diff --git a/security/opencryptoki/Makefile b/security/opencryptoki/Makefile index 0b0fa6c75acd..7ae3cc6d4bb1 100644 --- a/security/opencryptoki/Makefile +++ b/security/opencryptoki/Makefile @@ -1,59 +1,59 @@ PORTNAME= opencryptoki -PORTVERSION= 3.18.0 +PORTVERSION= 3.19.0 DISTVERSIONPREFIX= v CATEGORIES= security MAINTAINER= hrs@FreeBSD.org COMMENT= Open PKCS\#11 implementation library WWW= https://sourceforge.net/projects/opencryptoki/ LICENSE= CPL LICENSE_NAME= Common Public License LICENSE_FILE= ${WRKSRC}/LICENSE LICENSE_PERMS= dist-mirror dist-sell pkg-mirror pkg-sell auto-accept LIB_DEPENDS= libtspi.so:security/trousers \ libepoll-shim.so:devel/libepoll-shim USES= alias autoreconf bison gmake ldap libtool localbase ssl tar:tgz USE_LDCONFIG= ${PREFIX}/lib/opencryptoki USE_GITHUB= yes GNU_CONFIGURE= yes CONFIGURE_ENV= LOCALBASE=${LOCALBASE} CONFIGURE_ARGS= --enable-swtok \ --enable-tpmtok \ --enable-icsftok \ --disable-crtok \ --disable-aeptok \ --disable-ccatok \ --disable-bcomtok \ --disable-pkcscca_migrate \ --with-lockdir=/var/run/opencryptoki \ --with-logdir=/var/log/opencryptoki \ --localstatedir=/var \ --with-openssl=${OPENSSLBASE} \ --with-pkcs11user=${USERS} \ --with-pkcs11group=${GROUPS} \ ac_cv_path_CHGRP=true INSTALL_TARGET= install-strip USE_RC_SUBR= pkcsslotd SUB_FILES= pkg-message SUB_LIST= USERS="${USERS}" GROUPS="${GROUPS}" PLIST_SUB= USERS="${USERS}" GROUPS="${GROUPS}" USERS= _pkcs11 GROUPS= _pkcs11 post-patch: cd ${WRKSRC} && \ ${REINPLACE_CMD} 's,%%DLLDIR%%,${PREFIX}/lib/opencryptoki/stdll,' \ usr/sbin/pkcsslotd/opencryptoki.conf post-install: ${MV} ${STAGEDIR}${DOCSDIR}/strength-example.conf \ ${STAGEDIR}${ETCDIR}/strength.conf.sample ${MV} ${STAGEDIR}${DOCSDIR}/policy-example.conf \ ${STAGEDIR}${ETCDIR}/policy.conf.sample ${RMDIR} ${STAGEDIR}/var/run/opencryptoki/* \ ${STAGEDIR}/var/run/opencryptoki .include diff --git a/security/opencryptoki/distinfo b/security/opencryptoki/distinfo index b969f909723a..5f4f5a9f8f46 100644 --- a/security/opencryptoki/distinfo +++ b/security/opencryptoki/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1651086346 -SHA256 (opencryptoki-opencryptoki-v3.18.0_GH0.tar.gz) = 18882bbb3eaff37b2badf93bce1faab86406ed60f40fd5debc08afd3ceba36c2 -SIZE (opencryptoki-opencryptoki-v3.18.0_GH0.tar.gz) = 1337092 +TIMESTAMP = 1673927846 +SHA256 (opencryptoki-opencryptoki-v3.19.0_GH0.tar.gz) = 9d8646fd5502bbcf6debc89e76ce064198272cbc5856baa8d350056abe5bdf14 +SIZE (opencryptoki-opencryptoki-v3.19.0_GH0.tar.gz) = 1371265 diff --git a/security/opencryptoki/files/patch-Makefile.am b/security/opencryptoki/files/patch-Makefile.am index 36da7c4e1f9c..7f102a37c1f3 100644 --- a/security/opencryptoki/files/patch-Makefile.am +++ b/security/opencryptoki/files/patch-Makefile.am @@ -1,144 +1,145 @@ ---- Makefile.am.orig 2022-04-25 11:04:51 UTC +--- Makefile.am.orig 2022-09-30 07:45:52 UTC +++ Makefile.am -@@ -39,9 +39,9 @@ if ENABLE_LIBRARY +@@ -47,9 +47,9 @@ if ENABLE_LIBRARY cd $(DESTDIR)$(libdir)/opencryptoki && \ ln -fs libopencryptoki.so PKCS11_API.so cd $(DESTDIR)$(libdir)/opencryptoki && \ - ln -nfs $(sbindir) methods + ln -nfs ../../sbin methods cd $(DESTDIR)$(libdir)/pkcs11 && \ - ln -nfs $(sbindir) methods + ln -nfs ../../sbin methods cd $(DESTDIR)$(libdir)/pkcs11 && \ ln -fs ../opencryptoki/libopencryptoki.so PKCS11_API.so cd $(DESTDIR)$(libdir)/pkcs11 && \ -@@ -53,55 +53,55 @@ if ENABLE_CCATOK +@@ -61,12 +61,12 @@ if ENABLE_CCATOK cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ ln -fs libpkcs11_cca.so PKCS11_CCA.so $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ - $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ - $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok + $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ + $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok $(MKDIR_P) $(DESTDIR)$(lockdir)/ccatok - $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/ccatok + $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/ccatok $(CHMOD) 0770 $(DESTDIR)$(lockdir)/ccatok - endif - if ENABLE_EP11TOK + test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true + test -f $(DESTDIR)$(sysconfdir)/opencryptoki/ccatok.conf || $(INSTALL) -m 644 $(srcdir)/usr/lib/cca_stdll/ccatok.conf $(DESTDIR)$(sysconfdir)/opencryptoki/ccatok.conf || true +@@ -75,43 +75,43 @@ if ENABLE_EP11TOK cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ ln -fs libpkcs11_ep11.so PKCS11_EP11.so $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok/TOK_OBJ - $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok/TOK_OBJ - $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok + $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok/TOK_OBJ + $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok/TOK_OBJ $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok $(MKDIR_P) $(DESTDIR)$(lockdir)/ep11tok - $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/ep11tok -+ $(CHGRP) @PKCSGROUP11@ $(DESTDIR)$(lockdir)/ep11tok ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/ep11tok $(CHMOD) 0770 $(DESTDIR)$(lockdir)/ep11tok test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true - test -f $(DESTDIR)$(sysconfdir)/opencryptoki/ep11tok.conf || $(INSTALL) -m 644 $(srcdir)/usr/lib/ep11_stdll/ep11tok.conf $(DESTDIR)$(sysconfdir)/opencryptoki/ep11tok.conf || true - test -f $(DESTDIR)$(sysconfdir)/opencryptoki/ep11cpfilter.conf || $(INSTALL) -m 644 $(srcdir)/usr/lib/ep11_stdll/ep11cpfilter.conf $(DESTDIR)$(sysconfdir)/opencryptoki/ep11cpfilter.conf || true + test -f $(DESTDIR)$(sysconfdir)/opencryptoki/ep11tok.conf.sample || $(INSTALL) -m 644 $(srcdir)/usr/lib/ep11_stdll/ep11tok.conf $(DESTDIR)$(sysconfdir)/opencryptoki/ep11tok.conf.sample || true + test -f $(DESTDIR)$(sysconfdir)/opencryptoki/ep11cpfilter.conf.sample || $(INSTALL) -m 644 $(srcdir)/usr/lib/ep11_stdll/ep11cpfilter.conf $(DESTDIR)$(sysconfdir)/opencryptoki/ep11cpfilter.conf.sample || true endif if ENABLE_P11SAK test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true - test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || $(INSTALL) -g pkcs11 -m 0640 $(srcdir)/usr/sbin/p11sak/p11sak_defined_attrs.conf $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || true -+ test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf.sample || $(INSTALL) -m 0640 $(srcdir)/usr/sbin/p11sak/p11sak_defined_attrs.conf $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf.sample || true ++ test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf.sample || $(INSTALL) -g @PKCS11GROUP@ -m 0640 $(srcdir)/usr/sbin/p11sak/p11sak_defined_attrs.conf $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf.sample || true endif if ENABLE_ICATOK cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ ln -fs libpkcs11_ica.so PKCS11_ICA.so $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ - $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ - $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite + $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ + $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite $(MKDIR_P) $(DESTDIR)$(lockdir)/lite - $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/lite + $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/lite $(CHMOD) 0770 $(DESTDIR)$(lockdir)/lite endif if ENABLE_SWTOK cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ ln -fs libpkcs11_sw.so PKCS11_SW.so $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ - $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ - $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok + $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ + $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok $(MKDIR_P) $(DESTDIR)$(lockdir)/swtok - $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/swtok + $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/swtok $(CHMOD) 0770 $(DESTDIR)$(lockdir)/swtok endif if ENABLE_TPMTOK -@@ -109,10 +109,10 @@ if ENABLE_TPMTOK +@@ -119,10 +119,10 @@ if ENABLE_TPMTOK cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ ln -fs libpkcs11_tpm.so PKCS11_TPM.so $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm - $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm + $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm $(MKDIR_P) $(DESTDIR)$(lockdir)/tpm - $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/tpm + $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/tpm $(CHMOD) 0770 $(DESTDIR)$(lockdir)/tpm endif if ENABLE_ICSFTOK -@@ -120,16 +120,15 @@ if ENABLE_ICSFTOK +@@ -130,16 +130,15 @@ if ENABLE_ICSFTOK cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ ln -fs libpkcs11_icsf.so PKCS11_ICSF.so $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf - $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf + $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf $(MKDIR_P) $(DESTDIR)$(lockdir)/icsf - $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/icsf + $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/icsf $(CHMOD) 0770 $(DESTDIR)$(lockdir)/icsf endif if ENABLE_DAEMON test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true - test -f $(DESTDIR)$(sysconfdir)/opencryptoki/opencryptoki.conf || $(INSTALL) -m 644 $(srcdir)/usr/sbin/pkcsslotd/opencryptoki.conf $(DESTDIR)$(sysconfdir)/opencryptoki/opencryptoki.conf || true - test -f $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || $(INSTALL) -m 640 -o root -g pkcs11 -T $(srcdir)/doc/strength-example.conf $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || true + test -f $(DESTDIR)$(sysconfdir)/opencryptoki/opencryptoki.conf.sample || $(INSTALL) -m 644 $(srcdir)/usr/sbin/pkcsslotd/opencryptoki.conf $(DESTDIR)$(sysconfdir)/opencryptoki/opencryptoki.conf.sample || true if ENABLE_SYSTEMD mkdir -p $(DESTDIR)/usr/lib/tmpfiles.d cp $(srcdir)/misc/tmpfiles.conf $(DESTDIR)/usr/lib/tmpfiles.d/opencryptoki.conf -@@ -137,16 +136,8 @@ if ENABLE_SYSTEMD +@@ -147,16 +146,8 @@ if ENABLE_SYSTEMD rm -f $(DESTDIR)/usr/lib/systemd/system/tmpfiles.conf endif endif - $(MKDIR_P) $(DESTDIR)/etc/ld.so.conf.d - echo "$(libdir)/opencryptoki" >\ - $(DESTDIR)/etc/ld.so.conf.d/opencryptoki-$(target_cpu).conf - echo "$(libdir)/opencryptoki/stdll" >>\ - $(DESTDIR)/etc/ld.so.conf.d/opencryptoki-$(target_cpu).conf - @echo "--------------------------------------------------------------" - @echo "Remember you must run ldconfig before using the above settings" - @echo "--------------------------------------------------------------" $(MKDIR_P) $(DESTDIR)$(lockdir) $(DESTDIR)$(logdir) - $(CHGRP) pkcs11 $(DESTDIR)$(lockdir) $(DESTDIR)$(logdir) + $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir) $(DESTDIR)$(logdir) $(CHMOD) 0770 $(DESTDIR)$(lockdir) $(DESTDIR)$(logdir) -@@ -190,7 +181,6 @@ if ENABLE_TPMTOK +@@ -200,7 +191,6 @@ if ENABLE_TPMTOK cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ rm -rf PKCS11_TPM.so; fi endif - rm -f $(DESTDIR)/etc/ld.so.conf.d/opencryptoki-$(target_cpu).conf if ENABLE_ICSFTOK if test -d $(DESTDIR)$(libdir)/opencryptoki/stdll; then \ cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ diff --git a/security/opencryptoki/files/patch-configure.ac b/security/opencryptoki/files/patch-configure.ac index 8dd546747d7f..4dfd5277b635 100644 --- a/security/opencryptoki/files/patch-configure.ac +++ b/security/opencryptoki/files/patch-configure.ac @@ -1,101 +1,98 @@ ---- configure.ac.orig 2022-04-25 11:04:51 UTC +--- configure.ac.orig 2022-09-30 07:45:52 UTC +++ configure.ac @@ -12,6 +12,9 @@ dnl Checks for header files. AC_DISABLE_STATIC LT_INIT +AC_DEFINE(_BSD_SOURCE, 1, BSD functions) +AC_DEFINE(__BSD_VISIBLE, 1, BSD extensions) + AC_HEADER_STDC AC_CHECK_HEADER_STDBOOL AC_CHECK_HEADERS([arpa/inet.h fcntl.h libintl.h limits.h locale.h malloc.h \ @@ -47,7 +50,7 @@ AC_CHECK_FUNCS([atexit ftruncate gettimeofday localtim strdup strerror strncasecmp strrchr strstr strtol strtoul]) dnl Used in various scripts -AC_PATH_PROG([ID], [id], [/us/bin/id]) +AC_PATH_PROG([ID], [id], [/usr/bin/id]) AC_PATH_PROG([USERMOD], [usermod], [/usr/sbin/usermod]) AC_PATH_PROG([GROUPADD], [groupadd], [/usr/sbin/groupadd]) AC_PATH_PROG([CAT], [cat], [/bin/cat]) -@@ -71,19 +74,27 @@ fi +@@ -71,18 +74,26 @@ fi AC_CHECK_LIB([itm], [_ITM_commitTransaction], [itm=yes], [itm=no]) OPENLDAP_LIBS= --AC_CHECK_HEADERS([lber.h ldap.h], +if test "x$enable_icsftok" = "xyes"; then -+ AC_CHECK_HEADERS([lber.h ldap.h], + AC_CHECK_HEADERS([lber.h ldap.h], [OPENLDAP_LIBS="-llber -lldap"], [AC_MSG_ERROR([lber.h and ldap.h are missing. Please install 'openldap-devel'.])]) --LIBS="$LIBS $OPENLDAP_LIBS" -+ LIBS="$LIBS $OPENLDAP_LIBS" -+fi AC_SUBST([OPENLDAP_LIBS]) ++fi dnl Define custom variables -lockdir=$localstatedir/lock/opencryptoki +AC_ARG_WITH([lockdir], + [AS_HELP_STRING([--with-lockdir],[lock directory])], + [lockdir=$withval], + [lockdir=$localstatedir/lock/opencryptoki]) AC_SUBST(lockdir) -logdir=$localstatedir/log/opencryptoki +AC_ARG_WITH([logdir], + [AS_HELP_STRING([--with-logdir],[log directory])], + [logdir=$withval], + [logdir=$localstatedir/log/opencryptoki]) AC_SUBST(logdir) dnl --- -@@ -241,6 +252,19 @@ AC_ARG_WITH([libudev], +@@ -244,6 +255,19 @@ AC_ARG_WITH([libudev], [], [with_libudev=check]) +dnl --- check for pkcs11 user +AC_ARG_WITH([pkcs11user], + AC_HELP_STRING([--with-pkcs11user[[=USER]]], [set pkcs11 user [[pkcs11]]]), + [pkcs11_user=$withval], + [pkcs11_user=_pkcs11]) +dnl --- check for pkcs11 group +AC_ARG_WITH(pkcs11group, + AC_HELP_STRING([--with-pkcs11group[[=GROUP]]], [set pkcs11 group [[pkcs11]]]), + [pkcs11_group=$withval], + [pkcs11_group=_pkcs11]) +AC_SUBST(PKCS11USER, $pkcs11_user) +AC_SUBST(PKCS11GROUP, $pkcs11_group) + dnl --- dnl --- dnl --- Now that we have all the options, let's check for a valid build -@@ -662,10 +686,14 @@ libitm and gcc>=4.7 is required]) +@@ -674,10 +698,14 @@ else fi - AM_CONDITIONAL([ENABLE_LOCKS], [test "x$enable_locks" = "xyes"]) + AM_CONDITIONAL([ENABLE_MD2], [test "x$enable_md2" = "xyes"]) -CFLAGS="$CFLAGS -DPKCS64 -D_XOPEN_SOURCE=600 -Wall -Wextra" +CFLAGS="$CFLAGS -Wall -Wextra -Wno-pointer-sign" -CFLAGS+=' -DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" -DSBIN_PATH=\"$(sbindir)\" -DLIB_PATH=\"$(libdir)\" -DLOCKDIR_PATH=\"$(lockdir)\" -DOCK_CONFDIR=\"$(sysconfdir)/opencryptoki\" -DOCK_LOGDIR=\"$(logdir)\"' +CPPFX='-DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" -DSBIN_PATH=\"$(sbindir)\" -DLIB_PATH=\"$(libdir)\" -DLOCKDIR_PATH=\"$(lockdir)\" -DOCK_CONFDIR=\"$(sysconfdir)/opencryptoki\" -DOCK_LOGDIR=\"$(logdir)\"' +CPPFLAGS="$CPPFLAGS -DPKCS64 -D_XOPEN_SOURCE=600 $CPPFX" +CPPFLAGS="$CPPFLAGS -DPKCS11USER=\\\"${pkcs11_user}\\\"" +CPPFLAGS="$CPPFLAGS -DPKCS11GROUP=\\\"${pkcs11_group}\\\"" + # At this point, CFLAGS is set to something sensible AC_PROG_CC AC_PROG_CXX -@@ -678,6 +706,10 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM( +@@ -690,6 +718,10 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM( #endif]])],, [AC_MSG_ERROR([C++ compiler is missing on your system. Please install 'gcc-c++'.])]) AC_LANG_POP([C++]) + +AC_SUBST(FPIC, $lt_prog_compiler_pic) + +AC_SUBST(LOCALBASE, $LOCALBASE) AC_CONFIG_MACRO_DIRS([m4]) diff --git a/security/opencryptoki/files/patch-usr-lib-ica_s390_stdll-ica_s390_stdll.mk b/security/opencryptoki/files/patch-usr-lib-ica_s390_stdll-ica_s390_stdll.mk index c8ea5dfc3812..d52aee50e309 100644 --- a/security/opencryptoki/files/patch-usr-lib-ica_s390_stdll-ica_s390_stdll.mk +++ b/security/opencryptoki/files/patch-usr-lib-ica_s390_stdll-ica_s390_stdll.mk @@ -1,20 +1,20 @@ ---- usr/lib/ica_s390_stdll/ica_s390_stdll.mk.orig 2022-04-25 11:04:51 UTC +--- usr/lib/ica_s390_stdll/ica_s390_stdll.mk.orig 2022-09-30 07:45:52 UTC +++ usr/lib/ica_s390_stdll/ica_s390_stdll.mk @@ -3,7 +3,7 @@ nobase_lib_LTLIBRARIES += opencryptoki/stdll/libpkcs11 noinst_HEADERS += usr/lib/ica_s390_stdll/tok_struct.h opencryptoki_stdll_libpkcs11_ica_la_CFLAGS = \ - -DDEV -D_THREAD_SAFE -fPIC -DSHALLOW=0 -DSWTOK=0 -DLITE=1 \ + -DDEV -D_THREAD_SAFE $(FPIC) -DSHALLOW=0 -DSWTOK=0 -DLITE=1 \ - -DNODH -DNOCDMF -DNOMD2 -DNODSA -DSTDLL_NAME=\"icatok\" \ + -DNODH -DNOMD2 -DNODSA -DSTDLL_NAME=\"icatok\" \ -DTOK_NEW_DATA_STORE=0x0003000c \ $(ICA_INC_DIRS) -I${srcdir}/usr/lib/ica_s390_stdll \ @@ -12,7 +12,7 @@ opencryptoki_stdll_libpkcs11_ica_la_CFLAGS = \ opencryptoki_stdll_libpkcs11_ica_la_LDFLAGS = \ $(LCRYPTO) $(ICA_LIB_DIRS) -nostartfiles -shared \ - -Wl,-z,defs,-Bsymbolic -Wl,-soname,$@ -lc -lpthread -lica -ldl \ + -Wl,-z,defs,-Bsymbolic -Wl,-soname,$@ -lc -lpthread -lica \ - -lcrypto -lrt \ + -lcrypto -lrt -llber \ -Wl,--version-script=${srcdir}/opencryptoki_tok.map diff --git a/security/opencryptoki/files/patch-usr-lib-soft_stdll-soft_stdll.mk b/security/opencryptoki/files/patch-usr-lib-soft_stdll-soft_stdll.mk index 484201a38bb4..759760623953 100644 --- a/security/opencryptoki/files/patch-usr-lib-soft_stdll-soft_stdll.mk +++ b/security/opencryptoki/files/patch-usr-lib-soft_stdll-soft_stdll.mk @@ -1,11 +1,11 @@ ---- usr/lib/soft_stdll/soft_stdll.mk.orig 2022-04-25 11:04:51 UTC +--- usr/lib/soft_stdll/soft_stdll.mk.orig 2022-09-30 07:45:52 UTC +++ usr/lib/soft_stdll/soft_stdll.mk @@ -4,7 +4,7 @@ noinst_HEADERS += usr/lib/soft_stdll/tok_struct.h opencryptoki_stdll_libpkcs11_sw_la_CFLAGS = \ - -DDEV -D_THREAD_SAFE -DSHALLOW=0 -DSWTOK=1 -DLITE=0 -DNOCDMF \ + -DDEV -D_THREAD_SAFE -DSHALLOW=0 -DSWTOK=1 -DLITE=0 \ - -DNOMD2 -DNODSA -DNORIPE -fPIC -I${srcdir}/usr/lib/soft_stdll \ + -DNOMD2 -DNODSA -DNORIPE $(FPIC) -I${srcdir}/usr/lib/soft_stdll \ -DTOK_NEW_DATA_STORE=0x0003000c \ -I${srcdir}/usr/lib/common -I${srcdir}/usr/include \ -DSTDLL_NAME=\"swtok\" -I${top_builddir}/usr/lib/api \ diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c index 5191373d0e1e..cdde00a4f14b 100644 --- a/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c +++ b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c @@ -1,20 +1,11 @@ ---- usr/sbin/pkcsconf/pkcsconf.c.orig 2022-04-25 11:04:51 UTC +--- usr/sbin/pkcsconf/pkcsconf.c.orig 2022-09-30 07:45:52 UTC +++ usr/sbin/pkcsconf/pkcsconf.c -@@ -548,7 +548,7 @@ CK_RV check_user_and_group(void) +@@ -362,7 +362,7 @@ CK_RV check_user_and_group(void) * when forked). So we need to get the group information. * Really need to take the uid and map it to a name. */ - grp = getgrnam("pkcs11"); + grp = getgrnam(PKCS11GROUP); if (grp == NULL) { return CKR_FUNCTION_FAILED; } -@@ -589,6 +589,8 @@ CK_RV display_pkcs11_info(void) - printf("\tLibrary Description: %.32s \n", CryptokiInfo.libraryDescription); - printf("\tLibrary Version: %d.%d \n", CryptokiInfo.libraryVersion.major, - CryptokiInfo.libraryVersion.minor); -+ -+ cleanup(); - - return rc; - } diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-opencryptoki.conf b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-opencryptoki.conf index 9b9a5c6060ca..2c00d1ffdb50 100644 --- a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-opencryptoki.conf +++ b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-opencryptoki.conf @@ -1,60 +1,62 @@ ---- usr/sbin/pkcsslotd/opencryptoki.conf.orig 2022-04-25 11:04:51 UTC +--- usr/sbin/pkcsslotd/opencryptoki.conf.orig 2022-09-30 07:45:52 UTC +++ usr/sbin/pkcsslotd/opencryptoki.conf -@@ -21,31 +21,40 @@ version opencryptoki-3.18 +@@ -21,32 +21,41 @@ version opencryptoki-3.19 # slot 0 { -stdll = libpkcs11_tpm.so -tokversion = 3.12 + stdll = %%DLLDIR%%/libpkcs11_tpm.so + description = "TPM (Trusted Platform Module) Token" + tokversion = 3.12 } slot 1 { -stdll = libpkcs11_ica.so -tokversion = 3.12 + stdll = %%DLLDIR%%/libpkcs11_sw.so + description = "Software Token backed by OpenSSL" + tokversion = 3.12 } slot 2 { -stdll = libpkcs11_cca.so +-confname = ccatok.conf -tokversion = 3.12 + stdll = %%DLLDIR%%/libpkcs11_icsf.so + description = "ICSF (Integrated Cryptographic Service Facility) Token" + tokversion = 3.12 } -slot 3 -{ -stdll = libpkcs11_sw.so -tokversion = 3.12 -} -+# slot 3 -+# { -+# stdll = %%DLLDIR%%/libpkcs11_ica.so -+# tokversion = 3.12 -+# } ++#slot 3 ++#{ ++# stdll = %%DLLDIR%%/libpkcs11_ica.so ++# tokversion = 3.12 ++#} -slot 4 -{ -stdll = libpkcs11_ep11.so -confname = ep11tok.conf -tokversion = 3.12 -} -+# slot 4 -+# { -+# stdll = %%DLLDIR%%/libpkcs11_cca.so -+# tokversion = 3.12 -+# } ++#slot 4 ++#{ ++# stdll = %%DLLDIR%%/libpkcs11_cca.so ++# confname = ccatok.conf ++# tokversion = 3.12 ++#} + -+# slot 5 -+# { -+# stdll = %%DLLDIR%%/libpkcs11_ep11.so -+# confname = ep11tok.conf -+# tokversion = 3.12 -+# } ++#slot 5 ++#{ ++# stdll = %%DLLDIR%%/libpkcs11_ep11.so ++# confname = ep11tok.conf ++# tokversion = 3.12 ++#} diff --git a/security/opencryptoki/pkg-descr b/security/opencryptoki/pkg-descr index cdaa8827a684..5019079d4b58 100644 --- a/security/opencryptoki/pkg-descr +++ b/security/opencryptoki/pkg-descr @@ -1 +1,3 @@ -openCryptoki is a PKCS#11 implementation. +openCryptoki implements the PKCS#11 specification version 3.0, +including several cryptographic tokens: CCA, ICA, TPM , SWToken, +ICSF and EP11. diff --git a/security/opencryptoki/pkg-plist b/security/opencryptoki/pkg-plist index 54f88034d21e..61144a82bf62 100644 --- a/security/opencryptoki/pkg-plist +++ b/security/opencryptoki/pkg-plist @@ -1,53 +1,54 @@ @sample etc/opencryptoki/opencryptoki.conf.sample @sample(0,%%GROUPS%%,640) etc/opencryptoki/p11sak_defined_attrs.conf.sample @sample(0,%%GROUPS%%,640) etc/opencryptoki/policy.conf.sample @sample(0,%%GROUPS%%,640) etc/opencryptoki/strength.conf.sample include/opencryptoki/apiclient.h include/opencryptoki/ec_curves.h include/opencryptoki/pkcs11.h include/opencryptoki/pkcs11types.h lib/opencryptoki/libopencryptoki.so lib/opencryptoki/libopencryptoki.so.0 lib/opencryptoki/libopencryptoki.so.0.0.0 lib/opencryptoki/methods lib/opencryptoki/PKCS11_API.so lib/opencryptoki/stdll/libpkcs11_icsf.so lib/opencryptoki/stdll/libpkcs11_icsf.so.0 lib/opencryptoki/stdll/libpkcs11_icsf.so.0.0.0 lib/opencryptoki/stdll/libpkcs11_sw.so lib/opencryptoki/stdll/libpkcs11_sw.so.0 lib/opencryptoki/stdll/libpkcs11_sw.so.0.0.0 lib/opencryptoki/stdll/libpkcs11_tpm.so lib/opencryptoki/stdll/libpkcs11_tpm.so.0 lib/opencryptoki/stdll/libpkcs11_tpm.so.0.0.0 lib/opencryptoki/stdll/PKCS11_ICSF.so lib/opencryptoki/stdll/PKCS11_SW.so lib/opencryptoki/stdll/PKCS11_TPM.so lib/pkcs11/libopencryptoki.so lib/pkcs11/methods lib/pkcs11/PKCS11_API.so lib/pkcs11/stdll +libdata/pkgconfig/opencryptoki.pc man/man1/p11sak.1.gz man/man1/pkcsconf.1.gz man/man1/pkcsicsf.1.gz man/man1/pkcsstats.1.gz man/man1/pkcstok_migrate.1.gz man/man5/opencryptoki.conf.5.gz man/man5/p11sak_defined_attrs.conf.5.gz man/man5/policy.conf.5.gz man/man5/strength.conf.5.gz man/man7/opencryptoki.7.gz man/man8/pkcsslotd.8.gz sbin/p11sak sbin/pkcsconf sbin/pkcsicsf sbin/pkcsslotd sbin/pkcsstats sbin/pkcstok_migrate @dir(%%USERS%%,%%GROUPS%%,770) /var/lib/opencryptoki @dir(%%USERS%%,%%GROUPS%%,770) /var/lib/opencryptoki/icsf @dir(%%USERS%%,%%GROUPS%%,770) /var/lib/opencryptoki/swtok @dir(%%USERS%%,%%GROUPS%%,770) /var/lib/opencryptoki/swtok/TOK_OBJ @dir(%%USERS%%,%%GROUPS%%,770) /var/lib/opencryptoki/tpm @dir /var/lib @dir /var/log/opencryptoki