%define major 0 %define libname %mklibname %{name} %{major} %define develname %mklibname %{name} -d Summary: Implementation of the PKCS#11 (Cryptoki) specification v2.11 Name: opencryptoki Version: 2.4.2 Release: %mkrel 1 License: CPL Group: System/Libraries URL: http://sourceforge.net/projects/opencryptoki Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz Source1: %{name}-tmpfiles.conf # the pkcs11 group is created and populated in scriptlet Patch0: %{name}-2.3.2-do-not-create-group-in-pkcs11_startup.patch # https://bugzilla.redhat.com/show_bug.cgi?id=732756 Patch1: %{name}-2.4-group.patch # convert from initscript to systemd unit Patch2: %{name}-2.4.1-systemd.patch # https://bugzilla.redhat.com/show_bug.cgi?id=830129 Patch3: %{name}-2.4.1-830129.patch # add pkcs_slot man page Patch4: %{name}-2.4.1-man.patch # fix locks dir installation Patch5: %{name}-2.4.2-locks.patch Patch6: opencryptoki-2.4.2-fmtstr.diff BuildRequires: openssl-devel BuildRequires: trousers-devel BuildRequires: autoconf automake libtool BuildRequires: systemd-units %ifarch s390 s390x BuildRequires: libica-devel >= 2.0 %endif Requires(post): rpm-helper Requires(preun): rpm-helper Requires(pre): rpm-helper Requires(postun): rpm-helper %description Opencryptoki implements the PKCS#11 specification v2.11 for a set of cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the Trusted Platform Module (TPM) chip. Opencryptoki also brings a software token implementation that can be used without any cryptographic hardware. This package contains the Slot Daemon (pkcsslotd) and general utilities. %package -n %{libname} Summary: The run-time libraries for opencryptoki package Group: System/Libraries %description -n %{libname} Opencryptoki implements the PKCS#11 specification v2.11 for a set of cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the Trusted Platform Module (TPM) chip. Opencryptoki also brings a software token implementation that can be used without any cryptographic hardware. This package contains the PKCS#11 library implementation, and requires at least one token implementation (packaged separately) to be fully functional. %package -n %{develname} Summary: Development files for openCryptoki Group: Development/C Requires: %{libname} = %{version} %description -n %{develname} This package contains the development header files for building opencryptoki and PKCS#11 based applications %package swtok Summary: The software token implementation for opencryptoki Group: System/Libraries %description swtok Opencryptoki implements the PKCS#11 specification v2.11 for a set of cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the Trusted Platform Module (TPM) chip. Opencryptoki also brings a software token implementation that can be used without any cryptographic hardware. This package brings the software token implementation to use opencryptoki without any specific cryptographic hardware. %package tpmtok Summary: Trusted Platform Module (TPM) device support for opencryptoki Group: System/Libraries %description tpmtok Opencryptoki implements the PKCS#11 specification v2.11 for a set of cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the Trusted Platform Module (TPM) chip. Opencryptoki also brings a software token implementation that can be used without any cryptographic hardware. This package brings the necessary libraries and files to support Trusted Platform Module (TPM) devices in the opencryptoki stack. %ifarch s390 s390x %package icatok Summary: ICA cryptographic devices (clear-key) support for opencryptoki Group: System/Libraries %description icatok Opencryptoki implements the PKCS#11 specification v2.11 for a set of cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the Trusted Platform Module (TPM) chip. Opencryptoki also brings a software token implementation that can be used without any cryptographic hardware. This package brings the necessary libraries and files to support ICA devices in the opencryptoki stack. ICA is an interface to IBM cryptographic hardware such as IBM 4764 or 4765 that uses the "accelerator" or "clear-key" path. %package ccatok Summary: CCA cryptographic devices (secure-key) support for opencryptoki Group: System/Libraries %description ccatok Opencryptoki implements the PKCS#11 specification v2.11 for a set of cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the Trusted Platform Module (TPM) chip. Opencryptoki also brings a software token implementation that can be used without any cryptographic hardware. This package brings the necessary libraries and files to support CCA devices in the opencryptoki stack. CCA is an interface to IBM cryptographic hardware such as IBM 4764 or 4765 that uses the "co-processor" or "secure-key" path. %endif %prep %setup -q %patch0 -p1 %patch1 -p1 -b .group %patch2 -p1 -b .systemd %patch3 -p1 -b .bz830129 %patch4 -p1 -b .man %patch5 -p1 -b .locks %patch6 -p0 -b .fmtstr # Upstream tarball has unnecessary executable perms set on the sources find . -name '*.[ch]' -print0 | xargs -0 chmod -x %build ./bootstrap.sh %configure2_5x \ --sharedstatedir=/var/lib \ --with-systemdsystemunitdir=%{_unitdir} \ %ifarch s390 s390x --enable-icatok --enable-ccatok %else --disable-icatok --disable-ccatok %endif %make %install %makeinstall_std # Remove unwanted cruft rm -f %{buildroot}%{_libdir}/%{name}/*.la rm -f %{buildroot}%{_libdir}/%{name}/stdll/*.la # systemd must create /var/lock/opencryptoki install -d %{buildroot}%{_prefix}/lib/tmpfiles.d install -m 0644 %{SOURCE1} %{buildroot}%{_prefix}/lib/tmpfiles.d/%{name}.conf %pre %_pre_useradd pkcs11 /dev/null /sbin/nologin %post %_tmpfilescreate %{name} %_post_service pkcsslotd %preun %_preun_service pkcsslotd %postun %_postun_userdel pkcs11 %files %doc ChangeLog FAQ README %doc doc/openCryptoki-HOWTO.pdf %{_prefix}/lib/tmpfiles.d/%{name}.conf %{_unitdir}/pkcsslotd.service %{_sbindir}/* %{_mandir}/man*/* %{_libdir}/opencryptoki/methods %{_libdir}/pkcs11/methods %dir %attr(0770,root,pkcs11) /var/lib/%{name} %files -n %{libname} %doc LICENSE %{_sysconfdir}/ld.so.conf.d/* # Unversioned .so symlinks usually belong to -devel packages, but opencryptoki # needs them in the main package, because: # pkcs11_startup looks for opencryptoki/stdll/*.so, and # documentation suggests that programs should dlopen "PKCS11_API.so". %dir %{_libdir}/opencryptoki %{_libdir}/opencryptoki/libopencryptoki.* %{_libdir}/opencryptoki/PKCS11_API.so %dir %{_libdir}/opencryptoki/stdll %dir %{_libdir}/pkcs11 %{_libdir}/pkcs11/libopencryptoki.so %{_libdir}/pkcs11/PKCS11_API.so %{_libdir}/pkcs11/stdll %files -n %{develname} %{_includedir}/%{name}/ %files swtok %{_libdir}/opencryptoki/stdll/libpkcs11_sw.* %{_libdir}/opencryptoki/stdll/PKCS11_SW.so %files tpmtok %doc doc/README.tpm_stdll %{_libdir}/opencryptoki/stdll/libpkcs11_tpm.* %{_libdir}/opencryptoki/stdll/PKCS11_TPM.so %ifarch s390 s390x %files icatok %{_libdir}/opencryptoki/stdll/libpkcs11_ica.* %{_libdir}/opencryptoki/stdll/PKCS11_ICA.so %files ccatok %doc doc/README-IBM_CCA_users %doc doc/README.cca_stdll %{_libdir}/opencryptoki/stdll/libpkcs11_cca.* %{_libdir}/opencryptoki/stdll/PKCS11_CCA.so %endif %changelog * Mon Jan 21 2013 oden <oden> 2.4.2-1.mga3 + Revision: 390421 - don't ship the /var/lock/opencryptoki dir - imported package opencryptoki