Compare commits
6 Commits
Author | SHA1 | Date |
---|---|---|
Daiki Ueno | 0a0733c6ad | |
Daiki Ueno | d5c89a7c44 | |
Daiki Ueno | b77f2071ea | |
Daiki Ueno | f01ab0e8f0 | |
Daiki Ueno | 3f79a161f3 | |
Stef Walter | 997755350b |
|
@ -3,3 +3,17 @@
|
|||
/*.src.rpm
|
||||
/p11-kit-0.*/
|
||||
/x86_64/
|
||||
/trust-extract-compat
|
||||
/p11-kit-0.23.9.tar.gz
|
||||
/p11-kit-client.service
|
||||
/trust-extract-compat
|
||||
/p11-kit-0.23.9.tar.gz
|
||||
/p11-kit-client.service
|
||||
/trust-extract-compat
|
||||
/p11-kit-0.23.10.tar.gz
|
||||
/p11-kit-client.service
|
||||
/trust-extract-compat
|
||||
/p11-kit-0.23.12.tar.gz
|
||||
/p11-kit-client.service
|
||||
/trust-extract-compat
|
||||
/p11-kit-0.23.14.tar.gz
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
[Unit]
|
||||
Description=p11-kit client
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=true
|
||||
RuntimeDirectory=p11-kit
|
||||
ExecStart=/usr/bin/true
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
30
p11-kit.spec
30
p11-kit.spec
|
@ -1,17 +1,22 @@
|
|||
# This spec file has been automatically updated
|
||||
Version: 0.23.14
|
||||
Release: 1%{?dist}
|
||||
Name: p11-kit
|
||||
Version: 0.23.8
|
||||
Release: 1%{?dist}
|
||||
Summary: Library for loading and sharing PKCS#11 modules
|
||||
|
||||
License: BSD
|
||||
URL: http://p11-glue.freedesktop.org/p11-kit.html
|
||||
Source0: https://github.com/p11-glue/p11-kit/releases/download/%{version}/p11-kit-%{version}.tar.gz
|
||||
Source1: trust-extract-compat
|
||||
Source2: p11-kit-client.service
|
||||
|
||||
BuildRequires: libtasn1-devel >= 2.3
|
||||
BuildRequires: libffi-devel
|
||||
BuildRequires: gtk-doc
|
||||
BuildRequires: systemd
|
||||
# Work around for https://bugzilla.redhat.com/show_bug.cgi?id=1497147
|
||||
# Remove this once it is fixed
|
||||
BuildRequires: pkgconfig(glib-2.0)
|
||||
|
||||
%description
|
||||
p11-kit provides a way to load and enumerate PKCS#11 modules, as well
|
||||
|
@ -60,7 +65,7 @@ feature is still experimental.
|
|||
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%autosetup -p1
|
||||
|
||||
%build
|
||||
# These paths are the source paths that come from the plan here:
|
||||
|
@ -76,6 +81,8 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/pkcs11/*.la
|
|||
install -p -m 755 %{SOURCE1} $RPM_BUILD_ROOT%{_libexecdir}/p11-kit/
|
||||
# Install the example conf with %%doc instead
|
||||
rm $RPM_BUILD_ROOT%{_sysconfdir}/pkcs11/pkcs11.conf.example
|
||||
mkdir -p $RPM_BUILD_ROOT%{_userunitdir}
|
||||
install -p -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_userunitdir}
|
||||
|
||||
%check
|
||||
make check
|
||||
|
@ -123,16 +130,33 @@ fi
|
|||
%files trust
|
||||
%{_bindir}/trust
|
||||
%dir %{_libdir}/pkcs11
|
||||
%ghost %{_libdir}/libnssckbi.so
|
||||
%{_libdir}/pkcs11/p11-kit-trust.so
|
||||
%{_datadir}/p11-kit/modules/p11-kit-trust.module
|
||||
%{_libexecdir}/p11-kit/trust-extract-compat
|
||||
|
||||
%files server
|
||||
%{_libdir}/pkcs11/p11-kit-client.so
|
||||
%{_userunitdir}/p11-kit-client.service
|
||||
%{_libexecdir}/p11-kit/p11-kit-server
|
||||
|
||||
|
||||
%changelog
|
||||
* Mon Sep 10 2018 Daiki Ueno <dueno@redhat.com> - 0.23.14-1
|
||||
- Update to upstream 0.23.14 release
|
||||
|
||||
* Wed May 30 2018 Daiki Ueno <dueno@redhat.com> - 0.23.12-1
|
||||
- Update to upstream 0.23.11 release
|
||||
|
||||
* Wed Feb 28 2018 Daiki Ueno <dueno@redhat.com> - 0.23.10-1
|
||||
- Update to upstream 0.23.10 release
|
||||
|
||||
* Thu Oct 05 2017 Daiki Ueno <dueno@redhat.com> - 0.23.9-2
|
||||
- server: Make it possible to eval envvar settings
|
||||
|
||||
* Wed Oct 04 2017 Daiki Ueno <dueno@redhat.com> - 0.23.9-1
|
||||
- Update to upstream 0.23.9 release
|
||||
|
||||
* Tue Aug 15 2017 Daiki Ueno <dueno@redhat.com> - 0.23.8-1
|
||||
- Update to 0.23.8 release
|
||||
|
||||
|
|
4
sources
4
sources
|
@ -1 +1,3 @@
|
|||
SHA512 (p11-kit-0.23.8.tar.gz) = cf3b28e4bed8cc18ef49fa7af1e4ad04f1b97dbd08f1e0bab07c280f0aa35306c01e35896bc990c9ed7bdecd6c5ce697ccb95288ef04dd3740db384343ea2f24
|
||||
SHA512 (p11-kit-client.service) = 0f08618851c6eafb35c630957044fc96324be4d3828cdd2aa9b5d6e1245549197ca5b969d6a2f735c893d73c02e885cdc3205bd43e37f6124ebc6cfa61970d3b
|
||||
SHA512 (trust-extract-compat) = 91210705f9bcf1a13c0de1ca9943e3ac68296bfcb7953fc59241de060247b470b39be6e914dd4d92e38a78d5df0962c83315ad78f8c0eade8e62d884b05fdd42
|
||||
SHA512 (p11-kit-0.23.14.tar.gz) = fc7e7e0745d7f8e5d783a1f38bad9bbe65b56d54897b6ba2c3118a0d912451c2d48dd113a875e7f7bfcff8fbd6b4905472fcd120630661c12029a16d2b13add4
|
||||
|
|
|
@ -0,0 +1,2 @@
|
|||
*.retry
|
||||
artifacts/
|
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
# This first play always runs on the local staging system
|
||||
- hosts: localhost
|
||||
roles:
|
||||
- role: standard-test-beakerlib
|
||||
tags:
|
||||
- classic
|
||||
- atomic
|
||||
- container
|
||||
tests:
|
||||
- trust-anchor-complains-about-invalid-attribute-and
|
||||
required_packages:
|
||||
- openssl
|
||||
- p11-kit
|
|
@ -0,0 +1,64 @@
|
|||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Makefile of /CoreOS/p11-kit/trust-anchor-complains-about-invalid-attribute-and
|
||||
# Description: Test for trust anchor complains about invalid attribute and
|
||||
# Author: Hubert Kario <hkario@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2017 Red Hat, Inc.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
export TEST=/CoreOS/p11-kit/trust-anchor-complains-about-invalid-attribute-and
|
||||
export TESTVERSION=1.0
|
||||
|
||||
BUILT_FILES=
|
||||
|
||||
FILES=$(METADATA) runtest.sh Makefile PURPOSE
|
||||
|
||||
.PHONY: all install download clean
|
||||
|
||||
run: $(FILES) build
|
||||
./runtest.sh
|
||||
|
||||
build: $(BUILT_FILES)
|
||||
test -x runtest.sh || chmod a+x runtest.sh
|
||||
|
||||
clean:
|
||||
rm -f *~ $(BUILT_FILES)
|
||||
|
||||
|
||||
include /usr/share/rhts/lib/rhts-make.include
|
||||
|
||||
$(METADATA): Makefile
|
||||
@echo "Owner: Hubert Kario <hkario@redhat.com>" > $(METADATA)
|
||||
@echo "Name: $(TEST)" >> $(METADATA)
|
||||
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||
@echo "Description: Test for trust anchor complains about invalid attribute and" >> $(METADATA)
|
||||
@echo "Type: Regression" >> $(METADATA)
|
||||
@echo "TestTime: 2m" >> $(METADATA)
|
||||
@echo "RunFor: p11-kit" >> $(METADATA)
|
||||
@echo "Requires: openssl p11-kit" >> $(METADATA)
|
||||
@echo "Priority: Normal" >> $(METADATA)
|
||||
@echo "License: GPLv2" >> $(METADATA)
|
||||
@echo "Confidential: no" >> $(METADATA)
|
||||
@echo "Destructive: no" >> $(METADATA)
|
||||
@echo "Releases: -RHEL4 -RHEL6 -RHELClient5 -RHELServer5" >> $(METADATA)
|
||||
|
||||
rhts-lint $(METADATA)
|
|
@ -0,0 +1,17 @@
|
|||
PURPOSE of /CoreOS/p11-kit/trust-anchor-complains-about-invalid-attribute-and
|
||||
Description: Test for trust anchor complains about invalid attribute and
|
||||
Author: Hubert Kario <hkario@redhat.com>
|
||||
Bug summary: trust anchor complains about invalid attribute and fails when a new certificate tries to store into trust place
|
||||
|
||||
Steps to Reproduce:
|
||||
1. /etc/pki/tls/certs/make-dummy-cert mycert-tmp.pem
|
||||
2. openssl x509 -in mycert-tmp.pem -addtrust clientAuth -addtrust serverAuth -addtrust emailProtection -out mycert.pem
|
||||
3. trust anchor --store mycert.pem
|
||||
|
||||
Actual results:
|
||||
p11-kit: the CKA_TRUSTED attribute is not valid for the object
|
||||
p11-kit: couldn't create object: Certain fields have invalid values
|
||||
|
||||
|
||||
Expected results:
|
||||
Certificate is stored in trust place.
|
|
@ -0,0 +1,59 @@
|
|||
#!/bin/bash
|
||||
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# runtest.sh of /CoreOS/p11-kit/trust-anchor-complains-about-invalid-attribute-and
|
||||
# Description: Test for trust anchor complains about invalid attribute and
|
||||
# Author: Hubert Kario <hkario@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2017 Red Hat, Inc.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
# Include Beaker environment
|
||||
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||
|
||||
PACKAGE="p11-kit"
|
||||
|
||||
rlJournalStart
|
||||
rlPhaseStartSetup
|
||||
rlAssertRpm $PACKAGE
|
||||
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
|
||||
rlRun "pushd $TmpDir"
|
||||
rlRun "rlFileBackup --clean /etc/pki"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest
|
||||
DUMMY_MAKER_BIN="/etc/pki/tls/certs/make-dummy-cert"
|
||||
[ -x /usr/bin/make-dummy-cert ] && DUMMY_MAKER_BIN="/usr/bin/make-dummy-cert"
|
||||
rlRun "$DUMMY_MAKER_BIN mycert-tmp.pem"
|
||||
rlRun "openssl x509 -in mycert-tmp.pem -addtrust clientAuth -addtrust serverAuth -addtrust emailProtection -out mycert.pem"
|
||||
rlAssertNotExists "/etc/pki/ca-trust/source/localhost.localdomain.p11-kit"
|
||||
rlRun -s "trust anchor --store mycert.pem"
|
||||
rlAssertNotGrep "p11-kit:" $rlRun_LOG
|
||||
rlAssertExists "/etc/pki/ca-trust/source/localhost.localdomain.p11-kit"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartCleanup
|
||||
rlRun "popd"
|
||||
rlRun "rlFileRestore"
|
||||
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
|
||||
rlPhaseEnd
|
||||
rlJournalPrintText
|
||||
rlJournalEnd
|
Loading…
Reference in New Issue