File libica.spec of Package libica
#
# spec file for package libica
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
#Compat macro for new _fillupdir macro introduced in Nov 2017
%if ! %{defined _fillupdir}
%define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif
%define flavor @BUILD_FLAVOR@%{nil}
%if "%{flavor}" == "openssl1_1"
Name: libica-%{flavor}
%else
Name: libica
%endif
Version: 4.2.3
Release: 0
Summary: Library interface for the IBM Cryptographic Accelerator device driver
License: CPL-1.0
Group: Hardware/Other
URL: https://github.com/opencryptoki/libica
Source: https://github.com/opencryptoki/libica/archive/refs/tags/v%{version}.tar.gz#/libica-%{version}.tar.gz
Source1: README.SUSE
Source2: sysconfig.z90crypt
Source3: z90crypt
Source4: z90crypt.service
Source5: libica-rpmlintrc
Patch01: libica-FIPS-make-it-possible-to-specify-fipshmac-binary.patch
Patch99: libica-sles15sp5-FIPS-hmac-key.patch
%if "%{flavor}" == "openssl1_1"
#PATCH-FIX-OPENSUSE bsc#1221627 Rename the hmac files for the openssl1_1 flavor
Patch100: libica-openssl1_1.patch
%endif
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: fipscheck
BuildRequires: gcc-c++
BuildRequires: libtool
%if "%flavor" == "openssl1_1"
BuildRequires: libopenssl-1_1-devel
BuildRequires: openssl-1_1
#We need openssl for HMAC computation, see 8947ac1a
BuildRequires: openssl
%else
BuildRequires: openssl-devel
BuildRequires: openssl
%endif
Requires(post): %fillup_prereq
ExclusiveArch: s390 s390x
%description
This package contains the interface library routines used by IBM
modules to interface with the IBM eServer Cryptographic Accelerator
(ICA).
%if "%flavor" == "openssl1_1"
%package -n libica4-openssl1_1
%else
%package -n libica4
%endif
Summary: Library interface for the IBM Cryptographic Accelerator
Group: System/Libraries
%if "%flavor" == "openssl1_1"
Recommends: libica-openssl1_1-tools
%else
Recommends: libica-tools
%endif
%if "%flavor" == "openssl1_1"
%description -n libica4-openssl1_1
%else
%description -n libica4
%endif
This package contains the interface library routines used by IBM
modules to interface with the IBM eServer Cryptographic Accelerator
(ICA).
%package tools
Summary: Utilities for the IBM Cryptographic Accelerator
Group: Hardware/Other
Obsoletes: libica < %{version}-%{release}
Obsoletes: libica-2_3_0 < %{version}-%{release}
Obsoletes: libica2 < %{version}-%{release}
Obsoletes: libica3 < %{version}-%{release}
Provides: libica = %{version}-%{release}
Provides: libica-2_3_0 = %{version}-%{release}
Provides: libica-plugin = %{version}-%{release}
Provides: libica2 = %{version}-%{release}
Provides: libica3 = %{version}-%{release}
%if "%flavor" == "openssl1_1"
Conflicts: libica-tools
%else
Conflicts: libica-openssl1_1-tools
%endif
%description tools
This package contains command-line utilities to inspect the IBM
eServer Cryptographic Accelerator (ICA).
%package devel
Summary: Development files for the ICA device driver interface library
Group: Development/Libraries/C and C++
Obsoletes: libica-2_1_0-devel < %{version}-%{release}
Provides: libica-2_1_0-devel = %{version}-%{release}
Obsoletes: libica-2_3_0-devel < %{version}-%{release}
Provides: libica-2_3_0-devel = %{version}-%{release}
%if "%flavor" == "openssl1_1"
Requires: libica4-openssl1_1 = %{version}
Requires: libopenssl-1_1-devel
Conflicts: libica-devel
%else
Requires: libica4 = %{version}
Requires: libopenssl-devel
Conflicts: libica-openssl1_1-devel
%endif
%description devel
This package contains the interface library routines used by IBM
modules to interface with the IBM eServer Cryptographic Accelerator
(ICA).
This subpackage contains the necessary files to compile and link
using the libica library.
%package devel-static
Summary: Static Development files for the ICA device driver interface library
Group: Development/Libraries/C and C++
%if "%flavor" == "openssl1_1"
Requires: libica-openssl1_1-devel
Conflicts: libica-devel-static
%else
Requires: libica-devel
Conflicts: libica-openssl1_1-devel-static
%endif
%description devel-static
This package contains the interface library routines used by IBM
modules to interface with the IBM eServer Cryptographic Accelerator
(ICA).
This RPM contains all the tools necessary to compile and link using
the libica library.
%prep
%autosetup -p 1 -n libica-%version
%build
autoreconf --force --install
%configure CPPFLAGS="-Iinclude -fPIC" CFLAGS="%{optflags} -fPIC" \
--enable-fips
%make_build clean
%make_build FIPSHMAC=fipshmac BUILD_VERSION="FIPS-SUSE-%version-%release"
%define major %(echo %{version} | sed -e 's/[.].*//')
%{expand:%%global __os_install_post {%__os_install_post fipshmac %{buildroot}/%{_libdir}/*.so.%{version} }}
%install
%make_install FIPSHMAC=fipshmac
make fipsinstall FIPSHMAC=fipshmac DESTDIR=%{buildroot}
mkdir -p %{buildroot}%{_includedir}
cp -p include/ica_api.h %{buildroot}%{_includedir}
mkdir -p %{buildroot}%{_sbindir}
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcz90crypt
install -D %{SOURCE2} %{buildroot}%{_fillupdir}/sysconfig.z90crypt
install -D %{SOURCE3} %{buildroot}%{_prefix}/lib/systemd/scripts/z90crypt
install -D -m 644 %{SOURCE4} %{buildroot}%{_prefix}/lib/systemd/system/z90crypt.service
# It is installed 444 and then the __os_install_post cannot update it once the debuginfo is stripped
# We need it early because there is %{buildroot}/%{_libdir}/.*.so.%{major}.hmac symlink pointing at it
# and the dangling symlink test would fail
chmod 644 %{buildroot}/%{_libdir}/.*.so.%{version}.hmac
cp -a %{SOURCE1} .
rm -vf %{buildroot}%{_libdir}/libica*.la
rm -f %{buildroot}%{_datadir}/doc/libica/*
rmdir %{buildroot}%{_datadir}/doc/libica
%if "%flavor" == "openssl1_1"
# Rename the libraries for the openssl1_1 flavor
mv %{buildroot}%{_libdir}/{libica,%{name}}.so.%{version}
mv %{buildroot}%{_libdir}/{libica,%{name}}-cex.so.%{version}
mv %{buildroot}%{_libdir}/{libica,%{name}}.a
mv %{buildroot}%{_libdir}/{libica,%{name}}-cex.a
# Recreate symlinks, they can not be simply renamed
rm %{buildroot}%{_libdir}/libica.so.%{major}
ln -s %{name}.so.%{version} %{buildroot}%{_libdir}/%{name}.so.%{major}
rm %{buildroot}%{_libdir}/libica-cex.so.%{major}
ln -s %{name}-cex.so.%{version} %{buildroot}%{_libdir}/%{name}-cex.so.%{major}
rm %{buildroot}%{_libdir}/libica.so
ln -s %{name}.so.%{version} %{buildroot}%{_libdir}/%{name}.so
rm %{buildroot}%{_libdir}/libica-cex.so
ln -s %{name}-cex.so.%{version} %{buildroot}%{_libdir}/%{name}-cex.so
%else
rm %{buildroot}/%{_sysconfdir}/libica/openssl3-fips.cnf
rmdir %{buildroot}/%{_sysconfdir}/libica
%endif
%check
%make_build check FIPSHMAC=fipshmac
%pre tools
%service_add_pre z90crypt.service
%post tools
%service_add_post z90crypt.service
%{fillup_only -n z90crypt}
%preun tools
%service_del_preun z90crypt.service
%postun tools
%service_del_postun z90crypt.service
%if "%flavor" == "openssl1_1"
%post -n libica4-openssl1_1 -p /sbin/ldconfig
%postun -n libica4-openssl1_1 -p /sbin/ldconfig
%files -n libica4-openssl1_1
%else
%post -n libica4 -p /sbin/ldconfig
%postun -n libica4 -p /sbin/ldconfig
%files -n libica4
%endif
%{_libdir}/%{name}.so.%{version}
%{_libdir}/%{name}.so.%{major}
%{_libdir}/.%{name}.so.%{version}.hmac
%{_libdir}/.%{name}.so.%{major}.hmac
%{_libdir}/%{name}-cex.so.%{version}
%{_libdir}/%{name}-cex.so.%{major}
%{_libdir}/.%{name}-cex.so.%{version}.hmac
%{_libdir}/.%{name}-cex.so.%{major}.hmac
%files tools
%license LICENSE
%doc README.SUSE
%{_sbindir}/rcz90crypt
%attr(644,root,root) %{_fillupdir}/sysconfig.z90crypt
%{_bindir}/icainfo
%{_bindir}/icainfo-cex
%{_bindir}/icastats
%{_mandir}/man1/icainfo.1%{?ext_man}
%{_mandir}/man1/icainfo-cex.1%{?ext_man}
%{_mandir}/man1/icastats.1%{?ext_man}
%dir %{_prefix}/lib/systemd/scripts
%{_prefix}/lib/systemd/scripts/z90crypt
%{_prefix}/lib/systemd/system/z90crypt.service
# Must be in here, otherwise openssl-ibmca does not find it via DSO_load() bsc#952871
%{_libdir}/%{name}.so
%files devel
%{_includedir}/ica_api.h
%{_libdir}/%{name}-cex.so
%files devel-static
%{_libdir}/%{name}.a
%{_libdir}/%{name}-cex.a
%changelog
