Accepting request 892936 from home:pmonrealgonzalez:branches:security:tls

- Compute the FIPS hmac file without re-defining the __os_install_post macro, use the brp-50-generate-fips-hmac script instead. [bsc#1184555] - Require the main package in devel and lib packages as the default priorities are now set via crypto-policies. [bsc#1183082] OBS-URL: https://build.opensuse.org/request/show/892936 OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=51
2021-05-14 14:01:30 +00:00 · 2021-05-14 14:01:30 +00:00 · 8e6db95b50
commit 8e6db95b50
parent 505327d4f8
2 changed files with 19 additions and 16 deletions
--- a/gnutls.changes
+++ b/gnutls.changes
@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Thu May 13 16:34:28 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
+
+- Compute the FIPS hmac file without re-defining the
+  __os_install_post macro, use the brp-50-generate-fips-hmac
+  script instead. [bsc#1184555]
+
+-------------------------------------------------------------------
+Thu Mar 18 13:13:07 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
+
+- Require the main package in devel and lib packages as the default
+  priorities are now set via crypto-policies. [bsc#1183082]
+
 -------------------------------------------------------------------
 Fri Mar 12 18:45:38 UTC 2021 - Pedro Monreal <pmonreal@suse.com>

--- a/gnutls.spec
+++ b/gnutls.spec
@ -31,7 +31,7 @@ Name:           gnutls
 Version:        3.7.1
 Release:        0
 Summary:        The GNU Transport Layer Security Library
-License:        LGPL-2.1-or-later AND GPL-3.0-or-later
+License:        GPL-3.0-or-later AND LGPL-2.1-or-later
 Group:          Productivity/Networking/Security
 URL:            https://www.gnutls.org/
 Source0:        https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/%{name}-%{version}.tar.xz
@ -135,6 +135,7 @@ Summary:        Development package for the GnuTLS C API
 License:        LGPL-2.1-or-later
 Group:          Development/Libraries/C and C++
 Requires:       glibc-devel
+Requires:       gnutls = %{version}-%{release}
 Requires:       libgnutls%{gnutls_sover} = %{version}
 Requires(pre):  %{install_info_prereq}
 Provides:       gnutls-devel = %{version}-%{release}
@ -208,27 +209,15 @@ export CXXFLAGS="%{optflags} -fPIE"

 make %{?_smp_mflags}

-# the hmac hashes:
-#
-# this is a hack that re-defines the __os_install_post macro
-# for a simple reason: the macro strips the binaries and thereby
-# invalidates a HMAC that may have been created earlier.
-# solution: create the hashes _after_ the macro runs.
-#
-# this shows up earlier because otherwise the %%expand of
-# the macro is too late.
-# remark: This is the same as running
-#   openssl dgst -sha256 -hmac 'orboDeJITITejsirpADONivirpUkvarP'
-%{expand:%%global __os_install_post {%__os_install_post
-%{_bindir}/fipshmac %{buildroot}%{_libdir}/libgnutls.so.%{gnutls_sover}
-}}
-
 %install
 %make_install
 rm -rf %{buildroot}%{_datadir}/locale/en@{,bold}quot
 # Do not package static libs and libtool files
 find %{buildroot} -type f -name "*.la" -delete -print

+# Compute FIPS hmac using the brp-50-generate-fips-hmac script
+export BRP_FIPSHMAC_FILES=%{buildroot}%{_libdir}/libgnutls.so.%{gnutls_sover}
+
 # install docs
 mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/
 cp doc/gnutls.html doc/*.png %{buildroot}%{_docdir}/libgnutls-devel/
@ -264,6 +253,7 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null || {

 %post -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig
 %postun -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig
+
 %post -n libgnutls-devel
 %install_info --info-dir=%{_infodir} %{_infodir}/gnutls.info.gz