Marcus Meissner
2cd1fab710
- split off the -hmac package that contains the checksums OBS-URL: https://build.opensuse.org/request/show/244328 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=59
259 lines
8.5 KiB
RPMSpec
259 lines
8.5 KiB
RPMSpec
#
|
|
# spec file for package libgcrypt
|
|
#
|
|
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
|
#
|
|
|
|
|
|
%define build_hmac256 1
|
|
%define separate_hmac256_binary 0
|
|
%define libsoname %{name}20
|
|
%define sosuffix 20.0.1
|
|
Name: libgcrypt
|
|
Version: 1.6.1
|
|
Release: 0
|
|
Summary: The GNU Crypto Library
|
|
License: GPL-2.0+ and LGPL-2.1+ and GPL-3.0+
|
|
Group: Development/Libraries/C and C++
|
|
Url: http://directory.fsf.org/wiki/Libgcrypt
|
|
Source: ftp://ftp.gnupg.org/gcrypt/libgcrypt/%{name}-%{version}.tar.bz2
|
|
Source1: ftp://ftp.gnupg.org/gcrypt/libgcrypt/%{name}-%{version}.tar.bz2.sig
|
|
Source2: baselibs.conf
|
|
# http://www.gnupg.org/signature_key.en.html
|
|
Source4: %{name}.keyring
|
|
Patch0: %{name}-ppc64.patch
|
|
Patch1: %{name}-strict-aliasing.patch
|
|
Patch3: %{name}-1.4.1-rijndael_no_strict_aliasing.patch
|
|
Patch4: %{name}-sparcv9.diff
|
|
#PATCH-FIX-UPSTREAM: bnc#701267, explicitly link with $(DL_LIBS)
|
|
#was: libgcrypt-1.5.0-as-needed.patch
|
|
Patch5: libgcrypt-unresolved-dladdr.patch
|
|
#PATCH-FIX-SUSE: N/A
|
|
Patch7: libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
|
|
#PATCH-FIX-UPSTREAM: internal functions are supposed to be used inside libgcrypt, mvyskocil@suse.com
|
|
Patch8: libgcrypt-1.6.0-use-intenal-functions.patch
|
|
Patch11: libgcrypt-fixed-sizet.patch
|
|
Patch12: libgcrypt-1.6.1-use-fipscheck.patch
|
|
Patch13: libgcrypt-1.6.1-fips-cavs.patch
|
|
#PATCH-FIX-SUSE: bnc#724841, fix a random device opening routine
|
|
Patch14: libgcrypt-1.6.1-fips-cfgrandom.patch
|
|
# add support for SP800-90A DRBG (fate#316929, bnc#856312)
|
|
Patch21: 0001-SP800-90A-Deterministic-Random-Bit-Generator.patch.bz2
|
|
Patch22: 0002-Compile-DRBG.patch
|
|
Patch23: 0003-Function-definitions-of-interfaces-for-random.c.patch
|
|
Patch24: 0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch
|
|
Patch25: 0005-Function-definitions-for-gcry_control-callbacks.patch
|
|
Patch26: 0006-DRBG-specific-gcry_control-requests.patch
|
|
Patch27: 0007-User-interface-to-DRBG.patch
|
|
Patch28: libgcrypt-fix-rng.patch
|
|
Patch29: libgcrypt-init-at-elf-load-fips.patch
|
|
BuildRequires: automake >= 1.11
|
|
BuildRequires: libgpg-error-devel >= 1.11
|
|
BuildRequires: libtool
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
|
%if 0%{?suse_version} > 1310
|
|
BuildRequires: fipscheck
|
|
%endif
|
|
# not for base packages to avoid huge cycles
|
|
#BuildRequires: gpg-offline
|
|
|
|
%description
|
|
Libgcrypt is a general purpose library of cryptographic building
|
|
blocks. It is originally based on code used by GnuPG. It does not
|
|
provide any implementation of OpenPGP or other protocols. Thorough
|
|
understanding of applied cryptography is required to use Libgcrypt.
|
|
|
|
%package -n %{libsoname}
|
|
Summary: The GNU Crypto Library
|
|
License: GPL-2.0+ and LGPL-2.1+
|
|
Group: Development/Libraries/C and C++
|
|
|
|
%description -n %{libsoname}
|
|
Libgcrypt is a general purpose crypto library based on the code used in
|
|
GnuPG (alpha version).
|
|
|
|
%package -n %{libsoname}-hmac
|
|
Summary: HMAC checksums for the GNU Crypto Library
|
|
License: GPL-2.0+ and LGPL-2.1+
|
|
Group: Development/Libraries/C and C++
|
|
|
|
%description -n %{libsoname}-hmac
|
|
Libgcrypt is a general purpose crypto library based on the code used in
|
|
GnuPG (alpha version). This package contains the HMAC checksum files
|
|
for integrity checking the library, as required by FIPS 140-2.
|
|
|
|
%package devel
|
|
Summary: The GNU Crypto Library
|
|
License: GFDL-1.1 and GPL-2.0+ and LGPL-2.1+ and MIT
|
|
Group: Development/Libraries/C and C++
|
|
Requires: %{libsoname} = %{version}
|
|
Requires: glibc-devel
|
|
Requires: libgpg-error-devel >= 1.8
|
|
Requires(post): %{install_info_prereq}
|
|
|
|
%description devel
|
|
Libgcrypt is a general purpose library of cryptographic building
|
|
blocks. It is originally based on code used by GnuPG. It does not
|
|
provide any implementation of OpenPGP or other protocols. Thorough
|
|
understanding of applied cryptography is required to use Libgcrypt.
|
|
|
|
This package contains needed files to compile and link against the
|
|
library.
|
|
|
|
%if 0%{?separate_hmac256_binary}
|
|
|
|
%package hmac256
|
|
Summary: The GNU Crypto Library
|
|
License: GPL-2.0+ and LGPL-2.1+
|
|
Group: Development/Libraries/C and C++
|
|
Requires: %{libsoname} = %{version}
|
|
Requires: libgpg-error-devel
|
|
Requires(post): %{install_info_prereq}
|
|
|
|
%description hmac256
|
|
Libgcrypt is a general purpose library of cryptographic building
|
|
blocks. It is originally based on code used by GnuPG. It does not
|
|
provide any implementation of OpenPGP or other protocols. Thorough
|
|
understanding of applied cryptography is required to use Libgcrypt.
|
|
|
|
%endif # #if separate_hmac256_binary
|
|
|
|
%prep
|
|
%setup -q
|
|
%patch0 -p1
|
|
%patch1
|
|
%patch3 -p1
|
|
%patch4 -p1
|
|
%patch5 -p1
|
|
%patch7 -p1
|
|
%patch8 -p1
|
|
%patch11 -p1
|
|
%if 0%{?suse_version} > 1310
|
|
%patch12 -p1
|
|
%patch21 -p1
|
|
%patch22 -p1
|
|
%patch23 -p1
|
|
%patch24 -p1
|
|
%patch25 -p1
|
|
%patch26 -p1
|
|
%patch27 -p1
|
|
%patch28 -p1
|
|
%patch29 -p1
|
|
%endif
|
|
%patch13 -p1
|
|
%patch14 -p1
|
|
|
|
%build
|
|
echo building with build_hmac256 set to %{build_hmac256}
|
|
%{?suse_update_config}
|
|
autoreconf -fi
|
|
export CFLAGS="%{optflags} $(getconf LFS_CFLAGS)"
|
|
%configure --with-pic \
|
|
--enable-noexecstack \
|
|
--disable-static \
|
|
--enable-m-guard \
|
|
%ifarch %{sparc}
|
|
--disable-asm \
|
|
%endif
|
|
--enable-hmac-binary-check \
|
|
--enable-random=linux
|
|
make %{?_smp_mflags}
|
|
|
|
%if 0%{?build_hmac256}
|
|
# this is a hack that re-defines the __os_install_post macro
|
|
# for a simple reason: the macro strips the binaries and thereby
|
|
# invalidates a HMAC that may have been created earlier.
|
|
# solution: create the hashes _after_ the macro runs.
|
|
#
|
|
# this shows up earlier because otherwise the %expand of
|
|
# the macro is too late.
|
|
%if 0%{?suse_version} > 1310
|
|
%{expand:%%global __os_install_post {%__os_install_post
|
|
fipshmac %{buildroot}/%{_bindir}/hmac256
|
|
fipshmac %{buildroot}/%{_libdir}/*.so.??
|
|
}}
|
|
%else
|
|
%{expand:%%global __os_install_post {%__os_install_post
|
|
|
|
%{buildroot}/%{_bindir}/hmac256 "What am I, a doctor or a moonshuttle conductor?" \
|
|
< %{buildroot}/%{_bindir}/hmac256 > %{buildroot}/%{_bindir}/.hmac256.hmac
|
|
%{buildroot}/%{_bindir}/hmac256 "What am I, a doctor or a moonshuttle conductor?" \
|
|
< %{buildroot}/%{_libdir}/libgcrypt.so.%{sosuffix} > %{buildroot}/%{_libdir}/.libgcrypt.so.20.hmac
|
|
}}
|
|
%endif
|
|
%endif
|
|
|
|
%check
|
|
%if 0%{?suse_version} > 1310
|
|
fipshmac src/.libs/libgcrypt.so.??
|
|
%endif
|
|
# Nice idea. however this uses /dev/random, which hangs
|
|
# on hardware without random feeds.
|
|
# so lets not run it inside OBS
|
|
# make check
|
|
|
|
%install
|
|
make DESTDIR=%{buildroot} install %{?_smp_mflags}
|
|
|
|
rm %{buildroot}%{_libdir}/%{name}.la
|
|
|
|
%post -n %{libsoname} -p /sbin/ldconfig
|
|
|
|
%postun -n %{libsoname} -p /sbin/ldconfig
|
|
|
|
%post devel
|
|
%install_info --info-dir=%{_infodir} %{_infodir}/gcrypt.info.gz
|
|
%install_info --info-dir=%{_infodir} %{_infodir}/gcrypt-1.info.gz
|
|
%install_info --info-dir=%{_infodir} %{_infodir}/gcrypt-2.info.gz
|
|
|
|
%postun devel
|
|
%install_info_delete --info-dir=%{_infodir} %{_infodir}/gcrypt.info.gz
|
|
%install_info_delete --info-dir=%{_infodir} %{_infodir}/gcrypt-1.info.gz
|
|
%install_info_delete --info-dir=%{_infodir} %{_infodir}/gcrypt-2.info.gz
|
|
|
|
%files -n %{libsoname}
|
|
%defattr(-,root,root)
|
|
%doc COPYING.LIB
|
|
%{_libdir}/%{name}.so.*
|
|
|
|
%files -n %{libsoname}-hmac
|
|
%defattr(-,root,root)
|
|
%if 0%{?build_hmac256}
|
|
%{_libdir}/.libgcrypt.so.*.hmac
|
|
%endif # %if 0%{?build_hmac256}
|
|
|
|
%files devel
|
|
%defattr(-,root,root)
|
|
%doc AUTHORS COPYING COPYING.LIB ChangeLog NEWS README THANKS TODO
|
|
%{_infodir}/gcrypt.info.gz
|
|
%{_infodir}/gcrypt.info-1.gz
|
|
%{_infodir}/gcrypt.info-2.gz
|
|
%{_bindir}/dumpsexp
|
|
%{_bindir}/mpicalc
|
|
%{_bindir}/%{name}-config
|
|
%{_libdir}/%{name}.so
|
|
%{_includedir}/gcrypt*.h
|
|
%{_datadir}/aclocal/%{name}.m4
|
|
|
|
%if 0%{?separate_hmac256_binary}
|
|
|
|
%files hmac256
|
|
%defattr(-,root,root)
|
|
%endif # %if 0%{?separate_hmac256_binary}
|
|
%{_bindir}/hmac256
|
|
%{_bindir}/.hmac256.hmac
|
|
%doc %{_mandir}/man1/hmac256.1*
|
|
|
|
%changelog
|