3 %bcond_without aep # AEP Crypto Accelerator support
4 %bcond_without bcom # Broadcom Crypto Accelerator support
5 %bcond_with corrent # Corrent Crypto Accelerator support [BR: libsocketarmor/typhoon.h; probably no longer available]
6 %bcond_with pkcscca # CCA token key migration tool [BR: xcryptolinz, s390x arch]
8 Summary: An Implementation of PKCS#11 (Cryptoki) v2.11
9 Summary(pl.UTF-8): Implementacja PKCS#11 (Cryptoki) v2.11
14 Group: Applications/System
15 Source0: http://downloads.sourceforge.net/opencryptoki/%{name}-v%{version}.tar.gz
16 # Source0-md5: ec4e2a196c8a336d400d3b17288260af
17 Patch0: %{name}-ica.patch
18 Patch1: %{name}-sh.patch
19 Patch2: %{name}-bcom.patch
20 Patch3: %{name}-aep.patch
21 Patch4: %{name}-format.patch
22 Patch5: %{name}-noroot.patch
23 Patch6: %{name}-notonlysystemd.patch
24 URL: http://opencryptoki.sourceforge.net/
25 %{?with_aep:BuildRequires: aep1000-devel}
26 BuildRequires: autoconf
27 BuildRequires: automake >= 1.6
28 %{?with_bcom:BuildRequires: bcm5820-devel}
30 BuildRequires: libica-devel >= 2.0
32 BuildRequires: libtool >= 2:2
33 BuildRequires: openldap-devel
34 BuildRequires: openssl-devel
35 BuildRequires: rpmbuild(macros) >= 1.647
36 BuildRequires: trousers-devel >= 0.2.9
38 # from http://www-03.ibm.com/security/cryptocards/pcixcc/ordersoftware.shtml :
39 # http://www-03.ibm.com/security/cryptocards/dwnlds/xcryptolinzGA-3.28-rc08.s390x.rpm
40 BuildRequires: xcryptolinzGA
42 Requires(post,preun): /sbin/chkconfig
43 Requires(post,preun,postun): systemd-units >= 38
44 Requires(postun): /usr/sbin/groupdel
45 Requires(pre): /usr/bin/getgid
46 Requires(pre): /usr/sbin/groupadd
47 Requires: %{name}-libs = %{version}-%{release}
49 Requires: systemd-units >= 38
50 Provides: group(pkcs11)
51 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
53 %define skip_post_check_so .*%{_libdir}/opencryptoki/stdll/libpkcs11_.*\.so.*
56 The openCryptoki package implements the PKCS#11 version 2.11:
57 Cryptographic Token Interface Standard (Cryptoki).
59 %description -l pl.UTF-8
60 Pakiet openCryptoki implementuje standard PKCS#11 w wersji 2.11:
61 Cryptographic Token Interface Standard (Cryptoki).
64 Summary: openCryptoki library
65 Summary(pl.UTF-8): Biblioteka openCryptoki
67 Requires: filesystem >= 4.0-28
70 The openCryptoki library implements the PKCS#11 version 2.11:
71 Cryptographic Token Interface Standard (Cryptoki).
73 %description libs -l pl.UTF-8
74 Biblioteka openCryptoki implementuje standard PKCS#11 w wersji 2.11:
75 Cryptographic Token Interface Standard (Cryptoki).
78 Summary: Header files for openCryptoki library
79 Summary(pl.UTF-8): Pliki nagłówkowe biblioteki openCryptoki
80 Group: Development/Libraries
81 Requires: %{name}-libs = %{version}-%{release}
82 Obsoletes: opencryptoki-static
85 Header files for openCryptoki library.
87 %description devel -l pl.UTF-8
88 Pliki nagłówkowe biblioteki openCryptoki.
90 %package module-aeptok
91 Summary: AEP Crypto Accelerator support for openCryptoki
92 Summary(pl.UTF-8): Obsługa urządzeń AEP Crypto Accelerator dla openCryptoki
94 Requires: %{name} = %{version}-%{release}
96 %description module-aeptok
97 This package brings the necessary libraries and files to support AEP
98 Crypto Accelerator devices in the openCryptoki stack.
100 %description module-aeptok -l pl.UTF-8
101 Ten pakiet dostarcza biblioteki i pliki potrzebne do obsługi urządzeń
102 kryptograficznych AEP Crypto Accelerator w stosie openCryptoki.
104 %package module-bcomtok
105 Summary: Broadcom Crypto Accelerator support for openCryptoki
106 Summary(pl.UTF-8): Obsługa urządzeń Broadcom Crypto Accelerator dla openCryptoki
108 Requires: %{name} = %{version}-%{release}
110 %description module-bcomtok
111 This package brings the necessary libraries and files to support
112 Broadcom Crypto Accelerator devices in the openCryptoki stack.
114 %description module-bcomtok -l pl.UTF-8
115 Ten pakiet dostarcza biblioteki i pliki potrzebne do obsługi urządzeń
116 kryptograficznych Broadcom Crypto Accelerator w stosie openCryptoki.
118 %package module-ccatok
119 Summary: CCA cryptographics devices (secure-key) support for openCryptoki
120 Summary(pl.UTF-8): Obsługa urządzeń kryptograficznych ICA (z bezpiecznym kluczem) dla openCryptoki
122 Requires: %{name} = %{version}-%{release}
124 %description module-ccatok
125 This package brings the necessary libraries and files to support CCA
126 devices in the openCryptoki stack. CCA is an interface to IBM
127 cryptographic hardware such as IBM 4764 or 4765 that uses the
128 "co-processor" or "secure-key" path.
130 %description module-ccatok -l pl.UTF-8
131 Ten pakiet dostarcza biblioteki i pliki potrzebne do obsługi urządzeń
132 kryptograficznych CCA w stosie openCryptoki. CCA to interfejs do
133 sprzętu kryptograficznego firmy IBM, takiego jak IBM 4764 lub 4765,
134 wykorzystującego "koprocesor" lub ścieżkę "bezpiecznego klucza".
136 %package module-crtok
137 Summary: Corrent Crypto Accelerator support for openCryptoki
138 Summary(pl.UTF-8): Obsługa urządzeń Corrent Crypto Accelerator dla openCryptoki
140 Requires: %{name} = %{version}-%{release}
142 %description module-crtok
143 This package brings the necessary libraries and files to support
144 Corrent Crypto Accelerator devices in the openCryptoki stack.
146 %description module-crtok -l pl.UTF-8
147 Ten pakiet dostarcza biblioteki i pliki potrzebne do obsługi urządzeń
148 kryptograficznych Corrent Crypto Accelerator w stosie openCryptoki.
150 %package module-icatok
151 Summary: ICA cryptographics devices (clear-key) support for openCryptoki
152 Summary(pl.UTF-8): Obsługa urządzeń kryptograficznych ICA (z jawnym kluczem) dla openCryptoki
154 Requires: %{name} = %{version}-%{release}
156 %description module-icatok
157 This package brings the necessary libraries and files to support ICA
158 devices in the openCryptoki stack. ICA is an interface to IBM
159 cryptographic hardware such as IBM 4764 or 4765 that uses the
160 "accelerator" or "clear-key" path.
162 %description module-icatok -l pl.UTF-8
163 Ten pakiet dostarcza biblioteki i pliki potrzebne do obsługi urządzeń
164 kryptograficznych ICA w stosie openCryptoki. ICA to interfejs do
165 sprzętu kryptograficznego firmy IBM, takiego jak IBM 4764 lub 4765,
166 wykorzystującego "akcelerator" lub ścieżkę "jawnego klucza".
168 %package module-icsftok
169 Summary: ICSF (Integrated Cryptographic Service Facility) token support for openCryptoki
170 Summary(pl.UTF-8): Obsługa tokenów ICSF (Integrated Cryptographic Service Facility) dla openCryptoki
172 Requires: %{name} = %{version}-%{release}
174 %description module-icsftok
175 This package brings the necessary libraries and files to support ICSF
176 (Integrated Cryptographic Service Facility) remote tokens in the
179 %description module-icsftok -l pl.UTF-8
180 Ten pakiet dostarcza biblioteki i pliki potrzebne do obsługi zdalnych
181 tokenów ICSF (Integrated Cryptographic Service Facility) w stosie
184 %package module-swtok
185 Summary: The software token implementation for openCryptoki
186 Summary(pl.UTF-8): Programowa implementacja tokenu dla openCryptoki
188 Requires: %{name} = %{version}-%{release}
190 %description module-swtok
191 This package brings the software token implementation to use
192 openCryptoki without any specific cryptographic hardware.
194 %description module-swtok -l pl.UTF-8
195 Ten pakiet dostarcza programową implementację tokenu, pozwalającą
196 używać openCryptoki bez żadnego specjalnego sprzętu kryptograficznego.
198 %package module-tpmtok
199 Summary: TPM (Trusted Platform Module) device support for openCryptoki
200 Summary(pl.UTF-8): Obsługa urządzenia TPM (Trusted Platform Module) dla openCryptoki
202 Requires: %{name} = %{version}-%{release}
204 %description module-tpmtok
205 This package brings the necessary libraries and files to support TPM
206 (Trusted Platform Module) devices in the openCryptoki stack.
208 %description module-tpmtok -l pl.UTF-8
209 Ten pakiet dostarcza biblioteki oraz pliki potrzebne do obsługi
210 urządzeń TPM (Trusted Platform Module) w stosie openCryptoki.
229 %{!?with_aep:--disable-aeptok} \
230 %{!?with_bcom:--disable-bcomtok} \
231 %{!?with_corrent:--disable-crtok} \
239 %{!?with_pkcsccs:--disable-pkcscca-migrate} \
241 --with-systemd=%{systemdunitdir}
242 # icctok (PCICC) not supported on Linux (only AIX, Windows, OS/2)
247 rm -rf $RPM_BUILD_ROOT
250 DESTDIR=$RPM_BUILD_ROOT \
251 initdir=/etc/rc.d/init.d
253 %{__rm} $RPM_BUILD_ROOT%{_libdir}/opencryptoki/stdll/*.la
256 rm -rf $RPM_BUILD_ROOT
259 %groupadd -g 110 pkcs11
262 /sbin/chkconfig --add pkcsslotd
263 %service pkcsslotd restart
264 %systemd_post pkcsslotd.service
267 %systemd_preun pkcsslotd.service
268 if [ "$1" = "0" ]; then
269 %service -q pkcsslotd stop
270 /sbin/chkconfig --del pkcsslotd
275 if [ "$1" = "0" ]; then
279 %post libs -p /sbin/ldconfig
280 %postun libs -p /sbin/ldconfig
283 %defattr(644,root,root,755)
284 %doc AUTHORS COPYRIGHTS ChangeLog FAQ LICENSE README TODO doc/{README.token_data,openCryptoki-HOWTO.pdf}
285 %attr(755,root,root) %{_sbindir}/pkcsconf
286 %attr(755,root,root) %{_sbindir}/pkcsicsf
287 %attr(755,root,root) %{_sbindir}/pkcsslotd
288 %{_libdir}/opencryptoki/methods
289 %{_libdir}/pkcs11/methods
290 %dir %{_sysconfdir}/opencryptoki
291 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/opencryptoki/opencryptoki.conf
292 %attr(754,root,root) /etc/rc.d/init.d/pkcsslotd
293 %{systemdunitdir}/pkcsslotd.service
294 %dir /var/lib/opencryptoki
295 %attr(770,root,pkcs11) %dir /var/lock/opencryptoki
296 %{_mandir}/man1/pkcsconf.1*
297 %{_mandir}/man1/pkcsicsf.1*
298 %{_mandir}/man5/opencryptoki.conf.5*
299 %{_mandir}/man7/opencryptoki.7*
300 %{_mandir}/man8/pkcsslotd.8*
303 %defattr(644,root,root,755)
304 /etc/ld.so.conf.d/opencryptoki-*.conf
305 %dir %{_libdir}/opencryptoki
306 %attr(755,root,root) %{_libdir}/opencryptoki/libopencryptoki.so.*.*.*
307 %attr(755,root,root) %ghost %{_libdir}/opencryptoki/libopencryptoki.so.0
308 # symlinked as pkcs11 module, so it's here not in -devel
309 %attr(755,root,root) %{_libdir}/opencryptoki/libopencryptoki.so
310 %attr(755,root,root) %{_libdir}/opencryptoki/PKCS11_API.so
311 %dir %{_libdir}/opencryptoki/stdll
312 %attr(755,root,root) %{_libdir}/pkcs11/libopencryptoki.so
313 %attr(755,root,root) %{_libdir}/pkcs11/PKCS11_API.so
314 %{_libdir}/pkcs11/stdll
317 %defattr(644,root,root,755)
318 %{_libdir}/opencryptoki/libopencryptoki.la
319 %{_includedir}/opencryptoki
323 %defattr(644,root,root,755)
324 %attr(755,root,root) %{_libdir}/opencryptoki/stdll/libpkcs11_aep.so*
325 %attr(755,root,root) %{_libdir}/opencryptoki/stdll/PKCS11_AEP.so
329 %files module-bcomtok
330 %defattr(644,root,root,755)
331 %attr(755,root,root) %{_libdir}/opencryptoki/stdll/libpkcs11_bc.so*
332 %attr(755,root,root) %{_libdir}/opencryptoki/stdll/PKCS11_BC.so
337 %defattr(644,root,root,755)
338 %doc doc/{README-IBM_CCA_users,README.cca_stdll} %{?with_pkcscca:doc/README.pkcscca_migrate}
340 %attr(755,root,root) %{_sbindir}/pkcscca_migrate
341 %attr(755,root,root) %{_sbindir}/pkcscca_migrate.sh
343 %attr(755,root,root) %{_libdir}/opencryptoki/stdll/libpkcs11_cca.so*
344 %attr(755,root,root) %{_libdir}/opencryptoki/stdll/PKCS11_CCA.so
349 %defattr(644,root,root,755)
350 %attr(755,root,root) %{_libdir}/opencryptoki/stdll/libpkcs11_cr.so*
351 %attr(755,root,root) %{_libdir}/opencryptoki/stdll/PKCS11_CR.so
356 %defattr(644,root,root,755)
357 %attr(755,root,root) %{_libdir}/opencryptoki/stdll/libpkcs11_ica.so*
358 %attr(755,root,root) %{_libdir}/opencryptoki/stdll/PKCS11_ICA.so
361 %files module-icsftok
362 %defattr(644,root,root,755)
363 %doc doc/README.icsf_stdll
364 %attr(755,root,root) %{_libdir}/opencryptoki/stdll/libpkcs11_icsf.so*
365 %attr(755,root,root) %{_libdir}/opencryptoki/stdll/PKCS11_ICSF.so
366 %attr(770,root,pkcs11) %dir /var/lib/opencryptoki/icsf
367 %attr(770,root,pkcs11) %dir /var/lock/opencryptoki/icsf
370 %defattr(644,root,root,755)
371 %attr(755,root,root) %{_libdir}/opencryptoki/stdll/libpkcs11_sw.so*
372 %attr(755,root,root) %{_libdir}/opencryptoki/stdll/PKCS11_SW.so
373 %attr(770,root,pkcs11) %dir /var/lib/opencryptoki/swtok
374 %attr(770,root,pkcs11) %dir /var/lib/opencryptoki/swtok/TOK_OBJ
375 %attr(770,root,pkcs11) %dir /var/lock/opencryptoki/swtok
378 %defattr(644,root,root,755)
379 %doc doc/README.tpm_stdll
380 %attr(755,root,root) %{_libdir}/opencryptoki/stdll/libpkcs11_tpm.so*
381 %attr(755,root,root) %{_libdir}/opencryptoki/stdll/PKCS11_TPM.so
382 %attr(770,root,pkcs11) %dir /var/lib/opencryptoki/tpm
383 %attr(770,root,pkcs11) %dir /var/lock/opencryptoki/tpm