Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 18 May 2016 17:23:00 +0000 (UTC)
From:      Hiroki Sato <hrs@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r415459 - in head/security/opencryptoki: . files
Message-ID:  <201605181723.u4IHN0vY062375@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: hrs
Date: Wed May 18 17:22:59 2016
New Revision: 415459
URL: https://svnweb.freebsd.org/changeset/ports/415459

Log:
  Update to 3.5.  Notable changes are as follows:
  
   - No longer required to run pkcs11_startup.
  
     pkcs11_startup and pkcs_slotd were shell scripts that created the
     config file, pk_config_data, which was read by pkcsslotd to get
     available slot information.
  
     The pk_config_data configuration file has been replaced with
     /etc/opencryptoki/opencryptoki.conf.
  
     In version 3, the pkcsslotd daemon reads opencryptoki.conf to get slot
     information. The opencryptoki.conf by default contains slot information
     for each token currently supported by opencryptoki with the exception of
     the ICSF token, which requires some initial setup.
     Please see man page for opencryptoki.conf for further information.
  
     Since pk_config_data is no longer required, pkcs11_startup and
     pkcs_slotd have been removed.

Added:
  head/security/opencryptoki/files/patch-usr-lib-pkcs11-api-socket_client.c   (contents, props changed)
  head/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-Makefile.am   (contents, props changed)
  head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-btree.c   (contents, props changed)
  head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-trace.c   (contents, props changed)
  head/security/opencryptoki/files/patch-usr-lib-pkcs11-icsf_stdll-Makefile.am   (contents, props changed)
  head/security/opencryptoki/files/patch-usr-lib-pkcs11-icsf_stdll-pbkdf.c   (contents, props changed)
  head/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-soft_specific.c   (contents, props changed)
  head/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-Makefile.am   (contents, props changed)
  head/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-log.h   (contents, props changed)
  head/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-socket_server.c   (contents, props changed)
Deleted:
  head/security/opencryptoki/files/patch-usr-include-pkcs11-apictl.h
  head/security/opencryptoki/files/patch-usr-include-pkcs11-slotmgr.h
  head/security/opencryptoki/files/patch-usr-include-pkcs11-stdll.h
  head/security/opencryptoki/files/patch-usr-lib-pkcs11-aep_stdll-Makefile.am
  head/security/opencryptoki/files/patch-usr-lib-pkcs11-api-api_interface.c
  head/security/opencryptoki/files/patch-usr-lib-pkcs11-bcom_stdll-Makefile.am
  head/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-host_defs.h
  head/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-loadsave.c
  head/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-new_host.c
  head/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-tok_spec_struct.h
  head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-new_host.c
  head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-tok_spec_struct.h
  head/security/opencryptoki/files/patch-usr-lib-pkcs11-cr_stdll-Makefile.am
  head/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_stdll-Makefile.am
  head/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-host_defs.h
  head/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-loadsave.c
  head/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-new_host.c
  head/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-tok_spec_struct.h
  head/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-utility.c
  head/security/opencryptoki/files/patch-usr-sbin-pkcs11_startup-Makefile.am
  head/security/opencryptoki/files/patch-usr-sbin-pkcs11_startup-pkcs11_startup.in
  head/security/opencryptoki/files/patch-usr-sbin-pkcs_slot-pkcs_slot.in
  head/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-err.c
Modified:
  head/security/opencryptoki/Makefile
  head/security/opencryptoki/distinfo
  head/security/opencryptoki/files/patch-Makefile.am
  head/security/opencryptoki/files/patch-configure.in
  head/security/opencryptoki/files/patch-usr-lib-Makefile.am
  head/security/opencryptoki/files/patch-usr-lib-pkcs11-api-Makefile.am
  head/security/opencryptoki/files/patch-usr-lib-pkcs11-api-apiutil.c
  head/security/opencryptoki/files/patch-usr-lib-pkcs11-api-shrd_mem.c.in
  head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-host_defs.h
  head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-loadsave.c
  head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-utility.c
  head/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_s390_stdll-Makefile.am
  head/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-Makefile.am
  head/security/opencryptoki/files/patch-usr-sbin-pkcsconf-Makefile.am
  head/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c
  head/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c
  head/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-pkcsslotd.h
  head/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-shmem.c
  head/security/opencryptoki/files/pkcsslotd.in
  head/security/opencryptoki/pkg-plist

Modified: head/security/opencryptoki/Makefile
==============================================================================
--- head/security/opencryptoki/Makefile	Wed May 18 17:19:40 2016	(r415458)
+++ head/security/opencryptoki/Makefile	Wed May 18 17:22:59 2016	(r415459)
@@ -2,8 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	opencryptoki
-PORTVERSION=	2.3.2
-PORTREVISION=	8
+PORTVERSION=	3.5
 CATEGORIES=	security
 MASTER_SITES=	SF
 
@@ -17,23 +16,35 @@ LICENSE_PERMS=	dist-mirror dist-sell pkg
 
 LIB_DEPENDS=	libtspi.so:security/trousers
 
-USES=		alias autoreconf gmake libtool tar:bzip2
+USES=		alias autoreconf gmake libtool tar:tgz
 USE_LDCONFIG=	${PREFIX}/lib/opencryptoki
+WRKSRC=		${WRKDIR}/${PORTNAME}
 INSTALL_TARGET=	install-strip
 GNU_CONFIGURE=	yes
 CONFIGURE_ARGS=	--enable-swtok --enable-tpmtok \
 		--disable-crtok --disable-aeptok \
 		--disable-ccatok --disable-bcomtok \
 		--disable-pkcscca_migrate \
+		--with-lockdir=/var/run/opencryptoki \
+		--with-logdir=/var/log/opencryptoki \
 		--localstatedir=/var \
 		--with-pkcs11user=${USERS} \
-		--with-pkcs11group=${GROUPS}
+		--with-pkcs11group=${GROUPS} \
+		ac_cv_path_CHGRP=true
 CFLAGS+=	-I${LOCALBASE}/include
 LDFLAGS+=	-L${LOCALBASE}/lib
 USE_RC_SUBR=	pkcsslotd
 SUB_FILES=	pkg-message
-SUB_LIST=	USERS=${USERS} GROUPS=${GROUPS}
+SUB_LIST=	USERS="${USERS}" GROUPS="${GROUPS}"
+PLIST_SUB=	USERS="${USERS}" GROUPS="${GROUPS}"
 USERS=		_pkcs11
 GROUPS=		_pkcs11
 
+post-install:
+	${MV} ${STAGEDIR}${ETCDIR}/opencryptoki.conf \
+	    ${STAGEDIR}${ETCDIR}/opencryptoki.conf.sample
+	${RMDIR} ${STAGEDIR}/var/run/opencryptoki/swtok \
+	    ${STAGEDIR}/var/run/opencryptoki/tpm \
+	    ${STAGEDIR}/var/run/opencryptoki
+
 .include <bsd.port.mk>

Modified: head/security/opencryptoki/distinfo
==============================================================================
--- head/security/opencryptoki/distinfo	Wed May 18 17:19:40 2016	(r415458)
+++ head/security/opencryptoki/distinfo	Wed May 18 17:22:59 2016	(r415459)
@@ -1,2 +1,3 @@
-SHA256 (opencryptoki-2.3.2.tar.bz2) = 44fdf74a9eab2586240a69779c5c323e8378e8f2fde21cd4f8bd9186a24c30f7
-SIZE (opencryptoki-2.3.2.tar.bz2) = 665134
+TIMESTAMP = 1463579349
+SHA256 (opencryptoki-3.5.tgz) = 2789e3135196828e2b904faba766aa4c7fd9d1e67664df79bd9a05381a771452
+SIZE (opencryptoki-3.5.tgz) = 1031722

Modified: head/security/opencryptoki/files/patch-Makefile.am
==============================================================================
--- head/security/opencryptoki/files/patch-Makefile.am	Wed May 18 17:19:40 2016	(r415458)
+++ head/security/opencryptoki/files/patch-Makefile.am	Wed May 18 17:22:59 2016	(r415459)
@@ -1,6 +1,6 @@
---- Makefile.am.orig	2010-07-29 21:28:41.000000000 +0900
-+++ Makefile.am	2010-11-23 22:35:25.112978674 +0900
-@@ -8,5 +8,5 @@
+--- Makefile.am.orig	2016-04-29 17:26:45 UTC
++++ Makefile.am
+@@ -8,5 +8,5 @@ if ENABLE_DAEMON
  MISCDIR = misc
  endif
  

Modified: head/security/opencryptoki/files/patch-configure.in
==============================================================================
--- head/security/opencryptoki/files/patch-configure.in	Wed May 18 17:19:40 2016	(r415458)
+++ head/security/opencryptoki/files/patch-configure.in	Wed May 18 17:22:59 2016	(r415459)
@@ -1,16 +1,16 @@
---- configure.in.orig	2010-07-29 21:28:41.000000000 +0900
-+++ configure.in	2010-10-20 01:31:02.971984782 +0900
-@@ -8,6 +8,9 @@
+--- configure.in.orig	2016-04-29 17:26:45 UTC
++++ configure.in
+@@ -6,6 +6,9 @@ AC_CANONICAL_SYSTEM
  
  AM_INIT_AUTOMAKE([foreign 1.6])
  
 +AC_DEFINE(_BSD_SOURCE, 1, BSD functions)
 +AC_DEFINE(__BSD_VISIBLE, 1, BSD extensions)
 +
- dnl Get the canonical host type
- AC_CANONICAL_TARGET
- 
-@@ -30,6 +33,7 @@
+ dnl Checks for header files.
+ AC_DISABLE_STATIC
+ LT_INIT
+@@ -25,6 +28,7 @@ AC_FUNC_MEMCMP
  AC_FUNC_STRFTIME
  AC_FUNC_VPRINTF
  AC_CHECK_FUNCS([getcwd])
@@ -18,9 +18,28 @@
  
  dnl Used in various scripts
  AC_PATH_PROG([ID], [id], [/us/bin/id])
-@@ -193,6 +197,21 @@
+@@ -40,10 +44,16 @@ AC_PROG_YACC
+ 
+ dnl Define custom variables
+ 
+-lockdir=$localstatedir/lock/opencryptoki
++AC_ARG_WITH([lockdir],
++	[AS_HELP_STRING([--with-lockdir],[lock directory])],
++        [lockdir=$withval],
++        [lockdir=$localstatedir/lock/opencryptoki])
+ AC_SUBST(lockdir)
+ 
+-logdir=$localstatedir/log/opencryptoki
++AC_ARG_WITH([logdir],
++	[AS_HELP_STRING([--with-logdir],[log directory])],
++        [logdir=$withval],
++        [logdir=$localstatedir/log/opencryptoki])
+ AC_SUBST(logdir)
+ 
+ dnl ---
+@@ -166,6 +176,21 @@ AC_ARG_WITH([systemd],
  	[],
- 	[with_xcryptolinz=check])
+ 	[with_systemd=no])
  
 +dnl --- check for pkcs11 user
 +AC_ARG_WITH([pkcs11user],
@@ -40,20 +59,38 @@
  dnl ---
  dnl ---
  dnl --- Now that we have all the options, let's check for a valid build
-@@ -630,11 +649,15 @@
+@@ -554,13 +579,31 @@ fi
  
- CFLAGS="$CFLAGS $DEBUG_CFLAGS -DPKCS64 -D_XOPEN_SOURCE=500"
+ AM_CONDITIONAL([ENABLE_PKCSEP11_MIGRATE], [test "x$enable_pkcsep11_migrate" = "xyes"])
  
--CFLAGS+=' -DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" -DSBIN_PATH=\"$(sbindir)\" -DLIB_PATH=\"$(libdir)\"'
-+CFLAGS="$CFLAGS -DCONFIG_PATH='\"$localstatedir/lib/opencryptoki\"' -DSBIN_PATH='\"$sbindir\"' -DLIB_PATH='\"$libdir\"'"
-+
-+CFLAGS="$CFLAGS -DPKCS11USER='\"${pkcs11_user}\"' -DPKCS11GROUP='\"${pkcs11_group}\"'"
+-CFLAGS="$CFLAGS -DPKCS64 -D_XOPEN_SOURCE=600 -Wall -Wno-pointer-sign"
+-
+-CFLAGS+=' -DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" -DSBIN_PATH=\"$(sbindir)\" -DLIB_PATH=\"$(libdir)\" -DLOCKDIR_PATH=\"$(lockdir)\" -DOCK_CONFDIR=\"$(sysconfdir)/opencryptoki\" -DOCK_LOGDIR=\"$(logdir)\"'
++CFLAGS="$CFLAGS \
++ -Wall \
++ -Wno-pointer-sign \
++"
++CPPFX=' \
++ -DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" \
++ -DSBIN_PATH=\"$(sbindir)\" \
++ -DLIB_PATH=\"$(libdir)\" \
++ -DLOCKDIR_PATH=\"$(lockdir)\" \
++ -DOCK_CONFDIR=\"$(sysconfdir)/opencryptoki\" \
++ -DOCK_LOGDIR=\"$(logdir)\" \
++'
++CPPFLAGS="$CPPFLAGS \
++ -DPKCS64 \
++ -D_XOPEN_SOURCE=600 \
++ $CPPFX \
++ -DPKCS11USER=\\\"${pkcs11_user}\\\" \
++ -DPKCS11GROUP=\\\"${pkcs11_group}\\\" \
++"
  
  # At this point, CFLAGS is set to something sensible
  AC_PROG_CC
  
 +AC_SUBST(FPIC, $lt_prog_compiler_pic)
 +
- AC_OUTPUT([Makefile usr/Makefile \
+ AC_CONFIG_FILES([Makefile usr/Makefile \
            usr/include/Makefile \
            usr/include/pkcs11/Makefile \

Modified: head/security/opencryptoki/files/patch-usr-lib-Makefile.am
==============================================================================
--- head/security/opencryptoki/files/patch-usr-lib-Makefile.am	Wed May 18 17:19:40 2016	(r415458)
+++ head/security/opencryptoki/files/patch-usr-lib-Makefile.am	Wed May 18 17:22:59 2016	(r415459)
@@ -1,6 +1,6 @@
---- usr/lib/Makefile.am.orig	2010-07-29 21:28:41.000000000 +0900
-+++ usr/lib/Makefile.am	2010-11-24 02:34:56.159978814 +0900
-@@ -1,10 +1,2 @@
+--- usr/lib/Makefile.am.orig	2016-04-29 17:26:45 UTC
++++ usr/lib/Makefile.am
+@@ -1,12 +1,4 @@
  SUBDIRS = pkcs11
  
 -install-data-hook:
@@ -11,3 +11,5 @@
 -		$(DESTDIR)/etc/ld.so.conf.d/opencryptoki-$(target_cpu).conf
 -	echo "**** Remember you must run ldconfig before using the above settings ****"
 -
+ uninstall-hook:
+ 	rm -f $(DESTDIR)/etc/ld.so.conf.d/opencryptoki-$(target_cpu).conf

Modified: head/security/opencryptoki/files/patch-usr-lib-pkcs11-api-Makefile.am
==============================================================================
--- head/security/opencryptoki/files/patch-usr-lib-pkcs11-api-Makefile.am	Wed May 18 17:19:40 2016	(r415458)
+++ head/security/opencryptoki/files/patch-usr-lib-pkcs11-api-Makefile.am	Wed May 18 17:22:59 2016	(r415459)
@@ -1,6 +1,6 @@
---- usr/lib/pkcs11/api/Makefile.am.orig	2010-07-29 21:28:41.000000000 +0900
-+++ usr/lib/pkcs11/api/Makefile.am	2010-10-19 23:49:45.125982519 +0900
-@@ -4,13 +4,13 @@
+--- usr/lib/pkcs11/api/Makefile.am.orig	2016-04-29 17:26:45 UTC
++++ usr/lib/pkcs11/api/Makefile.am
+@@ -4,13 +4,13 @@ SO_CURRENT=0
  SO_REVISION=0
  SO_AGE=0
  
@@ -10,9 +10,9 @@
  					  $(SO_CURRENT):$(SO_REVISION):$(SO_AGE)
  
  # Not all versions of automake observe libname_CFLAGS
- opencryptoki_libopencryptoki_la_CFLAGS = -DSPINXPL -DAPI -DDEV -D_THREAD_SAFE \
--					 -fPIC -I../. -I../../../include/pkcs11
-+					 $(FPIC) -I../. -I../../../include/pkcs11
- 
- opencryptoki_libopencryptoki_la_SOURCES = api_interface.c shrd_mem.c apiutil.c
+ opencryptoki_libopencryptoki_la_CFLAGS = -DAPI -DDEV -D_THREAD_SAFE 		\
+-					 -fPIC -I../. -I../../../include/pkcs11 \
++					 $(FPIC) -I../. -I../../../include/pkcs11 \
+ 					 -I ../common -DSTDLL_NAME=\"api\"
  
+ opencryptoki_libopencryptoki_la_SOURCES = api_interface.c shrd_mem.c \

Modified: head/security/opencryptoki/files/patch-usr-lib-pkcs11-api-apiutil.c
==============================================================================
--- head/security/opencryptoki/files/patch-usr-lib-pkcs11-api-apiutil.c	Wed May 18 17:19:40 2016	(r415458)
+++ head/security/opencryptoki/files/patch-usr-lib-pkcs11-api-apiutil.c	Wed May 18 17:22:59 2016	(r415459)
@@ -1,6 +1,6 @@
---- usr/lib/pkcs11/api/apiutil.c.orig	2010-07-29 21:28:41.000000000 +0900
-+++ usr/lib/pkcs11/api/apiutil.c	2010-10-19 23:54:52.374982634 +0900
-@@ -305,10 +305,10 @@
+--- usr/lib/pkcs11/api/apiutil.c.orig	2016-04-29 17:26:45 UTC
++++ usr/lib/pkcs11/api/apiutil.c
+@@ -298,10 +298,10 @@
  #include <string.h>
  #include <strings.h>
  #include <unistd.h>
@@ -12,33 +12,11 @@
  
  #include <sys/ipc.h>
  
-@@ -325,10 +325,28 @@
+@@ -314,7 +314,6 @@
  #include <sys/types.h>
  #include <sys/stat.h>
  #include <fcntl.h>
 -#include <sys/file.h>
- static int xplfd=-1;
- #endif
  
-+#ifdef __sun
-+#define	LOCK_EX	F_LOCK
-+#define	LOCK_UN	F_ULOCK
-+#define	flock(fd, func)	lockf(fd, func, 0)
-+#endif
-+
-+#ifndef	LOCK_SH
-+#define	LOCK_SH	1	/* shared lock */
-+#endif
-+#ifndef	LOCK_EX
-+#define	LOCK_EX	2	/* exclusive lock */
-+#endif
-+#ifndef	LOCK_NB
-+#define	LOCK_NB	4	/* don't block when locking */
-+#endif
-+#ifndef	LOCK_UN
-+#define	LOCK_UN	8	/* unlock */
-+#endif
-+
- #include <libgen.h>
+ static int xplfd = -1;
  
- #define LIBLOCATION  LIB_PATH

Modified: head/security/opencryptoki/files/patch-usr-lib-pkcs11-api-shrd_mem.c.in
==============================================================================
--- head/security/opencryptoki/files/patch-usr-lib-pkcs11-api-shrd_mem.c.in	Wed May 18 17:19:40 2016	(r415458)
+++ head/security/opencryptoki/files/patch-usr-lib-pkcs11-api-shrd_mem.c.in	Wed May 18 17:22:59 2016	(r415459)
@@ -1,11 +1,11 @@
---- usr/lib/pkcs11/api/shrd_mem.c.in.orig	2010-07-29 21:28:41.000000000 +0900
-+++ usr/lib/pkcs11/api/shrd_mem.c.in	2010-10-19 23:56:22.728981736 +0900
-@@ -353,7 +353,7 @@
- 
- 
-    // SAB check for the group id here and membership here as well
--   grp = getgrnam("pkcs11");
-+   grp = getgrnam(PKCS11GROUP);
-    if ( grp ) {
-         int i=0;
-         char member=0;
+--- usr/lib/pkcs11/api/shrd_mem.c.in.orig	2016-04-29 17:26:45 UTC
++++ usr/lib/pkcs11/api/shrd_mem.c.in
+@@ -357,7 +357,7 @@ attach_shared_memory() {
+    // only check group membership if not root user
+    if (uid != 0 && euid != 0) {
+ 	   int i, member=0;
+-	   grp = getgrnam("pkcs11");
++	   grp = getgrnam(PKCS11GROUP);
+ 	   if (!grp) {
+ 		   // group pkcs11 not known to the system
+ 		   return NULL;

Added: head/security/opencryptoki/files/patch-usr-lib-pkcs11-api-socket_client.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/opencryptoki/files/patch-usr-lib-pkcs11-api-socket_client.c	Wed May 18 17:22:59 2016	(r415459)
@@ -0,0 +1,11 @@
+--- usr/lib/pkcs11/api/socket_client.c.orig	2016-04-29 17:26:45 UTC
++++ usr/lib/pkcs11/api/socket_client.c
+@@ -320,7 +320,7 @@ init_socket_data() {
+ 		return FALSE;
+ 	}
+ 
+-	grp = getgrnam("pkcs11");
++	grp = getgrnam(PKCS11GROUP);
+ 	if ( !grp ) {
+ 		OCK_SYSLOG(LOG_ERR, "init_socket_data: pkcs11 group does not exist, errno=%d", errno);
+ 		return FALSE;

Added: head/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-Makefile.am
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-Makefile.am	Wed May 18 17:22:59 2016	(r415459)
@@ -0,0 +1,18 @@
+--- usr/lib/pkcs11/cca_stdll/Makefile.am.orig	2016-04-29 17:26:45 UTC
++++ usr/lib/pkcs11/cca_stdll/Makefile.am
+@@ -66,12 +66,12 @@ install-data-hook:
+ 	cd $(DESTDIR)/$(libdir)/opencryptoki/stdll && \
+ 		ln -sf libpkcs11_cca.so PKCS11_CCA.so
+ 	$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ
+-	$(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ
+-	$(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok
++	$(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ
++	$(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok
+ 	$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ
+ 	$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok
+ 	$(MKDIR_P) $(DESTDIR)$(lockdir)/ccatok
+-	$(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/ccatok
++	$(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/ccatok
+ 	$(CHMOD) 0770 $(DESTDIR)$(lockdir)/ccatok
+ 
+ uninstall-hook:

Added: head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-btree.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-btree.c	Wed May 18 17:22:59 2016	(r415459)
@@ -0,0 +1,11 @@
+--- usr/lib/pkcs11/common/btree.c.orig	2016-04-29 17:26:45 UTC
++++ usr/lib/pkcs11/common/btree.c
+@@ -30,7 +30,7 @@
+ 
+ 
+ #include <stdio.h>
+-#include <malloc.h>
++#include <stdlib.h>
+ 
+ #include "pkcs11types.h"
+ #include "local_types.h"

Modified: head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-host_defs.h
==============================================================================
--- head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-host_defs.h	Wed May 18 17:19:40 2016	(r415458)
+++ head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-host_defs.h	Wed May 18 17:22:59 2016	(r415459)
@@ -1,6 +1,6 @@
---- usr/lib/pkcs11/common/host_defs.h.orig	2010-07-29 21:28:41.000000000 +0900
-+++ usr/lib/pkcs11/common/host_defs.h	2010-10-20 00:10:01.398983092 +0900
-@@ -294,13 +294,24 @@
+--- usr/lib/pkcs11/common/host_defs.h.orig	2016-04-29 17:26:45 UTC
++++ usr/lib/pkcs11/common/host_defs.h
+@@ -294,12 +294,23 @@
  /* (C) COPYRIGHT International Business Machines Corp. 2001,2002          */
  
  
@@ -9,19 +9,18 @@
  #ifndef _HOST_DEFS_H
  #define _HOST_DEFS_H
  
- #include <semaphore.h>
  #include <pthread.h>
 +#if defined(__OpenBSD__) || defined(__FreeBSD__)
 +#include <sys/endian.h>
-+#ifdef	_BYTE_ORDER
-+#define	__BYTE_ORDER	_BYTE_ORDER
++#ifdef _BYTE_ORDER
++#define        __BYTE_ORDER    _BYTE_ORDER
 +#endif
-+#ifdef	_LITTLE_ENDIAN
-+#define	__LITTLE_ENDIAN	_LITTLE_ENDIAN
++#ifdef _LITTLE_ENDIAN
++#define        __LITTLE_ENDIAN _LITTLE_ENDIAN
 +#endif
 +#else
  #include <endian.h>
 +#endif
  
  #include "pkcs32.h"
- // Both of the strings below have a length of 32 chars and must be
+ 

Modified: head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-loadsave.c
==============================================================================
--- head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-loadsave.c	Wed May 18 17:19:40 2016	(r415458)
+++ head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-loadsave.c	Wed May 18 17:22:59 2016	(r415459)
@@ -1,6 +1,6 @@
---- usr/lib/pkcs11/common/loadsave.c.orig	2010-07-29 21:28:41.000000000 +0900
-+++ usr/lib/pkcs11/common/loadsave.c	2010-10-20 00:11:28.399983780 +0900
-@@ -301,11 +301,9 @@
+--- usr/lib/pkcs11/common/loadsave.c.orig	2016-04-29 17:26:45 UTC
++++ usr/lib/pkcs11/common/loadsave.c
+@@ -293,11 +293,9 @@
  #include <string.h>
  #include <strings.h>
  #include <unistd.h>
@@ -10,14 +10,14 @@
  #include <sys/ipc.h>
 -#include <sys/file.h>
  #include <errno.h>
- 
+ #include <syslog.h>
  #include <pwd.h>
-@@ -328,7 +326,7 @@
-    // Set absolute permissions or rw-rw-r--
-    fchmod(file,S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH);
+@@ -637,7 +635,7 @@ void set_perm(int file)
+ 		// Set absolute permissions or rw-rw----
+ 		fchmod(file, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
  
--   grp = getgrnam("pkcs11"); // Obtain the group id
-+   grp = getgrnam(PKCS11GROUP); // Obtain the group id
-    if (grp){
- 	   fchown(file,getuid(),grp->gr_gid);  // set ownership to root, and pkcs11 group
-    }
+-		grp = getgrnam("pkcs11");	// Obtain the group id
++		grp = getgrnam(PKCS11GROUP);	// Obtain the group id
+ 		if (grp) {
+ 			// set ownership to root, and pkcs11 group
+ 			if (fchown(file, getuid(), grp->gr_gid) != 0) {

Added: head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-trace.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-trace.c	Wed May 18 17:22:59 2016	(r415459)
@@ -0,0 +1,19 @@
+--- usr/lib/pkcs11/common/trace.c.orig	2016-04-29 17:26:46 UTC
++++ usr/lib/pkcs11/common/trace.c
+@@ -301,6 +301,7 @@
+ #include <unistd.h>
+ #include <sys/file.h>
+ #include <sys/types.h>
++#include <sys/stat.h>
+ 
+ #include "pkcs11types.h"
+ #include "defs.h"
+@@ -449,7 +450,7 @@ CK_RV trace_initialize(void)
+ 		return(CKR_FUNCTION_FAILED);
+ 	}
+ 
+-	grp = getgrnam("pkcs11");
++	grp = getgrnam(PKCS11GROUP);
+ 	if (grp == NULL) {
+ 		OCK_SYSLOG(LOG_ERR, "getgrnam(pkcs11) failed: %s."
+ 			   "Tracing is disabled.\n", strerror(errno));

Modified: head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-utility.c
==============================================================================
--- head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-utility.c	Wed May 18 17:19:40 2016	(r415458)
+++ head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-utility.c	Wed May 18 17:22:59 2016	(r415459)
@@ -1,11 +1,14 @@
---- usr/lib/pkcs11/common/utility.c.orig	2010-07-29 21:28:41.000000000 +0900
-+++ usr/lib/pkcs11/common/utility.c	2010-10-20 00:19:02.740983592 +0900
-@@ -302,6 +302,26 @@
- #include <errno.h>
- #include <pwd.h>
+--- usr/lib/pkcs11/common/utility.c.orig	2016-04-29 17:26:46 UTC
++++ usr/lib/pkcs11/common/utility.c
+@@ -275,9 +275,28 @@
+              legal action under this Agreement more than one year after
+              the cause of action arose. Each party waives its rights to
+              a jury trial in any resulting litigation. 
++*/
  
 +#include <fcntl.h>
-+
+ 
+-*/
 +#ifdef __sun
 +#define	LOCK_EX	F_LOCK
 +#define	LOCK_UN	F_ULOCK
@@ -25,5 +28,23 @@
 +#define	LOCK_UN	8	/* unlock */
 +#endif
  
- #include "pkcs11types.h"
- #include "defs.h"
+ /* (C) COPYRIGHT International Business Machines Corp. 2001,2002          */
+ 
+@@ -587,7 +606,7 @@ CK_RV CreateXProcLock(void)
+ 					goto err;
+ 				}
+ 
+-				grp = getgrnam("pkcs11");
++				grp = getgrnam(PKCS11GROUP);
+ 				if (grp != NULL) {
+ 					if (fchown(spinxplfd, -1, grp->gr_gid)
+ 					    == -1) {
+@@ -1131,7 +1150,7 @@ CK_RV check_user_and_group()
+ 	 * when forked). So we need to get the group information.
+ 	 * Really need to take the uid and map it to a name.
+ 	 */
+-	grp = getgrnam("pkcs11");
++	grp = getgrnam(PKCS11GROUP);
+ 	if (grp == NULL) {
+ 		OCK_SYSLOG(LOG_ERR, "getgrnam() failed: %s\n", strerror(errno));
+ 		goto error;

Modified: head/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_s390_stdll-Makefile.am
==============================================================================
--- head/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_s390_stdll-Makefile.am	Wed May 18 17:19:40 2016	(r415458)
+++ head/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_s390_stdll-Makefile.am	Wed May 18 17:22:59 2016	(r415459)
@@ -1,16 +1,33 @@
---- usr/lib/pkcs11/ica_s390_stdll/Makefile.am.orig	2010-07-29 21:28:41.000000000 +0900
-+++ usr/lib/pkcs11/ica_s390_stdll/Makefile.am	2010-10-20 00:22:00.867981839 +0900
-@@ -2,11 +2,11 @@
- 
- opencryptoki_stdll_libpkcs11_ica_la_LDFLAGS = $(LCRYPTO)		\
- $(ICA_LIB_DIRS) -nostartfiles -shared -Wl,-Bsymbolic -Wl,-soname,$@	\
---Wl,-Bsymbolic -lc -lpthread -lica -ldl -lcrypto
-+-Wl,-Bsymbolic -lc -lpthread -lica -lcrypto
+--- usr/lib/pkcs11/ica_s390_stdll/Makefile.am.orig	2016-04-29 17:26:46 UTC
++++ usr/lib/pkcs11/ica_s390_stdll/Makefile.am
+@@ -6,12 +6,12 @@ opencryptoki_stdll_libpkcs11_ica_la_LDFL
+ 					     -Wl,-Bsymbolic		\
+ 					     -Wl,-soname,$@		\
+ 					     -Wl,-Bsymbolic -lc		\
+-					     -lpthread -lica -ldl	\
++					     -lpthread -lica		\
+ 					     -lcrypto
  
  # Not all versions of automake observe libname_CFLAGS
- opencryptoki_stdll_libpkcs11_ica_la_CFLAGS = -DSPINXPL -DDEV		\
---D_THREAD_SAFE -fPIC -DSHALLOW=0 -DSWTOK=0 -DLITE=1 -DNODH 		\
-+-D_THREAD_SAFE $(FPIC) -DSHALLOW=0 -DSWTOK=0 -DLITE=1 -DNODH 		\
- -DNOCDMF -DNOMD2 -DNODSA -DSTDLL_NAME=\"icatok\"
+ opencryptoki_stdll_libpkcs11_ica_la_CFLAGS = -DDEV			\
+-					     -D_THREAD_SAFE -fPIC	\
++					     -D_THREAD_SAFE $(FPIC)	\
+ 					     -DSHALLOW=0 -DSWTOK=0	\
+ 					     -DLITE=1 -DNODH		\
+ 					     -DNOCDMF -DNOMD2 -DNODSA	\
+@@ -64,12 +64,12 @@ install-data-hook:
+ 	cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
+ 		ln -sf libpkcs11_ica.so PKCS11_ICA.so
+ 	$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ
+-	$(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ
+-	$(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite
++	$(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ
++	$(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite
+ 	$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ
+ 	$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite
+ 	$(MKDIR_P) $(DESTDIR)$(lockdir)/lite
+-	$(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/lite
++	$(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/lite
+ 	$(CHMOD) 0770 $(DESTDIR)$(lockdir)/lite
  
- opencryptoki_stdll_libpkcs11_ica_la_SOURCES = ../common/asn1.c	\
+ uninstall-hook:

Added: head/security/opencryptoki/files/patch-usr-lib-pkcs11-icsf_stdll-Makefile.am
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/opencryptoki/files/patch-usr-lib-pkcs11-icsf_stdll-Makefile.am	Wed May 18 17:22:59 2016	(r415459)
@@ -0,0 +1,15 @@
+--- usr/lib/pkcs11/icsf_stdll/Makefile.am.orig	2016-04-29 17:26:46 UTC
++++ usr/lib/pkcs11/icsf_stdll/Makefile.am
+@@ -79,10 +79,10 @@ install-data-hook:
+ 	cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
+ 		ln -sf libpkcs11_icsf.so PKCS11_ICSF.so
+ 	$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf
+-	$(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf
++	$(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf
+ 	$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf
+ 	$(MKDIR_P) $(DESTDIR)$(lockdir)/icsf
+-	$(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/icsf 
++	$(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/icsf 
+ 	$(CHMOD) 0770 $(DESTDIR)$(lockdir)/icsf
+ 
+ uninstall-hook:

Added: head/security/opencryptoki/files/patch-usr-lib-pkcs11-icsf_stdll-pbkdf.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/opencryptoki/files/patch-usr-lib-pkcs11-icsf_stdll-pbkdf.c	Wed May 18 17:22:59 2016	(r415459)
@@ -0,0 +1,11 @@
+--- usr/lib/pkcs11/icsf_stdll/pbkdf.c.orig	2016-04-29 17:26:46 UTC
++++ usr/lib/pkcs11/icsf_stdll/pbkdf.c
+@@ -337,7 +337,7 @@ set_perms(int file)
+ 		return CKR_FUNCTION_FAILED;
+ 	}
+ 
+-	grp = getgrnam("pkcs11");
++	grp = getgrnam(PKCS11GROUP);
+ 	if (grp) {
+ 		if (fchown(file, -1, grp->gr_gid) != 0) {
+ 			TRACE_ERROR("fchown failed: %s\n", strerror(errno));

Modified: head/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-Makefile.am
==============================================================================
--- head/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-Makefile.am	Wed May 18 17:19:40 2016	(r415458)
+++ head/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-Makefile.am	Wed May 18 17:22:59 2016	(r415459)
@@ -1,11 +1,27 @@
---- usr/lib/pkcs11/soft_stdll/Makefile.am.orig	2010-07-29 21:28:41.000000000 +0900
-+++ usr/lib/pkcs11/soft_stdll/Makefile.am	2010-10-20 00:25:03.227984225 +0900
-@@ -7,7 +7,7 @@
- opencryptoki_stdll_libpkcs11_sw_la_CFLAGS = -DSPINXPL -DDEV -D_THREAD_SAFE  \
+--- usr/lib/pkcs11/soft_stdll/Makefile.am.orig	2016-04-29 17:26:46 UTC
++++ usr/lib/pkcs11/soft_stdll/Makefile.am
+@@ -7,7 +7,7 @@ opencryptoki_stdll_libpkcs11_sw_la_LDFLA
+ opencryptoki_stdll_libpkcs11_sw_la_CFLAGS = -DDEV -D_THREAD_SAFE            \
  					    -DSHALLOW=0 -DSWTOK=1 -DLITE=0  \
  					    -DNOCDMF -DNOMD2 -DNODSA -DNORIPE	    \
--					    -DDEBUGON -fPIC		    \
-+					    -DDEBUGON $(FPIC)		    \
+-					    -fPIC		    \
++					    $(FPIC)		    \
  					    -I/usr/include -I.		    \
  					    -I../../../include/pkcs11/stdll \
  					    -I../../../include/pkcs11	    \
+@@ -56,12 +56,12 @@ install-data-hook:
+ 	cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
+ 		ln -sf libpkcs11_sw.so PKCS11_SW.so
+ 	$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ
+-	$(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ
+-	$(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok
++	$(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ
++	$(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok
+ 	$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ
+ 	$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok
+ 	$(MKDIR_P) $(DESTDIR)$(lockdir)/swtok
+-	$(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/swtok
++	$(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/swtok
+ 	$(CHMOD) 0770 $(DESTDIR)$(lockdir)/swtok
+ 
+ uninstall-hook:

Added: head/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-soft_specific.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-soft_specific.c	Wed May 18 17:22:59 2016	(r415459)
@@ -0,0 +1,30 @@
+--- usr/lib/pkcs11/soft_stdll/soft_specific.c.orig	2016-04-29 17:26:46 UTC
++++ usr/lib/pkcs11/soft_stdll/soft_specific.c
+@@ -298,7 +298,9 @@
+  
+  
+ ****************************************************************************/
++#ifndef _BSD_SOURCE
+ #define _BSD_SOURCE
++#endif
+ 
+ #include <pthread.h>
+ #include <string.h>            // for memcmp() et al
+@@ -317,7 +319,17 @@
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <fcntl.h>
++#if defined(__OpenBSD__) || defined(__FreeBSD__)
++#include <sys/endian.h>
++#ifdef _BYTE_ORDER
++#define        __BYTE_ORDER    _BYTE_ORDER
++#endif
++#ifdef _LITTLE_ENDIAN
++#define        __LITTLE_ENDIAN _LITTLE_ENDIAN
++#endif
++#else
+ #include <endian.h>
++#endif
+ 
+ #include <openssl/des.h>
+ #include <openssl/rand.h>

Added: head/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-Makefile.am
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-Makefile.am	Wed May 18 17:22:59 2016	(r415459)
@@ -0,0 +1,15 @@
+--- usr/lib/pkcs11/tpm_stdll/Makefile.am.orig	2016-04-29 17:26:46 UTC
++++ usr/lib/pkcs11/tpm_stdll/Makefile.am
+@@ -71,10 +71,10 @@ install-data-hook:
+ 	cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
+ 		ln -sf libpkcs11_tpm.so PKCS11_TPM.so
+ 	$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm
+-	$(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm
++	$(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm
+ 	$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm
+ 	$(MKDIR_P) $(DESTDIR)$(lockdir)/tpm
+-	$(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/tpm 
++	$(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/tpm 
+ 	$(CHMOD) 0770 $(DESTDIR)$(lockdir)/tpm
+ 
+ uninstall-hook:

Modified: head/security/opencryptoki/files/patch-usr-sbin-pkcsconf-Makefile.am
==============================================================================
--- head/security/opencryptoki/files/patch-usr-sbin-pkcsconf-Makefile.am	Wed May 18 17:19:40 2016	(r415458)
+++ head/security/opencryptoki/files/patch-usr-sbin-pkcsconf-Makefile.am	Wed May 18 17:22:59 2016	(r415459)
@@ -1,5 +1,5 @@
---- usr/sbin/pkcsconf/Makefile.am.orig	2010-07-29 21:28:41.000000000 +0900
-+++ usr/sbin/pkcsconf/Makefile.am	2010-10-20 00:46:34.600985372 +0900
+--- usr/sbin/pkcsconf/Makefile.am.orig	2016-04-29 17:26:46 UTC
++++ usr/sbin/pkcsconf/Makefile.am
 @@ -1,6 +1,6 @@
  sbin_PROGRAMS=pkcsconf
  
@@ -7,4 +7,4 @@
 +pkcsconf_LDFLAGS = -lpthread
  
  # Not all versions of automake observe sbinname_CFLAGS
- pkcsconf_CFLAGS = -DSPINXPL -D_THREAD_SAFE -DDEBUG -DDEV -DAPI
+ pkcsconf_CFLAGS = -D_THREAD_SAFE -DDEBUG -DDEV -DAPI

Modified: head/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c
==============================================================================
--- head/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c	Wed May 18 17:19:40 2016	(r415458)
+++ head/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c	Wed May 18 17:22:59 2016	(r415459)
@@ -1,11 +1,11 @@
---- usr/sbin/pkcsconf/pkcsconf.c.orig	2010-07-29 21:28:41.000000000 +0900
-+++ usr/sbin/pkcsconf/pkcsconf.c	2010-10-20 00:47:46.462984231 +0900
-@@ -654,6 +654,8 @@
-       free (newpin2);
-    }
+--- usr/sbin/pkcsconf/pkcsconf.c.orig	2016-04-29 17:26:46 UTC
++++ usr/sbin/pkcsconf/pkcsconf.c
+@@ -777,6 +777,8 @@ display_pkcs11_info(void){
+    printf("\tLibrary Version %d.%d \n", CryptokiInfo.libraryVersion.major,
+          CryptokiInfo.libraryVersion.minor);
  
 +   cleanup();
 +
     return rc;
- 
  }
+ 

Added: head/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-log.h
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-log.h	Wed May 18 17:22:59 2016	(r415459)
@@ -0,0 +1,14 @@
+--- usr/sbin/pkcsslotd/log.h.orig	2016-04-29 17:26:46 UTC
++++ usr/sbin/pkcsslotd/log.h
+@@ -297,9 +297,8 @@
+ #ifndef _LOG_H
+ #define _LOG_H 1
+ 
+-
+-
+-
++#include <sys/types.h>
++#include <unistd.h>
+ 
+ #ifndef FALSE
+ #define FALSE 0

Modified: head/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c
==============================================================================
--- head/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c	Wed May 18 17:19:40 2016	(r415458)
+++ head/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c	Wed May 18 17:22:59 2016	(r415459)
@@ -1,17 +1,20 @@
---- usr/sbin/pkcsslotd/mutex.c.orig	2010-07-29 21:28:41.000000000 +0900
-+++ usr/sbin/pkcsslotd/mutex.c	2010-12-19 12:13:34.837579374 +0900
-@@ -293,6 +293,26 @@
- 
- #include "pkcsslotd.h"
+--- usr/sbin/pkcsslotd/mutex.c.orig	2016-04-29 17:26:46 UTC
++++ usr/sbin/pkcsslotd/mutex.c
+@@ -281,10 +281,28 @@
+              legal action under this Agreement more than one year after
+              the cause of action arose. Each party waives its rights to
+              a jury trial in any resulting litigation. 
++*/
  
 +#include <fcntl.h>
-+
+ 
 +#ifdef __sun
 +#define	LOCK_EX	F_LOCK
 +#define	LOCK_UN	F_ULOCK
 +#define	flock(fd, func)	lockf(fd, func, 0)
 +#endif
-+
+ 
+-*/
 +#ifndef	LOCK_SH
 +#define	LOCK_SH	1	/* shared lock */
 +#endif
@@ -25,28 +28,14 @@
 +#define	LOCK_UN	8	/* unlock */
 +#endif
  
- #if SYSVSEM
- #error "Caveat Emptor... this does not work"
-@@ -315,7 +335,7 @@
- #include <sys/types.h>
- #include <sys/stat.h>
- #include <fcntl.h>
--#include <sys/file.h>
-+#include <grp.h>
- static int xplfd=-1;
- #endif
- 
-@@ -349,6 +369,13 @@
- #elif (SPINXPL)
-   
-  xplfd = open (XPL_FILE,O_CREAT|O_RDWR,S_IRWXU|S_IRWXG|S_IRWXO);
-+ {
-+	struct group *grp;
-+	fchmod(xplfd,S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH);
-+	grp = getgrnam(PKCS11GROUP);
-+	if (grp)
-+		fchown(xplfd,getuid(),grp->gr_gid);
-+ }
+ /* (C) COPYRIGHT International Business Machines Corp. 2001          */
+ 
+@@ -323,7 +341,7 @@ CreateXProcLock(void)
+ 					goto error;
+ 				}
  
- #elif (SYSVSEM)
- #error "Caveat Emptor... this does not work"
+-				grp = getgrnam("pkcs11");
++				grp = getgrnam(PKCS11GROUP);
+ 				if (grp != NULL) {
+ 					if (fchown(xplfd,-1,grp->gr_gid) == -1) {
+ 						DbgLog(DL0,"%s:fchown(%s):%s\n",

Modified: head/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-pkcsslotd.h
==============================================================================
--- head/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-pkcsslotd.h	Wed May 18 17:19:40 2016	(r415458)
+++ head/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-pkcsslotd.h	Wed May 18 17:22:59 2016	(r415459)
@@ -1,11 +1,12 @@
---- usr/sbin/pkcsslotd/pkcsslotd.h.orig	2010-07-29 21:28:41.000000000 +0900
-+++ usr/sbin/pkcsslotd/pkcsslotd.h	2010-10-20 01:20:18.253984238 +0900
-@@ -353,7 +353,7 @@
- #include <nl_types.h>
+--- usr/sbin/pkcsslotd/pkcsslotd.h.orig	2016-04-29 17:26:46 UTC
++++ usr/sbin/pkcsslotd/pkcsslotd.h
+@@ -305,6 +305,9 @@
+ #ifndef _PKCSSLOTMGR_H
+ #define _PKCSSLOTMGR_H 1
  
- #include <sys/ipc.h>
--#include <linux/limits.h>
-+#include <limits.h>
- #include <sys/shm.h>
- #include <sys/stat.h>
- #include <sys/types.h>
++#include <sys/types.h>
++#include <sys/ipc.h>
++
+ /***********
+  * Defines *
+  ***********/

Modified: head/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-shmem.c
==============================================================================
--- head/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-shmem.c	Wed May 18 17:19:40 2016	(r415458)
+++ head/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-shmem.c	Wed May 18 17:22:59 2016	(r415459)
@@ -1,6 +1,6 @@
---- usr/sbin/pkcsslotd/shmem.c.orig	2010-07-29 21:28:41.000000000 +0900
-+++ usr/sbin/pkcsslotd/shmem.c	2010-10-20 01:23:03.203984101 +0900
-@@ -338,9 +338,9 @@
+--- usr/sbin/pkcsslotd/shmem.c.orig	2016-04-29 17:26:46 UTC
++++ usr/sbin/pkcsslotd/shmem.c
+@@ -336,9 +336,9 @@ int CreateSharedMemory ( void ) {
     }
     // SAB  Get the group information for the PKCS#11 group... fail if
     // it does not exist
@@ -12,7 +12,7 @@
       return FALSE;  // Group does not exist... setup is wrong..
     }
  
-@@ -409,9 +409,9 @@
+@@ -415,9 +415,9 @@ int CreateSharedMemory ( void ) {
     int i;
     char *buffer;
     
@@ -24,7 +24,7 @@
  		     SBIN_PATH);
       return FALSE;  // Group does not exist... setup is wrong..
     }
-@@ -431,7 +431,7 @@
+@@ -437,7 +437,7 @@ int CreateSharedMemory ( void ) {
  	 return FALSE;
         }
         if (fchown(fd, 0, grp->gr_gid) == -1) {

Added: head/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-socket_server.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-socket_server.c	Wed May 18 17:22:59 2016	(r415459)
@@ -0,0 +1,11 @@
+--- usr/sbin/pkcsslotd/socket_server.c.orig	2016-04-29 17:26:46 UTC
++++ usr/sbin/pkcsslotd/socket_server.c
+@@ -337,7 +337,7 @@ int CreateListenerSocket (void) {
+ 
+ 	// make socket file part of the pkcs11 group, and write accessable
+ 	// for that group
+-	grp = getgrnam("pkcs11");
++	grp = getgrnam(PKCS11GROUP);
+ 	if (!grp) {
+ 		ErrLog("Group PKCS#11 does not exist");
+ 		DetachSocketListener(socketfd);

Modified: head/security/opencryptoki/files/pkcsslotd.in
==============================================================================
--- head/security/opencryptoki/files/pkcsslotd.in	Wed May 18 17:19:40 2016	(r415458)
+++ head/security/opencryptoki/files/pkcsslotd.in	Wed May 18 17:22:59 2016	(r415459)
@@ -16,18 +16,19 @@
 . /etc/rc.subr
 
 name=pkcsslotd
-rcvar=pkcsslotd_enable
-command=%%PREFIX%%/sbin/${name}
+rcvar=${name}_enable
+command="%%PREFIX%%/sbin/$name"
 start_precmd=${name}_prestart
 
 pkcsslotd_prestart () {
-	[ -f /var/lib/opencryptoki/pk_config_data ] || \
-		%%PREFIX%%/sbin/pkcs11_startup
+	install -d -o %%USERS%% -g %%GROUPS%% -m 0755 \
+	    /var/run/opencryptoki/swtok \
+	    /var/run/opencryptoki/tpm
 }
 
-load_rc_config ${name}
+load_rc_config $name
 
-: pkcsslotd_enable=${pkcsslotd_enable-"NO"}
+: ${pkcsslotd_enable="NO"}
 
 run_rc_command "$1"
 

Modified: head/security/opencryptoki/pkg-plist
==============================================================================
--- head/security/opencryptoki/pkg-plist	Wed May 18 17:19:40 2016	(r415458)
+++ head/security/opencryptoki/pkg-plist	Wed May 18 17:22:59 2016	(r415459)
@@ -1,3 +1,4 @@
+@sample etc/opencryptoki/opencryptoki.conf.sample
 include/opencryptoki/apiclient.h
 include/opencryptoki/pkcs11.h
 include/opencryptoki/pkcs11types.h
@@ -7,10 +8,10 @@ lib/opencryptoki/libopencryptoki.so.0
 lib/opencryptoki/libopencryptoki.so.0.0.0
 lib/opencryptoki/methods
 lib/opencryptoki/stdll/PKCS11_SW.so
+lib/opencryptoki/stdll/PKCS11_TPM.so
 lib/opencryptoki/stdll/libpkcs11_sw.so
 lib/opencryptoki/stdll/libpkcs11_sw.so.0
 lib/opencryptoki/stdll/libpkcs11_sw.so.0.0.0
-lib/opencryptoki/stdll/PKCS11_TPM.so
 lib/opencryptoki/stdll/libpkcs11_tpm.so
 lib/opencryptoki/stdll/libpkcs11_tpm.so.0
 lib/opencryptoki/stdll/libpkcs11_tpm.so.0.0.0
@@ -18,16 +19,18 @@ lib/pkcs11/PKCS11_API.so
 lib/pkcs11/libopencryptoki.so
 lib/pkcs11/methods
 lib/pkcs11/stdll
-sbin/pkcs11_startup
-sbin/pkcs_slot
-sbin/pkcsconf
-sbin/pkcsslotd
-man/man1/pkcs11_startup.1.gz
+man/man1/pkcscca.1.gz
 man/man1/pkcsconf.1.gz
-man/man5/pk_config_data.5.gz
+man/man1/pkcsep11_migrate.1.gz
+man/man1/pkcsicsf.1.gz
+man/man5/opencryptoki.conf.5.gz
 man/man7/opencryptoki.7.gz
 man/man8/pkcsslotd.8.gz
-@dir(_pkcs11,_pkcs11,700) /var/lib/opencryptoki/swtok
-@dir(_pkcs11,_pkcs11,700) /var/lib/opencryptoki/tpm
-@dir(_pkcs11,_pkcs11,700) /var/lib/opencryptoki
+sbin/pkcsconf
+sbin/pkcsslotd
+@dir(%%USERS%%,%%GROUPS%%,700) /var/lib/opencryptoki/swtok/TOK_OBJ
+@dir(%%USERS%%,%%GROUPS%%,700) /var/lib/opencryptoki/swtok
+@dir(%%USERS%%,%%GROUPS%%,700) /var/lib/opencryptoki/tpm
+@dir(%%USERS%%,%%GROUPS%%,700) /var/lib/opencryptoki
 @dir /var/lib
+@dir /var/log/opencryptoki



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201605181723.u4IHN0vY062375>