# # spec file for package libgcrypt # # Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %define build_hmac256 1 %define separate_hmac256_binary 0 %define libsoname %{name}20 %define cavs_dir %{_libexecdir}/%{name}/cavs Name: libgcrypt Version: 1.8.2 Release: 0 Summary: The GNU Crypto Library License: GPL-2.0+ AND LGPL-2.1+ AND GPL-3.0+ Group: Development/Libraries/C and C++ Url: http://directory.fsf.org/wiki/Libgcrypt Source: ftp://ftp.gnupg.org/gcrypt/libgcrypt/%{name}-%{version}.tar.bz2 Source1: ftp://ftp.gnupg.org/gcrypt/libgcrypt/%{name}-%{version}.tar.bz2.sig Source2: baselibs.conf Source4: %{name}.keyring # https://www.gnupg.org/signature_key.en.html # cavs test framework Source5: cavs-test.sh Source6: cavs_driver.pl Source99: %{name}.changes Patch0: %{name}-ppc64.patch Patch1: %{name}-strict-aliasing.patch Patch3: %{name}-1.4.1-rijndael_no_strict_aliasing.patch Patch4: %{name}-sparcv9.diff #PATCH-FIX-UPSTREAM: bnc#701267, explicitly link with $(DL_LIBS) #was: libgcrypt-1.5.0-as-needed.patch Patch5: libgcrypt-unresolved-dladdr.patch #PATCH-FIX-SUSE: N/A Patch7: libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff Patch12: libgcrypt-1.6.1-use-fipscheck.patch Patch13: libgcrypt-1.6.1-fips-cavs.patch #PATCH-FIX-SUSE: bnc#724841, fix a random device opening routine Patch14: libgcrypt-1.6.1-fips-cfgrandom.patch Patch28: libgcrypt-fix-rng.patch Patch29: libgcrypt-init-at-elf-load-fips.patch #PATCH-FIX-SUSE add FIPS CAVS test app for DRBG Patch30: drbg_test.patch #PATCH-FIX-SUSE run FIPS self-test from constructor Patch32: libgcrypt-fips_run_selftest_at_constructor.patch Patch34: libgcrypt-1.6.3-aliasing.patch #PATCH-FIX-UPSTREAM bsc#1064455 fipsdrv patch to enable --algo for dsa-sign Patch35: libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch #PATCH-FIX-UPSTREAM bsc#1064455 fipsdrv patch to enable --algo for dsa-verify Patch36: libgcrypt-fipsdrv-enable-algo-for-dsa-verify.patch BuildRequires: automake >= 1.14 BuildRequires: fipscheck BuildRequires: libgpg-error-devel >= 1.25 BuildRequires: libtool %description Libgcrypt is a general purpose library of cryptographic building blocks. It is originally based on code used by GnuPG. It does not provide any implementation of OpenPGP or other protocols. Thorough understanding of applied cryptography is required to use Libgcrypt. %package -n %{libsoname} Summary: The GNU Crypto Library License: GPL-2.0+ AND LGPL-2.1+ Group: System/Libraries Suggests: %{libsoname}-hmac = %{version}-%{release} %description -n %{libsoname} Libgcrypt is a general purpose crypto library based on the code used in GnuPG (alpha version). %package -n %{libsoname}-hmac Summary: HMAC checksums for the GNU Crypto Library License: GPL-2.0+ AND LGPL-2.1+ Group: System/Libraries Requires: %{libsoname} = %{version}-%{release} %description -n %{libsoname}-hmac Libgcrypt is a general purpose crypto library based on the code used in GnuPG (alpha version). This package contains the HMAC checksum files for integrity checking the library, as required by FIPS 140-2. %package devel Summary: The GNU Crypto Library License: GFDL-1.1 AND GPL-2.0+ AND LGPL-2.1+ AND MIT Group: Development/Libraries/C and C++ Requires: %{libsoname} = %{version} Requires: glibc-devel Requires: libgpg-error-devel >= 1.13 Requires(post): %{install_info_prereq} %description devel Libgcrypt is a general purpose library of cryptographic building blocks. It is originally based on code used by GnuPG. It does not provide any implementation of OpenPGP or other protocols. Thorough understanding of applied cryptography is required to use Libgcrypt. This package contains needed files to compile and link against the library. %package cavs Summary: The GNU Crypto Library License: GFDL-1.1 AND GPL-2.0+ AND LGPL-2.1+ AND MIT Group: Development/Libraries/C and C++ Requires: %{libsoname} = %{version} Requires: %{libsoname}-hmac %description cavs CAVS testing framework for libgcrypt %if 0%{?separate_hmac256_binary} %package hmac256 Summary: The GNU Crypto Library License: GPL-2.0+ AND LGPL-2.1+ Group: Development/Libraries/C and C++ Requires: %{libsoname} = %{version} Requires: libgpg-error-devel Requires(post): %{install_info_prereq} %description hmac256 Libgcrypt is a general purpose library of cryptographic building blocks. It is originally based on code used by GnuPG. It does not provide any implementation of OpenPGP or other protocols. Thorough understanding of applied cryptography is required to use Libgcrypt. %endif # #if separate_hmac256_binary %prep %setup -q %patch0 -p1 %patch1 %patch3 -p1 %patch4 -p1 %patch5 -p1 %patch7 -p1 %patch12 -p1 %patch28 -p1 %patch29 -p1 %patch30 -p1 %patch32 -p1 # This patch breaks x86_64 builds but is needed for big-endian # architectures %ifarch ppc ppc64 s390 s390x %patch34 -p1 %endif %patch13 -p1 %patch14 -p1 %patch35 -p1 %patch36 -p1 %build echo building with build_hmac256 set to %{build_hmac256} %{?suse_update_config} autoreconf -fi date=$(date -u +%{Y}-%{m}-%{dT}%{H}:%{M}+0000 -r %{SOURCE99}) sed -e "s,BUILD_TIMESTAMP=.*,BUILD_TIMESTAMP=$date," -i configure export CFLAGS="%{optflags} $(getconf LFS_CFLAGS)" %configure \ --enable-noexecstack \ --disable-static \ --enable-m-guard \ %ifarch %{sparc} --disable-asm \ %endif --enable-hmac-binary-check \ --enable-random=linux make %{?_smp_mflags} %if 0%{?build_hmac256} # this is a hack that re-defines the __os_install_post macro # for a simple reason: the macro strips the binaries and thereby # invalidates a HMAC that may have been created earlier. # solution: create the hashes _after_ the macro runs. # # this shows up earlier because otherwise the %expand of # the macro is too late. %{expand:%%global __os_install_post {%__os_install_post fipshmac %{buildroot}/%{_bindir}/hmac256 fipshmac %{buildroot}/%{_libdir}/*.so.?? }} %endif %check fipshmac src/.libs/libgcrypt.so.?? # Nice idea. however this uses /dev/random, which hangs # on hardware without random feeds. # so lets not run it inside OBS # make %{?_smp_mflags} check %install %make_install rm %{buildroot}%{_libdir}/%{name}.la # cavs install -m 0755 -d %{buildroot}%{cavs_dir} install -m 0755 %{SOURCE5} %{buildroot}%{cavs_dir} install -m 0755 %{SOURCE6} %{buildroot}%{cavs_dir} mv %{buildroot}%{_bindir}/fipsdrv %{buildroot}%{cavs_dir} mv %{buildroot}%{_bindir}/drbg_test %{buildroot}%{cavs_dir} %post -n %{libsoname} -p /sbin/ldconfig %postun -n %{libsoname} -p /sbin/ldconfig %post devel %install_info --info-dir=%{_infodir} %{_infodir}/gcrypt.info.gz %preun devel %install_info_delete --info-dir=%{_infodir} %{_infodir}/gcrypt.info.gz %files -n %{libsoname} %license COPYING.LIB %{_libdir}/%{name}.so.* %files -n %{libsoname}-hmac %if 0%{?build_hmac256} %{_libdir}/.libgcrypt.so.*.hmac %endif # %if 0%{?build_hmac256} %files devel %license COPYING COPYING.LIB %doc AUTHORS ChangeLog NEWS README THANKS TODO %{_infodir}/gcrypt.info%{ext_info} %{_bindir}/dumpsexp %{_bindir}/mpicalc %{_bindir}/%{name}-config %{_libdir}/%{name}.so %{_includedir}/gcrypt*.h %{_datadir}/aclocal/%{name}.m4 %if 0%{?separate_hmac256_binary} %files hmac256 %endif # %if 0%{?separate_hmac256_binary} %{_bindir}/hmac256 %{_bindir}/.hmac256.hmac %doc %{_mandir}/man1/hmac256.1* %files cavs %{_libexecdir}/%{name} %changelog