Репозиторий Sisyphus
Последнее обновление: 17 января 2018 | Пакетов: 18252 | Посещений: 10794358
en ru br
Репозитории ALT
S:0.6.9-alt30
5.1: 0.6.1-alt5
www.altlinux.org/Changes

Группа :: Система/Основа
Пакет: pam_pkcs11

 Главная   Изменения   Спек   Патчи   Sources   Загрузить   Gear   Bugs and FR  Repocop 

# vim: set ft=spec: -*- rpm -spec -*-

Name: pam_pkcs11
Version: 0.6.9
Release: alt17

Summary: PKCS #11 PAM Module and Login Tools
Group: System/Base
License: LGPL
Url: https://github.com/OpenSC/pam_pkcs11

Source: %name-%version.tar
Patch: %name-%version-alt-build.patch
Patch1: %name-%version-docs.patch
Patch2: %name-%version-option-global_ca.patch
Patch3: %name-%version-ru.po.patch
Patch4: %name-%version-buffer.patch
Patch5: %name-%version-ask-pin-later.patch
Patch6: %name-%version-option-ask_pin.patch
Patch7: pam_pkcs11-0.6.9-eventmgr-init-from-token.patch
Patch8: pam_pkcs11-0.6.9-ignore-no-card.patch
Patch9: pam_pkcs11-0.6.9-config-control.patch
Patch10: pam_pkcs11-0.6.9-systemd.patch
Patch11: pam_pkcs11-0.6.9-gost-support.patch
Patch12: pam_pkcs11-0.6.9-oid-mapper.patch
Patch13: pam_pkcs11-0.6.9-oid-mapper-profiles.patch
Patch14: pam_pkcs11-0.6.9-setpin.patch
Patch15: pam_pkcs11-0.6.9-setpin-config.patch
Patch16: pam_pkcs11-0.6.9-sslconf.patch
Patch17: pam_pkcs11-0.6.9-blacklist.patch

%add_findreq_skiplist %_sysconfdir/pam.d/*
Requires: pam-config PAM(pam_mkhomedir.so) PAM(pam_pkcs11.so) PAM(pam_succeed_if.so)
Requires: pcsc-lite pcsc-lite-ccid

BuildRequires: docbook-style-xsl flex libldap-devel libpam-devel libpcsclite-devel libssl-devel xsltproc
BuildRequires: doxygen
BuildRequires: docbook-dtds

BuildPreReq: gcc-c++
# SCARD_READERSTATE_A will change to SCARD_READERSTATE afterwards:
BuildPreReq: libpcsclite-devel >= 1.7.4

%description
This Linux-PAM login module allows a X.509 certificate based user login.
The certificate and its dedicated private key are thereby accessed by
means of an appropriate PKCS #11 module. For the verification of the
user certificates, locally stored CA certificates as well as either
online or locally accessible CRLs are used.

Adittional included pam_pkcs11 related tools:

- pkcs11_eventmgr: Generate actions on card insert/removal/timeout
  events
- pklogin_finder: Get the loginname that maps to a certificate
- pkcs11_inspect: Inspect the contents of a certificate

%package pcsc
Summary: PCSC-Lite extra tools for pam_pkcs11
Group: System/Base
Requires: %name = %version-%release

%description pcsc
This package contains pam_pkcs11 tools that relies on PCSC-Lite library:

- card_eventmgr: Generate card insert/removal events.

%package ldap
Summary: LDAP Cert-to-Login mapper for pam_pkcs11
Group: System/Base
Requires: %name = %version-%release

%description ldap
This package contains a Certificate-To-Login mapper based on queries
to a LDAP server. As it depends on extra libraries, is distributed
as a separate package.

- ldap_mapper.so: LDAP-based mapper module.

%prep
%setup
%patch -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1

# fixup configs

sed -i -e '
s,/usr/lib/pam_pkcs11/,/%_lib/%name/,g;
s,/usr/lib/,%_libdir/,g;
s,/etc/pam_pkcs11/,%_sysconfdir/security/%name/,g;
' etc/*.example doc/*.in doc/*.xml

%build
%autoreconf
# --disable-rpath \
%configure \
--libdir=/%_lib \
--disable-static \
--enable-shared \
--enable-debug \
--with-ldap \
--with-confdir=%_sysconfdir/security/%name \
#
%make_build
cd doc
./generate-api.sh

%install
%makeinstall_std

mkdir -p %buildroot%_sysconfdir/security/%name/{cacerts,crls}
for f in pam_pkcs11.conf card_eventmgr.conf pkcs11_eventmgr.conf; do
 install -pm644 "etc/$f.example" -T "%buildroot%_sysconfdir/security/%name/$f"
done

# Cleanup .la files

rm %buildroot/%_lib/*/*.la

%find_lang %name

%post
[ -e %_sysconfdir/security/%name/openssl.cnf ] || \
   cp -a %_sysconfdir/openssl/openssl.cnf %_sysconfdir/security/%name/

%files -f %name.lang
%doc AUTHORS README
%doc doc/pam_pkcs11.html
%doc doc/mappers_api.html
%doc doc/README.autologin
%doc doc/README.mappers
%dir %_sysconfdir/security/%name
%dir %_sysconfdir/security/%name/cacerts
%dir %_sysconfdir/security/%name/crls
%config(noreplace) %_sysconfdir/security/%name/pam_pkcs11.conf
%config(noreplace) %_sysconfdir/security/%name/pkcs11_eventmgr.conf
%_bindir/pkcs11_eventmgr
%_bindir/pklogin_finder
%_bindir/pkcs11_inspect
%_bindir/pkcs11_listcerts
%_bindir/pkcs11_setup
%_bindir/pkcs11_make_hash_link
%dir /%_lib/%name
/%_lib/%name/openssh_mapper.so
/%_lib/%name/opensc_mapper.so
%_pam_modules_dir/pam_pkcs11.so
%_man1dir/pkcs11_eventmgr.1*
%_man1dir/pkcs11_inspect.1*
%_man1dir/pkcs11_listcerts.1*
%_man1dir/pkcs11_setup.1*
%_man1dir/pklogin_finder.1*
%_man1dir/pkcs11_make_hash_link.1*
%_man8dir/pam_pkcs11.8*
%dir %_datadir/%name
%_datadir/%name/pam_pkcs11.conf.example
%_datadir/%name/pam.d_login.example
%_datadir/%name/subject_mapping.example
%_datadir/%name/mail_mapping.example
%_datadir/%name/digest_mapping.example
%_datadir/%name/pkcs11_eventmgr.conf.example
%dir %_sysconfdir/security/%name/profiles
%config(noreplace) %_sysconfdir/security/%name/profiles/*
%dir %_sysconfdir/security/%name/modules.avail
%config(noreplace) %_sysconfdir/security/%name/modules.avail/*
%dir %_sysconfdir/security/%name/mapping.profiles
%config(noreplace) %_sysconfdir/security/%name/mapping.profiles/*
%_controldir/pam-*
%_controldir/*event*
%config(noreplace) %_sysconfdir/pam.d/*
%_unitdir/*

%files pcsc
%doc doc/README.eventmgr
%config(noreplace) %_sysconfdir/security/%name/card_eventmgr.conf
%_bindir/card_eventmgr
%_mandir/man1/card_eventmgr.1*
%_datadir/%name/card_eventmgr.conf.example

%files ldap
%doc doc/README.ldap_mapper
/%_lib/%name/ldap_mapper.so

%changelog

Полный changelog можно просмотреть здесь

 
дизайн и разработка: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
текущий майнтейнер: Michael Shigorin