Compare commits
8 Commits
Author | SHA1 | Date |
---|---|---|
Daiki Ueno | 69572929bc | |
Daiki Ueno | e4e4f5629c | |
Daiki Ueno | b07aba67cf | |
Stef Walter | 9ace4b154a | |
Daiki Ueno | d16a588ec4 | |
Daiki Ueno | 6b58b6728e | |
Daiki Ueno | e6da7f0a69 | |
Daiki Ueno | edbdcfe8dd |
|
@ -3,3 +3,11 @@
|
|||
/*.src.rpm
|
||||
/p11-kit-0.*/
|
||||
/x86_64/
|
||||
/trust-extract-compat
|
||||
/p11-kit-0.23.9.tar.gz
|
||||
/p11-kit-client.service
|
||||
/trust-extract-compat
|
||||
/p11-kit-0.23.9.tar.gz
|
||||
/p11-kit-client.service
|
||||
/trust-extract-compat
|
||||
/p11-kit-0.23.10.tar.gz
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
[Unit]
|
||||
Description=p11-kit client
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=true
|
||||
RuntimeDirectory=p11-kit
|
||||
ExecStart=/usr/bin/true
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
33
p11-kit.spec
33
p11-kit.spec
|
@ -1,17 +1,22 @@
|
|||
# This spec file has been automatically updated
|
||||
Version: 0.23.10
|
||||
Release: 1%{?dist}
|
||||
Name: p11-kit
|
||||
Version: 0.23.5
|
||||
Release: 1%{?dist}
|
||||
Summary: Library for loading and sharing PKCS#11 modules
|
||||
|
||||
License: BSD
|
||||
URL: http://p11-glue.freedesktop.org/p11-kit.html
|
||||
Source0: https://github.com/p11-glue/p11-kit/releases/download/%{version}/p11-kit-%{version}.tar.gz
|
||||
Source1: trust-extract-compat
|
||||
Source2: p11-kit-client.service
|
||||
|
||||
BuildRequires: libtasn1-devel >= 2.3
|
||||
BuildRequires: libffi-devel
|
||||
BuildRequires: gtk-doc
|
||||
BuildRequires: systemd
|
||||
# Work around for https://bugzilla.redhat.com/show_bug.cgi?id=1497147
|
||||
# Remove this once it is fixed
|
||||
BuildRequires: pkgconfig(glib-2.0)
|
||||
|
||||
%description
|
||||
p11-kit provides a way to load and enumerate PKCS#11 modules, as well
|
||||
|
@ -60,7 +65,7 @@ feature is still experimental.
|
|||
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%autosetup -p1
|
||||
|
||||
%build
|
||||
# These paths are the source paths that come from the plan here:
|
||||
|
@ -76,6 +81,8 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/pkcs11/*.la
|
|||
install -p -m 755 %{SOURCE1} $RPM_BUILD_ROOT%{_libexecdir}/p11-kit/
|
||||
# Install the example conf with %%doc instead
|
||||
rm $RPM_BUILD_ROOT%{_sysconfdir}/pkcs11/pkcs11.conf.example
|
||||
mkdir -p $RPM_BUILD_ROOT%{_userunitdir}
|
||||
install -p -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_userunitdir}
|
||||
|
||||
%check
|
||||
make check
|
||||
|
@ -123,16 +130,36 @@ fi
|
|||
%files trust
|
||||
%{_bindir}/trust
|
||||
%dir %{_libdir}/pkcs11
|
||||
%ghost %{_libdir}/libnssckbi.so
|
||||
%{_libdir}/pkcs11/p11-kit-trust.so
|
||||
%{_datadir}/p11-kit/modules/p11-kit-trust.module
|
||||
%{_libexecdir}/p11-kit/trust-extract-compat
|
||||
|
||||
%files server
|
||||
%{_libdir}/pkcs11/p11-kit-client.so
|
||||
%{_userunitdir}/p11-kit-client.service
|
||||
%{_libexecdir}/p11-kit/p11-kit-server
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed Feb 28 2018 Daiki Ueno <dueno@redhat.com> - 0.23.10-1
|
||||
- Update to upstream 0.23.10 release
|
||||
|
||||
* Thu Oct 05 2017 Daiki Ueno <dueno@redhat.com> - 0.23.9-2
|
||||
- server: Make it possible to eval envvar settings
|
||||
|
||||
* Wed Oct 04 2017 Daiki Ueno <dueno@redhat.com> - 0.23.9-1
|
||||
- Update to upstream 0.23.9 release
|
||||
|
||||
* Tue Aug 15 2017 Daiki Ueno <dueno@redhat.com> - 0.23.8-1
|
||||
- Update to 0.23.8 release
|
||||
|
||||
* Thu May 18 2017 Daiki Ueno <dueno@redhat.com> - 0.23.5-3
|
||||
- Update p11-kit-modifiable.patch to simplify the logic
|
||||
|
||||
* Thu May 18 2017 Daiki Ueno <dueno@redhat.com> - 0.23.5-2
|
||||
- Make "trust anchor --remove" work again
|
||||
|
||||
* Thu Mar 2 2017 Daiki Ueno <dueno@redhat.com> - 0.23.5-1
|
||||
- Update to 0.23.5 release
|
||||
- Rename -tools subpackage to -server and remove systemd unit files
|
||||
|
|
4
sources
4
sources
|
@ -1 +1,3 @@
|
|||
SHA512 (p11-kit-0.23.5.tar.gz) = 5276db3c9bb14d5e0441e7b781033b1684edfc1d4da88a9c9ce501ed1f6121918d3afe6725ceb0e2d65fc253c2f9eebf37c3380741de6c1b09cec06ae86417a7
|
||||
SHA512 (p11-kit-client.service) = 0f08618851c6eafb35c630957044fc96324be4d3828cdd2aa9b5d6e1245549197ca5b969d6a2f735c893d73c02e885cdc3205bd43e37f6124ebc6cfa61970d3b
|
||||
SHA512 (trust-extract-compat) = 91210705f9bcf1a13c0de1ca9943e3ac68296bfcb7953fc59241de060247b470b39be6e914dd4d92e38a78d5df0962c83315ad78f8c0eade8e62d884b05fdd42
|
||||
SHA512 (p11-kit-0.23.10.tar.gz) = 42a004613f951e4e18c10cd204bcba348267cc7b3ae0d9f26d69012b086af446947660575d5751539b8d4dd77fa9b684054ad5ac978119e0a2e94fcdf9842178
|
||||
|
|
|
@ -0,0 +1,2 @@
|
|||
*.retry
|
||||
artifacts/
|
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
# This first play always runs on the local staging system
|
||||
- hosts: localhost
|
||||
roles:
|
||||
- role: standard-test-beakerlib
|
||||
tags:
|
||||
- classic
|
||||
- atomic
|
||||
- container
|
||||
tests:
|
||||
- trust-anchor-complains-about-invalid-attribute-and
|
||||
required_packages:
|
||||
- openssl
|
||||
- p11-kit
|
|
@ -0,0 +1,17 @@
|
|||
PURPOSE of /CoreOS/p11-kit/trust-anchor-complains-about-invalid-attribute-and
|
||||
Description: Test for trust anchor complains about invalid attribute and
|
||||
Author: Hubert Kario <hkario@redhat.com>
|
||||
Bug summary: trust anchor complains about invalid attribute and fails when a new certificate tries to store into trust place
|
||||
|
||||
Steps to Reproduce:
|
||||
1. /etc/pki/tls/certs/make-dummy-cert mycert-tmp.pem
|
||||
2. openssl x509 -in mycert-tmp.pem -addtrust clientAuth -addtrust serverAuth -addtrust emailProtection -out mycert.pem
|
||||
3. trust anchor --store mycert.pem
|
||||
|
||||
Actual results:
|
||||
p11-kit: the CKA_TRUSTED attribute is not valid for the object
|
||||
p11-kit: couldn't create object: Certain fields have invalid values
|
||||
|
||||
|
||||
Expected results:
|
||||
Certificate is stored in trust place.
|
|
@ -0,0 +1,59 @@
|
|||
#!/bin/bash
|
||||
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# runtest.sh of /CoreOS/p11-kit/trust-anchor-complains-about-invalid-attribute-and
|
||||
# Description: Test for trust anchor complains about invalid attribute and
|
||||
# Author: Hubert Kario <hkario@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2017 Red Hat, Inc.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
# Include Beaker environment
|
||||
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||
|
||||
PACKAGE="p11-kit"
|
||||
|
||||
rlJournalStart
|
||||
rlPhaseStartSetup
|
||||
rlAssertRpm $PACKAGE
|
||||
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
|
||||
rlRun "pushd $TmpDir"
|
||||
rlRun "rlFileBackup --clean /etc/pki"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest
|
||||
DUMMY_MAKER_BIN="/etc/pki/tls/certs/make-dummy-cert"
|
||||
[ -x /usr/bin/make-dummy-cert ] && DUMMY_MAKER_BIN="/usr/bin/make-dummy-cert"
|
||||
rlRun "$DUMMY_MAKER_BIN mycert-tmp.pem"
|
||||
rlRun "openssl x509 -in mycert-tmp.pem -addtrust clientAuth -addtrust serverAuth -addtrust emailProtection -out mycert.pem"
|
||||
rlAssertNotExists "/etc/pki/ca-trust/source/localhost.localdomain.p11-kit"
|
||||
rlRun -s "trust anchor --store mycert.pem"
|
||||
rlAssertNotGrep "p11-kit:" $rlRun_LOG
|
||||
rlAssertExists "/etc/pki/ca-trust/source/localhost.localdomain.p11-kit"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartCleanup
|
||||
rlRun "popd"
|
||||
rlRun "rlFileRestore"
|
||||
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
|
||||
rlPhaseEnd
|
||||
rlJournalPrintText
|
||||
rlJournalEnd
|
Loading…
Reference in New Issue