File gnome-keyring.spec of Package gnome-keyring
#
# spec file for package gnome-keyring (Version 2.24.1)
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
Name: gnome-keyring
BuildRequires: dbus-1-devel fdupes gconf2-devel gtk-doc gtk2-devel
BuildRequires: hal-devel intltool libgcrypt-devel libtasn1-devel
BuildRequires: pam-devel update-desktop-files
Version: 2.24.1
Release: 3
Url: http://www.gnome.org/
Group: System/GUI/GNOME
License: GPL v2 or later; LGPL v2.1 or later
Summary: GNOME Keyring Password Manager
Source: ftp://ftp.gnome.org/pub/GNOME/sources/%{name}/0.6/%{name}-%{version}.tar.bz2
Patch1: gnome-keyring-use-markup-correctly.patch
# PATCH-FIX-UPSTREAM gnome-keyring-pam-stop-passwd.patch bnc421603 bgo558636 vuntz@novell.com -- Stop daemon if started for a password change
Patch2: gnome-keyring-pam-stop-passwd.patch
# PATCH-FEATURE-UPSTREAM gnome-keyring-pam-auto-start-if.patch bnc421603 bgo559781 vuntz@novell.com -- Add auto_start_if= option to the pam module
Patch3: gnome-keyring-pam-auto-start-if.patch
# PATCH-FIX-OPENSUSE gnome-keyring-check-session.patch vuntz@novell.com -- Only start gnome-keyring in the pam module if GNOME is started
Patch4: gnome-keyring-check-session.patch
# PATCH-FIX-UPSTREAM gnome-keyring-spurious-syslog.patch bgo559958 vuntz@novell.com -- Don't spam syslog
Patch5: gnome-keyring-spurious-syslog.patch
Requires: %{name}-lang = %{version}
AutoReqProv: on
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%gconf_schemas_prereq
%description
GNOME Keyring Manager is a program that keeps passwords and other
secrets for users. It is run as a daemon in the session, similar to
ssh-agent, and other applications can locate it by an environment
variable.
Authors:
--------
Alexander Larsson <alexl@redhat.com>
%package pam
License: GPL v2 or later; LGPL v2.1 or later
Group: System/GUI/GNOME
Summary: GNOME Keyring Password Manager
Requires: %{name} = %{version}
PreReq: sed
# Package was present in OpenSUSE 10.2 and 10.3:
Obsoletes: pam_keyring <= 0.0.8
Provides: pam_keyring <= 0.0.8
%description pam
GNOME Keyring Manager is a program that keeps passwords and other
secrets for users. It is run as a daemon in the session, similar to
ssh-agent, and other applications can locate it by an environment
variable.
Authors:
--------
Alexander Larsson <alexl@redhat.com>
%package devel
License: GPL v2 or later; LGPL v2.1 or later
Group: Development/Libraries/GNOME
Summary: GNOME Keyring Password Manager
Requires: %{name} = %{version} dbus-1-devel glib2-devel
%description devel
GNOME Keyring Manager is a program that keeps passwords and other
secrets for users. It is run as a daemon in the session, similar to
ssh-agent, and other applications can locate it by an environment
variable.
Authors:
--------
Alexander Larsson <alexl@redhat.com>
%package doc
License: GPL v2 or later; LGPL v2.1 or later
Group: System/GUI/GNOME
Summary: Documentation for the GNOME Keyring Password Manager
Requires: %{name} = %{version}
%description doc
GNOME Keyring Manager is a program that keeps passwords and other
secrets for users. It is run as a daemon in the session, similar to
ssh-agent, and other applications can locate it by an environment
variable.
This package contains additional documentation.
Authors:
--------
Alexander Larsson <alexl@redhat.com>
%lang_package
%prep
%setup -q
%patch1
%patch2 -p1
%patch3 -p1
%patch4
%patch5 -p1
%build
autoreconf -f -i
# needed for gnome-keyring-0.6.0:
export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
%configure\
--libexecdir=%{_prefix}/lib/gnome-keyring-1\
--with-pam-dir=/%{_lib}/security \
--disable-acl-prompts
make %{?jobs:-j%jobs}
%install
make DESTDIR=$RPM_BUILD_ROOT install install-pam
%find_lang %{name}
%find_gconf_schemas
%fdupes $RPM_BUILD_ROOT
rm $RPM_BUILD_ROOT/%{_lib}/security/*.la
cat %{name}.schemas_list > %{name}.lst
%clean
rm -rf $RPM_BUILD_ROOT
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%pre -f %{name}.schemas_pre
%preun -f %{name}.schemas_preun
%posttrans -f %{name}.schemas_posttrans
%triggerin pam -- gdm
if test -f etc/pam.d/gdm ; then
if ! fgrep -q pam_gnome_keyring.so etc/pam.d/gdm ; then
sed -i '/ pam_gnome_keyring\.so/d
$aauth optional pam_gnome_keyring.so\
session optional pam_gnome_keyring.so auto_start' etc/pam.d/gdm
fi
fi
%post pam
if test -f etc/pam.d/gdm; then
if ! fgrep -q pam_gnome_keyring.so etc/pam.d/gdm ; then
sed -i '/ pam_gnome_keyring\.so/d
$aauth optional pam_gnome_keyring.so\
session optional pam_gnome_keyring.so auto_start' etc/pam.d/gdm
fi
fi
%postun pam
if test -f etc/pam.d/gdm ; then
if ! test -f %{_lib}/security/pam_gnome_keyring.so ; then
sed -i '/ pam_gnome_keyring\.so/d' etc/pam.d/gdm
fi
fi
%files -f %{name}.lst
%defattr (-, root, root)
%doc AUTHORS ChangeLog NEWS README TODO
%{_bindir}/*
%{_libdir}/*.so.*
%{_prefix}/lib/gnome-keyring-1
%{_libdir}/gnome-keyring
%{_prefix}/share/dbus-1/services/org.gnome.keyring.service
%dir %{_datadir}/gtk-doc/html/gp11
%{_datadir}/gtk-doc/html/gp11/*.*
%files lang -f %{name}.lang
%files pam
%defattr (-, root, root)
%attr(555,root,root) /%{_lib}/security/*.so
%files devel
%defattr (-, root, root)
%{_libdir}/*.so
%{_libdir}/*.*a
%{_libdir}/pkgconfig/*.pc
%{_includedir}/*
%files doc
%defattr (-, root, root)
%{_datadir}/gtk-doc/html/gnome-keyring
%changelog
* Wed Nov 19 2008 vuntz@novell.com
- Compile with --disable-acl-prompts. The prompt dialogs don't help
the user in the end. Fix bnc#446010.
* Sun Nov 09 2008 vuntz@novell.com
- Add some patches that will make pam-config integration possible.
This is part of bnc#421603.
- Add gnome-keyring-pam-stop-passwd.patch: if the keyring is
started to update the keyring password on password change, then
stop it too.
Based on patch by Thorsten Kukuk.
- Add gnome-keyring-pam-auto-start-if.patch: support an
auto_start_if option for the pam module to specify for which
service to auto-start the keyring.
Based on patch by Thorsten Kukuk.
- Update gnome-keyring-check-session.patch: the check for the GNOME
session is only working for the gdm service. With the
gnome-keyring-pam-auto-start-if.patch patch, we need to make sure
that we only do it for gdm since someone might want to configure
the keyring to start when logging in a console, eg.
- gnome-keyring-spurious-syslog.patch: don't try to unlock the
keyring if there's no daemon running.
* Wed Oct 22 2008 mboman@suse.de
- Update to version 2.24.1:
+ Fix crash on logout on Solaris.
+ Add missing 'server' attribute to the NETWORK_PASSWORD schema
* Sun Sep 21 2008 mboman@suse.de
- Update to version 2.24.0:
+ Update documentation for functions in gp11 library
+ Ungrab the keyboard properly when a password prompt is minimized.
+ Report errors from keyboard grabbing.
+ Fix build problems with gcc 4.3.
+ PKCS#11 initialize compatibility fix for OpenSC.
+ Make all errors from prompt process go to syslog.
+ When prompting for a password on import, don't go into an endless
+ loop for blank passwords.
+ Fix problems with PK indexes overwriting one another.
+ Don't add additional extensions on storage files when the extension
is already correct.
+ Load all objects when a PKCS#11 session is opened, regardless of
whether a C_FindObjects is run or not.
* Sat Sep 20 2008 vuntz@novell.com
- Rewrite gnome-keyring-check-session.patch to be more correct:
ie, don't return too early from functions, and now check the
DESKTOP_SESSION environment variable that will be set by GDM.
- Change the gdm pam configuration to have auto_start for
pam_gnome_keyring.so for session, and not auth. This is what
upstream recommends and it's also required to have a proper
behavior with the above patch.
- This is part of bnc#427744.
* Fri Sep 12 2008 aj@suse.de
- Add directory ownership for /usr/share/gtk-doc/html/gp11.
* Tue Sep 09 2008 mboman@novell.com
- Update to version 2.23.92:
+ Build fix for Solaris
+ Import the LANG environment variable into daemon enviroment
so that dialogs display with correct translations.
* Thu Sep 04 2008 mboman@novell.com
- Update to version 2.23.91:
+ Use 'Change' instead of 'Create' when prompting the user for
a password to change keyring password.
+ Fix RSA signing with X509 mechanism.
+ Tweaking of the asynchronous scheduling to prevent hangs.
+ Add some documentation for GP11 library.
+ Translation updates.
+ Build fixes.
* Tue Aug 26 2008 mboman@novell.com
- Update to version 2.23.90:
+ Use 'Create' button instead of 'OK' when prompting the user for
a password to create a new keyring.
+ Fix more cases where 'Deny' choice by a user resulted in
more subsequent prompts.
+ Automatically create non-existant directories when storing files.
+ Fix problem prompting for the same password twice when parsing a
PFX or PKCS#12 file.
+ Don't offer to store password during import operation.
+ Don't try to store certificates encrypted on the disk.
+ Add command line tool for importing of keys and certificates.
+ Fix problems with SSH agent not unlocking keys properly.
+ Build fixes.
* Tue Aug 05 2008 captain.magnus@opensuse.org
- Update to version 2.23.6:
+ If the user denies a prompt, then don't prompt the same prompt
again for that connection to the daemon.
+ Bug fixes for loading of SSH keys.
+ Add gconf schema for noting the user's configured PKCS#11 modules.
+ Update and bug fixes for the new GP11 library.
+ Better reference counting of internal objects.
+ When a certificate is in the roots storage, assume it is a CA if
no basic constraints are present.
+ Add ability of PKCS#11 module to accept a string on its reserved
initialization argument, similar to NSS's libsoftkn3 module.
+ Translation fixes.
+ Build fixes.
* Sat Aug 02 2008 captain.magnus@opensuse.org
- Update to version 2.23.5:
+ Load all SSH keys in ~/.ssh named id_?sa*, not just id_rsa
and id_dsa. Also load public portions of keys when needed ie: *.pub
+ Include new GP11 library, which is a GLib wrapper for PKCS#11
+ Add ability to import keys/certificates to PKCS#11.
+ Better storage and creation of PKCS#11 objects.
+ Start using GTest for new unit testing.
+ Better indexing of keys and certificates.
+ Better buffer handling, and threading fixes. [Jon Burgress]
+ Fix warnings in logs caused by programs checking whether
gnome-keyring is available.
+ Standardize on libgcrypt random number generator.
+ Add --disable-acl-prompts option to disable all ACL prompting [Colin Walters]
+ Build fixes.
* Wed Jun 18 2008 maw@suse.de
- Update to version 2.22.2:
+ Streamline the importing of keys and make the proper prompts
show up consistently; better fixes for this to come in 2.24.x
+ Don't show 'location' field in most password prompts
+ Return serial number of certificates properly to requesting
programs
+ Fix crash when receiving certain HAL events.
* Thu May 01 2008 hpj@suse.de
- Remove gnome-keyring-0.4.6-casa-integration.patch. GNOME can now
replicate the login password for use in the default keyring
without Casa's help.
* Thu Apr 10 2008 ro@suse.de
- added baselibs.conf file to build xxbit packages
for multilib support
* Wed Apr 09 2008 maw@suse.de
- Update to version 2.22.1:
+ Add SSH agent protocol 1 support
+ Make 'ssh-add -D' lock any SSH private keys that gnome-keyring
is automatically loading
+ Reconnect to system DBus whenever the system bus restarts
+ Log to syslog even when running in the foreground
+ Add a configure option to disable building of the SSH agent
+ Build fixes.
* Fri Mar 14 2008 maw@suse.de
- Update to version 2.22.0:
+ Minor build fix.
* Tue Mar 04 2008 maw@suse.de
- Update to version 2.21.92:
+ Sync up user's session environment with the daemon, so that
things like X authentication, DBUS, etc. work properly
+ Shutdown socket connections properly, so things don't hang,
when wrong versions of daemon/library are used
+ Limit PKCS#12 parsing to a clearly defined subset of the
format
+ Decrypt PKCS#12 with empty passwords properly
+ Updated translations.
* Mon Feb 18 2008 maw@suse.de
- Update to version 2.21.91:
+ Don't prompt for a password from the PAM module since
gnome-keyring is not an authenticator
+ Check that PKCS#11 socket connections come from same user
+ Don't lock the entire gnome-keyring-ask process in memory,
just the password text; this works better when less non-pageable
memory is available
+ Basic serializing of certificates and keys
+ Build fixes
+ Updated translations.
* Tue Jan 29 2008 maw@suse.de
- Update to version 2.21.90:
+ Proper support for creating and destroying objects through
PKCS#11
+ Support for setting PKCS#11 attributes
+ Fix hanging of daemon under certain conditions
+ Add gconf setting for determining which components of the
daemon (such as SSH) are run at startup
+ Better parsing of objects and prompting for passwords in
PKCS#12 files
+ Calculate trust and purpose/usage of certificates
+ Mark certain key/certificate directories as special requiring
certain special treatment (such as the CA root store, SSH
keys etc...)
+ Add support for unencrypted keyrings which are used when
the user specifies a blank password
+ Fix problem where most keyrings were being treated as insecure
from the point of view of storing passwords for keys or
certificates
+ Fix race condition that is causing deadlocks and freezes
+ Misc fixes.
* Tue Jan 22 2008 hpj@suse.de
- Remove gnome-keyring-2.21.4-getenv-returns-null.patch, and fix
gnome-keyring-check-session.patch instead.
* Mon Jan 21 2008 hpj@suse.de
- Add gnome-keyring-2.21.4-getenv-returns-null.patch to fix
GNOME bug #510902.
* Sat Jan 12 2008 hpj@suse.de
- Install the D-Bus service file. Fixes Novell bug #353198.
* Thu Dec 20 2007 maw@suse.de
- Fix build on x86_64.
* Thu Dec 20 2007 maw@suse.de
- Update to version 2.21.4:
+ Build fixes for various platforms and against various libraries
+ Print few useless warning messages
+ Simpler API for accessing and storing passwords
+ PAM module now works with SELinux
+ Includes an SSH agent
+ Added basic x.509 certificate and key store
+ PKCS#11 module
+ ASN.1 support
- Don't package license files.
* Wed Oct 10 2007 sbrabec@suse.cz
- Replace old pam_keyring.
* Mon Sep 17 2007 mauro@suse.de
- Updated to version 2.20.
+ Translation fixes (Claude Paroz)
* Mon Sep 10 2007 crivera@suse.de
- Add a patch to fix Bug #186189. We only start gnome-keyring
daemon if the WINDOWMANAGER environment variable is set to
/usr/bin/gnome.
* Mon Aug 27 2007 cgaisford@novell.com
- Updated to 2.19.91 to incorporate needed fixes for Novell bugs: 298975,
299730, 299621, 304189
- Builds with newer versions of DBus [Theppitak Karoonboonyanan]
- In the PAM module we now support starting gnome-keyring-daemon when
- the user's session actually starts, rather than during password validation.
- This makes us more solid and sane with GDM and well behaved PAM using
- applications. [Chris Rivera]
- In the PAM module check that the socket is owned by the same user, before
- sending the login password there.
- Don't read from /dev/random when not needed. This makes startup faster
- in many cases, as it won't block for entropy.
- Get around more optimizations that cancel out wiping of strings in
- memory before freeing.
- Fix problem where keyrings are created in wrong directory [Nathaniel McCallum]
- Incorporated security fixes from Novell
- Fix crashers when the ask dialog sends back bad data.
- Now builds on Solaris [Damien Carbery]
- Configure PAM module directory better [Matthias Clasen]
- Fix memory leaks
* Wed Aug 08 2007 maw@suse.de
- Use %%fdupes
- Split off a -lang subpackage.
* Thu Aug 02 2007 jpr@suse.de
- Build with pam support in gnome-keyring-pam
* Thu Aug 02 2007 maw@suse.de
- Update to version 2.19.6.1:
+ Sync with current gnome version numbers
+ Build fixes
+ Use libgcrypt instead of hand-rolled encryption algorithms
+ Code refactoring and cleanup
+ Error and warning messages are logged to syslog when running
as a daemon
+ Use non-pageable memory for secrets and passwords
+ Use NULL consistently in the API to represent the default
keyrong
+ Improved prompts
+ Handle unix signals properly
+ Keyrings supported on removeable drives
+ New API
+ API docs
+ Unit tests are run automagically when building
+ Misc. bug fixes
* Wed Apr 11 2007 maw@suse.de
- Update to version 0.8.1, which
- Fixes a crash when called with a NULL keyring
- Has an updated translation for the gl locale.
* Wed Apr 04 2007 maw@suse.de
- Update to version 0.8
- b.g.o 407160 and 339137.
* Fri Mar 09 2007 maw@suse.de
- Update to version 0.7.91
- Changes in version 0.7.91 are:
* Add method for library to discover daemon via DBus. Adds soft
DBus dependency.
* Fixes for building on kFreeBSD.
- Changes in version 0.7.3 are:
* Fix endless loop when creating a keyring and a file by that name
already exists.
* Fix crasher when deleting session keyring.
* Fix crasher when doing find operation with NULL attribute string.
* Sync files to disk after writing to keyring.
- Changes in version 0.7.2 are:
* Don't have multiple password dialogs presented for the same
keyring
- Changes in version 0.7.1 are:
* Added GNOME_KEYRING_ITEM_APPLICATION_SECRET which allows an item
to be for a single application only with strict access controls.
* New function gnome_keyring_item_get_info_full(_sync) which allow
retrieval of item meta data without the secret, thus not incurring
an ACL prompt.
* Translation updates
* Tue Feb 27 2007 maw@suse.de
- Create a -doc subpackage (#248813).
* Thu Dec 14 2006 sbrabec@suse.cz
- More spec file cleanups.
* Wed Dec 13 2006 maw@suse.de
- Move to /usr
- Do some specfile cleanup.
* Thu Sep 14 2006 jhargadon@suse.de
- update to version 0.6.0
- NetBSD fixes
- Crash fix
- Typo fix
- Translations
* Wed Aug 30 2006 jhargadon@suse.de
- update to version 0.5.2
- Translation updates
- Better title in docs
- Fixed crashes
- New function: gnome_keyring_item_grant_access_rights_sync
* Thu Aug 24 2006 ro@suse.de
- copy CASA headers to local source and remove CASA-devel
from BuildRequires to avoid build-dep cycle
(CASA needs gtk-sharp needs gnome-keyring needs CASA)
* Fri Aug 11 2006 jhargadon@suse.de
- update to version 0.5.1
- Support changing password of a keyring
- Create ~/.gnome2 if needed
- Save keyring when an ACL is added
- Add password strength meter
- Fix return value for some sync calls
- Translation updates
- Fix crash when asking for password
- Fix --disable-nls
* Sat May 13 2006 hpj@suse.de
- Add a patch to provide better CASA integration. CASAManager is
allowed by default, and the default keyring's password is saved
in CASA, making most of the annoying dialogs go away. Part of
fix for Novell bug #174093.
* Tue May 09 2006 joeshaw@suse.de
- Add a patch to only display the "unlock keyring" dialog once
per keyring, no matter how many different apps request it.
(bnc #170587) Also fixes a crash in gnome-keyring-ask if you
clicked "Deny".
* Mon May 08 2006 joeshaw@suse.de
- Add a patch to correctly escape for markup, and set the markup
flag on the label. (bnc #172603)
* Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires
* Wed Nov 30 2005 gekker@suse.de
- Update to version 0.4.6
* Thu Oct 13 2005 gekker@suse.de
- Update to version 0.4.5
* Mon Sep 05 2005 mmj@suse.de
- Update to version 0.4.4 (GNOME 2.12)
* Fri Jul 22 2005 gekker@suse.de
- Update to version 0.4.3
* Wed Jun 01 2005 sbrabec@suse.cz
- Fixed devel requirements.
* Wed Mar 09 2005 gekker@suse.de
- Update to version 0.4.2 (GNOME 2.10).
* Wed Jan 19 2005 clahey@suse.de
- Updated to version 0.4.1.
* Tue Nov 23 2004 gekker@suse.de
- Update version to 0.4.0
* Tue Nov 02 2004 ro@suse.de
- locale rename: no -> nb
* Tue Oct 12 2004 sbrabec@suse.cz
- Fixed libexecdir for bi-arch (#47050).
* Mon Jun 28 2004 hhetter@suse.de
- reduce #neededforbuild
* Mon Apr 26 2004 sbrabec@suse.cz
- New SuSE package, version 0.2.1 (GNOME 2.6).
