diff --git a/.gitignore b/.gitignore index e107b82..4570e26 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,5 @@ opencryptoki-2.3.1.tar.gz /opencryptoki-2.4.tar.gz /opencryptoki-2.4.1.tar.gz /opencryptoki-2.4.2.tar.gz +/opencryptoki-2.4.3.tar.gz +/opencryptoki-2.4.3.1-tar.gz diff --git a/opencryptoki-2.4.1-830129.patch b/opencryptoki-2.4.1-830129.patch deleted file mode 100644 index df404fa..0000000 --- a/opencryptoki-2.4.1-830129.patch +++ /dev/null @@ -1,99 +0,0 @@ -diff -X /root/gitignore -pburN opencryptoki-2.4.1/usr/lib/pkcs11/cca_stdll/h_extern.h opencryptoki-2.4.1-key/usr/lib/pkcs11/cca_stdll/h_extern.h ---- opencryptoki-2.4.1/usr/lib/pkcs11/cca_stdll/h_extern.h 2012-02-22 13:37:51.000000000 -0600 -+++ opencryptoki-2.4.1-key/usr/lib/pkcs11/cca_stdll/h_extern.h 2012-06-11 09:56:02.509036554 -0500 -@@ -1642,10 +1642,6 @@ CK_RV object_mgr_get_attribute_values - CK_RV object_mgr_get_object_size( CK_OBJECT_HANDLE handle, - CK_ULONG * size ); - --CK_BBOOL object_mgr_invalidate_handle1( CK_OBJECT_HANDLE handle ); -- --CK_BBOOL object_mgr_invalidate_handle2( OBJECT *obj ); -- - CK_BBOOL object_mgr_purge_session_objects( SESSION * sess, - SESS_OBJ_TYPE type ); - -diff -X /root/gitignore -pburN opencryptoki-2.4.1/usr/lib/pkcs11/common/h_extern.h opencryptoki-2.4.1-key/usr/lib/pkcs11/common/h_extern.h ---- opencryptoki-2.4.1/usr/lib/pkcs11/common/h_extern.h 2012-02-22 13:37:51.000000000 -0600 -+++ opencryptoki-2.4.1-key/usr/lib/pkcs11/common/h_extern.h 2012-06-11 09:56:02.510036534 -0500 -@@ -1955,10 +1955,6 @@ CK_RV object_mgr_get_attribute_values - CK_RV object_mgr_get_object_size( CK_OBJECT_HANDLE handle, - CK_ULONG * size ); - --CK_BBOOL object_mgr_invalidate_handle1( CK_OBJECT_HANDLE handle ); -- --CK_BBOOL object_mgr_invalidate_handle2( OBJECT *obj ); -- - CK_BBOOL object_mgr_purge_session_objects( SESSION * sess, - SESS_OBJ_TYPE type ); - -diff -X /root/gitignore -pburN opencryptoki-2.4.1/usr/lib/pkcs11/common/mech_ssl3.c opencryptoki-2.4.1-key/usr/lib/pkcs11/common/mech_ssl3.c ---- opencryptoki-2.4.1/usr/lib/pkcs11/common/mech_ssl3.c 2012-02-22 13:37:51.000000000 -0600 -+++ opencryptoki-2.4.1-key/usr/lib/pkcs11/common/mech_ssl3.c 2012-06-11 09:56:02.510036534 -0500 -@@ -1746,16 +1746,7 @@ ssl3_key_and_mac_derive( SESSION - #endif - } - -- return rc; -- - error: -- -- if (client_write_handle != 0) -- object_mgr_invalidate_handle1( client_write_handle ); -- -- if (server_write_handle != 0) -- object_mgr_invalidate_handle1( server_write_handle ); -- - return rc; - } - -@@ -1917,8 +1908,8 @@ ssl3_kmd_process_mac_keys( SESSION - return CKR_OK; - - error: -- if (*client_handle != 0) object_mgr_invalidate_handle1( *client_handle ); -- if (*server_handle != 0) object_mgr_invalidate_handle1( *server_handle ); -+ *client_handle = 0; -+ *server_handle = 0; - - if (client_obj) { - object_free( client_obj ); -@@ -2173,11 +2164,8 @@ ssl3_kmd_process_write_keys( SESSION - return CKR_OK; - - error: -- if (*client_handle != 0) -- object_mgr_invalidate_handle1( *client_handle ); -- -- if (*server_handle != 0) -- object_mgr_invalidate_handle1( *server_handle ); -+ *client_handle = 0; -+ *server_handle = 0; - - if (client_obj) - object_free( client_obj ); -diff -X /root/gitignore -pburN opencryptoki-2.4.1/usr/lib/pkcs11/tpm_stdll/h_extern.h opencryptoki-2.4.1-key/usr/lib/pkcs11/tpm_stdll/h_extern.h ---- opencryptoki-2.4.1/usr/lib/pkcs11/tpm_stdll/h_extern.h 2012-02-22 13:37:51.000000000 -0600 -+++ opencryptoki-2.4.1-key/usr/lib/pkcs11/tpm_stdll/h_extern.h 2012-06-11 09:56:02.511036516 -0500 -@@ -1533,10 +1533,6 @@ CK_RV object_mgr_get_attribute_values - CK_RV object_mgr_get_object_size( CK_OBJECT_HANDLE handle, - CK_ULONG * size ); - --CK_BBOOL object_mgr_invalidate_handle1( CK_OBJECT_HANDLE handle ); -- --CK_BBOOL object_mgr_invalidate_handle2( OBJECT *obj ); -- - CK_BBOOL object_mgr_purge_session_objects( SESSION * sess, - SESS_OBJ_TYPE type ); - -diff -X /root/gitignore -pburN opencryptoki-2.4.1/usr/lib/pkcs11/tpm_stdll/key_mgr.c opencryptoki-2.4.1-key/usr/lib/pkcs11/tpm_stdll/key_mgr.c ---- opencryptoki-2.4.1/usr/lib/pkcs11/tpm_stdll/key_mgr.c 2012-02-22 13:37:51.000000000 -0600 -+++ opencryptoki-2.4.1-key/usr/lib/pkcs11/tpm_stdll/key_mgr.c 2012-06-11 09:42:48.351005308 -0500 -@@ -844,7 +844,7 @@ key_mgr_unwrap_key( SESSION * - // - break; - default: -- OCK_LOG_ERROR(ERR_MECHANISM_INVALID); -+ OCK_LOG_ERR(ERR_MECHANISM_INVALID); - return CKR_MECHANISM_INVALID; - } - diff --git a/opencryptoki-2.4.1-man.patch b/opencryptoki-2.4.1-man.patch deleted file mode 100644 index fec3a0a..0000000 --- a/opencryptoki-2.4.1-man.patch +++ /dev/null @@ -1,49 +0,0 @@ -diff --git a/configure.in b/configure.in -index 483a092..083a766 100644 ---- a/configure.in -+++ b/configure.in -@@ -663,6 +663,7 @@ AC_CONFIG_FILES([Makefile usr/Makefile \ - man/Makefile \ - man/man1/Makefile \ - man/man1/pkcsconf.1 \ -+ man/man1/pkcs_slot.1 \ - man/man1/pkcs11_startup.1 \ - man/man5/Makefile \ - man/man5/pk_config_data.5 \ -diff --git a/man/man1/Makefile.am b/man/man1/Makefile.am -index 8f0e5ee..1560fec 100644 ---- a/man/man1/Makefile.am -+++ b/man/man1/Makefile.am -@@ -1,2 +1,2 @@ --man1_MANS=pkcs11_startup.1 pkcsconf.1 -+man1_MANS=pkcs11_startup.1 pkcs_slot.1 pkcsconf.1 - EXTRA_DIST = $(man1_MANS) -diff --git a/man/man1/pkcs_slot.1.in b/man/man1/pkcs_slot.1.in -new file mode 100644 -index 0000000..8d55c9a ---- /dev/null -+++ b/man/man1/pkcs_slot.1.in -@@ -0,0 +1,23 @@ -+.TH PKCS_SLOT 1 "February 2010" "@PACKAGE_VERSION@" "openCryptoki" -+.SH NAME -+pkcs_slot \- configuration program for opencryptoki -+.SH SYNOPSIS -+.B pkcs_slot -+\fIdevicenumber depth\fR -+.SH DESCRIPTION -+ -+This utility is used internal by pkcs11_startup. -+It writes the configuration file to disk as @localstatedir@/lib/opencryptoki/pk_config_data. -+ -+.SH "SEE ALSO" -+.PD 0 -+.TP -+\fBpkcs11_startup\fP(1), -+.TP -+\fBopencryptoki\fP(7), -+.TP -+\fBpkcsslotd\fP(8), -+.TP -+\fBpk_config_data\fP(5). -+.PD -+ diff --git a/opencryptoki-2.4.1-systemd.patch b/opencryptoki-2.4.1-systemd.patch deleted file mode 100644 index 5c0ac52..0000000 --- a/opencryptoki-2.4.1-systemd.patch +++ /dev/null @@ -1,104 +0,0 @@ -From 5f9d27ae7180324a9a808790356d842df87ca695 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Dan=20Hor=C3=A1k?= -Date: Mon, 27 Feb 2012 11:43:49 +0100 -Subject: [PATCH] add support for systemd - -New configure parameter is introduced (--with-systemdsystemunitdir) and when set -it means that systemd service file will be installed instead of the classis initscript. ---- - .gitignore | 1 + - configure.in | 12 ++++++++++++ - misc/Makefile.am | 16 +++++++++++++--- - misc/pkcsslotd.service.in | 13 +++++++++++++ - 4 files changed, 39 insertions(+), 3 deletions(-) - create mode 100644 misc/pkcsslotd.service.in - -diff --git a/configure.in b/configure.in -index 483a092..577b148 100644 ---- a/configure.in -+++ b/configure.in -@@ -175,6 +175,12 @@ AC_ARG_WITH([xcryptolinz], - [], - [with_xcryptolinz=check]) - -+dnl --- systemd system unit files location -+AC_ARG_WITH([systemdsystemunitdir], -+ AS_HELP_STRING([--with-systemdsystemunitdir@<:@=DIR@:>@],[systemd system unit files location]), -+ [enable_systemd=yes], -+ [enable_systemd=no]) -+ - dnl --- - dnl --- - dnl --- Now that we have all the options, let's check for a valid build -@@ -495,6 +501,11 @@ AM_CONDITIONAL([ENABLE_DAEMON], [test "x$enable_daemon" = "xyes"]) - dnl --- enable_library - AM_CONDITIONAL([ENABLE_LIBRARY], [test "x$enable_library" = "xyes"]) - -+dnl --- enable systemd and set unit dir -+AM_CONDITIONAL([ENABLE_SYSTEMD], [test "x$enable_systemd" = "xyes"]) -+unitdir=$with_systemdsystemunitdir -+AC_SUBST(unitdir) -+ - dnl --- enable_icatok - if test "x$enable_icatok" = "xyes"; then - if test "x$with_libica" != "xyes"; then -@@ -677,6 +688,7 @@ echo " Debug build: $enable_debug" - echo " Testcases: $enable_testcases" - echo " Daemon build: $enable_daemon" - echo " Library build: $enable_library" -+echo " Systemd service: $enable_systemd" - echo - echo "Enabled token types:" - echo " ICA token: $enable_icatok" -diff --git a/misc/Makefile.am b/misc/Makefile.am -index d0c6e9b..2954483 100644 ---- a/misc/Makefile.am -+++ b/misc/Makefile.am -@@ -1,8 +1,17 @@ --initddir = $(sysconfdir)/rc.d/init.d -- --EXTRA_DIST = pkcsslotd.in -+EXTRA_DIST = pkcsslotd.in pkcsslotd.service.in - - if ENABLE_DAEMON -+if ENABLE_SYSTEMD -+servicedir = $(unitdir) -+service_SCRIPTS = pkcsslotd.service -+ -+CLEANFILES = pkcsslotd.service -+ -+pkcsslotd.service: pkcsslotd.service.in -+ @SED@ -e s!\@sbindir\@!"@sbindir@"!g < $< > $@-t -+ mv $@-t $@ -+else -+initddir = $(sysconfdir)/rc.d/init.d - initd_SCRIPTS = pkcsslotd - - CLEANFILES = pkcsslotd -@@ -12,3 +21,4 @@ pkcsslotd: pkcsslotd.in - @CHMOD@ a+x $@-t - mv $@-t $@ - endif -+endif -diff --git a/misc/pkcsslotd.service.in b/misc/pkcsslotd.service.in -new file mode 100644 -index 0000000..3e64363 ---- /dev/null -+++ b/misc/pkcsslotd.service.in -@@ -0,0 +1,13 @@ -+[Unit] -+Description=Daemon which manages cryptographic hardware tokens for the openCryptoki package -+After=syslog.target -+ -+[Service] -+Type=forking -+PIDFile=/var/run/pkcsslotd.pid -+ExecStartPre=@sbindir@/pkcs11_startup -+ExecStart=@sbindir@/pkcsslotd -+ -+[Install] -+WantedBy=multi-user.target -+ --- -1.7.7.6 - diff --git a/opencryptoki-2.4.2-locks.patch b/opencryptoki-2.4.3-locks.patch similarity index 57% rename from opencryptoki-2.4.2-locks.patch rename to opencryptoki-2.4.3-locks.patch index 98a2fc5..8fa2c1f 100644 --- a/opencryptoki-2.4.2-locks.patch +++ b/opencryptoki-2.4.3-locks.patch @@ -1,18 +1,4 @@ diff --git a/usr/Makefile.am b/usr/Makefile.am -index bced120..20352d5 100644 ---- a/usr/Makefile.am -+++ b/usr/Makefile.am -@@ -5,6 +5,6 @@ endif - SUBDIRS = lib $(DAEMONDIRS) - - install-data-hook: -- $(MKDIR_P) $(lockdir) -- $(CHGRP) pkcs11 $(lockdir) -- $(CHMOD) 0770 $(lockdir) -+ $(MKDIR_P) $(DESTDIR)$(lockdir) -+ $(CHGRP) pkcs11 $(DESTDIR)$(lockdir) -+ $(CHMOD) 0770 $(DESTDIR)$(lockdir) -diff --git a/usr/Makefile.am b/usr/Makefile.am index 20352d5..5d42b0f 100644 --- a/usr/Makefile.am +++ b/usr/Makefile.am diff --git a/opencryptoki.spec b/opencryptoki.spec index 71b92bc..eb21a22 100644 --- a/opencryptoki.spec +++ b/opencryptoki.spec @@ -2,25 +2,19 @@ Name: opencryptoki Summary: Implementation of the PKCS#11 (Cryptoki) specification v2.11 -Version: 2.4.2 -Release: 4%{?dist} +Version: 2.4.3.1 +Release: 1%{?dist} License: CPL Group: System Environment/Base URL: http://sourceforge.net/projects/opencryptoki -Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz +Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}-tar.gz Source1: %{name}-tmpfiles.conf # the pkcs11 group is created and populated in scriptlet Patch0: %{name}-2.3.2-do-not-create-group-in-pkcs11_startup.patch # https://bugzilla.redhat.com/show_bug.cgi?id=732756 Patch1: %{name}-2.4-group.patch -# convert from initscript to systemd unit -Patch2: %{name}-2.4.1-systemd.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=830129 -Patch3: %{name}-2.4.1-830129.patch -# add pkcs_slot man page -Patch4: %{name}-2.4.1-man.patch # fix locks dir installation -Patch5: %{name}-2.4.2-locks.patch +Patch2: %{name}-2.4.3-locks.patch Requires(pre): shadow-utils coreutils sed BuildRequires: openssl-devel BuildRequires: trousers-devel @@ -146,13 +140,10 @@ cryptographic hardware such as IBM 4764 or 4765 that uses the %prep -%setup -q +%setup -q -n %{name}-%{name} %patch0 -p1 %patch1 -p1 -b .group -%patch2 -p1 -b .systemd -%patch3 -p1 -b .bz830129 -%patch4 -p1 -b .man -%patch5 -p1 -b .locks +%patch2 -p1 -b .locks # Upstream tarball has unnecessary executable perms set on the sources find . -name '*.[ch]' -print0 | xargs -0 chmod -x @@ -161,7 +152,7 @@ find . -name '*.[ch]' -print0 | xargs -0 chmod -x %build ./bootstrap.sh -%configure --with-systemdsystemunitdir=%{_unitdir} \ +%configure --with-systemd=%{_unitdir} \ %ifarch s390 s390x --enable-icatok --enable-ccatok %else @@ -267,6 +258,12 @@ exit 0 %changelog +* Tue Jun 25 2013 Dan Horák - 2.4.3.1-1 +- new upstream release 2.4.3.1 + +* Fri May 03 2013 Dan Horák - 2.4.3-1 +- new upstream release 2.4.3 + * Thu Apr 04 2013 Dan Horák - 2.4.2-4 - enable hardened build - switch to systemd macros in scriptlets (#850240) diff --git a/sources b/sources index a6205a8..c07f3dc 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -ec020070237ef652e4e1dc06a642f717 opencryptoki-2.4.2.tar.gz +452227185f93a25e7664e2dfbc466ec4 opencryptoki-2.4.3.1-tar.gz