rpms
/
opencryptoki
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- new upstream release 2.3.2 

- put STDLLs in separate packages to match upstream package design
This commit is contained in:
Dan Horák 2010-09-14 11:49:20 +02:00
parent a92b4a35b9
commit eaf25b8822
8 changed files with 200 additions and 414 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1 +1,2 @@
opencryptoki-2.3.1.tar.gz
/opencryptoki-2.3.2.tar.gz

59
opencryptoki-2.2.8-do-not-create-group-in-pkcs11_startup.patch
View File

@ -1,59 +0,0 @@
The pkcs11 group is created by the RPM scriptlet.
Index: opencryptoki-2.2.8/usr/sbin/pkcs11_startup/pkcs11_startup.in
===================================================================
--- opencryptoki-2.2.8.orig/usr/sbin/pkcs11_startup/pkcs11_startup.in
+++ opencryptoki-2.2.8/usr/sbin/pkcs11_startup/pkcs11_startup.in
@@ -309,29 +309,29 @@ rm -f @CONFIG_PATH@/@CONFIG_FILE@ >/dev/
# it from scratch
-# Create the pkcs11 group if it does not exist...
-cat /etc/group|grep pkcs11 >/dev/null 2>&1
-rc=$?
-if [ $rc = 1 ]
-then
- if [ -x @GROUPADD@ ]
- then
- @GROUPADD@ pkcs11 >/dev/null 2>&1
-
- else
- echo "Couldn't execute @GROUPADD@. Please add the group 'pkcs11' manually."
- fi
-fi
-
-
-if [ -x @USERMOD@ -a -x @ID@ ]
-then
- # add the pkcs group
- # replace spaces by commas
- @USERMOD@ -G $( @ID@ --groups --name root | /bin/sed -e 'y/ /,/'),pkcs11 root
-else
- echo "Couldn't execute @USERMOD@. Please add root to the group 'pkcs11' manually."
-fi
+## Create the pkcs11 group if it does not exist...
+#cat /etc/group|grep pkcs11 >/dev/null 2>&1
+#rc=$?
+#if [ $rc = 1 ]
+#then
+# if [ -x @GROUPADD@ ]
+# then
+# @GROUPADD@ pkcs11 >/dev/null 2>&1
+#
+# else
+# echo "Couldn't execute @GROUPADD@. Please add the group 'pkcs11' manually."
+# fi
+#fi
+#
+#
+#if [ -x @USERMOD@ -a -x @ID@ ]
+#then
+# # add the pkcs group
+# # replace spaces by commas
+# @USERMOD@ -G $( @ID@ --groups --name root | /bin/sed -e 'y/ /,/'),pkcs11 root
+#else
+# echo "Couldn't execute @USERMOD@. Please add root to the group 'pkcs11' manually."
+#fi
# For each card run the status command and if successful

57
opencryptoki-2.3.0-lsb.patch
View File

@ -1,57 +0,0 @@
Index: opencryptoki-2.3.1/misc/pkcsslotd.in
===================================================================
--- opencryptoki-2.3.1.orig/misc/pkcsslotd.in
+++ opencryptoki-2.3.1/misc/pkcsslotd.in
@@ -17,10 +17,11 @@ LOCKFILE=/var/lock/subsys/pkcsslotd
SLOTDBIN=@METHOD_PATH@/pkcsslotd
CONFSTART=@METHOD_PATH@/pkcs11_startup
-[ -f $SLOTDBIN ] || exit 5
-[ -f $CONFSTART ] || exit 5
start() {
+ [ -x $SLOTDBIN ] || exit 5
+ [ -x $CONFSTART ] || exit 5
+
echo -n $"Starting pkcsslotd: "
# Generate the configuration information
@@ -40,8 +41,8 @@ start() {
daemon $SLOTDBIN
fi
- echo
RETVAL=$?
+ echo
[ $RETVAL -eq 0 ] && touch $LOCKFILE
return $RETVAL
}
@@ -49,8 +50,8 @@ start() {
stop() {
echo -n $"Shutting down pkcsslotd:"
killproc pkcsslotd -TERM
- echo
RETVAL=$?
+ echo
[ $RETVAL -eq 0 ] && rm -f $LOCKFILE
return $RETVAL
}
@@ -73,15 +74,15 @@ case "$1" in
status)
status pkcsslotd $SLOTDBIN
;;
- restart|reload)
+ restart|reload|force-reload)
restart
;;
condrestart)
[ -f $LOCKFILE ] && restart || :
;;
*)
- echo $"Usage: $0 {start|stop|status|restart|condrestart}"
- exit 1
+ echo $"Usage: $0 {start|stop|status|restart|condrestart|reload|force-reload}"
+ exit 2
esac
exit $?

194
opencryptoki-2.3.1-bz546274.patch
View File

@ -1,194 +0,0 @@
From d0c56c2b21e381ddb49c1906ad00d77684c4bc9b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
Date: Tue, 18 May 2010 11:32:22 +0200
Subject: [PATCH 1/3] add -h command line option
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The recent code treats -h as unknown options and throws an error.
Signed-off-by: Dan Horák <dan@danny.cz>
---
man/man1/pkcsconf.1.in | 4 +++-
usr/sbin/pkcsconf/pkcsconf.c | 8 ++++++--
usr/sbin/pkcsconf/pkcsconf.msg | 3 ++-
usr/sbin/pkcsconf/pkcsconf_msg.h | 1 +
4 files changed, 12 insertions(+), 4 deletions(-)
diff --git a/man/man1/pkcsconf.1.in b/man/man1/pkcsconf.1.in
index a620882..6f5540a 100644
--- a/man/man1/pkcsconf.1.in
+++ b/man/man1/pkcsconf.1.in
@@ -4,7 +4,7 @@ pkcsconf
.SH SYNOPSIS
\fBpkcsconf\fP
-[\fB-itsmMIupP\fP]
+[\fB-itsmMIupPh\fP]
[\fB-c\fP \fIslotnumber\fP \fB-U\fP \fIuserPIN\fP
\fB-S\fP \fISOPin\fP \fB-n\fP \fInewpin\fP]
@@ -40,6 +40,8 @@ the current Security Officer (SO) pin (for use when changing the SO pin;
.IP "\fB-n\fP \fINEWPIN\fP" 10
the new pin (for use when changing either the user pin or the SO pin; -u, -p
and -P options); if not specified, user will be prompted
+.IP "\fB-h\fP" 10
+show usage information
.SH SEE ALSO
.PD 0
diff --git a/usr/sbin/pkcsconf/pkcsconf.c b/usr/sbin/pkcsconf/pkcsconf.c
index 30a143a..768f1ec 100755
--- a/usr/sbin/pkcsconf/pkcsconf.c
+++ b/usr/sbin/pkcsconf/pkcsconf.c
@@ -375,7 +375,7 @@ main(int argc, char *argv[]){
catd = catopen(MF_PKCSCONF,0);
/* Parse the command line parameters */
- while ((c = getopt (argc, argv, "itsmMIc:S:U:upPn:l")) != (-1)){
+ while ((c = getopt (argc, argv, "itsmMIc:S:U:upPn:lh")) != (-1)){
switch (c){
case 'c': /* a specific card (slot) is specified */
flags |= CFG_SLOT;
@@ -429,6 +429,9 @@ main(int argc, char *argv[]){
case 'l': /* display slot description */
flags |= CFG_LIST_SLOT;
break;
+ case 'h': /* display command line options */
+ usage(argv[0]);
+ break;
default: /* if something else was passed in it is an error */
errflag++;
break;
@@ -1295,7 +1298,7 @@ usage(char *progname){
/* If we get here the user needs help, so give it to them */
printf(PKCSINIT_MSG(USAGE,
- "usage:\t%s [-itsmMIupP] [-c slotnumber -U userPIN -S SOPin -n newpin]\n"),
+ "usage:\t%s [-itsmMIupPh] [-c slotnumber -U userPIN -S SOPin -n newpin]\n"),
progname);
printf(PKCSINIT_MSG(USAGE1, "\t-i display PKCS11 info\n"));
printf(PKCSINIT_MSG(USAGE2, "\t-t display token info\n"));
@@ -1305,6 +1308,7 @@ usage(char *progname){
printf(PKCSINIT_MSG(USAGE7, "\t-u initialize user PIN\n"));
printf(PKCSINIT_MSG(USAGE8, "\t-p set the user PIN\n"));
printf(PKCSINIT_MSG(USAGE9, "\t-P set the SO PIN\n"));
+ printf(PKCSINIT_MSG(USAGE10, "\t-h show this help\n"));
exit(-1);
}
diff --git a/usr/sbin/pkcsconf/pkcsconf.msg b/usr/sbin/pkcsconf/pkcsconf.msg
index 4b5fdf9..bce440b 100755
--- a/usr/sbin/pkcsconf/pkcsconf.msg
+++ b/usr/sbin/pkcsconf/pkcsconf.msg
@@ -373,7 +373,7 @@ LIBERROR "Error initializing the PKCS11 library: 0x%X\n"
SLOTMGRERROR "Error communicating with slot manager: 0x%X\n"
INVALIDCARD "Invalid card: %s\n"
-USAGE "usage:\t%s [-iImMpPstu] [-c slotnumber -U userPIN -S SOPin -n newPIN]\n"
+USAGE "usage:\t%s [-iImMpPstuh] [-c slotnumber -U userPIN -S SOPin -n newPIN]\n"
USAGE1 "\t-i display PKCS11 info\n"
USAGE2 "\t-t display token info\n"
USAGE3 "\t-s display slot info\n"
@@ -383,3 +383,4 @@ USAGE6 "\t-I initialize token\n"
USAGE7 "\t-u initialize user PIN\n"
USAGE8 "\t-p set the user PIN\n"
USAGE9 "\t-P set the SO PIN\n"
+USAGE10 "\t-h show this help\n"
diff --git a/usr/sbin/pkcsconf/pkcsconf_msg.h b/usr/sbin/pkcsconf/pkcsconf_msg.h
index 1ca9c04..f500dbc 100755
--- a/usr/sbin/pkcsconf/pkcsconf_msg.h
+++ b/usr/sbin/pkcsconf/pkcsconf_msg.h
@@ -378,4 +378,5 @@
#define USAGE7 68
#define USAGE8 69
#define USAGE9 70
+#define USAGE10 71
#endif
--
1.6.6.1
From 248606bef048d70f8fe366b846c6296ba6d92720 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
Date: Tue, 18 May 2010 11:32:23 +0200
Subject: [PATCH 2/3] print usage information when no option is given
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When no option is given pkcsconf does nothing and quits silently with a zero
return code. It should output the usage information and return non-zero code.
Signed-off-by: Dan Horák <dan@danny.cz>
---
usr/sbin/pkcsconf/pkcsconf.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/usr/sbin/pkcsconf/pkcsconf.c b/usr/sbin/pkcsconf/pkcsconf.c
index 768f1ec..bb12a90 100755
--- a/usr/sbin/pkcsconf/pkcsconf.c
+++ b/usr/sbin/pkcsconf/pkcsconf.c
@@ -440,6 +440,9 @@ main(int argc, char *argv[]){
if (errflag != 0) /* If there was an error print the usage statement */
usage(argv[0]);
+ if (!flags) /* If there was no options print the usage statement */
+ usage(argv[0]);
+
/* Eliminate the ability to specify -I -p -u -P without a slot number */
if ( (flags & (CFG_INITIALIZE | CFG_INIT_USER | CFG_SET_USER | CFG_SET_SO))
&& !(flags & CFG_SLOT)){
--
1.6.6.1
From 9afec58b81c13ecec417e976721e2a22e8355978 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
Date: Thu, 20 May 2010 14:17:23 +0200
Subject: [PATCH 3/3] don't show the -M option
Recent builds are done with SHM undefined, so displaying the -M option that
depends on SHM, doesn't make sense.
---
usr/sbin/pkcsconf/pkcsconf.c | 4 ++--
usr/sbin/pkcsconf/pkcsconf.msg | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/usr/sbin/pkcsconf/pkcsconf.c b/usr/sbin/pkcsconf/pkcsconf.c
index bb12a90..0cf99d2 100755
--- a/usr/sbin/pkcsconf/pkcsconf.c
+++ b/usr/sbin/pkcsconf/pkcsconf.c
@@ -375,7 +375,7 @@ main(int argc, char *argv[]){
catd = catopen(MF_PKCSCONF,0);
/* Parse the command line parameters */
- while ((c = getopt (argc, argv, "itsmMIc:S:U:upPn:lh")) != (-1)){
+ while ((c = getopt (argc, argv, "itsmIc:S:U:upPn:lh")) != (-1)){
switch (c){
case 'c': /* a specific card (slot) is specified */
flags |= CFG_SLOT;
@@ -1301,7 +1301,7 @@ usage(char *progname){
/* If we get here the user needs help, so give it to them */
printf(PKCSINIT_MSG(USAGE,
- "usage:\t%s [-itsmMIupPh] [-c slotnumber -U userPIN -S SOPin -n newpin]\n"),
+ "usage:\t%s [-itsmIupPh] [-c slotnumber -U userPIN -S SOPin -n newpin]\n"),
progname);
printf(PKCSINIT_MSG(USAGE1, "\t-i display PKCS11 info\n"));
printf(PKCSINIT_MSG(USAGE2, "\t-t display token info\n"));
diff --git a/usr/sbin/pkcsconf/pkcsconf.msg b/usr/sbin/pkcsconf/pkcsconf.msg
index bce440b..0d3ed34 100755
--- a/usr/sbin/pkcsconf/pkcsconf.msg
+++ b/usr/sbin/pkcsconf/pkcsconf.msg
@@ -373,7 +373,7 @@ LIBERROR "Error initializing the PKCS11 library: 0x%X\n"
SLOTMGRERROR "Error communicating with slot manager: 0x%X\n"
INVALIDCARD "Invalid card: %s\n"
-USAGE "usage:\t%s [-iImMpPstuh] [-c slotnumber -U userPIN -S SOPin -n newPIN]\n"
+USAGE "usage:\t%s [-iImpPstuh] [-c slotnumber -U userPIN -S SOPin -n newPIN]\n"
USAGE1 "\t-i display PKCS11 info\n"
USAGE2 "\t-t display token info\n"
USAGE3 "\t-s display slot info\n"
--
1.6.6.1

45
opencryptoki-2.3.1-pidfile.patch
View File

@ -1,45 +0,0 @@
diff -up opencryptoki-2.3.1/misc/pkcsslotd.in.pidfile opencryptoki-2.3.1/misc/pkcsslotd.in
--- opencryptoki-2.3.1/misc/pkcsslotd.in.pidfile 2010-04-26 16:33:00.000000000 +0200
+++ opencryptoki-2.3.1/misc/pkcsslotd.in 2010-04-26 16:33:31.000000000 +0200
@@ -27,19 +27,7 @@ start() {
# Generate the configuration information
$CONFSTART
- ## Start daemon with startproc(8). If this fails
- ## the echo return value is set appropriate.
- if [ ! -f $PIDFILE ]; then
- # pid file does not exist
- daemon --force $SLOTDBIN
- elif ! ps -h --pid `cat $PIDFILE` | grep "$SLOTDBIN" 2>&1 >/dev/null; then
- # pid file exists but named pid not
- rm -f $PIDFILE
- daemon --force $SLOTDBIN
- else
- # just to have "failed" message
- daemon $SLOTDBIN
- fi
+ daemon $SLOTDBIN
RETVAL=$?
echo
@@ -49,7 +37,7 @@ start() {
stop() {
echo -n $"Shutting down pkcsslotd:"
- killproc pkcsslotd -TERM
+ killproc pkcsslotd
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f $LOCKFILE
diff -up opencryptoki-2.3.1/usr/include/pkcs11/slotmgr.h.pidfile opencryptoki-2.3.1/usr/include/pkcs11/slotmgr.h
--- opencryptoki-2.3.1/usr/include/pkcs11/slotmgr.h.pidfile 2010-04-26 16:32:42.000000000 +0200
+++ opencryptoki-2.3.1/usr/include/pkcs11/slotmgr.h 2010-04-26 16:32:46.000000000 +0200
@@ -325,7 +325,7 @@
#endif
-#define PID_FILE_PATH CONFIG_PATH "/.slotpid"
+#define PID_FILE_PATH "/var/run/pkcsslotd.pid"
#ifndef CK_BOOL
#define CK_BOOL CK_BBOOL

35
opencryptoki-2.3.2-do-not-create-group-in-pkcs11_startup.patch Normal file
View File

@ -0,0 +1,35 @@
diff -up opencryptoki-2.3.2/usr/sbin/pkcs11_startup/pkcs11_startup.in.orig opencryptoki-2.3.2/usr/sbin/pkcs11_startup/pkcs11_startup.in
--- opencryptoki-2.3.2/usr/sbin/pkcs11_startup/pkcs11_startup.in.orig 2010-08-24 17:13:46.000000000 +0200
+++ opencryptoki-2.3.2/usr/sbin/pkcs11_startup/pkcs11_startup.in 2010-08-24 17:14:03.000000000 +0200
@@ -309,31 +309,6 @@ rm -f @localstatedir@/lib/opencryptoki/p
# it from scratch
-# Create the pkcs11 group if it does not exist...
-cat /etc/group|grep pkcs11 >/dev/null 2>&1
-rc=$?
-if [ $rc = 1 ]
-then
- if [ -x @GROUPADD@ ]
- then
- @GROUPADD@ pkcs11 >/dev/null 2>&1
-
- else
- echo "Couldn't execute @GROUPADD@. Please add the group 'pkcs11' manually."
- fi
-fi
-
-
-if [ -x @USERMOD@ -a -x @ID@ ]
-then
- # add the pkcs group
- # replace spaces by commas
- @USERMOD@ -G $( @ID@ --groups --name root | @SED@ -e 'y/ /,/'),pkcs11 root
-else
- echo "Couldn't execute @USERMOD@. Please add root to the group 'pkcs11' manually."
-fi
-
-
# For each card run the status command and if successful
# create the odm stanza for the file

221
opencryptoki.spec
View File

@ -1,22 +1,13 @@
Name: opencryptoki
Summary: Implementation of the PKCS#11 (Cryptoki) specification v2.11
Version: 2.3.1
Release: 7%{?dist}
Version: 2.3.2
Release: 1%{?dist}
License: CPL
Group: System Environment/Base
URL: http://sourceforge.net/projects/opencryptoki
Source: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
Patch0: %{name}-2.2.8-do-not-create-group-in-pkcs11_startup.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=522149
# https://sourceforge.net/tracker/?func=detail&aid=2992772&group_id=128009&atid=710344
Patch1: %{name}-2.3.0-lsb.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=547324
# https://sourceforge.net/tracker/?func=detail&aid=2992760&group_id=128009&atid=710344
Patch2: %{name}-2.3.1-pidfile.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=546274
# https://sourceforge.net/mailarchive/forum.php?thread_name=1274175144-26515-1-git-send-email-dan%40danny.cz&forum_name=opencryptoki-tech
# https://sourceforge.net/mailarchive/forum.php?thread_name=1274175144-26515-2-git-send-email-dan%40danny.cz&forum_name=opencryptoki-tech
Patch3: %{name}-2.3.1-bz546274.patch
# the pkcs11 group is created and populated in scriptlet
Patch0: %{name}-2.3.2-do-not-create-group-in-pkcs11_startup.patch
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
Requires(pre): shadow-utils coreutils sed
Requires(post): chkconfig
@ -24,7 +15,8 @@ Requires(preun): chkconfig
# This is for /sbin/service
Requires(preun): initscripts
Requires(postun): initscripts
BuildRequires: openssl-devel trousers-devel
BuildRequires: openssl-devel
BuildRequires: trousers-devel
BuildRequires: autoconf automake libtool
%ifarch s390 s390x
BuildRequires: libica-devel >= 2.0
@ -32,17 +24,28 @@ BuildRequires: libica-devel >= 2.0
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%description
openCryptoki implements the PKCS#11 specification v2.11. It includes support
for cryptographic hardware such as the IBM 4758 Cryptographic CoProcessor,
the IBM eServer Cryptographic Accelerator (FC 4960 on pSeries) or the Trusted
Platform Module (TPM) as well as a software token for testing.
Opencryptoki implements the PKCS#11 specification v2.11 for a set of
cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the
Trusted Platform Module (TPM) chip. Opencryptoki also brings a software
token implementation that can be used without any cryptographic
hardware.
This package contains the Slot Daemon (pkcsslotd) and general utilities.
%package libs
Group: System Environment/Libraries
Summary: The runtime libraries for opencryptoki package
Summary: The run-time libraries for opencryptoki package
%description libs
The runtime libraries for use with openCryptoki based applications.
Opencryptoki implements the PKCS#11 specification v2.11 for a set of
cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the
Trusted Platform Module (TPM) chip. Opencryptoki also brings a software
token implementation that can be used without any cryptographic
hardware.
This package contains the PKCS#11 library implementation, and requires
at least one token implementation (packaged separately) to be fully
functional.
%package devel
Group: Development/Libraries
@ -50,55 +53,129 @@ Summary: Development files for openCryptoki
Requires: %{name}-libs = %{version}-%{release}
%description devel
This package contains the development header files for building openCryptoki
based applications.
This package contains the development header files for building
opencryptoki and PKCS#11 based applications
%package swtok
Group: System Environment/Libraries
Summary: The software token implementation for opencryptoki
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%description swtok
Opencryptoki implements the PKCS#11 specification v2.11 for a set of
cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the
Trusted Platform Module (TPM) chip. Opencryptoki also brings a software
token implementation that can be used without any cryptographic
hardware.
This package brings the software token implementation to use opencryptoki
without any specific cryptographic hardware.
%package tpmtok
Group: System Environment/Libraries
Summary: Trusted Platform Module (TPM) device support for opencryptoki
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%description tpmtok
Opencryptoki implements the PKCS#11 specification v2.11 for a set of
cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the
Trusted Platform Module (TPM) chip. Opencryptoki also brings a software
token implementation that can be used without any cryptographic
hardware.
This package brings the necessary libraries and files to support
Trusted Platform Module (TPM) devices in the opencryptoki stack.
%ifarch s390 s390x
%package icatok
Group: System Environment/Libraries
Summary: ICA cryptographic devices (clear-key) support for opencryptoki
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%description icatok
Opencryptoki implements the PKCS#11 specification v2.11 for a set of
cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the
Trusted Platform Module (TPM) chip. Opencryptoki also brings a software
token implementation that can be used without any cryptographic
hardware.
This package brings the necessary libraries and files to support ICA
devices in the opencryptoki stack. ICA is an interface to IBM
cryptographic hardware such as IBM 4764 or 4765 that uses the
"accelerator" or "clear-key" path.
%package ccatok
Group: System Environment/Libraries
Summary: CCA cryptographic devices (secure-key) support for opencryptoki
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%description ccatok
Opencryptoki implements the PKCS#11 specification v2.11 for a set of
cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the
Trusted Platform Module (TPM) chip. Opencryptoki also brings a software
token implementation that can be used without any cryptographic
hardware.
This package brings the necessary libraries and files to support CCA
devices in the opencryptoki stack. CCA is an interface to IBM
cryptographic hardware such as IBM 4764 or 4765 that uses the
"co-processor" or "secure-key" path.
%endif
%prep
%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%build
# Upstream tarball has unnecessary executable perms set on the sources
find . -name '*.[ch]' -print0 | xargs -0 chmod -x
%build
./bootstrap.sh
%configure \
%ifarch s390 s390x
--enable-ccatok \
--enable-icatok --enable-ccatok
%else
--disable-icatok --disable-ccatok
%endif
--enable-tpmtok
make %{?_smp_mflags}
%install
rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/usr/include/opencryptoki
cp -a usr/include/pkcs11/{apiclient.h,pkcs11.h,pkcs11types.h} $RPM_BUILD_ROOT/usr/include/opencryptoki
# Move the initscript to its proper place
mkdir -p $RPM_BUILD_ROOT%{_initddir}
mv $RPM_BUILD_ROOT%{_sysconfdir}/init.d/pkcsslotd $RPM_BUILD_ROOT%{_initddir}/pkcsslotd
mkdir -p $RPM_BUILD_ROOT/%{_sharedstatedir}/%{name}
# Remove unwanted cruft
rm -rf doc/CVS
rm -f $RPM_BUILD_ROOT/%{_libdir}/%{name}/*.la
rm -f $RPM_BUILD_ROOT/%{_libdir}/%{name}/stdll/*.la
rm -rf $RPM_BUILD_ROOT/%{_datadir}/%{name}
%clean
rm -rf $RPM_BUILD_ROOT
%postun libs -p /sbin/ldconfig
%post libs -p /sbin/ldconfig
%post swtok -p /sbin/ldconfig
%post tpmtok -p /sbin/ldconfig
%ifarch s390 s390x
%post icatok -p /sbin/ldconfig
%post ccatok -p /sbin/ldconfig
%endif
%postun libs -p /sbin/ldconfig
%postun swtok -p /sbin/ldconfig
%postun tpmtok -p /sbin/ldconfig
%ifarch s390 s390x
%postun icatok -p /sbin/ldconfig
%postun ccatok -p /sbin/ldconfig
%endif
%post
/sbin/chkconfig --add pkcsslotd
exit 0
%postun
if [ "$1" -ge "1" ] ; then
@ -106,8 +183,11 @@ if [ "$1" -ge "1" ] ; then
fi
exit 0
%post
/sbin/chkconfig --add pkcsslotd
%pre
# Create pkcs11 group
getent group pkcs11 >/dev/null || groupadd -r pkcs11
# Add root to the pkcs11 group
gpasswd -a root pkcs11
exit 0
%preun
@ -117,27 +197,17 @@ if [ "$1" = "0" ] ; then
fi
exit 0
%pre
getent group pkcs11 >/dev/null || groupadd -r pkcs11
# Add root to the pkcs11 group
/usr/sbin/usermod -G $(/usr/bin/id --groups --name root | /bin/sed -e '
# add the pkcs group if it is missing
/(^| )pkcs11( |$)/!s/$/ pkcs11/
# replace spaces by commas
y/ /,/
'),pkcs11 root
exit 0
%files
%defattr(-,root,root,-)
%doc FAQ README doc/*
%doc ChangeLog FAQ README
%doc doc/openCryptoki-HOWTO.pdf
%{_initddir}/pkcsslotd
%{_sbindir}/*
%{_mandir}/man*/*
%{_libdir}/opencryptoki/methods
%{_libdir}/pkcs11/methods
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}
%ifarch s390 s390x
%doc usr/lib/pkcs11/cca_stdll/README-IBM_CCA_users
%endif
%files libs
%defattr(-,root,root,-)
@ -147,15 +217,50 @@ exit 0
# needs them in the main package, because:
# pkcs11_startup looks for opencryptoki/stdll/*.so, and
# documentation suggests that programs should dlopen "PKCS11_API.so".
%{_libdir}/opencryptoki
%{_libdir}/pkcs11
%dir %{_libdir}/opencryptoki
%{_libdir}/opencryptoki/libopencryptoki.*
%{_libdir}/opencryptoki/PKCS11_API.so
%dir %{_libdir}/opencryptoki/stdll
%dir %{_libdir}/pkcs11
%{_libdir}/pkcs11/libopencryptoki.so
%{_libdir}/pkcs11/PKCS11_API.so
%{_libdir}/pkcs11/stdll
%files devel
%defattr(-,root,root,-)
%{_includedir}/*
%files swtok
%defattr(-,root,root,-)
%{_libdir}/opencryptoki/stdll/libpkcs11_sw.*
%{_libdir}/opencryptoki/stdll/PKCS11_SW.so
%files tpmtok
%defattr(-,root,root,-)
%doc doc/README.tpm_stdll
%{_libdir}/opencryptoki/stdll/libpkcs11_tpm.*
%{_libdir}/opencryptoki/stdll/PKCS11_TPM.so
%ifarch s390 s390x
%files icatok
%defattr(-,root,root,-)
%{_libdir}/opencryptoki/stdll/libpkcs11_ica.*
%{_libdir}/opencryptoki/stdll/PKCS11_ICA.so
%files ccatok
%defattr(-,root,root,-)
%doc doc/README-IBM_CCA_users
%doc doc/README.cca_stdll
%{_libdir}/opencryptoki/stdll/libpkcs11_cca.*
%{_libdir}/opencryptoki/stdll/PKCS11_CCA.so
%endif
%changelog
* Tue Sep 14 2010 Dan Horák <dan[at]danny.cz> 2.3.2-1
- new upstream release 2.3.2
- put STDLLs in separate packages to match upstream package design
* Thu Jul 08 2010 Michal Schmidt <mschmidt@redhat.com> 2.3.1-7
- Move the LICENSE file to the -libs subpackage.

2
sources
View File

@ -1 +1 @@
1b4690b52210574fcee69adbcb0f40fb opencryptoki-2.3.1.tar.gz
f815df754b5eccb7438ca379485db01a opencryptoki-2.3.2.tar.gz