libgcrypt/libgcrypt.spec
Marcus Meissner 0ee4a0f87b Accepting request 232937 from home:vitezslav_cizek:branches:devel:libraries:c_c++
- add support for SP800-90A DRBG (fate#316929, bnc#856312)
  * patches by Stephan Mueller (http://www.chronox.de/drbg.html):
    0001-SP800-90A-Deterministic-Random-Bit-Generator.patch.bz2
    0002-Compile-DRBG.patch
    0003-Function-definitions-of-interfaces-for-random.c.patch
    0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch
    0005-Function-definitions-for-gcry_control-callbacks.patch
    0006-DRBG-specific-gcry_control-requests.patch
    0007-User-interface-to-DRBG.patch
  * only after 13.1 (the patches need libgpg-error 1.13)
- drop libgcrypt-fips-allow-legacy.patch (not needed and wasn't
  applied anyway)

OBS-URL: https://build.opensuse.org/request/show/232937
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=51
2014-05-07 15:00:08 +00:00

241 lines
7.9 KiB
RPMSpec

#
# spec file for package libgcrypt
#
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
%define build_hmac256 1
%define separate_hmac256_binary 0
%define libsoname %{name}20
%define sosuffix 20.0.1
Name: libgcrypt
Version: 1.6.1
Release: 0
Summary: The GNU Crypto Library
License: GPL-2.0+ and LGPL-2.1+ and GPL-3.0+
Group: Development/Libraries/C and C++
Url: http://directory.fsf.org/wiki/Libgcrypt
Source: ftp://ftp.gnupg.org/gcrypt/libgcrypt/%{name}-%{version}.tar.bz2
Source1: ftp://ftp.gnupg.org/gcrypt/libgcrypt/%{name}-%{version}.tar.bz2.sig
Source2: baselibs.conf
# http://www.gnupg.org/signature_key.en.html
Source4: %{name}.keyring
Patch0: %{name}-ppc64.patch
Patch1: %{name}-strict-aliasing.patch
Patch3: %{name}-1.4.1-rijndael_no_strict_aliasing.patch
Patch4: %{name}-sparcv9.diff
#PATCH-FIX-UPSTREAM: bnc#701267, explicitly link with $(DL_LIBS)
#was: libgcrypt-1.5.0-as-needed.patch
Patch5: libgcrypt-unresolved-dladdr.patch
#PATCH-FIX-SUSE: N/A
Patch7: libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
#PATCH-FIX-UPSTREAM: internal functions are supposed to be used inside libgcrypt, mvyskocil@suse.com
Patch8: libgcrypt-1.6.0-use-intenal-functions.patch
Patch11: libgcrypt-fixed-sizet.patch
Patch12: libgcrypt-1.6.1-use-fipscheck.patch
Patch13: libgcrypt-1.6.1-fips-cavs.patch
#PATCH-FIX-SUSE: bnc#724841, fix a random device opening routine
Patch14: libgcrypt-1.6.1-fips-cfgrandom.patch
# add support for SP800-90A DRBG (fate#316929, bnc#856312)
Patch21: 0001-SP800-90A-Deterministic-Random-Bit-Generator.patch.bz2
Patch22: 0002-Compile-DRBG.patch
Patch23: 0003-Function-definitions-of-interfaces-for-random.c.patch
Patch24: 0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch
Patch25: 0005-Function-definitions-for-gcry_control-callbacks.patch
Patch26: 0006-DRBG-specific-gcry_control-requests.patch
Patch27: 0007-User-interface-to-DRBG.patch
BuildRequires: automake >= 1.11
BuildRequires: libgpg-error-devel >= 1.11
BuildRequires: libtool
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if 0%{?suse_version} > 1310
BuildRequires: fipscheck
%endif
# not for base packages to avoid huge cycles
#BuildRequires: gpg-offline
%description
Libgcrypt is a general purpose library of cryptographic building
blocks. It is originally based on code used by GnuPG. It does not
provide any implementation of OpenPGP or other protocols. Thorough
understanding of applied cryptography is required to use Libgcrypt.
%package -n %{libsoname}
Summary: The GNU Crypto Library
License: GPL-2.0+ and LGPL-2.1+
Group: Development/Libraries/C and C++
%description -n %{libsoname}
Libgcrypt is a general purpose crypto library based on the code used in
GnuPG (alpha version).
%package devel
Summary: The GNU Crypto Library
License: GFDL-1.1 and GPL-2.0+ and LGPL-2.1+ and MIT
Group: Development/Libraries/C and C++
Requires: %{libsoname} = %{version}
Requires: glibc-devel
Requires: libgpg-error-devel >= 1.8
Requires(post): %{install_info_prereq}
%description devel
Libgcrypt is a general purpose library of cryptographic building
blocks. It is originally based on code used by GnuPG. It does not
provide any implementation of OpenPGP or other protocols. Thorough
understanding of applied cryptography is required to use Libgcrypt.
This package contains needed files to compile and link against the
library.
%if 0%{?separate_hmac256_binary}
%package hmac256
Summary: The GNU Crypto Library
License: GPL-2.0+ and LGPL-2.1+
Group: Development/Libraries/C and C++
Requires: %{libsoname} = %{version}
Requires: libgpg-error-devel
Requires(post): %{install_info_prereq}
%description hmac256
Libgcrypt is a general purpose library of cryptographic building
blocks. It is originally based on code used by GnuPG. It does not
provide any implementation of OpenPGP or other protocols. Thorough
understanding of applied cryptography is required to use Libgcrypt.
%endif # #if separate_hmac256_binary
%prep
%setup -q
%patch0 -p1
%patch1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch7 -p1
%patch8 -p1
%patch11 -p1
%if 0%{?suse_version} > 1310
%patch12 -p1
%patch21 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p1
%patch26 -p1
%patch27 -p1
%endif
%patch13 -p1
%patch14 -p1
%build
echo building with build_hmac256 set to %{build_hmac256}
%{?suse_update_config}
autoreconf -fi
export CFLAGS="%{optflags} $(getconf LFS_CFLAGS)"
%configure --with-pic \
--enable-noexecstack \
--disable-static \
--enable-m-guard \
%ifarch %{sparc}
--disable-asm \
%endif
--enable-hmac-binary-check \
--enable-random=linux
make %{?_smp_mflags}
%if 0%{?build_hmac256}
# this is a hack that re-defines the __os_install_post macro
# for a simple reason: the macro strips the binaries and thereby
# invalidates a HMAC that may have been created earlier.
# solution: create the hashes _after_ the macro runs.
#
# this shows up earlier because otherwise the %expand of
# the macro is too late.
%if 0%{?suse_version} > 1310
%{expand:%%global __os_install_post {%__os_install_post
fipshmac %{buildroot}/%{_bindir}/hmac256
fipshmac %{buildroot}/%{_libdir}/*.so.??
}}
%else
%{expand:%%global __os_install_post {%__os_install_post
%{buildroot}/%{_bindir}/hmac256 "What am I, a doctor or a moonshuttle conductor?" \
< %{buildroot}/%{_bindir}/hmac256 > %{buildroot}/%{_bindir}/.hmac256.hmac
%{buildroot}/%{_bindir}/hmac256 "What am I, a doctor or a moonshuttle conductor?" \
< %{buildroot}/%{_libdir}/libgcrypt.so.%{sosuffix} > %{buildroot}/%{_libdir}/.libgcrypt.so.20.hmac
}}
%endif
%endif
%check
%if 0%{?suse_version} > 1310
fipshmac src/.libs/libgcrypt.so.??
%endif
# Nice idea. however this uses /dev/random, which hangs
# on hardware without random feeds.
# so lets not run it inside OBS
# make check
%install
make DESTDIR=%{buildroot} install %{?_smp_mflags}
rm %{buildroot}%{_libdir}/%{name}.la
%post -n %{libsoname} -p /sbin/ldconfig
%postun -n %{libsoname} -p /sbin/ldconfig
%post devel
%install_info --info-dir=%{_infodir} %{_infodir}/gcrypt.info.gz
%install_info --info-dir=%{_infodir} %{_infodir}/gcrypt-1.info.gz
%install_info --info-dir=%{_infodir} %{_infodir}/gcrypt-2.info.gz
%postun devel
%install_info_delete --info-dir=%{_infodir} %{_infodir}/gcrypt.info.gz
%install_info_delete --info-dir=%{_infodir} %{_infodir}/gcrypt-1.info.gz
%install_info_delete --info-dir=%{_infodir} %{_infodir}/gcrypt-2.info.gz
%files -n %{libsoname}
%defattr(-,root,root)
%doc COPYING.LIB
%{_libdir}/%{name}.so.*
%if 0%{?build_hmac256}
%{_libdir}/.libgcrypt.so.*.hmac
%endif # %if 0%{?build_hmac256}
%files devel
%defattr(-,root,root)
%doc AUTHORS COPYING COPYING.LIB ChangeLog NEWS README THANKS TODO
%{_infodir}/gcrypt.info.gz
%{_infodir}/gcrypt.info-1.gz
%{_infodir}/gcrypt.info-2.gz
%{_bindir}/dumpsexp
%{_bindir}/mpicalc
%{_bindir}/%{name}-config
%{_libdir}/%{name}.so
%{_includedir}/gcrypt*.h
%{_datadir}/aclocal/%{name}.m4
%if 0%{?separate_hmac256_binary}
%files hmac256
%defattr(-,root,root)
%endif # %if 0%{?separate_hmac256_binary}
%{_bindir}/hmac256
%{_bindir}/.hmac256.hmac
%doc %{_mandir}/man1/hmac256.1*
%changelog