diff options
| author | Hiroki Sato <hrs@FreeBSD.org> | 2016-05-18 17:22:59 +0000 |
|---|---|---|
| committer | Hiroki Sato <hrs@FreeBSD.org> | 2016-05-18 17:22:59 +0000 |
| commit | 8c8d2c3d81fac5c01075447b436c4fe1cb4c8d22 (patch) | |
| tree | f93cc66ba1590fe367a4281fcf04cf8541a60583 | |
| parent | Update to 1.3.8. (diff) | |
Update to 3.5. Notable changes are as follows:
- No longer required to run pkcs11_startup.
pkcs11_startup and pkcs_slotd were shell scripts that created the
config file, pk_config_data, which was read by pkcsslotd to get
available slot information.
The pk_config_data configuration file has been replaced with
/etc/opencryptoki/opencryptoki.conf.
In version 3, the pkcsslotd daemon reads opencryptoki.conf to get slot
information. The opencryptoki.conf by default contains slot information
for each token currently supported by opencryptoki with the exception of
the ICSF token, which requires some initial setup.
Please see man page for opencryptoki.conf for further information.
Since pk_config_data is no longer required, pkcs11_startup and
pkcs_slotd have been removed.
Notes
Notes:
svn path=/head/; revision=415459
53 files changed, 424 insertions, 902 deletions
diff --git a/security/opencryptoki/Makefile b/security/opencryptoki/Makefile index b26dd480b92b..8a139cbb6c9d 100644 --- a/security/opencryptoki/Makefile +++ b/security/opencryptoki/Makefile @@ -2,8 +2,7 @@ # $FreeBSD$ PORTNAME= opencryptoki -PORTVERSION= 2.3.2 -PORTREVISION= 8 +PORTVERSION= 3.5 CATEGORIES= security MASTER_SITES= SF @@ -17,23 +16,35 @@ LICENSE_PERMS= dist-mirror dist-sell pkg-mirror pkg-sell auto-accept LIB_DEPENDS= libtspi.so:security/trousers -USES= alias autoreconf gmake libtool tar:bzip2 +USES= alias autoreconf gmake libtool tar:tgz USE_LDCONFIG= ${PREFIX}/lib/opencryptoki +WRKSRC= ${WRKDIR}/${PORTNAME} INSTALL_TARGET= install-strip GNU_CONFIGURE= yes CONFIGURE_ARGS= --enable-swtok --enable-tpmtok \ --disable-crtok --disable-aeptok \ --disable-ccatok --disable-bcomtok \ --disable-pkcscca_migrate \ + --with-lockdir=/var/run/opencryptoki \ + --with-logdir=/var/log/opencryptoki \ --localstatedir=/var \ --with-pkcs11user=${USERS} \ - --with-pkcs11group=${GROUPS} + --with-pkcs11group=${GROUPS} \ + ac_cv_path_CHGRP=true CFLAGS+= -I${LOCALBASE}/include LDFLAGS+= -L${LOCALBASE}/lib USE_RC_SUBR= pkcsslotd SUB_FILES= pkg-message -SUB_LIST= USERS=${USERS} GROUPS=${GROUPS} +SUB_LIST= USERS="${USERS}" GROUPS="${GROUPS}" +PLIST_SUB= USERS="${USERS}" GROUPS="${GROUPS}" USERS= _pkcs11 GROUPS= _pkcs11 +post-install: + ${MV} ${STAGEDIR}${ETCDIR}/opencryptoki.conf \ + ${STAGEDIR}${ETCDIR}/opencryptoki.conf.sample + ${RMDIR} ${STAGEDIR}/var/run/opencryptoki/swtok \ + ${STAGEDIR}/var/run/opencryptoki/tpm \ + ${STAGEDIR}/var/run/opencryptoki + .include <bsd.port.mk> diff --git a/security/opencryptoki/distinfo b/security/opencryptoki/distinfo index 7abfdc949951..72f349183c39 100644 --- a/security/opencryptoki/distinfo +++ b/security/opencryptoki/distinfo @@ -1,2 +1,3 @@ -SHA256 (opencryptoki-2.3.2.tar.bz2) = 44fdf74a9eab2586240a69779c5c323e8378e8f2fde21cd4f8bd9186a24c30f7 -SIZE (opencryptoki-2.3.2.tar.bz2) = 665134 +TIMESTAMP = 1463579349 +SHA256 (opencryptoki-3.5.tgz) = 2789e3135196828e2b904faba766aa4c7fd9d1e67664df79bd9a05381a771452 +SIZE (opencryptoki-3.5.tgz) = 1031722 diff --git a/security/opencryptoki/files/patch-Makefile.am b/security/opencryptoki/files/patch-Makefile.am index d8d58bc388ac..c8b6767f98af 100644 --- a/security/opencryptoki/files/patch-Makefile.am +++ b/security/opencryptoki/files/patch-Makefile.am @@ -1,6 +1,6 @@ ---- Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900 -+++ Makefile.am 2010-11-23 22:35:25.112978674 +0900 -@@ -8,5 +8,5 @@ +--- Makefile.am.orig 2016-04-29 17:26:45 UTC ++++ Makefile.am +@@ -8,5 +8,5 @@ if ENABLE_DAEMON MISCDIR = misc endif diff --git a/security/opencryptoki/files/patch-configure.in b/security/opencryptoki/files/patch-configure.in index df7e9e90737d..dd2a9321b9e2 100644 --- a/security/opencryptoki/files/patch-configure.in +++ b/security/opencryptoki/files/patch-configure.in @@ -1,16 +1,16 @@ ---- configure.in.orig 2010-07-29 21:28:41.000000000 +0900 -+++ configure.in 2010-10-20 01:31:02.971984782 +0900 -@@ -8,6 +8,9 @@ +--- configure.in.orig 2016-04-29 17:26:45 UTC ++++ configure.in +@@ -6,6 +6,9 @@ AC_CANONICAL_SYSTEM AM_INIT_AUTOMAKE([foreign 1.6]) +AC_DEFINE(_BSD_SOURCE, 1, BSD functions) +AC_DEFINE(__BSD_VISIBLE, 1, BSD extensions) + - dnl Get the canonical host type - AC_CANONICAL_TARGET - -@@ -30,6 +33,7 @@ + dnl Checks for header files. + AC_DISABLE_STATIC + LT_INIT +@@ -25,6 +28,7 @@ AC_FUNC_MEMCMP AC_FUNC_STRFTIME AC_FUNC_VPRINTF AC_CHECK_FUNCS([getcwd]) @@ -18,9 +18,28 @@ dnl Used in various scripts AC_PATH_PROG([ID], [id], [/us/bin/id]) -@@ -193,6 +197,21 @@ +@@ -40,10 +44,16 @@ AC_PROG_YACC + + dnl Define custom variables + +-lockdir=$localstatedir/lock/opencryptoki ++AC_ARG_WITH([lockdir], ++ [AS_HELP_STRING([--with-lockdir],[lock directory])], ++ [lockdir=$withval], ++ [lockdir=$localstatedir/lock/opencryptoki]) + AC_SUBST(lockdir) + +-logdir=$localstatedir/log/opencryptoki ++AC_ARG_WITH([logdir], ++ [AS_HELP_STRING([--with-logdir],[log directory])], ++ [logdir=$withval], ++ [logdir=$localstatedir/log/opencryptoki]) + AC_SUBST(logdir) + + dnl --- +@@ -166,6 +176,21 @@ AC_ARG_WITH([systemd], [], - [with_xcryptolinz=check]) + [with_systemd=no]) +dnl --- check for pkcs11 user +AC_ARG_WITH([pkcs11user], @@ -40,20 +59,38 @@ dnl --- dnl --- dnl --- Now that we have all the options, let's check for a valid build -@@ -630,11 +649,15 @@ +@@ -554,13 +579,31 @@ fi - CFLAGS="$CFLAGS $DEBUG_CFLAGS -DPKCS64 -D_XOPEN_SOURCE=500" + AM_CONDITIONAL([ENABLE_PKCSEP11_MIGRATE], [test "x$enable_pkcsep11_migrate" = "xyes"]) --CFLAGS+=' -DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" -DSBIN_PATH=\"$(sbindir)\" -DLIB_PATH=\"$(libdir)\"' -+CFLAGS="$CFLAGS -DCONFIG_PATH='\"$localstatedir/lib/opencryptoki\"' -DSBIN_PATH='\"$sbindir\"' -DLIB_PATH='\"$libdir\"'" -+ -+CFLAGS="$CFLAGS -DPKCS11USER='\"${pkcs11_user}\"' -DPKCS11GROUP='\"${pkcs11_group}\"'" +-CFLAGS="$CFLAGS -DPKCS64 -D_XOPEN_SOURCE=600 -Wall -Wno-pointer-sign" +- +-CFLAGS+=' -DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" -DSBIN_PATH=\"$(sbindir)\" -DLIB_PATH=\"$(libdir)\" -DLOCKDIR_PATH=\"$(lockdir)\" -DOCK_CONFDIR=\"$(sysconfdir)/opencryptoki\" -DOCK_LOGDIR=\"$(logdir)\"' ++CFLAGS="$CFLAGS \ ++ -Wall \ ++ -Wno-pointer-sign \ ++" ++CPPFX=' \ ++ -DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" \ ++ -DSBIN_PATH=\"$(sbindir)\" \ ++ -DLIB_PATH=\"$(libdir)\" \ ++ -DLOCKDIR_PATH=\"$(lockdir)\" \ ++ -DOCK_CONFDIR=\"$(sysconfdir)/opencryptoki\" \ ++ -DOCK_LOGDIR=\"$(logdir)\" \ ++' ++CPPFLAGS="$CPPFLAGS \ ++ -DPKCS64 \ ++ -D_XOPEN_SOURCE=600 \ ++ $CPPFX \ ++ -DPKCS11USER=\\\"${pkcs11_user}\\\" \ ++ -DPKCS11GROUP=\\\"${pkcs11_group}\\\" \ ++" # At this point, CFLAGS is set to something sensible AC_PROG_CC +AC_SUBST(FPIC, $lt_prog_compiler_pic) + - AC_OUTPUT([Makefile usr/Makefile \ + AC_CONFIG_FILES([Makefile usr/Makefile \ usr/include/Makefile \ usr/include/pkcs11/Makefile \ diff --git a/security/opencryptoki/files/patch-usr-include-pkcs11-apictl.h b/security/opencryptoki/files/patch-usr-include-pkcs11-apictl.h deleted file mode 100644 index 192c312b5063..000000000000 --- a/security/opencryptoki/files/patch-usr-include-pkcs11-apictl.h +++ /dev/null @@ -1,11 +0,0 @@ ---- usr/include/pkcs11/apictl.h.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/include/pkcs11/apictl.h 2010-10-19 23:42:04.580983829 +0900 -@@ -296,7 +296,7 @@ - - - #include <pkcs11types.h> --#include <linux/limits.h> -+#include <limits.h> - #include <local_types.h> - #include <stdll.h> - #include <slotmgr.h> diff --git a/security/opencryptoki/files/patch-usr-include-pkcs11-slotmgr.h b/security/opencryptoki/files/patch-usr-include-pkcs11-slotmgr.h deleted file mode 100644 index ce9be4e17b33..000000000000 --- a/security/opencryptoki/files/patch-usr-include-pkcs11-slotmgr.h +++ /dev/null @@ -1,11 +0,0 @@ ---- usr/include/pkcs11/slotmgr.h.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/include/pkcs11/slotmgr.h 2010-10-19 23:42:55.423984058 +0900 -@@ -301,7 +301,7 @@ - - - #include <pkcs11types.h> --#include <linux/limits.h> -+#include <limits.h> - #include <local_types.h> - #include <pthread.h> - diff --git a/security/opencryptoki/files/patch-usr-include-pkcs11-stdll.h b/security/opencryptoki/files/patch-usr-include-pkcs11-stdll.h deleted file mode 100644 index 8ee112945d9e..000000000000 --- a/security/opencryptoki/files/patch-usr-include-pkcs11-stdll.h +++ /dev/null @@ -1,11 +0,0 @@ ---- usr/include/pkcs11/stdll.h.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/include/pkcs11/stdll.h 2010-10-19 23:43:40.418984281 +0900 -@@ -302,7 +302,7 @@ - - - #include <pkcs11types.h> --#include <linux/limits.h> -+#include <limits.h> - #include <local_types.h> - #include <slotmgr.h> - diff --git a/security/opencryptoki/files/patch-usr-lib-Makefile.am b/security/opencryptoki/files/patch-usr-lib-Makefile.am index 64a1781ba81c..ff1023b1e9a4 100644 --- a/security/opencryptoki/files/patch-usr-lib-Makefile.am +++ b/security/opencryptoki/files/patch-usr-lib-Makefile.am @@ -1,6 +1,6 @@ ---- usr/lib/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/Makefile.am 2010-11-24 02:34:56.159978814 +0900 -@@ -1,10 +1,2 @@ +--- usr/lib/Makefile.am.orig 2016-04-29 17:26:45 UTC ++++ usr/lib/Makefile.am +@@ -1,12 +1,4 @@ SUBDIRS = pkcs11 -install-data-hook: @@ -11,3 +11,5 @@ - $(DESTDIR)/etc/ld.so.conf.d/opencryptoki-$(target_cpu).conf - echo "**** Remember you must run ldconfig before using the above settings ****" - + uninstall-hook: + rm -f $(DESTDIR)/etc/ld.so.conf.d/opencryptoki-$(target_cpu).conf diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-aep_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-aep_stdll-Makefile.am deleted file mode 100644 index 424ea1b8c461..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-aep_stdll-Makefile.am +++ /dev/null @@ -1,11 +0,0 @@ ---- usr/lib/pkcs11/aep_stdll/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/aep_stdll/Makefile.am 2010-10-19 23:45:36.945982287 +0900 -@@ -6,7 +6,7 @@ - - # Not all versions of automake observe libname_CFLAGS - opencryptoki_stdll_libpkcs11_aep_la_CFLAGS = -DSPINXPL -DDEV \ ---D_THREAD_SAFE -fPIC -DSHALLOW=0 -DSWTOK=1 -DLITE=0 -DNOCDMF -DNOMD2 \ -+-D_THREAD_SAFE $(FPIC) -DSHALLOW=0 -DSWTOK=1 -DLITE=0 -DNOCDMF -DNOMD2 \ - -DNODSA -DDEBUGON -DAEP_GENERIC -DNORIPE -DSTDLL_NAME=\"aeptok\" - - opencryptoki_stdll_libpkcs11_aep_la_SOURCES = ../common/asn1.c \ diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-api-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-Makefile.am index caf3d7e49ff1..9c2819d4bf46 100644 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-api-Makefile.am +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-Makefile.am @@ -1,6 +1,6 @@ ---- usr/lib/pkcs11/api/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/api/Makefile.am 2010-10-19 23:49:45.125982519 +0900 -@@ -4,13 +4,13 @@ +--- usr/lib/pkcs11/api/Makefile.am.orig 2016-04-29 17:26:45 UTC ++++ usr/lib/pkcs11/api/Makefile.am +@@ -4,13 +4,13 @@ SO_CURRENT=0 SO_REVISION=0 SO_AGE=0 @@ -10,9 +10,9 @@ $(SO_CURRENT):$(SO_REVISION):$(SO_AGE) # Not all versions of automake observe libname_CFLAGS - opencryptoki_libopencryptoki_la_CFLAGS = -DSPINXPL -DAPI -DDEV -D_THREAD_SAFE \ -- -fPIC -I../. -I../../../include/pkcs11 -+ $(FPIC) -I../. -I../../../include/pkcs11 - - opencryptoki_libopencryptoki_la_SOURCES = api_interface.c shrd_mem.c apiutil.c + opencryptoki_libopencryptoki_la_CFLAGS = -DAPI -DDEV -D_THREAD_SAFE \ +- -fPIC -I../. -I../../../include/pkcs11 \ ++ $(FPIC) -I../. -I../../../include/pkcs11 \ + -I ../common -DSTDLL_NAME=\"api\" + opencryptoki_libopencryptoki_la_SOURCES = api_interface.c shrd_mem.c \ diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-api-api_interface.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-api_interface.c deleted file mode 100644 index e8dc61475253..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-api-api_interface.c +++ /dev/null @@ -1,35 +0,0 @@ ---- usr/lib/pkcs11/api/api_interface.c.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/api/api_interface.c 2010-10-19 23:52:25.355983620 +0900 -@@ -2390,7 +2390,7 @@ - C_GetFunctionList ( CK_FUNCTION_LIST_PTR_PTR ppFunctionList ) - { - -- _init(); -+ api_init(); - - LOG("C_GetFunctionList"); - FuncList.version.major = VERSION_MAJOR; -@@ -5168,7 +5168,11 @@ - - } - -+#ifdef __sun -+#pragma init(api_init) -+#else - void api_init(void) __attribute__((constructor)); -+#endif - - void - api_init(void) -@@ -5194,7 +5198,11 @@ - - } - -+#ifdef __sun -+#pragma fini(api_fini) -+#else - void api_fini(void) __attribute__((destructor)); -+#endif - - void - api_fini() diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-api-apiutil.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-apiutil.c index 350878557631..12ad45d9473a 100644 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-api-apiutil.c +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-apiutil.c @@ -1,6 +1,6 @@ ---- usr/lib/pkcs11/api/apiutil.c.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/api/apiutil.c 2010-10-19 23:54:52.374982634 +0900 -@@ -305,10 +305,10 @@ +--- usr/lib/pkcs11/api/apiutil.c.orig 2016-04-29 17:26:45 UTC ++++ usr/lib/pkcs11/api/apiutil.c +@@ -298,10 +298,10 @@ #include <string.h> #include <strings.h> #include <unistd.h> @@ -12,33 +12,11 @@ #include <sys/ipc.h> -@@ -325,10 +325,28 @@ +@@ -314,7 +314,6 @@ #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> -#include <sys/file.h> - static int xplfd=-1; - #endif -+#ifdef __sun -+#define LOCK_EX F_LOCK -+#define LOCK_UN F_ULOCK -+#define flock(fd, func) lockf(fd, func, 0) -+#endif -+ -+#ifndef LOCK_SH -+#define LOCK_SH 1 /* shared lock */ -+#endif -+#ifndef LOCK_EX -+#define LOCK_EX 2 /* exclusive lock */ -+#endif -+#ifndef LOCK_NB -+#define LOCK_NB 4 /* don't block when locking */ -+#endif -+#ifndef LOCK_UN -+#define LOCK_UN 8 /* unlock */ -+#endif -+ - #include <libgen.h> + static int xplfd = -1; - #define LIBLOCATION LIB_PATH diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-api-shrd_mem.c.in b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-shrd_mem.c.in index f615f1f34a35..cda7f3706529 100644 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-api-shrd_mem.c.in +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-shrd_mem.c.in @@ -1,11 +1,11 @@ ---- usr/lib/pkcs11/api/shrd_mem.c.in.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/api/shrd_mem.c.in 2010-10-19 23:56:22.728981736 +0900 -@@ -353,7 +353,7 @@ - - - // SAB check for the group id here and membership here as well -- grp = getgrnam("pkcs11"); -+ grp = getgrnam(PKCS11GROUP); - if ( grp ) { - int i=0; - char member=0; +--- usr/lib/pkcs11/api/shrd_mem.c.in.orig 2016-04-29 17:26:45 UTC ++++ usr/lib/pkcs11/api/shrd_mem.c.in +@@ -357,7 +357,7 @@ attach_shared_memory() { + // only check group membership if not root user + if (uid != 0 && euid != 0) { + int i, member=0; +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (!grp) { + // group pkcs11 not known to the system + return NULL; diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-api-socket_client.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-socket_client.c new file mode 100644 index 000000000000..92290bf70905 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-socket_client.c @@ -0,0 +1,11 @@ +--- usr/lib/pkcs11/api/socket_client.c.orig 2016-04-29 17:26:45 UTC ++++ usr/lib/pkcs11/api/socket_client.c +@@ -320,7 +320,7 @@ init_socket_data() { + return FALSE; + } + +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if ( !grp ) { + OCK_SYSLOG(LOG_ERR, "init_socket_data: pkcs11 group does not exist, errno=%d", errno); + return FALSE; diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-bcom_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-bcom_stdll-Makefile.am deleted file mode 100644 index 30c7b7da9d91..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-bcom_stdll-Makefile.am +++ /dev/null @@ -1,11 +0,0 @@ ---- usr/lib/pkcs11/bcom_stdll/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/bcom_stdll/Makefile.am 2010-10-19 23:57:38.434983522 +0900 -@@ -8,7 +8,7 @@ - - # Not all versions of automake observe libname_CFLAGS - opencryptoki_stdll_libpkcs11_bc_la_CFLAGS = -DSPINXPL -DDEV \ ---D_THREAD_SAFE -fPIC $(VARIANT) -DNOCDMF -DNOMD2 -DNODSA -DNOAES \ -+-D_THREAD_SAFE $(FPIC) $(VARIANT) -DNOCDMF -DNOMD2 -DNODSA -DNOAES \ - -DNODH -DDEBUGON -DNORIPE -DSTDLL_NAME=\"bcomtok\" - - opencryptoki_stdll_libpkcs11_bc_la_SOURCES = ../common/asn1.c \ diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-Makefile.am new file mode 100644 index 000000000000..c78feb04a83c --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-Makefile.am @@ -0,0 +1,18 @@ +--- usr/lib/pkcs11/cca_stdll/Makefile.am.orig 2016-04-29 17:26:45 UTC ++++ usr/lib/pkcs11/cca_stdll/Makefile.am +@@ -66,12 +66,12 @@ install-data-hook: + cd $(DESTDIR)/$(libdir)/opencryptoki/stdll && \ + ln -sf libpkcs11_cca.so PKCS11_CCA.so + $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok + $(MKDIR_P) $(DESTDIR)$(lockdir)/ccatok +- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/ccatok ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/ccatok + $(CHMOD) 0770 $(DESTDIR)$(lockdir)/ccatok + + uninstall-hook: diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-host_defs.h b/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-host_defs.h deleted file mode 100644 index 4db0453f3d2c..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-host_defs.h +++ /dev/null @@ -1,27 +0,0 @@ ---- usr/lib/pkcs11/cca_stdll/host_defs.h.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/cca_stdll/host_defs.h 2010-10-19 23:59:33.363984758 +0900 -@@ -10,13 +10,24 @@ - */ - - -+#include <sys/types.h> - #include <sys/mman.h> - #ifndef _HOST_DEFS_H - #define _HOST_DEFS_H - - #include <semaphore.h> - #include <pthread.h> -+#if defined(__OpenBSD__) || defined(__FreeBSD__) -+#include <sys/endian.h> -+#ifdef _BYTE_ORDER -+#define __BYTE_ORDER _BYTE_ORDER -+#endif -+#ifdef _LITTLE_ENDIAN -+#define __LITTLE_ENDIAN _LITTLE_ENDIAN -+#endif -+#else - #include <endian.h> -+#endif - - #include "pkcs32.h" - // Both of the strings below have a length of 32 chars and must be diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-loadsave.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-loadsave.c deleted file mode 100644 index fd6dc631209f..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-loadsave.c +++ /dev/null @@ -1,23 +0,0 @@ ---- usr/lib/pkcs11/cca_stdll/loadsave.c.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/cca_stdll/loadsave.c 2010-10-20 01:49:50.769984323 +0900 -@@ -22,11 +22,9 @@ - #include <string.h> - #include <strings.h> - #include <unistd.h> --#include <alloca.h> - #include <sys/types.h> - #include <sys/stat.h> - #include <sys/ipc.h> --#include <sys/file.h> - #include <errno.h> - - #include <pwd.h> -@@ -51,7 +49,7 @@ - // Set absolute permissions or rw-rw-r-- - fchmod(file,S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH); - -- grp = getgrnam("pkcs11"); // Obtain the group id -+ grp = getgrnam(PKCS11GROUP); // Obtain the group id - if (grp){ - fchown(file,getuid(),grp->gr_gid); // set ownership to root, and pkcs11 group - } diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-new_host.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-new_host.c deleted file mode 100644 index c00cf212bad4..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-new_host.c +++ /dev/null @@ -1,52 +0,0 @@ ---- usr/lib/pkcs11/cca_stdll/new_host.c.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/cca_stdll/new_host.c 2010-10-20 00:06:26.575983974 +0900 -@@ -298,7 +298,7 @@ - struct group *grp; - int rc = 0; - gid_t gid,egid; -- grp = getgrnam("pkcs11"); -+ grp = getgrnam(PKCS11GROUP); - if (grp) { - // Check for member of group.. - // SAB get login seems to not work with some -@@ -786,7 +786,19 @@ - // - object_mgr_destroy_token_objects(); - #if 0 /* TODO: Implement delete_all_files_in_dir() */ -+#if HAVE_ASPRINTF - local_rc = asprintf(&pk_full_path, "%s/%s", pk_dir, PK_LITE_OBJ_DIR); -+#else -+ pk_full_path = malloc(1024); -+ if( pk_full_path != NULL ) { -+ local_rc = snprintf(pk_full_path, 1023, "%s/%s", -+ pk_dir, PK_LITE_OBJ_DIR); -+ if( local_rc == -1 ) free(pk_full_path); -+ } -+ else { -+ local_rc = -1; -+ } -+#endif - if (local_rc == -1) { - rc = CKR_HOST_MEMORY; - goto out; -@@ -797,8 +809,20 @@ - goto out; - } - #endif -+#if HAVE_ASPRINTF - local_rc = asprintf(&s, "%s %s/%s/* > /dev/null 2>&1", DEL_CMD, pk_dir, - PK_LITE_OBJ_DIR); -+#else -+ s = malloc(1024); -+ if( s != NULL ) { -+ local_rc = snprintf(s, 1023, "%s %s/%s/* > /dev/null 2>&1", -+ DEL_CMD, pk_dir, PK_LITE_OBJ_DIR); -+ if( local_rc == -1 ) free(s); -+ } -+ else { -+ local_rc = -1; -+ } -+#endif - if (local_rc == -1) { - rc = CKR_HOST_MEMORY; - goto out; diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-tok_spec_struct.h b/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-tok_spec_struct.h deleted file mode 100644 index 302deaba508e..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-tok_spec_struct.h +++ /dev/null @@ -1,15 +0,0 @@ ---- usr/lib/pkcs11/cca_stdll/tok_spec_struct.h.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/cca_stdll/tok_spec_struct.h 2010-10-20 00:08:00.317982423 +0900 -@@ -22,9 +22,9 @@ - #define _TOK_SPECIFIC_STRUCT - - struct token_specific_struct{ -- CK_BYTE token_directory[2048]; // Used to be in the token_local.h as a #def -- CK_BYTE token_subdir[2048]; // subdirectory -- CK_BYTE token_debug_tag[2048]; // debug logging tag -+ CK_BYTE *token_directory; // Used to be in the token_local.h as a #def -+ CK_BYTE *token_subdir; // subdirectory -+ CK_BYTE *token_debug_tag; // debug logging tag - - CK_RV (*t_init)(char *,CK_SLOT_ID); // Initialization function - int (*t_slot2local)(); // convert the PKCS#11 slot to a local index diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-btree.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-btree.c new file mode 100644 index 000000000000..99b2e72e83cd --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-btree.c @@ -0,0 +1,11 @@ +--- usr/lib/pkcs11/common/btree.c.orig 2016-04-29 17:26:45 UTC ++++ usr/lib/pkcs11/common/btree.c +@@ -30,7 +30,7 @@ + + + #include <stdio.h> +-#include <malloc.h> ++#include <stdlib.h> + + #include "pkcs11types.h" + #include "local_types.h" diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-host_defs.h b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-host_defs.h index d111bf5e002f..ff265b810d7e 100644 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-host_defs.h +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-host_defs.h @@ -1,6 +1,6 @@ ---- usr/lib/pkcs11/common/host_defs.h.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/common/host_defs.h 2010-10-20 00:10:01.398983092 +0900 -@@ -294,13 +294,24 @@ +--- usr/lib/pkcs11/common/host_defs.h.orig 2016-04-29 17:26:45 UTC ++++ usr/lib/pkcs11/common/host_defs.h +@@ -294,12 +294,23 @@ /* (C) COPYRIGHT International Business Machines Corp. 2001,2002 */ @@ -9,19 +9,18 @@ #ifndef _HOST_DEFS_H #define _HOST_DEFS_H - #include <semaphore.h> #include <pthread.h> +#if defined(__OpenBSD__) || defined(__FreeBSD__) +#include <sys/endian.h> -+#ifdef _BYTE_ORDER -+#define __BYTE_ORDER _BYTE_ORDER ++#ifdef _BYTE_ORDER ++#define __BYTE_ORDER _BYTE_ORDER +#endif -+#ifdef _LITTLE_ENDIAN -+#define __LITTLE_ENDIAN _LITTLE_ENDIAN ++#ifdef _LITTLE_ENDIAN ++#define __LITTLE_ENDIAN _LITTLE_ENDIAN +#endif +#else #include <endian.h> +#endif #include "pkcs32.h" - // Both of the strings below have a length of 32 chars and must be + diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-loadsave.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-loadsave.c index f213b304b0a8..4a907660fcb6 100644 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-loadsave.c +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-loadsave.c @@ -1,6 +1,6 @@ ---- usr/lib/pkcs11/common/loadsave.c.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/common/loadsave.c 2010-10-20 00:11:28.399983780 +0900 -@@ -301,11 +301,9 @@ +--- usr/lib/pkcs11/common/loadsave.c.orig 2016-04-29 17:26:45 UTC ++++ usr/lib/pkcs11/common/loadsave.c +@@ -293,11 +293,9 @@ #include <string.h> #include <strings.h> #include <unistd.h> @@ -10,14 +10,14 @@ #include <sys/ipc.h> -#include <sys/file.h> #include <errno.h> - + #include <syslog.h> #include <pwd.h> -@@ -328,7 +326,7 @@ - // Set absolute permissions or rw-rw-r-- - fchmod(file,S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH); +@@ -637,7 +635,7 @@ void set_perm(int file) + // Set absolute permissions or rw-rw---- + fchmod(file, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); -- grp = getgrnam("pkcs11"); // Obtain the group id -+ grp = getgrnam(PKCS11GROUP); // Obtain the group id - if (grp){ - fchown(file,getuid(),grp->gr_gid); // set ownership to root, and pkcs11 group - } +- grp = getgrnam("pkcs11"); // Obtain the group id ++ grp = getgrnam(PKCS11GROUP); // Obtain the group id + if (grp) { + // set ownership to root, and pkcs11 group + if (fchown(file, getuid(), grp->gr_gid) != 0) { diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-new_host.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-new_host.c deleted file mode 100644 index 0c1cc783c420..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-new_host.c +++ /dev/null @@ -1,52 +0,0 @@ ---- usr/lib/pkcs11/common/new_host.c.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/common/new_host.c 2010-10-20 00:16:08.274985517 +0900 -@@ -576,7 +576,7 @@ - struct group *grp; - int rc = 0; - gid_t gid,egid; -- grp = getgrnam("pkcs11"); -+ grp = getgrnam(PKCS11GROUP); - if (grp) { - // Check for member of group.. - // SAB get login seems to not work with some -@@ -1064,7 +1064,19 @@ - // - object_mgr_destroy_token_objects(); - #if 0 /* TODO: Implement delete_all_files_in_dir() */ -+#if HAVE_ASPRINTF - local_rc = asprintf(&pk_full_path, "%s/%s", pk_dir, PK_LITE_OBJ_DIR); -+#else -+ pk_full_path = malloc(1024); -+ if( pk_full_path != NULL ) { -+ local_rc = snprintf(pk_full_path, 1023, "%s/%s", -+ pk_dir, PK_LITE_OBJ_DIR); -+ if( local_rc == -1 ) free(pk_full_path); -+ } -+ else { -+ local_rc = -1; -+ } -+#endif - if (local_rc == -1) { - rc = CKR_HOST_MEMORY; - goto out; -@@ -1075,8 +1087,20 @@ - goto out; - } - #endif -+#if HAVE_ASPRINTF - local_rc = asprintf(&s, "%s %s/%s/* > /dev/null 2>&1", DEL_CMD, pk_dir, - PK_LITE_OBJ_DIR); -+#else -+ s = malloc(1024); -+ if( s != NULL ) { -+ local_rc = snprintf(s, 1023, "%s %s/%s/* > /dev/null 2>&1", -+ DEL_CMD, pk_dir, PK_LITE_OBJ_DIR); -+ if( local_rc == -1 ) free(s); -+ } -+ else { -+ local_rc = -1; -+ } -+#endif - if (local_rc == -1) { - rc = CKR_HOST_MEMORY; - goto out; diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-tok_spec_struct.h b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-tok_spec_struct.h deleted file mode 100644 index bcbfff0dd613..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-tok_spec_struct.h +++ /dev/null @@ -1,15 +0,0 @@ ---- usr/lib/pkcs11/common/tok_spec_struct.h.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/common/tok_spec_struct.h 2010-10-20 00:17:28.288984976 +0900 -@@ -308,9 +308,9 @@ - #define _TOK_SPECIFIC_STRUCT - - struct token_specific_struct{ -- CK_BYTE token_directory[PATH_MAX]; // Used to be in the token_local.h as a #def -- CK_BYTE token_subdir[PATH_MAX]; // subdirectory -- CK_BYTE token_debug_tag[PATH_MAX]; // debug logging tag -+ CK_BYTE *token_directory; // Used to be in the token_local.h as a #def -+ CK_BYTE *token_subdir; // subdirectory -+ CK_BYTE *token_debug_tag; // debug logging tag - - CK_RV (*t_init)(char *,CK_SLOT_ID); // Initialization function - int (*t_slot2local)(); // convert the PKCS#11 slot to a local index diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-trace.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-trace.c new file mode 100644 index 000000000000..52af68444618 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-trace.c @@ -0,0 +1,19 @@ +--- usr/lib/pkcs11/common/trace.c.orig 2016-04-29 17:26:46 UTC ++++ usr/lib/pkcs11/common/trace.c +@@ -301,6 +301,7 @@ + #include <unistd.h> + #include <sys/file.h> + #include <sys/types.h> ++#include <sys/stat.h> + + #include "pkcs11types.h" + #include "defs.h" +@@ -449,7 +450,7 @@ CK_RV trace_initialize(void) + return(CKR_FUNCTION_FAILED); + } + +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (grp == NULL) { + OCK_SYSLOG(LOG_ERR, "getgrnam(pkcs11) failed: %s." + "Tracing is disabled.\n", strerror(errno)); diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-utility.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-utility.c index 77e821c60edc..f8ddb5bb7682 100644 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-utility.c +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-utility.c @@ -1,11 +1,14 @@ ---- usr/lib/pkcs11/common/utility.c.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/common/utility.c 2010-10-20 00:19:02.740983592 +0900 -@@ -302,6 +302,26 @@ - #include <errno.h> - #include <pwd.h> +--- usr/lib/pkcs11/common/utility.c.orig 2016-04-29 17:26:46 UTC ++++ usr/lib/pkcs11/common/utility.c +@@ -275,9 +275,28 @@ + legal action under this Agreement more than one year after + the cause of action arose. Each party waives its rights to + a jury trial in any resulting litigation. ++*/ +#include <fcntl.h> -+ + +-*/ +#ifdef __sun +#define LOCK_EX F_LOCK +#define LOCK_UN F_ULOCK @@ -25,5 +28,23 @@ +#define LOCK_UN 8 /* unlock */ +#endif - #include "pkcs11types.h" - #include "defs.h" + /* (C) COPYRIGHT International Business Machines Corp. 2001,2002 */ + +@@ -587,7 +606,7 @@ CK_RV CreateXProcLock(void) + goto err; + } + +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (grp != NULL) { + if (fchown(spinxplfd, -1, grp->gr_gid) + == -1) { +@@ -1131,7 +1150,7 @@ CK_RV check_user_and_group() + * when forked). So we need to get the group information. + * Really need to take the uid and map it to a name. + */ +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (grp == NULL) { + OCK_SYSLOG(LOG_ERR, "getgrnam() failed: %s\n", strerror(errno)); + goto error; diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-cr_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-cr_stdll-Makefile.am deleted file mode 100644 index dbf0a2ff35ce..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-cr_stdll-Makefile.am +++ /dev/null @@ -1,18 +0,0 @@ ---- usr/lib/pkcs11/cr_stdll/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/cr_stdll/Makefile.am 2010-10-20 00:20:46.987982761 +0900 -@@ -2,13 +2,13 @@ - - opencryptoki_stdll_libpkcs11_cr_la_LDFLAGS = $(LCRYPTO) $(CR_LIB_DIRS) \ - -nostartfiles -shared -Wl,-Bsymbolic -Wl,-soname,PKCS11_BC.so.1 -lc \ ---lpthread -lsocketarmor -ldl -lcrypto -+-lpthread -lsocketarmor -lcrypto - - VARIANT = -DSHALLOW=0 -DSWTOK=1 -DLITE=0 - - # Not all versions of automake observe libname_CFLAGS - opencryptoki_stdll_libpkcs11_cr_la_CFLAGS = -DSPINXPL -DDEV \ ---D_THREAD_SAFE -fPIC $(VARIANT) -DNOCDMF -DNOMD2 -DNODSA -DDEBUGON -+-D_THREAD_SAFE $(FPIC) $(VARIANT) -DNOCDMF -DNOMD2 -DNODSA -DDEBUGON - - opencryptoki_stdll_libpkcs11_cr_la_SOURCES = ../common/asn1.c \ - ../common/cert.c ../common/hwf_obj.c ../common/dp_obj.c \ diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_s390_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_s390_stdll-Makefile.am index 3dbaac74a518..ae622c3da917 100644 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_s390_stdll-Makefile.am +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_s390_stdll-Makefile.am @@ -1,16 +1,33 @@ ---- usr/lib/pkcs11/ica_s390_stdll/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/ica_s390_stdll/Makefile.am 2010-10-20 00:22:00.867981839 +0900 -@@ -2,11 +2,11 @@ - - opencryptoki_stdll_libpkcs11_ica_la_LDFLAGS = $(LCRYPTO) \ - $(ICA_LIB_DIRS) -nostartfiles -shared -Wl,-Bsymbolic -Wl,-soname,$@ \ ---Wl,-Bsymbolic -lc -lpthread -lica -ldl -lcrypto -+-Wl,-Bsymbolic -lc -lpthread -lica -lcrypto +--- usr/lib/pkcs11/ica_s390_stdll/Makefile.am.orig 2016-04-29 17:26:46 UTC ++++ usr/lib/pkcs11/ica_s390_stdll/Makefile.am +@@ -6,12 +6,12 @@ opencryptoki_stdll_libpkcs11_ica_la_LDFL + -Wl,-Bsymbolic \ + -Wl,-soname,$@ \ + -Wl,-Bsymbolic -lc \ +- -lpthread -lica -ldl \ ++ -lpthread -lica \ + -lcrypto # Not all versions of automake observe libname_CFLAGS - opencryptoki_stdll_libpkcs11_ica_la_CFLAGS = -DSPINXPL -DDEV \ ---D_THREAD_SAFE -fPIC -DSHALLOW=0 -DSWTOK=0 -DLITE=1 -DNODH \ -+-D_THREAD_SAFE $(FPIC) -DSHALLOW=0 -DSWTOK=0 -DLITE=1 -DNODH \ - -DNOCDMF -DNOMD2 -DNODSA -DSTDLL_NAME=\"icatok\" + opencryptoki_stdll_libpkcs11_ica_la_CFLAGS = -DDEV \ +- -D_THREAD_SAFE -fPIC \ ++ -D_THREAD_SAFE $(FPIC) \ + -DSHALLOW=0 -DSWTOK=0 \ + -DLITE=1 -DNODH \ + -DNOCDMF -DNOMD2 -DNODSA \ +@@ -64,12 +64,12 @@ install-data-hook: + cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ + ln -sf libpkcs11_ica.so PKCS11_ICA.so + $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite + $(MKDIR_P) $(DESTDIR)$(lockdir)/lite +- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/lite ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/lite + $(CHMOD) 0770 $(DESTDIR)$(lockdir)/lite - opencryptoki_stdll_libpkcs11_ica_la_SOURCES = ../common/asn1.c \ + uninstall-hook: diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_stdll-Makefile.am deleted file mode 100644 index 6d41bd3d8b03..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_stdll-Makefile.am +++ /dev/null @@ -1,21 +0,0 @@ ---- usr/lib/pkcs11/ica_stdll/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/ica_stdll/Makefile.am 2010-10-20 00:23:51.161996275 +0900 -@@ -2,15 +2,15 @@ - - opencryptoki_stdll_libpkcs11_ica_la_LDFLAGS = $(LCRYPTO) \ - $(ICA_LIB_DIRS) -nostartfiles -shared -Wl,-Bsymbolic \ ---Wl,-soname,PKCS11_ICA.so.1 -lc -lpthread -ldl -lica -+-Wl,-soname,PKCS11_ICA.so.1 -lc -lpthread -lica - - # Not all versions of automake observe libname_CFLAGS - opencryptoki_stdll_libpkcs11_ica_la_CFLAGS = -DSPINXPL -DDEV \ ---D_THREAD_SAFE -fPIC -DSHALLOW=0 -DSWTOK=0 -DLITE=1 -DNOCDMF -DNOMD2 \ -+-D_THREAD_SAFE $(FPIC) -DSHALLOW=0 -DSWTOK=0 -DLITE=1 -DNOCDMF -DNOMD2 \ - -DNODSA -DNOAES -DNODH -DNORIPE -DSTDLL_NAME=\"icatok\" - - # Not all versions of automake observe libname_CFLAGS --AM_CFLAGS = -DSPINXPL -DDEV -D_THREAD_SAFE -fPIC -DSHALLOW=0 -DSWTOK=0 \ -+AM_CFLAGS = -DSPINXPL -DDEV -D_THREAD_SAFE $(FPIC) -DSHALLOW=0 -DSWTOK=0 \ - -DLITE=1 -DNOCDMF -DNOMD2 -DNODSA -DNOAES -DNODH -DNORIPE - - opencryptoki_stdll_libpkcs11_ica_la_SOURCES= ../common/asn1.c \ diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-icsf_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-icsf_stdll-Makefile.am new file mode 100644 index 000000000000..1c47fa893638 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-icsf_stdll-Makefile.am @@ -0,0 +1,15 @@ +--- usr/lib/pkcs11/icsf_stdll/Makefile.am.orig 2016-04-29 17:26:46 UTC ++++ usr/lib/pkcs11/icsf_stdll/Makefile.am +@@ -79,10 +79,10 @@ install-data-hook: + cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ + ln -sf libpkcs11_icsf.so PKCS11_ICSF.so + $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf + $(MKDIR_P) $(DESTDIR)$(lockdir)/icsf +- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/icsf ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/icsf + $(CHMOD) 0770 $(DESTDIR)$(lockdir)/icsf + + uninstall-hook: diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-icsf_stdll-pbkdf.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-icsf_stdll-pbkdf.c new file mode 100644 index 000000000000..297a45c88f8f --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-icsf_stdll-pbkdf.c @@ -0,0 +1,11 @@ +--- usr/lib/pkcs11/icsf_stdll/pbkdf.c.orig 2016-04-29 17:26:46 UTC ++++ usr/lib/pkcs11/icsf_stdll/pbkdf.c +@@ -337,7 +337,7 @@ set_perms(int file) + return CKR_FUNCTION_FAILED; + } + +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (grp) { + if (fchown(file, -1, grp->gr_gid) != 0) { + TRACE_ERROR("fchown failed: %s\n", strerror(errno)); diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-Makefile.am index 056d26b6f727..693bf997edff 100644 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-Makefile.am +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-Makefile.am @@ -1,11 +1,27 @@ ---- usr/lib/pkcs11/soft_stdll/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/soft_stdll/Makefile.am 2010-10-20 00:25:03.227984225 +0900 -@@ -7,7 +7,7 @@ - opencryptoki_stdll_libpkcs11_sw_la_CFLAGS = -DSPINXPL -DDEV -D_THREAD_SAFE \ +--- usr/lib/pkcs11/soft_stdll/Makefile.am.orig 2016-04-29 17:26:46 UTC ++++ usr/lib/pkcs11/soft_stdll/Makefile.am +@@ -7,7 +7,7 @@ opencryptoki_stdll_libpkcs11_sw_la_LDFLA + opencryptoki_stdll_libpkcs11_sw_la_CFLAGS = -DDEV -D_THREAD_SAFE \ -DSHALLOW=0 -DSWTOK=1 -DLITE=0 \ -DNOCDMF -DNOMD2 -DNODSA -DNORIPE \ -- -DDEBUGON -fPIC \ -+ -DDEBUGON $(FPIC) \ +- -fPIC \ ++ $(FPIC) \ -I/usr/include -I. \ -I../../../include/pkcs11/stdll \ -I../../../include/pkcs11 \ +@@ -56,12 +56,12 @@ install-data-hook: + cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ + ln -sf libpkcs11_sw.so PKCS11_SW.so + $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok + $(MKDIR_P) $(DESTDIR)$(lockdir)/swtok +- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/swtok ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/swtok + $(CHMOD) 0770 $(DESTDIR)$(lockdir)/swtok + + uninstall-hook: diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-soft_specific.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-soft_specific.c new file mode 100644 index 000000000000..3edd4fa87ad8 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-soft_specific.c @@ -0,0 +1,30 @@ +--- usr/lib/pkcs11/soft_stdll/soft_specific.c.orig 2016-04-29 17:26:46 UTC ++++ usr/lib/pkcs11/soft_stdll/soft_specific.c +@@ -298,7 +298,9 @@ + + + ****************************************************************************/ ++#ifndef _BSD_SOURCE + #define _BSD_SOURCE ++#endif + + #include <pthread.h> + #include <string.h> // for memcmp() et al +@@ -317,7 +319,17 @@ + #include <sys/types.h> + #include <sys/stat.h> + #include <fcntl.h> ++#if defined(__OpenBSD__) || defined(__FreeBSD__) ++#include <sys/endian.h> ++#ifdef _BYTE_ORDER ++#define __BYTE_ORDER _BYTE_ORDER ++#endif ++#ifdef _LITTLE_ENDIAN ++#define __LITTLE_ENDIAN _LITTLE_ENDIAN ++#endif ++#else + #include <endian.h> ++#endif + + #include <openssl/des.h> + #include <openssl/rand.h> diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-Makefile.am new file mode 100644 index 000000000000..b19510c5ccf1 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-Makefile.am @@ -0,0 +1,15 @@ +--- usr/lib/pkcs11/tpm_stdll/Makefile.am.orig 2016-04-29 17:26:46 UTC ++++ usr/lib/pkcs11/tpm_stdll/Makefile.am +@@ -71,10 +71,10 @@ install-data-hook: + cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ + ln -sf libpkcs11_tpm.so PKCS11_TPM.so + $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm + $(MKDIR_P) $(DESTDIR)$(lockdir)/tpm +- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/tpm ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/tpm + $(CHMOD) 0770 $(DESTDIR)$(lockdir)/tpm + + uninstall-hook: diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-host_defs.h b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-host_defs.h deleted file mode 100644 index dcbdda52666c..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-host_defs.h +++ /dev/null @@ -1,28 +0,0 @@ ---- usr/lib/pkcs11/tpm_stdll/host_defs.h.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/tpm_stdll/host_defs.h 2010-10-20 00:26:48.474982648 +0900 -@@ -2,13 +2,25 @@ - /* (C) COPYRIGHT International Business Machines Corp. 2001, 2002, 2005*/ - - -+#include <sys/types.h> - #include <sys/mman.h> - #ifndef _HOST_DEFS_H - #define _HOST_DEFS_H - - #include <semaphore.h> - #include <pthread.h> -+ -+#if defined(__OpenBSD__) || defined(__FreeBSD__) -+#include <sys/endian.h> -+#ifdef _BYTE_ORDER -+#define __BYTE_ORDER _BYTE_ORDER -+#endif -+#ifdef _LITTLE_ENDIAN -+#define __LITTLE_ENDIAN _LITTLE_ENDIAN -+#endif -+#else - #include <endian.h> -+#endif - - #include "pkcs32.h" - // Both of the strings below have a length of 32 chars and must be diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-loadsave.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-loadsave.c deleted file mode 100644 index 7144ab0d4f51..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-loadsave.c +++ /dev/null @@ -1,11 +0,0 @@ ---- usr/lib/pkcs11/tpm_stdll/loadsave.c.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/tpm_stdll/loadsave.c 2010-10-20 00:27:47.109983972 +0900 -@@ -339,7 +339,7 @@ - fchmod(file,S_IRUSR|S_IWUSR); - - #if 0 -- grp = getgrnam("pkcs11"); // Obtain the group id -+ grp = getgrnam(PKCS11GROUP); // Obtain the group id - if (grp){ - fchown(file,getuid(),grp->gr_gid); // set ownership to root, and pkcs11 group - } diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-new_host.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-new_host.c deleted file mode 100644 index b89f2b1ecb78..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-new_host.c +++ /dev/null @@ -1,11 +0,0 @@ ---- usr/lib/pkcs11/tpm_stdll/new_host.c.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/tpm_stdll/new_host.c 2010-10-20 00:29:17.108984288 +0900 -@@ -356,7 +356,7 @@ - int rc = 0; - int index = 0; - gid_t gid,egid; -- grp = getgrnam("pkcs11"); -+ grp = getgrnam(PKCS11GROUP); - if ( grp ) { - // Check for member of group.. - diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-tok_spec_struct.h b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-tok_spec_struct.h deleted file mode 100644 index c49362f92053..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-tok_spec_struct.h +++ /dev/null @@ -1,15 +0,0 @@ ---- usr/lib/pkcs11/tpm_stdll/tok_spec_struct.h.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/tpm_stdll/tok_spec_struct.h 2010-10-20 00:30:22.991986453 +0900 -@@ -33,9 +33,9 @@ - #define _TOK_SPECIFIC_STRUCT - - struct token_specific_struct{ -- CK_BYTE token_directory[PATH_MAX]; // Used to be in the token_local.h as a #def -- CK_BYTE token_subdir[PATH_MAX]; // subdirectory -- CK_BYTE token_debug_tag[PATH_MAX]; // debug logging tag -+ CK_BYTE *token_directory; // Used to be in the token_local.h as a #def -+ CK_BYTE *token_subdir; // subdirectory -+ CK_BYTE *token_debug_tag; // debug logging tag - - CK_RV (*t_init)(char *,CK_SLOT_ID); // Initialization function - int (*t_slot2local)(); // convert the PKCS#11 slot to a local index diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-utility.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-utility.c deleted file mode 100644 index db9dc344854e..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-utility.c +++ /dev/null @@ -1,30 +0,0 @@ ---- usr/lib/pkcs11/tpm_stdll/utility.c.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/tpm_stdll/utility.c 2010-10-20 00:33:02.810983787 +0900 -@@ -44,6 +44,27 @@ - #include "tok_spec_struct.h" - #include "pkcs32.h" - -+#include <fcntl.h> -+ -+#ifdef __sun -+#define LOCK_EX F_LOCK -+#define LOCK_UN F_ULOCK -+#define flock(fd, func) lockf(fd, func, 0) -+#endif -+ -+#ifndef LOCK_SH -+#define LOCK_SH 1 /* shared lock */ -+#endif -+#ifndef LOCK_EX -+#define LOCK_EX 2 /* exclusive lock */ -+#endif -+#ifndef LOCK_NB -+#define LOCK_NB 4 /* don't block when locking */ -+#endif -+#ifndef LOCK_UN -+#define LOCK_UN 8 /* unlock */ -+#endif -+ - #if (SPINXPL) - #include <sys/file.h> - #endif diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcs11_startup-Makefile.am b/security/opencryptoki/files/patch-usr-sbin-pkcs11_startup-Makefile.am deleted file mode 100644 index 5a4da539916b..000000000000 --- a/security/opencryptoki/files/patch-usr-sbin-pkcs11_startup-Makefile.am +++ /dev/null @@ -1,11 +0,0 @@ ---- usr/sbin/pkcs11_startup/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/sbin/pkcs11_startup/Makefile.am 2010-10-22 00:59:30.397048865 +0900 -@@ -12,6 +12,8 @@ - -e s!\@ID\@!"@ID@"!g \ - -e s!\@CAT\@!"@CAT@"!g \ - -e s!\@SED\@!"@SED@"!g \ -+ -e s!\@PKCS11USER\@!"@PKCS11USER@"!g \ -+ -e s!\@PKCS11GROUP\@!"@PKCS11GROUP@"!g \ - -e s!\@GROUPADD\@!"@GROUPADD@"!g \ - -e s!\@USERMOD\@!"@USERMOD@"!g < $< > $@-t - @CHMOD@ +x $@-t diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcs11_startup-pkcs11_startup.in b/security/opencryptoki/files/patch-usr-sbin-pkcs11_startup-pkcs11_startup.in deleted file mode 100644 index eab5c2b3b78a..000000000000 --- a/security/opencryptoki/files/patch-usr-sbin-pkcs11_startup-pkcs11_startup.in +++ /dev/null @@ -1,41 +0,0 @@ ---- usr/sbin/pkcs11_startup/pkcs11_startup.in.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/sbin/pkcs11_startup/pkcs11_startup.in 2010-10-22 00:57:35.508983672 +0900 -@@ -1,4 +1,4 @@ --#!/bin/bash -+#!/bin/sh - - # - # -@@ -310,29 +310,20 @@ - - - # Create the pkcs11 group if it does not exist... --cat /etc/group|grep pkcs11 >/dev/null 2>&1 -+cat /etc/group|grep @PKCS11GROUP@ >/dev/null 2>&1 - rc=$? - if [ $rc = 1 ] - then - if [ -x @GROUPADD@ ] - then -- @GROUPADD@ pkcs11 >/dev/null 2>&1 -+ @GROUPADD@ @PKCS11GROUP@ >/dev/null 2>&1 - - else -- echo "Couldn't execute @GROUPADD@. Please add the group 'pkcs11' manually." -+ echo "Couldn't execute @GROUPADD@. Please add the group '@PKCS11GROUP@' manually." - fi - fi - - --if [ -x @USERMOD@ -a -x @ID@ ] --then -- # add the pkcs group -- # replace spaces by commas -- @USERMOD@ -G $( @ID@ --groups --name root | @SED@ -e 'y/ /,/'),pkcs11 root --else -- echo "Couldn't execute @USERMOD@. Please add root to the group 'pkcs11' manually." --fi -- - - # For each card run the status command and if successful - # create the odm stanza for the file diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcs_slot-pkcs_slot.in b/security/opencryptoki/files/patch-usr-sbin-pkcs_slot-pkcs_slot.in deleted file mode 100644 index 92446a0b6353..000000000000 --- a/security/opencryptoki/files/patch-usr-sbin-pkcs_slot-pkcs_slot.in +++ /dev/null @@ -1,142 +0,0 @@ ---- usr/sbin/pkcs_slot/pkcs_slot.in.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/sbin/pkcs_slot/pkcs_slot.in 2010-10-22 00:42:38.286985256 +0900 -@@ -1,4 +1,4 @@ --#!/bin/bash -+#!/bin/sh - - # - # -@@ -360,7 +360,7 @@ - if [ ! -d @localstatedir@/lib/opencryptoki ] - then - @MKDIR_P@ @localstatedir@/lib/opencryptoki -- @CHGRP@ pkcs11 @localstatedir@/lib/opencryptoki -+ @CHGRP@ @PKCS11GROUP@ @localstatedir@/lib/opencryptoki - @CHMOD@ -R g+rwX @localstatedir@/lib/opencryptoki - fi - -@@ -372,9 +372,9 @@ - if [ $? -ne 0 ] - then - mkdir $SOFT_DIR -- @CHGRP@ pkcs11 $SOFT_DIR -+ @CHGRP@ @PKCS11GROUP@ $SOFT_DIR - mkdir "$SOFT_DIR"/TOK_OBJ -- @CHGRP@ pkcs11 "$SOFT_DIR"/TOK_OBJ -+ @CHGRP@ @PKCS11GROUP@ "$SOFT_DIR"/TOK_OBJ - fi - SYS_SLOT="Soft" - fi -@@ -386,7 +386,7 @@ - if [ $? -ne 0 ] - then - mkdir $TPM_DIR -- @CHGRP@ pkcs11 $TPM_DIR -+ @CHGRP@ @PKCS11GROUP@ $TPM_DIR - fi - SYS_SLOT="TPM" - fi -@@ -397,7 +397,7 @@ - if [ $? -ne 0 ] - then - mkdir $CCA_DIR -- @CHGRP@ pkcs11 $CCA_DIR -+ @CHGRP@ @PKCS11GROUP@ $CCA_DIR - mkdir "$CCA_DIR"/TOK_OBJ - @CHGRP@ pkcs11 "$CCA_DIR"/TOK_OBJ - fi -@@ -406,7 +406,7 @@ - - # If we are using a shallow device, make sure that the directory - # to store token objects is available, if not create it and change --# the ownership to the pkcs11 group -+# the ownership to the @PKCS11GROUP@ group - - - if [ $DEPTH = "ica" ] -@@ -415,9 +415,9 @@ - if [ $? -ne 0 ] - then - mkdir $ICA_DIR -- @CHGRP@ pkcs11 $ICA_DIR -+ @CHGRP@ @PKCS11GROUP@ $ICA_DIR - mkdir "$ICA_DIR"/TOK_OBJ -- @CHGRP@ pkcs11 "$ICA_DIR"/TOK_OBJ -+ @CHGRP@ @PKCS11GROUP@ "$ICA_DIR"/TOK_OBJ - fi - SYS_SLOT="ICA" - fi -@@ -428,9 +428,9 @@ - if [ $? -ne 0 ] - then - mkdir $BCOM_DIR -- @CHGRP@ pkcs11 $BCOM_DIR -+ @CHGRP@ @PKCS11GROUP@ $BCOM_DIR - mkdir "$BCOM_DIR"/TOK_OBJ -- @CHGRP@ pkcs11 "$BCOM_DIR"/TOK_OBJ -+ @CHGRP@ @PKCS11GROUP@ "$BCOM_DIR"/TOK_OBJ - fi - SYS_SLOT="BCOM" - fi -@@ -441,9 +441,9 @@ - if [ $? -ne 0 ] - then - mkdir $AEP_DIR -- @CHGRP@ pkcs11 $AEP_DIR -+ @CHGRP@ @PKCS11GROUP@ $AEP_DIR - mkdir "$AEP_DIR"/TOK_OBJ -- @CHGRP@ pkcs11 "$AEP_DIR"/TOK_OBJ -+ @CHGRP@ @PKCS11GROUP@ "$AEP_DIR"/TOK_OBJ - fi - SYS_SLOT="AEP" - fi -@@ -454,9 +454,9 @@ - if [ $? -ne 0 ] - then - mkdir $CR_DIR -- @CHGRP@ pkcs11 $CR_DIR -+ @CHGRP@ @PKCS11GROUP@ $CR_DIR - mkdir "$CR_DIR"/TOK_OBJ -- @CHGRP@ pkcs11 "$CR_DIR"/TOK_OBJ -+ @CHGRP@ @PKCS11GROUP@ "$CR_DIR"/TOK_OBJ - fi - SYS_SLOT="CRNT" - fi -@@ -477,29 +477,29 @@ - - if [ $DEPTH = "deep" ] - then --echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|$DEVICE|$DEEP4758_DLL_FN|$DEEP4758_INIT" >>$CFGFILE -+echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|$DEVICE|$DEEP4758_DLL|$DEEP4758_INIT" >>$CFGFILE - - elif [ $DEPTH = "ica" ] - then --echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$ICA_DLL_FN|$ICA_INIT" >>$CFGFILE -+echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$ICA_DLL|$ICA_INIT" >>$CFGFILE - elif [ $DEPTH = "bcom" ] - then --echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$BCOM_DLL_FN|$BCOM_INIT" >>$CFGFILE -+echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$BCOM_DLL|$BCOM_INIT" >>$CFGFILE - elif [ $DEPTH = "aep" ] - then --echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$AEP_DLL_FN|$AEP_INIT" >>$CFGFILE -+echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$AEP_DLL|$AEP_INIT" >>$CFGFILE - elif [ $DEPTH = "cr" ] - then --echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$CR_DLL_FN|$CR_INIT" >>$CFGFILE -+echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$CR_DLL|$CR_INIT" >>$CFGFILE - elif [ $DEPTH = "soft" ] - then --echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|FALSE|0|0|1|1|NONE|$SOFT_DLL_FN|$SOFT_INIT" >>$CFGFILE -+echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|FALSE|0|0|1|1|NONE|$SOFT_DLL|$SOFT_INIT" >>$CFGFILE - elif [ $DEPTH = "tpm" ] - then --echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$TPM_DLL_FN|$TPM_INIT" >>$CFGFILE -+echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$TPM_DLL|$TPM_INIT" >>$CFGFILE - elif [ $DEPTH = "cca" ] - then --echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$CCA_DLL_FN|$CCA_INIT" >>$CFGFILE -+echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$CCA_DLL|$CCA_INIT" >>$CFGFILE - fi - - @CHMOD@ -R g+wrX @localstatedir@/lib/opencryptoki diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsconf-Makefile.am b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-Makefile.am index 6e61e87c04b0..0d7f5edc9649 100644 --- a/security/opencryptoki/files/patch-usr-sbin-pkcsconf-Makefile.am +++ b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-Makefile.am @@ -1,5 +1,5 @@ ---- usr/sbin/pkcsconf/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/sbin/pkcsconf/Makefile.am 2010-10-20 00:46:34.600985372 +0900 +--- usr/sbin/pkcsconf/Makefile.am.orig 2016-04-29 17:26:46 UTC ++++ usr/sbin/pkcsconf/Makefile.am @@ -1,6 +1,6 @@ sbin_PROGRAMS=pkcsconf @@ -7,4 +7,4 @@ +pkcsconf_LDFLAGS = -lpthread # Not all versions of automake observe sbinname_CFLAGS - pkcsconf_CFLAGS = -DSPINXPL -D_THREAD_SAFE -DDEBUG -DDEV -DAPI + pkcsconf_CFLAGS = -D_THREAD_SAFE -DDEBUG -DDEV -DAPI diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c index 31aef7224424..905d60314b7f 100644 --- a/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c +++ b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c @@ -1,11 +1,11 @@ ---- usr/sbin/pkcsconf/pkcsconf.c.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/sbin/pkcsconf/pkcsconf.c 2010-10-20 00:47:46.462984231 +0900 -@@ -654,6 +654,8 @@ - free (newpin2); - } +--- usr/sbin/pkcsconf/pkcsconf.c.orig 2016-04-29 17:26:46 UTC ++++ usr/sbin/pkcsconf/pkcsconf.c +@@ -777,6 +777,8 @@ display_pkcs11_info(void){ + printf("\tLibrary Version %d.%d \n", CryptokiInfo.libraryVersion.major, + CryptokiInfo.libraryVersion.minor); + cleanup(); + return rc; - } + diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-err.c b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-err.c deleted file mode 100644 index 1ef0ba153f20..000000000000 --- a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-err.c +++ /dev/null @@ -1,107 +0,0 @@ ---- usr/sbin/pkcsslotd/err.c.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/sbin/pkcsslotd/err.c 2010-10-20 01:17:17.245985003 +0900 -@@ -288,6 +288,7 @@ - - /* (C) COPYRIGHT International Business Machines Corp. 2001 */ - -+#include <signal.h> - - #include "pthread.h" - -@@ -331,14 +332,30 @@ - CONSTINFO(ERANGE), - CONSTINFO(ENOMSG), - CONSTINFO(EIDRM), -+#ifdef ECHRNG - CONSTINFO(ECHRNG), -+#endif -+#ifdef EL2NSYNC - CONSTINFO(EL2NSYNC), -+#endif -+#ifdef EL3HLT - CONSTINFO(EL3HLT), -+#endif -+#ifdef EL3RST - CONSTINFO(EL3RST), -+#endif -+#ifdef ELNRNG - CONSTINFO(ELNRNG), -+#endif -+#ifdef EUNATCH - CONSTINFO(EUNATCH), -+#endif -+#ifdef ENOCSI - CONSTINFO(ENOCSI), -+#endif -+#ifdef EL2HLT - CONSTINFO(EL2HLT), -+#endif - CONSTINFO(EDEADLK), - CONSTINFO(ESTALE), - CONSTINFO(EWOULDBLOCK), -@@ -369,7 +386,9 @@ - CONSTINFO(ECONNREFUSED), - CONSTINFO(EHOSTDOWN), - CONSTINFO(EHOSTUNREACH), -+#ifdef ERESTART - CONSTINFO(ERESTART), -+#endif - CONSTINFO(EUSERS), - CONSTINFO(ELOOP), - CONSTINFO(ENAMETOOLONG), -@@ -380,16 +399,34 @@ - CONSTINFO(ETOOMANYREFS), - CONSTINFO(EILSEQ), - CONSTINFO(ECANCELED), -+#ifdef ENOSR - CONSTINFO(ENOSR), -+#endif -+#ifdef ETIME - CONSTINFO(ETIME), -+#endif -+#ifdef EBADMSG - CONSTINFO(EBADMSG), -+#endif -+#ifdef EPROTO - CONSTINFO(EPROTO), -+#endif -+#ifdef ENODATA - CONSTINFO(ENODATA), -+#endif -+#ifdef ENOSTR - CONSTINFO(ENOSTR), -+#endif - CONSTINFO(ENOTSUP), -+#ifdef EMULTIHOP - CONSTINFO(EMULTIHOP), -+#endif -+#ifdef ENOLINK - CONSTINFO(ENOLINK), -+#endif -+#ifdef EOVERFLOW - CONSTINFO(EOVERFLOW), -+#endif - - }; - -@@ -424,14 +461,20 @@ - CONSTINFO(SIGXCPU), - CONSTINFO(SIGXFSZ), - CONSTINFO(SIGWINCH), -+#ifdef SIGPWR - CONSTINFO(SIGPWR), -+#endif - CONSTINFO(SIGUSR1), - CONSTINFO(SIGUSR2), - CONSTINFO(SIGPROF), - CONSTINFO(SIGVTALRM), - CONSTINFO(SIGIOT), -+#ifdef SIGCLD - CONSTINFO(SIGCLD), -+#endif -+#ifdef SIGPOLL - CONSTINFO(SIGPOLL), -+#endif - #if 0 - CONSTINFO(SIG_DFL), - CONSTINFO(SIG_IGN), diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-log.h b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-log.h new file mode 100644 index 000000000000..1f072780121a --- /dev/null +++ b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-log.h @@ -0,0 +1,14 @@ +--- usr/sbin/pkcsslotd/log.h.orig 2016-04-29 17:26:46 UTC ++++ usr/sbin/pkcsslotd/log.h +@@ -297,9 +297,8 @@ + #ifndef _LOG_H + #define _LOG_H 1 + +- +- +- ++#include <sys/types.h> ++#include <unistd.h> + + #ifndef FALSE + #define FALSE 0 diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c index 412566aa9422..6169b34024d4 100644 --- a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c +++ b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c @@ -1,17 +1,20 @@ ---- usr/sbin/pkcsslotd/mutex.c.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/sbin/pkcsslotd/mutex.c 2010-12-19 12:13:34.837579374 +0900 -@@ -293,6 +293,26 @@ - - #include "pkcsslotd.h" +--- usr/sbin/pkcsslotd/mutex.c.orig 2016-04-29 17:26:46 UTC ++++ usr/sbin/pkcsslotd/mutex.c +@@ -281,10 +281,28 @@ + legal action under this Agreement more than one year after + the cause of action arose. Each party waives its rights to + a jury trial in any resulting litigation. ++*/ +#include <fcntl.h> -+ + +#ifdef __sun +#define LOCK_EX F_LOCK +#define LOCK_UN F_ULOCK +#define flock(fd, func) lockf(fd, func, 0) +#endif -+ + +-*/ +#ifndef LOCK_SH +#define LOCK_SH 1 /* shared lock */ +#endif @@ -25,28 +28,14 @@ +#define LOCK_UN 8 /* unlock */ +#endif - #if SYSVSEM - #error "Caveat Emptor... this does not work" -@@ -315,7 +335,7 @@ - #include <sys/types.h> - #include <sys/stat.h> - #include <fcntl.h> --#include <sys/file.h> -+#include <grp.h> - static int xplfd=-1; - #endif + /* (C) COPYRIGHT International Business Machines Corp. 2001 */ -@@ -349,6 +369,13 @@ - #elif (SPINXPL) - - xplfd = open (XPL_FILE,O_CREAT|O_RDWR,S_IRWXU|S_IRWXG|S_IRWXO); -+ { -+ struct group *grp; -+ fchmod(xplfd,S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH); -+ grp = getgrnam(PKCS11GROUP); -+ if (grp) -+ fchown(xplfd,getuid(),grp->gr_gid); -+ } +@@ -323,7 +341,7 @@ CreateXProcLock(void) + goto error; + } - #elif (SYSVSEM) - #error "Caveat Emptor... this does not work" +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (grp != NULL) { + if (fchown(xplfd,-1,grp->gr_gid) == -1) { + DbgLog(DL0,"%s:fchown(%s):%s\n", diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-pkcsslotd.h b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-pkcsslotd.h index 024873633a1c..d3649cc6044b 100644 --- a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-pkcsslotd.h +++ b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-pkcsslotd.h @@ -1,11 +1,12 @@ ---- usr/sbin/pkcsslotd/pkcsslotd.h.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/sbin/pkcsslotd/pkcsslotd.h 2010-10-20 01:20:18.253984238 +0900 -@@ -353,7 +353,7 @@ - #include <nl_types.h> +--- usr/sbin/pkcsslotd/pkcsslotd.h.orig 2016-04-29 17:26:46 UTC ++++ usr/sbin/pkcsslotd/pkcsslotd.h +@@ -305,6 +305,9 @@ + #ifndef _PKCSSLOTMGR_H + #define _PKCSSLOTMGR_H 1 - #include <sys/ipc.h> --#include <linux/limits.h> -+#include <limits.h> - #include <sys/shm.h> - #include <sys/stat.h> - #include <sys/types.h> ++#include <sys/types.h> ++#include <sys/ipc.h> ++ + /*********** + * Defines * + ***********/ diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-shmem.c b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-shmem.c index 973c25b76436..252ebdee2f31 100644 --- a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-shmem.c +++ b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-shmem.c @@ -1,6 +1,6 @@ ---- usr/sbin/pkcsslotd/shmem.c.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/sbin/pkcsslotd/shmem.c 2010-10-20 01:23:03.203984101 +0900 -@@ -338,9 +338,9 @@ +--- usr/sbin/pkcsslotd/shmem.c.orig 2016-04-29 17:26:46 UTC ++++ usr/sbin/pkcsslotd/shmem.c +@@ -336,9 +336,9 @@ int CreateSharedMemory ( void ) { } // SAB Get the group information for the PKCS#11 group... fail if // it does not exist @@ -12,7 +12,7 @@ return FALSE; // Group does not exist... setup is wrong.. } -@@ -409,9 +409,9 @@ +@@ -415,9 +415,9 @@ int CreateSharedMemory ( void ) { int i; char *buffer; @@ -24,7 +24,7 @@ SBIN_PATH); return FALSE; // Group does not exist... setup is wrong.. } -@@ -431,7 +431,7 @@ +@@ -437,7 +437,7 @@ int CreateSharedMemory ( void ) { return FALSE; } if (fchown(fd, 0, grp->gr_gid) == -1) { diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-socket_server.c b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-socket_server.c new file mode 100644 index 000000000000..56d3acc14595 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-socket_server.c @@ -0,0 +1,11 @@ +--- usr/sbin/pkcsslotd/socket_server.c.orig 2016-04-29 17:26:46 UTC ++++ usr/sbin/pkcsslotd/socket_server.c +@@ -337,7 +337,7 @@ int CreateListenerSocket (void) { + + // make socket file part of the pkcs11 group, and write accessable + // for that group +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (!grp) { + ErrLog("Group PKCS#11 does not exist"); + DetachSocketListener(socketfd); diff --git a/security/opencryptoki/files/pkcsslotd.in b/security/opencryptoki/files/pkcsslotd.in index 6da0156a11e5..159fa36dfa90 100644 --- a/security/opencryptoki/files/pkcsslotd.in +++ b/security/opencryptoki/files/pkcsslotd.in @@ -16,18 +16,19 @@ . /etc/rc.subr name=pkcsslotd -rcvar=pkcsslotd_enable -command=%%PREFIX%%/sbin/${name} +rcvar=${name}_enable +command="%%PREFIX%%/sbin/$name" start_precmd=${name}_prestart pkcsslotd_prestart () { - [ -f /var/lib/opencryptoki/pk_config_data ] || \ - %%PREFIX%%/sbin/pkcs11_startup + install -d -o %%USERS%% -g %%GROUPS%% -m 0755 \ + /var/run/opencryptoki/swtok \ + /var/run/opencryptoki/tpm } -load_rc_config ${name} +load_rc_config $name -: pkcsslotd_enable=${pkcsslotd_enable-"NO"} +: ${pkcsslotd_enable="NO"} run_rc_command "$1" diff --git a/security/opencryptoki/pkg-plist b/security/opencryptoki/pkg-plist index 06f5af1f40c8..9244ac756430 100644 --- a/security/opencryptoki/pkg-plist +++ b/security/opencryptoki/pkg-plist @@ -1,3 +1,4 @@ +@sample etc/opencryptoki/opencryptoki.conf.sample include/opencryptoki/apiclient.h include/opencryptoki/pkcs11.h include/opencryptoki/pkcs11types.h @@ -7,10 +8,10 @@ lib/opencryptoki/libopencryptoki.so.0 lib/opencryptoki/libopencryptoki.so.0.0.0 lib/opencryptoki/methods lib/opencryptoki/stdll/PKCS11_SW.so +lib/opencryptoki/stdll/PKCS11_TPM.so lib/opencryptoki/stdll/libpkcs11_sw.so lib/opencryptoki/stdll/libpkcs11_sw.so.0 lib/opencryptoki/stdll/libpkcs11_sw.so.0.0.0 -lib/opencryptoki/stdll/PKCS11_TPM.so lib/opencryptoki/stdll/libpkcs11_tpm.so lib/opencryptoki/stdll/libpkcs11_tpm.so.0 lib/opencryptoki/stdll/libpkcs11_tpm.so.0.0.0 @@ -18,16 +19,18 @@ lib/pkcs11/PKCS11_API.so lib/pkcs11/libopencryptoki.so lib/pkcs11/methods lib/pkcs11/stdll -sbin/pkcs11_startup -sbin/pkcs_slot -sbin/pkcsconf -sbin/pkcsslotd -man/man1/pkcs11_startup.1.gz +man/man1/pkcscca.1.gz man/man1/pkcsconf.1.gz -man/man5/pk_config_data.5.gz +man/man1/pkcsep11_migrate.1.gz +man/man1/pkcsicsf.1.gz +man/man5/opencryptoki.conf.5.gz man/man7/opencryptoki.7.gz man/man8/pkcsslotd.8.gz -@dir(_pkcs11,_pkcs11,700) /var/lib/opencryptoki/swtok -@dir(_pkcs11,_pkcs11,700) /var/lib/opencryptoki/tpm -@dir(_pkcs11,_pkcs11,700) /var/lib/opencryptoki +sbin/pkcsconf +sbin/pkcsslotd +@dir(%%USERS%%,%%GROUPS%%,700) /var/lib/opencryptoki/swtok/TOK_OBJ +@dir(%%USERS%%,%%GROUPS%%,700) /var/lib/opencryptoki/swtok +@dir(%%USERS%%,%%GROUPS%%,700) /var/lib/opencryptoki/tpm +@dir(%%USERS%%,%%GROUPS%%,700) /var/lib/opencryptoki @dir /var/lib +@dir /var/log/opencryptoki |