File openCryptoki.spec of Package openCryptoki.2906

#
# spec file for package openCryptoki
#
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#


%define openCryptoki_32bit_arch %ix86 s390 ppc %arm
# support in the workings for: ppc64
# no support in sight for: ia64
%define openCryptoki_64bit_arch s390x ppc64 ppc64le x86_64 aarch64
# autobuild:/work/cd/lib/misc/group
#   openCryptoki    pkcs11:x:64:
%define pkcs11_group_id 64
%define oc_cvs_tag opencryptoki

%if 0%{?suse_version} > 1220
%define uses_systemd 1
%else
%define uses_systemd 0
%endif

Name:           openCryptoki
BuildRequires:  bison
BuildRequires:  flex
BuildRequires:  gcc-c++
%ifarch s390 s390x
BuildRequires:  libica2-devel
%endif
BuildRequires:  libtool
BuildRequires:  openldap2-devel
BuildRequires:  openssl-devel
BuildRequires:  pwdutils
BuildRequires:  trousers-devel
%if %{uses_systemd}
BuildRequires:  pkgconfig(systemd)
%{?systemd_requires}
%endif
BuildRequires:  dos2unix
Summary:        An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic Hardware
License:        IPL-1.0
Group:          Productivity/Security
Version:        3.2
Release:        0
# :pserver:anonymous@cvs.sourceforge.net:/cvsroot/opencryptoki
# cvs co -r openCryptoki-2-1-5 -d openCryptoki-2-1-5 .
Source:         %{oc_cvs_tag}-%{version}.tar.bz2
Source1:        openCryptoki.pkcsslotd
Source2:        openCryptoki-TFAQ.html
Source3:        openCryptoki-tmp.conf
Patch1:         ocki-3.1-remove-make-install-chgrp-chmod.patch
Patch2:         ocki-3.1-fix-init_d-path.patch
Patch3:         ocki-3.1-fix-implicit-decl.patch
Patch4:         ocki-3.1-fix-libica-link.patch
Patch5:         ocki-3.1_10_0001-ica-sha-update-empty-msg.patch
Patch6:         ocki-3.2_01_fix-return-type-error.patch
Patch7:         ocki-3.2_02_ep11-token-incorrectly-copied-the-public-key-object-.patch
Patch8:         ocki-3.2_03_ICSF-Token-C_SignUpdate-was-sometimes-segfaulting-an.patch
Patch9:         ocki-3.2_04_CKA_EC_POINT-is-not-required-in-the-ECDSA-private-ke.patch
Patch10:        ocki-3.2_05_icsf_ldap_handles.patch
Patch11:        ocki-3.2_06_icsf_sign_verify.patch
Patch12:        token-failure-with-CKR_MECHANISM_INVALID.patch
Url:            http://oss.software.ibm.com/developerworks/opensource/opencryptoki
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
PreReq:         /usr/sbin/groupadd /usr/bin/id /usr/sbin/usermod /bin/sed %insserv_prereq
# IBM maintains openCryptoki on these architectures:
ExclusiveArch:  %openCryptoki_32bit_arch %openCryptoki_64bit_arch
#

%description
The PKCS#11 version 2.11 API implemented for the IBM cryptographic
cards. This package includes support for the IBM 4758 cryptographic
coprocessor (with the PKCS#11 firmware loaded) and the IBM eServer
Cryptographic Accelerator (FC 4960 on pSeries).



%package devel
Summary:        An Implementation of PKCS#11 (Cryptoki) v2.01 for IBM Cryptographic Hardware
Group:          Development/Languages/C and C++
Requires:       glibc-devel
%ifarch s390 s390x
Requires:       libica2-devel
%endif
Requires:       libopenssl-devel
Requires:       openCryptoki = %{version}-%{release}
Requires:       openldap2-devel

%description devel
The PKCS#11 version 2.01 API implemented for the IBM cryptographic
cards. This package includes support for the IBM 4758 cryptographic
co-processor (with the PKCS#11 firmware loaded) and the IBM eServer
Cryptographic Accelerator (FC 4960 on pSeries).



%ifarch %openCryptoki_32bit_arch

%package 32bit
Summary:        An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic Hardware
Group:          Productivity/Security
# this is needed to make sure the pkcs11 group exists before
# installation:
PreReq:         openCryptoki
ExclusiveArch:  %openCryptoki_32bit_arch

%description 32bit
This is a re-packaged binary rpm. For the package source, please look
for the source of the package without the "32bit" ending

The PKCS#11 version 2.11 API implemented for the IBM cryptographic
cards. This package includes support for the IBM 4758 cryptographic
coprocessor (with the PKCS#11 firmware loaded) and the IBM eServer
Cryptographic Accelerator (FC 4960 on pSeries).



%endif
%ifarch %openCryptoki_64bit_arch

%package 64bit
Summary:        An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic Hardware
Group:          Productivity/Security
# this is needed to make sure the pkcs11 group exists before
# installation:
PreReq:         openCryptoki
ExclusiveArch:  %openCryptoki_64bit_arch

%description 64bit
This is a re-packaged binary rpm. For the package source, please look
for the source of the package without the "64bit" ending

The PKCS#11 version 2.11 API implemented for the IBM cryptographic
cards. This package includes support for the IBM 4758 cryptographic
coprocessor (with the PKCS#11 firmware loaded) and the IBM eServer
Cryptographic Accelerator (FC 4960 on pSeries).



%endif

%prep
%setup -q -n %{oc_cvs_tag}
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
cp %{SOURCE2} .

%build
autoreconf --force --install
CFLAGS="$RPM_OPT_FLAGS -D__USE_BSD" ./configure \
	--prefix=/usr \
	--libdir=%{_libdir} \
	--enable-tpmtok \
%if %{uses_systemd}
	--with-systemd=/usr/lib/systemd/system \
%endif
	--sysconfdir=%{_sysconfdir} \
	--localstatedir=%{_localstatedir}
%__make
dos2unix doc/README.ep11_stdll

%install
%make_install DESTDIR=$RPM_BUILD_ROOT INSROOT=$RPM_BUILD_ROOT
install -d $RPM_BUILD_ROOT/usr/include
install -d $RPM_BUILD_ROOT/var/lib/opencryptoki
install -d $RPM_BUILD_ROOT/etc/init.d
install -d $RPM_BUILD_ROOT/usr/sbin
%if %{uses_systemd}
install -d $RPM_BUILD_ROOT/usr/lib/tmpfiles.d
install -m 644 %{S:3} $RPM_BUILD_ROOT/usr/lib/tmpfiles.d/openCryptoki-tmp.conf
ln -s /usr/sbin/service $RPM_BUILD_ROOT/usr/sbin/rcpkcsslotd
%else
install -m 544 %{S:1} $RPM_BUILD_ROOT/etc/init.d/pkcsslotd
ln -sfv ../../etc/init.d/pkcsslotd $RPM_BUILD_ROOT/usr/sbin/rcpkcsslotd
%endif
rm -rf $RPM_BUILD_ROOT/tmp
# Remove all development files
rm -f $RPM_BUILD_ROOT${_libdir}/opencryptoki/libopencryptoki.la
rm -f $RPM_BUILD_ROOT/%_libdir/opencryptoki/methods

%pre
%if %{uses_systemd}
%{service_add_pre pkcsslotd.service}
%endif
# autobuild:/work/cd/lib/misc/group
# openCryptoki    pkcs11:x:64:
/usr/sbin/groupadd -g %pkcs11_group_id -r pkcs11 2>/dev/null || true
/usr/sbin/usermod -G $(/usr/bin/id --groups --name root | /bin/sed \
-e 's/root//' -e '
# add the pkcs group if it is missing
/(^| )pkcs11( |$)/!s/$/ pkcs11/
# replace spaces by commas
y/ /,/
# remove leading , if present
s/^,//
'),pkcs11  root

%preun
%if %{uses_systemd}
%{service_del_preun pkcsslotd.service}
%else
%{stop_on_removal pkcsslotd}
%endif

%post
# Symlink from /var/lib/opencryptoki to /etc/pkcs11
if [ ! -L %{_sysconfdir}/pkcs11 ] ; then
	if [ -e %{_sysconfdir}/pkcs11/pk_config_data ] ; then
		mv %{_sysconfdir}/pkcs11/* %{_localstatedir}/lib/opencryptoki
		cd %{_sysconfdir} && rm -rf pkcs11 && \
			ln -sf %{_localstatedir}/lib/opencryptoki pkcs11
	fi
fi
/sbin/ldconfig
%if %{uses_systemd}
%{?tmpfiles_create:%tmpfiles_create %{_tmpfilesdir}/openCryptoki-tmp.conf}
%{service_add_post pkcsslotd.service}
%else
%{fillup_and_insserv -f pkcsslotd}
%endif

%postun
if [ -L %{_sysconfdir}/pkcs11 ] ; then
	rm %{_sysconfdir}/pkcs11
fi
%if %{uses_systemd}
%{service_del_postun pkcsslotd.service}
%else
%{restart_on_update pkcsslotd}
%{insserv_cleanup}
%endif

%ifarch %openCryptoki_32bit_arch

%postun 32bit
# remove the openCryptoki start script
%{insserv_cleanup}

%post 32bit
# Old library name links
cd %{_libdir}/opencryptoki && ln -sf ./libopencryptoki.so PKCS11_API.so
ln -sf %{_sbindir} %{_libdir}/opencryptoki/methods
rm -rf %{_libdir}/pkcs11/stdll
test -d /usr/lib/pkcs11 || mkdir -p /usr/lib/pkcs11
cd /usr/lib/pkcs11
ln -sf ../opencryptoki/stdll stdll
cd stdll
[ -f libpkcs11_cca.so ] && ln -sf ./libpkcs11_cca.so PKCS11_CCA.so || true
[ -f libpkcs11_tpm.so ] && ln -sf ./libpkcs11_tpm.so PKCS11_TPM.so || true
[ -f libpkcs11_ica.so ] && ln -sf ./libpkcs11_ica.so PKCS11_ICA.so || true
[ -f libpkcs11_sw.so ] && ln -sf ./libpkcs11_sw.so PKCS11_SW.so || true
/sbin/ldconfig
%endif
%ifarch %openCryptoki_64bit_arch

%post 64bit
# Old library name for 64bit libs were under /usr/lib/pkcs11. For migration purposes only.
test -d /usr/lib/pkcs11 || mkdir -p /usr/lib/pkcs11
ln -sf %{_libdir}/opencryptoki/libopencryptoki.so /usr/lib/pkcs11/PKCS11_API.so64
/sbin/ldconfig
%endif

%files
%defattr(-,root,root)
%doc openCryptoki-TFAQ.html
%doc doc/*
  # configuration directory
%dir %{_sysconfdir}/opencryptoki
%config %{_sysconfdir}/opencryptoki/opencryptoki.conf
%ifarch s390 s390x
%config %{_sysconfdir}/opencryptoki/ep11tok.conf
%{_sbindir}/pkcsep11_migrate
%endif
%if %{uses_systemd}
%{_prefix}/lib/systemd/system/pkcsslotd.service
%{_prefix}/lib/tmpfiles.d/openCryptoki-tmp.conf
%else
%{_sysconfdir}/init.d/pkcsslotd
%ghost %dir %attr(770,root,pkcs11) %{_localstatedir}/lock/opencryptoki
%ghost %dir %attr(770,root,pkcs11) %{_localstatedir}/lock/opencryptoki/ccatok
%ghost %dir %attr(770,root,pkcs11) %{_localstatedir}/lock/opencryptoki/swtok
%ghost %dir %attr(770,root,pkcs11) %{_localstatedir}/lock/opencryptoki/tpm
%endif
%{_sbindir}/rcpkcsslotd
  # utilities
%{_sbindir}/pkcsslotd
%{_sbindir}/pkcsconf
%{_sbindir}/pkcsicsf
%{_sbindir}/pkcscca
%dir %{_libdir}/opencryptoki
%dir %{_libdir}/opencryptoki/stdll
  # State and lock directories
%dir %attr(755,root,pkcs11) %{_localstatedir}/lib/opencryptoki
%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/ccatok
%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/ccatok/TOK_OBJ
%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/swtok
%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/swtok/TOK_OBJ
%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/tpm
%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/icsf
%ifarch s390 s390x
%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/ep11tok
%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/ep11tok/TOK_OBJ
%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/lite
%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/lite/TOK_OBJ
%endif
%{_mandir}/man*/*

%files devel
%defattr(-,root,root)
%dir %{_libdir}/opencryptoki
%dir %{_libdir}/opencryptoki/stdll
%{_libdir}/opencryptoki/libopencryptoki.la
%{_libdir}/opencryptoki/stdll/libpkcs11_cca.la
%{_libdir}/opencryptoki/stdll/libpkcs11_icsf.la
%{_libdir}/opencryptoki/stdll/libpkcs11_sw.la
%{_libdir}/opencryptoki/stdll/libpkcs11_tpm.la
%ifarch s390 s390x
%{_libdir}/opencryptoki/stdll/libpkcs11_ep11.la
%{_libdir}/opencryptoki/stdll/libpkcs11_ica.la
%endif
%dir %{_includedir}/opencryptoki
%{_includedir}/opencryptoki/apiclient.h
%{_includedir}/opencryptoki/pkcs11.h
%{_includedir}/opencryptoki/pkcs11types.h

%ifarch %openCryptoki_32bit_arch
%files 32bit
%defattr(-,root,root)
  # these don't conflict because they only exist as 64bit binaries if
  # there is no 32bit version of them usable
%{_libdir}/opencryptoki/libopencryptoki.so
%ghost %{_libdir}/opencryptoki/PKCS11_API.so
%{_libdir}/opencryptoki/*.0
%{_libdir}/opencryptoki/stdll/libpkcs11_cca.so
%ghost %{_libdir}/opencryptoki/stdll/PKCS11_CCA.so
%{_libdir}/opencryptoki/stdll/libpkcs11_tpm.so
%ghost %{_libdir}/opencryptoki/stdll/PKCS11_TPM.so
%{_libdir}/opencryptoki/stdll/libpkcs11_sw.so
%ghost %{_libdir}/opencryptoki/stdll/PKCS11_SW.so
%{_libdir}/opencryptoki/stdll/libpkcs11_icsf.so
%ghost %{_libdir}/opencryptoki/stdll/PKCS11_ICSF.so
%ifarch s390 s390x
%{_libdir}/opencryptoki/stdll/libpkcs11_ica.so
%ghost %{_libdir}/opencryptoki/stdll/PKCS11_ICA.so
%{_libdir}/opencryptoki/stdll/libpkcs11_ep11.so
%ghost %{_libdir}/opencryptoki/stdll/PKCS11_EP11.so
%endif
%{_libdir}/opencryptoki/stdll/*.0
%dir %{_libdir}/pkcs11
%ghost %{_libdir}/pkcs11/stdll
%ghost %{_libdir}/pkcs11/methods
%{_libdir}/pkcs11/*.so
%{_sysconfdir}/ld.so.conf.d/*
%endif
%ifarch %openCryptoki_64bit_arch

%files 64bit
%defattr(-,root,root)
%dir %_libdir/opencryptoki
%{_libdir}/opencryptoki/PKCS11_API.so
%{_libdir}/opencryptoki/libopencryptoki.so
%{_libdir}/opencryptoki/libopencryptoki.so.0
%{_libdir}/opencryptoki/libopencryptoki.so.0.0.0
%dir %_libdir/opencryptoki/stdll
%{_libdir}/opencryptoki/stdll/PKCS11_CCA.so
%{_libdir}/opencryptoki/stdll/PKCS11_ICSF.so
%{_libdir}/opencryptoki/stdll/PKCS11_SW.so
%{_libdir}/opencryptoki/stdll/PKCS11_TPM.so
%{_libdir}/opencryptoki/stdll/libpkcs11_cca.so
%{_libdir}/opencryptoki/stdll/libpkcs11_cca.so.0
%{_libdir}/opencryptoki/stdll/libpkcs11_cca.so.0.0.0
%{_libdir}/opencryptoki/stdll/libpkcs11_icsf.so
%{_libdir}/opencryptoki/stdll/libpkcs11_icsf.so.0
%{_libdir}/opencryptoki/stdll/libpkcs11_icsf.so.0.0.0
%{_libdir}/opencryptoki/stdll/libpkcs11_sw.so
%{_libdir}/opencryptoki/stdll/libpkcs11_sw.so.0
%{_libdir}/opencryptoki/stdll/libpkcs11_sw.so.0.0.0
%{_libdir}/opencryptoki/stdll/libpkcs11_tpm.so
%{_libdir}/opencryptoki/stdll/libpkcs11_tpm.so.0
%{_libdir}/opencryptoki/stdll/libpkcs11_tpm.so.0.0.0
%ifarch s390 s390x
%{_libdir}/opencryptoki/stdll/PKCS11_EP11.so
%{_libdir}/opencryptoki/stdll/PKCS11_ICA.so
%{_libdir}/opencryptoki/stdll/libpkcs11_ep11.so
%{_libdir}/opencryptoki/stdll/libpkcs11_ep11.so.0
%{_libdir}/opencryptoki/stdll/libpkcs11_ep11.so.0.0.0
%{_libdir}/opencryptoki/stdll/libpkcs11_ica.so
%{_libdir}/opencryptoki/stdll/libpkcs11_ica.so.0
%{_libdir}/opencryptoki/stdll/libpkcs11_ica.so.0.0.0
%endif
%dir %{_libdir}/pkcs11
%{_libdir}/pkcs11/PKCS11_API.so
%{_libdir}/pkcs11/libopencryptoki.so
%{_libdir}/pkcs11/methods
%{_libdir}/pkcs11/stdll
%{_sysconfdir}/ld.so.conf.d/opencryptoki-*.conf
%endif

%changelog
openSUSE Build Service is sponsored by