basebuilder_pel7x64builder0
6 years ago
6 changed files with 656 additions and 0 deletions
@ -0,0 +1,25 @@ |
|||||||
|
From 14c50e25d8280ce81a323ef79a71a66892b65f1a Mon Sep 17 00:00:00 2001 |
||||||
|
From: Daiki Ueno <dueno@redhat.com> |
||||||
|
Date: Mon, 12 Jun 2017 15:38:21 +0200 |
||||||
|
Subject: [PATCH] doc: Use correct PKCS#11 URI syntax |
||||||
|
|
||||||
|
--- |
||||||
|
doc/manual/trust.xml | 2 +- |
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-) |
||||||
|
|
||||||
|
diff --git a/doc/manual/trust.xml b/doc/manual/trust.xml |
||||||
|
index f6f2b3e..14dcbba 100644 |
||||||
|
--- a/doc/manual/trust.xml |
||||||
|
+++ b/doc/manual/trust.xml |
||||||
|
@@ -157,7 +157,7 @@ $ trust list |
||||||
|
<programlisting> |
||||||
|
$ trust anchor /path/to/certificate.crt |
||||||
|
$ trust anchor --remove /path/to/certificate.crt |
||||||
|
-$ trust anchor --remove "pkcs11:id=%AA%BB%CC%DD%EE;object-type=cert" |
||||||
|
+$ trust anchor --remove "pkcs11:id=%AA%BB%CC%DD%EE;type=cert" |
||||||
|
</programlisting> |
||||||
|
|
||||||
|
<para>Store or remove trust anchors in the trust policy store. These are |
||||||
|
-- |
||||||
|
2.9.4 |
||||||
|
|
@ -0,0 +1,256 @@ |
|||||||
|
From acf8c4a91a76bf8049f6bfbd95b04e2e36bae4ea Mon Sep 17 00:00:00 2001 |
||||||
|
From: Daiki Ueno <dueno@redhat.com> |
||||||
|
Date: Thu, 18 May 2017 10:45:26 +0200 |
||||||
|
Subject: [PATCH 1/2] Revert "trust: Honor "modifiable" setting in persist |
||||||
|
file" |
||||||
|
|
||||||
|
This reverts commit 8eed1e60b0921d05872e2f43eee9088cef038d7e, which |
||||||
|
broke "trust anchor --remove". |
||||||
|
--- |
||||||
|
trust/input/verisign-v1.p11-kit | 1 - |
||||||
|
trust/parser.c | 10 +--------- |
||||||
|
trust/test-parser.c | 1 - |
||||||
|
3 files changed, 1 insertion(+), 11 deletions(-) |
||||||
|
|
||||||
|
diff --git a/trust/input/verisign-v1.p11-kit b/trust/input/verisign-v1.p11-kit |
||||||
|
index aea49ea..eaa080d 100644 |
||||||
|
--- a/trust/input/verisign-v1.p11-kit |
||||||
|
+++ b/trust/input/verisign-v1.p11-kit |
||||||
|
@@ -1,6 +1,5 @@ |
||||||
|
[p11-kit-object-v1] |
||||||
|
trusted: true |
||||||
|
-modifiable: false |
||||||
|
|
||||||
|
-----BEGIN CERTIFICATE----- |
||||||
|
MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG |
||||||
|
diff --git a/trust/parser.c b/trust/parser.c |
||||||
|
index 52d1128..41513d4 100644 |
||||||
|
--- a/trust/parser.c |
||||||
|
+++ b/trust/parser.c |
||||||
|
@@ -610,7 +610,6 @@ p11_parser_format_persist (p11_parser *parser, |
||||||
|
{ |
||||||
|
CK_BBOOL modifiablev = CK_TRUE; |
||||||
|
CK_ATTRIBUTE *attrs; |
||||||
|
- CK_ATTRIBUTE *attr; |
||||||
|
p11_array *objects; |
||||||
|
bool ret; |
||||||
|
int i; |
||||||
|
@@ -631,14 +630,7 @@ p11_parser_format_persist (p11_parser *parser, |
||||||
|
ret = p11_persist_read (parser->persist, parser->basename, data, length, objects); |
||||||
|
if (ret) { |
||||||
|
for (i = 0; i < objects->num; i++) { |
||||||
|
- /* By default, we mark objects read from a persist |
||||||
|
- * file as modifiable, as the persist format is |
||||||
|
- * writable. However, if CKA_MODIFIABLE is explictly |
||||||
|
- * set in the file, respect the setting. */ |
||||||
|
- attrs = objects->elem[i]; |
||||||
|
- attr = p11_attrs_find_valid (objects->elem[i], CKA_MODIFIABLE); |
||||||
|
- if (!attr) |
||||||
|
- attrs = p11_attrs_build (attrs, &modifiable, NULL); |
||||||
|
+ attrs = p11_attrs_build (objects->elem[i], &modifiable, NULL); |
||||||
|
sink_object (parser, attrs); |
||||||
|
} |
||||||
|
} |
||||||
|
diff --git a/trust/test-parser.c b/trust/test-parser.c |
||||||
|
index 088cff9..b5c2525 100644 |
||||||
|
--- a/trust/test-parser.c |
||||||
|
+++ b/trust/test-parser.c |
||||||
|
@@ -168,7 +168,6 @@ test_parse_p11_kit_persist (void) |
||||||
|
{ CKA_CLASS, &certificate, sizeof (certificate) }, |
||||||
|
{ CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) }, |
||||||
|
{ CKA_TRUSTED, &truev, sizeof (truev) }, |
||||||
|
- { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, |
||||||
|
{ CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, |
||||||
|
{ CKA_INVALID }, |
||||||
|
}; |
||||||
|
-- |
||||||
|
2.9.4 |
||||||
|
|
||||||
|
|
||||||
|
From 66c6a7e912d39d66cd4cc91375ac7be418bf7176 Mon Sep 17 00:00:00 2001 |
||||||
|
From: Daiki Ueno <dueno@redhat.com> |
||||||
|
Date: Thu, 18 May 2017 11:11:45 +0200 |
||||||
|
Subject: [PATCH 2/2] trust: Check magic comment in persist file for |
||||||
|
modifiablity |
||||||
|
|
||||||
|
A persistent file written by the trust module starts with the line "# |
||||||
|
This file has been auto-generated and written by p11-kit". This can |
||||||
|
be used as a magic word to determine whether the objects read from a |
||||||
|
.p11-kit file are read-only. |
||||||
|
--- |
||||||
|
trust/parser.c | 6 +++++- |
||||||
|
trust/persist.c | 9 ++++++++- |
||||||
|
trust/test-token.c | 1 + |
||||||
|
3 files changed, 14 insertions(+), 2 deletions(-) |
||||||
|
|
||||||
|
diff --git a/trust/parser.c b/trust/parser.c |
||||||
|
index 41513d4..abe86fc 100644 |
||||||
|
--- a/trust/parser.c |
||||||
|
+++ b/trust/parser.c |
||||||
|
@@ -49,6 +49,7 @@ |
||||||
|
#include "pem.h" |
||||||
|
#include "pkcs11x.h" |
||||||
|
#include "persist.h" |
||||||
|
+#include "types.h" |
||||||
|
#include "x509.h" |
||||||
|
|
||||||
|
#include <libtasn1.h> |
||||||
|
@@ -630,7 +631,10 @@ p11_parser_format_persist (p11_parser *parser, |
||||||
|
ret = p11_persist_read (parser->persist, parser->basename, data, length, objects); |
||||||
|
if (ret) { |
||||||
|
for (i = 0; i < objects->num; i++) { |
||||||
|
- attrs = p11_attrs_build (objects->elem[i], &modifiable, NULL); |
||||||
|
+ CK_BBOOL generatedv; |
||||||
|
+ attrs = objects->elem[i]; |
||||||
|
+ if (p11_attrs_find_bool (attrs, CKA_X_GENERATED, &generatedv) && generatedv) |
||||||
|
+ attrs = p11_attrs_build (attrs, &modifiable, NULL); |
||||||
|
sink_object (parser, attrs); |
||||||
|
} |
||||||
|
} |
||||||
|
diff --git a/trust/persist.c b/trust/persist.c |
||||||
|
index 63a531e..928260e 100644 |
||||||
|
--- a/trust/persist.c |
||||||
|
+++ b/trust/persist.c |
||||||
|
@@ -631,6 +631,9 @@ p11_persist_read (p11_persist *persist, |
||||||
|
CK_ATTRIBUTE *attrs; |
||||||
|
bool failed; |
||||||
|
bool skip; |
||||||
|
+ CK_BBOOL generatedv = CK_FALSE; |
||||||
|
+ CK_ATTRIBUTE generated = { CKA_X_GENERATED, &generatedv, sizeof (generatedv) }; |
||||||
|
+ static const char comment[] = "# This file has been auto-generated and written by p11-kit."; |
||||||
|
|
||||||
|
return_val_if_fail (persist != NULL, false); |
||||||
|
return_val_if_fail (objects != NULL, false); |
||||||
|
@@ -639,6 +642,10 @@ p11_persist_read (p11_persist *persist, |
||||||
|
attrs = NULL; |
||||||
|
failed = false; |
||||||
|
|
||||||
|
+ if (length >= sizeof (comment) - 1 && |
||||||
|
+ memcmp ((const char *)data, comment, sizeof (comment) - 1) == 0) |
||||||
|
+ generatedv = CK_TRUE; |
||||||
|
+ |
||||||
|
p11_lexer_init (&lexer, filename, (const char *)data, length); |
||||||
|
while (p11_lexer_next (&lexer, &failed)) { |
||||||
|
switch (lexer.tok_type) { |
||||||
|
@@ -650,7 +657,7 @@ p11_persist_read (p11_persist *persist, |
||||||
|
p11_lexer_msg (&lexer, "unrecognized or invalid section header"); |
||||||
|
skip = true; |
||||||
|
} else { |
||||||
|
- attrs = p11_attrs_build (NULL, NULL); |
||||||
|
+ attrs = p11_attrs_build (NULL, &generated, NULL); |
||||||
|
return_val_if_fail (attrs != NULL, false); |
||||||
|
skip = false; |
||||||
|
} |
||||||
|
diff --git a/trust/test-token.c b/trust/test-token.c |
||||||
|
index ad22fcb..3e7d735 100644 |
||||||
|
--- a/trust/test-token.c |
||||||
|
+++ b/trust/test-token.c |
||||||
|
@@ -610,6 +610,7 @@ static void |
||||||
|
test_modify_multiple (void) |
||||||
|
{ |
||||||
|
const char *test_data = |
||||||
|
+ "# This file has been auto-generated and written by p11-kit.\n" |
||||||
|
"[p11-kit-object-v1]\n" |
||||||
|
"class: data\n" |
||||||
|
"label: \"first\"\n" |
||||||
|
-- |
||||||
|
2.9.4 |
||||||
|
|
||||||
|
From d661194319f2375c1764125b449bf924c0cbc8a1 Mon Sep 17 00:00:00 2001 |
||||||
|
From: Daiki Ueno <dueno@redhat.com> |
||||||
|
Date: Thu, 18 May 2017 14:27:36 +0200 |
||||||
|
Subject: [PATCH] trust: Simplify the check for the magic |
||||||
|
|
||||||
|
Instead of reusing the CKA_X_GENERATED attribute, check the file |
||||||
|
contents directly in the caller side. |
||||||
|
--- |
||||||
|
trust/parser.c | 7 +++---- |
||||||
|
trust/persist.c | 19 +++++++++++-------- |
||||||
|
trust/persist.h | 3 +++ |
||||||
|
3 files changed, 17 insertions(+), 12 deletions(-) |
||||||
|
|
||||||
|
diff --git a/trust/parser.c b/trust/parser.c |
||||||
|
index abe86fc..f92cdc9 100644 |
||||||
|
--- a/trust/parser.c |
||||||
|
+++ b/trust/parser.c |
||||||
|
@@ -630,11 +630,10 @@ p11_parser_format_persist (p11_parser *parser, |
||||||
|
|
||||||
|
ret = p11_persist_read (parser->persist, parser->basename, data, length, objects); |
||||||
|
if (ret) { |
||||||
|
+ if (!p11_persist_is_generated (data, length)) |
||||||
|
+ modifiablev = CK_FALSE; |
||||||
|
for (i = 0; i < objects->num; i++) { |
||||||
|
- CK_BBOOL generatedv; |
||||||
|
- attrs = objects->elem[i]; |
||||||
|
- if (p11_attrs_find_bool (attrs, CKA_X_GENERATED, &generatedv) && generatedv) |
||||||
|
- attrs = p11_attrs_build (attrs, &modifiable, NULL); |
||||||
|
+ attrs = p11_attrs_build (objects->elem[i], &modifiable, NULL); |
||||||
|
sink_object (parser, attrs); |
||||||
|
} |
||||||
|
} |
||||||
|
diff --git a/trust/persist.c b/trust/persist.c |
||||||
|
index 928260e..887b316 100644 |
||||||
|
--- a/trust/persist.c |
||||||
|
+++ b/trust/persist.c |
||||||
|
@@ -70,6 +70,16 @@ p11_persist_magic (const unsigned char *data, |
||||||
|
return (strnstr ((char *)data, "[" PERSIST_HEADER "]", length) != NULL); |
||||||
|
} |
||||||
|
|
||||||
|
+bool |
||||||
|
+p11_persist_is_generated (const unsigned char *data, |
||||||
|
+ size_t length) |
||||||
|
+{ |
||||||
|
+ static const char comment[] = |
||||||
|
+ "# This file has been auto-generated and written by p11-kit."; |
||||||
|
+ return length >= sizeof (comment) - 1 && |
||||||
|
+ memcmp ((const char *)data, comment, sizeof (comment) - 1) == 0; |
||||||
|
+} |
||||||
|
+ |
||||||
|
p11_persist * |
||||||
|
p11_persist_new (void) |
||||||
|
{ |
||||||
|
@@ -631,9 +641,6 @@ p11_persist_read (p11_persist *persist, |
||||||
|
CK_ATTRIBUTE *attrs; |
||||||
|
bool failed; |
||||||
|
bool skip; |
||||||
|
- CK_BBOOL generatedv = CK_FALSE; |
||||||
|
- CK_ATTRIBUTE generated = { CKA_X_GENERATED, &generatedv, sizeof (generatedv) }; |
||||||
|
- static const char comment[] = "# This file has been auto-generated and written by p11-kit."; |
||||||
|
|
||||||
|
return_val_if_fail (persist != NULL, false); |
||||||
|
return_val_if_fail (objects != NULL, false); |
||||||
|
@@ -642,10 +649,6 @@ p11_persist_read (p11_persist *persist, |
||||||
|
attrs = NULL; |
||||||
|
failed = false; |
||||||
|
|
||||||
|
- if (length >= sizeof (comment) - 1 && |
||||||
|
- memcmp ((const char *)data, comment, sizeof (comment) - 1) == 0) |
||||||
|
- generatedv = CK_TRUE; |
||||||
|
- |
||||||
|
p11_lexer_init (&lexer, filename, (const char *)data, length); |
||||||
|
while (p11_lexer_next (&lexer, &failed)) { |
||||||
|
switch (lexer.tok_type) { |
||||||
|
@@ -657,7 +660,7 @@ p11_persist_read (p11_persist *persist, |
||||||
|
p11_lexer_msg (&lexer, "unrecognized or invalid section header"); |
||||||
|
skip = true; |
||||||
|
} else { |
||||||
|
- attrs = p11_attrs_build (NULL, &generated, NULL); |
||||||
|
+ attrs = p11_attrs_build (NULL, NULL); |
||||||
|
return_val_if_fail (attrs != NULL, false); |
||||||
|
skip = false; |
||||||
|
} |
||||||
|
diff --git a/trust/persist.h b/trust/persist.h |
||||||
|
index 0ef142c..6344e4e 100644 |
||||||
|
--- a/trust/persist.h |
||||||
|
+++ b/trust/persist.h |
||||||
|
@@ -60,4 +60,7 @@ bool p11_persist_write (p11_persist *persist, |
||||||
|
|
||||||
|
void p11_persist_free (p11_persist *persist); |
||||||
|
|
||||||
|
+bool p11_persist_is_generated (const unsigned char *data, |
||||||
|
+ size_t length); |
||||||
|
+ |
||||||
|
#endif /* P11_PERSIST_H_ */ |
||||||
|
-- |
||||||
|
2.9.4 |
||||||
|
|
@ -0,0 +1,38 @@ |
|||||||
|
From c11a951a24b91f80e109951b0fe2ce418ea70f17 Mon Sep 17 00:00:00 2001 |
||||||
|
From: Daiki Ueno <dueno@redhat.com> |
||||||
|
Date: Tue, 23 May 2017 11:55:25 +0200 |
||||||
|
Subject: [PATCH] pkcs11: Make CK_RSA_PKCS_OAEP_PARAMS useful |
||||||
|
|
||||||
|
--- |
||||||
|
common/pkcs11.h | 8 +++++++- |
||||||
|
1 file changed, 7 insertions(+), 1 deletion(-) |
||||||
|
|
||||||
|
diff --git a/common/pkcs11.h b/common/pkcs11.h |
||||||
|
index 357c9bb..ad1cdec 100644 |
||||||
|
--- a/common/pkcs11.h |
||||||
|
+++ b/common/pkcs11.h |
||||||
|
@@ -738,6 +738,12 @@ struct ck_mechanism_info |
||||||
|
ck_flags_t flags; |
||||||
|
}; |
||||||
|
|
||||||
|
+#define CKG_MGF1_SHA1 0x00000001UL |
||||||
|
+#define CKG_MGF1_SHA224 0x00000005UL |
||||||
|
+#define CKG_MGF1_SHA256 0x00000002UL |
||||||
|
+#define CKG_MGF1_SHA384 0x00000003UL |
||||||
|
+#define CKG_MGF1_SHA512 0x00000004UL |
||||||
|
+ |
||||||
|
typedef unsigned long ck_rsa_pkcs_mgf_type_t; |
||||||
|
typedef unsigned long ck_rsa_pkcs_oaep_source_type_t; |
||||||
|
|
||||||
|
@@ -1319,7 +1325,7 @@ typedef struct ck_function_list **CK_FUNCTION_LIST_PTR_PTR; |
||||||
|
typedef struct ck_c_initialize_args CK_C_INITIALIZE_ARGS; |
||||||
|
typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR; |
||||||
|
|
||||||
|
-typedef struct ck_rsa_pkcs_oaep_params CK_RSA_PKCS_OAEP_PARAM; |
||||||
|
+typedef struct ck_rsa_pkcs_oaep_params CK_RSA_PKCS_OAEP_PARAMS; |
||||||
|
typedef struct ck_rsa_pkcs_oaep_params *CK_RSA_PKCS_OAEP_PARAMS_PTR; |
||||||
|
|
||||||
|
#define NULL_PTR NULL |
||||||
|
-- |
||||||
|
2.9.4 |
||||||
|
|
@ -0,0 +1,17 @@ |
|||||||
|
diff -up ./p11-kit/rpc-transport.c.strerror ./p11-kit/rpc-transport.c |
||||||
|
--- ./p11-kit/rpc-transport.c.strerror 2017-06-12 11:44:45.799209430 +0200 |
||||||
|
+++ ./p11-kit/rpc-transport.c 2017-06-12 11:46:41.979498070 +0200 |
||||||
|
@@ -1065,7 +1065,12 @@ rpc_unix_connect (p11_rpc_client_vtable |
||||||
|
} |
||||||
|
|
||||||
|
if (connect (fd, (struct sockaddr *)&run->sa, sizeof (run->sa)) < 0) { |
||||||
|
- p11_debug ("failed to connect to socket: %s", strerror (errno)); |
||||||
|
+ int errn = errno; |
||||||
|
+ char strerr[P11_MESSAGE_MAX]; |
||||||
|
+ snprintf (strerr, sizeof (strerr), "Unknown error %d", errn); |
||||||
|
+ strerror_r (errn, strerr, sizeof (strerr)); |
||||||
|
+ strerr[P11_MESSAGE_MAX - 1] = 0; |
||||||
|
+ p11_debug ("failed to connect to socket: %s", strerr); |
||||||
|
close (fd); |
||||||
|
return CKR_DEVICE_REMOVED; |
||||||
|
} |
@ -0,0 +1,16 @@ |
|||||||
|
#!/usr/bin/bash |
||||||
|
|
||||||
|
set -e |
||||||
|
|
||||||
|
if test "$UID" != "0"; then |
||||||
|
echo "p11-kit: the 'extract-trust' command must be run as root" >&2 |
||||||
|
exit 2 |
||||||
|
fi |
||||||
|
|
||||||
|
if test $# -gt 1; then |
||||||
|
echo "p11-kit: no additional arguments are supported for this command" >&2 |
||||||
|
exit 2 |
||||||
|
fi |
||||||
|
|
||||||
|
exec /usr/bin/update-ca-trust |
||||||
|
|
@ -0,0 +1,304 @@ |
|||||||
|
Name: p11-kit |
||||||
|
Version: 0.23.5 |
||||||
|
Release: 3%{?dist} |
||||||
|
Summary: Library for loading and sharing PKCS#11 modules |
||||||
|
|
||||||
|
License: BSD |
||||||
|
URL: http://p11-glue.freedesktop.org/p11-kit.html |
||||||
|
Source0: http://p11-glue.freedesktop.org/releases/p11-kit-%{version}.tar.gz |
||||||
|
Source1: trust-extract-compat |
||||||
|
Patch0: p11-kit-modifiable.patch |
||||||
|
Patch1: p11-kit-strerror.patch |
||||||
|
Patch2: p11-kit-oaep.patch |
||||||
|
Patch3: p11-kit-doc.patch |
||||||
|
|
||||||
|
BuildRequires: libtasn1-devel >= 2.3 |
||||||
|
BuildRequires: nss-softokn-freebl |
||||||
|
BuildRequires: libffi-devel |
||||||
|
BuildRequires: gtk-doc |
||||||
|
|
||||||
|
%description |
||||||
|
p11-kit provides a way to load and enumerate PKCS#11 modules, as well |
||||||
|
as a standard configuration setup for installing PKCS#11 modules in |
||||||
|
such a way that they're discoverable. |
||||||
|
|
||||||
|
%package devel |
||||||
|
Summary: Development files for %{name} |
||||||
|
Requires: %{name}%{?_isa} = %{version}-%{release} |
||||||
|
|
||||||
|
%description devel |
||||||
|
The %{name}-devel package contains libraries and header files for |
||||||
|
developing applications that use %{name}. |
||||||
|
|
||||||
|
%package doc |
||||||
|
Summary: Documentation files for %{name} |
||||||
|
BuildArch: noarch |
||||||
|
|
||||||
|
%description doc |
||||||
|
The %{name}-doc package contains additional documentation for p11-kit |
||||||
|
and developing applications to take advantage of it. |
||||||
|
|
||||||
|
%package trust |
||||||
|
Summary: System trust module from %{name} |
||||||
|
Requires: %{name}%{?_isa} = %{version}-%{release} |
||||||
|
Requires(post): %{_sbindir}/update-alternatives |
||||||
|
Requires(postun): %{_sbindir}/update-alternatives |
||||||
|
Conflicts: nss < 3.14.3-9 |
||||||
|
|
||||||
|
%description trust |
||||||
|
The %{name}-trust package contains a system trust PKCS#11 module which |
||||||
|
contains certificate anchors and black lists. |
||||||
|
|
||||||
|
|
||||||
|
# solution taken from icedtea-web.spec |
||||||
|
%define multilib_arches ppc64 sparc64 x86_64 s390x |
||||||
|
%ifarch %{multilib_arches} |
||||||
|
%define alt_ckbi libnssckbi.so.%{_arch} |
||||||
|
%else |
||||||
|
%define alt_ckbi libnssckbi.so |
||||||
|
%endif |
||||||
|
|
||||||
|
|
||||||
|
%prep |
||||||
|
%autosetup -p1 |
||||||
|
|
||||||
|
%build |
||||||
|
# These paths are the source paths that come from the plan here: |
||||||
|
# https://fedoraproject.org/wiki/Features/SharedSystemCertificates:SubTasks |
||||||
|
%configure --disable-static --enable-doc --with-trust-paths=%{_sysconfdir}/pki/ca-trust/source:%{_datadir}/pki/ca-trust-source --with-hash-impl=freebl --disable-silent-rules |
||||||
|
make %{?_smp_mflags} V=1 |
||||||
|
|
||||||
|
%install |
||||||
|
make install DESTDIR=$RPM_BUILD_ROOT |
||||||
|
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pkcs11/modules |
||||||
|
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la |
||||||
|
rm -f $RPM_BUILD_ROOT%{_libdir}/pkcs11/*.la |
||||||
|
install -p -m 755 %{SOURCE1} $RPM_BUILD_ROOT%{_libexecdir}/p11-kit/ |
||||||
|
# Install the example conf with %%doc instead |
||||||
|
rm $RPM_BUILD_ROOT%{_sysconfdir}/pkcs11/pkcs11.conf.example |
||||||
|
# We don't support PKCS#11 forwarding in RHEL-7 yet |
||||||
|
rm -f $RPM_BUILD_ROOT%{_libexecdir}/p11-kit/p11-kit-server |
||||||
|
rm -f $RPM_BUILD_ROOT%{_libdir}/pkcs11/p11-kit-client.so |
||||||
|
|
||||||
|
%check |
||||||
|
make check |
||||||
|
|
||||||
|
|
||||||
|
%post -p /sbin/ldconfig |
||||||
|
|
||||||
|
%post trust |
||||||
|
%{_sbindir}/update-alternatives --install %{_libdir}/libnssckbi.so \ |
||||||
|
%{alt_ckbi} %{_libdir}/pkcs11/p11-kit-trust.so 30 |
||||||
|
|
||||||
|
# Fix bad links from earlier p11-kit packages which didn't include s390x |
||||||
|
%posttrans trust |
||||||
|
%ifarch s390x |
||||||
|
if %{_sbindir}/update-alternatives --display libnssckbi.so | grep -q lib64; then |
||||||
|
%{_sbindir}/update-alternatives --remove libnssckbi.so %{_libdir}/pkcs11/p11-kit-trust.so |
||||||
|
if test -e /usr/lib/nss/libnssckbi.so; then |
||||||
|
%{_sbindir}/update-alternatives --install /usr/lib/libnssckbi.so libnssckbi.so /usr/lib/nss/libnssckbi.so 10 |
||||||
|
fi |
||||||
|
fi |
||||||
|
%endif |
||||||
|
|
||||||
|
%postun -p /sbin/ldconfig |
||||||
|
|
||||||
|
%postun trust |
||||||
|
if [ $1 -eq 0 ] ; then |
||||||
|
# package removal |
||||||
|
%{_sbindir}/update-alternatives --remove %{alt_ckbi} %{_libdir}/pkcs11/p11-kit-trust.so |
||||||
|
fi |
||||||
|
|
||||||
|
|
||||||
|
%files |
||||||
|
%doc AUTHORS COPYING NEWS README |
||||||
|
%doc p11-kit/pkcs11.conf.example |
||||||
|
%dir %{_sysconfdir}/pkcs11 |
||||||
|
%dir %{_sysconfdir}/pkcs11/modules |
||||||
|
%dir %{_datadir}/p11-kit |
||||||
|
%dir %{_datadir}/p11-kit/modules |
||||||
|
%dir %{_libexecdir}/p11-kit |
||||||
|
%{_bindir}/p11-kit |
||||||
|
%{_libdir}/libp11-kit.so.* |
||||||
|
%{_libdir}/p11-kit-proxy.so |
||||||
|
%{_libexecdir}/p11-kit/p11-kit-remote |
||||||
|
%{_mandir}/man8/p11-kit.8.gz |
||||||
|
%{_mandir}/man5/pkcs11.conf.5.gz |
||||||
|
|
||||||
|
%files devel |
||||||
|
%{_includedir}/p11-kit-1/ |
||||||
|
%{_libdir}/libp11-kit.so |
||||||
|
%{_libdir}/pkgconfig/p11-kit-1.pc |
||||||
|
|
||||||
|
%files doc |
||||||
|
%doc %{_datadir}/gtk-doc/ |
||||||
|
|
||||||
|
%files trust |
||||||
|
%{_bindir}/trust |
||||||
|
%{_mandir}/man1/trust.1.gz |
||||||
|
%{_libdir}/pkcs11/p11-kit-trust.so |
||||||
|
%{_datadir}/p11-kit/modules/p11-kit-trust.module |
||||||
|
%{_libexecdir}/p11-kit/trust-extract-compat |
||||||
|
|
||||||
|
|
||||||
|
%changelog |
||||||
|
* Mon Jun 12 2017 Daiki Ueno <dueno@redhat.com> - 0.23.5-3 |
||||||
|
- Avoid reference to thread-unsafe strerror rhbz#1378947 |
||||||
|
- Fix PKCS#11 OAEP interface rhbz#1191209 |
||||||
|
- Update documentation to follow RFC7512 rhbz#1165977 |
||||||
|
|
||||||
|
* Thu May 18 2017 Daiki Ueno <dueno@redhat.com> - 0.23.5-2 |
||||||
|
- Make "trust anchor --remove" work again |
||||||
|
|
||||||
|
* Mon Mar 6 2017 Daiki Ueno <dueno@redhat.com> - 0.23.5-1 |
||||||
|
- Rebase to upstream version 0.23.5 |
||||||
|
|
||||||
|
* Wed Feb 22 2017 Daiki Ueno <dueno@redhat.com> - 0.23.4-1 |
||||||
|
- Rebase to upstream version 0.23.4 |
||||||
|
|
||||||
|
* Thu Jan 08 2015 Stef Walter <stefw@redhat.com> - 0.20.7-3 |
||||||
|
- Fix incorrect alternative links for s390 and s390x rhbz#1174178 |
||||||
|
|
||||||
|
* Sun Oct 05 2014 Stef Walter <stefw@redhat.com> - 0.20.7-2 |
||||||
|
- Fix deadlock related to forking and pthread_atfork rhbz#1148774 |
||||||
|
|
||||||
|
* Thu Sep 18 2014 Stef Walter <stefw@redhat.com> - 0.20.7-1 |
||||||
|
- Update to upstream stable 0.20.7 release |
||||||
|
- Expose pkcs11x.h header and defines for attached extensions rhbz#1142305 |
||||||
|
|
||||||
|
* Tue Sep 09 2014 Stef Walter <stefw@redhat.com> - 0.20.6-1 |
||||||
|
- Update to upstream stable 0.20.6 release |
||||||
|
- Respect critical = no in p11-kit-proxy.so rhbz#1128615 |
||||||
|
|
||||||
|
* Fri Sep 05 2014 Stef Walter <stefw@redhat.com> - 0.20.5-1 |
||||||
|
- Update to upstream version 0.20.5 |
||||||
|
- Fixes several issues highlighted at rhbz#1128218 |
||||||
|
|
||||||
|
* Thu Aug 07 2014 Stef Walter <stefw@redhat.com> - 0.20.4-1 |
||||||
|
- Rebase to upstream version 0.20.x (#1122528) |
||||||
|
|
||||||
|
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 0.18.7-4 |
||||||
|
- Mass rebuild 2014-01-24 |
||||||
|
|
||||||
|
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 0.18.7-3 |
||||||
|
- Mass rebuild 2013-12-27 |
||||||
|
|
||||||
|
* Mon Nov 04 2013 Stef Walter <stefw@redhat.com> - 0.18.7-2 |
||||||
|
- Move devel docs into subpackage due to gtk-doc multilib incompatibility (#983176) |
||||||
|
|
||||||
|
* Thu Oct 10 2013 Stef Walter <stefw@redhat.com> - 0.18.7-1 |
||||||
|
- Update to new upstream point release for RHEL bug fixes |
||||||
|
|
||||||
|
* Thu Jul 18 2013 Stef Walter <stefw@redhat.com> - 0.18.5-1 |
||||||
|
- Update to new upstream point release |
||||||
|
- Use freebl for hash algorithms |
||||||
|
- Don't load configs in home dir when setuid or setgid |
||||||
|
- Use $TMPDIR instead of $TEMP while testing |
||||||
|
- Open files and fds with O_CLOEXEC |
||||||
|
- Abort initialization if critical module fails to load |
||||||
|
- Don't use thread-unsafe: strerror, getpwuid |
||||||
|
- Fix p11_kit_space_strlen() result when empty string |
||||||
|
|
||||||
|
* Tue Jun 25 2013 Stef Walter <stefw@redhat.com> - 0.18.4-1 |
||||||
|
- Fix running the extract-trust external command |
||||||
|
|
||||||
|
* Wed Jun 05 2013 Stef Walter <stefw@redhat.com> - 0.18.3-1 |
||||||
|
- Update to new upstream stable release |
||||||
|
- Fix intermittent firefox cert validation issues (#960230) |
||||||
|
- Include the manual pages in the package |
||||||
|
|
||||||
|
* Tue May 14 2013 Stef Walter <stefw@redhat.com> - 0.18.2-1 |
||||||
|
- Update to new upstream stable release |
||||||
|
- Reduce the libtasn1 dependency minimum version |
||||||
|
|
||||||
|
* Thu May 02 2013 Stef Walter <stefw@redhat.com> - 0.18.1-1 |
||||||
|
- Update to new upstream stable release |
||||||
|
- 'p11-kit extract-trust' lives in libdir |
||||||
|
|
||||||
|
* Thu Apr 04 2013 Stef Walter <stefw@redhat.com> - 0.18.0-1 |
||||||
|
- Update to new upstream stable release |
||||||
|
- Various logging tweaks (#928914, #928750) |
||||||
|
- Make the 'p11-kit extract-trust' explicitly reject |
||||||
|
additional arguments |
||||||
|
|
||||||
|
* Fri Mar 29 2013 Stef Walter <stefw@redhat.com> - 0.17.5-2 |
||||||
|
- Fix problem with empathy connecting to Google Talk (#928913) |
||||||
|
|
||||||
|
* Thu Mar 28 2013 Stef Walter <stefw@redhat.com> - 0.17.5-1 |
||||||
|
- Make 'p11-kit extract-trust' call update-ca-trust |
||||||
|
- Work around 32-bit oveflow of certificate dates |
||||||
|
- Build fixes |
||||||
|
|
||||||
|
* Tue Mar 26 2013 Stef Walter <stefw@redhat.com> - 0.17.4-2 |
||||||
|
- Pull in patch from upstream to fix build on ppc (#927394) |
||||||
|
|
||||||
|
* Wed Mar 20 2013 Stef Walter <stefw@redhat.com> - 0.17.4-1 |
||||||
|
- Update to upstream version 0.17.4 |
||||||
|
|
||||||
|
* Mon Mar 18 2013 Stef Walter <stefw@redhat.com> - 0.17.3-1 |
||||||
|
- Update to upstream version 0.17.3 |
||||||
|
- Put the trust input paths in the right order |
||||||
|
|
||||||
|
* Tue Mar 12 2013 Stef Walter <stefw@redhat.com> - 0.16.4-1 |
||||||
|
- Update to upstream version 0.16.4 |
||||||
|
|
||||||
|
* Fri Mar 08 2013 Stef Walter <stefw@redhat.com> - 0.16.3-1 |
||||||
|
- Update to upstream version 0.16.3 |
||||||
|
- Split out system trust module into its own package. |
||||||
|
- p11-kit-trust provides an alternative to an nss module |
||||||
|
|
||||||
|
* Tue Mar 05 2013 Stef Walter <stefw@redhat.com> - 0.16.1-1 |
||||||
|
- Update to upstream version 0.16.1 |
||||||
|
- Setup source directories as appropriate for Shared System Certificates feature |
||||||
|
|
||||||
|
* Tue Mar 05 2013 Stef Walter <stefw@redhat.com> - 0.16.0-1 |
||||||
|
- Update to upstream version 0.16.0 |
||||||
|
|
||||||
|
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.14-2 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild |
||||||
|
|
||||||
|
* Mon Sep 17 2012 Kalev Lember <kalevlember@gmail.com> - 0.14-1 |
||||||
|
- Update to 0.14 |
||||||
|
|
||||||
|
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.13-2 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild |
||||||
|
|
||||||
|
* Mon Jul 16 2012 Kalev Lember <kalevlember@gmail.com> - 0.13-1 |
||||||
|
- Update to 0.13 |
||||||
|
|
||||||
|
* Tue Mar 27 2012 Kalev Lember <kalevlember@gmail.com> - 0.12-1 |
||||||
|
- Update to 0.12 |
||||||
|
- Run self tests in %%check |
||||||
|
|
||||||
|
* Sat Feb 11 2012 Kalev Lember <kalevlember@gmail.com> - 0.11-1 |
||||||
|
- Update to 0.11 |
||||||
|
|
||||||
|
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9-2 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild |
||||||
|
|
||||||
|
* Tue Dec 20 2011 Matthias Clasen <mclasen@redhat.com> - 0.9-1 |
||||||
|
- Update to 0.9 |
||||||
|
|
||||||
|
* Wed Oct 26 2011 Kalev Lember <kalevlember@gmail.com> - 0.8-1 |
||||||
|
- Update to 0.8 |
||||||
|
|
||||||
|
* Mon Sep 19 2011 Matthias Clasen <mclasen@redhat.com> - 0.6-1 |
||||||
|
- Update to 0.6 |
||||||
|
|
||||||
|
* Sun Sep 04 2011 Kalev Lember <kalevlember@gmail.com> - 0.5-1 |
||||||
|
- Update to 0.5 |
||||||
|
|
||||||
|
* Sun Aug 21 2011 Kalev Lember <kalevlember@gmail.com> - 0.4-1 |
||||||
|
- Update to 0.4 |
||||||
|
- Install the example config file to documentation directory |
||||||
|
|
||||||
|
* Wed Aug 17 2011 Kalev Lember <kalevlember@gmail.com> - 0.3-2 |
||||||
|
- Tighten -devel subpackage deps (#725905) |
||||||
|
|
||||||
|
* Fri Jul 29 2011 Kalev Lember <kalevlember@gmail.com> - 0.3-1 |
||||||
|
- Update to 0.3 |
||||||
|
- Upstream rewrote the ASL 2.0 bits, which makes the whole package |
||||||
|
BSD-licensed |
||||||
|
|
||||||
|
* Tue Jul 12 2011 Kalev Lember <kalevlember@gmail.com> - 0.2-1 |
||||||
|
- Initial RPM release |
Loading…
Reference in new issue