pool/libkcapi
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 509804 from security

Browse Source 
- Change the signing to use openssl sha256/sha512 directly, to
  avoid fipscheck / hmaccalc.

OBS-URL: https://build.opensuse.org/request/show/509804
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libkcapi?expand=0&rev=3
This commit is contained in:
Dominique Leuenberger 2017-07-17 07:08:58 +00:00 committed by Git OBS Bridge
commit 23298e13ac
2 changed files with 20 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libkcapi.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Wed Jul 12 14:51:26 UTC 2017 - meissner@suse.com
- Change the signing to use openssl sha256/sha512 directly, to
avoid fipscheck / hmaccalc.
-------------------------------------------------------------------
Sat Jul 8 14:04:41 UTC 2017 - bwiedemann@suse.com

18
libkcapi.spec
View File

@ -25,13 +25,15 @@ Group: Productivity/Security
Url: http://www.chronox.de/libkcapi.html
#Source: https://github.com/smuellerDD/libkcapi/archive/v0.13.0.zip
Source: libkcapi-0.13.0.tar.bz2
Patch0: libkcapi-use-external-fipshmac.patch
Patch0: libkcapi-use-external-fipshmac.patch
# PATCH-FIX-UPSTREAM rewritten upstream in https://github.com/smuellerDD/libkcapi/commit/0e7b2b0300782
Patch1: reproduciblesort.patch
# PATCH-FIX-UPSTREAM https://github.com/smuellerDD/libkcapi/pull/12
Patch2: reproducibledate.patch
BuildRequires: docbook-utils xmlto
BuildRequires: docbook-utils
BuildRequires: fipscheck
BuildRequires: openssl
BuildRequires: xmlto
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@ -98,8 +100,16 @@ make install DESTDIR=%{buildroot} %{?_smp_mflags} BINDIR=/usr/%_lib/libkcapi/
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
%{__os_install_post} \
/usr/bin/fipshmac $RPM_BUILD_ROOT/usr/%_lib/libkcapi/fipscheck \
/usr/bin/fipshmac $RPM_BUILD_ROOT/usr/%_lib/libkcapi/fipshmac \
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/usr/%_lib/libkcapi/fipscheck |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.fipscheck.hmac \
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/usr/%_lib/libkcapi/fipshmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.fipshmac.hmac \
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha1sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha1sum.hmac \
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha256sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha256sum.hmac \
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha384sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha384sum.hmac \
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha512sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha512sum.hmac \
openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha1hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha1hmac.hmac \
openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha256hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha256hmac.hmac \
openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha384hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha384hmac.hmac \
openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha512hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha512hmac.hmac \
%{nil}
%post -n libkcapi0 -p /sbin/ldconfig