9e22d31c4b
Resolves: #2110500, ep11 token: PKCS #11 3.0 - support AES_XTS Resolves: #2111011, cca token: protected key support Resolves: #2159697, update to 3.21.0 Resolves: #2159740, pkcsslotd hardening Resolves: #2159741, p11sak support Dilithium and Kyber keys Resolves: #2159742, ica and soft tokens: PKCS #11 3.0 - support AES_XTS
38 lines
2.5 KiB
Diff
38 lines
2.5 KiB
Diff
diff -up opencryptoki-3.21.0/Makefile.am.me opencryptoki-3.21.0/Makefile.am
|
|
--- opencryptoki-3.21.0/Makefile.am.me 2023-05-15 17:01:04.932616030 +0200
|
|
+++ opencryptoki-3.21.0/Makefile.am 2023-05-15 17:00:45.732131601 +0200
|
|
@@ -39,15 +39,8 @@ include tools/tools.mk
|
|
include doc/doc.mk
|
|
|
|
install-data-hook:
|
|
- getent group $(pkcs_group) > /dev/null || $(GROUPADD) -r $(pkcs_group)
|
|
- getent passwd $(pkcsslotd_user) >/dev/null || $(USERADD) -r -g $(pkcs_group) -d /run/opencryptoki -s /sbin/nologin -c "Opencryptoki pkcsslotd user" $(pkcsslotd_user)
|
|
$(MKDIR_P) $(DESTDIR)/run/opencryptoki/
|
|
- $(CHOWN) $(pkcsslotd_user):$(pkcs_group) $(DESTDIR)/run/opencryptoki/
|
|
- $(CHGRP) $(pkcs_group) $(DESTDIR)/run/opencryptoki/
|
|
- $(CHMOD) 0710 $(DESTDIR)/run/opencryptoki/
|
|
$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki
|
|
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki
|
|
- $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki
|
|
if ENABLE_LIBRARY
|
|
$(MKDIR_P) $(DESTDIR)$(libdir)/opencryptoki/stdll
|
|
$(MKDIR_P) $(DESTDIR)$(libdir)/pkcs11
|
|
@@ -100,7 +93,7 @@ if ENABLE_EP11TOK
|
|
endif
|
|
if ENABLE_P11SAK
|
|
test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true
|
|
- test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || $(INSTALL) -g $(pkcs_group) -m 0640 $(srcdir)/usr/sbin/p11sak/p11sak_defined_attrs.conf $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || true
|
|
+ test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || $(INSTALL) -m 0640 $(srcdir)/usr/sbin/p11sak/p11sak_defined_attrs.conf $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || true
|
|
endif
|
|
if ENABLE_ICATOK
|
|
cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
|
|
@@ -151,7 +144,7 @@ endif
|
|
if ENABLE_DAEMON
|
|
test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true
|
|
test -f $(DESTDIR)$(sysconfdir)/opencryptoki/opencryptoki.conf || $(INSTALL) -m 644 $(srcdir)/usr/sbin/pkcsslotd/opencryptoki.conf $(DESTDIR)$(sysconfdir)/opencryptoki/opencryptoki.conf || true
|
|
- test -f $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || $(INSTALL) -m 640 -o root -g $(pkcs_group) -T $(srcdir)/doc/strength-example.conf $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || true
|
|
+ test -f $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || $(INSTALL) -m 640 -o root -T $(srcdir)/doc/strength-example.conf $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || true
|
|
endif
|
|
$(MKDIR_P) $(DESTDIR)/etc/ld.so.conf.d
|
|
echo "$(libdir)/opencryptoki" >\
|