From bd916012f9744580fa278cf01d8f77fb1e670c5c Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Wed, 10 Sep 2014 16:08:11 +0200
Subject: [PATCH] - new upstream release 3.2

---
 .gitignore                                  |  1 +
 opencryptoki-3.2-conditional-manpages.patch | 18 +++++++
 opencryptoki.spec                           | 56 +++++++++++++++++----
 sources                                     |  2 +-
 4 files changed, 66 insertions(+), 11 deletions(-)
 create mode 100644 opencryptoki-3.2-conditional-manpages.patch

diff --git a/.gitignore b/.gitignore
index 903742e..a6d1ebb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,3 +8,4 @@ opencryptoki-2.3.1.tar.gz
 /opencryptoki-2.4.3.1-tar.gz
 /opencryptoki-v3.0.tar.gz
 /opencryptoki-v3.1.tgz
+/opencryptoki-v3.2.tgz
diff --git a/opencryptoki-3.2-conditional-manpages.patch b/opencryptoki-3.2-conditional-manpages.patch
new file mode 100644
index 0000000..0e15fdc
--- /dev/null
+++ b/opencryptoki-3.2-conditional-manpages.patch
@@ -0,0 +1,18 @@
+diff --git a/man/man1/Makefile.am b/man/man1/Makefile.am
+index f2274d7..d98ae8c 100644
+--- a/man/man1/Makefile.am
++++ b/man/man1/Makefile.am
+@@ -1,3 +1,12 @@
+-man1_MANS=pkcsconf.1 pkcsicsf.1 pkcsep11_migrate.1 pkcscca.1
++man1_MANS=pkcsconf.1 pkcsicsf.1
++
++if ENABLE_PKCSEP11_MIGRATE
++man1_MANS += pkcsep11_migrate.1
++endif
++
++if ENABLE_CCATOK
++man1_MANS += pkcscca.1
++endif
++
+ EXTRA_DIST = $(man1_MANS)
+ CLEANFILES = $(man1_MANS)
diff --git a/opencryptoki.spec b/opencryptoki.spec
index 96e3966..7b50ade 100644
--- a/opencryptoki.spec
+++ b/opencryptoki.spec
@@ -2,8 +2,8 @@
 
 Name:			opencryptoki
 Summary:		Implementation of the PKCS#11 (Cryptoki) specification v2.11
-Version:		3.1
-Release:		2%{?dist}
+Version:		3.2
+Release:		1%{?dist}
 License:		CPL
 Group:			System Environment/Base
 URL:			http://sourceforge.net/projects/opencryptoki
@@ -11,6 +11,8 @@ Source0:		http://downloads.sourceforge.net/%{name}/%{name}-v%{version}.tgz
 Source1:		%{name}-tmpfiles.conf
 # https://bugzilla.redhat.com/show_bug.cgi?id=732756
 Patch0:			%{name}-2.4-group.patch
+# do not install pkcsep11_migrate.1 and pkcscca.1 when it's not enabled
+Patch1:			%{name}-3.2-conditional-manpages.patch
 Requires(pre):		shadow-utils coreutils sed
 BuildRequires:		openssl-devel
 BuildRequires:		trousers-devel
@@ -19,7 +21,7 @@ BuildRequires:		autoconf automake libtool
 BuildRequires:		bison flex
 BuildRequires:		systemd
 %ifarch s390 s390x
-BuildRequires:		libica-devel >= 2.0
+BuildRequires:		libica-devel >= 2.3
 %endif
 Requires(pre):		%{name}-libs%{?_isa} = %{version}-%{release}
 Requires:		%{name}-libs%{?_isa} = %{version}-%{release}
@@ -41,7 +43,6 @@ This package contains the Slot Daemon (pkcsslotd) and general utilities.
 %package libs
 Group:			System Environment/Libraries
 Summary:		The run-time libraries for opencryptoki package
-Requires:		%{name}%{?_isa} = %{version}-%{release}
 
 %description libs
 Opencryptoki implements the PKCS#11 specification v2.11 for a set of
@@ -151,12 +152,31 @@ This package brings the necessary libraries and files to support CCA
 devices in the opencryptoki stack. CCA is an interface to IBM
 cryptographic hardware such as IBM 4764 or 4765 that uses the
 "co-processor" or "secure-key" path.
+
+%package ep11tok
+Group:			System Environment/Libraries
+Summary:		CCA cryptographic devices (secure-key) support for opencryptoki
+Requires(pre):		%{name}-libs%{?_isa} = %{version}-%{release}
+Requires:		%{name}-libs%{?_isa} = %{version}-%{release}
+Provides:		%{name}(token)
+
+%description ep11tok
+Opencryptoki implements the PKCS#11 specification v2.11 for a set of
+cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the
+Trusted Platform Module (TPM) chip. Opencryptoki also brings a software
+token implementation that can be used without any cryptographic
+hardware.
+This package brings the necessary libraries and files to support EP11
+tokens in the opencryptoki stack. The EP11 token is a token that uses
+the IBM Crypto Express adapters (starting with Crypto Express 4S adapters)
+configured with Enterprise PKCS#11 (EP11) firmware.
 %endif
 
 
 %prep
 %setup -q -n %{name}
 %patch0 -p1 -b .group
+%patch1 -p1 -b .man
 
 # Upstream tarball has unnecessary executable perms set on the sources
 find . -name '*.[ch]' -print0 | xargs -0 chmod -x
@@ -164,7 +184,7 @@ find . -name '*.[ch]' -print0 | xargs -0 chmod -x
 # append token specific subdirs to tmpfiles.d config
 token_subdirs="icsf swtok tpm"
 %ifarch s390 s390x
-token_subdirs="$token_subdirs lite ccatok"
+token_subdirs="$token_subdirs lite ccatok ep11tok"
 %endif
 
 cp -p %{SOURCE1} %{name}-tmpfiles.conf
@@ -179,9 +199,9 @@ done
 
 %configure --with-systemd=%{_unitdir}	\
 %ifarch s390 s390x
-    --enable-icatok --enable-ccatok
+    --enable-icatok --enable-ccatok --enable-ep11tok --enable-pkcsep11_migrate
 %else
-    --disable-icatok --disable-ccatok
+    --disable-icatok --disable-ccatok --disable-ep11tok --disable-pkcsep11_migrate --disable-pkcscca_migrate
 %endif
 
 make %{?_smp_mflags} CHGRP=/bin/true
@@ -206,6 +226,7 @@ install -m 0644 %{name}-tmpfiles.conf $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d/%
 %ifarch s390 s390x
 %post icatok -p /sbin/ldconfig
 %post ccatok -p /sbin/ldconfig
+%post ep11tok -p /sbin/ldconfig
 %endif
 
 %postun libs -p /sbin/ldconfig
@@ -215,6 +236,7 @@ install -m 0644 %{name}-tmpfiles.conf $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d/%
 %ifarch s390 s390x
 %postun icatok -p /sbin/ldconfig
 %postun ccatok -p /sbin/ldconfig
+%postun ep11tok -p /sbin/ldconfig
 %endif
 
 %pre libs
@@ -242,7 +264,6 @@ exit 0
 %{_sbindir}/pkcsconf
 %{_sbindir}/pkcsslotd
 %{_mandir}/man1/pkcsconf.1*
-%{_mandir}/man1/pkcsep11_migrate.1.*
 %{_mandir}/man5/%{name}.conf.5*
 %{_mandir}/man7/%{name}.7*
 %{_mandir}/man8/pkcsslotd.8*
@@ -257,9 +278,8 @@ exit 0
 %{_sysconfdir}/ld.so.conf.d/*
 # Unversioned .so symlinks usually belong to -devel packages, but opencryptoki
 # needs them in the main package, because:
-#   pkcs11_startup looks for opencryptoki/stdll/*.so, and
 #   documentation suggests that programs should dlopen "PKCS11_API.so".
-%dir %{_libdir}/opencryptoki/
+%dir %{_libdir}/opencryptoki
 %{_libdir}/opencryptoki/libopencryptoki.*
 %{_libdir}/opencryptoki/PKCS11_API.so
 %dir %{_libdir}/opencryptoki/stdll
@@ -301,14 +321,30 @@ exit 0
 %files ccatok
 %doc doc/README-IBM_CCA_users
 %doc doc/README.cca_stdll
+%{_sbindir}/pkcscca
+%{_mandir}/man1/pkcscca.1*
 %{_libdir}/opencryptoki/stdll/libpkcs11_cca.*
 %{_libdir}/opencryptoki/stdll/PKCS11_CCA.so
 %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/ccatok/
 %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/ccatok/TOK_OBJ/
+
+%files ep11tok
+%doc doc/README.ep11_stdll
+%config(noreplace) %{_sysconfdir}/%{name}/ep11tok.conf
+%{_sbindir}/pkcsep11_migrate
+%{_mandir}/man1/pkcsep11_migrate.1.*
+%{_libdir}/opencryptoki/stdll/libpkcs11_ep11.*
+%{_libdir}/opencryptoki/stdll/PKCS11_EP11.so
+%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/ep11tok/
+%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/ep11tok/TOK_OBJ/
 %endif
 
 
 %changelog
+* Wed Sep 10 2014 Petr Lautrbach <plautrba@redhat.com> 3.2-1
+- new upstream release 3.2
+- add new sub-package opencryptoki-ep11tok on s390x
+
 * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.1-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
 
diff --git a/sources b/sources
index f8c14f6..2837ce1 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-ab5f2cc8680ddedde5a86a6cd2e1817f  opencryptoki-v3.1.tgz
+9c3b3ff3d935e09bfa132f2951d4c859  opencryptoki-v3.2.tgz