[packages/opencryptoki] - build pkcscca_migrate tool if possible - added missing patches

qboosh qboosh at pld-linux.org
Tue Dec 31 14:10:20 CET 2013 

commit 56396f3be124ad1588e43e0c683c16132c60b068
Author: Jakub Bogusz <qboosh at pld-linux.org>
Date:   Tue Dec 31 14:10:46 2013 +0100

    - build pkcscca_migrate tool if possible
    - added missing patches

 opencryptoki-format.patch         | 11 +++++++++
 opencryptoki-noroot.patch         | 49 +++++++++++++++++++++++++++++++++++++++
 opencryptoki-notonlysystemd.patch | 16 +++++++++++++
 opencryptoki.spec                 | 16 ++++++++++---
 4 files changed, 89 insertions(+), 3 deletions(-)
---
diff --git a/opencryptoki.spec b/opencryptoki.spec
index a1cae47..cf3f45f 100644
--- a/opencryptoki.spec
+++ b/opencryptoki.spec
@@ -3,6 +3,7 @@
 %bcond_without	aep	# AEP Crypto Accelerator support
 %bcond_without	bcom	# Broadcom Crypto Accelerator support
 %bcond_with	corrent	# Corrent Crypto Accelerator support [BR: libsocketarmor + typhoon.h]
+%bcond_with	pkcscca	# CCA token key migration tool [BR: xcryptolinz, s390x arch]
 #
 Summary:	An Implementation of PKCS#11 (Cryptoki) v2.11
 Summary(pl.UTF-8):	Implementacja PKCS#11 (Cryptoki) v2.11
@@ -33,6 +34,11 @@ BuildRequires:	openldap-devel
 BuildRequires:	openssl-devel
 BuildRequires:	rpmbuild(macros) >= 1.647
 BuildRequires:	trousers-devel >= 0.2.9
+%if %{with pkcscca}
+# from http://www-03.ibm.com/security/cryptocards/pcixcc/ordersoftware.shtml :
+# http://www-03.ibm.com/security/cryptocards/dwnlds/xcryptolinzGA-3.28-rc08.s390x.rpm
+BuildRequires:	xcryptolinzGA
+%endif
 Requires(post,preun):	/sbin/chkconfig
 Requires(post,preun,postun):	systemd-units >= 38
 Requires(postun):	/usr/sbin/groupdel
@@ -230,10 +236,10 @@ urządzeń TPM (Trusted Platform Module) w stosie openCryptoki.
 	--disable-ccatok \
 	--disable-icatok \
 %endif
+	%{!?with_pkcsccs:--disable-pkcscca-migrate} \
 	--enable-tpmtok \
 	--with-systemd=%{systemdunitdir}
-# icctok (PCICC) not supported on Linux (only AIX, Windows, z/OS, OS/390)
-# pkcscca_migrate requires xcryptolinz (IBM proprietary, zSeries only)
+# icctok (PCICC) not supported on Linux (only AIX, Windows, OS/2)
 
 %{__make}
 
@@ -329,7 +335,11 @@ fi
 %ifarch s390 s390x
 %files module-ccatok
 %defattr(644,root,root,755)
-%doc doc/{README-IBM_CCA_users,README.cca_stdll}
+%doc doc/{README-IBM_CCA_users,README.cca_stdll} %{?with_pkcscca:doc/README.pkcscca_migrate}
+%if %{with pkcscca}
+%attr(755,root,root) %{_sbindir}/pkcscca_migrate
+%attr(755,root,root) %{_sbindir}/pkcscca_migrate.sh
+%endif
 %attr(755,root,root) %{_libdir}/opencryptoki/stdll/libpkcs11_cca.so*
 %attr(755,root,root) %{_libdir}/opencryptoki/stdll/PKCS11_CCA.so
 %endif
diff --git a/opencryptoki-format.patch b/opencryptoki-format.patch
new file mode 100644
index 0000000..a96c1ef
--- /dev/null
+++ b/opencryptoki-format.patch
@@ -0,0 +1,11 @@
+--- opencryptoki/usr/sbin/pkcsslotd/log.c.orig	2013-07-15 19:25:41.000000000 +0200
++++ opencryptoki/usr/sbin/pkcsslotd/log.c	2013-12-30 23:09:12.875369087 +0100
+@@ -823,7 +823,7 @@
+ 
+   /* Always log to syslog, if we're using it */
+   if ( pInfo->UseSyslog ) {
+-    syslog(pInfo->LogLevel,  Buffer);
++    syslog(pInfo->LogLevel,  "%s", Buffer);
+   }
+ 
+   return TRUE;
diff --git a/opencryptoki-noroot.patch b/opencryptoki-noroot.patch
new file mode 100644
index 0000000..2d1c95b
--- /dev/null
+++ b/opencryptoki-noroot.patch
@@ -0,0 +1,49 @@
+--- opencryptoki/usr/lib/pkcs11/soft_stdll/Makefile.am.orig	2013-07-15 19:25:41.000000000 +0200
++++ opencryptoki/usr/lib/pkcs11/soft_stdll/Makefile.am	2013-12-31 08:45:27.230584799 +0100
+@@ -54,12 +54,9 @@
+ 	cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
+ 		ln -sf libpkcs11_sw.so PKCS11_SW.so
+ 	$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ
+-	$(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ
+-	$(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok
+ 	$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ
+ 	$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok
+ 	$(MKDIR_P) $(DESTDIR)$(lockdir)/swtok
+-	$(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/swtok
+ 	$(CHMOD) 0770 $(DESTDIR)$(lockdir)/swtok
+ 
+ uninstall-hook:
+--- opencryptoki/usr/lib/pkcs11/tpm_stdll/Makefile.am.orig	2013-07-15 19:25:41.000000000 +0200
++++ opencryptoki/usr/lib/pkcs11/tpm_stdll/Makefile.am	2013-12-31 08:50:00.680573324 +0100
+@@ -69,10 +69,8 @@
+ 	cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
+ 		ln -sf libpkcs11_tpm.so PKCS11_TPM.so
+ 	$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm
+-	$(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm
+ 	$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm
+ 	$(MKDIR_P) $(DESTDIR)$(lockdir)/tpm
+-	$(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/tpm 
+ 	$(CHMOD) 0770 $(DESTDIR)$(lockdir)/tpm
+ 
+ uninstall-hook:
+--- opencryptoki/usr/lib/pkcs11/icsf_stdll/Makefile.am.orig	2013-07-15 19:25:41.000000000 +0200
++++ opencryptoki/usr/lib/pkcs11/icsf_stdll/Makefile.am	2013-12-31 09:20:57.927162073 +0100
+@@ -76,10 +76,8 @@
+ 	cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
+ 		ln -sf libpkcs11_icsf.so PKCS11_ICSF.so
+ 	$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf
+-	$(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf
+ 	$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf
+ 	$(MKDIR_P) $(DESTDIR)$(lockdir)/icsf
+-	$(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/icsf 
+ 	$(CHMOD) 0770 $(DESTDIR)$(lockdir)/icsf
+ 
+ uninstall-hook:
+--- opencryptoki/usr/Makefile.am.orig	2013-07-15 19:25:40.000000000 +0200
++++ opencryptoki/usr/Makefile.am	2013-12-31 09:26:05.323815816 +0100
+@@ -6,5 +6,4 @@
+ 
+ install-data-hook:
+ 	$(MKDIR_P) $(DESTDIR)$(lockdir)
+-	$(CHGRP) pkcs11 $(DESTDIR)$(lockdir)
+ 	$(CHMOD) 0770 $(DESTDIR)$(lockdir)
diff --git a/opencryptoki-notonlysystemd.patch b/opencryptoki-notonlysystemd.patch
new file mode 100644
index 0000000..d0489bf
--- /dev/null
+++ b/opencryptoki-notonlysystemd.patch
@@ -0,0 +1,16 @@
+--- opencryptoki/misc/Makefile.am.orig	2013-07-15 19:25:40.000000000 +0200
++++ opencryptoki/misc/Makefile.am	2013-12-31 10:09:43.383706004 +0100
+@@ -10,7 +10,7 @@
+ pkcsslotd.service: pkcsslotd.service.in
+ 	@SED@ -e s!\@sbindir\@!"@sbindir@"!g < $< > $@-t
+ 	mv $@-t $@
+-else
++endif
+ initddir = $(sysconfdir)/rc.d/init.d
+ initd_SCRIPTS = pkcsslotd
+ 
+@@ -20,4 +20,3 @@
+ 	@CHMOD@ a+x $@-t
+ 	mv $@-t $@
+ endif
+-endif
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/opencryptoki.git/commitdiff/56396f3be124ad1588e43e0c683c16132c60b068

More information about the pld-cvs-commit mailing list