From bd916012f9744580fa278cf01d8f77fb1e670c5c Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Wed, 10 Sep 2014 16:08:11 +0200 Subject: [PATCH] - new upstream release 3.2 --- .gitignore | 1 + opencryptoki-3.2-conditional-manpages.patch | 18 +++++++ opencryptoki.spec | 56 +++++++++++++++++---- sources | 2 +- 4 files changed, 66 insertions(+), 11 deletions(-) create mode 100644 opencryptoki-3.2-conditional-manpages.patch diff --git a/.gitignore b/.gitignore index 903742e..a6d1ebb 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,4 @@ opencryptoki-2.3.1.tar.gz /opencryptoki-2.4.3.1-tar.gz /opencryptoki-v3.0.tar.gz /opencryptoki-v3.1.tgz +/opencryptoki-v3.2.tgz diff --git a/opencryptoki-3.2-conditional-manpages.patch b/opencryptoki-3.2-conditional-manpages.patch new file mode 100644 index 0000000..0e15fdc --- /dev/null +++ b/opencryptoki-3.2-conditional-manpages.patch @@ -0,0 +1,18 @@ +diff --git a/man/man1/Makefile.am b/man/man1/Makefile.am +index f2274d7..d98ae8c 100644 +--- a/man/man1/Makefile.am ++++ b/man/man1/Makefile.am +@@ -1,3 +1,12 @@ +-man1_MANS=pkcsconf.1 pkcsicsf.1 pkcsep11_migrate.1 pkcscca.1 ++man1_MANS=pkcsconf.1 pkcsicsf.1 ++ ++if ENABLE_PKCSEP11_MIGRATE ++man1_MANS += pkcsep11_migrate.1 ++endif ++ ++if ENABLE_CCATOK ++man1_MANS += pkcscca.1 ++endif ++ + EXTRA_DIST = $(man1_MANS) + CLEANFILES = $(man1_MANS) diff --git a/opencryptoki.spec b/opencryptoki.spec index 96e3966..7b50ade 100644 --- a/opencryptoki.spec +++ b/opencryptoki.spec @@ -2,8 +2,8 @@ Name: opencryptoki Summary: Implementation of the PKCS#11 (Cryptoki) specification v2.11 -Version: 3.1 -Release: 2%{?dist} +Version: 3.2 +Release: 1%{?dist} License: CPL Group: System Environment/Base URL: http://sourceforge.net/projects/opencryptoki @@ -11,6 +11,8 @@ Source0: http://downloads.sourceforge.net/%{name}/%{name}-v%{version}.tgz Source1: %{name}-tmpfiles.conf # https://bugzilla.redhat.com/show_bug.cgi?id=732756 Patch0: %{name}-2.4-group.patch +# do not install pkcsep11_migrate.1 and pkcscca.1 when it's not enabled +Patch1: %{name}-3.2-conditional-manpages.patch Requires(pre): shadow-utils coreutils sed BuildRequires: openssl-devel BuildRequires: trousers-devel @@ -19,7 +21,7 @@ BuildRequires: autoconf automake libtool BuildRequires: bison flex BuildRequires: systemd %ifarch s390 s390x -BuildRequires: libica-devel >= 2.0 +BuildRequires: libica-devel >= 2.3 %endif Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release} Requires: %{name}-libs%{?_isa} = %{version}-%{release} @@ -41,7 +43,6 @@ This package contains the Slot Daemon (pkcsslotd) and general utilities. %package libs Group: System Environment/Libraries Summary: The run-time libraries for opencryptoki package -Requires: %{name}%{?_isa} = %{version}-%{release} %description libs Opencryptoki implements the PKCS#11 specification v2.11 for a set of @@ -151,12 +152,31 @@ This package brings the necessary libraries and files to support CCA devices in the opencryptoki stack. CCA is an interface to IBM cryptographic hardware such as IBM 4764 or 4765 that uses the "co-processor" or "secure-key" path. + +%package ep11tok +Group: System Environment/Libraries +Summary: CCA cryptographic devices (secure-key) support for opencryptoki +Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release} +Requires: %{name}-libs%{?_isa} = %{version}-%{release} +Provides: %{name}(token) + +%description ep11tok +Opencryptoki implements the PKCS#11 specification v2.11 for a set of +cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the +Trusted Platform Module (TPM) chip. Opencryptoki also brings a software +token implementation that can be used without any cryptographic +hardware. +This package brings the necessary libraries and files to support EP11 +tokens in the opencryptoki stack. The EP11 token is a token that uses +the IBM Crypto Express adapters (starting with Crypto Express 4S adapters) +configured with Enterprise PKCS#11 (EP11) firmware. %endif %prep %setup -q -n %{name} %patch0 -p1 -b .group +%patch1 -p1 -b .man # Upstream tarball has unnecessary executable perms set on the sources find . -name '*.[ch]' -print0 | xargs -0 chmod -x @@ -164,7 +184,7 @@ find . -name '*.[ch]' -print0 | xargs -0 chmod -x # append token specific subdirs to tmpfiles.d config token_subdirs="icsf swtok tpm" %ifarch s390 s390x -token_subdirs="$token_subdirs lite ccatok" +token_subdirs="$token_subdirs lite ccatok ep11tok" %endif cp -p %{SOURCE1} %{name}-tmpfiles.conf @@ -179,9 +199,9 @@ done %configure --with-systemd=%{_unitdir} \ %ifarch s390 s390x - --enable-icatok --enable-ccatok + --enable-icatok --enable-ccatok --enable-ep11tok --enable-pkcsep11_migrate %else - --disable-icatok --disable-ccatok + --disable-icatok --disable-ccatok --disable-ep11tok --disable-pkcsep11_migrate --disable-pkcscca_migrate %endif make %{?_smp_mflags} CHGRP=/bin/true @@ -206,6 +226,7 @@ install -m 0644 %{name}-tmpfiles.conf $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d/% %ifarch s390 s390x %post icatok -p /sbin/ldconfig %post ccatok -p /sbin/ldconfig +%post ep11tok -p /sbin/ldconfig %endif %postun libs -p /sbin/ldconfig @@ -215,6 +236,7 @@ install -m 0644 %{name}-tmpfiles.conf $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d/% %ifarch s390 s390x %postun icatok -p /sbin/ldconfig %postun ccatok -p /sbin/ldconfig +%postun ep11tok -p /sbin/ldconfig %endif %pre libs @@ -242,7 +264,6 @@ exit 0 %{_sbindir}/pkcsconf %{_sbindir}/pkcsslotd %{_mandir}/man1/pkcsconf.1* -%{_mandir}/man1/pkcsep11_migrate.1.* %{_mandir}/man5/%{name}.conf.5* %{_mandir}/man7/%{name}.7* %{_mandir}/man8/pkcsslotd.8* @@ -257,9 +278,8 @@ exit 0 %{_sysconfdir}/ld.so.conf.d/* # Unversioned .so symlinks usually belong to -devel packages, but opencryptoki # needs them in the main package, because: -# pkcs11_startup looks for opencryptoki/stdll/*.so, and # documentation suggests that programs should dlopen "PKCS11_API.so". -%dir %{_libdir}/opencryptoki/ +%dir %{_libdir}/opencryptoki %{_libdir}/opencryptoki/libopencryptoki.* %{_libdir}/opencryptoki/PKCS11_API.so %dir %{_libdir}/opencryptoki/stdll @@ -301,14 +321,30 @@ exit 0 %files ccatok %doc doc/README-IBM_CCA_users %doc doc/README.cca_stdll +%{_sbindir}/pkcscca +%{_mandir}/man1/pkcscca.1* %{_libdir}/opencryptoki/stdll/libpkcs11_cca.* %{_libdir}/opencryptoki/stdll/PKCS11_CCA.so %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/ccatok/ %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/ccatok/TOK_OBJ/ + +%files ep11tok +%doc doc/README.ep11_stdll +%config(noreplace) %{_sysconfdir}/%{name}/ep11tok.conf +%{_sbindir}/pkcsep11_migrate +%{_mandir}/man1/pkcsep11_migrate.1.* +%{_libdir}/opencryptoki/stdll/libpkcs11_ep11.* +%{_libdir}/opencryptoki/stdll/PKCS11_EP11.so +%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/ep11tok/ +%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/ep11tok/TOK_OBJ/ %endif %changelog +* Wed Sep 10 2014 Petr Lautrbach 3.2-1 +- new upstream release 3.2 +- add new sub-package opencryptoki-ep11tok on s390x + * Sun Aug 17 2014 Fedora Release Engineering - 3.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild diff --git a/sources b/sources index f8c14f6..2837ce1 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -ab5f2cc8680ddedde5a86a6cd2e1817f opencryptoki-v3.1.tgz +9c3b3ff3d935e09bfa132f2951d4c859 opencryptoki-v3.2.tgz