From: Jakub Bogusz Date: Tue, 31 Dec 2013 13:10:46 +0000 (+0100) Subject: - build pkcscca_migrate tool if possible X-Git-Tag: auto/th/opencryptoki-3.0-1~1 X-Git-Url: http://git.pld-linux.org/gitweb.cgi?a=commitdiff_plain;h=56396f3be124ad1588e43e0c683c16132c60b068;p=packages%2Fopencryptoki.git - build pkcscca_migrate tool if possible - added missing patches --- diff --git a/opencryptoki-format.patch b/opencryptoki-format.patch new file mode 100644 index 0000000..a96c1ef --- /dev/null +++ b/opencryptoki-format.patch @@ -0,0 +1,11 @@ +--- opencryptoki/usr/sbin/pkcsslotd/log.c.orig 2013-07-15 19:25:41.000000000 +0200 ++++ opencryptoki/usr/sbin/pkcsslotd/log.c 2013-12-30 23:09:12.875369087 +0100 +@@ -823,7 +823,7 @@ + + /* Always log to syslog, if we're using it */ + if ( pInfo->UseSyslog ) { +- syslog(pInfo->LogLevel, Buffer); ++ syslog(pInfo->LogLevel, "%s", Buffer); + } + + return TRUE; diff --git a/opencryptoki-noroot.patch b/opencryptoki-noroot.patch new file mode 100644 index 0000000..2d1c95b --- /dev/null +++ b/opencryptoki-noroot.patch @@ -0,0 +1,49 @@ +--- opencryptoki/usr/lib/pkcs11/soft_stdll/Makefile.am.orig 2013-07-15 19:25:41.000000000 +0200 ++++ opencryptoki/usr/lib/pkcs11/soft_stdll/Makefile.am 2013-12-31 08:45:27.230584799 +0100 +@@ -54,12 +54,9 @@ + cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ + ln -sf libpkcs11_sw.so PKCS11_SW.so + $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok + $(MKDIR_P) $(DESTDIR)$(lockdir)/swtok +- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/swtok + $(CHMOD) 0770 $(DESTDIR)$(lockdir)/swtok + + uninstall-hook: +--- opencryptoki/usr/lib/pkcs11/tpm_stdll/Makefile.am.orig 2013-07-15 19:25:41.000000000 +0200 ++++ opencryptoki/usr/lib/pkcs11/tpm_stdll/Makefile.am 2013-12-31 08:50:00.680573324 +0100 +@@ -69,10 +69,8 @@ + cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ + ln -sf libpkcs11_tpm.so PKCS11_TPM.so + $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm + $(MKDIR_P) $(DESTDIR)$(lockdir)/tpm +- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/tpm + $(CHMOD) 0770 $(DESTDIR)$(lockdir)/tpm + + uninstall-hook: +--- opencryptoki/usr/lib/pkcs11/icsf_stdll/Makefile.am.orig 2013-07-15 19:25:41.000000000 +0200 ++++ opencryptoki/usr/lib/pkcs11/icsf_stdll/Makefile.am 2013-12-31 09:20:57.927162073 +0100 +@@ -76,10 +76,8 @@ + cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ + ln -sf libpkcs11_icsf.so PKCS11_ICSF.so + $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf + $(MKDIR_P) $(DESTDIR)$(lockdir)/icsf +- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/icsf + $(CHMOD) 0770 $(DESTDIR)$(lockdir)/icsf + + uninstall-hook: +--- opencryptoki/usr/Makefile.am.orig 2013-07-15 19:25:40.000000000 +0200 ++++ opencryptoki/usr/Makefile.am 2013-12-31 09:26:05.323815816 +0100 +@@ -6,5 +6,4 @@ + + install-data-hook: + $(MKDIR_P) $(DESTDIR)$(lockdir) +- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir) + $(CHMOD) 0770 $(DESTDIR)$(lockdir) diff --git a/opencryptoki-notonlysystemd.patch b/opencryptoki-notonlysystemd.patch new file mode 100644 index 0000000..d0489bf --- /dev/null +++ b/opencryptoki-notonlysystemd.patch @@ -0,0 +1,16 @@ +--- opencryptoki/misc/Makefile.am.orig 2013-07-15 19:25:40.000000000 +0200 ++++ opencryptoki/misc/Makefile.am 2013-12-31 10:09:43.383706004 +0100 +@@ -10,7 +10,7 @@ + pkcsslotd.service: pkcsslotd.service.in + @SED@ -e s!\@sbindir\@!"@sbindir@"!g < $< > $@-t + mv $@-t $@ +-else ++endif + initddir = $(sysconfdir)/rc.d/init.d + initd_SCRIPTS = pkcsslotd + +@@ -20,4 +20,3 @@ + @CHMOD@ a+x $@-t + mv $@-t $@ + endif +-endif diff --git a/opencryptoki.spec b/opencryptoki.spec index a1cae47..cf3f45f 100644 --- a/opencryptoki.spec +++ b/opencryptoki.spec @@ -3,6 +3,7 @@ %bcond_without aep # AEP Crypto Accelerator support %bcond_without bcom # Broadcom Crypto Accelerator support %bcond_with corrent # Corrent Crypto Accelerator support [BR: libsocketarmor + typhoon.h] +%bcond_with pkcscca # CCA token key migration tool [BR: xcryptolinz, s390x arch] # Summary: An Implementation of PKCS#11 (Cryptoki) v2.11 Summary(pl.UTF-8): Implementacja PKCS#11 (Cryptoki) v2.11 @@ -33,6 +34,11 @@ BuildRequires: openldap-devel BuildRequires: openssl-devel BuildRequires: rpmbuild(macros) >= 1.647 BuildRequires: trousers-devel >= 0.2.9 +%if %{with pkcscca} +# from http://www-03.ibm.com/security/cryptocards/pcixcc/ordersoftware.shtml : +# http://www-03.ibm.com/security/cryptocards/dwnlds/xcryptolinzGA-3.28-rc08.s390x.rpm +BuildRequires: xcryptolinzGA +%endif Requires(post,preun): /sbin/chkconfig Requires(post,preun,postun): systemd-units >= 38 Requires(postun): /usr/sbin/groupdel @@ -230,10 +236,10 @@ urządzeń TPM (Trusted Platform Module) w stosie openCryptoki. --disable-ccatok \ --disable-icatok \ %endif + %{!?with_pkcsccs:--disable-pkcscca-migrate} \ --enable-tpmtok \ --with-systemd=%{systemdunitdir} -# icctok (PCICC) not supported on Linux (only AIX, Windows, z/OS, OS/390) -# pkcscca_migrate requires xcryptolinz (IBM proprietary, zSeries only) +# icctok (PCICC) not supported on Linux (only AIX, Windows, OS/2) %{__make} @@ -329,7 +335,11 @@ fi %ifarch s390 s390x %files module-ccatok %defattr(644,root,root,755) -%doc doc/{README-IBM_CCA_users,README.cca_stdll} +%doc doc/{README-IBM_CCA_users,README.cca_stdll} %{?with_pkcscca:doc/README.pkcscca_migrate} +%if %{with pkcscca} +%attr(755,root,root) %{_sbindir}/pkcscca_migrate +%attr(755,root,root) %{_sbindir}/pkcscca_migrate.sh +%endif %attr(755,root,root) %{_libdir}/opencryptoki/stdll/libpkcs11_cca.so* %attr(755,root,root) %{_libdir}/opencryptoki/stdll/PKCS11_CCA.so %endif