2 Summary: Central Key Manager and utilities
6 License: Apache-2.0 and BSL-1.0
7 Source0: %{name}-%{version}.tar.gz
8 Source1001: key-manager.manifest
9 Source1002: key-manager-pam-plugin.manifest
10 Source1003: key-manager-listener.manifest
11 Source1004: libkey-manager-client.manifest
12 Source1005: libkey-manager-client-devel.manifest
13 Source1006: libkey-manager-common.manifest
14 Source1007: key-manager-tests.manifest
17 BuildRequires: pkgconfig(dlog)
18 BuildRequires: pkgconfig(openssl)
19 BuildRequires: libattr-devel
20 BuildRequires: pkgconfig(libsmack)
21 BuildRequires: pkgconfig(libsystemd-daemon)
22 BuildRequires: pkgconfig(libsystemd-journal)
23 BuildRequires: pkgconfig(libxml-2.0)
24 BuildRequires: pkgconfig(capi-system-info)
25 BuildRequires: pkgconfig(security-manager)
26 BuildRequires: pkgconfig(cynara-client-async)
27 BuildRequires: pkgconfig(cynara-creds-socket)
28 BuildRequires: boost-devel
29 Requires(pre): pwdutils
30 Requires(postun): pwdutils
31 Requires: libkey-manager-common = %{version}-%{release}
34 %global user_name key-manager
35 %global group_name key-manager
36 %global service_name key-manager
38 %global smack_domain_name System
41 Central Key Manager daemon could be used as secure storage
42 for certificate and private/public keys. It gives API for
43 application to sign and verify (DSA/RSA/ECDSA) signatures.
45 %package -n key-manager-listener
46 Summary: Package with listener daemon
47 Group: System/Security
48 BuildRequires: pkgconfig(glib-2.0)
49 BuildRequires: pkgconfig(dlog)
50 BuildRequires: pkgconfig(capi-appfw-package-manager)
51 Requires: libkey-manager-client = %{version}-%{release}
53 %description -n key-manager-listener
54 Listener for central key manager. This daemon is responsible for
55 receive notification from dbus about uninstall application
56 and pass them to key-manager daemon.
58 %package -n libkey-manager-common
59 Summary: Central Key Manager (common libraries)
60 Group: Development/Libraries
61 Requires(post): /sbin/ldconfig
62 Requires(postun): /sbin/ldconfig
64 %description -n libkey-manager-common
65 Central Key Manager package (common library)
67 %package -n libkey-manager-client
68 Summary: Central Key Manager (client)
69 Group: Development/Libraries
70 Requires: key-manager = %{version}-%{release}
71 Requires: libkey-manager-common = %{version}-%{release}
72 Requires(post): /sbin/ldconfig
73 Requires(postun): /sbin/ldconfig
75 %description -n libkey-manager-client
76 Central Key Manager package (client)
78 %package -n libkey-manager-client-devel
79 Summary: Central Key Manager (client-devel)
80 Group: Development/Libraries
81 BuildRequires: pkgconfig(capi-base-common)
82 Requires: pkgconfig(capi-base-common)
83 Requires: libkey-manager-client = %{version}-%{release}
85 %description -n libkey-manager-client-devel
86 Central Key Manager package (client-devel)
88 %package -n key-manager-tests
89 Summary: Internal test for key-manager
91 BuildRequires: pkgconfig(libxml-2.0)
93 Requires: key-manager = %{version}-%{release}
95 %description -n key-manager-tests
96 Internal test for key-manager implementation.
98 %package -n key-manager-pam-plugin
99 Summary: CKM login/password module to PAM
100 Group: Development/Libraries
101 BuildRequires: pam-devel
102 Requires: key-manager = %{version}-%{release}
103 Requires(post): /sbin/ldconfig
104 Requires(postun): /sbin/ldconfig
106 %description -n key-manager-pam-plugin
107 CKM login/password module to PAM. Used to monitor user login/logout
108 and password change events from PAM
113 cp -a %{SOURCE1001} .
114 cp -a %{SOURCE1002} .
115 cp -a %{SOURCE1003} .
116 cp -a %{SOURCE1004} .
117 cp -a %{SOURCE1005} .
118 cp -a %{SOURCE1006} .
119 cp -a %{SOURCE1007} .
122 %if 0%{?sec_build_binary_debug_enable}
123 export CFLAGS="$CFLAGS -DTIZEN_DEBUG_ENABLE"
124 export CXXFLAGS="$CXXFLAGS -DTIZEN_DEBUG_ENABLE"
125 export FFLAGS="$FFLAGS -DTIZEN_DEBUG_ENABLE"
129 export LDFLAGS+="-Wl,--rpath=%{_libdir},-Bsymbolic-functions "
131 %cmake . -DVERSION=%{version} \
132 -DCMAKE_BUILD_TYPE=%{?build_type:%build_type}%{!?build_type:RELEASE} \
133 -DCMAKE_VERBOSE_MAKEFILE=ON \
134 -DSYSTEMD_UNIT_DIR=%{_unitdir} \
135 -DSYSTEMD_ENV_FILE="/etc/sysconfig/central-key-manager" \
136 -DRUN_DIR:PATH=%{_rundir} \
137 -DSERVICE_NAME=%{service_name} \
138 -DUSER_NAME=%{user_name} \
139 -DGROUP_NAME=%{group_name} \
140 -DSMACK_DOMAIN_NAME=%{smack_domain_name} \
141 -DMOCKUP_SM=%{?mockup_sm:%mockup_sm}%{!?mockup_sm:OFF}
143 make %{?jobs:-j%jobs}
147 mkdir -p %{buildroot}/opt/data/ckm/initial_values
148 mkdir -p %{buildroot}/etc/security/
149 mkdir -p %{buildroot}/usr/share/ckm/scripts
150 mkdir -p %{buildroot}/etc/gumd/userdel.d/
151 cp data/scripts/*.sql %{buildroot}/usr/share/ckm/scripts
152 cp doc/initial_values.xsd %{buildroot}/usr/share/ckm
153 cp doc/sw_key.xsd %{buildroot}/usr/share/ckm
154 cp data/gumd/10_key-manager.post %{buildroot}/etc/gumd/userdel.d/
156 mkdir -p %{buildroot}/usr/share/ckm-db-test
157 cp tests/testme_ver1.db %{buildroot}/usr/share/ckm-db-test/
158 cp tests/testme_ver2.db %{buildroot}/usr/share/ckm-db-test/
159 cp tests/testme_ver3.db %{buildroot}/usr/share/ckm-db-test/
160 cp tests/XML_1_okay.xml %{buildroot}/usr/share/ckm-db-test/
161 cp tests/XML_1_okay.xsd %{buildroot}/usr/share/ckm-db-test/
162 cp tests/XML_1_wrong.xml %{buildroot}/usr/share/ckm-db-test/
163 cp tests/XML_1_wrong.xsd %{buildroot}/usr/share/ckm-db-test/
164 cp tests/XML_2_structure.xml %{buildroot}/usr/share/ckm-db-test/
165 cp tests/XML_3_encrypted.xml %{buildroot}/usr/share/ckm-db-test/
166 cp tests/XML_3_encrypted.xsd %{buildroot}/usr/share/ckm-db-test/
167 cp tests/XML_4_device_key.xml %{buildroot}/usr/share/ckm-db-test/
168 cp tests/XML_4_device_key.xsd %{buildroot}/usr/share/ckm-db-test/
169 cp tests/encryption-scheme/db/db-7654 %{buildroot}/usr/share/ckm-db-test/db-7654
170 cp tests/encryption-scheme/db/db-key-7654 %{buildroot}/usr/share/ckm-db-test/db-key-7654
171 cp tests/encryption-scheme/db/key-7654 %{buildroot}/usr/share/ckm-db-test/key-7654
174 %install_service multi-user.target.wants central-key-manager.service
175 %install_service multi-user.target.wants central-key-manager-listener.service
176 %install_service sockets.target.wants central-key-manager-api-control.socket
177 %install_service sockets.target.wants central-key-manager-api-storage.socket
178 %install_service sockets.target.wants central-key-manager-api-ocsp.socket
179 %install_service sockets.target.wants central-key-manager-api-encryption.socket
182 # User/group (key-manager/key-manager) should be already added in passwd package.
183 # This is our backup plan if passwd package will not be configured correctly.
184 id -g %{group_name} > /dev/null 2>&1
185 if [ $? -eq 1 ]; then
186 groupadd %{group_name} -r > /dev/null 2>&1
189 id -u %{user_name} > /dev/null 2>&1
190 if [ $? -eq 1 ]; then
191 useradd -d /var/lib/empty -s /sbin/nologin -r -g %{group_name} %{user_name} > /dev/null 2>&1
198 systemctl daemon-reload
201 systemctl start central-key-manager.service
207 # In ckm version <= 0.1.18 all files were owned by root.
208 find /opt/data/ckm -exec chsmack -a %{smack_domain_name} {} \;
209 chown %{user_name}:%{group_name} -R /opt/data/ckm
210 systemctl restart central-key-manager.service
217 systemctl stop central-key-manager.service
223 systemctl daemon-reload
226 %post -n libkey-manager-common -p /sbin/ldconfig
227 %post -n libkey-manager-client -p /sbin/ldconfig
228 %postun -n libkey-manager-common -p /sbin/ldconfig
229 %postun -n libkey-manager-client -p /sbin/ldconfig
231 %post -n key-manager-listener
232 systemctl daemon-reload
235 systemctl start central-key-manager-listener.service
239 systemctl restart central-key-manager-listener.service
242 %preun -n key-manager-listener
245 systemctl stop central-key-manager-listener.service
248 %postun -n key-manager-listener
251 systemctl daemon-reload
255 %files -n key-manager
256 %manifest key-manager.manifest
258 %license LICENSE.BSL-1.0
259 %{_bindir}/key-manager
260 %{_unitdir}/multi-user.target.wants/central-key-manager.service
261 %{_unitdir}/central-key-manager.service
262 %{_unitdir}/central-key-manager.target
263 %{_unitdir}/sockets.target.wants/central-key-manager-api-control.socket
264 %{_unitdir}/central-key-manager-api-control.socket
265 %{_unitdir}/sockets.target.wants/central-key-manager-api-storage.socket
266 %{_unitdir}/central-key-manager-api-storage.socket
267 %{_unitdir}/sockets.target.wants/central-key-manager-api-ocsp.socket
268 %{_unitdir}/central-key-manager-api-ocsp.socket
269 %{_unitdir}/sockets.target.wants/central-key-manager-api-encryption.socket
270 %{_unitdir}/central-key-manager-api-encryption.socket
272 %{_datadir}/ckm/initial_values.xsd
273 %{_datadir}/ckm/sw_key.xsd
274 %attr(770, %{user_name}, %{group_name}) /opt/data/ckm/
275 %attr(770, %{user_name}, %{group_name}) /opt/data/ckm/initial_values/
276 %{_datadir}/ckm/scripts/*.sql
277 /etc/opt/upgrade/230.key-manager-migrate-dkek.patch.sh
278 /etc/opt/upgrade/231.key-manager-change-user.patch.sh
279 /etc/gumd/userdel.d/10_key-manager.post
282 %files -n key-manager-pam-plugin
283 %manifest key-manager-pam-plugin.manifest
284 %{_libdir}/security/pam_key_manager_plugin.so*
286 %files -n key-manager-listener
287 %manifest key-manager-listener.manifest
288 %{_bindir}/key-manager-listener
289 %{_unitdir}/multi-user.target.wants/central-key-manager-listener.service
290 %{_unitdir}/central-key-manager-listener.service
292 %files -n libkey-manager-common
293 %manifest libkey-manager-common.manifest
294 %{_libdir}/libkey-manager-common.so.*
296 %files -n libkey-manager-client
297 %manifest libkey-manager-client.manifest
299 %{_libdir}/libkey-manager-client.so.*
300 %{_libdir}/libkey-manager-control-client.so.*
302 %files -n libkey-manager-client-devel
303 %manifest libkey-manager-client-devel.manifest
304 %{_libdir}/libkey-manager-client.so
305 %{_libdir}/libkey-manager-control-client.so
306 %{_libdir}/libkey-manager-common.so
307 %{_includedir}/ckm/ckm/ckm-manager.h
308 %{_includedir}/ckm/ckm/ckm-manager-async.h
309 %{_includedir}/ckm/ckm/ckm-certificate.h
310 %{_includedir}/ckm/ckm/ckm-control.h
311 %{_includedir}/ckm/ckm/ckm-error.h
312 %{_includedir}/ckm/ckm/ckm-key.h
313 %{_includedir}/ckm/ckm/ckm-password.h
314 %{_includedir}/ckm/ckm/ckm-pkcs12.h
315 %{_includedir}/ckm/ckm/ckm-raw-buffer.h
316 %{_includedir}/ckm/ckm/ckm-type.h
317 %{_includedir}/ckm/ckmc/ckmc-manager.h
318 %{_includedir}/ckm/ckmc/ckmc-control.h
319 %{_includedir}/ckm/ckmc/ckmc-error.h
320 %{_includedir}/ckm/ckmc/ckmc-type.h
321 %{_libdir}/pkgconfig/*.pc
323 %files -n key-manager-tests
324 %manifest key-manager-tests.manifest
325 %{_bindir}/ckm-tests-internal
326 %dir %{_datadir}/ckm-db-test
327 %{_datadir}/ckm-db-test/testme_ver1.db
328 %{_datadir}/ckm-db-test/testme_ver2.db
329 %{_datadir}/ckm-db-test/testme_ver3.db
330 %{_datadir}/ckm-db-test/XML_1_okay.xml
331 %{_datadir}/ckm-db-test/XML_1_okay.xsd
332 %{_datadir}/ckm-db-test/XML_1_wrong.xml
333 %{_datadir}/ckm-db-test/XML_1_wrong.xsd
334 %{_datadir}/ckm-db-test/XML_2_structure.xml
335 %{_datadir}/ckm-db-test/XML_3_encrypted.xml
336 %{_datadir}/ckm-db-test/XML_3_encrypted.xsd
337 %{_datadir}/ckm-db-test/XML_4_device_key.xml
338 %{_datadir}/ckm-db-test/XML_4_device_key.xsd
339 %{_datadir}/ckm-db-test/db-7654
340 %{_datadir}/ckm-db-test/db-key-7654
341 %{_datadir}/ckm-db-test/key-7654
342 %{_datadir}/ckm-db-test/encryption-scheme.p12
343 %{_bindir}/ckm_so_loader
344 %{_bindir}/ckm_db_tool
345 %{_bindir}/ckm_generate_db