Merge branch 'master' into epel8

i8ce
Stephen Smoogen 6 years ago
commit 8a6bde0ccb

6
.gitignore vendored

@ -0,0 +1,6 @@
pkcs11-helper-1.07.tar.bz2
/pkcs11-helper-1.08.tar.bz2
/pkcs11-helper-1.09.tar.bz2
/pkcs11-helper-1.10.tar.bz2
/pkcs11-helper-1.11.tar.bz2
/pkcs11-helper-1.22.tar.bz2

@ -1,21 +0,0 @@
# Makefile for source rpm: pkcs11-helper
# $Id$
NAME := pkcs11-helper
SPECFILE = $(firstword $(wildcard *.spec))
define find-makefile-common
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
endef
MAKEFILE_COMMON := $(shell $(find-makefile-common))
ifeq ($(MAKEFILE_COMMON),)
# attept a checkout
define checkout-makefile-common
test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
endef
MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
endif
include $(MAKEFILE_COMMON)

@ -0,0 +1,686 @@
commit 8b614fd9554d3b372a829e4a05e21c5899f581ca
Author: David Woodhouse <David.Woodhouse@intel.com>
Date: Thu Apr 30 14:58:24 2015 +0100
Serialize to RFC7512-compliant PKCS#11 URIs
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
commit db7a561668614b16b3a14564b3b4f71912db8e17
Author: David Woodhouse <David.Woodhouse@intel.com>
Date: Wed Dec 10 14:00:21 2014 +0000
Accept RFC7512-compliant PKCS#11 URIs as serialized token/certificate IDs
The old format is still accepted for compatibility.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
commit 7f89de7690edc3dfbd4eb70ad457814a2489a5bc
Author: David Woodhouse <David.Woodhouse@intel.com>
Date: Sun Dec 14 19:42:18 2014 +0000
Stop _pkcs11h_util_hexToBinary() checking for trailing NUL
We are going to want to use this for parsing %XX hex escapes in RFC7512
PKCS#11 URIs, where we cannot expect a trailing NUL. Since there's only
one existing caller at the moment, it's simple just to let the caller
have responsibility for that check.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
diff --git a/lib/pkcs11h-serialization.c b/lib/pkcs11h-serialization.c
index ad275f8..1d077e4 100644
--- a/lib/pkcs11h-serialization.c
+++ b/lib/pkcs11h-serialization.c
@@ -61,29 +61,127 @@
#if defined(ENABLE_PKCS11H_TOKEN) || defined(ENABLE_PKCS11H_CERTIFICATE)
+#define URI_SCHEME "pkcs11:"
+
+#define token_field_ofs(field) ((unsigned long)&(((struct pkcs11h_token_id_s *)0)->field))
+#define token_field_size(field) sizeof((((struct pkcs11h_token_id_s *)0)->field))
+#define token_field(name, field) { name "=", sizeof(name), \
+ token_field_ofs(field), token_field_size(field) }
+
+static struct {
+ const char const *name;
+ size_t namelen;
+ unsigned long field_ofs;
+ size_t field_size;
+} __token_fields[] = {
+ token_field ("model", model),
+ token_field ("token", label),
+ token_field ("manufacturer", manufacturerID ),
+ token_field ("serial", serialNumber ),
+ { NULL },
+};
+
+#define P11_URL_VERBATIM "abcdefghijklmnopqrstuvwxyz" \
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ" \
+ "0123456789_-."
+
+static
+int
+__token_attr_escape(char *uri, char *attr, size_t attrlen)
+{
+ int len = 0, i;
+
+ for (i = 0; i < attrlen; i++) {
+ if (strchr(P11_URL_VERBATIM, attr[i])) {
+ if (uri) {
+ *(uri++) = attr[i];
+ }
+ len++;
+ } else {
+ if (uri) {
+ sprintf(uri, "%%%02x", (unsigned char)attr[i]);
+ uri += 3;
+ }
+ len += 3;
+ }
+ }
+ return len;
+}
+
+static
+CK_RV
+__generate_pkcs11_uri (
+ OUT char * const sz,
+ IN OUT size_t *max,
+ IN const pkcs11h_certificate_id_t certificate_id,
+ IN const pkcs11h_token_id_t token_id
+) {
+ size_t _max;
+ char *p = sz;
+ int i;
+
+ _PKCS11H_ASSERT (max!=NULL);
+ _PKCS11H_ASSERT (token_id!=NULL);
+
+ _max = strlen(URI_SCHEME);
+ for (i = 0; __token_fields[i].name; i++) {
+ char *field = ((char *)token_id) + __token_fields[i].field_ofs;
+
+ _max += __token_fields[i].namelen;
+ _max += __token_attr_escape (NULL, field, strlen(field));
+ _max++; /* For a semicolon or trailing NUL */
+ }
+ if (certificate_id) {
+ _max += strlen (";id=");
+ _max += __token_attr_escape (NULL,
+ (char *)certificate_id->attrCKA_ID,
+ certificate_id->attrCKA_ID_size);
+ }
+
+ if (!sz) {
+ *max = _max;
+ return CKR_OK;
+ }
+
+ if (sz && *max < _max)
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+
+ p += sprintf(p, URI_SCHEME);
+ for (i = 0; __token_fields[i].name; i++) {
+ char *field = ((char *)token_id) + __token_fields[i].field_ofs;
+
+ p += sprintf (p, "%s", __token_fields[i].name);
+ p += __token_attr_escape (p, field, strlen(field));
+ *(p++) = ';';
+ }
+ if (certificate_id) {
+ p += sprintf (p, "id=");
+ p += __token_attr_escape (p,
+ (char *)certificate_id->attrCKA_ID,
+ certificate_id->attrCKA_ID_size);
+ } else {
+ /* Remove the unneeded trailing semicolon */
+ p--;
+ }
+ *(p++) = 0;
+
+ *max = _max;
+
+ return CKR_OK;
+}
+
CK_RV
pkcs11h_token_serializeTokenId (
OUT char * const sz,
IN OUT size_t *max,
IN const pkcs11h_token_id_t token_id
) {
- const char *sources[5];
CK_RV rv = CKR_FUNCTION_FAILED;
- size_t n;
- int e;
/*_PKCS11H_ASSERT (sz!=NULL); Not required*/
_PKCS11H_ASSERT (max!=NULL);
_PKCS11H_ASSERT (token_id!=NULL);
- { /* Must be after assert */
- sources[0] = token_id->manufacturerID;
- sources[1] = token_id->model;
- sources[2] = token_id->serialNumber;
- sources[3] = token_id->label;
- sources[4] = NULL;
- }
-
_PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_token_serializeTokenId entry sz=%p, *max="P_Z", token_id=%p",
@@ -92,67 +190,161 @@ pkcs11h_token_serializeTokenId (
(void *)token_id
);
- n = 0;
- for (e=0;sources[e] != NULL;e++) {
- size_t t;
- if (
- (rv = _pkcs11h_util_escapeString (
- NULL,
- sources[e],
- &t,
- __PKCS11H_SERIALIZE_INVALID_CHARS
- )) != CKR_OK
- ) {
- goto cleanup;
+ rv = __generate_pkcs11_uri(sz, max, NULL, token_id);
+
+ _PKCS11H_DEBUG (
+ PKCS11H_LOG_DEBUG2,
+ "PKCS#11: pkcs11h_token_serializeTokenId return rv=%lu-'%s', *max="P_Z", sz='%s'",
+ rv,
+ pkcs11h_getMessage (rv),
+ *max,
+ sz
+ );
+
+ return rv;
+}
+
+static
+CK_RV
+__parse_token_uri_attr (
+ const char *uri,
+ size_t urilen,
+ char *tokstr,
+ size_t toklen,
+ size_t *parsed_len
+) {
+ size_t orig_toklen = toklen;
+ CK_RV rv = CKR_OK;
+
+ while (urilen && toklen > 1) {
+ if (*uri == '%') {
+ size_t size = 1;
+
+ if (urilen < 3) {
+ rv = CKR_ATTRIBUTE_VALUE_INVALID;
+ goto done;
+ }
+
+ rv = _pkcs11h_util_hexToBinary ((unsigned char *)tokstr,
+ uri + 1, &size);
+ if (rv != CKR_OK) {
+ goto done;
+ }
+
+ uri += 2;
+ urilen -= 2;
+ } else {
+ *tokstr = *uri;
}
- n+=t;
+ tokstr++;
+ uri++;
+ toklen--;
+ urilen--;
+ tokstr[0] = 0;
}
- if (sz != NULL) {
- if (*max < n) {
- rv = CKR_ATTRIBUTE_VALUE_INVALID;
- goto cleanup;
+ if (urilen) {
+ rv = CKR_ATTRIBUTE_VALUE_INVALID;
+ } else if (parsed_len) {
+ *parsed_len = orig_toklen - toklen;
+ }
+
+ done:
+ return rv;
+}
+
+static
+CK_RV
+__parse_pkcs11_uri (
+ OUT pkcs11h_token_id_t token_id,
+ OUT pkcs11h_certificate_id_t certificate_id,
+ IN const char * const sz
+) {
+ const char *end, *p;
+ CK_RV rv = CKR_OK;
+
+ _PKCS11H_ASSERT (token_id!=NULL);
+ _PKCS11H_ASSERT (sz!=NULL);
+
+ if (strncmp (sz, URI_SCHEME, strlen (URI_SCHEME)))
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+
+ end = sz + strlen (URI_SCHEME) - 1;
+ while (rv == CKR_OK && end[0] && end[1]) {
+ int i;
+
+ p = end + 1;
+ end = strchr (p, ';');
+ if (!end)
+ end = p + strlen(p);
+
+ for (i = 0; __token_fields[i].name; i++) {
+ /* Parse the token=, label=, manufacturer= and serial= fields */
+ if (!strncmp(p, __token_fields[i].name, __token_fields[i].namelen)) {
+ char *field = ((char *)token_id) + __token_fields[i].field_ofs;
+
+ p += __token_fields[i].namelen;
+ rv = __parse_token_uri_attr (p, end - p, field,
+ __token_fields[i].field_size,
+ NULL);
+ if (rv != CKR_OK) {
+ goto cleanup;
+ }
+
+ goto matched;
+ }
}
+ if (certificate_id && !strncmp(p, "id=", 3)) {
+ p += 3;
+
+ rv = _pkcs11h_mem_malloc ((void *)&certificate_id->attrCKA_ID,
+ end - p + 1);
+ if (rv != CKR_OK) {
+ goto cleanup;
+ }
- n = 0;
- for (e=0;sources[e] != NULL;e++) {
- size_t t = *max-n;
- if (
- (rv = _pkcs11h_util_escapeString (
- sz+n,
- sources[e],
- &t,
- __PKCS11H_SERIALIZE_INVALID_CHARS
- )) != CKR_OK
- ) {
+ rv = __parse_token_uri_attr (p, end - p,
+ (char *)certificate_id->attrCKA_ID,
+ end - p + 1,
+ &certificate_id->attrCKA_ID_size);
+ if (rv != CKR_OK) {
goto cleanup;
}
- n+=t;
- sz[n-1] = '/';
+
+ goto matched;
}
- sz[n-1] = '\x0';
- }
- *max = n;
- rv = CKR_OK;
+ /* We don't parse object= because the match code doesn't support
+ matching by label. */
+
+ /* Failed to parse PKCS#11 URI element. */
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ matched:
+ ;
+ }
cleanup:
+ /* The matching code doesn't support support partial matches; it needs
+ * *all* of manufacturer, model, serial and label attributes to be
+ * defined. So reject partial URIs early instead of letting it do the
+ * wrong thing. We can maybe improve this later. */
+ if (!token_id->model[0] || !token_id->label[0] ||
+ !token_id->manufacturerID[0] || !token_id->serialNumber[0]) {
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
- _PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG2,
- "PKCS#11: pkcs11h_token_serializeTokenId return rv=%lu-'%s', *max="P_Z", sz='%s'",
- rv,
- pkcs11h_getMessage (rv),
- *max,
- sz
- );
+ /* For a certificate ID we need CKA_ID */
+ if (certificate_id && !certificate_id->attrCKA_ID_size) {
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
return rv;
}
+static
CK_RV
-pkcs11h_token_deserializeTokenId (
- OUT pkcs11h_token_id_t *p_token_id,
+__pkcs11h_token_legacy_deserializeTokenId (
+ OUT pkcs11h_token_id_t token_id,
IN const char * const sz
) {
#define __PKCS11H_TARGETS_NUMBER 4
@@ -161,24 +353,11 @@ pkcs11h_token_deserializeTokenId (
size_t s;
} targets[__PKCS11H_TARGETS_NUMBER];
- pkcs11h_token_id_t token_id = NULL;
char *p1 = NULL;
char *_sz = NULL;
int e;
CK_RV rv = CKR_FUNCTION_FAILED;
- _PKCS11H_ASSERT (p_token_id!=NULL);
- _PKCS11H_ASSERT (sz!=NULL);
-
- _PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG2,
- "PKCS#11: pkcs11h_token_deserializeTokenId entry p_token_id=%p, sz='%s'",
- (void *)p_token_id,
- sz
- );
-
- *p_token_id = NULL;
-
if (
(rv = _pkcs11h_mem_strdup (
(void *)&_sz,
@@ -190,10 +369,6 @@ pkcs11h_token_deserializeTokenId (
p1 = _sz;
- if ((rv = _pkcs11h_token_newTokenId (&token_id)) != CKR_OK) {
- goto cleanup;
- }
-
targets[0].p = token_id->manufacturerID;
targets[0].s = sizeof (token_id->manufacturerID);
targets[1].p = token_id->model;
@@ -252,6 +427,51 @@ pkcs11h_token_deserializeTokenId (
p1 = p2+1;
}
+ rv = CKR_OK;
+
+cleanup:
+
+ if (_sz != NULL) {
+ _pkcs11h_mem_free ((void *)&_sz);
+ }
+
+ return rv;
+#undef __PKCS11H_TARGETS_NUMBER
+}
+
+CK_RV
+pkcs11h_token_deserializeTokenId (
+ OUT pkcs11h_token_id_t *p_token_id,
+ IN const char * const sz
+) {
+ pkcs11h_token_id_t token_id = NULL;
+ CK_RV rv = CKR_FUNCTION_FAILED;
+
+ _PKCS11H_ASSERT (p_token_id!=NULL);
+ _PKCS11H_ASSERT (sz!=NULL);
+
+ _PKCS11H_DEBUG (
+ PKCS11H_LOG_DEBUG2,
+ "PKCS#11: pkcs11h_token_deserializeTokenId entry p_token_id=%p, sz='%s'",
+ (void *)p_token_id,
+ sz
+ );
+
+ *p_token_id = NULL;
+
+ if ((rv = _pkcs11h_token_newTokenId (&token_id)) != CKR_OK) {
+ goto cleanup;
+ }
+
+ if (!strncmp (sz, URI_SCHEME, strlen (URI_SCHEME))) {
+ rv = __parse_pkcs11_uri(token_id, NULL, sz);
+ } else {
+ rv = __pkcs11h_token_legacy_deserializeTokenId(token_id, sz);
+ }
+ if (rv != CKR_OK) {
+ goto cleanup;
+ }
+
strncpy (
token_id->display,
token_id->label,
@@ -264,11 +484,6 @@ pkcs11h_token_deserializeTokenId (
rv = CKR_OK;
cleanup:
-
- if (_sz != NULL) {
- _pkcs11h_mem_free ((void *)&_sz);
- }
-
if (token_id != NULL) {
pkcs11h_token_freeTokenId (token_id);
}
@@ -281,7 +496,6 @@ cleanup:
);
return rv;
-#undef __PKCS11H_TARGETS_NUMBER
}
#endif /* ENABLE_PKCS11H_TOKEN || ENABLE_PKCS11H_CERTIFICATE */
@@ -295,9 +509,6 @@ pkcs11h_certificate_serializeCertificateId (
IN const pkcs11h_certificate_id_t certificate_id
) {
CK_RV rv = CKR_FUNCTION_FAILED;
- size_t saved_max = 0;
- size_t n = 0;
- size_t _max = 0;
/*_PKCS11H_ASSERT (sz!=NULL); Not required */
_PKCS11H_ASSERT (max!=NULL);
@@ -311,42 +522,7 @@ pkcs11h_certificate_serializeCertificateId (
(void *)certificate_id
);
- if (sz != NULL) {
- saved_max = n = *max;
- }
- *max = 0;
-
- if (
- (rv = pkcs11h_token_serializeTokenId (
- sz,
- &n,
- certificate_id->token_id
- )) != CKR_OK
- ) {
- goto cleanup;
- }
-
- _max = n + certificate_id->attrCKA_ID_size*2 + 1;
-
- if (sz != NULL) {
- if (saved_max < _max) {
- rv = CKR_ATTRIBUTE_VALUE_INVALID;
- goto cleanup;
- }
-
- sz[n-1] = '/';
- rv = _pkcs11h_util_binaryToHex (
- sz+n,
- saved_max-n,
- certificate_id->attrCKA_ID,
- certificate_id->attrCKA_ID_size
- );
- }
-
- *max = _max;
- rv = CKR_OK;
-
-cleanup:
+ rv = __generate_pkcs11_uri(sz, max, certificate_id, certificate_id->token_id);
_PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
@@ -360,27 +536,16 @@ cleanup:
return rv;
}
+static
CK_RV
-pkcs11h_certificate_deserializeCertificateId (
- OUT pkcs11h_certificate_id_t * const p_certificate_id,
+__pkcs11h_certificate_legacy_deserializeCertificateId (
+ OUT pkcs11h_certificate_id_t certificate_id,
IN const char * const sz
) {
- pkcs11h_certificate_id_t certificate_id = NULL;
CK_RV rv = CKR_FUNCTION_FAILED;
char *p = NULL;
char *_sz = NULL;
-
- _PKCS11H_ASSERT (p_certificate_id!=NULL);
- _PKCS11H_ASSERT (sz!=NULL);
-
- *p_certificate_id = NULL;
-
- _PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG2,
- "PKCS#11: pkcs11h_certificate_deserializeCertificateId entry p_certificate_id=%p, sz='%s'",
- (void *)p_certificate_id,
- sz
- );
+ size_t id_hex_len;
if (
(rv = _pkcs11h_mem_strdup (
@@ -393,10 +558,6 @@ pkcs11h_certificate_deserializeCertificateId (
p = _sz;
- if ((rv = _pkcs11h_certificate_newCertificateId (&certificate_id)) != CKR_OK) {
- goto cleanup;
- }
-
if ((p = strrchr (_sz, '/')) == NULL) {
rv = CKR_ATTRIBUTE_VALUE_INVALID;
goto cleanup;
@@ -414,7 +575,12 @@ pkcs11h_certificate_deserializeCertificateId (
goto cleanup;
}
- certificate_id->attrCKA_ID_size = strlen (p)/2;
+ id_hex_len = strlen (p);
+ if (id_hex_len & 1) {
+ rv = CKR_ATTRIBUTE_VALUE_INVALID;
+ goto cleanup;
+ }
+ certificate_id->attrCKA_ID_size = id_hex_len/2;
if (
(rv = _pkcs11h_mem_malloc (
@@ -430,21 +596,64 @@ pkcs11h_certificate_deserializeCertificateId (
goto cleanup;
}
+ rv = CKR_OK;
+
+cleanup:
+
+ if (_sz != NULL) {
+ _pkcs11h_mem_free ((void *)&_sz);
+ }
+
+ return rv;
+
+}
+
+CK_RV
+pkcs11h_certificate_deserializeCertificateId (
+ OUT pkcs11h_certificate_id_t * const p_certificate_id,
+ IN const char * const sz
+) {
+ pkcs11h_certificate_id_t certificate_id = NULL;
+ CK_RV rv = CKR_FUNCTION_FAILED;
+
+ _PKCS11H_ASSERT (p_certificate_id!=NULL);
+ _PKCS11H_ASSERT (sz!=NULL);
+
+ *p_certificate_id = NULL;
+
+ _PKCS11H_DEBUG (
+ PKCS11H_LOG_DEBUG2,
+ "PKCS#11: pkcs11h_certificate_deserializeCertificateId entry p_certificate_id=%p, sz='%s'",
+ (void *)p_certificate_id,
+ sz
+ );
+
+ if ((rv = _pkcs11h_certificate_newCertificateId (&certificate_id)) != CKR_OK) {
+ goto cleanup;
+ }
+ if ((rv = _pkcs11h_token_newTokenId (&certificate_id->token_id)) != CKR_OK) {
+ goto cleanup;
+ }
+
+ if (!strncmp(sz, URI_SCHEME, strlen (URI_SCHEME))) {
+ rv = __parse_pkcs11_uri (certificate_id->token_id, certificate_id, sz);
+ } else {
+ rv = __pkcs11h_certificate_legacy_deserializeCertificateId (certificate_id, sz);
+ }
+ if (rv != CKR_OK) {
+ goto cleanup;
+ }
+
*p_certificate_id = certificate_id;
certificate_id = NULL;
rv = CKR_OK;
cleanup:
-
if (certificate_id != NULL) {
pkcs11h_certificate_freeCertificateId (certificate_id);
certificate_id = NULL;
}
- if (_sz != NULL) {
- _pkcs11h_mem_free ((void *)&_sz);
- }
-
_PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_deserializeCertificateId return rv=%lu-'%s'",
diff --git a/lib/pkcs11h-util.c b/lib/pkcs11h-util.c
index 0743fd1..f90e443 100644
--- a/lib/pkcs11h-util.c
+++ b/lib/pkcs11h-util.c
@@ -110,12 +110,7 @@ _pkcs11h_util_hexToBinary (
p++;
}
- if (*p != '\x0') {
- return CKR_ATTRIBUTE_VALUE_INVALID;
- }
- else {
- return CKR_OK;
- }
+ return CKR_OK;
}
CK_RV

@ -0,0 +1,162 @@
Name: pkcs11-helper
Version: 1.22
Release: 7%{?dist}
Summary: A library for using PKCS#11 providers
License: GPLv2 or BSD
URL: http://www.opensc-project.org/opensc/wiki/pkcs11-helper
Source0: http://downloads.sourceforge.net/opensc/pkcs11-helper-%{version}.tar.bz2
Patch2: pkcs11-helper-rfc7512.patch
BuildRequires: gcc
BuildRequires: doxygen graphviz
BuildRequires: openssl-devel
%description
pkcs11-helper is a library that simplifies the interaction with PKCS#11
providers for end-user applications using a simple API and optional OpenSSL
engine. The library allows using multiple PKCS#11 providers at the same time,
enumerating available token certificates, or selecting a certificate directly
by serialized id, handling card removal and card insert events, handling card
re-insert to a different slot, supporting session expiration and much more all
using a simple API.
%package devel
Summary: Development files for pkcs11-helper
Requires: %{name} = %{version}-%{release}
Requires: openssl-devel
# for /usr/share/aclocal
Requires: automake
%description devel
This package contains header files and documentation necessary for developing
programs using the pkcs11-helper library.
%prep
%setup -q
%patch2 -p1
%build
%configure --disable-static --enable-doc
make %{?_smp_mflags}
%install
make install DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p"
# Use %%doc to install documentation in a standard location
mkdir apidocdir
mv $RPM_BUILD_ROOT%{_datadir}/doc/%{name}/api/ apidocdir/
rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/%{name}/
# Remove libtool .la files
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
%ldconfig_scriptlets
%files
%doc AUTHORS ChangeLog COPYING* README THANKS
%{_libdir}/libpkcs11-helper.so.*
%files devel
%doc apidocdir/*
%{_includedir}/pkcs11-helper-1.0/
%{_libdir}/libpkcs11-helper.so
%{_libdir}/pkgconfig/libpkcs11-helper-1.pc
%{_datadir}/aclocal/pkcs11-helper-1.m4
%{_mandir}/man8/pkcs11-helper-1.8*
%changelog
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.22-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.22-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.22-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Fri Nov 24 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 1.22-4
- Addressed issue with RFC7512 URI parsing (#1516474)
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.22-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.22-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Tue Feb 21 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 1.22-1
- New upstream release
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.11-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.11-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Tue Sep 22 2015 David Woodhouse <David.Woodhouse@intel.com> - 1.11-7
- Fix ID buffer size for URI parsing (#1264645)
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.11-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Wed Apr 29 2015 David Woodhouse <David.Woodhouse@intel.com> - 1.11-5
- Migrate ID serialisation format to RFC7512 (#1173554)
* Tue Dec 09 2014 David Woodhouse <David.Woodhouse@intel.com> - 1.11-4
- Apply upstream fix for bug #1172237 (ignore objects without CKA_ID)
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.11-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.11-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Fri Apr 11 2014 Jon Ciesla <limburgher@gmail.com> - 1.11-1
- Latest upstream, required for openvpn 2.3.3.
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Tue Apr 02 2013 Kalev Lember <kalevlember@gmail.com> - 1.10-1
- Update to 1.10
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.09-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.09-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.09-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Wed Aug 17 2011 Kalev Lember <kalevlember@gmail.com> - 1.09-1
- Update to 1.09
* Sun Jun 19 2011 Kalev Lember <kalev@smartlink.ee> - 1.08-1
- Update to 1.08
- Clean up the spec file for modern rpmbuild
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.07-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Thu Jul 01 2010 Kalev Lember <kalev@smartlink.ee> - 1.07-5
- use System Environment/Libraries group for main package
- removed R: pkgconfig from devel subpackage
* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 1.07-4
- rebuilt with new openssl
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.07-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Sat Jul 11 2009 Kalev Lember <kalev@smartlink.ee> - 1.07-2
- Make devel package depend on automake for /usr/share/aclocal
* Tue Jun 23 2009 Kalev Lember <kalev@smartlink.ee> - 1.07-1
- Initial RPM release.

@ -0,0 +1 @@
SHA512 (pkcs11-helper-1.22.tar.bz2) = f17b3e1079cd226437b5b7eb6176c5b49db00e91419b405b097badaf166c79c7e06f5792f81bcd0d44c4c695549c3c1d61c25ca57caf3758dd4c3a6b5a94c928
Loading…
Cancel
Save