From 8e6db95b502f2d99865219745b342d6fac7a2e52ff8b2da42b50da8296c857d6 Mon Sep 17 00:00:00 2001 From: Pedro Monreal Gonzalez Date: Fri, 14 May 2021 14:01:30 +0000 Subject: [PATCH] Accepting request 892936 from home:pmonrealgonzalez:branches:security:tls - Compute the FIPS hmac file without re-defining the __os_install_post macro, use the brp-50-generate-fips-hmac script instead. [bsc#1184555] - Require the main package in devel and lib packages as the default priorities are now set via crypto-policies. [bsc#1183082] OBS-URL: https://build.opensuse.org/request/show/892936 OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=51 --- gnutls.changes | 13 +++++++++++++ gnutls.spec | 22 ++++++---------------- 2 files changed, 19 insertions(+), 16 deletions(-) diff --git a/gnutls.changes b/gnutls.changes index da8809f..2521949 100644 --- a/gnutls.changes +++ b/gnutls.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Thu May 13 16:34:28 UTC 2021 - Pedro Monreal + +- Compute the FIPS hmac file without re-defining the + __os_install_post macro, use the brp-50-generate-fips-hmac + script instead. [bsc#1184555] + +------------------------------------------------------------------- +Thu Mar 18 13:13:07 UTC 2021 - Pedro Monreal + +- Require the main package in devel and lib packages as the default + priorities are now set via crypto-policies. [bsc#1183082] + ------------------------------------------------------------------- Fri Mar 12 18:45:38 UTC 2021 - Pedro Monreal diff --git a/gnutls.spec b/gnutls.spec index 7548cb4..34bd502 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -31,7 +31,7 @@ Name: gnutls Version: 3.7.1 Release: 0 Summary: The GNU Transport Layer Security Library -License: LGPL-2.1-or-later AND GPL-3.0-or-later +License: GPL-3.0-or-later AND LGPL-2.1-or-later Group: Productivity/Networking/Security URL: https://www.gnutls.org/ Source0: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/%{name}-%{version}.tar.xz @@ -135,6 +135,7 @@ Summary: Development package for the GnuTLS C API License: LGPL-2.1-or-later Group: Development/Libraries/C and C++ Requires: glibc-devel +Requires: gnutls = %{version}-%{release} Requires: libgnutls%{gnutls_sover} = %{version} Requires(pre): %{install_info_prereq} Provides: gnutls-devel = %{version}-%{release} @@ -208,27 +209,15 @@ export CXXFLAGS="%{optflags} -fPIE" make %{?_smp_mflags} -# the hmac hashes: -# -# this is a hack that re-defines the __os_install_post macro -# for a simple reason: the macro strips the binaries and thereby -# invalidates a HMAC that may have been created earlier. -# solution: create the hashes _after_ the macro runs. -# -# this shows up earlier because otherwise the %%expand of -# the macro is too late. -# remark: This is the same as running -# openssl dgst -sha256 -hmac 'orboDeJITITejsirpADONivirpUkvarP' -%{expand:%%global __os_install_post {%__os_install_post -%{_bindir}/fipshmac %{buildroot}%{_libdir}/libgnutls.so.%{gnutls_sover} -}} - %install %make_install rm -rf %{buildroot}%{_datadir}/locale/en@{,bold}quot # Do not package static libs and libtool files find %{buildroot} -type f -name "*.la" -delete -print +# Compute FIPS hmac using the brp-50-generate-fips-hmac script +export BRP_FIPSHMAC_FILES=%{buildroot}%{_libdir}/libgnutls.so.%{gnutls_sover} + # install docs mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/ cp doc/gnutls.html doc/*.png %{buildroot}%{_docdir}/libgnutls-devel/ @@ -264,6 +253,7 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null || { %post -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig %postun -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig + %post -n libgnutls-devel %install_info --info-dir=%{_infodir} %{_infodir}/gnutls.info.gz