From eaf25b8822c85f1382a6c1296407ffc737949137 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dan=20Hor=C3=A1k?= Date: Tue, 14 Sep 2010 11:49:20 +0200 Subject: [PATCH] - new upstream release 2.3.2 - put STDLLs in separate packages to match upstream package design --- .gitignore | 1 + ...o-not-create-group-in-pkcs11_startup.patch | 59 ----- opencryptoki-2.3.0-lsb.patch | 57 ----- opencryptoki-2.3.1-bz546274.patch | 194 --------------- opencryptoki-2.3.1-pidfile.patch | 45 ---- ...o-not-create-group-in-pkcs11_startup.patch | 35 +++ opencryptoki.spec | 221 +++++++++++++----- sources | 2 +- 8 files changed, 200 insertions(+), 414 deletions(-) delete mode 100644 opencryptoki-2.2.8-do-not-create-group-in-pkcs11_startup.patch delete mode 100644 opencryptoki-2.3.0-lsb.patch delete mode 100644 opencryptoki-2.3.1-bz546274.patch delete mode 100644 opencryptoki-2.3.1-pidfile.patch create mode 100644 opencryptoki-2.3.2-do-not-create-group-in-pkcs11_startup.patch diff --git a/.gitignore b/.gitignore index 35b8aeb..e21aa43 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ opencryptoki-2.3.1.tar.gz +/opencryptoki-2.3.2.tar.gz diff --git a/opencryptoki-2.2.8-do-not-create-group-in-pkcs11_startup.patch b/opencryptoki-2.2.8-do-not-create-group-in-pkcs11_startup.patch deleted file mode 100644 index 3e758d3..0000000 --- a/opencryptoki-2.2.8-do-not-create-group-in-pkcs11_startup.patch +++ /dev/null @@ -1,59 +0,0 @@ -The pkcs11 group is created by the RPM scriptlet. - -Index: opencryptoki-2.2.8/usr/sbin/pkcs11_startup/pkcs11_startup.in -=================================================================== ---- opencryptoki-2.2.8.orig/usr/sbin/pkcs11_startup/pkcs11_startup.in -+++ opencryptoki-2.2.8/usr/sbin/pkcs11_startup/pkcs11_startup.in -@@ -309,29 +309,29 @@ rm -f @CONFIG_PATH@/@CONFIG_FILE@ >/dev/ - # it from scratch - - --# Create the pkcs11 group if it does not exist... --cat /etc/group|grep pkcs11 >/dev/null 2>&1 --rc=$? --if [ $rc = 1 ] --then -- if [ -x @GROUPADD@ ] -- then -- @GROUPADD@ pkcs11 >/dev/null 2>&1 -- -- else -- echo "Couldn't execute @GROUPADD@. Please add the group 'pkcs11' manually." -- fi --fi -- -- --if [ -x @USERMOD@ -a -x @ID@ ] --then -- # add the pkcs group -- # replace spaces by commas -- @USERMOD@ -G $( @ID@ --groups --name root | /bin/sed -e 'y/ /,/'),pkcs11 root --else -- echo "Couldn't execute @USERMOD@. Please add root to the group 'pkcs11' manually." --fi -+## Create the pkcs11 group if it does not exist... -+#cat /etc/group|grep pkcs11 >/dev/null 2>&1 -+#rc=$? -+#if [ $rc = 1 ] -+#then -+# if [ -x @GROUPADD@ ] -+# then -+# @GROUPADD@ pkcs11 >/dev/null 2>&1 -+# -+# else -+# echo "Couldn't execute @GROUPADD@. Please add the group 'pkcs11' manually." -+# fi -+#fi -+# -+# -+#if [ -x @USERMOD@ -a -x @ID@ ] -+#then -+# # add the pkcs group -+# # replace spaces by commas -+# @USERMOD@ -G $( @ID@ --groups --name root | /bin/sed -e 'y/ /,/'),pkcs11 root -+#else -+# echo "Couldn't execute @USERMOD@. Please add root to the group 'pkcs11' manually." -+#fi - - - # For each card run the status command and if successful diff --git a/opencryptoki-2.3.0-lsb.patch b/opencryptoki-2.3.0-lsb.patch deleted file mode 100644 index 6107770..0000000 --- a/opencryptoki-2.3.0-lsb.patch +++ /dev/null @@ -1,57 +0,0 @@ -Index: opencryptoki-2.3.1/misc/pkcsslotd.in -=================================================================== ---- opencryptoki-2.3.1.orig/misc/pkcsslotd.in -+++ opencryptoki-2.3.1/misc/pkcsslotd.in -@@ -17,10 +17,11 @@ LOCKFILE=/var/lock/subsys/pkcsslotd - SLOTDBIN=@METHOD_PATH@/pkcsslotd - CONFSTART=@METHOD_PATH@/pkcs11_startup - --[ -f $SLOTDBIN ] || exit 5 --[ -f $CONFSTART ] || exit 5 - - start() { -+ [ -x $SLOTDBIN ] || exit 5 -+ [ -x $CONFSTART ] || exit 5 -+ - echo -n $"Starting pkcsslotd: " - - # Generate the configuration information -@@ -40,8 +41,8 @@ start() { - daemon $SLOTDBIN - fi - -- echo - RETVAL=$? -+ echo - [ $RETVAL -eq 0 ] && touch $LOCKFILE - return $RETVAL - } -@@ -49,8 +50,8 @@ start() { - stop() { - echo -n $"Shutting down pkcsslotd:" - killproc pkcsslotd -TERM -- echo - RETVAL=$? -+ echo - [ $RETVAL -eq 0 ] && rm -f $LOCKFILE - return $RETVAL - } -@@ -73,15 +74,15 @@ case "$1" in - status) - status pkcsslotd $SLOTDBIN - ;; -- restart|reload) -+ restart|reload|force-reload) - restart - ;; - condrestart) - [ -f $LOCKFILE ] && restart || : - ;; - *) -- echo $"Usage: $0 {start|stop|status|restart|condrestart}" -- exit 1 -+ echo $"Usage: $0 {start|stop|status|restart|condrestart|reload|force-reload}" -+ exit 2 - esac - - exit $? diff --git a/opencryptoki-2.3.1-bz546274.patch b/opencryptoki-2.3.1-bz546274.patch deleted file mode 100644 index da09912..0000000 --- a/opencryptoki-2.3.1-bz546274.patch +++ /dev/null @@ -1,194 +0,0 @@ -From d0c56c2b21e381ddb49c1906ad00d77684c4bc9b Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Dan=20Hor=C3=A1k?= -Date: Tue, 18 May 2010 11:32:22 +0200 -Subject: [PATCH 1/3] add -h command line option -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The recent code treats -h as unknown options and throws an error. - -Signed-off-by: Dan Horák ---- - man/man1/pkcsconf.1.in | 4 +++- - usr/sbin/pkcsconf/pkcsconf.c | 8 ++++++-- - usr/sbin/pkcsconf/pkcsconf.msg | 3 ++- - usr/sbin/pkcsconf/pkcsconf_msg.h | 1 + - 4 files changed, 12 insertions(+), 4 deletions(-) - -diff --git a/man/man1/pkcsconf.1.in b/man/man1/pkcsconf.1.in -index a620882..6f5540a 100644 ---- a/man/man1/pkcsconf.1.in -+++ b/man/man1/pkcsconf.1.in -@@ -4,7 +4,7 @@ pkcsconf - - .SH SYNOPSIS - \fBpkcsconf\fP --[\fB-itsmMIupP\fP] -+[\fB-itsmMIupPh\fP] - [\fB-c\fP \fIslotnumber\fP \fB-U\fP \fIuserPIN\fP - \fB-S\fP \fISOPin\fP \fB-n\fP \fInewpin\fP] - -@@ -40,6 +40,8 @@ the current Security Officer (SO) pin (for use when changing the SO pin; - .IP "\fB-n\fP \fINEWPIN\fP" 10 - the new pin (for use when changing either the user pin or the SO pin; -u, -p - and -P options); if not specified, user will be prompted -+.IP "\fB-h\fP" 10 -+show usage information - - .SH SEE ALSO - .PD 0 -diff --git a/usr/sbin/pkcsconf/pkcsconf.c b/usr/sbin/pkcsconf/pkcsconf.c -index 30a143a..768f1ec 100755 ---- a/usr/sbin/pkcsconf/pkcsconf.c -+++ b/usr/sbin/pkcsconf/pkcsconf.c -@@ -375,7 +375,7 @@ main(int argc, char *argv[]){ - catd = catopen(MF_PKCSCONF,0); - - /* Parse the command line parameters */ -- while ((c = getopt (argc, argv, "itsmMIc:S:U:upPn:l")) != (-1)){ -+ while ((c = getopt (argc, argv, "itsmMIc:S:U:upPn:lh")) != (-1)){ - switch (c){ - case 'c': /* a specific card (slot) is specified */ - flags |= CFG_SLOT; -@@ -429,6 +429,9 @@ main(int argc, char *argv[]){ - case 'l': /* display slot description */ - flags |= CFG_LIST_SLOT; - break; -+ case 'h': /* display command line options */ -+ usage(argv[0]); -+ break; - default: /* if something else was passed in it is an error */ - errflag++; - break; -@@ -1295,7 +1298,7 @@ usage(char *progname){ - - /* If we get here the user needs help, so give it to them */ - printf(PKCSINIT_MSG(USAGE, -- "usage:\t%s [-itsmMIupP] [-c slotnumber -U userPIN -S SOPin -n newpin]\n"), -+ "usage:\t%s [-itsmMIupPh] [-c slotnumber -U userPIN -S SOPin -n newpin]\n"), - progname); - printf(PKCSINIT_MSG(USAGE1, "\t-i display PKCS11 info\n")); - printf(PKCSINIT_MSG(USAGE2, "\t-t display token info\n")); -@@ -1305,6 +1308,7 @@ usage(char *progname){ - printf(PKCSINIT_MSG(USAGE7, "\t-u initialize user PIN\n")); - printf(PKCSINIT_MSG(USAGE8, "\t-p set the user PIN\n")); - printf(PKCSINIT_MSG(USAGE9, "\t-P set the SO PIN\n")); -+ printf(PKCSINIT_MSG(USAGE10, "\t-h show this help\n")); - - exit(-1); - } -diff --git a/usr/sbin/pkcsconf/pkcsconf.msg b/usr/sbin/pkcsconf/pkcsconf.msg -index 4b5fdf9..bce440b 100755 ---- a/usr/sbin/pkcsconf/pkcsconf.msg -+++ b/usr/sbin/pkcsconf/pkcsconf.msg -@@ -373,7 +373,7 @@ LIBERROR "Error initializing the PKCS11 library: 0x%X\n" - SLOTMGRERROR "Error communicating with slot manager: 0x%X\n" - INVALIDCARD "Invalid card: %s\n" - --USAGE "usage:\t%s [-iImMpPstu] [-c slotnumber -U userPIN -S SOPin -n newPIN]\n" -+USAGE "usage:\t%s [-iImMpPstuh] [-c slotnumber -U userPIN -S SOPin -n newPIN]\n" - USAGE1 "\t-i display PKCS11 info\n" - USAGE2 "\t-t display token info\n" - USAGE3 "\t-s display slot info\n" -@@ -383,3 +383,4 @@ USAGE6 "\t-I initialize token\n" - USAGE7 "\t-u initialize user PIN\n" - USAGE8 "\t-p set the user PIN\n" - USAGE9 "\t-P set the SO PIN\n" -+USAGE10 "\t-h show this help\n" -diff --git a/usr/sbin/pkcsconf/pkcsconf_msg.h b/usr/sbin/pkcsconf/pkcsconf_msg.h -index 1ca9c04..f500dbc 100755 ---- a/usr/sbin/pkcsconf/pkcsconf_msg.h -+++ b/usr/sbin/pkcsconf/pkcsconf_msg.h -@@ -378,4 +378,5 @@ - #define USAGE7 68 - #define USAGE8 69 - #define USAGE9 70 -+#define USAGE10 71 - #endif --- -1.6.6.1 - -From 248606bef048d70f8fe366b846c6296ba6d92720 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Dan=20Hor=C3=A1k?= -Date: Tue, 18 May 2010 11:32:23 +0200 -Subject: [PATCH 2/3] print usage information when no option is given -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -When no option is given pkcsconf does nothing and quits silently with a zero -return code. It should output the usage information and return non-zero code. - -Signed-off-by: Dan Horák ---- - usr/sbin/pkcsconf/pkcsconf.c | 3 +++ - 1 files changed, 3 insertions(+), 0 deletions(-) - -diff --git a/usr/sbin/pkcsconf/pkcsconf.c b/usr/sbin/pkcsconf/pkcsconf.c -index 768f1ec..bb12a90 100755 ---- a/usr/sbin/pkcsconf/pkcsconf.c -+++ b/usr/sbin/pkcsconf/pkcsconf.c -@@ -440,6 +440,9 @@ main(int argc, char *argv[]){ - if (errflag != 0) /* If there was an error print the usage statement */ - usage(argv[0]); - -+ if (!flags) /* If there was no options print the usage statement */ -+ usage(argv[0]); -+ - /* Eliminate the ability to specify -I -p -u -P without a slot number */ - if ( (flags & (CFG_INITIALIZE | CFG_INIT_USER | CFG_SET_USER | CFG_SET_SO)) - && !(flags & CFG_SLOT)){ --- -1.6.6.1 - -From 9afec58b81c13ecec417e976721e2a22e8355978 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Dan=20Hor=C3=A1k?= -Date: Thu, 20 May 2010 14:17:23 +0200 -Subject: [PATCH 3/3] don't show the -M option - -Recent builds are done with SHM undefined, so displaying the -M option that -depends on SHM, doesn't make sense. ---- - usr/sbin/pkcsconf/pkcsconf.c | 4 ++-- - usr/sbin/pkcsconf/pkcsconf.msg | 2 +- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/usr/sbin/pkcsconf/pkcsconf.c b/usr/sbin/pkcsconf/pkcsconf.c -index bb12a90..0cf99d2 100755 ---- a/usr/sbin/pkcsconf/pkcsconf.c -+++ b/usr/sbin/pkcsconf/pkcsconf.c -@@ -375,7 +375,7 @@ main(int argc, char *argv[]){ - catd = catopen(MF_PKCSCONF,0); - - /* Parse the command line parameters */ -- while ((c = getopt (argc, argv, "itsmMIc:S:U:upPn:lh")) != (-1)){ -+ while ((c = getopt (argc, argv, "itsmIc:S:U:upPn:lh")) != (-1)){ - switch (c){ - case 'c': /* a specific card (slot) is specified */ - flags |= CFG_SLOT; -@@ -1301,7 +1301,7 @@ usage(char *progname){ - - /* If we get here the user needs help, so give it to them */ - printf(PKCSINIT_MSG(USAGE, -- "usage:\t%s [-itsmMIupPh] [-c slotnumber -U userPIN -S SOPin -n newpin]\n"), -+ "usage:\t%s [-itsmIupPh] [-c slotnumber -U userPIN -S SOPin -n newpin]\n"), - progname); - printf(PKCSINIT_MSG(USAGE1, "\t-i display PKCS11 info\n")); - printf(PKCSINIT_MSG(USAGE2, "\t-t display token info\n")); -diff --git a/usr/sbin/pkcsconf/pkcsconf.msg b/usr/sbin/pkcsconf/pkcsconf.msg -index bce440b..0d3ed34 100755 ---- a/usr/sbin/pkcsconf/pkcsconf.msg -+++ b/usr/sbin/pkcsconf/pkcsconf.msg -@@ -373,7 +373,7 @@ LIBERROR "Error initializing the PKCS11 library: 0x%X\n" - SLOTMGRERROR "Error communicating with slot manager: 0x%X\n" - INVALIDCARD "Invalid card: %s\n" - --USAGE "usage:\t%s [-iImMpPstuh] [-c slotnumber -U userPIN -S SOPin -n newPIN]\n" -+USAGE "usage:\t%s [-iImpPstuh] [-c slotnumber -U userPIN -S SOPin -n newPIN]\n" - USAGE1 "\t-i display PKCS11 info\n" - USAGE2 "\t-t display token info\n" - USAGE3 "\t-s display slot info\n" --- -1.6.6.1 - diff --git a/opencryptoki-2.3.1-pidfile.patch b/opencryptoki-2.3.1-pidfile.patch deleted file mode 100644 index 4a46ec1..0000000 --- a/opencryptoki-2.3.1-pidfile.patch +++ /dev/null @@ -1,45 +0,0 @@ -diff -up opencryptoki-2.3.1/misc/pkcsslotd.in.pidfile opencryptoki-2.3.1/misc/pkcsslotd.in ---- opencryptoki-2.3.1/misc/pkcsslotd.in.pidfile 2010-04-26 16:33:00.000000000 +0200 -+++ opencryptoki-2.3.1/misc/pkcsslotd.in 2010-04-26 16:33:31.000000000 +0200 -@@ -27,19 +27,7 @@ start() { - # Generate the configuration information - $CONFSTART - -- ## Start daemon with startproc(8). If this fails -- ## the echo return value is set appropriate. -- if [ ! -f $PIDFILE ]; then -- # pid file does not exist -- daemon --force $SLOTDBIN -- elif ! ps -h --pid `cat $PIDFILE` | grep "$SLOTDBIN" 2>&1 >/dev/null; then -- # pid file exists but named pid not -- rm -f $PIDFILE -- daemon --force $SLOTDBIN -- else -- # just to have "failed" message -- daemon $SLOTDBIN -- fi -+ daemon $SLOTDBIN - - RETVAL=$? - echo -@@ -49,7 +37,7 @@ start() { - - stop() { - echo -n $"Shutting down pkcsslotd:" -- killproc pkcsslotd -TERM -+ killproc pkcsslotd - RETVAL=$? - echo - [ $RETVAL -eq 0 ] && rm -f $LOCKFILE -diff -up opencryptoki-2.3.1/usr/include/pkcs11/slotmgr.h.pidfile opencryptoki-2.3.1/usr/include/pkcs11/slotmgr.h ---- opencryptoki-2.3.1/usr/include/pkcs11/slotmgr.h.pidfile 2010-04-26 16:32:42.000000000 +0200 -+++ opencryptoki-2.3.1/usr/include/pkcs11/slotmgr.h 2010-04-26 16:32:46.000000000 +0200 -@@ -325,7 +325,7 @@ - #endif - - --#define PID_FILE_PATH CONFIG_PATH "/.slotpid" -+#define PID_FILE_PATH "/var/run/pkcsslotd.pid" - - #ifndef CK_BOOL - #define CK_BOOL CK_BBOOL diff --git a/opencryptoki-2.3.2-do-not-create-group-in-pkcs11_startup.patch b/opencryptoki-2.3.2-do-not-create-group-in-pkcs11_startup.patch new file mode 100644 index 0000000..c432aac --- /dev/null +++ b/opencryptoki-2.3.2-do-not-create-group-in-pkcs11_startup.patch @@ -0,0 +1,35 @@ +diff -up opencryptoki-2.3.2/usr/sbin/pkcs11_startup/pkcs11_startup.in.orig opencryptoki-2.3.2/usr/sbin/pkcs11_startup/pkcs11_startup.in +--- opencryptoki-2.3.2/usr/sbin/pkcs11_startup/pkcs11_startup.in.orig 2010-08-24 17:13:46.000000000 +0200 ++++ opencryptoki-2.3.2/usr/sbin/pkcs11_startup/pkcs11_startup.in 2010-08-24 17:14:03.000000000 +0200 +@@ -309,31 +309,6 @@ rm -f @localstatedir@/lib/opencryptoki/p + # it from scratch + + +-# Create the pkcs11 group if it does not exist... +-cat /etc/group|grep pkcs11 >/dev/null 2>&1 +-rc=$? +-if [ $rc = 1 ] +-then +- if [ -x @GROUPADD@ ] +- then +- @GROUPADD@ pkcs11 >/dev/null 2>&1 +- +- else +- echo "Couldn't execute @GROUPADD@. Please add the group 'pkcs11' manually." +- fi +-fi +- +- +-if [ -x @USERMOD@ -a -x @ID@ ] +-then +- # add the pkcs group +- # replace spaces by commas +- @USERMOD@ -G $( @ID@ --groups --name root | @SED@ -e 'y/ /,/'),pkcs11 root +-else +- echo "Couldn't execute @USERMOD@. Please add root to the group 'pkcs11' manually." +-fi +- +- + # For each card run the status command and if successful + # create the odm stanza for the file + diff --git a/opencryptoki.spec b/opencryptoki.spec index 61d724b..8f0ae09 100644 --- a/opencryptoki.spec +++ b/opencryptoki.spec @@ -1,22 +1,13 @@ Name: opencryptoki Summary: Implementation of the PKCS#11 (Cryptoki) specification v2.11 -Version: 2.3.1 -Release: 7%{?dist} +Version: 2.3.2 +Release: 1%{?dist} License: CPL Group: System Environment/Base URL: http://sourceforge.net/projects/opencryptoki Source: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz -Patch0: %{name}-2.2.8-do-not-create-group-in-pkcs11_startup.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=522149 -# https://sourceforge.net/tracker/?func=detail&aid=2992772&group_id=128009&atid=710344 -Patch1: %{name}-2.3.0-lsb.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=547324 -# https://sourceforge.net/tracker/?func=detail&aid=2992760&group_id=128009&atid=710344 -Patch2: %{name}-2.3.1-pidfile.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=546274 -# https://sourceforge.net/mailarchive/forum.php?thread_name=1274175144-26515-1-git-send-email-dan%40danny.cz&forum_name=opencryptoki-tech -# https://sourceforge.net/mailarchive/forum.php?thread_name=1274175144-26515-2-git-send-email-dan%40danny.cz&forum_name=opencryptoki-tech -Patch3: %{name}-2.3.1-bz546274.patch +# the pkcs11 group is created and populated in scriptlet +Patch0: %{name}-2.3.2-do-not-create-group-in-pkcs11_startup.patch BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) Requires(pre): shadow-utils coreutils sed Requires(post): chkconfig @@ -24,7 +15,8 @@ Requires(preun): chkconfig # This is for /sbin/service Requires(preun): initscripts Requires(postun): initscripts -BuildRequires: openssl-devel trousers-devel +BuildRequires: openssl-devel +BuildRequires: trousers-devel BuildRequires: autoconf automake libtool %ifarch s390 s390x BuildRequires: libica-devel >= 2.0 @@ -32,17 +24,28 @@ BuildRequires: libica-devel >= 2.0 Requires: %{name}-libs%{?_isa} = %{version}-%{release} %description -openCryptoki implements the PKCS#11 specification v2.11. It includes support -for cryptographic hardware such as the IBM 4758 Cryptographic CoProcessor, -the IBM eServer Cryptographic Accelerator (FC 4960 on pSeries) or the Trusted -Platform Module (TPM) as well as a software token for testing. +Opencryptoki implements the PKCS#11 specification v2.11 for a set of +cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the +Trusted Platform Module (TPM) chip. Opencryptoki also brings a software +token implementation that can be used without any cryptographic +hardware. +This package contains the Slot Daemon (pkcsslotd) and general utilities. + %package libs Group: System Environment/Libraries -Summary: The runtime libraries for opencryptoki package +Summary: The run-time libraries for opencryptoki package %description libs -The runtime libraries for use with openCryptoki based applications. +Opencryptoki implements the PKCS#11 specification v2.11 for a set of +cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the +Trusted Platform Module (TPM) chip. Opencryptoki also brings a software +token implementation that can be used without any cryptographic +hardware. +This package contains the PKCS#11 library implementation, and requires +at least one token implementation (packaged separately) to be fully +functional. + %package devel Group: Development/Libraries @@ -50,55 +53,129 @@ Summary: Development files for openCryptoki Requires: %{name}-libs = %{version}-%{release} %description devel -This package contains the development header files for building openCryptoki -based applications. +This package contains the development header files for building +opencryptoki and PKCS#11 based applications + + +%package swtok +Group: System Environment/Libraries +Summary: The software token implementation for opencryptoki +Requires: %{name}-libs%{?_isa} = %{version}-%{release} + +%description swtok +Opencryptoki implements the PKCS#11 specification v2.11 for a set of +cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the +Trusted Platform Module (TPM) chip. Opencryptoki also brings a software +token implementation that can be used without any cryptographic +hardware. +This package brings the software token implementation to use opencryptoki +without any specific cryptographic hardware. + + +%package tpmtok +Group: System Environment/Libraries +Summary: Trusted Platform Module (TPM) device support for opencryptoki +Requires: %{name}-libs%{?_isa} = %{version}-%{release} + +%description tpmtok +Opencryptoki implements the PKCS#11 specification v2.11 for a set of +cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the +Trusted Platform Module (TPM) chip. Opencryptoki also brings a software +token implementation that can be used without any cryptographic +hardware. +This package brings the necessary libraries and files to support +Trusted Platform Module (TPM) devices in the opencryptoki stack. + + +%ifarch s390 s390x +%package icatok +Group: System Environment/Libraries +Summary: ICA cryptographic devices (clear-key) support for opencryptoki +Requires: %{name}-libs%{?_isa} = %{version}-%{release} + +%description icatok +Opencryptoki implements the PKCS#11 specification v2.11 for a set of +cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the +Trusted Platform Module (TPM) chip. Opencryptoki also brings a software +token implementation that can be used without any cryptographic +hardware. +This package brings the necessary libraries and files to support ICA +devices in the opencryptoki stack. ICA is an interface to IBM +cryptographic hardware such as IBM 4764 or 4765 that uses the +"accelerator" or "clear-key" path. + +%package ccatok +Group: System Environment/Libraries +Summary: CCA cryptographic devices (secure-key) support for opencryptoki +Requires: %{name}-libs%{?_isa} = %{version}-%{release} + +%description ccatok +Opencryptoki implements the PKCS#11 specification v2.11 for a set of +cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the +Trusted Platform Module (TPM) chip. Opencryptoki also brings a software +token implementation that can be used without any cryptographic +hardware. +This package brings the necessary libraries and files to support CCA +devices in the opencryptoki stack. CCA is an interface to IBM +cryptographic hardware such as IBM 4764 or 4765 that uses the +"co-processor" or "secure-key" path. +%endif + %prep %setup -q %patch0 -p1 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%build # Upstream tarball has unnecessary executable perms set on the sources find . -name '*.[ch]' -print0 | xargs -0 chmod -x + +%build ./bootstrap.sh + %configure \ %ifarch s390 s390x - --enable-ccatok \ + --enable-icatok --enable-ccatok +%else + --disable-icatok --disable-ccatok %endif - --enable-tpmtok make %{?_smp_mflags} + %install rm -rf $RPM_BUILD_ROOT make install DESTDIR=$RPM_BUILD_ROOT -mkdir -p $RPM_BUILD_ROOT/usr/include/opencryptoki -cp -a usr/include/pkcs11/{apiclient.h,pkcs11.h,pkcs11types.h} $RPM_BUILD_ROOT/usr/include/opencryptoki - -# Move the initscript to its proper place -mkdir -p $RPM_BUILD_ROOT%{_initddir} -mv $RPM_BUILD_ROOT%{_sysconfdir}/init.d/pkcsslotd $RPM_BUILD_ROOT%{_initddir}/pkcsslotd - -mkdir -p $RPM_BUILD_ROOT/%{_sharedstatedir}/%{name} - # Remove unwanted cruft -rm -rf doc/CVS rm -f $RPM_BUILD_ROOT/%{_libdir}/%{name}/*.la rm -f $RPM_BUILD_ROOT/%{_libdir}/%{name}/stdll/*.la -rm -rf $RPM_BUILD_ROOT/%{_datadir}/%{name} + %clean rm -rf $RPM_BUILD_ROOT -%postun libs -p /sbin/ldconfig %post libs -p /sbin/ldconfig +%post swtok -p /sbin/ldconfig +%post tpmtok -p /sbin/ldconfig +%ifarch s390 s390x +%post icatok -p /sbin/ldconfig +%post ccatok -p /sbin/ldconfig +%endif + +%postun libs -p /sbin/ldconfig +%postun swtok -p /sbin/ldconfig +%postun tpmtok -p /sbin/ldconfig +%ifarch s390 s390x +%postun icatok -p /sbin/ldconfig +%postun ccatok -p /sbin/ldconfig +%endif + +%post +/sbin/chkconfig --add pkcsslotd +exit 0 %postun if [ "$1" -ge "1" ] ; then @@ -106,8 +183,11 @@ if [ "$1" -ge "1" ] ; then fi exit 0 -%post -/sbin/chkconfig --add pkcsslotd +%pre +# Create pkcs11 group +getent group pkcs11 >/dev/null || groupadd -r pkcs11 +# Add root to the pkcs11 group +gpasswd -a root pkcs11 exit 0 %preun @@ -117,27 +197,17 @@ if [ "$1" = "0" ] ; then fi exit 0 -%pre -getent group pkcs11 >/dev/null || groupadd -r pkcs11 -# Add root to the pkcs11 group -/usr/sbin/usermod -G $(/usr/bin/id --groups --name root | /bin/sed -e ' -# add the pkcs group if it is missing -/(^| )pkcs11( |$)/!s/$/ pkcs11/ -# replace spaces by commas -y/ /,/ -'),pkcs11 root -exit 0 %files %defattr(-,root,root,-) -%doc FAQ README doc/* +%doc ChangeLog FAQ README +%doc doc/openCryptoki-HOWTO.pdf %{_initddir}/pkcsslotd %{_sbindir}/* %{_mandir}/man*/* +%{_libdir}/opencryptoki/methods +%{_libdir}/pkcs11/methods %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name} -%ifarch s390 s390x -%doc usr/lib/pkcs11/cca_stdll/README-IBM_CCA_users -%endif %files libs %defattr(-,root,root,-) @@ -147,15 +217,50 @@ exit 0 # needs them in the main package, because: # pkcs11_startup looks for opencryptoki/stdll/*.so, and # documentation suggests that programs should dlopen "PKCS11_API.so". -%{_libdir}/opencryptoki -%{_libdir}/pkcs11 +%dir %{_libdir}/opencryptoki +%{_libdir}/opencryptoki/libopencryptoki.* +%{_libdir}/opencryptoki/PKCS11_API.so +%dir %{_libdir}/opencryptoki/stdll +%dir %{_libdir}/pkcs11 +%{_libdir}/pkcs11/libopencryptoki.so +%{_libdir}/pkcs11/PKCS11_API.so +%{_libdir}/pkcs11/stdll %files devel %defattr(-,root,root,-) %{_includedir}/* +%files swtok +%defattr(-,root,root,-) +%{_libdir}/opencryptoki/stdll/libpkcs11_sw.* +%{_libdir}/opencryptoki/stdll/PKCS11_SW.so + +%files tpmtok +%defattr(-,root,root,-) +%doc doc/README.tpm_stdll +%{_libdir}/opencryptoki/stdll/libpkcs11_tpm.* +%{_libdir}/opencryptoki/stdll/PKCS11_TPM.so + +%ifarch s390 s390x +%files icatok +%defattr(-,root,root,-) +%{_libdir}/opencryptoki/stdll/libpkcs11_ica.* +%{_libdir}/opencryptoki/stdll/PKCS11_ICA.so + +%files ccatok +%defattr(-,root,root,-) +%doc doc/README-IBM_CCA_users +%doc doc/README.cca_stdll +%{_libdir}/opencryptoki/stdll/libpkcs11_cca.* +%{_libdir}/opencryptoki/stdll/PKCS11_CCA.so +%endif + %changelog +* Tue Sep 14 2010 Dan Horák 2.3.2-1 +- new upstream release 2.3.2 +- put STDLLs in separate packages to match upstream package design + * Thu Jul 08 2010 Michal Schmidt 2.3.1-7 - Move the LICENSE file to the -libs subpackage. diff --git a/sources b/sources index 514ff59..b24f3c0 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -1b4690b52210574fcee69adbcb0f40fb opencryptoki-2.3.1.tar.gz +f815df754b5eccb7438ca379485db01a opencryptoki-2.3.2.tar.gz