# Generated by rust2rpm 27
%bcond check 1
# Enable gpg signature verification by default
%bcond gpgcheck 1
%global soname libkryoptic_pkcs11
%global features kryoptic-lib/nssdb,kryoptic-lib/pqc,kryoptic-lib/standard,kryoptic-lib/dynamic,profiles
%if 0%{?rhel}
# RHEL: Use bundled deps as it doesn't ship Rust libraries
%global bundled_rust_deps 1
%global __brp_mangle_shebangs_exclude_from ^/usr/src/debug/.*$
%else
# Fedora: Use only system Rust libraries
%global bundled_rust_deps 0
%endif
Name: kryoptic
Version: 1.5.1
Release: %autorelease
Summary: PKCS #11 software token written in Rust
SourceLicense: GPL-3.0-or-later
# LICENSE.dependencies contains a full license breakdown
License: %{shrink:
Apache-2.0 AND
(Apache-2.0 OR BSL-1.0) AND
(Apache-2.0 OR MIT) AND
BSD-3-Clause AND
GPL-3.0-or-later AND
ISC AND
MIT AND
(MIT OR Apache-2.0) AND
(MIT-0 OR Apache-2.0) AND
(Unlicense OR MIT) AND
Zlib
}
URL: https://github.com/latchset/kryoptic
Source0: https://github.com/latchset/kryoptic/releases/download/v%{version}/%{name}-%{version}.tar.gz
Source1: https://github.com/latchset/kryoptic/releases/download/v%{version}/%{name}-vendor-%{version}.tar.gz
%if %{with gpgcheck}
Source2: https://github.com/latchset/kryoptic/releases/download/v%{version}/%{name}-%{version}.tar.gz.asc
Source3: https://github.com/latchset/kryoptic/releases/download/v%{version}/%{name}-vendor-%{version}.tar.gz.asc
Source4: https://people.redhat.com/~ssorce/simo_redhat.asc
%endif
BuildRequires: openssl-devel
BuildRequires: pandoc
%if %{with gpgcheck}
BuildRequires: gnupg2
%endif
%if 0%{?bundled_rust_deps}
BuildRequires: rust-toolset
BuildRequires: clang
# vendored rustqlite
BuildRequires: sqlite-devel
%else
BuildRequires: cargo-rpm-macros >= 26
%endif
%global _description %{expand:
A PKCS #11 software token written in Rust.}
%description %{_description}
%package tools
Requires: %{name}%{?_isa} = %{version}-%{release}
Summary: Supporting tools for kryoptic software token
%description tools
Supporting tools for kryoptic software token.
Most notably a migration tool for the SoftHSM database.
%prep
%if %{with gpgcheck}
%{gpgverify} --keyring='%{SOURCE4}' --signature='%{SOURCE2}' --data='%{SOURCE0}'
%{gpgverify} --keyring='%{SOURCE4}' --signature='%{SOURCE3}' --data='%{SOURCE1}'
%endif
%autosetup -p1 -N %{?bundled_rust_deps:-a1}
%if 0%{?bundled_rust_deps}
%cargo_prep -v vendor
# don't lock the dependencies
rm -f Cargo.lock
%else
%cargo_prep
%generate_buildrequires
%cargo_generate_buildrequires -f %{features}
%endif
%build
export CONFDIR=%{_sysconfdir}
%cargo_build -f %{features} -- --all
%{cargo_license_summary -f %{features}}
%{cargo_license -f %{features}} > LICENSE.dependencies
pandoc -s -t man doc/kryoptic.conf.man.md -o kryoptic.conf.5
pandoc -s -t man doc/kryoptic.man.md -o kryoptic.7
pandoc -s -t man tools/softhsm/softhsm_migrate.man.md -o softhsm_migrate.1
%install
install -Dp target/rpm/softhsm_migrate $RPM_BUILD_ROOT%{_bindir}/softhsm_migrate
install -Dp target/rpm/%{soname}.so $RPM_BUILD_ROOT%{_libdir}/pkcs11/%{soname}.so
mkdir -p $RPM_BUILD_ROOT%{_datadir}/p11-kit/modules/
echo "module: %{soname}.so" > $RPM_BUILD_ROOT%{_datadir}/p11-kit/modules/kryoptic.module
install -Dp -m 0644 kryoptic.conf.5 $RPM_BUILD_ROOT%{_mandir}/man5/kryoptic.conf.5
install -Dp -m 0644 kryoptic.7 $RPM_BUILD_ROOT%{_mandir}/man7/kryoptic.7
install -Dp -m 0644 softhsm_migrate.1 $RPM_BUILD_ROOT%{_mandir}/man1/softhsm_migrate.1
%if %{with check}
%check
export TEST_PKCS11_MODULE=$RPM_BUILD_ROOT%{_libdir}/pkcs11/%{soname}.so
%cargo_test -f %{features},integration_tests
%endif
%files
%license LICENSE.txt
%license LICENSE.dependencies
%doc README.md
%dir %{_libdir}/pkcs11
%{_libdir}/pkcs11/%{soname}.so
# Co-owned with p11-kit so it is not hard dependency
%dir %{_datadir}/p11-kit
%dir %{_datadir}/p11-kit/modules
%{_datadir}/p11-kit/modules/kryoptic.module
%{_mandir}/man5/kryoptic.conf.5*
%{_mandir}/man7/kryoptic.7*
%files tools
%{_bindir}/softhsm_migrate
%{_mandir}/man1/softhsm_migrate.1*
%changelog
%autochangelog