This commit is contained in:
parent
e63b91e736
commit
526841b893
@ -1,3 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed May 24 13:47:09 UTC 2023 - Fridrich Strba <fstrba@suse.com>
|
||||
|
||||
- Bring back our nss.fips.cfg file, since the variable expansion
|
||||
in the upstream file does not work (fixes: bsc#1211679)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu May 11 12:52:16 UTC 2023 - jsilva@suse.com
|
||||
|
||||
|
@ -139,6 +139,8 @@ Source10: systemtap-tapset.tar.xz
|
||||
Source11: jconsole.desktop.in
|
||||
# nss configuration file
|
||||
Source12: nss.cfg.in
|
||||
# nss fips configuration file
|
||||
Source13: nss.fips.cfg.in
|
||||
# Ensure we aren't using the limited crypto policy
|
||||
Source14: TestCryptoLevel.java
|
||||
# Ensure ECDSA is working
|
||||
@ -452,6 +454,10 @@ done
|
||||
# Setup nss.cfg
|
||||
sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE12} > nss.cfg
|
||||
|
||||
# Setup nss.fips.cfg
|
||||
sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE13} > nss.fips.cfg
|
||||
sed -i -e "s:@NSS_SECMOD@:sql\:/etc/pki/nssdb:g" nss.fips.cfg
|
||||
|
||||
%build
|
||||
|
||||
%ifarch s390x sparc64 alpha ppc64 ppc64le %{aarch64}
|
||||
@ -513,6 +519,9 @@ export JAVA_HOME=$(pwd)/%{buildoutputdir}/%{imagesdir}/jdk
|
||||
# Install nss.cfg right away as we will be using the JRE above
|
||||
install -m 644 nss.cfg $JAVA_HOME/conf/security/
|
||||
|
||||
# Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies)
|
||||
install -m 644 nss.fips.cfg $JAVA_HOME/conf/security/
|
||||
|
||||
# Copy tz.properties
|
||||
echo "sun.zoneinfo.dir=%{_datadir}/javazi" >> $JAVA_HOME/conf/tz.properties
|
||||
|
||||
|
8
nss.fips.cfg.in
Normal file
8
nss.fips.cfg.in
Normal file
@ -0,0 +1,8 @@
|
||||
name = NSS-FIPS
|
||||
nssLibraryDirectory = @NSS_LIBDIR@
|
||||
nssSecmodDirectory = sql:/etc/pki/nssdb
|
||||
nssDbMode = readOnly
|
||||
nssModule = fips
|
||||
|
||||
attributes(*,CKO_SECRET_KEY,CKK_GENERIC_SECRET)={ CKA_SIGN=true }
|
||||
|
Loading…
Reference in New Issue
Block a user