Accepting request 865444 from home:pmonrealgonzalez:branches:security:tls

- Update to git version 20210118 * Output sigalgs required by nss >=3.59 * Bump Python requirement to 3.6 * Kerberos 5: Fix policy generator to account for macs * Add AES-192 support (non-TLS scenarios) * Add documentation of the --check option - Fix the man pages generation - Add crypto-policies-asciidoc.patch - Test only supported modules - Add crypto-policies-test_supported_modules_only.patch - Add crypto-policies-typos.patch to fix some typos OBS-URL: https://build.opensuse.org/request/show/865444 OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=2
2021-01-21 14:53:23 +00:00 · 2021-01-21 14:53:23 +00:00 · c78ee41234
commit c78ee41234
parent af8d3f38d5
6 changed files with 105 additions and 14 deletions
--- a/README.SUSE
+++ b/README.SUSE
@ -0,0 +1,2 @@
 Currently only OpenSSL, GnuTLS, and NSS policies are supported.
 The rest of the modules ignore the policy settings for the time being.
--- a/crypto-policies-test_supported_modules_only.patch
+++ b/crypto-policies-test_supported_modules_only.patch
@ -0,0 +1,13 @@
 Index: fedora-crypto-policies-master/Makefile
 ===================================================================
 --- fedora-crypto-policies-master.orig/Makefile
 +++ fedora-crypto-policies-master/Makefile
@@ -45,8 +45,6 @@ check:
 	tests/openssl.pl
 	tests/gnutls.pl
 	tests/nss.py
 -	tests/java.pl
 -	tests/krb5.py
 	top_srcdir=. tests/update-crypto-policies.sh
 test: check runpylint
--- a/crypto-policies-typos.patch
+++ b/crypto-policies-typos.patch
@ -0,0 +1,48 @@
 From: Hideki Yamane <h-yamane@sios.com>
 Date: Sun, 25 Aug 2019 04:08:35 +0900
 Subject: fix typos
 ---
 crypto-policies.7.txt        | 2 +-
 fips-finish-install          | 2 +-
 fips-finish-install.8.txt    | 2 +-
 Index: fedora-crypto-policies-master/crypto-policies.7.txt
 ===================================================================
 --- fedora-crypto-policies-master.orig/crypto-policies.7.txt
 +++ fedora-crypto-policies-master/crypto-policies.7.txt
@@ -236,7 +236,7 @@ To completely override a list value in a
 sign. Combining 'list-items' with and without signs in a single list value assignment is
 not allowed however an existing list value can be modified in multiple further assignments.
 -Non-list key values in the policy module files are simply overriden.
 +Non-list key values in the policy module files are simply overridden.
 The keys marked as *Optional* can be omitted in the policy definition
 files. In that case, the values will be derived from the base
 Index: fedora-crypto-policies-master/fips-finish-install
 ===================================================================
 --- fedora-crypto-policies-master.orig/fips-finish-install
 +++ fedora-crypto-policies-master/fips-finish-install
@@ -12,7 +12,7 @@ if test -f /run/ostree-booted; then
 fi
 if test x"$1" !=  x--complete ; then
 -	echo "Complete the instalation of FIPS modules."
 +	echo "Complete the installation of FIPS modules."
 	echo "usage: $0 --complete"
 	exit 2
 fi
 Index: fedora-crypto-policies-master/fips-finish-install.8.txt
 ===================================================================
 --- fedora-crypto-policies-master.orig/fips-finish-install.8.txt
 +++ fedora-crypto-policies-master/fips-finish-install.8.txt
@@ -21,7 +21,7 @@ fips-finish-install(8)
 NAME
 ----
 -fips-finish-install - complete the instalation of FIPS modules.
 +fips-finish-install - complete the installation of FIPS modules.
 SYNOPSIS
--- a/crypto-policies.changes
+++ b/crypto-policies.changes
@ -1,3 +1,30 @@
 -------------------------------------------------------------------
 Thu Jan 21 14:44:07 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
 - Update to git version 20210118
  * Output sigalgs required by nss >=3.59
  * Bump Python requirement to 3.6
  * Kerberos 5: Fix policy generator to account for macs
  * Add AES-192 support (non-TLS scenarios)
  * Add documentation of the --check option
 -------------------------------------------------------------------
 Thu Jan 21 14:42:13 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
 - Fix the man pages generation
 - Add crypto-policies-asciidoc.patch
 -------------------------------------------------------------------
 Thu Jan 21 09:56:42 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
 - Test only supported modules
 - Add crypto-policies-test_supported_modules_only.patch
 -------------------------------------------------------------------
 Tue Dec 22 10:50:36 UTC 2020 - Pedro Monreal <pmonreal@suse.com>
 - Add crypto-policies-typos.patch to fix some typos
 -------------------------------------------------------------------
 Thu Nov 12 08:20:19 UTC 2020 - Vítězslav Čížek <vcizek@suse.com>
--- a/crypto-policies.spec
+++ b/crypto-policies.spec
@ -16,19 +16,19 @@
 #
-%global git_date 20201115
+%global git_date 20210118
 #%global git_commit 85dccc5a5b7127e54e0c82b2b5ab5f5fb6fb5490
 #%{?git_commit:%global git_commit_hash %(c=%{git_commit}; echo ${c:0:7})}
 %global _python_bytecompile_extra 0
 Name:           crypto-policies
 Version:        %{git_date}
-Release:        1.git%{git_commit_hash}%{?dist}
+Release:        0
 Summary:        System-wide crypto policies
 License:        LGPL-2.1-or-later
 URL:            https://gitlab.com/redhat-crypto/fedora-crypto-policies
 #Source0:        https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/archive/%{git_commit_hash}/%{name}-git%{git_commit_hash}.tar.gz
 Source0:        fedora-crypto-policies-master.tar.gz
 Source1:        README.SUSE
 Patch0:         crypto-policies-asciidoc.patch
 Patch1:         crypto-policies-typos.patch
 Patch2:         crypto-policies-test_supported_modules_only.patch
 BuildRequires:  asciidoc
 BuildRequires:  bind
 BuildRequires:  gnutls >= 3.6.0
@ -36,16 +36,16 @@ BuildRequires:  java-devel
 BuildRequires:  libxslt
 BuildRequires:  openssl
 BuildRequires:  perl
-BuildRequires:  python3-devel
+BuildRequires:  python3-devel >= 3.6
 BuildRequires:  perl(File::Copy)
 BuildRequires:  perl(File::Temp)
 BuildRequires:  perl(File::Which)
-BuildRequires:  perl(File::pushd)
+#BuildRequires:  perl(File::pushd)
 Recommends:     crypto-policies-scripts
-Conflicts:      gnutls < 3.6.11
+#Conflicts:      gnutls < 3.6.11
-Conflicts:      libreswan < 3.28
+#Conflicts:      libreswan < 3.28
 Conflicts:      nss < 3.44.0
-Conflicts:      openssh < 8.2p1
+#Conflicts:      openssh < 8.2p1
 BuildArch:      noarch
 %description
@ -69,7 +69,6 @@ The package also provides a tool fips-mode-setup, which can be used
 to enable or disable the system FIPS mode.
 %prep
 #%setup -q -n fedora-crypto-policies-%{git_commit_hash}-%{git_commit}
 %autosetup -p1 -n fedora-crypto-policies-master
 %build
@ -107,6 +106,8 @@ done
 %py3_compile %{buildroot}%{_datadir}/crypto-policies/python
 cp %{SOURCE1} %{buildroot}%{_sysconfdir}/crypto-policies
 %check
 %make_build check
@ -143,7 +144,6 @@ end
 %{_bindir}/update-crypto-policies --no-check >/dev/null 2>/dev/null || :
 %files
 %dir %{_sysconfdir}/crypto-policies/
 %dir %{_sysconfdir}/crypto-policies/back-ends/
 %dir %{_sysconfdir}/crypto-policies/state/
@ -152,6 +152,7 @@ end
 %dir %{_sysconfdir}/crypto-policies/policies/modules/
 %dir %{_datarootdir}/crypto-policies/
 %{_sysconfdir}/crypto-policies/README.SUSE
 %ghost %config(missingok,noreplace) %{_sysconfdir}/crypto-policies/config
 %ghost %config(missingok,noreplace) %{_sysconfdir}/crypto-policies/back-ends/gnutls.config
--- a/fedora-crypto-policies-master.tar.gz
+++ b/fedora-crypto-policies-master.tar.gz
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:3c9b25736802f9f0af94f213eae8f146cd7ba5cc5288fe33ab6e09c60e50ccb9
+oid sha256:1ca1dabb526ff35720512f6f1aa533112985e20d1521abbc1e990f8a2efdbd64
-size 54714
+size 55699
		`@ -0,0 +1,2 @@`
							`Currently only OpenSSL, GnuTLS, and NSS policies are supported.`
							`The rest of the modules ignore the policy settings for the time being.`