2017-04-24 21:06:50 +02:00
|
|
|
#
|
|
|
|
|
# spec file for package libica
|
|
|
|
|
#
|
2024-01-29 09:53:17 +01:00
|
|
|
# Copyright (c) 2024 SUSE LLC
|
2017-04-24 21:06:50 +02:00
|
|
|
#
|
|
|
|
|
# All modifications and additions to the file contributed by third parties
|
|
|
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
|
|
|
# upon. The license for this file, and modifications and additions to the
|
|
|
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
|
|
|
# license for the pristine package is not an Open Source License, in which
|
|
|
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
|
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
|
|
|
# published by the Open Source Initiative.
|
|
|
|
|
|
2018-11-20 23:46:40 +01:00
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
2017-04-24 21:06:50 +02:00
|
|
|
#
|
|
|
|
|
|
|
|
|
|
|
2017-11-29 20:12:44 +01:00
|
|
|
#Compat macro for new _fillupdir macro introduced in Nov 2017
|
|
|
|
|
%if ! %{defined _fillupdir}
|
2018-11-16 23:49:59 +01:00
|
|
|
%define _fillupdir %{_localstatedir}/adm/fillup-templates
|
2017-11-29 20:12:44 +01:00
|
|
|
%endif
|
2019-09-03 23:27:37 +02:00
|
|
|
|
2017-04-24 21:06:50 +02:00
|
|
|
Name: libica
|
2024-01-29 09:53:17 +01:00
|
|
|
Version: 4.3.0
|
2018-11-16 23:49:59 +01:00
|
|
|
Release: 0
|
2017-04-24 21:06:50 +02:00
|
|
|
Summary: Library interface for the IBM Cryptographic Accelerator device driver
|
|
|
|
|
License: CPL-1.0
|
|
|
|
|
Group: Hardware/Other
|
2018-11-20 23:46:40 +01:00
|
|
|
URL: https://github.com/opencryptoki/libica
|
2023-05-23 16:09:57 +02:00
|
|
|
Source: https://github.com/opencryptoki/%{name}/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
|
2022-10-11 23:20:10 +02:00
|
|
|
Source1: README.SUSE
|
|
|
|
|
Source2: sysconfig.z90crypt
|
|
|
|
|
Source3: z90crypt
|
|
|
|
|
Source4: z90crypt.service
|
|
|
|
|
Source5: %{name}-rpmlintrc
|
Accepting request 1088541 from home:ngueorguiev:branches:security:tls
- Upgrade to version 4.2.2 (jsc#PED-3277, jsc#PED-3276)
- [UPDATE] syslog msgs only in error cases
- [UPDATE] don't count statistics in fips power-on self tests
- [PATCH] various fixes and some new tests
- Remove file /etc/libica/openssl3-fips.cnf - we don't support FIPS yet
- Prefix /etc/libica with %dir to ensure we don't package
unversioned files in libica4, as otherwise we violate SLPP.
- Add /etc/libica directory into %files section.
- Upgrade to version 4.2.1 (jsc#PED-2872)
- [PATCH] fix regression opening shared memory
- Upgrade to version 4.2.0 (jsc#PED-581, bsc#1202365).
- [FEATURE] Display build info via icainfo -v
- [FEATURE] New API function ica_get_build_version()
- [FEATURE] Display fips indication via icainfo -f
- [FEATURE] New API function ica_get_fips_indicator()
- [FEATURE] New API function ica_aes_gcm_initialize_fips()
- [FEATURE] New API function ica_aes_gcm_kma_get_iv()
- [FEATURE] New API function ica_get_msa_level()
- [PATCH] icainfo: check for malloc error when getting functionlist
- Upgrade to version 4.1.1 (jsc#PED-581, bsc#1202365).
v4.1.1
- [PATCH] Fix aes-xts multi-part operations
[PATCH] Fix make dist
v4.1.0
- [FEATURE] FIPS: make libica FIPS 140-3 compliant
[FEATURE] New API function ica_ecdsa_sign_ex()
[FEATURE] New icainfo output option -r
- [PATCH] Various bug fixes
- Removed the following obsolete files:
baselibs.conf
icaioctl.h
- Upgraded to version 4.0.3 (jsc#PED-581, jsc#PED-621, jsc#PED-629)
v4.0.3
- [PATCH] Reduce the number of open file descriptors
- [PATCH] Various bug fixes
v4.0.2
- [PATCH] Various bug fixes
v4.0.1
- [PATCH] Various bug fixes
- [PATCH] Compute HMAC from installed library
v4.0.0
- [UPDATE] NO_SW_FALLBACKS is now the default for libica.so
[UPDATE] Removed deprecated API functions including tests
[UPDATE] Introduced 'const' for some API function parameters
[FEATURE] icastats: new parm -k to display detailed counters
- Replaced libica-sles15sp2-FIPS-hmac-key.patch with an updated
version named libica-sles15sp5-FIPS-hmac-key.patch.
- Updated the libica-rpmlintrc file to suppress warnings about the
libica-cex hmac files being hidden.
- Updated the spec file to properly both obsolete and provide two
older versions of the package.
- Upgrade to version 3.9.0 (jsc#SLE-18454, jsc#SLE-18564)
- [FEATURE] Add support for OpenSSL 3.0
- [FEATURE] icainfo: new parm -c to display available EC curves
- Replaced the obsolete PreReq: %fillup_prereq
with Requires(post): %fillup_prereq
in the spec file.
- Update to version 3.8.0 (jsc#SLE-18334)
- [FEATURE] provide libica-cex module to satisfy special security requirements
- [FEATURE] FIPS: enforce the HMAC check
- Remove upstreamed patches:
- libica-sles15sp2-FIPS-add-SHA3-KATs-to-fips_powerup_tests.patch
- libica-sles15sp2-FIPS-skip-SHA3-tests-if-running-on-hardware-without-.patch
- libica-sles15sp2-Zeroize-local-variables.patch
- Remove patches obsoleted by upstrea developent:
* FIPS: Find libica from phdrs.
- libica-sles15sp2-FIPS-use-full-library-version-for-hmac-filename.patch
* FIPS: enforce the hmac check
- libica-sles15sp2-FIPS-fix-inconsistent-error-handling.patch
- Fix up tests and hmac generation
+ libica-FIPS-make-it-possible-to-specify-fipshmac-binary.patch
- Remove obsolete attributes from filelists
- Upgraded to version 3.7.0 (jsc#SLE-13708)
* Version 3.7.0
- [FEATURE] FIPS: Add HMAC based library integrity check
- [PATCH] icainfo: bugfix for RSA and EC related info for software column.
- [PATCH] FIPS: provide output iv in cbc-cs decrypt as required by FIPS tests
- [PATCH] FIPS: Fix DES and TDES key length
- [PATCH] icastats: Fix stats counter format
* Version 3.6.1
- [PATCH] Fix x25519 and x448 handling of non-canonical values
- Removed the following obsolete patches
* libica-sles15sp2-x25519-x448-fix-handling-of-non-canonical-values.patch
* libica-sles15sp2-Fix-DES-and-TDES-key-length.patch
* libica-sles15sp2-FIPS-provide-output-iv-as-required-by-FIPS-tests.patch
* libica-sles15sp2-icainfo-bugfix-for-RSA-and-EC-related-info-for-softw.patch
* libica-sles15sp2-Build-with-pthread-flag.patch
* libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch
* libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-addon.patch
* libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-rename-variables.patch
- Fix lack of SHA3 KATs in "make check" processing (bsc#1175277)
* Added libica-sles15sp2-FIPS-add-SHA3-KATs-to-fips_powerup_tests.patch
* Added libica-sles15sp2-FIPS-skip-SHA3-tests-if-running-on-hardware-without-.patch
- Fix FIPS hmac check (bsc#1175356).
* Update FIPS support to upstream
- Refresh libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch
from upstream.
- Add libica-sles15sp2-Build-with-pthread-flag.patch
- Add libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-addon.patch
- Add libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-rename-variables.patch
- Add libica-sles15sp2-FIPS-use-full-library-version-for-hmac-filename.patch
* FIPS check should fail when hmac is missing
- Add libica-sles15sp2-FIPS-fix-inconsistent-error-handling.patch
- Create an hmac for the selftest
- Check that selftest fails without a hmac
- Hash libica.so.3 rather than libica.so.3.6.0
* Fix hmac key format. It should be hexadecimal, not ASCII
- Refresh libica-sles15sp2-FIPS-hmac-key.patch
- Fix Some internal variables used to store sensitive information
(keys) were not zeroized before returning to the calling application.
(bsc#1175357)
* Added libica-sles15sp2-Zeroize-local-variables.patch
- Updated libica-rpmlintrc to eliminate the warning about the HMAC file
being a hidden file. It is supposed to be hidden.
- Added the following patches for FIPS certification (bsc#1162533)
* libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch
* libica-sles15sp2-FIPS-hmac-key.patch
- Added a BuildRequires for the fipscheck package.
- Made a couple of changes to the spec file based upon recommendations
by spec-cleaner.
- Added the following patches for FIPS certification.
* libica-sles15sp2-Fix-DES-and-TDES-key-length.patch
(bsc#1166071) Although a DES key has only 56 effective bits,
all 64 bits must be considered, because the parity bits are
spread over all 8 bytes of the key.
* libica-sles15sp2-FIPS-provide-output-iv-as-required-by-FIPS-tests.patch
(bsc#1166210) FIPS tests require the output iv to be the iv
resulting from decrypting the last block with a zero iv as input.
* libica-sles15sp2-icainfo-bugfix-for-RSA-and-EC-related-info-for-softw.patch
(bsc#1166224) The output from icainfo never shows 'yes' for
RSA ME, RSA CRT, ECDH, ECDSA sign, ECDSA verify, and ECKGEN,
due to the missing ICA_FLAG_SW flag in the icaList.
- Added libica-sles15sp2-x25519-x448-fix-handling-of-non-canonical-values.patch
(bsc#1156768)
- Upgraded to version 3.6.0 (jsc#SLE-7584)
* [FEATURE] Add MSA9 CPACF support for Ed25519, Ed448, X25519 and X448
- Upgraded to version 3.5.0 (Fate#327840)
- [FEATURE] Add MSA9 CPACF support for ECDSA sign/verify
- Reworked how libica-tools loads and unloads kernel modules to
avoid spurious error messages (bsc#1134004):
* Converted the boot.z90crypt sysV init script to a systemd unit
file.
* Removed any references to insserv in the spec file.
* Updated the z90crypt script itself to properly load and unload
the kernel modules as they exist today.
* Eliminated the obsolete libica-SuSE.tar.bz2 archive.
- Updated the README.SUSE file to reflect the change from sysV init
style script to systemd.
- Made numerous changes to the spec file, based on the output from
the spec-cleaner command.
- Run testsuite during build
- Upgraded to version 3.4.0 (Fate#325690)
* v3.4.0
[FEATURE] Add SHA-512/224 and SHA-512/256 support
- Dropped obsolete patch Add-non-executable-gnu-stack-markings-in-the-assembl.patch
- Made numerous updates to spec file based on spec-cleanup run.
- Upgraded to version 3.3.3 (Fate#325690)
* v3.3.3
[PATCH] Various bug fixes
* v3.3.2
[PATCH] Skip ECC tests if required HW is not available
[PATCH] Update spec file
* v3.3.1
[PATCH] Fix configure.ac to honour CFLAGS
* v3.3.0
[FEATURE] Add CEX supported elliptic-curve crypto interfaces
[FEATURE] Add SIMD supported multiple-precision arithmetic interfaces
[FEATURE] Add interface to enable/disable SW fallbacks
[FEATURE] Add 'make check' target, test-suite rework
* v3.2.1
[FEATURE] Use z14 PRNO-TRNG to seed SHA512-DRBG.
[PATCH] Various bug fixes.
- Dropped obsolete patch increment-icastats-counter-for-aes-gcm.patch
- Removed COPYING from %files, since it is no longer in the tarball.
- Added Add-non-executable-gnu-stack-markings-in-the-assembl.patch
(bsc#1103493).
- Made multiple changes to the spec file based on the output of
spec-cleaner
- Added "Obsoletes: libica-2_3_0" to the libica-tools package to
fix a problem with upgrading from SLES12 SP2 to either SLES12
SP3/SP4, or SLES15. (bsc#1112655)
- Added "Obsoletes: libica2" to the libica-tools package to fix
a problem with upgrading from SLES12 SP2 to either SLES12
SP3/SP4, or SLES15. (bsc#1046435, bsc#1104638)
- Added increment-icastats-counter-for-aes-gcm.patch (bsc#1086756)
- Updated boot.z90crypt script to fix a problem with the modprobe
command not being found. (bsc#1040229).
- Added "Recommends: libica-tools" (bsc#1046435).
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
- Added "--enable-fips" to the %configure parms (Fate#324115)
- Upgraded to version 3.2 (Fate#321517)
* v3.2.0
[FEATURE] New AES-GCM interface.
[UPDATE] Add symbol versioning.
* v3.1.1
[PATCH] Various bug fixes related to old and new AES-GCM implementations.
[UPDATE] Add SHA3 test cases. Improved and extended test suite.
* v3.1.0
[FEATURE] Add KMA support for AES-GCM.
[FEATURE] Add SHA-3 support.
[PATCH] Reject RSA keys with invalid key-length.
[PATCH] Allow zero output length for ica_random_number_generate.
[PATCH] icastats: Correct owner of shared segment when root creates it.
* Removed the following obsolete patches:
libica-3.0.2-01-fix-old-aes-gcm-decrypt-code-path.patch
libica-3.0.2-02-fix-aes-ccm-encrypt-code-path.patch
libica-3.0.2-03-fix-aes-ctr.patch
libica-3.0.2-04-fix-aes-gcm-to-allow-zero-pt-ct-length.patch
- libica: AES-GCM/CCM sometimes compute wrong tag values (bsc#1058567)
- Added the following patches (bsc#1058567)
- libica-3.0.2-01-fix-old-aes-gcm-decrypt-code-path.patch
- libica-3.0.2-02-fix-aes-ccm-encrypt-code-path.patch
- libica-3.0.2-03-fix-aes-ctr.patch
- libica-3.0.2-04-fix-aes-gcm-to-allow-zero-pt-ct-length.patch
- baselibs.conf doesn't need any additional provides/conflicts for
libica3.
- Update baselibs.conf with proper name for library package name,
stop providing/obsoleting libica-2_1_0/libica-2_3-0.
- Upgraded to version 3.0.2 (Fate#322025).
- v3.0.2
- Fix locking callbacks for openSSL APIs.
- v3.0.1
- Fixed msa level detection on zEC/BC12 GA1 and predecessors.
- v3.0.0
- Added FIPS mode.
- Sanitized exported symbols.
- Removed deprecated APIs. Marked some APIs as deprecated.
- Adapted to OpenSSL v1.1.0.
- RSA key generation is thread-safe now.
- Removed the following obsolete patches:
- fix-initialization-of-s390-hardware-switches-1.patch
- fix-initialization-of-s390-hardware-switches-2.patch
- fix-msa-level-detection.patch
- fix-segfault-during-multithread-keygen.patch
- rng-performance.patch
- Made the following packaging changes:
- Implemented the shared library packaging guidelines.
- Consolidated double invocation of %setup into just one.
- Dropped redundant %ifarch, the package is already ExclusiveArch.
- Updated descriptions.
- Added an libica-rpmlintrc file.
- Added the following two patches:
- fix-segfault-during-multithread-keygen.patch (bsc#991485)
- fix-msa-level-detection.patch (bsc#1010927)
- Added rng-performance.patch (bsc#990850).
- Updated baselibs.conf to obsolete prior versions of the 32bit
package. (bsc#983897):
provides "libica-<targettype> = <version>"
obsoletes "libica-<targettype> < <version>"
provides "libica-2_1_0-<targettype> = <version>"
obsoletes "libica-2_1_0-<targettype> < <version>"
provides "libica-2_3_0-<targettype> = <version>"
obsoletes "libica-2_3_0-<targettype> < <version>"
- Added fix-initialization-of-s390-hardware-switches-1.patch and
fix-initialization-of-s390-hardware-switches-2.patch (bsc#980548)
- Upgraded to version 2.6.2 (FATE#319610).
- Renamed /etc/init.d/z90crypt to boot.z90crypt to conform to
naming standards.
- Found the original location of the icaioctl.h file and downloaded
it to replace what we had previously.
- Removed the unnecessary libica2.la file
- Removed unnecessary Requires for glibc-devel
- Added Requires libica2 to the -devel package
- Converted call to configure to %configure macro
- Removed obsolete and unnecessary INSROOT and bindir parameters
from the make install command
- Add Provides/Obsoletes for libica-2_3_0 so that the package from
SLE12 GA is replaced (bsc#953096).
- move the .so file to the mainpackage, the openssl-ibmca engine
will only load "libica.so" (bsc#952871)
- Update to libica v2.4.2 (FATE#318035)
- Removed outdated libica-aes_ccm-31-bit-compatibility.patch
- Moved init script into libica-SuSE.tar.bz2 archive
- sanitize release line in specfile
- Moved z90crypt out of useless libica-SuSE.tar.bz2 tarball to root
- Removed libica-SuSE.tar.bz2
- z90crypt now starts and stops ap kernel module (bnc#888943)
- libica-aes_ccm-31-bit-compatibility.patch: AES_CCM:
fixed 64/31 bit compatibility
- add obsoletes and provides for older libica versions
- update to 2.3.0 (fate#315342)
- obsolete/upstreamed patches:
libica-2_1_0-fix_temporary_buffer_allocation_in_ica_get_version.patch
libica-2_1_0-msa4-extension.patch
libica-2_1_0-synchronize_shared_memory_ref_counting.patch
- Added COPYING to %files
- Fixed build dependency errors by requiring autoconf, automake
and libtool
- Changed license to CPL-1.0
- Created devel package
- Support for MSA4 extension (bnc#794518, fate#314078)
- synchronize shared memory reference counting for library
statistics (bnc#719659)
- fix temporary buffer allocation in ica_get_version() (bnc#719660)
- update -> 2.1.0 (fate#311914)
- Moved icainfo into /usr/bin (bnc#448643)
- obsolete old -XXbit packages (bnc#437293)
- fix build on all platforms
- Added CPL license to include/z90crypt.h, removed GPL reference
(This patch is upstream)
- Changed package name to libica-1_3_9 to conform to rpmlint
requirements. (bnc#433432)
- Removed soname filter for rpmlint
- Several RPM fixes to help satisfy rpmlint
- Updated to libica 1.3.9
- added baselibs.conf file to build xxbit packages
for multilib support
- remove inclusion of linux/config.h
- z90crypt: handle errors (bug #247799)
- Add gcc-c++ to BuildRequires.
- fix build for the rest of platforms
- Update to libica 1.3.7 (#160036 - LTC22571)
- Increasing # of open handles with symmetric crypto support
(#165323 - LTC23095)
- converted neededforbuild to BuildRequires
- include string.h and unistd.h in icalinux.c
- Port package from SLES9 SP3
- Update to libica 1.3.6-rc3.
- Close all filehandles (#130060 - LTC19221).
- downgrade to libica 1.3.6-rc2 (contains AES software fallback,
bug #117336)
- Update to libica 1.3.6 (#117336)
- fix implicit declaration
- Changing the default value from 0 to -1 in rcz90crypt (#114371)
- Finally fix 'reload' messages (#81824 - LTC15733).
- Fix sigill patch.
- Remove printf output from sigill patch (#81829 - LTC15731).
- Use correct default value for z90crypt (#81825 - LTC15732).
- Fix messages for 'reload' (#81824 - LTC15733).
- Fixed SIGILL on z900 (#46422).
- Fixed range for 'domain' parameter in sysconfig.z90crypt (#42005).
- Fix module loading error (#42006).
- Add sysconfig variable to set the 'domain' parameter (#42005).
- update -> 1.3.5-3 (bug #42122)
- Update README.SuSE and correct name as well
- Use modprobe instead of insmod and fix module load error(#40526)
- Fix error checking for no hardware found case and hw error on load
- Update Readme again for the correct name (SUSE LINUX Server).
- Moved README.SuSE to README.SUSE.
- Update Readme to refer to the correct name (SUSE Linux Server).
- Update to 1.3.5-2 (#38511, #39693).
- Update Readme to refer to SUSE Linux Server instead of
SuSE Linux Enterprise Server.
- Update to 1.3.5
- export CFLAGS & CPPFLAGS for configure
- Exclude S/390-specific files for other archs (#37183)
- add "-I./include" to CFLAGS and use RPM_OPT_FLAGS
- fix build
- build as user
- update to 1.3.4
- update to 1.3.2
- update to 1.3.1:
now supports DES, TDES and SHA, as well as RSA.
- throw libica.patch away, since autoversion and Makefile.am have
similar changes now, and the renaming from _LINUX_S390_ to
__s390__ is not really necessary
- use %defattr
- checked that icaioctl.h is still current
- dump the bin-only z90crypt-2.4.7-s390-2.tar.gz which has gone
open source meanwhile and comes with the kernel sources
- added documentation how to set up crypto hardware support,
esp. S/390 and zSeries. (#16011, #22056)
- upgraded to version 1.2 as requested by IBM to make openCryptoki 1.5
actually work. (#20737)
- Correct PreReq
- fixed src/Makefile.am and ugly ./autoversion to honor %_lib and
to build on non-s390
- updated to current libica
- hacked in icaioctl.h for build, 'til we have the module in the
kernel.
- add %run_ldconfig
- fix for current automake/autoconf
- removed old fillup-template and START_ variable
- modified etc/init.d/z90crypt-script to report result at start.
- Added openssl to #neededforbuild, which is needed in addition to
openssl-devel
- initial version
OBS-URL: https://build.opensuse.org/request/show/1088541
OBS-URL: https://build.opensuse.org/package/show/security:tls/libica?expand=0&rev=10
2023-05-23 09:32:55 +02:00
|
|
|
Patch01: libica-FIPS-make-it-possible-to-specify-fipshmac-binary.patch
|
|
|
|
|
Patch99: libica-sles15sp5-FIPS-hmac-key.patch
|
|
|
|
|
|
2018-11-16 23:49:59 +01:00
|
|
|
BuildRequires: autoconf
|
|
|
|
|
BuildRequires: automake
|
2020-05-07 21:48:37 +02:00
|
|
|
BuildRequires: fipscheck
|
2018-11-16 23:49:59 +01:00
|
|
|
BuildRequires: gcc-c++
|
|
|
|
|
BuildRequires: libtool
|
2023-10-13 12:44:47 +02:00
|
|
|
BuildRequires: openssl
|
2018-11-16 23:49:59 +01:00
|
|
|
BuildRequires: openssl-devel
|
2021-10-22 00:12:18 +02:00
|
|
|
Requires(post): %fillup_prereq
|
2017-04-24 21:06:50 +02:00
|
|
|
ExclusiveArch: s390 s390x
|
|
|
|
|
|
|
|
|
|
%description
|
|
|
|
|
This package contains the interface library routines used by IBM
|
|
|
|
|
modules to interface with the IBM eServer Cryptographic Accelerator
|
|
|
|
|
(ICA).
|
|
|
|
|
|
2022-09-15 00:15:28 +02:00
|
|
|
%package -n libica4
|
2017-04-24 21:06:50 +02:00
|
|
|
Summary: Library interface for the IBM Cryptographic Accelerator
|
|
|
|
|
Group: System/Libraries
|
2018-04-18 05:45:27 +02:00
|
|
|
Recommends: libica-tools
|
2017-04-24 21:06:50 +02:00
|
|
|
|
2022-09-15 00:15:28 +02:00
|
|
|
%description -n libica4
|
2017-04-24 21:06:50 +02:00
|
|
|
This package contains the interface library routines used by IBM
|
|
|
|
|
modules to interface with the IBM eServer Cryptographic Accelerator
|
|
|
|
|
(ICA).
|
|
|
|
|
|
|
|
|
|
%package tools
|
|
|
|
|
Summary: Utilities for the IBM Cryptographic Accelerator
|
|
|
|
|
Group: Hardware/Other
|
|
|
|
|
Obsoletes: libica < %{version}-%{release}
|
2022-09-14 20:37:50 +02:00
|
|
|
Obsoletes: libica-2_3_0 < %{version}-%{release}
|
|
|
|
|
Obsoletes: libica2 < %{version}-%{release}
|
2022-09-15 00:15:28 +02:00
|
|
|
Obsoletes: libica3 < %{version}-%{release}
|
2017-04-24 21:06:50 +02:00
|
|
|
Provides: libica = %{version}-%{release}
|
2022-09-14 20:37:50 +02:00
|
|
|
Provides: libica-2_3_0 = %{version}-%{release}
|
2017-04-24 21:06:50 +02:00
|
|
|
Provides: libica-plugin = %{version}-%{release}
|
2022-09-14 20:37:50 +02:00
|
|
|
Provides: libica2 = %{version}-%{release}
|
2022-09-15 00:15:28 +02:00
|
|
|
Provides: libica3 = %{version}-%{release}
|
2017-04-24 21:06:50 +02:00
|
|
|
|
|
|
|
|
%description tools
|
|
|
|
|
This package contains command-line utilities to inspect the IBM
|
|
|
|
|
eServer Cryptographic Accelerator (ICA).
|
|
|
|
|
|
|
|
|
|
%package devel
|
|
|
|
|
Summary: Development files for the ICA device driver interface library
|
|
|
|
|
Group: Development/Libraries/C and C++
|
2022-09-15 00:15:28 +02:00
|
|
|
Requires: libica4 = %{version}
|
2018-11-16 23:49:59 +01:00
|
|
|
Requires: libopenssl-devel
|
2017-04-24 21:06:50 +02:00
|
|
|
Obsoletes: libica-2_1_0-devel < %{version}-%{release}
|
|
|
|
|
Provides: libica-2_1_0-devel = %{version}-%{release}
|
|
|
|
|
Obsoletes: libica-2_3_0-devel < %{version}-%{release}
|
|
|
|
|
Provides: libica-2_3_0-devel = %{version}-%{release}
|
|
|
|
|
|
|
|
|
|
%description devel
|
|
|
|
|
This package contains the interface library routines used by IBM
|
|
|
|
|
modules to interface with the IBM eServer Cryptographic Accelerator
|
|
|
|
|
(ICA).
|
|
|
|
|
|
|
|
|
|
This subpackage contains the necessary files to compile and link
|
|
|
|
|
using the libica library.
|
|
|
|
|
|
|
|
|
|
%package devel-static
|
|
|
|
|
Summary: Static Development files for the ICA device driver interface library
|
|
|
|
|
Group: Development/Libraries/C and C++
|
|
|
|
|
Requires: libica-devel
|
|
|
|
|
|
|
|
|
|
%description devel-static
|
|
|
|
|
This package contains the interface library routines used by IBM
|
|
|
|
|
modules to interface with the IBM eServer Cryptographic Accelerator
|
|
|
|
|
(ICA).
|
|
|
|
|
|
|
|
|
|
This RPM contains all the tools necessary to compile and link using
|
|
|
|
|
the libica library.
|
|
|
|
|
|
|
|
|
|
%prep
|
2019-09-03 23:27:37 +02:00
|
|
|
%autosetup -p 1
|
2017-04-24 21:06:50 +02:00
|
|
|
|
|
|
|
|
%build
|
|
|
|
|
autoreconf --force --install
|
2018-11-16 23:49:59 +01:00
|
|
|
%configure CPPFLAGS="-Iinclude -fPIC" CFLAGS="%{optflags} -fPIC" \
|
2017-10-04 21:39:27 +02:00
|
|
|
--enable-fips
|
2023-01-20 15:42:02 +01:00
|
|
|
|
2020-05-07 21:48:37 +02:00
|
|
|
%make_build clean
|
2023-01-20 15:42:02 +01:00
|
|
|
%make_build FIPSHMAC=fipshmac BUILD_VERSION="FIPS-SUSE-%version-%release"
|
2020-05-07 21:48:37 +02:00
|
|
|
|
2020-09-15 23:37:09 +02:00
|
|
|
%define major %(echo %{version} | sed -e 's/[.].*//')
|
|
|
|
|
|
2021-06-29 14:41:58 +02:00
|
|
|
%{expand:%%global __os_install_post {%__os_install_post fipshmac %{buildroot}/%{_libdir}/*.so.%{version} }}
|
2017-04-24 21:06:50 +02:00
|
|
|
|
|
|
|
|
%install
|
2021-06-29 14:41:58 +02:00
|
|
|
%make_install FIPSHMAC=fipshmac
|
2022-09-14 20:37:50 +02:00
|
|
|
make fipsinstall FIPSHMAC=fipshmac DESTDIR=%{buildroot}
|
2019-09-03 23:27:37 +02:00
|
|
|
mkdir -p %{buildroot}%{_includedir}
|
2018-11-16 23:49:59 +01:00
|
|
|
cp -p include/ica_api.h %{buildroot}%{_includedir}
|
2019-09-03 23:27:37 +02:00
|
|
|
mkdir -p %{buildroot}%{_sbindir}
|
|
|
|
|
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcz90crypt
|
2022-10-11 23:20:10 +02:00
|
|
|
install -D %{SOURCE2} %{buildroot}%{_fillupdir}/sysconfig.z90crypt
|
|
|
|
|
install -D %{SOURCE3} %{buildroot}%{_prefix}/lib/systemd/scripts/z90crypt
|
|
|
|
|
install -D -m 644 %{SOURCE4} %{buildroot}%{_prefix}/lib/systemd/system/z90crypt.service
|
2021-06-29 14:41:58 +02:00
|
|
|
# It is installed 444 and then the __os_install_post cannot update it once the debuginfo is stripped
|
|
|
|
|
# We need it early because there is %{buildroot}/%{_libdir}/.*.so.%{major}.hmac symlink pointing at it
|
|
|
|
|
# and the dangling symlink test would fail
|
|
|
|
|
chmod 644 %{buildroot}/%{_libdir}/.*.so.%{version}.hmac
|
2019-09-03 23:27:37 +02:00
|
|
|
|
2022-10-11 23:20:10 +02:00
|
|
|
cp -a %{SOURCE1} .
|
2021-06-29 16:47:22 +02:00
|
|
|
rm -vf %{buildroot}%{_libdir}/libica*.la
|
2018-11-16 23:49:59 +01:00
|
|
|
rm -f %{buildroot}%{_datadir}/doc/libica/*
|
|
|
|
|
rmdir %{buildroot}%{_datadir}/doc/libica
|
2023-05-04 11:41:09 +02:00
|
|
|
rm %{buildroot}/%{_sysconfdir}/libica/openssl3-fips.cnf
|
|
|
|
|
rmdir %{buildroot}/%{_sysconfdir}/libica
|
Accepting request 649045 from home:markkp:branches:devel:openSUSE:Factory
- Upgraded to version 3.3.3 (Fate#325690)
* v3.3.3
[PATCH] Various bug fixes
* v3.3.2
[PATCH] Skip ECC tests if required HW is not available
[PATCH] Update spec file
* v3.3.1
[PATCH] Fix configure.ac to honour CFLAGS
* v3.3.0
[FEATURE] Add CEX supported elliptic-curve crypto interfaces
[FEATURE] Add SIMD supported multiple-precision arithmetic interfaces
[FEATURE] Add interface to enable/disable SW fallbacks
[FEATURE] Add 'make check' target, test-suite rework
* v3.2.1
[FEATURE] Use z14 PRNO-TRNG to seed SHA512-DRBG.
[PATCH] Various bug fixes.
- Dropped obsolete patch increment-icastats-counter-for-aes-gcm.patch
- Added "Obsoletes: libica-2_3_0" to the libica-tools package to
fix a problem with upgrading from SLES12 SP2 to either SLES12
SP3/SP4, or SLES15. (bsc#1112655)
- Added "Obsoletes: libica2" to the libica-tools package to fix
a problem with upgrading from SLES12 SP2 to either SLES12
SP3/SP4, or SLES15. (bsc#1046435, bsc#1104638)
- Removed COPYING from %files, since it is no longer in the tarball.
- Added Add-non-executable-gnu-stack-markings-in-the-assembl.patch
(bsc#1103493).
- Added increment-icastats-counter-for-aes-gcm.patch (bsc#1086756)
- Updated boot.z90crypt script to fix a problem with the modprobe
command not being found. (bsc#1040229).
- Added "Recommends: libica-tools" (bsc#1046435).
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
- Added "--enable-fips" to the %configure parms (Fate#324115)
- Upgraded to version 3.2 (Fate#321517)
* v3.2.0
[FEATURE] New AES-GCM interface.
[UPDATE] Add symbol versioning.
* v3.1.1
[PATCH] Various bug fixes related to old and new AES-GCM implementations.
[UPDATE] Add SHA3 test cases. Improved and extended test suite.
* v3.1.0
[FEATURE] Add KMA support for AES-GCM.
[FEATURE] Add SHA-3 support.
[PATCH] Reject RSA keys with invalid key-length.
[PATCH] Allow zero output length for ica_random_number_generate.
[PATCH] icastats: Correct owner of shared segment when root creates it.
* Removed the following obsolete patches:
libica-3.0.2-01-fix-old-aes-gcm-decrypt-code-path.patch
libica-3.0.2-02-fix-aes-ccm-encrypt-code-path.patch
libica-3.0.2-03-fix-aes-ctr.patch
libica-3.0.2-04-fix-aes-gcm-to-allow-zero-pt-ct-length.patch
- libica: AES-GCM/CCM sometimes compute wrong tag values (bsc#1058567)
- Added the following patches (bsc#1058567)
- libica-3.0.2-01-fix-old-aes-gcm-decrypt-code-path.patch
- libica-3.0.2-02-fix-aes-ccm-encrypt-code-path.patch
- libica-3.0.2-03-fix-aes-ctr.patch
- libica-3.0.2-04-fix-aes-gcm-to-allow-zero-pt-ct-length.patch
- baselibs.conf doesn't need any additional provides/conflicts for
libica3.
- Update baselibs.conf with proper name for library package name,
stop providing/obsoleting libica-2_1_0/libica-2_3-0.
- Upgraded to version 3.0.2 (Fate#322025).
- v3.0.2
- Fix locking callbacks for openSSL APIs.
- v3.0.1
- Fixed msa level detection on zEC/BC12 GA1 and predecessors.
- v3.0.0
- Added FIPS mode.
- Sanitized exported symbols.
- Removed deprecated APIs. Marked some APIs as deprecated.
- Adapted to OpenSSL v1.1.0.
- RSA key generation is thread-safe now.
- Removed the following obsolete patches:
- fix-initialization-of-s390-hardware-switches-1.patch
- fix-initialization-of-s390-hardware-switches-2.patch
- fix-msa-level-detection.patch
- fix-segfault-during-multithread-keygen.patch
- rng-performance.patch
- Made the following packaging changes:
- Implemented the shared library packaging guidelines.
- Consolidated double invocation of %setup into just one.
- Dropped redundant %ifarch, the package is already ExclusiveArch.
- Updated descriptions.
- Added an libica-rpmlintrc file.
- Added the following two patches:
- fix-segfault-during-multithread-keygen.patch (bsc#991485)
- fix-msa-level-detection.patch (bsc#1010927)
- Added rng-performance.patch (bsc#990850).
- Updated baselibs.conf to obsolete prior versions of the 32bit
package. (bsc#983897):
provides "libica-<targettype> = <version>"
obsoletes "libica-<targettype> < <version>"
provides "libica-2_1_0-<targettype> = <version>"
obsoletes "libica-2_1_0-<targettype> < <version>"
provides "libica-2_3_0-<targettype> = <version>"
obsoletes "libica-2_3_0-<targettype> < <version>"
- Added fix-initialization-of-s390-hardware-switches-1.patch and
fix-initialization-of-s390-hardware-switches-2.patch (bsc#980548)
- Upgraded to version 2.6.2 (FATE#319610).
- Renamed /etc/init.d/z90crypt to boot.z90crypt to conform to
naming standards.
- Found the original location of the icaioctl.h file and downloaded
it to replace what we had previously.
- Removed the unnecessary libica2.la file
- Removed unnecessary Requires for glibc-devel
- Added Requires libica2 to the -devel package
- Converted call to configure to %configure macro
- Removed obsolete and unnecessary INSROOT and bindir parameters
from the make install command
- Add Provides/Obsoletes for libica-2_3_0 so that the package from
SLE12 GA is replaced (bsc#953096).
- move the .so file to the mainpackage, the openssl-ibmca engine
will only load "libica.so" (bsc#952871)
- Update to libica v2.4.2 (FATE#318035)
- Removed outdated libica-aes_ccm-31-bit-compatibility.patch
- Moved init script into libica-SuSE.tar.bz2 archive
- sanitize release line in specfile
- Moved z90crypt out of useless libica-SuSE.tar.bz2 tarball to root
- Removed libica-SuSE.tar.bz2
- z90crypt now starts and stops ap kernel module (bnc#888943)
- libica-aes_ccm-31-bit-compatibility.patch: AES_CCM:
fixed 64/31 bit compatibility
- add obsoletes and provides for older libica versions
- update to 2.3.0 (fate#315342)
- obsolete/upstreamed patches:
libica-2_1_0-fix_temporary_buffer_allocation_in_ica_get_version.patch
libica-2_1_0-msa4-extension.patch
libica-2_1_0-synchronize_shared_memory_ref_counting.patch
- Added COPYING to %files
- Fixed build dependency errors by requiring autoconf, automake
and libtool
- Changed license to CPL-1.0
- Created devel package
- Support for MSA4 extension (bnc#794518, fate#314078)
- synchronize shared memory reference counting for library
statistics (bnc#719659)
- fix temporary buffer allocation in ica_get_version() (bnc#719660)
- update -> 2.1.0 (fate#311914)
- Moved icainfo into /usr/bin (bnc#448643)
- obsolete old -XXbit packages (bnc#437293)
- fix build on all platforms
- Added CPL license to include/z90crypt.h, removed GPL reference
(This patch is upstream)
- Changed package name to libica-1_3_9 to conform to rpmlint
requirements. (bnc#433432)
- Removed soname filter for rpmlint
- Several RPM fixes to help satisfy rpmlint
- Updated to libica 1.3.9
- added baselibs.conf file to build xxbit packages
for multilib support
- remove inclusion of linux/config.h
- z90crypt: handle errors (bug #247799)
- Add gcc-c++ to BuildRequires.
- fix build for the rest of platforms
- Update to libica 1.3.7 (#160036 - LTC22571)
- Increasing # of open handles with symmetric crypto support
(#165323 - LTC23095)
- converted neededforbuild to BuildRequires
- include string.h and unistd.h in icalinux.c
- Port package from SLES9 SP3
- Update to libica 1.3.6-rc3.
- Close all filehandles (#130060 - LTC19221).
- downgrade to libica 1.3.6-rc2 (contains AES software fallback,
bug #117336)
- Update to libica 1.3.6 (#117336)
- fix implicit declaration
- Changing the default value from 0 to -1 in rcz90crypt (#114371)
- Finally fix 'reload' messages (#81824 - LTC15733).
- Fix sigill patch.
- Remove printf output from sigill patch (#81829 - LTC15731).
- Use correct default value for z90crypt (#81825 - LTC15732).
- Fix messages for 'reload' (#81824 - LTC15733).
- Fixed SIGILL on z900 (#46422).
- Fixed range for 'domain' parameter in sysconfig.z90crypt (#42005).
- Fix module loading error (#42006).
- Add sysconfig variable to set the 'domain' parameter (#42005).
- update -> 1.3.5-3 (bug #42122)
- Update README.SuSE and correct name as well
- Use modprobe instead of insmod and fix module load error(#40526)
- Fix error checking for no hardware found case and hw error on load
- Update Readme again for the correct name (SUSE LINUX Server).
- Moved README.SuSE to README.SUSE.
- Update Readme to refer to the correct name (SUSE Linux Server).
- Update to 1.3.5-2 (#38511, #39693).
- Update Readme to refer to SUSE Linux Server instead of
SuSE Linux Enterprise Server.
- Update to 1.3.5
- export CFLAGS & CPPFLAGS for configure
- Exclude S/390-specific files for other archs (#37183)
- add "-I./include" to CFLAGS and use RPM_OPT_FLAGS
- fix build
- build as user
- update to 1.3.4
- update to 1.3.2
- update to 1.3.1:
now supports DES, TDES and SHA, as well as RSA.
- throw libica.patch away, since autoversion and Makefile.am have
similar changes now, and the renaming from _LINUX_S390_ to
__s390__ is not really necessary
- use %defattr
- checked that icaioctl.h is still current
- dump the bin-only z90crypt-2.4.7-s390-2.tar.gz which has gone
open source meanwhile and comes with the kernel sources
- added documentation how to set up crypto hardware support,
esp. S/390 and zSeries. (#16011, #22056)
- upgraded to version 1.2 as requested by IBM to make openCryptoki 1.5
actually work. (#20737)
- Correct PreReq
- fixed src/Makefile.am and ugly ./autoversion to honor %_lib and
to build on non-s390
- updated to current libica
- hacked in icaioctl.h for build, 'til we have the module in the
kernel.
- add %run_ldconfig
- fix for current automake/autoconf
- removed old fillup-template and START_ variable
- modified etc/init.d/z90crypt-script to report result at start.
- Added openssl to #neededforbuild, which is needed in addition to
openssl-devel
- initial version
OBS-URL: https://build.opensuse.org/request/show/649045
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=27
2018-11-14 19:51:09 +01:00
|
|
|
|
2019-08-20 19:43:35 +02:00
|
|
|
%check
|
2021-06-29 14:41:58 +02:00
|
|
|
%make_build check FIPSHMAC=fipshmac
|
2019-08-20 19:43:35 +02:00
|
|
|
|
2019-09-03 23:27:37 +02:00
|
|
|
%pre tools
|
|
|
|
|
%service_add_pre z90crypt.service
|
|
|
|
|
|
2018-11-16 23:49:59 +01:00
|
|
|
%post tools
|
2019-09-03 23:27:37 +02:00
|
|
|
%service_add_post z90crypt.service
|
|
|
|
|
%{fillup_only -n z90crypt}
|
2017-04-24 21:06:50 +02:00
|
|
|
|
2018-11-16 23:49:59 +01:00
|
|
|
%preun tools
|
2019-09-03 23:27:37 +02:00
|
|
|
%service_del_preun z90crypt.service
|
2017-04-24 21:06:50 +02:00
|
|
|
|
2018-11-16 23:49:59 +01:00
|
|
|
%postun tools
|
2019-09-03 23:27:37 +02:00
|
|
|
%service_del_postun z90crypt.service
|
2017-04-24 21:06:50 +02:00
|
|
|
|
2022-09-15 00:15:28 +02:00
|
|
|
%post -n libica4 -p /sbin/ldconfig
|
|
|
|
|
%postun -n libica4 -p /sbin/ldconfig
|
2017-04-24 21:06:50 +02:00
|
|
|
|
2022-09-15 00:15:28 +02:00
|
|
|
%files -n libica4
|
2020-09-15 23:37:09 +02:00
|
|
|
%{_libdir}/libica.so.%{version}
|
|
|
|
|
%{_libdir}/libica.so.%{major}
|
2021-06-29 14:41:58 +02:00
|
|
|
%{_libdir}/.libica.so.%{version}.hmac
|
2020-09-15 23:37:09 +02:00
|
|
|
%{_libdir}/.libica.so.%{major}.hmac
|
2021-06-29 14:41:58 +02:00
|
|
|
%{_libdir}/libica-cex.so.%{version}
|
|
|
|
|
%{_libdir}/libica-cex.so.%{major}
|
|
|
|
|
%{_libdir}/.libica-cex.so.%{version}.hmac
|
|
|
|
|
%{_libdir}/.libica-cex.so.%{major}.hmac
|
2017-04-24 21:06:50 +02:00
|
|
|
|
|
|
|
|
%files tools
|
2018-11-16 23:49:59 +01:00
|
|
|
%license LICENSE
|
|
|
|
|
%doc README.SUSE
|
2017-04-24 21:06:50 +02:00
|
|
|
%{_sbindir}/rcz90crypt
|
2022-09-14 20:37:50 +02:00
|
|
|
%attr(644,root,root) %{_fillupdir}/sysconfig.z90crypt
|
2017-04-24 21:06:50 +02:00
|
|
|
%{_bindir}/icainfo
|
2021-06-29 14:41:58 +02:00
|
|
|
%{_bindir}/icainfo-cex
|
2017-04-24 21:06:50 +02:00
|
|
|
%{_bindir}/icastats
|
2018-11-16 23:49:59 +01:00
|
|
|
%{_mandir}/man1/icainfo.1%{?ext_man}
|
2021-06-29 14:41:58 +02:00
|
|
|
%{_mandir}/man1/icainfo-cex.1%{?ext_man}
|
2018-11-16 23:49:59 +01:00
|
|
|
%{_mandir}/man1/icastats.1%{?ext_man}
|
2019-09-03 23:27:37 +02:00
|
|
|
%dir %{_prefix}/lib/systemd/scripts
|
|
|
|
|
%{_prefix}/lib/systemd/scripts/z90crypt
|
|
|
|
|
%{_prefix}/lib/systemd/system/z90crypt.service
|
2017-04-24 21:06:50 +02:00
|
|
|
# Must be in here, otherwise openssl-ibmca does not find it via DSO_load() bsc#952871
|
|
|
|
|
%{_libdir}/libica.so
|
|
|
|
|
|
|
|
|
|
%files devel
|
2021-06-29 14:41:58 +02:00
|
|
|
%{_includedir}/ica_api.h
|
|
|
|
|
%{_libdir}/libica-cex.so
|
2017-04-24 21:06:50 +02:00
|
|
|
|
|
|
|
|
%files devel-static
|
2021-06-29 14:41:58 +02:00
|
|
|
%{_libdir}/libica.a
|
|
|
|
|
%{_libdir}/libica-cex.a
|
2017-04-24 21:06:50 +02:00
|
|
|
|
|
|
|
|
%changelog
|
