diff --git a/opencryptoki-3.10.0.tar.gz b/opencryptoki-3.10.0.tar.gz deleted file mode 100644 index 1f7f693..0000000 Binary files a/opencryptoki-3.10.0.tar.gz and /dev/null differ diff --git a/opencryptoki-3.11.0-lockdir.patch b/opencryptoki-3.11.0-lockdir.patch new file mode 100644 index 0000000..936a654 --- /dev/null +++ b/opencryptoki-3.11.0-lockdir.patch @@ -0,0 +1,12 @@ +diff -up opencryptoki-3.11.0/configure.ac.me opencryptoki-3.11.0/configure.ac +--- opencryptoki-3.11.0/configure.ac.me 2019-01-30 17:10:19.660952694 +0100 ++++ opencryptoki-3.11.0/configure.ac 2019-01-30 17:13:54.150089964 +0100 +@@ -62,7 +62,7 @@ AC_SUBST([OPENLDAP_LIBS]) + + dnl Define custom variables + +-lockdir=$localstatedir/lock/opencryptoki ++lockdir=/run/lock/opencryptoki + AC_SUBST(lockdir) + + logdir=$localstatedir/log/opencryptoki diff --git a/opencryptoki-3.21.0-p11sak.patch b/opencryptoki-3.21.0-p11sak.patch new file mode 100644 index 0000000..197ad52 --- /dev/null +++ b/opencryptoki-3.21.0-p11sak.patch @@ -0,0 +1,37 @@ +diff -up opencryptoki-3.21.0/Makefile.am.me opencryptoki-3.21.0/Makefile.am +--- opencryptoki-3.21.0/Makefile.am.me 2023-05-15 17:01:04.932616030 +0200 ++++ opencryptoki-3.21.0/Makefile.am 2023-05-15 17:00:45.732131601 +0200 +@@ -39,15 +39,8 @@ include tools/tools.mk + include doc/doc.mk + + install-data-hook: +- getent group $(pkcs_group) > /dev/null || $(GROUPADD) -r $(pkcs_group) +- getent passwd $(pkcsslotd_user) >/dev/null || $(USERADD) -r -g $(pkcs_group) -d /run/opencryptoki -s /sbin/nologin -c "Opencryptoki pkcsslotd user" $(pkcsslotd_user) + $(MKDIR_P) $(DESTDIR)/run/opencryptoki/ +- $(CHOWN) $(pkcsslotd_user):$(pkcs_group) $(DESTDIR)/run/opencryptoki/ +- $(CHGRP) $(pkcs_group) $(DESTDIR)/run/opencryptoki/ +- $(CHMOD) 0710 $(DESTDIR)/run/opencryptoki/ + $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki +- $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki +- $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki + if ENABLE_LIBRARY + $(MKDIR_P) $(DESTDIR)$(libdir)/opencryptoki/stdll + $(MKDIR_P) $(DESTDIR)$(libdir)/pkcs11 +@@ -100,7 +93,7 @@ if ENABLE_EP11TOK + endif + if ENABLE_P11SAK + test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true +- test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || $(INSTALL) -g $(pkcs_group) -m 0640 $(srcdir)/usr/sbin/p11sak/p11sak_defined_attrs.conf $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || true ++ test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || $(INSTALL) -m 0640 $(srcdir)/usr/sbin/p11sak/p11sak_defined_attrs.conf $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || true + endif + if ENABLE_ICATOK + cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ +@@ -151,7 +144,7 @@ endif + if ENABLE_DAEMON + test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true + test -f $(DESTDIR)$(sysconfdir)/opencryptoki/opencryptoki.conf || $(INSTALL) -m 644 $(srcdir)/usr/sbin/pkcsslotd/opencryptoki.conf $(DESTDIR)$(sysconfdir)/opencryptoki/opencryptoki.conf || true +- test -f $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || $(INSTALL) -m 640 -o root -g $(pkcs_group) -T $(srcdir)/doc/strength-example.conf $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || true ++ test -f $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || $(INSTALL) -m 640 -o root -T $(srcdir)/doc/strength-example.conf $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || true + endif + $(MKDIR_P) $(DESTDIR)/etc/ld.so.conf.d + echo "$(libdir)/opencryptoki" >\ diff --git a/opencryptoki-3.22.0.tar.gz b/opencryptoki-3.22.0.tar.gz new file mode 100644 index 0000000..3d6aeb6 Binary files /dev/null and b/opencryptoki-3.22.0.tar.gz differ diff --git a/opencryptoki.spec b/opencryptoki.spec index cfa3c9b..275d3df 100644 --- a/opencryptoki.spec +++ b/opencryptoki.spec @@ -1,14 +1,18 @@ Name: opencryptoki -Version: 3.10.0 -Release: 4 +Version: 3.22.0 +Release: 1 Summary: PKCS#11 library and tools for Linux -License: CPL -URL: http://sourceforge.net/projects/opencryptoki +License: CPL-1.0 +URL: https://github.com/opencryptoki/opencryptoki Source0: https://github.com/opencryptoki/opencryptoki/archive/v%{version}/opencryptoki-%{version}.tar.gz + +Patch0001: opencryptoki-3.11.0-lockdir.patch +Patch0002: opencryptoki-3.21.0-p11sak.patch + BuildRequires: openssl-devel trousers-devel openldap-devel autoconf automake libtool -BuildRequires: bison flex systemd +BuildRequires: bison flex systemd libcap-devel expect gcc-c++ Requires(pre): coreutils shadow-utils -Requires(post): systemd +Requires(post): systemd diffutils Requires(preun): systemd Requires(postun): systemd @@ -52,8 +56,8 @@ Document for openCryptoki. %build ./bootstrap.sh -%configure --with-systemd=%{_unitdir} --enable-locks\ - --disable-icatok --disable-ccatok --disable-ep11tok --disable-pkcsep11_migrate --disable-pkcscca_migrate +%configure --with-systemd=%{_unitdir} --enable-testcases --with-pkcsslotd-user=pkcsslotd --with-pkcs-group=pkcs11 \ + --disable-icatok --disable-ccatok --disable-ep11tok --disable-pkcsep11_migrate %make_build CHGRP=/bin/true @@ -63,11 +67,29 @@ Document for openCryptoki. %pre +%global cfile /etc/opencryptoki/opencryptoki.conf +%global csuffix .rpmsave.XyoP +if test $1 -gt 1 && test -f %{cfile} ; then + cp -p %{cfile} %{cfile}%{csuffix} +fi + getent group pkcs11 >/dev/null || groupadd -r pkcs11 +getent passwd pkcsslotd >/dev/null || useradd -r -g pkcs11 -d /run/opencryptoki -s /sbin/nologin -c "Opencryptoki pkcsslotd user" pkcsslotd exit 0 %post +# restore the config file from %pre +if test $1 -gt 1 && test -f %{cfile} ; then + if ( ! cmp -s %{cfile} %{cfile}%{csuffix} ) ; then + cp -p %{cfile} %{cfile}.rpmnew + fi + cp -p %{cfile}%{csuffix} %{cfile} && rm -f %{cfile}%{csuffix} +fi + %systemd_post pkcsslotd.service +if test $1 -eq 1; then + %tmpfiles_create %{name}.conf +fi %preun %systemd_preun pkcsslotd.service @@ -86,23 +108,27 @@ exit 0 %{_libdir}/opencryptoki/* %{_libdir}/pkcs11/* %{_localstatedir}/log/opencryptoki -%config(noreplace) %{_sysconfdir}/opencryptoki/opencryptoki.conf -%{_prefix}/lib/tmpfiles.d/opencryptoki.conf +%doc %{_docdir}/%{name}/*.conf +%verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf +%attr(0640, root, pkcs11) %config(noreplace) %{_sysconfdir}/%{name}/p11sak_defined_attrs.conf +%attr(0640, root, pkcs11) %config(noreplace) %{_sysconfdir}/%{name}/strength.conf +%{_tmpfilesdir}/%{name}.conf %{_unitdir}/pkcsslotd.service %{_sbindir}/* %dir %attr(770,root,pkcs11) %{_sharedstatedir}/opencryptoki -%dir %attr(770,root,pkcs11) %{_localstatedir}/lock/opencryptoki -%dir %attr(770,root,pkcs11) %{_localstatedir}/lock/opencryptoki/* %dir %attr(770,root,pkcs11) %{_sharedstatedir}/opencryptoki/swtok/ %dir %attr(770,root,pkcs11) %{_sharedstatedir}/opencryptoki/swtok/TOK_OBJ/ %dir %attr(770,root,pkcs11) %{_sharedstatedir}/opencryptoki/tpm/ %dir %attr(770,root,pkcs11) %{_sharedstatedir}/opencryptoki/icsf/ -%exclude %{_libdir}/opencryptoki/*.la -%exclude %{_libdir}/opencryptoki/stdll/*.la +%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/HSM_MK_CHANGE +%ghost %dir %attr(770,root,pkcs11) %{_rundir}/lock/%{name} +%ghost %dir %attr(770,root,pkcs11) %{_rundir}/lock/%{name}/* +%dir %attr(710,pkcsslotd,pkcs11) /run/%{name} %files devel %{_includedir}/opencryptoki/ +%{_libdir}/pkgconfig/%{name}.pc %files help %doc ChangeLog FAQ README.md @@ -114,6 +140,9 @@ exit 0 %changelog +* Fri Sep 22 2023 liyanan - 3.22.0-1 +- update to 3.22.0 + * Fri Mar 10 2023 Wenlong Zhang - 3.10.0-4 - Remove useless buildrequires