base/SPECS/p11-kit.spec

Name:           p11-kit
Version:        0.23.5
Release:        3%{?dist}
Summary:        Library for loading and sharing PKCS#11 modules

License:        BSD
URL:            http://p11-glue.freedesktop.org/p11-kit.html
Source0:        http://p11-glue.freedesktop.org/releases/p11-kit-%{version}.tar.gz
Source1:        trust-extract-compat
Patch0:		p11-kit-modifiable.patch
Patch1:		p11-kit-strerror.patch
Patch2:		p11-kit-oaep.patch
Patch3:		p11-kit-doc.patch

BuildRequires:  libtasn1-devel >= 2.3
BuildRequires:  nss-softokn-freebl
BuildRequires:	libffi-devel
BuildRequires:	gtk-doc

%description
p11-kit provides a way to load and enumerate PKCS#11 modules, as well
as a standard configuration setup for installing PKCS#11 modules in
such a way that they're discoverable.

%package devel
Summary:        Development files for %{name}
Requires:       %{name}%{?_isa} = %{version}-%{release}

%description devel
The %{name}-devel package contains libraries and header files for
developing applications that use %{name}.

%package doc
Summary:        Documentation files for %{name}
BuildArch:	noarch

%description doc
The %{name}-doc package contains additional documentation for p11-kit
and developing applications to take advantage of it.

%package trust
Summary:        System trust module from %{name}
Requires:       %{name}%{?_isa} = %{version}-%{release}
Requires(post):   %{_sbindir}/update-alternatives
Requires(postun): %{_sbindir}/update-alternatives
Conflicts:        nss < 3.14.3-9

%description trust
The %{name}-trust package contains a system trust PKCS#11 module which
contains certificate anchors and black lists.


# solution taken from icedtea-web.spec
%define multilib_arches ppc64 sparc64 x86_64 s390x
%ifarch %{multilib_arches}
%define alt_ckbi  libnssckbi.so.%{_arch}
%else
%define alt_ckbi  libnssckbi.so
%endif


%prep
%autosetup -p1

%build
# These paths are the source paths that  come from the plan here:
# https://fedoraproject.org/wiki/Features/SharedSystemCertificates:SubTasks
%configure --disable-static --enable-doc --with-trust-paths=%{_sysconfdir}/pki/ca-trust/source:%{_datadir}/pki/ca-trust-source --with-hash-impl=freebl --disable-silent-rules
make %{?_smp_mflags} V=1

%install
make install DESTDIR=$RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pkcs11/modules
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
rm -f $RPM_BUILD_ROOT%{_libdir}/pkcs11/*.la
install -p -m 755 %{SOURCE1} $RPM_BUILD_ROOT%{_libexecdir}/p11-kit/
# Install the example conf with %%doc instead
rm $RPM_BUILD_ROOT%{_sysconfdir}/pkcs11/pkcs11.conf.example
# We don't support PKCS#11 forwarding in RHEL-7 yet
rm -f $RPM_BUILD_ROOT%{_libexecdir}/p11-kit/p11-kit-server
rm -f $RPM_BUILD_ROOT%{_libdir}/pkcs11/p11-kit-client.so

%check
make check


%post -p /sbin/ldconfig

%post trust
%{_sbindir}/update-alternatives --install %{_libdir}/libnssckbi.so \
	%{alt_ckbi} %{_libdir}/pkcs11/p11-kit-trust.so 30

# Fix bad links from earlier p11-kit packages which didn't include s390x
%posttrans trust
%ifarch s390x
if %{_sbindir}/update-alternatives --display libnssckbi.so | grep -q lib64; then
    %{_sbindir}/update-alternatives --remove libnssckbi.so %{_libdir}/pkcs11/p11-kit-trust.so
    if test -e /usr/lib/nss/libnssckbi.so; then
        %{_sbindir}/update-alternatives --install /usr/lib/libnssckbi.so libnssckbi.so /usr/lib/nss/libnssckbi.so 10
    fi
fi
%endif

%postun -p /sbin/ldconfig

%postun trust
if [ $1 -eq 0 ] ; then
	# package removal
	%{_sbindir}/update-alternatives --remove %{alt_ckbi} %{_libdir}/pkcs11/p11-kit-trust.so
fi


%files
%doc AUTHORS COPYING NEWS README
%doc p11-kit/pkcs11.conf.example
%dir %{_sysconfdir}/pkcs11
%dir %{_sysconfdir}/pkcs11/modules
%dir %{_datadir}/p11-kit
%dir %{_datadir}/p11-kit/modules
%dir %{_libexecdir}/p11-kit
%{_bindir}/p11-kit
%{_libdir}/libp11-kit.so.*
%{_libdir}/p11-kit-proxy.so
%{_libexecdir}/p11-kit/p11-kit-remote
%{_mandir}/man8/p11-kit.8.gz
%{_mandir}/man5/pkcs11.conf.5.gz

%files devel
%{_includedir}/p11-kit-1/
%{_libdir}/libp11-kit.so
%{_libdir}/pkgconfig/p11-kit-1.pc

%files doc
%doc %{_datadir}/gtk-doc/

%files trust
%{_bindir}/trust
%{_mandir}/man1/trust.1.gz
%{_libdir}/pkcs11/p11-kit-trust.so
%{_datadir}/p11-kit/modules/p11-kit-trust.module
%{_libexecdir}/p11-kit/trust-extract-compat


%changelog
* Mon Jun 12 2017 Daiki Ueno <dueno@redhat.com> - 0.23.5-3
- Avoid reference to thread-unsafe strerror rhbz#1378947
- Fix PKCS#11 OAEP interface rhbz#1191209
- Update documentation to follow RFC7512 rhbz#1165977

* Thu May 18 2017 Daiki Ueno <dueno@redhat.com> - 0.23.5-2
- Make "trust anchor --remove" work again

* Mon Mar  6 2017 Daiki Ueno <dueno@redhat.com> - 0.23.5-1
- Rebase to upstream version 0.23.5

* Wed Feb 22 2017 Daiki Ueno <dueno@redhat.com> - 0.23.4-1
- Rebase to upstream version 0.23.4

* Thu Jan 08 2015 Stef Walter <stefw@redhat.com> - 0.20.7-3
- Fix incorrect alternative links for s390 and s390x rhbz#1174178

* Sun Oct 05 2014 Stef Walter <stefw@redhat.com> - 0.20.7-2
- Fix deadlock related to forking and pthread_atfork rhbz#1148774

* Thu Sep 18 2014 Stef Walter <stefw@redhat.com> - 0.20.7-1
- Update to upstream stable 0.20.7 release
- Expose pkcs11x.h header and defines for attached extensions rhbz#1142305

* Tue Sep 09 2014 Stef Walter <stefw@redhat.com> - 0.20.6-1
- Update to upstream stable 0.20.6 release
- Respect critical = no in p11-kit-proxy.so rhbz#1128615

* Fri Sep 05 2014 Stef Walter <stefw@redhat.com> - 0.20.5-1
- Update to upstream version 0.20.5
- Fixes several issues highlighted at rhbz#1128218

* Thu Aug 07 2014 Stef Walter <stefw@redhat.com> - 0.20.4-1
- Rebase to upstream version 0.20.x (#1122528)

* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 0.18.7-4
- Mass rebuild 2014-01-24

* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 0.18.7-3
- Mass rebuild 2013-12-27

* Mon Nov 04 2013 Stef Walter <stefw@redhat.com> - 0.18.7-2
- Move devel docs into subpackage due to gtk-doc multilib incompatibility (#983176)

* Thu Oct 10 2013 Stef Walter <stefw@redhat.com> - 0.18.7-1
- Update to new upstream point release for RHEL bug fixes

* Thu Jul 18 2013 Stef Walter <stefw@redhat.com> - 0.18.5-1
- Update to new upstream point release
- Use freebl for hash algorithms
- Don't load configs in home dir when setuid or setgid
- Use $TMPDIR instead of $TEMP while testing
- Open files and fds with O_CLOEXEC
- Abort initialization if critical module fails to load
- Don't use thread-unsafe: strerror, getpwuid
- Fix p11_kit_space_strlen() result when empty string

* Tue Jun 25 2013 Stef Walter <stefw@redhat.com> - 0.18.4-1
- Fix running the extract-trust external command

* Wed Jun 05 2013 Stef Walter <stefw@redhat.com> - 0.18.3-1
- Update to new upstream stable release
- Fix intermittent firefox cert validation issues (#960230)
- Include the manual pages in the package

* Tue May 14 2013 Stef Walter <stefw@redhat.com> - 0.18.2-1
- Update to new upstream stable release
- Reduce the libtasn1 dependency minimum version

* Thu May 02 2013 Stef Walter <stefw@redhat.com> - 0.18.1-1
- Update to new upstream stable release
- 'p11-kit extract-trust' lives in libdir

* Thu Apr 04 2013 Stef Walter <stefw@redhat.com> - 0.18.0-1
- Update to new upstream stable release
- Various logging tweaks (#928914, #928750)
- Make the 'p11-kit extract-trust' explicitly reject
  additional arguments

* Fri Mar 29 2013 Stef Walter <stefw@redhat.com> - 0.17.5-2
- Fix problem with empathy connecting to Google Talk (#928913)

* Thu Mar 28 2013 Stef Walter <stefw@redhat.com> - 0.17.5-1
- Make 'p11-kit extract-trust' call update-ca-trust
- Work around 32-bit oveflow of certificate dates
- Build fixes

* Tue Mar 26 2013 Stef Walter <stefw@redhat.com> - 0.17.4-2
- Pull in patch from upstream to fix build on ppc (#927394)

* Wed Mar 20 2013 Stef Walter <stefw@redhat.com> - 0.17.4-1
- Update to upstream version 0.17.4

* Mon Mar 18 2013 Stef Walter <stefw@redhat.com> - 0.17.3-1
- Update to upstream version 0.17.3
- Put the trust input paths in the right order

* Tue Mar 12 2013 Stef Walter <stefw@redhat.com> - 0.16.4-1
- Update to upstream version 0.16.4

* Fri Mar 08 2013 Stef Walter <stefw@redhat.com> - 0.16.3-1
- Update to upstream version 0.16.3
- Split out system trust module into its own package.
- p11-kit-trust provides an alternative to an nss module

* Tue Mar 05 2013 Stef Walter <stefw@redhat.com> - 0.16.1-1
- Update to upstream version 0.16.1
- Setup source directories as appropriate for Shared System Certificates feature

* Tue Mar 05 2013 Stef Walter <stefw@redhat.com> - 0.16.0-1
- Update to upstream version 0.16.0

* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.14-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

* Mon Sep 17 2012 Kalev Lember <kalevlember@gmail.com> - 0.14-1
- Update to 0.14

* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.13-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

* Mon Jul 16 2012 Kalev Lember <kalevlember@gmail.com> - 0.13-1
- Update to 0.13

* Tue Mar 27 2012 Kalev Lember <kalevlember@gmail.com> - 0.12-1
- Update to 0.12
- Run self tests in %%check

* Sat Feb 11 2012 Kalev Lember <kalevlember@gmail.com> - 0.11-1
- Update to 0.11

* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

* Tue Dec 20 2011 Matthias Clasen <mclasen@redhat.com> - 0.9-1
- Update to 0.9

* Wed Oct 26 2011 Kalev Lember <kalevlember@gmail.com> - 0.8-1
- Update to 0.8

* Mon Sep 19 2011 Matthias Clasen <mclasen@redhat.com> - 0.6-1
- Update to 0.6

* Sun Sep 04 2011 Kalev Lember <kalevlember@gmail.com> - 0.5-1
- Update to 0.5

* Sun Aug 21 2011 Kalev Lember <kalevlember@gmail.com> - 0.4-1
- Update to 0.4
- Install the example config file to documentation directory

* Wed Aug 17 2011 Kalev Lember <kalevlember@gmail.com> - 0.3-2
- Tighten -devel subpackage deps (#725905)

* Fri Jul 29 2011 Kalev Lember <kalevlember@gmail.com> - 0.3-1
- Update to 0.3
- Upstream rewrote the ASL 2.0 bits, which makes the whole package
  BSD-licensed

* Tue Jul 12 2011 Kalev Lember <kalevlember@gmail.com> - 0.2-1
- Initial RPM release