From f405c3b8fc7bdb4272744c6d30cc3206828f950c Mon Sep 17 00:00:00 2001 From: Than Ngo Date: Mon, 15 May 2023 17:22:05 +0200 Subject: [PATCH] update to 3.21.0 --- .gitignore | 1 + ....patch => opencryptoki-3.21.0-p11sak.patch | 41 +++++++++++-------- opencryptoki.spec | 13 ++++-- sources | 2 +- 4 files changed, 34 insertions(+), 23 deletions(-) rename opencryptoki-3.20.0-p11sak.patch => opencryptoki-3.21.0-p11sak.patch (50%) diff --git a/.gitignore b/.gitignore index b6620c9..b5cf410 100644 --- a/.gitignore +++ b/.gitignore @@ -32,3 +32,4 @@ opencryptoki-2.3.1.tar.gz /opencryptoki-3.18.0.tar.gz /opencryptoki-3.19.0.tar.gz /opencryptoki-3.20.0.tar.gz +/opencryptoki-3.21.0.tar.gz diff --git a/opencryptoki-3.20.0-p11sak.patch b/opencryptoki-3.21.0-p11sak.patch similarity index 50% rename from opencryptoki-3.20.0-p11sak.patch rename to opencryptoki-3.21.0-p11sak.patch index c608778..197ad52 100644 --- a/opencryptoki-3.20.0-p11sak.patch +++ b/opencryptoki-3.21.0-p11sak.patch @@ -1,32 +1,37 @@ -diff -up opencryptoki-3.18.0/Makefile.am.me opencryptoki-3.18.0/Makefile.am ---- opencryptoki-3.18.0/Makefile.am.me 2022-05-09 22:25:07.980238715 +0200 -+++ opencryptoki-3.18.0/Makefile.am 2022-05-09 22:25:29.292722755 +0200 -@@ -78,7 +78,7 @@ if ENABLE_EP11TOK +diff -up opencryptoki-3.21.0/Makefile.am.me opencryptoki-3.21.0/Makefile.am +--- opencryptoki-3.21.0/Makefile.am.me 2023-05-15 17:01:04.932616030 +0200 ++++ opencryptoki-3.21.0/Makefile.am 2023-05-15 17:00:45.732131601 +0200 +@@ -39,15 +39,8 @@ include tools/tools.mk + include doc/doc.mk + + install-data-hook: +- getent group $(pkcs_group) > /dev/null || $(GROUPADD) -r $(pkcs_group) +- getent passwd $(pkcsslotd_user) >/dev/null || $(USERADD) -r -g $(pkcs_group) -d /run/opencryptoki -s /sbin/nologin -c "Opencryptoki pkcsslotd user" $(pkcsslotd_user) + $(MKDIR_P) $(DESTDIR)/run/opencryptoki/ +- $(CHOWN) $(pkcsslotd_user):$(pkcs_group) $(DESTDIR)/run/opencryptoki/ +- $(CHGRP) $(pkcs_group) $(DESTDIR)/run/opencryptoki/ +- $(CHMOD) 0710 $(DESTDIR)/run/opencryptoki/ + $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki +- $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki +- $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki + if ENABLE_LIBRARY + $(MKDIR_P) $(DESTDIR)$(libdir)/opencryptoki/stdll + $(MKDIR_P) $(DESTDIR)$(libdir)/pkcs11 +@@ -100,7 +93,7 @@ if ENABLE_EP11TOK endif if ENABLE_P11SAK test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true -- test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || $(INSTALL) -g pkcs11 -m 0640 $(srcdir)/usr/sbin/p11sak/p11sak_defined_attrs.conf $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || true +- test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || $(INSTALL) -g $(pkcs_group) -m 0640 $(srcdir)/usr/sbin/p11sak/p11sak_defined_attrs.conf $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || true + test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || $(INSTALL) -m 0640 $(srcdir)/usr/sbin/p11sak/p11sak_defined_attrs.conf $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || true endif if ENABLE_ICATOK cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ -@@ -138,7 +138,7 @@ endif +@@ -151,7 +144,7 @@ endif if ENABLE_DAEMON test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true test -f $(DESTDIR)$(sysconfdir)/opencryptoki/opencryptoki.conf || $(INSTALL) -m 644 $(srcdir)/usr/sbin/pkcsslotd/opencryptoki.conf $(DESTDIR)$(sysconfdir)/opencryptoki/opencryptoki.conf || true -- test -f $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || $(INSTALL) -m 640 -o root -g pkcs11 -T $(srcdir)/doc/strength-example.conf $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || true +- test -f $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || $(INSTALL) -m 640 -o root -g $(pkcs_group) -T $(srcdir)/doc/strength-example.conf $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || true + test -f $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || $(INSTALL) -m 640 -o root -T $(srcdir)/doc/strength-example.conf $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || true endif $(MKDIR_P) $(DESTDIR)/etc/ld.so.conf.d echo "$(libdir)/opencryptoki" >\ -diff -up opencryptoki-3.20.0/Makefile.am.me opencryptoki-3.20.0/Makefile.am ---- opencryptoki-3.20.0/Makefile.am.me 2023-02-13 17:23:17.263189936 +0100 -+++ opencryptoki-3.20.0/Makefile.am 2023-02-13 17:24:22.743815752 +0100 -@@ -39,7 +39,6 @@ include tools/tools.mk - include doc/doc.mk - - install-data-hook: -- getent group pkcs11 > /dev/null || $(GROUPADD) -r pkcs11 - if ENABLE_LIBRARY - $(MKDIR_P) $(DESTDIR)$(libdir)/opencryptoki/stdll - $(MKDIR_P) $(DESTDIR)$(libdir)/pkcs11 diff --git a/opencryptoki.spec b/opencryptoki.spec index 9f64b3e..a205d75 100644 --- a/opencryptoki.spec +++ b/opencryptoki.spec @@ -5,8 +5,8 @@ Name: opencryptoki Summary: Implementation of the PKCS#11 (Cryptoki) specification v3.0 -Version: 3.20.0 -Release: 2%{?dist} +Version: 3.21.0 +Release: 1%{?dist} License: CPL-1.0 URL: https://github.com/opencryptoki/opencryptoki Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz @@ -14,7 +14,7 @@ Source1: opencryptoki.module # bz#1373833, change tmpfiles snippets from /var/lock/* to /run/lock/* Patch1: opencryptoki-3.11.0-lockdir.patch # fix install problem in buildroot -Patch2: opencryptoki-3.20.0-p11sak.patch +Patch2: opencryptoki-3.21.0-p11sak.patch # upstream patches Requires(pre): coreutils @@ -28,7 +28,7 @@ BuildRequires: trousers-devel BuildRequires: openldap-devel BuildRequires: autoconf automake libtool BuildRequires: bison flex -BuildRequires: libitm-devel +BuildRequires: libcap-devel BuildRequires: expect BuildRequires: make BuildRequires: systemd-rpm-macros @@ -188,6 +188,7 @@ configured with Enterprise PKCS#11 (EP11) firmware. ./bootstrap.sh %configure --with-systemd=%{_unitdir} --enable-testcases \ + --with-pkcsslotd-user=pkcsslotd --with-pkcs-group=pkcs11 \ %if 0%{?tpmtok} --enable-tpmtok \ %else @@ -220,6 +221,7 @@ fi %pre libs getent group pkcs11 >/dev/null || groupadd -r pkcs11 +getent passwd pkcsslotd >/dev/null || useradd -r -g pkcs11 -d /run/opencryptoki -s /sbin/nologin -c "Opencryptoki pkcsslotd user" pkcsslotd exit 0 %post @@ -259,10 +261,12 @@ fi %{_sbindir}/pkcsconf %{_sbindir}/pkcsslotd %{_sbindir}/pkcsstats +%{_sbindir}/pkcshsm_mk_change %{_mandir}/man1/p11sak.1* %{_mandir}/man1/pkcstok_migrate.1* %{_mandir}/man1/pkcsconf.1* %{_mandir}/man1/pkcsstats.1* +%{_mandir}/man1/pkcshsm_mk_change.1* %{_mandir}/man5/policy.conf.5* %{_mandir}/man5/strength.conf.5* %{_mandir}/man5/%{name}.conf.5* @@ -274,6 +278,7 @@ fi %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name} %ghost %dir %attr(770,root,pkcs11) %{_rundir}/lock/%{name} %ghost %dir %attr(770,root,pkcs11) %{_rundir}/lock/%{name}/* +%dir %attr(710,pkcsslotd,pkcs11) /run/%{name} %dir %attr(770,root,pkcs11) %{_localstatedir}/log/opencryptoki %files libs diff --git a/sources b/sources index 451cab8..44afc26 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (opencryptoki-3.20.0.tar.gz) = 6509ec09e3b0b4e958df7cd459fd3b1b3e8081df167590c5dfbd1df5aa76d888205fd461e3f021fd25497643d97c39c916fe6dbca9fa6cbcbde5c46634c5ff5b +SHA512 (opencryptoki-3.21.0.tar.gz) = a1843a395770d7b93df46e26a87779f636cf490b300be8f0af97643ffde01460199aa7634e11708cd2353ef534d8df0cfe6e408229c6b4869446aa6886f4e740