Update to 0.23.14-1

- Update to upstream 0.23.14 release

.gitignore

@@ -3,3 +3,17 @@
 /*.src.rpm
 /p11-kit-0.*/
 /x86_64/
+/trust-extract-compat
+/p11-kit-0.23.9.tar.gz
+/p11-kit-client.service
+/trust-extract-compat
+/p11-kit-0.23.9.tar.gz
+/p11-kit-client.service
+/trust-extract-compat
+/p11-kit-0.23.10.tar.gz
+/p11-kit-client.service
+/trust-extract-compat
+/p11-kit-0.23.12.tar.gz
+/p11-kit-client.service
+/trust-extract-compat
+/p11-kit-0.23.14.tar.gz

p11-kit-client.service

@@ -0,0 +1,11 @@
+[Unit]
+Description=p11-kit client
+
+[Service]
+Type=oneshot
+RemainAfterExit=true
+RuntimeDirectory=p11-kit
+ExecStart=/usr/bin/true
+
+[Install]
+WantedBy=default.target

p11-kit.spec

@@ -1,17 +1,22 @@
+# This spec file has been automatically updated
+Version:	0.23.14
+Release: 1%{?dist}
 Name:           p11-kit
-Version:        0.23.8
-Release:        1%{?dist}
 Summary:        Library for loading and sharing PKCS#11 modules
 
 License:        BSD
 URL:            http://p11-glue.freedesktop.org/p11-kit.html
 Source0:        https://github.com/p11-glue/p11-kit/releases/download/%{version}/p11-kit-%{version}.tar.gz
 Source1:        trust-extract-compat
+Source2:	p11-kit-client.service
 
 BuildRequires:  libtasn1-devel >= 2.3
 BuildRequires:  libffi-devel
 BuildRequires:  gtk-doc
 BuildRequires:	systemd
+# Work around for https://bugzilla.redhat.com/show_bug.cgi?id=1497147
+# Remove this once it is fixed
+BuildRequires:  pkgconfig(glib-2.0)
 
 %description
 p11-kit provides a way to load and enumerate PKCS#11 modules, as well
@@ -60,7 +65,7 @@ feature is still experimental.
 
 
 %prep
-%setup -q
+%autosetup -p1
 
 %build
 # These paths are the source paths that  come from the plan here:
@@ -76,6 +81,8 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/pkcs11/*.la
 install -p -m 755 %{SOURCE1} $RPM_BUILD_ROOT%{_libexecdir}/p11-kit/
 # Install the example conf with %%doc instead
 rm $RPM_BUILD_ROOT%{_sysconfdir}/pkcs11/pkcs11.conf.example
+mkdir -p $RPM_BUILD_ROOT%{_userunitdir}
+install -p -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_userunitdir}
 
 %check
 make check
@@ -123,16 +130,33 @@ fi
 %files trust
 %{_bindir}/trust
 %dir %{_libdir}/pkcs11
+%ghost %{_libdir}/libnssckbi.so
 %{_libdir}/pkcs11/p11-kit-trust.so
 %{_datadir}/p11-kit/modules/p11-kit-trust.module
 %{_libexecdir}/p11-kit/trust-extract-compat
 
 %files server
 %{_libdir}/pkcs11/p11-kit-client.so
+%{_userunitdir}/p11-kit-client.service
 %{_libexecdir}/p11-kit/p11-kit-server
 
 
 %changelog
+* Mon Sep 10 2018 Daiki Ueno <dueno@redhat.com> - 0.23.14-1
+- Update to upstream 0.23.14 release
+
+* Wed May 30 2018 Daiki Ueno <dueno@redhat.com> - 0.23.12-1
+- Update to upstream 0.23.11 release
+
+* Wed Feb 28 2018 Daiki Ueno <dueno@redhat.com> - 0.23.10-1
+- Update to upstream 0.23.10 release
+
+* Thu Oct 05 2017 Daiki Ueno <dueno@redhat.com> - 0.23.9-2
+- server: Make it possible to eval envvar settings
+
+* Wed Oct 04 2017 Daiki Ueno <dueno@redhat.com> - 0.23.9-1
+- Update to upstream 0.23.9 release
+
 * Tue Aug 15 2017 Daiki Ueno <dueno@redhat.com> - 0.23.8-1
 - Update to 0.23.8 release
 

sources

@@ -1 +1,3 @@
-SHA512 (p11-kit-0.23.8.tar.gz) = cf3b28e4bed8cc18ef49fa7af1e4ad04f1b97dbd08f1e0bab07c280f0aa35306c01e35896bc990c9ed7bdecd6c5ce697ccb95288ef04dd3740db384343ea2f24
+SHA512 (p11-kit-client.service) = 0f08618851c6eafb35c630957044fc96324be4d3828cdd2aa9b5d6e1245549197ca5b969d6a2f735c893d73c02e885cdc3205bd43e37f6124ebc6cfa61970d3b
+SHA512 (trust-extract-compat) = 91210705f9bcf1a13c0de1ca9943e3ac68296bfcb7953fc59241de060247b470b39be6e914dd4d92e38a78d5df0962c83315ad78f8c0eade8e62d884b05fdd42
+SHA512 (p11-kit-0.23.14.tar.gz) = fc7e7e0745d7f8e5d783a1f38bad9bbe65b56d54897b6ba2c3118a0d912451c2d48dd113a875e7f7bfcff8fbd6b4905472fcd120630661c12029a16d2b13add4

tests/.gitignore

@@ -0,0 +1,2 @@
+*.retry
+artifacts/

tests/tests.yml

@@ -0,0 +1,14 @@
+---
+# This first play always runs on the local staging system
+- hosts: localhost
+  roles:
+  - role: standard-test-beakerlib
+    tags:
+    - classic
+    - atomic
+    - container
+    tests:
+    - trust-anchor-complains-about-invalid-attribute-and
+    required_packages:
+    - openssl
+    - p11-kit

tests/trust-anchor-complains-about-invalid-attribute-and/Makefile

@@ -0,0 +1,64 @@
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Makefile of /CoreOS/p11-kit/trust-anchor-complains-about-invalid-attribute-and
+#   Description: Test for trust anchor complains about invalid attribute and
+#   Author: Hubert Kario <hkario@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2017 Red Hat, Inc.
+#
+#   This copyrighted material is made available to anyone wishing
+#   to use, modify, copy, or redistribute it subject to the terms
+#   and conditions of the GNU General Public License version 2.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE. See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public
+#   License along with this program; if not, write to the Free
+#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+#   Boston, MA 02110-1301, USA.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+export TEST=/CoreOS/p11-kit/trust-anchor-complains-about-invalid-attribute-and
+export TESTVERSION=1.0
+
+BUILT_FILES=
+
+FILES=$(METADATA) runtest.sh Makefile PURPOSE
+
+.PHONY: all install download clean
+
+run: $(FILES) build
+	./runtest.sh
+
+build: $(BUILT_FILES)
+	test -x runtest.sh || chmod a+x runtest.sh
+
+clean:
+	rm -f *~ $(BUILT_FILES)
+
+
+include /usr/share/rhts/lib/rhts-make.include
+
+$(METADATA): Makefile
+	@echo "Owner:           Hubert Kario <hkario@redhat.com>" > $(METADATA)
+	@echo "Name:            $(TEST)" >> $(METADATA)
+	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
+	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
+	@echo "Description:     Test for trust anchor complains about invalid attribute and" >> $(METADATA)
+	@echo "Type:            Regression" >> $(METADATA)
+	@echo "TestTime:        2m" >> $(METADATA)
+	@echo "RunFor:          p11-kit" >> $(METADATA)
+	@echo "Requires:        openssl p11-kit" >> $(METADATA)
+	@echo "Priority:        Normal" >> $(METADATA)
+	@echo "License:         GPLv2" >> $(METADATA)
+	@echo "Confidential:    no" >> $(METADATA)
+	@echo "Destructive:     no" >> $(METADATA)
+	@echo "Releases:        -RHEL4 -RHEL6 -RHELClient5 -RHELServer5" >> $(METADATA)
+
+	rhts-lint $(METADATA)

tests/trust-anchor-complains-about-invalid-attribute-and/PURPOSE

@@ -0,0 +1,17 @@
+PURPOSE of /CoreOS/p11-kit/trust-anchor-complains-about-invalid-attribute-and
+Description: Test for trust anchor complains about invalid attribute and
+Author: Hubert Kario <hkario@redhat.com>
+Bug summary: trust anchor complains about invalid attribute and fails when a new certificate tries to store into trust place
+
+Steps to Reproduce:
+1. /etc/pki/tls/certs/make-dummy-cert mycert-tmp.pem
+2. openssl x509 -in mycert-tmp.pem -addtrust clientAuth -addtrust serverAuth -addtrust emailProtection -out mycert.pem
+3. trust anchor --store mycert.pem
+
+Actual results:
+p11-kit: the CKA_TRUSTED attribute is not valid for the object
+p11-kit: couldn't create object: Certain fields have invalid values
+
+
+Expected results:
+Certificate is stored in trust place.

tests/trust-anchor-complains-about-invalid-attribute-and/runtest.sh

@@ -0,0 +1,59 @@
+#!/bin/bash
+# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   runtest.sh of /CoreOS/p11-kit/trust-anchor-complains-about-invalid-attribute-and
+#   Description: Test for trust anchor complains about invalid attribute and
+#   Author: Hubert Kario <hkario@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2017 Red Hat, Inc.
+#
+#   This copyrighted material is made available to anyone wishing
+#   to use, modify, copy, or redistribute it subject to the terms
+#   and conditions of the GNU General Public License version 2.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE. See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public
+#   License along with this program; if not, write to the Free
+#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+#   Boston, MA 02110-1301, USA.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+# Include Beaker environment
+. /usr/share/beakerlib/beakerlib.sh || exit 1
+
+PACKAGE="p11-kit"
+
+rlJournalStart
+    rlPhaseStartSetup
+        rlAssertRpm $PACKAGE
+        rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
+        rlRun "pushd $TmpDir"
+        rlRun "rlFileBackup --clean /etc/pki"
+    rlPhaseEnd
+
+    rlPhaseStartTest
+        DUMMY_MAKER_BIN="/etc/pki/tls/certs/make-dummy-cert"
+        [ -x /usr/bin/make-dummy-cert ] && DUMMY_MAKER_BIN="/usr/bin/make-dummy-cert"
+        rlRun "$DUMMY_MAKER_BIN mycert-tmp.pem"
+        rlRun "openssl x509 -in mycert-tmp.pem -addtrust clientAuth -addtrust serverAuth -addtrust emailProtection -out mycert.pem"
+        rlAssertNotExists "/etc/pki/ca-trust/source/localhost.localdomain.p11-kit"
+        rlRun -s "trust anchor --store mycert.pem"
+        rlAssertNotGrep "p11-kit:" $rlRun_LOG
+        rlAssertExists "/etc/pki/ca-trust/source/localhost.localdomain.p11-kit"
+    rlPhaseEnd
+
+    rlPhaseStartCleanup
+        rlRun "popd"
+        rlRun "rlFileRestore"
+        rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+    rlPhaseEnd
+rlJournalPrintText
+rlJournalEnd