new upstream release 2.4.1
- convert from initscript to systemd unit - import fixes from RHEL-6 about root's group membership (#732756, #730903)
This commit is contained in:
parent
2387e87b9b
commit
ace0290fc4
1
.gitignore
vendored
1
.gitignore
vendored
@ -2,3 +2,4 @@ opencryptoki-2.3.1.tar.gz
|
|||||||
/opencryptoki-2.3.2.tar.gz
|
/opencryptoki-2.3.2.tar.gz
|
||||||
/opencryptoki-2.3.3.tar.gz
|
/opencryptoki-2.3.3.tar.gz
|
||||||
/opencryptoki-2.4.tar.gz
|
/opencryptoki-2.4.tar.gz
|
||||||
|
/opencryptoki-2.4.1.tar.gz
|
||||||
|
47
opencryptoki-2.4-group.patch
Normal file
47
opencryptoki-2.4-group.patch
Normal file
@ -0,0 +1,47 @@
|
|||||||
|
diff -urp opencryptoki-2.4.orig/usr/lib/pkcs11/api/shrd_mem.c opencryptoki-2.4/usr/lib/pkcs11/api/shrd_mem.c
|
||||||
|
--- opencryptoki-2.4.orig/usr/lib/pkcs11/api/shrd_mem.c.in 2011-08-15 08:17:14.000000000 -0400
|
||||||
|
+++ opencryptoki-2.4/usr/lib/pkcs11/api/shrd_mem.c.in 2011-08-15 10:22:49.000000000 -0400
|
||||||
|
@@ -351,43 +351,6 @@ attach_shared_memory() {
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
-
|
||||||
|
- // SAB check for the group id here and membership here as well
|
||||||
|
- grp = getgrnam("pkcs11");
|
||||||
|
- if ( grp ) {
|
||||||
|
- int i=0;
|
||||||
|
- char member=0;
|
||||||
|
-
|
||||||
|
- pw = getpwuid(getuid());
|
||||||
|
-
|
||||||
|
- epw = getpwuid(geteuid());
|
||||||
|
-
|
||||||
|
- while( grp->gr_mem[i] ) {
|
||||||
|
- if (pw) {
|
||||||
|
- if ( strncmp(pw->pw_name, grp->gr_mem[i],strlen(pw->pw_name)) == 0 ){
|
||||||
|
- member = 1;
|
||||||
|
- break;
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
- if (epw) {
|
||||||
|
- if ( strncmp(epw->pw_name, grp->gr_mem[i],strlen(epw->pw_name)) == 0 ){
|
||||||
|
- member = 1;
|
||||||
|
- break;
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
- i++;
|
||||||
|
- }
|
||||||
|
- if ( ! member ) {
|
||||||
|
- return NULL; // SAB don't bother even attaching...
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
-
|
||||||
|
- } else {
|
||||||
|
- return NULL;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
-
|
||||||
|
-
|
||||||
|
Anchor->shm_tok = ftok(TOK_PATH,'b');
|
||||||
|
|
||||||
|
// Get the shared memory id.
|
104
opencryptoki-2.4.1-systemd.patch
Normal file
104
opencryptoki-2.4.1-systemd.patch
Normal file
@ -0,0 +1,104 @@
|
|||||||
|
From 5f9d27ae7180324a9a808790356d842df87ca695 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
|
||||||
|
Date: Mon, 27 Feb 2012 11:43:49 +0100
|
||||||
|
Subject: [PATCH] add support for systemd
|
||||||
|
|
||||||
|
New configure parameter is introduced (--with-systemdsystemunitdir) and when set
|
||||||
|
it means that systemd service file will be installed instead of the classis initscript.
|
||||||
|
---
|
||||||
|
.gitignore | 1 +
|
||||||
|
configure.in | 12 ++++++++++++
|
||||||
|
misc/Makefile.am | 16 +++++++++++++---
|
||||||
|
misc/pkcsslotd.service.in | 13 +++++++++++++
|
||||||
|
4 files changed, 39 insertions(+), 3 deletions(-)
|
||||||
|
create mode 100644 misc/pkcsslotd.service.in
|
||||||
|
|
||||||
|
diff --git a/configure.in b/configure.in
|
||||||
|
index 483a092..577b148 100644
|
||||||
|
--- a/configure.in
|
||||||
|
+++ b/configure.in
|
||||||
|
@@ -175,6 +175,12 @@ AC_ARG_WITH([xcryptolinz],
|
||||||
|
[],
|
||||||
|
[with_xcryptolinz=check])
|
||||||
|
|
||||||
|
+dnl --- systemd system unit files location
|
||||||
|
+AC_ARG_WITH([systemdsystemunitdir],
|
||||||
|
+ AS_HELP_STRING([--with-systemdsystemunitdir@<:@=DIR@:>@],[systemd system unit files location]),
|
||||||
|
+ [enable_systemd=yes],
|
||||||
|
+ [enable_systemd=no])
|
||||||
|
+
|
||||||
|
dnl ---
|
||||||
|
dnl ---
|
||||||
|
dnl --- Now that we have all the options, let's check for a valid build
|
||||||
|
@@ -495,6 +501,11 @@ AM_CONDITIONAL([ENABLE_DAEMON], [test "x$enable_daemon" = "xyes"])
|
||||||
|
dnl --- enable_library
|
||||||
|
AM_CONDITIONAL([ENABLE_LIBRARY], [test "x$enable_library" = "xyes"])
|
||||||
|
|
||||||
|
+dnl --- enable systemd and set unit dir
|
||||||
|
+AM_CONDITIONAL([ENABLE_SYSTEMD], [test "x$enable_systemd" = "xyes"])
|
||||||
|
+unitdir=$with_systemdsystemunitdir
|
||||||
|
+AC_SUBST(unitdir)
|
||||||
|
+
|
||||||
|
dnl --- enable_icatok
|
||||||
|
if test "x$enable_icatok" = "xyes"; then
|
||||||
|
if test "x$with_libica" != "xyes"; then
|
||||||
|
@@ -677,6 +688,7 @@ echo " Debug build: $enable_debug"
|
||||||
|
echo " Testcases: $enable_testcases"
|
||||||
|
echo " Daemon build: $enable_daemon"
|
||||||
|
echo " Library build: $enable_library"
|
||||||
|
+echo " Systemd service: $enable_systemd"
|
||||||
|
echo
|
||||||
|
echo "Enabled token types:"
|
||||||
|
echo " ICA token: $enable_icatok"
|
||||||
|
diff --git a/misc/Makefile.am b/misc/Makefile.am
|
||||||
|
index d0c6e9b..2954483 100644
|
||||||
|
--- a/misc/Makefile.am
|
||||||
|
+++ b/misc/Makefile.am
|
||||||
|
@@ -1,8 +1,17 @@
|
||||||
|
-initddir = $(sysconfdir)/rc.d/init.d
|
||||||
|
-
|
||||||
|
-EXTRA_DIST = pkcsslotd.in
|
||||||
|
+EXTRA_DIST = pkcsslotd.in pkcsslotd.service.in
|
||||||
|
|
||||||
|
if ENABLE_DAEMON
|
||||||
|
+if ENABLE_SYSTEMD
|
||||||
|
+servicedir = $(unitdir)
|
||||||
|
+service_SCRIPTS = pkcsslotd.service
|
||||||
|
+
|
||||||
|
+CLEANFILES = pkcsslotd.service
|
||||||
|
+
|
||||||
|
+pkcsslotd.service: pkcsslotd.service.in
|
||||||
|
+ @SED@ -e s!\@sbindir\@!"@sbindir@"!g < $< > $@-t
|
||||||
|
+ mv $@-t $@
|
||||||
|
+else
|
||||||
|
+initddir = $(sysconfdir)/rc.d/init.d
|
||||||
|
initd_SCRIPTS = pkcsslotd
|
||||||
|
|
||||||
|
CLEANFILES = pkcsslotd
|
||||||
|
@@ -12,3 +21,4 @@ pkcsslotd: pkcsslotd.in
|
||||||
|
@CHMOD@ a+x $@-t
|
||||||
|
mv $@-t $@
|
||||||
|
endif
|
||||||
|
+endif
|
||||||
|
diff --git a/misc/pkcsslotd.service.in b/misc/pkcsslotd.service.in
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000..3e64363
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/misc/pkcsslotd.service.in
|
||||||
|
@@ -0,0 +1,13 @@
|
||||||
|
+[Unit]
|
||||||
|
+Description=Daemon which manages cryptographic hardware tokens for the openCryptoki package
|
||||||
|
+After=syslog.target
|
||||||
|
+
|
||||||
|
+[Service]
|
||||||
|
+Type=forking
|
||||||
|
+PIDFile=/var/run/pkcsslotd.pid
|
||||||
|
+ExecStartPre=@sbindir@/pkcs11_startup
|
||||||
|
+ExecStart=@sbindir@/pkcsslotd
|
||||||
|
+
|
||||||
|
+[Install]
|
||||||
|
+WantedBy=multi-user.target
|
||||||
|
+
|
||||||
|
--
|
||||||
|
1.7.7.6
|
||||||
|
|
@ -1,6 +1,6 @@
|
|||||||
Name: opencryptoki
|
Name: opencryptoki
|
||||||
Summary: Implementation of the PKCS#11 (Cryptoki) specification v2.11
|
Summary: Implementation of the PKCS#11 (Cryptoki) specification v2.11
|
||||||
Version: 2.4
|
Version: 2.4.1
|
||||||
Release: 1%{?dist}
|
Release: 1%{?dist}
|
||||||
License: CPL
|
License: CPL
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
@ -8,20 +8,23 @@ URL: http://sourceforge.net/projects/opencryptoki
|
|||||||
Source: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
|
Source: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
|
||||||
# the pkcs11 group is created and populated in scriptlet
|
# the pkcs11 group is created and populated in scriptlet
|
||||||
Patch0: %{name}-2.3.2-do-not-create-group-in-pkcs11_startup.patch
|
Patch0: %{name}-2.3.2-do-not-create-group-in-pkcs11_startup.patch
|
||||||
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
|
# https://bugzilla.redhat.com/show_bug.cgi?id=732756
|
||||||
|
Patch1: %{name}-2.4-group.patch
|
||||||
|
# convert from initscript to systemd unit
|
||||||
|
Patch2: %{name}-2.4.1-systemd.patch
|
||||||
Requires(pre): shadow-utils coreutils sed
|
Requires(pre): shadow-utils coreutils sed
|
||||||
Requires(post): chkconfig
|
|
||||||
Requires(preun): chkconfig
|
|
||||||
# This is for /sbin/service
|
|
||||||
Requires(preun): initscripts
|
|
||||||
Requires(postun): initscripts
|
|
||||||
BuildRequires: openssl-devel
|
BuildRequires: openssl-devel
|
||||||
BuildRequires: trousers-devel
|
BuildRequires: trousers-devel
|
||||||
BuildRequires: autoconf automake libtool
|
BuildRequires: autoconf automake libtool
|
||||||
|
BuildRequires: systemd-units
|
||||||
%ifarch s390 s390x
|
%ifarch s390 s390x
|
||||||
BuildRequires: libica-devel >= 2.0
|
BuildRequires: libica-devel >= 2.0
|
||||||
%endif
|
%endif
|
||||||
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
|
Requires(post): systemd-units
|
||||||
|
Requires(preun): systemd-units
|
||||||
|
Requires(postun): systemd-units
|
||||||
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Opencryptoki implements the PKCS#11 specification v2.11 for a set of
|
Opencryptoki implements the PKCS#11 specification v2.11 for a set of
|
||||||
@ -130,6 +133,8 @@ cryptographic hardware such as IBM 4764 or 4765 that uses the
|
|||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
%patch0 -p1
|
%patch0 -p1
|
||||||
|
%patch1 -p1 -b .group
|
||||||
|
%patch2 -p1 -b .systemd
|
||||||
|
|
||||||
# Upstream tarball has unnecessary executable perms set on the sources
|
# Upstream tarball has unnecessary executable perms set on the sources
|
||||||
find . -name '*.[ch]' -print0 | xargs -0 chmod -x
|
find . -name '*.[ch]' -print0 | xargs -0 chmod -x
|
||||||
@ -138,7 +143,7 @@ find . -name '*.[ch]' -print0 | xargs -0 chmod -x
|
|||||||
%build
|
%build
|
||||||
./bootstrap.sh
|
./bootstrap.sh
|
||||||
|
|
||||||
%configure \
|
%configure --with-systemdsystemunitdir=%{_unitdir} \
|
||||||
%ifarch s390 s390x
|
%ifarch s390 s390x
|
||||||
--enable-icatok --enable-ccatok
|
--enable-icatok --enable-ccatok
|
||||||
%else
|
%else
|
||||||
@ -149,8 +154,6 @@ make %{?_smp_mflags}
|
|||||||
|
|
||||||
|
|
||||||
%install
|
%install
|
||||||
rm -rf $RPM_BUILD_ROOT
|
|
||||||
|
|
||||||
make install DESTDIR=$RPM_BUILD_ROOT
|
make install DESTDIR=$RPM_BUILD_ROOT
|
||||||
|
|
||||||
# Remove unwanted cruft
|
# Remove unwanted cruft
|
||||||
@ -158,10 +161,6 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/%{name}/*.la
|
|||||||
rm -f $RPM_BUILD_ROOT/%{_libdir}/%{name}/stdll/*.la
|
rm -f $RPM_BUILD_ROOT/%{_libdir}/%{name}/stdll/*.la
|
||||||
|
|
||||||
|
|
||||||
%clean
|
|
||||||
rm -rf $RPM_BUILD_ROOT
|
|
||||||
|
|
||||||
|
|
||||||
%post libs -p /sbin/ldconfig
|
%post libs -p /sbin/ldconfig
|
||||||
%post swtok -p /sbin/ldconfig
|
%post swtok -p /sbin/ldconfig
|
||||||
%post tpmtok -p /sbin/ldconfig
|
%post tpmtok -p /sbin/ldconfig
|
||||||
@ -178,16 +177,6 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%postun ccatok -p /sbin/ldconfig
|
%postun ccatok -p /sbin/ldconfig
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%post
|
|
||||||
/sbin/chkconfig --add pkcsslotd
|
|
||||||
exit 0
|
|
||||||
|
|
||||||
%postun
|
|
||||||
if [ "$1" -ge "1" ] ; then
|
|
||||||
/sbin/service pkcsslotd condrestart >/dev/null 2>&1
|
|
||||||
fi
|
|
||||||
exit 0
|
|
||||||
|
|
||||||
%pre
|
%pre
|
||||||
# Create pkcs11 group
|
# Create pkcs11 group
|
||||||
getent group pkcs11 >/dev/null || groupadd -r pkcs11
|
getent group pkcs11 >/dev/null || groupadd -r pkcs11
|
||||||
@ -195,19 +184,31 @@ getent group pkcs11 >/dev/null || groupadd -r pkcs11
|
|||||||
gpasswd -a root pkcs11
|
gpasswd -a root pkcs11
|
||||||
exit 0
|
exit 0
|
||||||
|
|
||||||
%preun
|
%post
|
||||||
if [ "$1" = "0" ] ; then
|
if [ $1 -eq 1 ] ; then
|
||||||
/sbin/service pkcsslotd stop >/dev/null 2>&1
|
# Initial installation
|
||||||
/sbin/chkconfig --del pkcsslotd
|
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
|
||||||
|
fi
|
||||||
|
|
||||||
|
%preun
|
||||||
|
if [ $1 -eq 0 ] ; then
|
||||||
|
# Package removal, not upgrade
|
||||||
|
/bin/systemctl --no-reload disable pkcsslotd.service > /dev/null 2>&1 || :
|
||||||
|
/bin/systemctl stop pkcsslotd.service > /dev/null 2>&1 || :
|
||||||
|
fi
|
||||||
|
|
||||||
|
%postun
|
||||||
|
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
|
||||||
|
if [ $1 -ge 1 ] ; then
|
||||||
|
# Package upgrade, not uninstall
|
||||||
|
/bin/systemctl try-restart pkcsslotd.service >/dev/null 2>&1 || :
|
||||||
fi
|
fi
|
||||||
exit 0
|
|
||||||
|
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%defattr(-,root,root,-)
|
|
||||||
%doc ChangeLog FAQ README
|
%doc ChangeLog FAQ README
|
||||||
%doc doc/openCryptoki-HOWTO.pdf
|
%doc doc/openCryptoki-HOWTO.pdf
|
||||||
%{_initddir}/pkcsslotd
|
%{_unitdir}/pkcsslotd.service
|
||||||
%{_sbindir}/*
|
%{_sbindir}/*
|
||||||
%{_mandir}/man*/*
|
%{_mandir}/man*/*
|
||||||
%{_libdir}/opencryptoki/methods
|
%{_libdir}/opencryptoki/methods
|
||||||
@ -215,7 +216,6 @@ exit 0
|
|||||||
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}
|
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}
|
||||||
|
|
||||||
%files libs
|
%files libs
|
||||||
%defattr(-,root,root,-)
|
|
||||||
%doc LICENSE
|
%doc LICENSE
|
||||||
%{_sysconfdir}/ld.so.conf.d/*
|
%{_sysconfdir}/ld.so.conf.d/*
|
||||||
# Unversioned .so symlinks usually belong to -devel packages, but opencryptoki
|
# Unversioned .so symlinks usually belong to -devel packages, but opencryptoki
|
||||||
@ -232,28 +232,23 @@ exit 0
|
|||||||
%{_libdir}/pkcs11/stdll
|
%{_libdir}/pkcs11/stdll
|
||||||
|
|
||||||
%files devel
|
%files devel
|
||||||
%defattr(-,root,root,-)
|
|
||||||
%{_includedir}/*
|
%{_includedir}/*
|
||||||
|
|
||||||
%files swtok
|
%files swtok
|
||||||
%defattr(-,root,root,-)
|
|
||||||
%{_libdir}/opencryptoki/stdll/libpkcs11_sw.*
|
%{_libdir}/opencryptoki/stdll/libpkcs11_sw.*
|
||||||
%{_libdir}/opencryptoki/stdll/PKCS11_SW.so
|
%{_libdir}/opencryptoki/stdll/PKCS11_SW.so
|
||||||
|
|
||||||
%files tpmtok
|
%files tpmtok
|
||||||
%defattr(-,root,root,-)
|
|
||||||
%doc doc/README.tpm_stdll
|
%doc doc/README.tpm_stdll
|
||||||
%{_libdir}/opencryptoki/stdll/libpkcs11_tpm.*
|
%{_libdir}/opencryptoki/stdll/libpkcs11_tpm.*
|
||||||
%{_libdir}/opencryptoki/stdll/PKCS11_TPM.so
|
%{_libdir}/opencryptoki/stdll/PKCS11_TPM.so
|
||||||
|
|
||||||
%ifarch s390 s390x
|
%ifarch s390 s390x
|
||||||
%files icatok
|
%files icatok
|
||||||
%defattr(-,root,root,-)
|
|
||||||
%{_libdir}/opencryptoki/stdll/libpkcs11_ica.*
|
%{_libdir}/opencryptoki/stdll/libpkcs11_ica.*
|
||||||
%{_libdir}/opencryptoki/stdll/PKCS11_ICA.so
|
%{_libdir}/opencryptoki/stdll/PKCS11_ICA.so
|
||||||
|
|
||||||
%files ccatok
|
%files ccatok
|
||||||
%defattr(-,root,root,-)
|
|
||||||
%doc doc/README-IBM_CCA_users
|
%doc doc/README-IBM_CCA_users
|
||||||
%doc doc/README.cca_stdll
|
%doc doc/README.cca_stdll
|
||||||
%{_libdir}/opencryptoki/stdll/libpkcs11_cca.*
|
%{_libdir}/opencryptoki/stdll/libpkcs11_cca.*
|
||||||
@ -262,6 +257,11 @@ exit 0
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sat Feb 25 2012 Dan Horák <dan[at]danny.cz> - 2.4.1-1
|
||||||
|
- new upstream release 2.4.1
|
||||||
|
- convert from initscript to systemd unit
|
||||||
|
- import fixes from RHEL-6 about root's group membership (#732756, #730903)
|
||||||
|
|
||||||
* Thu Jul 07 2011 Dan Horák <dan[at]danny.cz> - 2.4-1
|
* Thu Jul 07 2011 Dan Horák <dan[at]danny.cz> - 2.4-1
|
||||||
- new upstream release 2.4
|
- new upstream release 2.4
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user