blob: 466153c532254a374f5c38b0eef9d840262d4171 [file] [log] [blame]
%define vermajor 1
%define verminor 6.2
%define version %{vermajor}.%{verminor}
%define libapivermajor 1
%define libapiversion %{libapivermajor}.10
# % define buildid .local
Name: keyutils
Version: %{version}
Release: 1%{?buildid}%{?dist}
Summary: Linux Key Management Utilities
License: GPLv2+ and LGPLv2+
Url: http://people.redhat.com/~dhowells/keyutils/
Source0: http://people.redhat.com/~dhowells/keyutils/keyutils-%{version}.tar.bz2
BuildRequires: gcc
BuildRequires: glibc-kernheaders >= 2.4-9.1.92
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%description
Utilities to control the kernel key management facility and to provide
a mechanism by which the kernel call back to user space to get a key
instantiated.
%package libs
Summary: Key utilities library
%description libs
This package provides a wrapper library for the key management facility system
calls.
%package libs-devel
Summary: Development package for building Linux key management utilities
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%description libs-devel
This package provides headers and libraries for building key utilities.
%prep
%setup -q
%define datadir %{_datarootdir}/keyutils
%build
make \
NO_ARLIB=1 \
ETCDIR=%{_sysconfdir} \
LIBDIR=%{_libdir} \
USRLIBDIR=%{_libdir} \
BINDIR=%{_bindir} \
SBINDIR=%{_sbindir} \
MANDIR=%{_mandir} \
INCLUDEDIR=%{_includedir} \
SHAREDIR=%{datadir} \
RELEASE=.%{release} \
NO_GLIBC_KEYERR=1 \
CFLAGS="-Wall $RPM_OPT_FLAGS -Werror" \
LDFLAGS="%{?__global_ldflags}"
%install
make \
NO_ARLIB=1 \
DESTDIR=$RPM_BUILD_ROOT \
ETCDIR=%{_sysconfdir} \
LIBDIR=%{_libdir} \
USRLIBDIR=%{_libdir} \
BINDIR=%{_bindir} \
SBINDIR=%{_sbindir} \
MANDIR=%{_mandir} \
INCLUDEDIR=%{_includedir} \
SHAREDIR=%{datadir} \
install
%ldconfig_scriptlets libs
%files
%doc README
%license LICENCE.GPL
%{_sbindir}/*
%{_bindir}/*
%{datadir}
%{_mandir}/man1/*
%{_mandir}/man5/*
%{_mandir}/man8/*
%config(noreplace) %{_sysconfdir}/*
%files libs
%license LICENCE.LGPL
%{_mandir}/man7/*
%{_libdir}/libkeyutils.so.%{libapiversion}
%{_libdir}/libkeyutils.so.%{libapivermajor}
%files libs-devel
%{_libdir}/libkeyutils.so
%{_includedir}/*
%{_mandir}/man3/*
%{_libdir}/pkgconfig/libkeyutils.pc
%changelog
* Mon Jul 6 2020 David Howells <dhowells@redhat.com> - 1.6.2-1
- Allow "keyctl supports" to retrieve raw capability data.
- Allow "keyctl id" to turn a symbolic key ID into a numeric ID.
- Allow "keyctl new_session" to name the keyring.
- Allow "keyctl add/padd/etc." to take hex-encoded data.
- Add "keyctl watch*" to expose kernel change notifications on keys.
- Add caps for namespacing and notifications.
- Set a default TTL on keys that upcall for name resolution.
- Explicitly clear memory after it's held sensitive information.
- Various manual page fixes.
- Fix C++-related errors.
* Fri Aug 2 2019 David Howells <dhowells@redhat.com> - 1.6.1-1
- Add support for keyctl_move().
- Add support for keyctl_capabilities().
- Make key=val list optional for various public-key ops.
- Fix system call signature for KEYCTL_PKEY_QUERY.
- Fix 'keyctl pkey_query' argument passing.
- Use keyctl_read_alloc() in dump_key_tree_aux().
- Various manual page fixes.
* Tue Nov 13 2018 David Howells <dhowells@redhat.com> - 1.6-1
- Apply various specfile cleanups from Fedora.
- request-key: Provide a command line option to suppress helper execution.
- request-key: Find least-wildcard match rather than first match.
- Remove the dependency on MIT Kerberos.
- Fix some error messages
- keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes.
- Fix doc and comment typos.
- Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20).
- Add pkg-config support for finding libkeyutils.
* Wed May 9 2018 David Howells <dhowells@redhat.com> - 1.5.11-1
- Add keyring restriction support.
- Add KDF support to the Diffie-Helman function.
- DNS: Add support for AFS config files and SRV records
* Wed Mar 15 2017 David Howells <dhowells@redhat.com> - 1.5.10-1
- Include sys/types.h in keyutils.h.
- The dns resolver needs limits.h.
- Overhaul of all manual pages.
- Some manual pages moved to Linux man-pages project.
- Add Diffie-Helman keyctl function.
* Fri Feb 21 2014 David Howells <dhowells@redhat.com> - 1.5.9-1
- Add manpages for get_persistent.
- Fix memory leaks in keyctl_describe/read/get_security_alloc().
- Use keyctl_describe_alloc in dump_key_tree_aux rather than open coding it.
- Exit rather than returning from act_xxx() functions.
- Fix memory leak in dump_key_tree_aux.
- Only get the groups list if we need it.
- Don't trust sscanf's %%n argument.
- Use the correct path macros in the specfile.
- Avoid use realloc when the memory has no content.
- Fix a bunch of issues in key.dns_resolver.
- Fix command table searching in keyctl utility.
- Fix a typo in the permissions mask constants.
- Improve the keyctl_read manpage.
- Add man7 pages describing various keyrings concepts.
* Fri Oct 4 2013 David Howells <dhowells@redhat.com> - 1.5.8-1
- New lib symbols should go in a new library minor version.
* Wed Oct 2 2013 David Howells <dhowells@redhat.com> - 1.5.7-1
- Provide a utility function to find a key by type and name.
- Allow keyctl commands to take a type+name arg instead of a key-id arg.
- Add per-UID get_persistent keyring function.
* Thu Aug 29 2013 David Howells <dhowells@redhat.com> - 1.5.6-1
- Fix the request-key.conf.5 manpage.
- Fix the max depth of key tree dump (keyctl show).
- The input buffer size for keyctl padd and pinstantiate should be larger.
- Add keyctl_invalidate.3 manpage.
* Wed Nov 30 2011 David Howells <dhowells@redhat.com> - 1.5.5-1
- Fix a Makefile error.
* Wed Nov 30 2011 David Howells <dhowells@redhat.com> - 1.5.4-1
- Fix the keyctl padd command and similar to handle binary input.
- Make keyctl show able to take a keyring to dump.
- Make keyctl show able to take a flag to request hex key IDs.
- Make keyctl show print the real ID of the root keyring.
* Tue Nov 15 2011 David Howells <dhowells@redhat.com>
- Allow /sbin/request-key to have multiple config files.
* Wed Aug 31 2011 David Howells <dhowells@redhat.com>
- Adjust the manual page for 'keyctl unlink' to show keyring is optional.
- Add --version support for the keyutils version and build date.
* Thu Aug 11 2011 David Howells <dhowells@redhat.com> - 1.5.3-1
- Make the keyutils rpm depend on the same keyutils-libs rpm version.
* Tue Jul 26 2011 David Howells <dhowells@redhat.com> - 1.5.2-1
- Use correct format spec for printing pointer subtraction results.
* Tue Jul 19 2011 David Howells <dhowells@redhat.com> - 1.5.1-1
- Fix unread variables.
- Licence file update.
* Thu Mar 10 2011 David Howells <dhowells@redhat.com> - 1.5-1
- Disable RPATH setting in Makefile.
- Add -I. to build to get this keyutils.h.
- Make CFLAGS override on make command line work right.
- Make specfile UTF-8.
- Support KEYCTL_REJECT.
- Support KEYCTL_INSTANTIATE_IOV.
- Add AFSDB DNS lookup program from Wang Lei.
- Generalise DNS lookup program.
- Add recursive scan utility function.
- Add bad key reap command to keyctl.
- Add multi-unlink variant to keyctl unlink command.
- Add multi key purge command to keyctl.
- Handle multi-line commands in keyctl command table.
- Move the package to version to 1.5.
* Tue Mar 1 2011 David Howells <dhowells@redhat.com> - 1.4-4
- Make build guess at default libdirs and word size.
- Make program build depend on library in Makefile.
- Don't include $(DESTDIR) in MAN* macros.
- Remove NO_GLIBC_KEYSYS as it is obsolete.
- Have Makefile extract version info from specfile and version script.
- Provide RPM build rule in Makefile.
- Provide distclean rule in Makefile.
* Fri Dec 17 2010 Diego Elio Pettenò <flameeyes@hosting.flameeyes.eu> - 1.4-3
- Fix local linking and RPATH.
* Thu Jun 10 2010 David Howells <dhowells@redhat.com> - 1.4-2
- Fix prototypes in manual pages (some char* should be void*).
- Rename the keyctl_security.3 manpage to keyctl_get_security.3.
* Fri Mar 19 2010 David Howells <dhowells@redhat.com> - 1.4-1
- Fix the library naming wrt the version.
- Move the package to version to 1.4.
* Fri Mar 19 2010 David Howells <dhowells@redhat.com> - 1.3-3
- Fix spelling mistakes in manpages.
- Add an index manpage for all the keyctl functions.
* Thu Mar 11 2010 David Howells <dhowells@redhat.com> - 1.3-2
- Fix rpmlint warnings.
* Fri Feb 26 2010 David Howells <dhowells@redhat.com> - 1.3-1
- Fix compiler warnings in request-key.
- Expose the kernel function to get a key's security context.
- Expose the kernel function to set a processes keyring onto its parent.
- Move libkeyutils library version to 1.3.
* Tue Aug 22 2006 David Howells <dhowells@redhat.com> - 1.2-1
- Remove syscall manual pages (section 2) to man-pages package [BZ 203582]
- Don't write to serial port in debugging script
* Mon Jun 5 2006 David Howells <dhowells@redhat.com> - 1.1-4
- Call ldconfig during (un)installation.
* Fri May 5 2006 David Howells <dhowells@redhat.com> - 1.1-3
- Don't include the release number in the shared library filename
- Don't build static library
* Fri May 5 2006 David Howells <dhowells@redhat.com> - 1.1-2
- More bug fixes from Fedora reviewer.
* Thu May 4 2006 David Howells <dhowells@redhat.com> - 1.1-1
- Fix rpmlint errors
* Mon Dec 5 2005 David Howells <dhowells@redhat.com> - 1.0-2
- Add build dependency on glibc-kernheaders with key management syscall numbers
* Tue Nov 29 2005 David Howells <dhowells@redhat.com> - 1.0-1
- Add data pipe-in facility for keyctl request2
* Mon Nov 28 2005 David Howells <dhowells@redhat.com> - 1.0-1
- Rename library and header file "keyutil" -> "keyutils" for consistency
- Fix shared library version naming to same way as glibc.
- Add versioning for shared library symbols
- Create new keyutils-libs package and install library and main symlink there
- Install base library symlink in /usr/lib and place in devel package
- Added a keyutils archive library
- Shorten displayed key permissions list to just those we actually have
* Thu Nov 24 2005 David Howells <dhowells@redhat.com> - 0.3-4
- Add data pipe-in facilities for keyctl add, update and instantiate
* Fri Nov 18 2005 David Howells <dhowells@redhat.com> - 0.3-3
- Added stdint.h inclusion in keyutils.h
- Made request-key.c use request_key() rather than keyctl_search()
- Added piping facility to request-key
* Thu Nov 17 2005 David Howells <dhowells@redhat.com> - 0.3-2
- Added timeout keyctl option
- request_key auth keys must now be assumed
- Fix keyctl argument ordering for debug negate line in request-key.conf
* Thu Jul 28 2005 David Howells <dhowells@redhat.com> - 0.3-1
- Must invoke initialisation from perror() override in libkeyutils
- Minor UI changes
* Wed Jul 20 2005 David Howells <dhowells@redhat.com> - 0.2-2
- Bump version to permit building in main repositories.
* Tue Jul 12 2005 David Howells <dhowells@redhat.com> - 0.2-1
- Don't attempt to define the error codes in the header file.
- Pass the release ID through to the makefile to affect the shared library name.
* Tue Jul 12 2005 David Howells <dhowells@redhat.com> - 0.1-3
- Build in the perror() override to get the key error strings displayed.
* Tue Jul 12 2005 David Howells <dhowells@redhat.com> - 0.1-2
- Need a defattr directive after each files directive.
* Tue Jul 12 2005 David Howells <dhowells@redhat.com> - 0.1-1
- Package creation.