157 lines
5.1 KiB
RPMSpec
157 lines
5.1 KiB
RPMSpec
Name: opencryptoki
|
|
Version: 3.22.0
|
|
Release: 2
|
|
Summary: PKCS#11 library and tools for Linux
|
|
License: CPL-1.0
|
|
URL: https://github.com/opencryptoki/opencryptoki
|
|
Source0: https://github.com/opencryptoki/opencryptoki/archive/v%{version}/opencryptoki-%{version}.tar.gz
|
|
|
|
Patch0001: opencryptoki-3.11.0-lockdir.patch
|
|
Patch0002: opencryptoki-3.21.0-p11sak.patch
|
|
Patch0003: CVE-2024-0914-1.patch
|
|
Patch0004: CVE-2024-0914-2.patch
|
|
Patch0005: CVE-2024-0914-3.patch
|
|
|
|
BuildRequires: openssl-devel trousers-devel openldap-devel autoconf automake libtool
|
|
BuildRequires: bison flex systemd libcap-devel expect gcc-c++
|
|
Requires(pre): coreutils shadow-utils
|
|
Requires(post): systemd diffutils
|
|
Requires(preun): systemd
|
|
Requires(postun): systemd
|
|
|
|
Provides: opencryptoki-libs = %{version}-%{release}
|
|
Obsoletes: opencryptoki-libs < %{version}-%{release}
|
|
Provides: opencryptoki(token)
|
|
Provides: opencryptoki-swtok = %{version}-%{release}
|
|
Obsoletes: opencryptoki-swtok < %{version}-%{release}
|
|
Provides: opencryptoki-tpmtok = %{version}-%{release}
|
|
Obsoletes: opencryptoki-tpmtok < %{version}-%{release}
|
|
Provides: opencryptoki-icsftok = %{version}-%{release}
|
|
Obsoletes: opencryptoki-icsftok < %{version}-%{release}
|
|
|
|
%description
|
|
openCryptoki is an implementation of the PKCS #11 API that allows interfacing to devices
|
|
that hold cryptographic information and perform cryptographic functions.
|
|
openCryptoki provides application portability by isolating the application
|
|
from the details of the cryptographic device.
|
|
Isolating the application also provides an added level of security.
|
|
The openCryptoki API provides a standard programming interface between applications
|
|
and all kinds of portable cryptographic devices.
|
|
|
|
|
|
%package devel
|
|
Summary: Development files for openCryptoki
|
|
Requires: opencryptoki = %{version}-%{release}
|
|
|
|
%description devel
|
|
This package provides development and header files for building
|
|
opencryptoki and PKCS#11 based applications.
|
|
|
|
%package help
|
|
Summary: Document for openCryptoki
|
|
|
|
%description help
|
|
Document for openCryptoki.
|
|
|
|
%prep
|
|
%autosetup -p1
|
|
|
|
|
|
%build
|
|
./bootstrap.sh
|
|
%configure --with-systemd=%{_unitdir} --enable-testcases --with-pkcsslotd-user=pkcsslotd --with-pkcs-group=pkcs11 \
|
|
--disable-icatok --disable-ccatok --disable-ep11tok --disable-pkcsep11_migrate
|
|
|
|
%make_build CHGRP=/bin/true
|
|
|
|
|
|
%install
|
|
%make_install CHGRP=/bin/true
|
|
|
|
|
|
%pre
|
|
%global cfile /etc/opencryptoki/opencryptoki.conf
|
|
%global csuffix .rpmsave.XyoP
|
|
if test $1 -gt 1 && test -f %{cfile} ; then
|
|
cp -p %{cfile} %{cfile}%{csuffix}
|
|
fi
|
|
|
|
getent group pkcs11 >/dev/null || groupadd -r pkcs11
|
|
getent passwd pkcsslotd >/dev/null || useradd -r -g pkcs11 -d /run/opencryptoki -s /sbin/nologin -c "Opencryptoki pkcsslotd user" pkcsslotd
|
|
exit 0
|
|
|
|
%post
|
|
# restore the config file from %pre
|
|
if test $1 -gt 1 && test -f %{cfile} ; then
|
|
if ( ! cmp -s %{cfile} %{cfile}%{csuffix} ) ; then
|
|
cp -p %{cfile} %{cfile}.rpmnew
|
|
fi
|
|
cp -p %{cfile}%{csuffix} %{cfile} && rm -f %{cfile}%{csuffix}
|
|
fi
|
|
|
|
%systemd_post pkcsslotd.service
|
|
if test $1 -eq 1; then
|
|
%tmpfiles_create %{name}.conf
|
|
fi
|
|
|
|
%preun
|
|
%systemd_preun pkcsslotd.service
|
|
|
|
%postun
|
|
%systemd_postun_with_restart pkcsslotd.service
|
|
|
|
|
|
%files
|
|
%license LICENSE
|
|
%dir %{_sysconfdir}/opencryptoki
|
|
%dir %{_libdir}/opencryptoki
|
|
%dir %{_libdir}/opencryptoki/stdll
|
|
%dir %{_libdir}/pkcs11
|
|
%{_sysconfdir}/ld.so.conf.d/*
|
|
%{_libdir}/opencryptoki/*
|
|
%{_libdir}/pkcs11/*
|
|
%{_localstatedir}/log/opencryptoki
|
|
%doc %{_docdir}/%{name}/*.conf
|
|
%verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
|
|
%attr(0640, root, pkcs11) %config(noreplace) %{_sysconfdir}/%{name}/p11sak_defined_attrs.conf
|
|
%attr(0640, root, pkcs11) %config(noreplace) %{_sysconfdir}/%{name}/strength.conf
|
|
%{_tmpfilesdir}/%{name}.conf
|
|
%{_unitdir}/pkcsslotd.service
|
|
%{_sbindir}/*
|
|
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/opencryptoki
|
|
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/opencryptoki/swtok/
|
|
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/opencryptoki/swtok/TOK_OBJ/
|
|
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/opencryptoki/tpm/
|
|
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/opencryptoki/icsf/
|
|
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/HSM_MK_CHANGE
|
|
%ghost %dir %attr(770,root,pkcs11) %{_rundir}/lock/%{name}
|
|
%ghost %dir %attr(770,root,pkcs11) %{_rundir}/lock/%{name}/*
|
|
%dir %attr(710,pkcsslotd,pkcs11) /run/%{name}
|
|
|
|
|
|
%files devel
|
|
%{_includedir}/opencryptoki/
|
|
%{_libdir}/pkgconfig/%{name}.pc
|
|
|
|
%files help
|
|
%doc ChangeLog FAQ README.md
|
|
%doc doc/opencryptoki-howto.md
|
|
%doc doc/README.token_data
|
|
%doc doc/README.tpm_stdll
|
|
%doc doc/README.icsf_stdll
|
|
%{_mandir}/*
|
|
|
|
|
|
%changelog
|
|
* Thu Feb 01 2024 wangkai <13474090681@163.com> - 3.22.0-2
|
|
- Fix CVE-2024-0914
|
|
|
|
* Fri Sep 22 2023 liyanan <thistleslyn@163.com> - 3.22.0-1
|
|
- update to 3.22.0
|
|
|
|
* Fri Mar 10 2023 Wenlong Zhang<zhangwenlong@loongson.cn> - 3.10.0-4
|
|
- Remove useless buildrequires
|
|
|
|
* Fri Feb 28 2020 zhujunhao <zhujunhao5@huawei.com> - 3.10.0-3
|
|
- Package init
|