[opencryptoki: 1/2] new upstream release 2.4.1
Dan Horák
sharkcz at fedoraproject.org
Mon Feb 27 12:16:24 UTC 2012
commit ace0290fc4125e49979028052372945db7019ed1
Author: Dan Horák <dan at danny.cz>
Date: Mon Feb 27 13:14:18 2012 +0100
new upstream release 2.4.1
- convert from initscript to systemd unit
- import fixes from RHEL-6 about root's group membership (#732756, #730903)
.gitignore | 1 +
opencryptoki-2.4-group.patch | 47 +++++++++++++++++
opencryptoki-2.4.1-systemd.patch | 104 ++++++++++++++++++++++++++++++++++++++
opencryptoki.spec | 72 +++++++++++++-------------
sources | 2 +-
5 files changed, 189 insertions(+), 37 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index eb45dcf..f69b4ec 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@ opencryptoki-2.3.1.tar.gz
/opencryptoki-2.3.2.tar.gz
/opencryptoki-2.3.3.tar.gz
/opencryptoki-2.4.tar.gz
+/opencryptoki-2.4.1.tar.gz
diff --git a/opencryptoki-2.4-group.patch b/opencryptoki-2.4-group.patch
new file mode 100644
index 0000000..abaa592
--- /dev/null
+++ b/opencryptoki-2.4-group.patch
@@ -0,0 +1,47 @@
+diff -urp opencryptoki-2.4.orig/usr/lib/pkcs11/api/shrd_mem.c opencryptoki-2.4/usr/lib/pkcs11/api/shrd_mem.c
+--- opencryptoki-2.4.orig/usr/lib/pkcs11/api/shrd_mem.c.in 2011-08-15 08:17:14.000000000 -0400
++++ opencryptoki-2.4/usr/lib/pkcs11/api/shrd_mem.c.in 2011-08-15 10:22:49.000000000 -0400
+@@ -351,43 +351,6 @@ attach_shared_memory() {
+ return NULL;
+ }
+
+-
+- // SAB check for the group id here and membership here as well
+- grp = getgrnam("pkcs11");
+- if ( grp ) {
+- int i=0;
+- char member=0;
+-
+- pw = getpwuid(getuid());
+-
+- epw = getpwuid(geteuid());
+-
+- while( grp->gr_mem[i] ) {
+- if (pw) {
+- if ( strncmp(pw->pw_name, grp->gr_mem[i],strlen(pw->pw_name)) == 0 ){
+- member = 1;
+- break;
+- }
+- }
+- if (epw) {
+- if ( strncmp(epw->pw_name, grp->gr_mem[i],strlen(epw->pw_name)) == 0 ){
+- member = 1;
+- break;
+- }
+- }
+- i++;
+- }
+- if ( ! member ) {
+- return NULL; // SAB don't bother even attaching...
+- }
+-
+-
+- } else {
+- return NULL;
+- }
+-
+-
+-
+ Anchor->shm_tok = ftok(TOK_PATH,'b');
+
+ // Get the shared memory id.
diff --git a/opencryptoki-2.4.1-systemd.patch b/opencryptoki-2.4.1-systemd.patch
new file mode 100644
index 0000000..5c0ac52
--- /dev/null
+++ b/opencryptoki-2.4.1-systemd.patch
@@ -0,0 +1,104 @@
+From 5f9d27ae7180324a9a808790356d842df87ca695 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan at danny.cz>
+Date: Mon, 27 Feb 2012 11:43:49 +0100
+Subject: [PATCH] add support for systemd
+
+New configure parameter is introduced (--with-systemdsystemunitdir) and when set
+it means that systemd service file will be installed instead of the classis initscript.
+---
+ .gitignore | 1 +
+ configure.in | 12 ++++++++++++
+ misc/Makefile.am | 16 +++++++++++++---
+ misc/pkcsslotd.service.in | 13 +++++++++++++
+ 4 files changed, 39 insertions(+), 3 deletions(-)
+ create mode 100644 misc/pkcsslotd.service.in
+
+diff --git a/configure.in b/configure.in
+index 483a092..577b148 100644
+--- a/configure.in
++++ b/configure.in
+@@ -175,6 +175,12 @@ AC_ARG_WITH([xcryptolinz],
+ [],
+ [with_xcryptolinz=check])
+
++dnl --- systemd system unit files location
++AC_ARG_WITH([systemdsystemunitdir],
++ AS_HELP_STRING([--with-systemdsystemunitdir@<:@=DIR@:>@],[systemd system unit files location]),
++ [enable_systemd=yes],
++ [enable_systemd=no])
++
+ dnl ---
+ dnl ---
+ dnl --- Now that we have all the options, let's check for a valid build
+@@ -495,6 +501,11 @@ AM_CONDITIONAL([ENABLE_DAEMON], [test "x$enable_daemon" = "xyes"])
+ dnl --- enable_library
+ AM_CONDITIONAL([ENABLE_LIBRARY], [test "x$enable_library" = "xyes"])
+
++dnl --- enable systemd and set unit dir
++AM_CONDITIONAL([ENABLE_SYSTEMD], [test "x$enable_systemd" = "xyes"])
++unitdir=$with_systemdsystemunitdir
++AC_SUBST(unitdir)
++
+ dnl --- enable_icatok
+ if test "x$enable_icatok" = "xyes"; then
+ if test "x$with_libica" != "xyes"; then
+@@ -677,6 +688,7 @@ echo " Debug build: $enable_debug"
+ echo " Testcases: $enable_testcases"
+ echo " Daemon build: $enable_daemon"
+ echo " Library build: $enable_library"
++echo " Systemd service: $enable_systemd"
+ echo
+ echo "Enabled token types:"
+ echo " ICA token: $enable_icatok"
+diff --git a/misc/Makefile.am b/misc/Makefile.am
+index d0c6e9b..2954483 100644
+--- a/misc/Makefile.am
++++ b/misc/Makefile.am
+@@ -1,8 +1,17 @@
+-initddir = $(sysconfdir)/rc.d/init.d
+-
+-EXTRA_DIST = pkcsslotd.in
++EXTRA_DIST = pkcsslotd.in pkcsslotd.service.in
+
+ if ENABLE_DAEMON
++if ENABLE_SYSTEMD
++servicedir = $(unitdir)
++service_SCRIPTS = pkcsslotd.service
++
++CLEANFILES = pkcsslotd.service
++
++pkcsslotd.service: pkcsslotd.service.in
++ @SED@ -e s!\@sbindir\@!"@sbindir@"!g < $< > $@-t
++ mv $@-t $@
++else
++initddir = $(sysconfdir)/rc.d/init.d
+ initd_SCRIPTS = pkcsslotd
+
+ CLEANFILES = pkcsslotd
+@@ -12,3 +21,4 @@ pkcsslotd: pkcsslotd.in
+ @CHMOD@ a+x $@-t
+ mv $@-t $@
+ endif
++endif
+diff --git a/misc/pkcsslotd.service.in b/misc/pkcsslotd.service.in
+new file mode 100644
+index 0000000..3e64363
+--- /dev/null
++++ b/misc/pkcsslotd.service.in
+@@ -0,0 +1,13 @@
++[Unit]
++Description=Daemon which manages cryptographic hardware tokens for the openCryptoki package
++After=syslog.target
++
++[Service]
++Type=forking
++PIDFile=/var/run/pkcsslotd.pid
++ExecStartPre=@sbindir@/pkcs11_startup
++ExecStart=@sbindir@/pkcsslotd
++
++[Install]
++WantedBy=multi-user.target
++
+--
+1.7.7.6
+
diff --git a/opencryptoki.spec b/opencryptoki.spec
index ba9557d..1efe890 100644
--- a/opencryptoki.spec
+++ b/opencryptoki.spec
@@ -1,6 +1,6 @@
Name: opencryptoki
Summary: Implementation of the PKCS#11 (Cryptoki) specification v2.11
-Version: 2.4
+Version: 2.4.1
Release: 1%{?dist}
License: CPL
Group: System Environment/Base
@@ -8,20 +8,23 @@ URL: http://sourceforge.net/projects/opencryptoki
Source: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
# the pkcs11 group is created and populated in scriptlet
Patch0: %{name}-2.3.2-do-not-create-group-in-pkcs11_startup.patch
-BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
+# https://bugzilla.redhat.com/show_bug.cgi?id=732756
+Patch1: %{name}-2.4-group.patch
+# convert from initscript to systemd unit
+Patch2: %{name}-2.4.1-systemd.patch
Requires(pre): shadow-utils coreutils sed
-Requires(post): chkconfig
-Requires(preun): chkconfig
-# This is for /sbin/service
-Requires(preun): initscripts
-Requires(postun): initscripts
BuildRequires: openssl-devel
BuildRequires: trousers-devel
BuildRequires: autoconf automake libtool
+BuildRequires: systemd-units
%ifarch s390 s390x
BuildRequires: libica-devel >= 2.0
%endif
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
+Requires(post): systemd-units
+Requires(preun): systemd-units
+Requires(postun): systemd-units
+
%description
Opencryptoki implements the PKCS#11 specification v2.11 for a set of
@@ -130,6 +133,8 @@ cryptographic hardware such as IBM 4764 or 4765 that uses the
%prep
%setup -q
%patch0 -p1
+%patch1 -p1 -b .group
+%patch2 -p1 -b .systemd
# Upstream tarball has unnecessary executable perms set on the sources
find . -name '*.[ch]' -print0 | xargs -0 chmod -x
@@ -138,7 +143,7 @@ find . -name '*.[ch]' -print0 | xargs -0 chmod -x
%build
./bootstrap.sh
-%configure \
+%configure --with-systemdsystemunitdir=%{_unitdir} \
%ifarch s390 s390x
--enable-icatok --enable-ccatok
%else
@@ -149,8 +154,6 @@ make %{?_smp_mflags}
%install
-rm -rf $RPM_BUILD_ROOT
-
make install DESTDIR=$RPM_BUILD_ROOT
# Remove unwanted cruft
@@ -158,10 +161,6 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/%{name}/*.la
rm -f $RPM_BUILD_ROOT/%{_libdir}/%{name}/stdll/*.la
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-
%post libs -p /sbin/ldconfig
%post swtok -p /sbin/ldconfig
%post tpmtok -p /sbin/ldconfig
@@ -178,16 +177,6 @@ rm -rf $RPM_BUILD_ROOT
%postun ccatok -p /sbin/ldconfig
%endif
-%post
-/sbin/chkconfig --add pkcsslotd
-exit 0
-
-%postun
-if [ "$1" -ge "1" ] ; then
- /sbin/service pkcsslotd condrestart >/dev/null 2>&1
-fi
-exit 0
-
%pre
# Create pkcs11 group
getent group pkcs11 >/dev/null || groupadd -r pkcs11
@@ -195,19 +184,31 @@ getent group pkcs11 >/dev/null || groupadd -r pkcs11
gpasswd -a root pkcs11
exit 0
+%post
+if [ $1 -eq 1 ] ; then
+ # Initial installation
+ /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+fi
+
%preun
-if [ "$1" = "0" ] ; then
- /sbin/service pkcsslotd stop >/dev/null 2>&1
- /sbin/chkconfig --del pkcsslotd
+if [ $1 -eq 0 ] ; then
+ # Package removal, not upgrade
+ /bin/systemctl --no-reload disable pkcsslotd.service > /dev/null 2>&1 || :
+ /bin/systemctl stop pkcsslotd.service > /dev/null 2>&1 || :
+fi
+
+%postun
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+if [ $1 -ge 1 ] ; then
+ # Package upgrade, not uninstall
+ /bin/systemctl try-restart pkcsslotd.service >/dev/null 2>&1 || :
fi
-exit 0
%files
-%defattr(-,root,root,-)
%doc ChangeLog FAQ README
%doc doc/openCryptoki-HOWTO.pdf
-%{_initddir}/pkcsslotd
+%{_unitdir}/pkcsslotd.service
%{_sbindir}/*
%{_mandir}/man*/*
%{_libdir}/opencryptoki/methods
@@ -215,7 +216,6 @@ exit 0
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}
%files libs
-%defattr(-,root,root,-)
%doc LICENSE
%{_sysconfdir}/ld.so.conf.d/*
# Unversioned .so symlinks usually belong to -devel packages, but opencryptoki
@@ -232,28 +232,23 @@ exit 0
%{_libdir}/pkcs11/stdll
%files devel
-%defattr(-,root,root,-)
%{_includedir}/*
%files swtok
-%defattr(-,root,root,-)
%{_libdir}/opencryptoki/stdll/libpkcs11_sw.*
%{_libdir}/opencryptoki/stdll/PKCS11_SW.so
%files tpmtok
-%defattr(-,root,root,-)
%doc doc/README.tpm_stdll
%{_libdir}/opencryptoki/stdll/libpkcs11_tpm.*
%{_libdir}/opencryptoki/stdll/PKCS11_TPM.so
%ifarch s390 s390x
%files icatok
-%defattr(-,root,root,-)
%{_libdir}/opencryptoki/stdll/libpkcs11_ica.*
%{_libdir}/opencryptoki/stdll/PKCS11_ICA.so
%files ccatok
-%defattr(-,root,root,-)
%doc doc/README-IBM_CCA_users
%doc doc/README.cca_stdll
%{_libdir}/opencryptoki/stdll/libpkcs11_cca.*
@@ -262,6 +257,11 @@ exit 0
%changelog
+* Sat Feb 25 2012 Dan Horák <dan[at]danny.cz> - 2.4.1-1
+- new upstream release 2.4.1
+- convert from initscript to systemd unit
+- import fixes from RHEL-6 about root's group membership (#732756, #730903)
+
* Thu Jul 07 2011 Dan Horák <dan[at]danny.cz> - 2.4-1
- new upstream release 2.4
diff --git a/sources b/sources
index be502bc..8f92251 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-1c834a4c7380a352319cb47b99fc6157 opencryptoki-2.4.tar.gz
+165e91b70ae5c78bc34ea910ff91ea8f opencryptoki-2.4.1.tar.gz
More information about the scm-commits
mailing list