{_unitdir} \
%ifarch s390 s390x
--enable-icatok --enable-ccatok
%else
@ -267,6 +258,12 @@ exit 0
%changelog
* Tue Jun 25 2013 Dan Horák <dan[at]danny.cz> - 2.4.3.1-1
- new upstream release 2.4.3.1
* Fri May 03 2013 Dan Horák <dan[at]danny.cz> - 2.4.3-1
- new upstream release 2.4.3
* Thu Apr 04 2013 Dan Horák <dan[at]danny.cz> - 2.4.2-4
- enable hardened build
- switch to systemd macros in scriptlets (#850240)

2
sources
View File

@ -1 +1 @@
ec020070237ef652e4e1dc06a642f717 opencryptoki-2.4.2.tar.gz
452227185f93a25e7664e2dfbc466ec4 opencryptoki-2.4.3.1-tar.gz