source: projects/specs/branches/6/p/pam_pkcs11/pam_pkcs11-vl.spec @ 521

Revision 521, 11.7 KB checked in by daisuke, 14 years ago (diff)

import VineSeed package specs

Line 
1%define nss_version 3.10
2%define nspr_version 4.6
3%define with_curl       0
4%define with_ldap       0
5
6Summary:        PKCS #11/NSS PAM login module
7Summary(ja):    PKCS #11/NSS PAM ログインモジュール
8
9Name:           pam_pkcs11
10Version:        0.5.3
11Release:        1%{?_dist_release}
12
13Group:          System Environment/Base
14License:        LGPLv2+
15URL:            http://www.opensc.org/pam_pkcs11
16Source0:        http://www.opensc.org/files/%{name}-%{version}.tar.gz
17Source1:        rh_pam_pkcs11.conf
18Source2:        rh_pkcs11_eventmgr.conf
19Patch1:         pam_pkcs11-0.5.3-nss.patch
20Patch2:         pam_pkcs11-0.5.3-cardonly.patch
21Patch3:         pam_pkcs11-0.5.3-setup-tool.patch
22Patch4:         pam_pkcs11-0.5.3-putenv-login-token.patch
23Patch5:         pam_pkcs11-0.5.3-ocsp.patch
24Patch6:         pam_pkcs11-0.5.3-wait-for-card.patch
25Patch7:         pam_pkcs11-0.5.3-reject_unloaded_module.patch
26Patch8:         pam_pkcs11-0.5.3-l10n.patch
27Patch9:         pam_pkcs11-0.5.3-screen-saver.patch
28Patch10:        pam_pkcs11-0.5.3-pin-fix.patch
29Patch11:        pam_pkcs11-0.5.3-eventmgr-crash-fix.patch
30Patch12:        pam_pkcs11-0.5.3-pam-syslog.patch
31Patch13:        pam_pkcs11-0.5.3-password.patch
32Patch14:        pam_pkcs11-0.5.3-export-auth-cert.patch
33BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
34
35BuildRequires:  pam-devel
36%{?_with_ldap:BuildRequires: openldap-devel}
37%{?_with_curl:BuildRequires: curl-devel}
38BuildRequires: libxslt
39BuildRequires: docbook-style-xsl
40BuildRequires: nss-devel >= %{nss_version}
41BuildRequires: nspr-devel
42BuildRequires: pkgconfig
43BuildRequires: intltool
44BuildRequires: gettext
45Requires:       nss
46Requires:       nspr
47Provides:       pam_pkcs11 = %{version}-%{release}
48
49%description
50This Linux-PAM login module allows a X.509 certificate based user
51authentication. The certificate and its dedicated private key are thereby
52accessed by means of an appropriate PKCS #11 module. For the
53verification of the users' certificates, locally stored CA
54certificates as well as either online or locally accessible CRLs and
55OCSP are used. This version uses NSS to validate the Certificates and manage
56the PKCS #11 smartCards.
57Additional included pam_pkcs11 related tools
58- pkcs11_eventmgr: Generate actions on card insert/removal/timeout events
59- pklogin_finder: Get the loginname that maps to a certificate
60- pkcs11_inspect: Inspect the contents of a certificate
61
62%prep
63%setup -q -n pam_pkcs11-%{version}
64%patch1 -p0 -b .nss
65%patch2 -p0 -b .card-only
66%patch3 -p1 -b .setup
67%patch4 -p0 -b .putenv
68%patch5 -p0 -b .ocsp
69%patch6 -p1 -b .wait-for-card
70%patch7 -p0 -b .reject-unloaded-module
71%patch8 -p0 -b .l10n
72%patch9 -p0 -b .screen-saver
73%patch10 -p0 -b .pin-fix
74%patch11 -p0 -b .eventmgr-crash-fix
75%patch12 -p1 -b .pam-syslog
76%patch13 -p1 -b .password
77%patch14 -p0 -b .export-auth-cert
78
79%build
80
81%if %{with_curl}
82%define curl_flags --with-curl=yes
83%else
84%define curl_flags --with-curl=no
85%endif
86
87%if %{with_ldap}
88%define ldap_flags --with-ldap=yes
89%else
90%define ldap_flags --with-ldap=no
91%endif
92%configure  \
93    --with-nss \
94    --with-debug  \
95    --disable-dependency-tracking  \
96    %{curl_flags} %{ldap_flags}
97make CFLAGS="$RPM_OPT_FLAGS -O0 -ggdb3"
98
99%install
100rm -rf $RPM_BUILD_ROOT
101make install DESTDIR=$RPM_BUILD_ROOT
102rm -f $RPM_BUILD_ROOT/%{_libdir}/%{name}/*.*a
103#
104# pam security directory is in /%{_lib} not %{_libdir}
105#
106mkdir -p $RPM_BUILD_ROOT/%{_lib}/security
107install -m 755 $RPM_BUILD_ROOT/%{_libdir}/security/%{name}.so $RPM_BUILD_ROOT/%{_lib}/security
108rm -rf $RPM_BUILD_ROOT/%{_libdir}/security
109#
110# set up config files
111#
112install -dm 755 $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}
113install -m 644 %{SOURCE1} $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/%{name}.conf
114install -m 644 %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/pkcs11_eventmgr.conf
115#
116# clean up those files that aren't part of this package
117# (makefile should install them if --without-pcsclite is supplied
118#
119rm -f $RPM_BUILD_ROOT/%{_mandir}/man1/card_eventmgr.1
120rm -f $RPM_BUILD_ROOT/%{_datadir}/%{name}/card_eventmgr.conf.example
121
122# nss version does not need this script
123rm -f $RPM_BUILD_ROOT/%{_bindir}/make_hash_link.sh
124
125%clean
126rm -rf $RPM_BUILD_ROOT
127
128%files
129%defattr(-,root,root,-)
130%doc AUTHORS COPYING README TODO ChangeLog NEWS
131%doc doc/pam_pkcs11.html
132%doc doc/mappers_api.html
133%doc doc/README.autologin
134%doc doc/README.mappers
135%dir %{_sysconfdir}/%{name}/
136%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
137%config(noreplace) %{_sysconfdir}/%{name}/pkcs11_eventmgr.conf
138%{_bindir}/pkcs11_eventmgr
139%{_bindir}/pklogin_finder
140%{_bindir}/pkcs11_inspect
141%{_bindir}/pkcs11_setup
142%dir %{_libdir}/%{name}
143%{_libdir}/%{name}/*.so
144/%{_lib}/security/%{name}.so
145%{_mandir}/man8/%{name}.8.gz
146%{_mandir}/man1/pkcs11_eventmgr.1.gz
147%{_mandir}/man1/pkcs11_inspect.1.gz
148%{_mandir}/man1/pklogin_finder.1.gz
149%dir %{_datadir}/%{name}
150%doc %{_datadir}/%{name}/%{name}.conf.example
151%doc %{_datadir}/%{name}/pam.d_login.example
152%doc %{_datadir}/%{name}/subject_mapping.example
153%doc %{_datadir}/%{name}/mail_mapping.example
154%doc %{_datadir}/%{name}/digest_mapping.example
155%doc %{_datadir}/%{name}/pkcs11_eventmgr.conf.example
156
157%changelog
158* Wed May 13 2009 Daisuke SUZUKI <daisuke@linux.or.jp> 0.5.3-1
159- initial build for Vine Linux
160
161* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.3-28
162- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
163
164* Sat Nov  8 2008 Michael Schwendt <mschwendt@fedoraproject.org> - 0.5.3-27
165- Include missing directory entries (#233895).
166
167* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 0.5.3-26
168- Autorebuild for GCC 4.3
169
170* Fri Aug 20 2007 Bob Relyea <rrelyea@redhat.com> - 0.5.3-25
171- Update License description to the new Fedora standard
172
173* Thu Mar 08 2007 Florian La Roche <laroche@redhat.com> - 0.5.3-24
174- remove empty rpm scripts
175
176* Sun Oct 13 2006 Jesse Keating <jkeating@redhat.com> - 0.5.3-23
177- turn OCSP off by default
178
179* Sun Oct 01 2006 Jesse Keating <jkeating@redhat.com> - 0.5.3-22
180- rebuilt for unwind info generation, broken in gcc-4.1.1-21
181
182* Mon Sep 18 2006 Robert Relyea <rrelyea@redhat.com> 0.5.3-21
183- update password supported patch.
184- fix bug where the user and smart card prompt was coming up in login after
185  the username had been entered.
186- use pam_ignore for the case where we always want to drop to the other
187  pam_modules.
188- add environment variables for the certificate used to authenticate.
189
190* Mon Sep 18 2006 Robert Relyea <rrelyea@redhat.com> 0.5.3-20
191- Use pam_syslog rather than syslog (patch by Tmraz).
192- Signal to the user that change password is not supported by pam_pkcs11.
193
194* Wed Sep 14 2006 Robert Relyea <rrelyea@redhat.com> 0.5.3-19
195- Fix problem where pin was not being passed in the pam password variable
196  correctly. Needed for Kerberos PKInit
197
198* Tue Sep 13 2006 Robert Relyea <rrelyea@redhat.com> 0.5.3-18
199- define those apps that we shouldn't login initially with (screen-savers)
200
201* Tue Sep 12 2006 Robert Relyea <rrelyea@redhat.com> 0.5.3-17
202- restrict reauthentication to the token used in the inital login.
203- don't require reauthentication apps to log into a token if the user
204  didn't initally log into the token.
205- handle the case where we have more than one token.
206
207* Thu Sep 7 2006 Robert Relyea <rrelyea@redhat.com> 0.5.3-16
208- make sure we have l10n tools for the build itself
209
210* Mon Sep 1 2006 Robert Relyea <rrelyea@redhat.com> 0.5.3-15
211- add l10n support
212- correct mapper order.
213- login should allow SSL Client Auth certs rather than restricting to Email
214  Signing certs.
215
216* Mon Aug 28 2006 Robert Relyea <rrelyea@redhat.com> 0.5.3-14
217- use implicit paths to load the PKCS #11 module
218
219* Mon Aug 28 2006 Tomas Mraz <tmraz@redhat.com>
220- pkcs11_setup should respect $LIB in module paths (#204252)
221
222* Mon Aug 28 2006 Robert Relyea <rrelyea@redhat.com> 0.5.3-13
223- Fix the default mapping order.
224- Make ocsp support controlled by a config entry.
225- Fix login crash
226- revert to explicit paths until we can fix 'login' and 'authconfig'
227
228* Mon Aug 28 2006 Robert Relyea <rrelyea@redhat.com> 0.5.3-12
229- use $LIB so the config file works for multi archs on the
230- same machine
231
232* Mon Aug 21 2006 Robert Relyea <rrelyea@redhat.com> 0.5.3-11
233- Handle library paths in config file
234
235* Mon Aug 16 2006 Robert Relyea <rrelyea@redhat.com> 0.5.3-10
236- remove sceventd
237
238* Mon Jul 24 2006 Ray Strode <rstrode@redhat.com> 0.5.3-9
239- compile with better debugging flags
240
241* Sun Jul 23 2006 Ray Strode <rstrode@redhat.com> 0.5.3-8
242- fix bug where it was ignoring first argument of module
243  command line
244
245* Sun Jul 23 2006 Ray Strode <rstrode@redhat.com> 0.5.3-7
246- add new wait_for_card option that stalls auth process
247  until a card is inserted
248- if the user is reauthenticating (already logged in, but
249  say unlocking the screen) then only treat the token the
250  user logged in with as a valid authentication token
251- clean up "smart card" word.  Before we had a mix of
252  "smartcard", "Smart Card", "SmartCard", and "smart card"
253  i think.
254- only say "Please insert your smart card." instead of
255  "Please insert your Smart Card or enter username" if
256  username based login isn't allowed.
257
258* Thu Jul 20 2006 Robert Relyea  <rrelyea at redhat.com> 0.5.3-6
259- Include the login token in the environment
260- Conditionally turn on OCSP
261- Treat uninitialized tokens as not present.
262
263* Tue Jul 18 2006 Tomas Mraz <tmraz at redhat.com> 0.5.3-5
264- added a simple pkcs11_setup tool
265
266* Thu Jul 18 2006 Robert Relyea  <rrelyea at redhat.com>
267- Fix memory error in card_only.
268- Use the TEXT_INFO field for smart card prompting
269
270* Mon Jul 17 2006 Jesse Keating  <jkeating@redhat.com>  0.5.3-4
271- rebuild
272
273* Thu Jun 10 2006 Robert Relyea  <rrelyea at redhat.com>  0.5.3-3
274- Updated to 0.5.3 with card_only and NSS support
275
276* Mon Apr 20 2006 Robert Relyea < rrelyea at redhat.com > 0:0.5.1.-2.exp
277- Added screenlocking helper support
278
279* Mon Mar 30 2006 Robert Relyea < rrelyea at redhat.com > 0:0.5.1.-1.exp
280- Added NSS support.
281
282* Mon Jan 30 2006 Robert Relyea < rrelyea at redhat.com > 0:0.5.1.-0.demo
283- include coolkey support
284- added card_only option.
285
286* Thu Sep 7 2005 Juan Antonio Martinez <jonsito at teleline.es 0:0.5.3-2
287- Add ldap_mapper.so as separate package, as it depends on external library
288- Changes from FC4 team
289
290* Thu Sep 1 2005 Juan Antonio Martinez <jonsito at teleline.es 0:0.5.3-0
291- Update to 0.5.3
292- Remove tools package, and create pcsc one with pcsc-lite dependent files
293
294* Fri Apr 11 2005 Juan Antonio Martinez <jonsito at teleline.es 0:0.5.2-1
295- Changed package name to pam_pkcs11
296
297* Fri Apr 8 2005 Juan Antonio Martinez <jonsito at teleline.es 0:0.5.2-0
298- Updated to 0.5.2 release
299- Changed /etc/pkcs11 for /etc/pam_pkcs11
300- Changed /usr/share/pkcs11_login for /usr/share/pam_pkcs11
301- Next item is change package name to pam_pkcs11
302
303* Thu Apr 7 2005 Juan Antonio Martinez <jonsito at teleline.es 0:0.5.1-0
304- patches to avoid autotools in compile from tgz
305
306* Thu Mar 29 2005 Juan Antonio Martinez <jonsito at teleline.es 0:0.5-1
307- upgrade to 0.5beta1 version
308- BuildRequires now complains compilation of html manual from xml file
309
310* Thu Feb 28 2005 Juan Antonio Martinez <jonsito at teleline.es> 0:0.4.4-2
311- New pkcs11_eventmgr app in "tools" package
312
313* Thu Feb 24 2005 Juan Antonio Martinez <jonsito at teleline.es> 0:0.4.4-1
314- Fix pcsc-lite dependencies
315
316* Thu Feb 15 2005 Juan Antonio Martinez <jonsito at teleline.es> 0:0.4.4-0
317- Update to 0.4.4b2
318
319* Sun Sep 12 2004 Ville Skytt辰 <ville.skytta at iki.fi> - 0:0.3b-0.fdr.1
320- Update to 0.3b.
321- Disable dependency tracking to speed up the build.
322
323* Tue May  4 2004 Ville Skytt辰 <ville.skytta at iki.fi> - 0:0.3-0.fdr.1
324- Update to 0.3.
325- Do not use libcurl by default; rebuild using "--with curl" to use it.
326
327* Mon Mar 29 2004 Ville Skytt辰 <ville.skytta at iki.fi> - 0:0.2-0.fdr.1
328- Update to 0.2.
329- Use libcurl by default; rebuild using "--without curl" to disable.
330
331* Wed Jan 21 2004 Ville Skytt辰 <ville.skytta at iki.fi> - 0:0.1-0.fdr.0.2.beta5
332- Add the user_mapping config file.
333
334* Mon Jan 19 2004 Ville Skytt辰 <ville.skytta at iki.fi> - 0:0.1-0.fdr.0.1.beta5
335- First build.
Note: See TracBrowser for help on using the repository browser.