From ace0290fc4125e49979028052372945db7019ed1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dan=20Hor=C3=A1k?= Date: Mon, 27 Feb 2012 13:14:18 +0100 Subject: [PATCH] new upstream release 2.4.1 - convert from initscript to systemd unit - import fixes from RHEL-6 about root's group membership (#732756, #730903) --- .gitignore | 1 + opencryptoki-2.4-group.patch | 47 ++++++++++++++ opencryptoki-2.4.1-systemd.patch | 104 +++++++++++++++++++++++++++++++ opencryptoki.spec | 74 +++++++++++----------- sources | 2 +- 5 files changed, 190 insertions(+), 38 deletions(-) create mode 100644 opencryptoki-2.4-group.patch create mode 100644 opencryptoki-2.4.1-systemd.patch diff --git a/.gitignore b/.gitignore index eb45dcf..f69b4ec 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ opencryptoki-2.3.1.tar.gz /opencryptoki-2.3.2.tar.gz /opencryptoki-2.3.3.tar.gz /opencryptoki-2.4.tar.gz +/opencryptoki-2.4.1.tar.gz diff --git a/opencryptoki-2.4-group.patch b/opencryptoki-2.4-group.patch new file mode 100644 index 0000000..abaa592 --- /dev/null +++ b/opencryptoki-2.4-group.patch @@ -0,0 +1,47 @@ +diff -urp opencryptoki-2.4.orig/usr/lib/pkcs11/api/shrd_mem.c opencryptoki-2.4/usr/lib/pkcs11/api/shrd_mem.c +--- opencryptoki-2.4.orig/usr/lib/pkcs11/api/shrd_mem.c.in 2011-08-15 08:17:14.000000000 -0400 ++++ opencryptoki-2.4/usr/lib/pkcs11/api/shrd_mem.c.in 2011-08-15 10:22:49.000000000 -0400 +@@ -351,43 +351,6 @@ attach_shared_memory() { + return NULL; + } + +- +- // SAB check for the group id here and membership here as well +- grp = getgrnam("pkcs11"); +- if ( grp ) { +- int i=0; +- char member=0; +- +- pw = getpwuid(getuid()); +- +- epw = getpwuid(geteuid()); +- +- while( grp->gr_mem[i] ) { +- if (pw) { +- if ( strncmp(pw->pw_name, grp->gr_mem[i],strlen(pw->pw_name)) == 0 ){ +- member = 1; +- break; +- } +- } +- if (epw) { +- if ( strncmp(epw->pw_name, grp->gr_mem[i],strlen(epw->pw_name)) == 0 ){ +- member = 1; +- break; +- } +- } +- i++; +- } +- if ( ! member ) { +- return NULL; // SAB don't bother even attaching... +- } +- +- +- } else { +- return NULL; +- } +- +- +- + Anchor->shm_tok = ftok(TOK_PATH,'b'); + + // Get the shared memory id. diff --git a/opencryptoki-2.4.1-systemd.patch b/opencryptoki-2.4.1-systemd.patch new file mode 100644 index 0000000..5c0ac52 --- /dev/null +++ b/opencryptoki-2.4.1-systemd.patch @@ -0,0 +1,104 @@ +From 5f9d27ae7180324a9a808790356d842df87ca695 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Dan=20Hor=C3=A1k?= +Date: Mon, 27 Feb 2012 11:43:49 +0100 +Subject: [PATCH] add support for systemd + +New configure parameter is introduced (--with-systemdsystemunitdir) and when set +it means that systemd service file will be installed instead of the classis initscript. +--- + .gitignore | 1 + + configure.in | 12 ++++++++++++ + misc/Makefile.am | 16 +++++++++++++--- + misc/pkcsslotd.service.in | 13 +++++++++++++ + 4 files changed, 39 insertions(+), 3 deletions(-) + create mode 100644 misc/pkcsslotd.service.in + +diff --git a/configure.in b/configure.in +index 483a092..577b148 100644 +--- a/configure.in ++++ b/configure.in +@@ -175,6 +175,12 @@ AC_ARG_WITH([xcryptolinz], + [], + [with_xcryptolinz=check]) + ++dnl --- systemd system unit files location ++AC_ARG_WITH([systemdsystemunitdir], ++ AS_HELP_STRING([--with-systemdsystemunitdir@<:@=DIR@:>@],[systemd system unit files location]), ++ [enable_systemd=yes], ++ [enable_systemd=no]) ++ + dnl --- + dnl --- + dnl --- Now that we have all the options, let's check for a valid build +@@ -495,6 +501,11 @@ AM_CONDITIONAL([ENABLE_DAEMON], [test "x$enable_daemon" = "xyes"]) + dnl --- enable_library + AM_CONDITIONAL([ENABLE_LIBRARY], [test "x$enable_library" = "xyes"]) + ++dnl --- enable systemd and set unit dir ++AM_CONDITIONAL([ENABLE_SYSTEMD], [test "x$enable_systemd" = "xyes"]) ++unitdir=$with_systemdsystemunitdir ++AC_SUBST(unitdir) ++ + dnl --- enable_icatok + if test "x$enable_icatok" = "xyes"; then + if test "x$with_libica" != "xyes"; then +@@ -677,6 +688,7 @@ echo " Debug build: $enable_debug" + echo " Testcases: $enable_testcases" + echo " Daemon build: $enable_daemon" + echo " Library build: $enable_library" ++echo " Systemd service: $enable_systemd" + echo + echo "Enabled token types:" + echo " ICA token: $enable_icatok" +diff --git a/misc/Makefile.am b/misc/Makefile.am +index d0c6e9b..2954483 100644 +--- a/misc/Makefile.am ++++ b/misc/Makefile.am +@@ -1,8 +1,17 @@ +-initddir = $(sysconfdir)/rc.d/init.d +- +-EXTRA_DIST = pkcsslotd.in ++EXTRA_DIST = pkcsslotd.in pkcsslotd.service.in + + if ENABLE_DAEMON ++if ENABLE_SYSTEMD ++servicedir = $(unitdir) ++service_SCRIPTS = pkcsslotd.service ++ ++CLEANFILES = pkcsslotd.service ++ ++pkcsslotd.service: pkcsslotd.service.in ++ @SED@ -e s!\@sbindir\@!"@sbindir@"!g < $< > $@-t ++ mv $@-t $@ ++else ++initddir = $(sysconfdir)/rc.d/init.d + initd_SCRIPTS = pkcsslotd + + CLEANFILES = pkcsslotd +@@ -12,3 +21,4 @@ pkcsslotd: pkcsslotd.in + @CHMOD@ a+x $@-t + mv $@-t $@ + endif ++endif +diff --git a/misc/pkcsslotd.service.in b/misc/pkcsslotd.service.in +new file mode 100644 +index 0000000..3e64363 +--- /dev/null ++++ b/misc/pkcsslotd.service.in +@@ -0,0 +1,13 @@ ++[Unit] ++Description=Daemon which manages cryptographic hardware tokens for the openCryptoki package ++After=syslog.target ++ ++[Service] ++Type=forking ++PIDFile=/var/run/pkcsslotd.pid ++ExecStartPre=@sbindir@/pkcs11_startup ++ExecStart=@sbindir@/pkcsslotd ++ ++[Install] ++WantedBy=multi-user.target ++ +-- +1.7.7.6 + diff --git a/opencryptoki.spec b/opencryptoki.spec index ba9557d..1efe890 100644 --- a/opencryptoki.spec +++ b/opencryptoki.spec @@ -1,6 +1,6 @@ Name: opencryptoki Summary: Implementation of the PKCS#11 (Cryptoki) specification v2.11 -Version: 2.4 +Version: 2.4.1 Release: 1%{?dist} License: CPL Group: System Environment/Base @@ -8,20 +8,23 @@ URL: http://sourceforge.net/projects/opencryptoki Source: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz # the pkcs11 group is created and populated in scriptlet Patch0: %{name}-2.3.2-do-not-create-group-in-pkcs11_startup.patch -BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) +# https://bugzilla.redhat.com/show_bug.cgi?id=732756 +Patch1: %{name}-2.4-group.patch +# convert from initscript to systemd unit +Patch2: %{name}-2.4.1-systemd.patch Requires(pre): shadow-utils coreutils sed -Requires(post): chkconfig -Requires(preun): chkconfig -# This is for /sbin/service -Requires(preun): initscripts -Requires(postun): initscripts BuildRequires: openssl-devel BuildRequires: trousers-devel BuildRequires: autoconf automake libtool +BuildRequires: systemd-units %ifarch s390 s390x BuildRequires: libica-devel >= 2.0 %endif Requires: %{name}-libs%{?_isa} = %{version}-%{release} +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units + %description Opencryptoki implements the PKCS#11 specification v2.11 for a set of @@ -130,6 +133,8 @@ cryptographic hardware such as IBM 4764 or 4765 that uses the %prep %setup -q %patch0 -p1 +%patch1 -p1 -b .group +%patch2 -p1 -b .systemd # Upstream tarball has unnecessary executable perms set on the sources find . -name '*.[ch]' -print0 | xargs -0 chmod -x @@ -138,7 +143,7 @@ find . -name '*.[ch]' -print0 | xargs -0 chmod -x %build ./bootstrap.sh -%configure \ +%configure --with-systemdsystemunitdir=%{_unitdir} \ %ifarch s390 s390x --enable-icatok --enable-ccatok %else @@ -149,8 +154,6 @@ make %{?_smp_mflags} %install -rm -rf $RPM_BUILD_ROOT - make install DESTDIR=$RPM_BUILD_ROOT # Remove unwanted cruft @@ -158,10 +161,6 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/%{name}/*.la rm -f $RPM_BUILD_ROOT/%{_libdir}/%{name}/stdll/*.la -%clean -rm -rf $RPM_BUILD_ROOT - - %post libs -p /sbin/ldconfig %post swtok -p /sbin/ldconfig %post tpmtok -p /sbin/ldconfig @@ -178,16 +177,6 @@ rm -rf $RPM_BUILD_ROOT %postun ccatok -p /sbin/ldconfig %endif -%post -/sbin/chkconfig --add pkcsslotd -exit 0 - -%postun -if [ "$1" -ge "1" ] ; then - /sbin/service pkcsslotd condrestart >/dev/null 2>&1 -fi -exit 0 - %pre # Create pkcs11 group getent group pkcs11 >/dev/null || groupadd -r pkcs11 @@ -195,19 +184,31 @@ getent group pkcs11 >/dev/null || groupadd -r pkcs11 gpasswd -a root pkcs11 exit 0 -%preun -if [ "$1" = "0" ] ; then - /sbin/service pkcsslotd stop >/dev/null 2>&1 - /sbin/chkconfig --del pkcsslotd +%post +if [ $1 -eq 1 ] ; then + # Initial installation + /bin/systemctl daemon-reload >/dev/null 2>&1 || : +fi + +%preun +if [ $1 -eq 0 ] ; then + # Package removal, not upgrade + /bin/systemctl --no-reload disable pkcsslotd.service > /dev/null 2>&1 || : + /bin/systemctl stop pkcsslotd.service > /dev/null 2>&1 || : +fi + +%postun +/bin/systemctl daemon-reload >/dev/null 2>&1 || : +if [ $1 -ge 1 ] ; then + # Package upgrade, not uninstall + /bin/systemctl try-restart pkcsslotd.service >/dev/null 2>&1 || : fi -exit 0 %files -%defattr(-,root,root,-) %doc ChangeLog FAQ README %doc doc/openCryptoki-HOWTO.pdf -%{_initddir}/pkcsslotd +%{_unitdir}/pkcsslotd.service %{_sbindir}/* %{_mandir}/man*/* %{_libdir}/opencryptoki/methods @@ -215,7 +216,6 @@ exit 0 %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name} %files libs -%defattr(-,root,root,-) %doc LICENSE %{_sysconfdir}/ld.so.conf.d/* # Unversioned .so symlinks usually belong to -devel packages, but opencryptoki @@ -232,28 +232,23 @@ exit 0 %{_libdir}/pkcs11/stdll %files devel -%defattr(-,root,root,-) %{_includedir}/* %files swtok -%defattr(-,root,root,-) %{_libdir}/opencryptoki/stdll/libpkcs11_sw.* %{_libdir}/opencryptoki/stdll/PKCS11_SW.so %files tpmtok -%defattr(-,root,root,-) %doc doc/README.tpm_stdll %{_libdir}/opencryptoki/stdll/libpkcs11_tpm.* %{_libdir}/opencryptoki/stdll/PKCS11_TPM.so %ifarch s390 s390x %files icatok -%defattr(-,root,root,-) %{_libdir}/opencryptoki/stdll/libpkcs11_ica.* %{_libdir}/opencryptoki/stdll/PKCS11_ICA.so %files ccatok -%defattr(-,root,root,-) %doc doc/README-IBM_CCA_users %doc doc/README.cca_stdll %{_libdir}/opencryptoki/stdll/libpkcs11_cca.* @@ -262,6 +257,11 @@ exit 0 %changelog +* Sat Feb 25 2012 Dan Horák - 2.4.1-1 +- new upstream release 2.4.1 +- convert from initscript to systemd unit +- import fixes from RHEL-6 about root's group membership (#732756, #730903) + * Thu Jul 07 2011 Dan Horák - 2.4-1 - new upstream release 2.4 diff --git a/sources b/sources index be502bc..8f92251 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -1c834a4c7380a352319cb47b99fc6157 opencryptoki-2.4.tar.gz +165e91b70ae5c78bc34ea910ff91ea8f opencryptoki-2.4.1.tar.gz