new upstream release 2.4.1

- convert from initscript to systemd unit - import fixes from RHEL-6 about root's group membership (#732756, #730903)
2012-02-27 13:14:18 +01:00 · 2012-02-27 13:14:18 +01:00 · ace0290fc4
parent 2387e87b9b
commit ace0290fc4
5 changed files with 190 additions and 38 deletions
--- a/.gitignore
+++ b/.gitignore
@ -2,3 +2,4 @@ opencryptoki-2.3.1.tar.gz
 /opencryptoki-2.3.2.tar.gz
 /opencryptoki-2.3.3.tar.gz
 /opencryptoki-2.4.tar.gz
+/opencryptoki-2.4.1.tar.gz
--- a/opencryptoki-2.4-group.patch
+++ b/opencryptoki-2.4-group.patch
@ -0,0 +1,47 @@
+diff -urp opencryptoki-2.4.orig/usr/lib/pkcs11/api/shrd_mem.c opencryptoki-2.4/usr/lib/pkcs11/api/shrd_mem.c
+--- opencryptoki-2.4.orig/usr/lib/pkcs11/api/shrd_mem.c.in	2011-08-15 08:17:14.000000000 -0400
+++ opencryptoki-2.4/usr/lib/pkcs11/api/shrd_mem.c.in	2011-08-15 10:22:49.000000000 -0400
+@@ -351,43 +351,6 @@ attach_shared_memory() {
+       return NULL;
+    }
+ 
+-
+-   // SAB check for the group id here and membership here as well
+-   grp = getgrnam("pkcs11");
+-   if ( grp ) {
+-        int i=0;
+-        char member=0;
+-
+-        pw = getpwuid(getuid());
+-
+-        epw = getpwuid(geteuid());
+-
+-        while( grp->gr_mem[i] ) {
+-           if (pw) {
+-             if ( strncmp(pw->pw_name, grp->gr_mem[i],strlen(pw->pw_name)) == 0 ){
+-                member = 1;
+-                break;
+-             }
+-           }
+-           if (epw) {
+-              if ( strncmp(epw->pw_name, grp->gr_mem[i],strlen(epw->pw_name)) == 0 ){
+-                  member = 1;
+-                  break; 
+-              }
+-           }
+-           i++;
+-        }
+-        if ( ! member ) {
+-             return NULL;  // SAB don't bother even attaching...
+-        }
+-
+-
+-   } else {
+-        return NULL;
+-   }
+-
+-
+-   
+    Anchor->shm_tok = ftok(TOK_PATH,'b');
+ 
+    // Get the shared memory id.
--- a/opencryptoki-2.4.1-systemd.patch
+++ b/opencryptoki-2.4.1-systemd.patch
@ -0,0 +1,104 @@
+From 5f9d27ae7180324a9a808790356d842df87ca695 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
+Date: Mon, 27 Feb 2012 11:43:49 +0100
+Subject: [PATCH] add support for systemd
+
+New configure parameter is introduced (--with-systemdsystemunitdir) and when set
+it means that systemd service file will be installed instead of the classis initscript.
+---
+ .gitignore                |    1 +
+ configure.in              |   12 ++++++++++++
+ misc/Makefile.am          |   16 +++++++++++++---
+ misc/pkcsslotd.service.in |   13 +++++++++++++
+ 4 files changed, 39 insertions(+), 3 deletions(-)
+ create mode 100644 misc/pkcsslotd.service.in
+
+diff --git a/configure.in b/configure.in
+index 483a092..577b148 100644
+--- a/configure.in
+++ b/configure.in
+@@ -175,6 +175,12 @@ AC_ARG_WITH([xcryptolinz],
+ 	[],
+ 	[with_xcryptolinz=check])
+ 
+dnl --- systemd system unit files location
+AC_ARG_WITH([systemdsystemunitdir],
+	AS_HELP_STRING([--with-systemdsystemunitdir@<:@=DIR@:>@],[systemd system unit files location]),
+	[enable_systemd=yes],
+	[enable_systemd=no])
+
+ dnl ---
+ dnl ---
+ dnl --- Now that we have all the options, let's check for a valid build
+@@ -495,6 +501,11 @@ AM_CONDITIONAL([ENABLE_DAEMON], [test "x$enable_daemon" = "xyes"])
+ dnl --- enable_library
+ AM_CONDITIONAL([ENABLE_LIBRARY], [test "x$enable_library" = "xyes"])
+ 
+dnl --- enable systemd and set unit dir
+AM_CONDITIONAL([ENABLE_SYSTEMD], [test "x$enable_systemd" = "xyes"])
+unitdir=$with_systemdsystemunitdir
+AC_SUBST(unitdir)
+
+ dnl --- enable_icatok
+ if test "x$enable_icatok" = "xyes"; then
+ 	if test "x$with_libica" != "xyes"; then
+@@ -677,6 +688,7 @@ echo "	Debug build:		$enable_debug"
+ echo "	Testcases:		$enable_testcases"
+ echo "	Daemon build:		$enable_daemon"
+ echo "	Library build:		$enable_library"
+echo "	Systemd service:        $enable_systemd"
+ echo
+ echo "Enabled token types:"
+ echo "	ICA token:		$enable_icatok"
+diff --git a/misc/Makefile.am b/misc/Makefile.am
+index d0c6e9b..2954483 100644
+--- a/misc/Makefile.am
+++ b/misc/Makefile.am
+@@ -1,8 +1,17 @@
+-initddir = $(sysconfdir)/rc.d/init.d
+-
+-EXTRA_DIST = pkcsslotd.in
+EXTRA_DIST = pkcsslotd.in pkcsslotd.service.in
+ 
+ if ENABLE_DAEMON
+if ENABLE_SYSTEMD
+servicedir = $(unitdir)
+service_SCRIPTS = pkcsslotd.service
+
+CLEANFILES = pkcsslotd.service
+
+pkcsslotd.service: pkcsslotd.service.in
+	@SED@ -e s!\@sbindir\@!"@sbindir@"!g < $< > $@-t
+	mv $@-t $@
+else
+initddir = $(sysconfdir)/rc.d/init.d
+ initd_SCRIPTS = pkcsslotd
+ 
+ CLEANFILES = pkcsslotd
+@@ -12,3 +21,4 @@ pkcsslotd: pkcsslotd.in
+ 	@CHMOD@ a+x $@-t
+ 	mv $@-t $@
+ endif
+endif
+diff --git a/misc/pkcsslotd.service.in b/misc/pkcsslotd.service.in
+new file mode 100644
+index 0000000..3e64363
+--- /dev/null
+++ b/misc/pkcsslotd.service.in
+@@ -0,0 +1,13 @@
+[Unit]
+Description=Daemon which manages cryptographic hardware tokens for the openCryptoki package
+After=syslog.target
+
+[Service]
+Type=forking
+PIDFile=/var/run/pkcsslotd.pid
+ExecStartPre=@sbindir@/pkcs11_startup
+ExecStart=@sbindir@/pkcsslotd
+
+[Install]
+WantedBy=multi-user.target
+
+-- 
+1.7.7.6
+
--- a/opencryptoki.spec
+++ b/opencryptoki.spec
@ -1,6 +1,6 @@
 Name:			opencryptoki
 Summary:		Implementation of the PKCS#11 (Cryptoki) specification v2.11
-Version:		2.4
+Version:		2.4.1
 Release:		1%{?dist}
 License:		CPL
 Group:			System Environment/Base
@ -8,20 +8,23 @@ URL:			http://sourceforge.net/projects/opencryptoki
 Source:			http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
 # the pkcs11 group is created and populated in scriptlet
 Patch0:			%{name}-2.3.2-do-not-create-group-in-pkcs11_startup.patch
-BuildRoot:		%(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
+# https://bugzilla.redhat.com/show_bug.cgi?id=732756
+Patch1:			%{name}-2.4-group.patch
+# convert from initscript to systemd unit
+Patch2:			%{name}-2.4.1-systemd.patch
 Requires(pre):		shadow-utils coreutils sed
-Requires(post):		chkconfig
-Requires(preun):	chkconfig
-# This is for /sbin/service
-Requires(preun):	initscripts
-Requires(postun):	initscripts
 BuildRequires:		openssl-devel
 BuildRequires:		trousers-devel
 BuildRequires:		autoconf automake libtool
+BuildRequires:		systemd-units
 %ifarch s390 s390x
 BuildRequires:		libica-devel >= 2.0
 %endif
 Requires:		%{name}-libs%{?_isa} = %{version}-%{release}
+Requires(post):		systemd-units
+Requires(preun):	systemd-units
+Requires(postun):	systemd-units
+

 %description
 Opencryptoki implements the PKCS#11 specification v2.11 for a set of
@ -130,6 +133,8 @@ cryptographic hardware such as IBM 4764 or 4765 that uses the
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p1 -b .group
+%patch2 -p1 -b .systemd

 # Upstream tarball has unnecessary executable perms set on the sources
 find . -name '*.[ch]' -print0 | xargs -0 chmod -x
@ -138,7 +143,7 @@ find . -name '*.[ch]' -print0 | xargs -0 chmod -x
 %build
 ./bootstrap.sh

-%configure	\
+%configure --with-systemdsystemunitdir=%{_unitdir}	\
 %ifarch s390 s390x
    --enable-icatok --enable-ccatok
 %else
@ -149,8 +154,6 @@ make %{?_smp_mflags}


 %install
-rm -rf $RPM_BUILD_ROOT
-
 make install DESTDIR=$RPM_BUILD_ROOT

 # Remove unwanted cruft
@ -158,10 +161,6 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/%{name}/*.la
 rm -f $RPM_BUILD_ROOT/%{_libdir}/%{name}/stdll/*.la


-%clean
-rm -rf $RPM_BUILD_ROOT
-
-
 %post libs -p /sbin/ldconfig
 %post swtok -p /sbin/ldconfig
 %post tpmtok -p /sbin/ldconfig
@ -178,16 +177,6 @@ rm -rf $RPM_BUILD_ROOT
 %postun ccatok -p /sbin/ldconfig
 %endif

-%post
-/sbin/chkconfig --add pkcsslotd
-exit 0
-
-%postun
-if [ "$1" -ge "1" ] ; then
-	/sbin/service pkcsslotd condrestart >/dev/null 2>&1
-fi
-exit 0
-
 %pre
 # Create pkcs11 group
 getent group pkcs11 >/dev/null || groupadd -r pkcs11
@ -195,19 +184,31 @@ getent group pkcs11 >/dev/null || groupadd -r pkcs11
 gpasswd -a root pkcs11
 exit 0

-%preun
-if [ "$1" = "0" ] ; then
-	/sbin/service pkcsslotd stop >/dev/null 2>&1
-	/sbin/chkconfig --del pkcsslotd
+%post
+if [ $1 -eq 1 ] ; then
+    # Initial installation
+    /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+fi
+
+%preun
+if [ $1 -eq 0 ] ; then
+    # Package removal, not upgrade
+    /bin/systemctl --no-reload disable pkcsslotd.service > /dev/null 2>&1 || :
+    /bin/systemctl stop pkcsslotd.service > /dev/null 2>&1 || :
+fi
+
+%postun
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+if [ $1 -ge 1 ] ; then
+    # Package upgrade, not uninstall
+    /bin/systemctl try-restart pkcsslotd.service >/dev/null 2>&1 || :
 fi
-exit 0


 %files
-%defattr(-,root,root,-)
 %doc ChangeLog FAQ README
 %doc doc/openCryptoki-HOWTO.pdf
-%{_initddir}/pkcsslotd
+%{_unitdir}/pkcsslotd.service
 %{_sbindir}/*
 %{_mandir}/man*/*
 %{_libdir}/opencryptoki/methods
@ -215,7 +216,6 @@ exit 0
 %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}

 %files libs
-%defattr(-,root,root,-)
 %doc LICENSE
 %{_sysconfdir}/ld.so.conf.d/*
 # Unversioned .so symlinks usually belong to -devel packages, but opencryptoki
@ -232,28 +232,23 @@ exit 0
 %{_libdir}/pkcs11/stdll

 %files devel
-%defattr(-,root,root,-)
 %{_includedir}/*

 %files swtok
-%defattr(-,root,root,-)
 %{_libdir}/opencryptoki/stdll/libpkcs11_sw.*
 %{_libdir}/opencryptoki/stdll/PKCS11_SW.so

 %files tpmtok
-%defattr(-,root,root,-)
 %doc doc/README.tpm_stdll
 %{_libdir}/opencryptoki/stdll/libpkcs11_tpm.*
 %{_libdir}/opencryptoki/stdll/PKCS11_TPM.so

 %ifarch s390 s390x
 %files icatok
-%defattr(-,root,root,-)
 %{_libdir}/opencryptoki/stdll/libpkcs11_ica.*
 %{_libdir}/opencryptoki/stdll/PKCS11_ICA.so

 %files ccatok
-%defattr(-,root,root,-)
 %doc doc/README-IBM_CCA_users
 %doc doc/README.cca_stdll
 %{_libdir}/opencryptoki/stdll/libpkcs11_cca.*
@ -262,6 +257,11 @@ exit 0


 %changelog
+* Sat Feb 25 2012 Dan Horák <dan[at]danny.cz> - 2.4.1-1
+- new upstream release 2.4.1
+- convert from initscript to systemd unit
+- import fixes from RHEL-6 about root's group membership (#732756, #730903)
+
 * Thu Jul 07 2011 Dan Horák <dan[at]danny.cz> - 2.4-1
 - new upstream release 2.4

--- a/2
+++ b/2
@ -1 +1 @@
-1c834a4c7380a352319cb47b99fc6157  opencryptoki-2.4.tar.gz
+165e91b70ae5c78bc34ea910ff91ea8f  opencryptoki-2.4.1.tar.gz