From c104e3b9c762567d2195bfe3c195275062b42dcb6ee7122261f959ddf4701375 Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski Date: Fri, 21 Nov 2014 15:23:47 +0000 Subject: [PATCH] - Guarded fipscheck and hmac package in the spec file for >13.1. OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=79 --- strongswan.changes | 1 + strongswan.spec | 26 ++++++++++++++++++++++++++ 2 files changed, 27 insertions(+) diff --git a/strongswan.changes b/strongswan.changes index 9faeac2..3eef5b6 100644 --- a/strongswan.changes +++ b/strongswan.changes @@ -2,6 +2,7 @@ Fri Nov 21 12:03:59 UTC 2014 - mt@suse.de - Disabled explicit gpg validation; osc source_validator does it. +- Guarded fipscheck and hmac package in the spec file for >13.1. ------------------------------------------------------------------- Thu Nov 20 07:43:43 UTC 2014 - mt@suse.de diff --git a/strongswan.spec b/strongswan.spec index cc6168a..b827a5f 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -31,6 +31,11 @@ Release: 0 %else %bcond_with tests %endif +%if 0%{suse_version} > 1310 +%bcond_without fipscheck +%else +%bcond_with fipscheck +%endif %ifarch %{ix86} ppc64le %bcond_without integrity %else @@ -67,12 +72,16 @@ Source2: %{name}.init.in Source3: %{name}-%{version}-rpmlintrc Source4: README.SUSE Source5: %{name}.keyring +%if %{with fipscheck} Source6: fipscheck.sh.in Source7: fips-enforce.conf +%endif Patch1: %{name}_modprobe_syslog.patch Patch2: %{name}_ipsec_service.patch +%if %{with fipscheck} Patch3: %{name}_fipscheck.patch Patch4: %{name}_fipsfilter.patch +%endif Patch5: 0001-restore-registration-algorithm-order.bug897512.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: bison @@ -111,7 +120,9 @@ BuildRequires: iptables %endif BuildRequires: autoconf BuildRequires: automake +%if %{with fipscheck} BuildRequires: fipscheck +%endif BuildRequires: libtool %description @@ -178,6 +189,8 @@ StrongSwan is an OpenSource IPsec-based VPN Solution for Linux This package provides the strongswan library and plugins. +%if %{with fipscheck} + %package hmac Summary: HMAC files for FIPS-140-2 integrity Group: Productivity/Networking/Security @@ -189,6 +202,8 @@ Requires: strongswan-libs0 = %{version} The package is supposed to provide HMAC hash files for FIPS-140-2 integrity and enforce FIPS-140-2 compliant operation. +%endif + %package ipsec Summary: OpenSource IPsec-based VPN Solution Group: Productivity/Networking/Security @@ -277,12 +292,14 @@ and the load testing plugin for IKEv2 daemon. sed -e 's|@libexecdir@|%_libexecdir|g' \ < $RPM_SOURCE_DIR/strongswan.init.in \ > strongswan.init +%if %{with fipscheck} sed -e 's|@IPSEC_DIR@|%{_libexecdir}/ipsec|g' \ -e 's|@IPSEC_LIBDIR@|%{_libdir}/ipsec|g' \ -e 's|@IPSEC_SBINDIR@|%{_sbindir}|g' \ -e 's|@IPSEC_BINDIR@|%{_bindir}|g' \ < $RPM_SOURCE_DIR/fipscheck.sh.in \ > _fipscheck +%endif %build CFLAGS="$RPM_OPT_FLAGS -W -Wall -Wno-pointer-sign -Wno-strict-aliasing -Wno-unused-parameter" @@ -296,6 +313,9 @@ autoreconf --force --install --with-plugindir=%{strongswan_plugins} \ --with-resolv-conf=%{_rundir}/%{name}/resolv.conf \ --with-piddir=%{_rundir}/%{name} \ +%if %{with systemd} + --with-systemdsystemunitdir=%{_unitdir} \ +%endif --enable-pkcs11 \ --enable-openssl \ --enable-agent \ @@ -452,6 +472,7 @@ install -c -m644 ${RPM_SOURCE_DIR}/README.SUSE \ %{__install} -d -m 0755 %{buildroot}%{_tmpfilesdir} echo 'd %{_rundir}/%{name} 0770 root root' > %{buildroot}%{_tmpfilesdir}/%{name}.conf %endif +%if %{with fipscheck} # # note: keep the following, _fipscheck's and file lists in sync # @@ -478,6 +499,7 @@ install -c -m644 ${RPM_SOURCE_DIR}/fips-enforce.conf \ /usr/bin/fipshmac "$f" done }} +%endif %post libs0 /sbin/ldconfig @@ -525,6 +547,8 @@ fi %dir %{strongswan_docdir} %{strongswan_docdir}/README.SUSE +%if %{with fipscheck} + %files hmac %defattr(-,root,root) %dir %{strongswan_configs} @@ -540,6 +564,8 @@ fi %{_libexecdir}/ipsec/.*.hmac %{_sbindir}/.ipsec.hmac +%endif + %files ipsec %defattr(-,root,root) %config(noreplace) %attr(600,root,root) %{_sysconfdir}/ipsec.conf