diff --git a/.gitignore b/.gitignore index 775af6f..064d11e 100644 --- a/.gitignore +++ b/.gitignore @@ -19,3 +19,4 @@ opencryptoki-2.3.1.tar.gz /opencryptoki-3.8.2.tar.gz /opencryptoki-3.9.0.tar.gz /opencryptoki-3.10.0.tar.gz +/opencryptoki-3.11.0.tar.gz diff --git a/opencryptoki-2.4-group.patch b/opencryptoki-2.4-group.patch deleted file mode 100644 index dcabb60..0000000 --- a/opencryptoki-2.4-group.patch +++ /dev/null @@ -1,51 +0,0 @@ -diff -upr opencryptoki-3.7.0.orig/usr/lib/pkcs11/api/shrd_mem.c.in opencryptoki-3.7.0/usr/lib/pkcs11/api/shrd_mem.c.in ---- opencryptoki-3.7.0.orig/usr/lib/pkcs11/api/shrd_mem.c.in 2017-05-17 15:13:54.711536688 +0530 -+++ opencryptoki-3.7.0/usr/lib/pkcs11/api/shrd_mem.c.in 2017-05-17 15:22:27.758655055 +0530 -@@ -56,9 +56,6 @@ attach_shared_memory() { - int shmid; - char *shmp; - struct stat statbuf; -- struct group *grp; -- struct passwd *pw, *epw; -- uid_t uid, euid; - - #if !(MMAP) - // Really should fstat the tok_path, since it will be the actual -@@ -70,37 +67,6 @@ attach_shared_memory() { - return NULL; - } - -- uid = getuid(); -- euid = geteuid(); -- // only check group membership if not root user -- if (uid != 0 && euid != 0) { -- int i, member=0; -- grp = getgrnam("pkcs11"); -- if (!grp) { -- // group pkcs11 not known to the system -- return NULL; -- } -- pw = getpwuid(uid); -- epw = getpwuid(euid); -- for (i=0; grp->gr_mem[i]; i++) { -- if (pw) { -- if (!strncmp(pw->pw_name, grp->gr_mem[i],strlen(pw->pw_name))) { -- member = 1; -- break; -- } -- } -- if (epw) { -- if (!strncmp(epw->pw_name, grp->gr_mem[i],strlen(epw->pw_name))) { -- member = 1; -- break; -- } -- } -- } -- if (!member) { -- return NULL; -- } -- } -- - Anchor->shm_tok = ftok(TOK_PATH,'b'); - - // Get the shared memory id. diff --git a/opencryptoki-3.11.0-group.patch b/opencryptoki-3.11.0-group.patch new file mode 100644 index 0000000..e88b391 --- /dev/null +++ b/opencryptoki-3.11.0-group.patch @@ -0,0 +1,31 @@ +diff -up opencryptoki-3.11.0/usr/lib/api/shrd_mem.c.in.me opencryptoki-3.11.0/usr/lib/api/shrd_mem.c.in +--- opencryptoki-3.11.0/usr/lib/api/shrd_mem.c.in.me 2019-01-31 10:42:23.325797012 +0100 ++++ opencryptoki-3.11.0/usr/lib/api/shrd_mem.c.in 2019-01-31 10:52:17.585191667 +0100 +@@ -55,9 +55,11 @@ void *attach_shared_memory() + int shmid; + char *shmp; + struct stat statbuf; ++#if 0 + struct group *grp; + struct passwd *pw, *epw; + uid_t uid, euid; ++#endif + + #if !(MMAP) + // Really should fstat the tok_path, since it will be the actual +@@ -69,6 +71,7 @@ void *attach_shared_memory() + return NULL; + } + ++#if 0 + uid = getuid(); + euid = geteuid(); + // only check group membership if not root user +@@ -102,6 +105,7 @@ void *attach_shared_memory() + return NULL; + } + } ++#endif + + Anchor->shm_tok = ftok(TOK_PATH, 'b'); + diff --git a/opencryptoki-3.11.0-lockdir.patch b/opencryptoki-3.11.0-lockdir.patch new file mode 100644 index 0000000..936a654 --- /dev/null +++ b/opencryptoki-3.11.0-lockdir.patch @@ -0,0 +1,12 @@ +diff -up opencryptoki-3.11.0/configure.ac.me opencryptoki-3.11.0/configure.ac +--- opencryptoki-3.11.0/configure.ac.me 2019-01-30 17:10:19.660952694 +0100 ++++ opencryptoki-3.11.0/configure.ac 2019-01-30 17:13:54.150089964 +0100 +@@ -62,7 +62,7 @@ AC_SUBST([OPENLDAP_LIBS]) + + dnl Define custom variables + +-lockdir=$localstatedir/lock/opencryptoki ++lockdir=/run/lock/opencryptoki + AC_SUBST(lockdir) + + logdir=$localstatedir/log/opencryptoki diff --git a/opencryptoki.spec b/opencryptoki.spec index eb7767b..217d5ee 100644 --- a/opencryptoki.spec +++ b/opencryptoki.spec @@ -1,12 +1,14 @@ Name: opencryptoki Summary: Implementation of the PKCS#11 (Cryptoki) specification v2.11 -Version: 3.10.0 -Release: 2%{?dist} +Version: 3.11.0 +Release: 1%{?dist} License: CPL URL: http://sourceforge.net/projects/opencryptoki Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz # https://bugzilla.redhat.com/show_bug.cgi?id=732756 -Patch0: %{name}-2.4-group.patch +Patch0: opencryptoki-3.11.0-group.patch +#1373833, change tmpfiles snippets from /var/lock/* to /run/lock/* +Patch1: opencryptoki-3.11.0-lockdir.patch # Use --no-undefined to debug missing symbols #Patch100: %{name}-3.2-no-undefined.patch @@ -197,6 +199,9 @@ exit 0 %post %systemd_post pkcsslotd.service +if test $1 -eq 1; then + %tmpfiles_create +fi %preun %systemd_preun pkcsslotd.service @@ -222,8 +227,8 @@ exit 0 %{_libdir}/opencryptoki/methods %{_libdir}/pkcs11/methods %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name} -%dir %attr(770,root,pkcs11) %{_localstatedir}/lock/%{name} -%dir %attr(770,root,pkcs11) %{_localstatedir}/lock/%{name}/* +%ghost %dir %attr(770,root,pkcs11) %{_rundir}/lock/%{name} +%ghost %dir %attr(770,root,pkcs11) %{_rundir}/lock/%{name}/* %files libs %license LICENSE @@ -296,6 +301,11 @@ exit 0 %changelog +* Thu Jan 31 2019 Than Ngo - 3.11.0-1 +- Updated to 3.11.0 +- Resolved #1341079 - Failed to create directory or subvolume "/var/lock/opencryptoki" +- Ported root's group membership's patch for 3.11.0 + * Fri Jul 13 2018 Fedora Release Engineering - 3.10.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild diff --git a/sources b/sources index d6cff26..93156fd 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (opencryptoki-3.10.0.tar.gz) = 5c01c367be2db202f177ba5b586b4a16cd2cb2ff58d318d0168cb594b92e79fc7d5bc50318c427590deb74f3cd4cd5b588a636b2dd05ea11d98f946e793403e6 +SHA512 (opencryptoki-3.11.0.tar.gz) = 1a01fdb5daf613bc0fce366846015716986b7b8d1868901fb57e455fd93a985d8532e3565e417fe2aa59f2308bd11ac110de90d873b83e8547e36b9e1582f89b