[opencryptoki] - new upstream release 2.3.2 - put STDLLs in separate packages to match upstream package design
Dan Horák
sharkcz at fedoraproject.org
Tue Sep 14 09:49:26 UTC 2010
commit eaf25b8822c85f1382a6c1296407ffc737949137
Author: Dan Horák <dan at danny.cz>
Date: Tue Sep 14 11:49:20 2010 +0200
- new upstream release 2.3.2
- put STDLLs in separate packages to match upstream package design
.gitignore | 1 +
...2.8-do-not-create-group-in-pkcs11_startup.patch | 59 ------
opencryptoki-2.3.0-lsb.patch | 57 -----
opencryptoki-2.3.1-bz546274.patch | 194 -----------------
opencryptoki-2.3.1-pidfile.patch | 45 ----
...3.2-do-not-create-group-in-pkcs11_startup.patch | 35 +++
opencryptoki.spec | 221 ++++++++++++++-----
sources | 2 +-
8 files changed, 200 insertions(+), 414 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 35b8aeb..e21aa43 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
opencryptoki-2.3.1.tar.gz
+/opencryptoki-2.3.2.tar.gz
diff --git a/opencryptoki-2.3.2-do-not-create-group-in-pkcs11_startup.patch b/opencryptoki-2.3.2-do-not-create-group-in-pkcs11_startup.patch
new file mode 100644
index 0000000..c432aac
--- /dev/null
+++ b/opencryptoki-2.3.2-do-not-create-group-in-pkcs11_startup.patch
@@ -0,0 +1,35 @@
+diff -up opencryptoki-2.3.2/usr/sbin/pkcs11_startup/pkcs11_startup.in.orig opencryptoki-2.3.2/usr/sbin/pkcs11_startup/pkcs11_startup.in
+--- opencryptoki-2.3.2/usr/sbin/pkcs11_startup/pkcs11_startup.in.orig 2010-08-24 17:13:46.000000000 +0200
++++ opencryptoki-2.3.2/usr/sbin/pkcs11_startup/pkcs11_startup.in 2010-08-24 17:14:03.000000000 +0200
+@@ -309,31 +309,6 @@ rm -f @localstatedir@/lib/opencryptoki/p
+ # it from scratch
+
+
+-# Create the pkcs11 group if it does not exist...
+-cat /etc/group|grep pkcs11 >/dev/null 2>&1
+-rc=$?
+-if [ $rc = 1 ]
+-then
+- if [ -x @GROUPADD@ ]
+- then
+- @GROUPADD@ pkcs11 >/dev/null 2>&1
+-
+- else
+- echo "Couldn't execute @GROUPADD at . Please add the group 'pkcs11' manually."
+- fi
+-fi
+-
+-
+-if [ -x @USERMOD@ -a -x @ID@ ]
+-then
+- # add the pkcs group
+- # replace spaces by commas
+- @USERMOD@ -G $( @ID@ --groups --name root | @SED@ -e 'y/ /,/'),pkcs11 root
+-else
+- echo "Couldn't execute @USERMOD at . Please add root to the group 'pkcs11' manually."
+-fi
+-
+-
+ # For each card run the status command and if successful
+ # create the odm stanza for the file
+
diff --git a/opencryptoki.spec b/opencryptoki.spec
index 61d724b..8f0ae09 100644
--- a/opencryptoki.spec
+++ b/opencryptoki.spec
@@ -1,22 +1,13 @@
Name: opencryptoki
Summary: Implementation of the PKCS#11 (Cryptoki) specification v2.11
-Version: 2.3.1
-Release: 7%{?dist}
+Version: 2.3.2
+Release: 1%{?dist}
License: CPL
Group: System Environment/Base
URL: http://sourceforge.net/projects/opencryptoki
Source: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
-Patch0: %{name}-2.2.8-do-not-create-group-in-pkcs11_startup.patch
-# https://bugzilla.redhat.com/show_bug.cgi?id=522149
-# https://sourceforge.net/tracker/?func=detail&aid=2992772&group_id=128009&atid=710344
-Patch1: %{name}-2.3.0-lsb.patch
-# https://bugzilla.redhat.com/show_bug.cgi?id=547324
-# https://sourceforge.net/tracker/?func=detail&aid=2992760&group_id=128009&atid=710344
-Patch2: %{name}-2.3.1-pidfile.patch
-# https://bugzilla.redhat.com/show_bug.cgi?id=546274
-# https://sourceforge.net/mailarchive/forum.php?thread_name=1274175144-26515-1-git-send-email-dan%40danny.cz&forum_name=opencryptoki-tech
-# https://sourceforge.net/mailarchive/forum.php?thread_name=1274175144-26515-2-git-send-email-dan%40danny.cz&forum_name=opencryptoki-tech
-Patch3: %{name}-2.3.1-bz546274.patch
+# the pkcs11 group is created and populated in scriptlet
+Patch0: %{name}-2.3.2-do-not-create-group-in-pkcs11_startup.patch
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
Requires(pre): shadow-utils coreutils sed
Requires(post): chkconfig
@@ -24,7 +15,8 @@ Requires(preun): chkconfig
# This is for /sbin/service
Requires(preun): initscripts
Requires(postun): initscripts
-BuildRequires: openssl-devel trousers-devel
+BuildRequires: openssl-devel
+BuildRequires: trousers-devel
BuildRequires: autoconf automake libtool
%ifarch s390 s390x
BuildRequires: libica-devel >= 2.0
@@ -32,17 +24,28 @@ BuildRequires: libica-devel >= 2.0
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%description
-openCryptoki implements the PKCS#11 specification v2.11. It includes support
-for cryptographic hardware such as the IBM 4758 Cryptographic CoProcessor,
-the IBM eServer Cryptographic Accelerator (FC 4960 on pSeries) or the Trusted
-Platform Module (TPM) as well as a software token for testing.
+Opencryptoki implements the PKCS#11 specification v2.11 for a set of
+cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the
+Trusted Platform Module (TPM) chip. Opencryptoki also brings a software
+token implementation that can be used without any cryptographic
+hardware.
+This package contains the Slot Daemon (pkcsslotd) and general utilities.
+
%package libs
Group: System Environment/Libraries
-Summary: The runtime libraries for opencryptoki package
+Summary: The run-time libraries for opencryptoki package
%description libs
-The runtime libraries for use with openCryptoki based applications.
+Opencryptoki implements the PKCS#11 specification v2.11 for a set of
+cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the
+Trusted Platform Module (TPM) chip. Opencryptoki also brings a software
+token implementation that can be used without any cryptographic
+hardware.
+This package contains the PKCS#11 library implementation, and requires
+at least one token implementation (packaged separately) to be fully
+functional.
+
%package devel
Group: Development/Libraries
@@ -50,55 +53,129 @@ Summary: Development files for openCryptoki
Requires: %{name}-libs = %{version}-%{release}
%description devel
-This package contains the development header files for building openCryptoki
-based applications.
+This package contains the development header files for building
+opencryptoki and PKCS#11 based applications
+
+
+%package swtok
+Group: System Environment/Libraries
+Summary: The software token implementation for opencryptoki
+Requires: %{name}-libs%{?_isa} = %{version}-%{release}
+
+%description swtok
+Opencryptoki implements the PKCS#11 specification v2.11 for a set of
+cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the
+Trusted Platform Module (TPM) chip. Opencryptoki also brings a software
+token implementation that can be used without any cryptographic
+hardware.
+This package brings the software token implementation to use opencryptoki
+without any specific cryptographic hardware.
+
+
+%package tpmtok
+Group: System Environment/Libraries
+Summary: Trusted Platform Module (TPM) device support for opencryptoki
+Requires: %{name}-libs%{?_isa} = %{version}-%{release}
+
+%description tpmtok
+Opencryptoki implements the PKCS#11 specification v2.11 for a set of
+cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the
+Trusted Platform Module (TPM) chip. Opencryptoki also brings a software
+token implementation that can be used without any cryptographic
+hardware.
+This package brings the necessary libraries and files to support
+Trusted Platform Module (TPM) devices in the opencryptoki stack.
+
+
+%ifarch s390 s390x
+%package icatok
+Group: System Environment/Libraries
+Summary: ICA cryptographic devices (clear-key) support for opencryptoki
+Requires: %{name}-libs%{?_isa} = %{version}-%{release}
+
+%description icatok
+Opencryptoki implements the PKCS#11 specification v2.11 for a set of
+cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the
+Trusted Platform Module (TPM) chip. Opencryptoki also brings a software
+token implementation that can be used without any cryptographic
+hardware.
+This package brings the necessary libraries and files to support ICA
+devices in the opencryptoki stack. ICA is an interface to IBM
+cryptographic hardware such as IBM 4764 or 4765 that uses the
+"accelerator" or "clear-key" path.
+
+%package ccatok
+Group: System Environment/Libraries
+Summary: CCA cryptographic devices (secure-key) support for opencryptoki
+Requires: %{name}-libs%{?_isa} = %{version}-%{release}
+
+%description ccatok
+Opencryptoki implements the PKCS#11 specification v2.11 for a set of
+cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the
+Trusted Platform Module (TPM) chip. Opencryptoki also brings a software
+token implementation that can be used without any cryptographic
+hardware.
+This package brings the necessary libraries and files to support CCA
+devices in the opencryptoki stack. CCA is an interface to IBM
+cryptographic hardware such as IBM 4764 or 4765 that uses the
+"co-processor" or "secure-key" path.
+%endif
+
%prep
%setup -q
%patch0 -p1
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
-%build
# Upstream tarball has unnecessary executable perms set on the sources
find . -name '*.[ch]' -print0 | xargs -0 chmod -x
+
+%build
./bootstrap.sh
+
%configure \
%ifarch s390 s390x
- --enable-ccatok \
+ --enable-icatok --enable-ccatok
+%else
+ --disable-icatok --disable-ccatok
%endif
- --enable-tpmtok
make %{?_smp_mflags}
+
%install
rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT
-mkdir -p $RPM_BUILD_ROOT/usr/include/opencryptoki
-cp -a usr/include/pkcs11/{apiclient.h,pkcs11.h,pkcs11types.h} $RPM_BUILD_ROOT/usr/include/opencryptoki
-
-# Move the initscript to its proper place
-mkdir -p $RPM_BUILD_ROOT%{_initddir}
-mv $RPM_BUILD_ROOT%{_sysconfdir}/init.d/pkcsslotd $RPM_BUILD_ROOT%{_initddir}/pkcsslotd
-
-mkdir -p $RPM_BUILD_ROOT/%{_sharedstatedir}/%{name}
-
# Remove unwanted cruft
-rm -rf doc/CVS
rm -f $RPM_BUILD_ROOT/%{_libdir}/%{name}/*.la
rm -f $RPM_BUILD_ROOT/%{_libdir}/%{name}/stdll/*.la
-rm -rf $RPM_BUILD_ROOT/%{_datadir}/%{name}
+
%clean
rm -rf $RPM_BUILD_ROOT
-%postun libs -p /sbin/ldconfig
%post libs -p /sbin/ldconfig
+%post swtok -p /sbin/ldconfig
+%post tpmtok -p /sbin/ldconfig
+%ifarch s390 s390x
+%post icatok -p /sbin/ldconfig
+%post ccatok -p /sbin/ldconfig
+%endif
+
+%postun libs -p /sbin/ldconfig
+%postun swtok -p /sbin/ldconfig
+%postun tpmtok -p /sbin/ldconfig
+%ifarch s390 s390x
+%postun icatok -p /sbin/ldconfig
+%postun ccatok -p /sbin/ldconfig
+%endif
+
+%post
+/sbin/chkconfig --add pkcsslotd
+exit 0
%postun
if [ "$1" -ge "1" ] ; then
@@ -106,8 +183,11 @@ if [ "$1" -ge "1" ] ; then
fi
exit 0
-%post
-/sbin/chkconfig --add pkcsslotd
+%pre
+# Create pkcs11 group
+getent group pkcs11 >/dev/null || groupadd -r pkcs11
+# Add root to the pkcs11 group
+gpasswd -a root pkcs11
exit 0
%preun
@@ -117,27 +197,17 @@ if [ "$1" = "0" ] ; then
fi
exit 0
-%pre
-getent group pkcs11 >/dev/null || groupadd -r pkcs11
-# Add root to the pkcs11 group
-/usr/sbin/usermod -G $(/usr/bin/id --groups --name root | /bin/sed -e '
-# add the pkcs group if it is missing
-/(^| )pkcs11( |$)/!s/$/ pkcs11/
-# replace spaces by commas
-y/ /,/
-'),pkcs11 root
-exit 0
%files
%defattr(-,root,root,-)
-%doc FAQ README doc/*
+%doc ChangeLog FAQ README
+%doc doc/openCryptoki-HOWTO.pdf
%{_initddir}/pkcsslotd
%{_sbindir}/*
%{_mandir}/man*/*
+%{_libdir}/opencryptoki/methods
+%{_libdir}/pkcs11/methods
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}
-%ifarch s390 s390x
-%doc usr/lib/pkcs11/cca_stdll/README-IBM_CCA_users
-%endif
%files libs
%defattr(-,root,root,-)
@@ -147,15 +217,50 @@ exit 0
# needs them in the main package, because:
# pkcs11_startup looks for opencryptoki/stdll/*.so, and
# documentation suggests that programs should dlopen "PKCS11_API.so".
-%{_libdir}/opencryptoki
-%{_libdir}/pkcs11
+%dir %{_libdir}/opencryptoki
+%{_libdir}/opencryptoki/libopencryptoki.*
+%{_libdir}/opencryptoki/PKCS11_API.so
+%dir %{_libdir}/opencryptoki/stdll
+%dir %{_libdir}/pkcs11
+%{_libdir}/pkcs11/libopencryptoki.so
+%{_libdir}/pkcs11/PKCS11_API.so
+%{_libdir}/pkcs11/stdll
%files devel
%defattr(-,root,root,-)
%{_includedir}/*
+%files swtok
+%defattr(-,root,root,-)
+%{_libdir}/opencryptoki/stdll/libpkcs11_sw.*
+%{_libdir}/opencryptoki/stdll/PKCS11_SW.so
+
+%files tpmtok
+%defattr(-,root,root,-)
+%doc doc/README.tpm_stdll
+%{_libdir}/opencryptoki/stdll/libpkcs11_tpm.*
+%{_libdir}/opencryptoki/stdll/PKCS11_TPM.so
+
+%ifarch s390 s390x
+%files icatok
+%defattr(-,root,root,-)
+%{_libdir}/opencryptoki/stdll/libpkcs11_ica.*
+%{_libdir}/opencryptoki/stdll/PKCS11_ICA.so
+
+%files ccatok
+%defattr(-,root,root,-)
+%doc doc/README-IBM_CCA_users
+%doc doc/README.cca_stdll
+%{_libdir}/opencryptoki/stdll/libpkcs11_cca.*
+%{_libdir}/opencryptoki/stdll/PKCS11_CCA.so
+%endif
+
%changelog
+* Tue Sep 14 2010 Dan Horák <dan[at]danny.cz> 2.3.2-1
+- new upstream release 2.3.2
+- put STDLLs in separate packages to match upstream package design
+
* Thu Jul 08 2010 Michal Schmidt <mschmidt at redhat.com> 2.3.1-7
- Move the LICENSE file to the -libs subpackage.
diff --git a/sources b/sources
index 514ff59..b24f3c0 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-1b4690b52210574fcee69adbcb0f40fb opencryptoki-2.3.1.tar.gz
+f815df754b5eccb7438ca379485db01a opencryptoki-2.3.2.tar.gz
More information about the scm-commits
mailing list