From 9ab73937f1ef290a0e2339c5e980b142f9b3f55da7df6d3531f1afdeae39f6ca Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Fri, 17 Jan 2020 12:58:39 +0000 Subject: [PATCH 01/14] Accepting request 765261 from home:msmeissn:branches:security MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - updated to 1.1.5: - Fix invocation of ansi_cprng in FIPS mode during testing - Fix testing on kernels >= 5.0 - Add virtualization test for kernel 5.1 - Fix the limit between vmsplice() and sendmsg() by Christophe Leroy - Fix remove code duplication by Ondrej Mosnáček - Fix potential memleak in speed-test - updated to 1.1.4: - Fix: use sendmsg when processing more than 1<<16 bytes input data which improves performance on some architectures - updated to 1.1.3: - Fix: default location of FIPS 140-2 HMAC control file is ..hmac (was accidentally moved to .hmac with 1.1.0) - updated to 1.1.2: - Fix: Bug fixes for GCC 8.1.0 regarding string length checks by Krzysztof Kozlowski - Enhancement: ensure that tests execute on architectures other than X86 by Ondrej Mosnáček - Fix: Bug fix to initialize FDs at the correct time in kcapi-kernel-if.c by Ondrej Mosnáček - Test fix: Support test execution outside build environment by Ondrej Mosnáček - updated to 1.1.1: - Fix: Bug fixes for kcapi_hasher by Ondrej Mosnáček - updated to 1.1.0: - API Enhancement: Addition of kcapi_handle_reinit - Fix: simplify code by removing the internal *_fd functions from kcapi-kernel-if.c - Test enhancement: add IIV speed testing - Fix: add a loop around the read system call to always obtain all generated data - Fix: use host compiler for compiling docproc (reported by Christophe LEROY, fixed by Björn Esser) - Fix: make error handling of hashing applications consistent with coreutils applications (reported by Christophe LEROY) - Fix: support for zero length files (patched by Ondrej Mosnáček) - Fix: support for zero message hashes on kernels <= 4.9 (patched by Ondrej Mosnáček) - Fix: Add Travis CI test system provided by Ondrej Mosnáček - Fix: Add several fixes to kcapi-hasher by Ondrej Mosnáček - Fix: Add additional tests for kcapi-hasher by Ondrej Mosnáček OBS-URL: https://build.opensuse.org/request/show/765261 OBS-URL: https://build.opensuse.org/package/show/security/libkcapi?expand=0&rev=20 --- libkcapi-0.13.0.tar.bz2 | 3 - libkcapi-1.1.5.tar.xz | 3 + libkcapi-1.1.5.tar.xz.asc | 11 +++ libkcapi-use-external-fipshmac.patch | 44 ---------- libkcapi.changes | 117 +++++++++++++++++++++++++++ libkcapi.keyring | 58 +++++++++++++ libkcapi.spec | 117 +++++++++++++++++---------- reproducibledate.patch | 31 ------- reproduciblesort.patch | 26 ------ 9 files changed, 262 insertions(+), 148 deletions(-) delete mode 100644 libkcapi-0.13.0.tar.bz2 create mode 100644 libkcapi-1.1.5.tar.xz create mode 100644 libkcapi-1.1.5.tar.xz.asc delete mode 100644 libkcapi-use-external-fipshmac.patch create mode 100644 libkcapi.keyring delete mode 100644 reproducibledate.patch delete mode 100644 reproduciblesort.patch diff --git a/libkcapi-0.13.0.tar.bz2 b/libkcapi-0.13.0.tar.bz2 deleted file mode 100644 index 44ea47c..0000000 --- a/libkcapi-0.13.0.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:2c4dbdc06623552c142a41bb8a659fc147abd804957a9228d1666e903cdc7ba8 -size 227482 diff --git a/libkcapi-1.1.5.tar.xz b/libkcapi-1.1.5.tar.xz new file mode 100644 index 0000000..f3835e0 --- /dev/null +++ b/libkcapi-1.1.5.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8a08dcbb4d05ede4357cdc9d61c7f2a7f2cd96b7ce2eb41b28e45b2e378267ad +size 320016 diff --git a/libkcapi-1.1.5.tar.xz.asc b/libkcapi-1.1.5.tar.xz.asc new file mode 100644 index 0000000..07a2cd2 --- /dev/null +++ b/libkcapi-1.1.5.tar.xz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCAAdFiEEO8xD1NLIfReEtp7kQh7pNjJqwVsFAl1BSvEACgkQQh7pNjJq +wVtOogf/UzYn7DUB4x0QQxODtaVbXrZ5FfFWDpKJxCVXWI64VK1kF6SSm+qD305h +Dj0lA7+TpIKhwKlc4kofaLjW/yeUPEoZCBjFSTeLc+A/7XP5m1Xqnz6fuH2lZwRK +o1p8ICPj9bOW9rj2K59pdHVTdXW1fj5sJOi25n9fLf5PcaPMxoawHG4l18tp7qNd +XXrqcfeSe+IF3Z4MJQee4lnsQE37wOJC8lanNDMXs7XZJ4RGUrJWfMWzVhVbh+D4 +n6Ow6H0ZaJDUksSh6faKBwAlo+c9J2CRe80+EIiAcYCKzQOH6ylnhdU1qKVD/kNK +7XMwTY3intV9FP3mhM/RPSLSOw7NLA== +=UN86 +-----END PGP SIGNATURE----- diff --git a/libkcapi-use-external-fipshmac.patch b/libkcapi-use-external-fipshmac.patch deleted file mode 100644 index 9cca89c..0000000 --- a/libkcapi-use-external-fipshmac.patch +++ /dev/null @@ -1,44 +0,0 @@ -Index: libkcapi-0.13.0/apps/Makefile -=================================================================== ---- libkcapi-0.13.0.orig/apps/Makefile -+++ libkcapi-0.13.0/apps/Makefile -@@ -65,27 +65,26 @@ install: - install -d ${DESTDIR}$(BINDIR)/ - install -m 0755 $(NAME) -D -t ${DESTDIR}$(BINDIR)/ - install -m 0755 sha1sum -D -t ${DESTDIR}$(BINDIR)/ -- ./fipshmac ${DESTDIR}$(BINDIR)/sha1sum -+ fipshmac ${DESTDIR}$(BINDIR)/sha1sum - install -m 0755 sha224sum -D -t ${DESTDIR}$(BINDIR)/ -- ./fipshmac ${DESTDIR}$(BINDIR)/sha224sum -+ fipshmac ${DESTDIR}$(BINDIR)/sha224sum - install -m 0755 sha256sum -D -t ${DESTDIR}$(BINDIR)/ -- ./fipshmac ${DESTDIR}$(BINDIR)/sha256sum -+ fipshmac ${DESTDIR}$(BINDIR)/sha256sum - install -m 0755 sha384sum -D -t ${DESTDIR}$(BINDIR)/ -- ./fipshmac ${DESTDIR}$(BINDIR)/sha384sum -+ fipshmac ${DESTDIR}$(BINDIR)/sha384sum - install -m 0755 sha512sum -D -t ${DESTDIR}$(BINDIR)/ -- ./fipshmac ${DESTDIR}$(BINDIR)/sha512sum -+ fipshmac ${DESTDIR}$(BINDIR)/sha512sum - install -m 0755 fipscheck -D -t ${DESTDIR}$(BINDIR)/ -- ./fipshmac ${DESTDIR}$(BINDIR)/fipscheck -+ fipshmac ${DESTDIR}$(BINDIR)/fipscheck - install -m 0755 fipshmac -D -t ${DESTDIR}$(BINDIR)/ -- ./fipshmac ${DESTDIR}$(BINDIR)/fipshmac -+ fipshmac ${DESTDIR}$(BINDIR)/fipshmac - install -m 0755 sha1hmac -D -t ${DESTDIR}$(BINDIR)/ -- ./sha512hmac sha1hmac > ${DESTDIR}$(BINDIR)/.sha1hmac.hmac -+ fipshmac ${DESTDIR}$(BINDIR)/sha1hmac - install -m 0755 sha224hmac -D -t ${DESTDIR}$(BINDIR)/ -- ./sha512hmac sha224hmac > ${DESTDIR}$(BINDIR)/.sha224hmac.hmac -+ fipshmac ${DESTDIR}$(BINDIR)/sha224hmac - install -m 0755 sha256hmac -D -t ${DESTDIR}$(BINDIR)/ -- ./sha512hmac sha256hmac > ${DESTDIR}$(BINDIR)/.sha256hmac.hmac -+ fipshmac ${DESTDIR}$(BINDIR)/sha256hmac - install -m 0755 sha384hmac -D -t ${DESTDIR}$(BINDIR)/ -- ./sha512hmac sha384hmac > ${DESTDIR}$(BINDIR)/.sha384hmac.hmac -+ fipshmac ${DESTDIR}$(BINDIR)/sha384hmac - install -m 0755 sha512hmac -D -t ${DESTDIR}$(BINDIR)/ -- ./sha512hmac sha512hmac > ${DESTDIR}$(BINDIR)/.sha512hmac.hmac -- -+ fipshmac ${DESTDIR}$(BINDIR)/sha512hmac diff --git a/libkcapi.changes b/libkcapi.changes index 1cb89a8..37d5b20 100644 --- a/libkcapi.changes +++ b/libkcapi.changes @@ -1,3 +1,120 @@ +------------------------------------------------------------------- +Wed Jan 8 07:23:22 UTC 2020 - Marcus Meissner + +- updated to 1.1.5: + - Fix invocation of ansi_cprng in FIPS mode during testing + - Fix testing on kernels >= 5.0 + - Add virtualization test for kernel 5.1 + - Fix the limit between vmsplice() and sendmsg() by Christophe Leroy + - Fix remove code duplication by Ondrej Mosnáček + - Fix potential memleak in speed-test +- updated to 1.1.4: + - Fix: use sendmsg when processing more than 1<<16 bytes input data which improves performance on some architectures +- updated to 1.1.3: + - Fix: default location of FIPS 140-2 HMAC control file is ..hmac (was accidentally moved to .hmac with 1.1.0) +- updated to 1.1.2: + - Fix: Bug fixes for GCC 8.1.0 regarding string length checks by Krzysztof Kozlowski + - Enhancement: ensure that tests execute on architectures other than X86 by Ondrej Mosnáček + - Fix: Bug fix to initialize FDs at the correct time in kcapi-kernel-if.c by Ondrej Mosnáček + - Test fix: Support test execution outside build environment by Ondrej Mosnáček +- updated to 1.1.1: + - Fix: Bug fixes for kcapi_hasher by Ondrej Mosnáček +- updated to 1.1.0: + - API Enhancement: Addition of kcapi_handle_reinit + - Fix: simplify code by removing the internal *_fd functions from kcapi-kernel-if.c + - Test enhancement: add IIV speed testing + - Fix: add a loop around the read system call to always obtain all generated data + - Fix: use host compiler for compiling docproc (reported by Christophe LEROY, fixed by Björn Esser) + - Fix: make error handling of hashing applications consistent with coreutils applications (reported by Christophe LEROY) + - Fix: support for zero length files (patched by Ondrej Mosnáček) + - Fix: support for zero message hashes on kernels <= 4.9 (patched by Ondrej Mosnáček) + - Fix: Add Travis CI test system provided by Ondrej Mosnáček + - Fix: Add several fixes to kcapi-hasher by Ondrej Mosnáček + - Fix: Add additional tests for kcapi-hasher by Ondrej Mosnáček + - Fix: Apply unpadding only to last block of data by Ondrej Mosnáček + - Fix: Fix resource leaks in error code paths suggested by Ondrej Mosnáček + - Enhancement: achieve hmaccalc CLI equivalence by Ondrej Mosnáček +- updated to 1.0.3: + - Fix: support STDIN and --tag of sha*sum applications + - Enhancement: Add small enhancements to support integration with distros -- reported by Björn Esser +- updated to 1.0.2: + - Fix: hasher-test.sh on 32-bit systems + - Fix: AIO return code handling on large number of requests -- reported by Jonathan Cameron + - Enhancement: disable coredumps of library + - Fix: remove unchecked -fstack-protector-strong from Makefile -- reported by Mathieu Malaterre + - Fix: document that kcapi_cipher_stream_op must be called in a loop to collect all data in a multhreaded environment. + - Test Fix: Update symmetric multithreaded stream test to invoke kcapi_cipher_stream_op in a loop to collect all data. + - Fix: Initialize the cipher handle on stack with zeros as the library expects a zero-initialized cipher handle. This fixes a possible segfault where free() is called on a non-initialized memory location. + - Fix: port algif_kpp and algif_akcipher to 4.15-rc3 +- updated to 1.0.1: + - Fix: constify AEAD cipher input data + - Fix: use GCC byte swapping acceleration if present + - Fix: KDF counter handling on little endian systems when generating more than 255 blocks + - Use LD_PRELOAD for execution of test cases to force using of the freshly compiled binaries + - Fix: return code handling of _kcapi_common_vmsplice_chunk_fd as reported by Christophe Leroy + - Fix: return code handling in _kcapi_md_update + - Fix: kcapi-hasher now supports files larger than 2GB + - Fix: kcapi-dgst now supports files larger than 2GB + - Fix: use stack protector + - Fix: rename header guards to remove leading underscore as pointed out by Markus Elfring + - Test Fix: Allow compiing the test code without asymmetric and KPP support +- updated to 1.0.0: + - Fix: Small compile fixes for new checks of GCC 7 + - API Change: Rename all LOG_* enums to KCAPI_LOG_* to prevent namespace poisoning + - Fix: soname and file name of library now compiles with conventions (thanks to Marcus Meissner) + - Fix: kcapi-rng.c: unify FD/syscall read code and fix __NR_getrandom resolution + - Enhancement: add kcapi-enc application to access symmetric encryption on command line + - Fix: consolidate duplicate code in kcapi-hasher + - Enhancement: add kcapi-dgst application to access hashes on command line + - Enhancement: add kcapi-rng man page + - Enhancement: add kcapi-rng --hex command line option + - Fix: enable full symmetric AIO support + - Fix: consolidate all test code into test/ and invoke all tests with test-invocation.sh + - Fix: fix memleaks in error code paths as reported by clang + - Fix: reduce memory footprint by rearranging data structures + - Fix: kcapi-hasher is now fully FIPS 140-2 compliant as it now includes the integrity test for libkcapi.so + - Enhancement: Add speed tests for MV-CESA accelerated ciphers and hash algorithms (thanks to Bastian Stender) + - Test Enhancement: add kcapi-enc-test-large.c test testing edge conditions of AF_ALG + - Test Enhancement: add virttest.sh - use of test system based on eudyptula-boot to test on linux-4.3.6, linux-4.4.86, linux-4.5, linux-4.7, linux-4.10, linux-4.12 + - Test Enhancement: add kcapi-fuzz-test.sh to support fuzzing the AF_ALG interfaces + - Enhancement: add RPM SPEC file (tested with Fedora 26) + - API Change: replace --disable-lib-asym with --enable-lib-asym as the algif_akcipher.c kernel interface is not likely to be added to the kernel anytime soon + - API Enhancement: add KPP API which is not compiled by default, use --enable-lib-kpp (the algif_kpp.c kernel interface is not likely to be added to the Linux kernel any time soon) + - Test Enhancement: Add KPP tests + - Enhancement: Re-enable AIO support for symmetric and AEAD ciphers down to Linux kernels 4.1 and 4.7, respectively. This is due to integrating a fix against a kernel crash when using AIO. + - Fix: simply KDF code base + - API Enhancement: add message digest convenience functions kcapi_md_*sha* + - API Enhancement: add cipher convenience functions kcapi_cipher_*_aes_* + - API Enhancement: add rng convenience function kcapi_rng_get_bytes + - API Change: remove kcapi_aead_getdata, use kcapi_aead_getdata_input and kcapi_aead_getdata_output instead + - API Change: remove kcapi_aead_outbuflen, use kcapi_aead_outbuflen_enc and kcapi_aead_outbuflen_dec instead +- updated to 0.14.0: + - AIO: fix tracking of completed IOCBs + - speed-test: fix AEAD handling + - speed-test: fix time calculation + - compiler now warns a user of deprecated API calls + - AIO: handle kernel errors for algif_skcipher gracefully + - AIO: using multiple IOCB if algif_aead interface supports it + - ASYM: add PKCS1 tests + - AIO: add ASYM AIO support + - AIO: fix AEAD AIO fallback + - AIO: add AIO fallback testing + - replace enforcement of symmetric cipher limits with a log message only (the underlying kernel implementations should catch any errors) + - add fuzzing tests + - use autotools build system as provided by Georges Savoundararadj with additional considerations from Marcin Nowakowski (thanks a lot) + - ALG_MAX_PAGES restriction is gone with current AF_ALG interface + - add HKDF (RFC5869) + - add apps/kcapi-rng + - add support for multiple accepts where the caller maintains the opfd + - fix memleak in error case in PBKDF + - add multithreaded symmetric cipher tests + - enable full AIO support for kernels 4.13 and higher (fallback AIO implementation using synchronous support for earlier kernels) -- this is due to the broken AIO support for earlier kernels + - Add tests for the AAD copy operation to be supported for kernel 4.13 +- dropped libkcapi-use-external-fipshmac.patch (done differently in upstream) +- dropped reproduciblesort.patch (done differently upstream) +- dropped reproducibledate.patch: merged upstream +- libkcapi.keyring imported + ------------------------------------------------------------------- Thu Dec 5 10:10:41 UTC 2019 - Martin Liška diff --git a/libkcapi.keyring b/libkcapi.keyring new file mode 100644 index 0000000..83bdec9 --- /dev/null +++ b/libkcapi.keyring @@ -0,0 +1,58 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQENBFqo+vgBCACp9hezmvJ4eeZv4PkyoMxGpXHN4Ox2+aofXxMv/yQ6oyZ69xu0 +U0yFcEcSWbe4qhxB+nlOvSBRJ8ohEU3hlGLrAKJwltHVzeO6nCby/T57b6SITCbc +nZGIgKwX4CrJYmfQ4svvMGNDOORPk6SFkK7hhe1cWJb+Gc5czw3wy7By5c1Otlnb +mGB4k5+p7Mbi+rui/vLTKv7FKY5t2CpQoOxptxFc/yq9sMdBnsjvhcCHcl1kpnQP +TMppztWMj4Nkkd+Trvpym0WZ1px6+3kxhMn6LNYytHTCmf/qyf1+1/PIpyEXvx66 +hxeN+fN/7R+0iYCisv3JTtfNkCV3QjGdKqT3ABEBAAG0HVN0ZXBoYW4gTXVlbGxl +ciA8c21AZXBlcm0uZGU+iQFOBBMBCAA4FiEEO8xD1NLIfReEtp7kQh7pNjJqwVsF +Alqo/M8CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQQh7pNjJqwVsV8gf+ +OcAaiSqhn0mYkfC7Fe48n9InAkHiSQ/T7eN+wWYLYMWGG0N2z5gBnNfdc4oFVL+n +gye4C3bm98Iu7WnSl0CTOe1pKGFJg3Y7YzSa5/FzS9nKsg6iXpNWL5nSYyz8T9Q0 +KGKNlAiyQEGkt8y05m8hNsvqkgDb923/RFfUYX4mTUXJ1vk/6SFCA/72JQN7PpwM +gGir7FNybuuDUuDLDgQ+BZHhJlW91XE2nwxUo9IrJ2FeT8GgFKzX8A//peRZTSSe +atJBr0HRKfTrKYw3lf897sddUjyQU1nDYv9EMLBvkzuE+gwUakt2rOcpR+4Fn5jk +QbN4vpfGPnybMAMMxW6GIrQfU3RlcGhhbiBNdWVsbGVyIDxzbUBjaHJvbm94LmRl +PokBTgQTAQgAOBYhBDvMQ9TSyH0XhLae5EIe6TYyasFbBQJaqPzEAhsDBQsJCAcC +BhUKCQgLAgQWAgMBAh4BAheAAAoJEEIe6TYyasFbsqUH/2euuyRj8b1xuapmrNUu +U4atn9FN6XE1cGzXYPHNEUGBiMkInPwZ/PFurrni7S22cMN+IuqmQzLo40izSjXh +RJAa165GoJSrtf7S6iwry/k1S9nY2Vc/dxW6qnFq7mJLAs0JWHOfhRe1caMb7P95 +B+O5B35023zYr9ApdQ4+Lyk+xx1+i++EOxbTJVqLZEF1EGmOWh3ERcGyT05+1LQ8 +4yDSCUxZVZFrbA2Mtg8cdyvu68urvKiOCHzDH/xRRhFxUz0+dCOGBFSgSfKI9cgS +009BdH3Zyg795QV6wfhNas4PaNPN5ArMAvgPH1BxtkgyMjUSyLQQDrmuqHnLzExE +QfG0JVN0ZXBoYW4gTXVlbGxlciA8c211ZWxsZXJAY2hyb25veC5kZT6JAU4EEwEI +ADgWIQQ7zEPU0sh9F4S2nuRCHuk2MmrBWwUCWqj6+AIbAwULCQgHAgYVCgkICwIE +FgIDAQIeAQIXgAAKCRBCHuk2MmrBWxVrB/wKYSuURgwKs2pJ2kmLIp34StoreNqe +6cdIF7f7e8o7NaT528hFAVuDSTUyjXO+idbC0P+zu9y2SZfQhc4xbD+Zf0QngX7/ +sqIWVeiXJa6uR/qrtJF7OBEvlGkxcAwkC0d/Ts68ps4QbZ7s5qWBJJY4LmnytqvX +Gb63/fOTwImYiY3tKCOSCM2YQRFt6BO71t8tu/4NLk0KSW9OHa9nfcDqI18aVylG +Mu5zNjYqjJpT/be1UpyZo6I/7p0yAQfGJ5YBiN4S264mdFN7jOvxZE3NKXhL4QMt +34hOSWPOpW8ZGEo1hKjEdHFvYowPpcoOFicP+zvxdpMtUTEkppREN2a+uQENBFqo ++vgBCACiLHsDAX7C0l0sB8DhVvTDpC2CyaeuNW9GZ1Qqkenh3Y5KnYnh5Gg5b0ju +bSkauJ75YEOsOeClWuebL3i76kARC8Gfo727wSLvfIAcWhO1ws6j1Utc8s1HNO0+ +vcGC9EEkn7LzO5piEUPkentjrSF7clPsXziW4IJq/z3DYZQkVPk7PSw6r0jXWR/p +6sj4aXxslIiDgFJZyopki7Sl2805JYcvKKC6OWTyPHJMlnu9dNxJviAentAUwzHx +NqmvYjlkqBr/sFnjC9kydElecVm4YQh3TC6yt5h49AslAVlFYfwQwcio1LNWyScl +WHbDZhcVZJZZi4++gpFmmg1AjyfLABEBAAGJATYEGAEIACAWIQQ7zEPU0sh9F4S2 +nuRCHuk2MmrBWwUCWqj6+AIbIAAKCRBCHuk2MmrBWxPCCACQGQu5eOcH9qsqSOO6 +4n+xUX7PG96S8s2JolN3Ft2YWKUzjVHLu5jxznmDwx+GJ3P7thrzW+V5XdDcXgSA +XW793TaJ/XMM0jEG+jgvuhE65JfWCK+8sumrO24M1KnVQigxrMpG5FT7ndpBRGbs +059QSqoMVN4x2dvaP81/+u0sQQ2EGrhPFB2aOA3s7bbWy8xGVIPLcCqByPLbxbHz +aU/dkiutSaYqmzdgrTdcuESSbK4qEv3g1i2Bw5kdqeY9mM96SUL8cGUokqFtVP7b +2mSfm51iNqlO3nsfwpRnl/IlRPThWLhM7/qr49GdWYfQsK4hbw0fo09QFCXN53MP +LhLwuQENBFqo+vgBCAClaPqyK/PUbf7wxTfu3ZBAgaszL98Uf1UHTekRNdYO7FP1 +dWWT4SebIgL8wwtWZEqI1pydyvk6DoNF6CfRFq1lCo9QA4Rms7Qx3cdXu1G47ZtQ +vOqxvO4SPvi7lg3PgnuiHDUSTwo5a8+ojxbLzs5xExbx4RDGtykBoaOoLYeenn92 +AQ//gN6wCDjEjwP2u39xkWXlokZGrwn3ytFE20rUTNCSLxdmoCr1faHzKmvql95w +mA7ahg5s2vM9/95W4G71lJhy2crkZIAH0fx3iOUbDmlZ3T3UvoLuyMToUyaQv5lo +0lV2KJOBGhjnAfmykHsxQu0RygiNwvO3TGjpaeB5ABEBAAGJATYEGAEIACAWIQQ7 +zEPU0sh9F4S2nuRCHuk2MmrBWwUCWqj6+AIbDAAKCRBCHuk2MmrBW5Y4B/oCLcRZ +yN0ETep2JK5CplZHHRN27DhL4KfnahZv872vq3c83hXDDIkCm/0/uDElso+cavce +g5pIsoP2bvEeSJjGMJ5PVdCYOx6r/Fv/tkr46muOvaLdgnphv/CIA+IRykwyzXe3 +bsucHC4a1fnSoTMnV1XhsIh8zWTINVVO8+qdNEv3ix2nP5yArexUGzmJV0HIkKm5 +9wCLz4FpWR+QZru0i8kJNuFrdnDIP0wxDjiVBifPhiegBv+/z2DOj8D9EI48Kagd +QP7MY7q/u1n3+pGTwa+F1hoGo5IOU5MnwVv7UHiW1MSNQ2/kBFBHm+xdudNab2U0 +OpfqrWerOw3WcGd2 +=b9/d +-----END PGP PUBLIC KEY BLOCK----- diff --git a/libkcapi.spec b/libkcapi.spec index 953c820..958384f 100644 --- a/libkcapi.spec +++ b/libkcapi.spec @@ -1,7 +1,7 @@ # # spec file for package libkcapi # -# Copyright (c) 2019 SUSE LLC +# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,20 +17,18 @@ Name: libkcapi -Version: 0.13.0 +Version: 1.1.5 Release: 0 Summary: Linux Kernel Crypto API User Space Interface Library License: GPL-2.0-only Group: Productivity/Security URL: http://www.chronox.de/libkcapi.html -#Source: https://github.com/smuellerDD/libkcapi/archive/v0.13.0.zip -Source: libkcapi-0.13.0.tar.bz2 -Patch0: libkcapi-use-external-fipshmac.patch -# PATCH-FIX-UPSTREAM rewritten upstream in https://github.com/smuellerDD/libkcapi/commit/0e7b2b0300782 -Patch1: reproduciblesort.patch -# PATCH-FIX-UPSTREAM https://github.com/smuellerDD/libkcapi/pull/12 -Patch2: reproducibledate.patch -BuildRequires: fipscheck +Source: https://www.chronox.de/libkcapi/libkcapi-%{version}.tar.xz +Source1: https://www.chronox.de/libkcapi/libkcapi-%{version}.tar.xz.asc +Source2: libkcapi.keyring +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool BuildRequires: openssl BuildRequires: xmlto @@ -39,17 +37,17 @@ libkcapi exports APIs so that developers need not consider the low-level Netlink interface handling that is used for accesing the Linux kernel crypto API. -%package -n libkcapi0 +%package -n libkcapi1 Summary: Linux Kernel Crypto API User Space Interface Library Group: System/Libraries -%description -n libkcapi0 +%description -n libkcapi1 libkcapi allows user-space to access the Linux kernel crypto API. %package devel Summary: Linux Kernel Crypto API User Space Interface Library Group: Development/Languages/C and C++ -Requires: libkcapi0 = %{version} +Requires: libkcapi1 = %{version} %description devel libkcapi exports APIs so that developers need not consider the low-level @@ -76,58 +74,89 @@ libkcapi user space tools to access certain hash algorithms. %prep %setup -q -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 %build -cd lib -export CFLAGS="%optflags" -%make_build -make man -cd ../apps +autoreconf -i +%configure \ + --disable-static \ + --enable-kcapi-test \ + --enable-kcapi-speed \ + --enable-kcapi-hasher \ + --enable-kcapi-rngapp \ + --enable-kcapi-encapp \ + --enable-kcapi-dgstapp + make %{?_smp_mflags} %install -cd lib -make install maninstall DESTDIR=%{buildroot} LIBDIR="%{_libdir}" %{?_smp_mflags} -cd ../apps -make install DESTDIR=%{buildroot} %{?_smp_mflags} BINDIR=/usr/%_lib/libkcapi/ +make install DESTDIR=%{buildroot} LIBDIR="%{_libdir}" %{?_smp_mflags} +rm %{buildroot}/%_libdir/libkcapi.la # Add generation of HMAC checksums of the final fipshmac fipscheck stripped binaries %define __spec_install_post \ %{?__debug_package:%{__debug_install_post}} \ %{__arch_install_post} \ %{__os_install_post} \ - openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/usr/%_lib/libkcapi/fipscheck |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.fipscheck.hmac \ - openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/usr/%_lib/libkcapi/fipshmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.fipshmac.hmac \ - openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha1sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha1sum.hmac \ - openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha256sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha256sum.hmac \ - openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha384sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha384sum.hmac \ - openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha512sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha512sum.hmac \ - openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha1hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha1hmac.hmac \ - openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha256hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha256hmac.hmac \ - openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha384hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha384hmac.hmac \ - openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha512hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha512hmac.hmac \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_bindir/fipscheck |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.fipscheck.hmac \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_bindir/fipshmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.fipshmac.hmac \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_bindir/sha1sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha1sum.hmac \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_bindir/sha256sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha256sum.hmac \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_bindir/sha384sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha384sum.hmac \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_bindir/sha512sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha512sum.hmac \ + openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_bindir/sha1hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha1hmac.hmac \ + openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_bindir/sha256hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha256hmac.hmac \ + openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_bindir/sha384hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha384hmac.hmac \ + openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_bindir/sha512hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha512hmac.hmac \ + openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_libdir/libkcapi.so|sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libdir/.libkcapi.so.hmac \ + openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_libdir/libkcapi.so.1|sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libdir/.libkcapi.so.1.hmac \ + openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_libdir/libkcapi.so.%version|sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libdir/.libkcapi.so.%version.hmac \ %{nil} -%post -n libkcapi0 -p /sbin/ldconfig +%post -n libkcapi1 -p /sbin/ldconfig -%postun -n libkcapi0 -p /sbin/ldconfig +%postun -n libkcapi1 -p /sbin/ldconfig -%files -n libkcapi0 +%files -n libkcapi1 %license COPYING -%doc CHANGES -%{_libdir}/libkcapi.so.0.13.* -%{_libdir}/libkcapi.so.0 +%doc CHANGES.md +%{_libdir}/libkcapi.so.1.* +%{_libdir}/libkcapi.so.1 +%{_libdir}/.libkcapi.so.1* %files devel %{_includedir}/kcapi.h %{_mandir}/man3/* +%{_libdir}/libkcapi.so +%{_libdir}/.libkcapi.so.hmac +%{_libdir}/pkgconfig/libkcapi.pc %files tools -%dir %{_libdir}/libkcapi -%{_libdir}/libkcapi/* -%{_libdir}/libkcapi/.*hmac +%dir %{_libexecdir}/libkcapi +%{_bindir}/*hmac* +%{_bindir}/*sum* +%{_bindir}/*fips* +%{_bindir}/kcapi +%{_bindir}/kcapi-convenience +%{_bindir}/kcapi-dgst +%{_bindir}/kcapi-enc +%{_bindir}/kcapi-enc-test-large +%{_bindir}/kcapi-rng +%{_bindir}/kcapi-speed +%{_bindir}/.*hmac +%{_libexecdir}/libkcapi/kcapi +%{_libexecdir}/libkcapi/kcapi-convenience +%{_libexecdir}/libkcapi/compile-test.sh +%{_libexecdir}/libkcapi/hasher-test.sh +%{_libexecdir}/libkcapi/kcapi-convenience.sh +%{_libexecdir}/libkcapi/kcapi-dgst-test.sh +%{_libexecdir}/libkcapi/kcapi-enc-test-large +%{_libexecdir}/libkcapi/kcapi-enc-test-large.sh +%{_libexecdir}/libkcapi/kcapi-enc-test.sh +%{_libexecdir}/libkcapi/kcapi-fuzz-test.sh +%{_libexecdir}/libkcapi/libtest.sh +%{_libexecdir}/libkcapi/test-invocation.sh +%{_libexecdir}/libkcapi/test.sh +%{_libexecdir}/libkcapi/virttest.sh +%{_mandir}/man1/kcapi* %changelog diff --git a/reproducibledate.patch b/reproducibledate.patch deleted file mode 100644 index 0d3efda..0000000 --- a/reproducibledate.patch +++ /dev/null @@ -1,31 +0,0 @@ -commit fb7b152478b28d998c781f1ad924675b85c314db -Author: Bernhard M. Wiedemann -Date: Sat Jul 8 15:32:36 2017 +0200 - - Allow to override build date - - in order to allow for reproducible builds. - See https://reproducible-builds.org/ for why this is good - and https://reproducible-builds.org/specs/source-date-epoch/ - for the definition of this variable. - - Also use gmtime instead of localtime to be independent of timezone. - -diff --git a/lib/doc/bin/kernel-doc b/lib/doc/bin/kernel-doc -index 0c8bf6a..2851162 100755 ---- a/lib/doc/bin/kernel-doc -+++ b/lib/doc/bin/kernel-doc -@@ -253,10 +253,11 @@ my %highlights = %highlights_man; - my $blankline = $blankline_man; - my $modulename = "Kernel API"; - my $function_only = 0; -+my $build_date = $ENV{SOURCE_DATE_EPOCH} || time; - my $man_date = ('January', 'February', 'March', 'April', 'May', 'June', - 'July', 'August', 'September', 'October', -- 'November', 'December')[(localtime)[4]] . -- " " . ((localtime)[5]+1900); -+ 'November', 'December')[(gmtime($build_date))[4]] . -+ " " . ((gmtime($build_date))[5]+1900); - my $show_not_found = 0; - - # Essentially these are globals. diff --git a/reproduciblesort.patch b/reproduciblesort.patch deleted file mode 100644 index 652a90f..0000000 --- a/reproduciblesort.patch +++ /dev/null @@ -1,26 +0,0 @@ -Index: libkcapi-0.13.0/lib/Makefile -=================================================================== ---- libkcapi-0.13.0.orig/lib/Makefile -+++ libkcapi-0.13.0/lib/Makefile -@@ -100,7 +100,7 @@ LIBNAME := lib$(NAME).so.$(LIBVERSION) - # Define files to be compiled - # - ############################################################################### --C_SRCS := $(wildcard *.c) -+C_SRCS := $(sort $(wildcard *.c)) - C_OBJS := ${C_SRCS:.c=.o} - OBJS := $(C_OBJS) - -Index: libkcapi-0.13.0/apps/Makefile -=================================================================== ---- libkcapi-0.13.0.orig/apps/Makefile -+++ libkcapi-0.13.0/apps/Makefile -@@ -9,7 +9,7 @@ CFLAGS +=-D_FORTIFY_SOURCE=2 -fwrapv --p - LDFLAGS +=-Wl,-z,relro,-z,now - - NAME := kcapi-hasher --C_SRCS := $(wildcard *.c) $(wildcard ../lib/*.c) -+C_SRCS := $(sort $(wildcard *.c) $(wildcard ../lib/*.c)) - C_OBJS := ${C_SRCS:.c=.o} - C_ASM := ${C_SRCS:.c=.s} - OBJS := $(C_OBJS) From b884f88a7200a12217ba09ee42abecc1c5f4b8dfa63961ae131edd837ddd237d Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Tue, 24 Mar 2020 13:31:46 +0000 Subject: [PATCH 02/14] OBS-URL: https://build.opensuse.org/package/show/security/libkcapi?expand=0&rev=21 --- libkcapi.spec | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/libkcapi.spec b/libkcapi.spec index 958384f..df31473 100644 --- a/libkcapi.spec +++ b/libkcapi.spec @@ -1,7 +1,7 @@ # # spec file for package libkcapi # -# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -89,7 +89,7 @@ autoreconf -i make %{?_smp_mflags} %install -make install DESTDIR=%{buildroot} LIBDIR="%{_libdir}" %{?_smp_mflags} +make install DESTDIR=%{buildroot} LIBDIR="%{_libdir}" BINDIR=/usr/%_lib/libkcapi/ %{?_smp_mflags} rm %{buildroot}/%_libdir/libkcapi.la # Add generation of HMAC checksums of the final fipshmac fipscheck stripped binaries @@ -97,16 +97,16 @@ rm %{buildroot}/%_libdir/libkcapi.la %{?__debug_package:%{__debug_install_post}} \ %{__arch_install_post} \ %{__os_install_post} \ - openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_bindir/fipscheck |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.fipscheck.hmac \ - openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_bindir/fipshmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.fipshmac.hmac \ - openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_bindir/sha1sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha1sum.hmac \ - openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_bindir/sha256sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha256sum.hmac \ - openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_bindir/sha384sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha384sum.hmac \ - openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_bindir/sha512sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha512sum.hmac \ - openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_bindir/sha1hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha1hmac.hmac \ - openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_bindir/sha256hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha256hmac.hmac \ - openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_bindir/sha384hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha384hmac.hmac \ - openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_bindir/sha512hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha512hmac.hmac \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/usr/%_lib/libkcapi/fipscheck |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.fipscheck.hmac \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/usr/%_lib/libkcapi/fipshmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.fipshmac.hmac \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha1sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha1sum.hmac \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha256sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha256sum.hmac \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha384sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha384sum.hmac \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha512sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha512sum.hmac \ + openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha1hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha1hmac.hmac \ + openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha256hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha256hmac.hmac \ + openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha384hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha384hmac.hmac \ + openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha512hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha512hmac.hmac \ openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_libdir/libkcapi.so|sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libdir/.libkcapi.so.hmac \ openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_libdir/libkcapi.so.1|sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libdir/.libkcapi.so.1.hmac \ openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_libdir/libkcapi.so.%version|sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libdir/.libkcapi.so.%version.hmac \ From 4e4773141eaee6a2513fd45d30235cf5ddc11bcdadf677d88045748de45de09a Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Tue, 24 Mar 2020 14:34:15 +0000 Subject: [PATCH 03/14] OBS-URL: https://build.opensuse.org/package/show/security/libkcapi?expand=0&rev=22 --- libkcapi.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libkcapi.spec b/libkcapi.spec index df31473..b98ac1c 100644 --- a/libkcapi.spec +++ b/libkcapi.spec @@ -92,6 +92,8 @@ make %{?_smp_mflags} make install DESTDIR=%{buildroot} LIBDIR="%{_libdir}" BINDIR=/usr/%_lib/libkcapi/ %{?_smp_mflags} rm %{buildroot}/%_libdir/libkcapi.la +mv /usr/bin/* /usr/%_lib/libkcapi/ + # Add generation of HMAC checksums of the final fipshmac fipscheck stripped binaries %define __spec_install_post \ %{?__debug_package:%{__debug_install_post}} \ From 86037d4b06f5a9579445025ea43a7384b08968d7584df8c87f328a382a0c7f8c Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Tue, 24 Mar 2020 16:25:37 +0000 Subject: [PATCH 04/14] OBS-URL: https://build.opensuse.org/package/show/security/libkcapi?expand=0&rev=23 --- libkcapi.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libkcapi.spec b/libkcapi.spec index b98ac1c..ea9eabc 100644 --- a/libkcapi.spec +++ b/libkcapi.spec @@ -92,7 +92,7 @@ make %{?_smp_mflags} make install DESTDIR=%{buildroot} LIBDIR="%{_libdir}" BINDIR=/usr/%_lib/libkcapi/ %{?_smp_mflags} rm %{buildroot}/%_libdir/libkcapi.la -mv /usr/bin/* /usr/%_lib/libkcapi/ +mv %{buildroot}/usr/bin/* %{buildroot}/usr/%_lib/libkcapi/ # Add generation of HMAC checksums of the final fipshmac fipscheck stripped binaries %define __spec_install_post \ From fce2fb78758a94d284693c780cd395272f9d5b626be299361c6246edfe77803e Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Tue, 24 Mar 2020 16:33:24 +0000 Subject: [PATCH 05/14] OBS-URL: https://build.opensuse.org/package/show/security/libkcapi?expand=0&rev=24 --- libkcapi.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/libkcapi.spec b/libkcapi.spec index ea9eabc..c4e2b91 100644 --- a/libkcapi.spec +++ b/libkcapi.spec @@ -92,6 +92,7 @@ make %{?_smp_mflags} make install DESTDIR=%{buildroot} LIBDIR="%{_libdir}" BINDIR=/usr/%_lib/libkcapi/ %{?_smp_mflags} rm %{buildroot}/%_libdir/libkcapi.la +mkdir -p %{buildroot}/usr/%_lib/libkcapi/ mv %{buildroot}/usr/bin/* %{buildroot}/usr/%_lib/libkcapi/ # Add generation of HMAC checksums of the final fipshmac fipscheck stripped binaries From ad844bae1a116462e15d233a0493efca2993291782da6f939086378944e3017e Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Tue, 24 Mar 2020 16:38:38 +0000 Subject: [PATCH 06/14] OBS-URL: https://build.opensuse.org/package/show/security/libkcapi?expand=0&rev=25 --- libkcapi.spec | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/libkcapi.spec b/libkcapi.spec index c4e2b91..5be0d5e 100644 --- a/libkcapi.spec +++ b/libkcapi.spec @@ -135,17 +135,6 @@ mv %{buildroot}/usr/bin/* %{buildroot}/usr/%_lib/libkcapi/ %files tools %dir %{_libexecdir}/libkcapi -%{_bindir}/*hmac* -%{_bindir}/*sum* -%{_bindir}/*fips* -%{_bindir}/kcapi -%{_bindir}/kcapi-convenience -%{_bindir}/kcapi-dgst -%{_bindir}/kcapi-enc -%{_bindir}/kcapi-enc-test-large -%{_bindir}/kcapi-rng -%{_bindir}/kcapi-speed -%{_bindir}/.*hmac %{_libexecdir}/libkcapi/kcapi %{_libexecdir}/libkcapi/kcapi-convenience %{_libexecdir}/libkcapi/compile-test.sh From 9c67c0a0b851a51d13f81bcb9ec1f7d2f5b5c7d046f4112b43a961b8981fbcf5 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Tue, 24 Mar 2020 16:57:31 +0000 Subject: [PATCH 07/14] OBS-URL: https://build.opensuse.org/package/show/security/libkcapi?expand=0&rev=26 --- libkcapi.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libkcapi.spec b/libkcapi.spec index 5be0d5e..b1117a1 100644 --- a/libkcapi.spec +++ b/libkcapi.spec @@ -135,6 +135,8 @@ mv %{buildroot}/usr/bin/* %{buildroot}/usr/%_lib/libkcapi/ %files tools %dir %{_libexecdir}/libkcapi +%{_libexecdir}/libkcapi/*sum* +%{_libexecdir}/libkcapi/*hmac* %{_libexecdir}/libkcapi/kcapi %{_libexecdir}/libkcapi/kcapi-convenience %{_libexecdir}/libkcapi/compile-test.sh From fd11222c9ece5af4b9e4967c21f41214bef484eccbb5a853b751816b8ea30082 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Tue, 24 Mar 2020 16:59:47 +0000 Subject: [PATCH 08/14] OBS-URL: https://build.opensuse.org/package/show/security/libkcapi?expand=0&rev=27 --- libkcapi.spec | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libkcapi.spec b/libkcapi.spec index b1117a1..0582b55 100644 --- a/libkcapi.spec +++ b/libkcapi.spec @@ -136,7 +136,8 @@ mv %{buildroot}/usr/bin/* %{buildroot}/usr/%_lib/libkcapi/ %files tools %dir %{_libexecdir}/libkcapi %{_libexecdir}/libkcapi/*sum* -%{_libexecdir}/libkcapi/*hmac* +/usr/%_lib/libkcapi/*sum* +/usr/%_lib/libkcapi/*hmac* %{_libexecdir}/libkcapi/kcapi %{_libexecdir}/libkcapi/kcapi-convenience %{_libexecdir}/libkcapi/compile-test.sh From c265cd42780e7413a734c3af612603e3b9babe2d8f986e9b797827764b0f7531 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Tue, 24 Mar 2020 17:11:08 +0000 Subject: [PATCH 09/14] OBS-URL: https://build.opensuse.org/package/show/security/libkcapi?expand=0&rev=28 --- libkcapi.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/libkcapi.spec b/libkcapi.spec index 0582b55..35f393b 100644 --- a/libkcapi.spec +++ b/libkcapi.spec @@ -135,7 +135,6 @@ mv %{buildroot}/usr/bin/* %{buildroot}/usr/%_lib/libkcapi/ %files tools %dir %{_libexecdir}/libkcapi -%{_libexecdir}/libkcapi/*sum* /usr/%_lib/libkcapi/*sum* /usr/%_lib/libkcapi/*hmac* %{_libexecdir}/libkcapi/kcapi From 25b1ff43504d6186736826547b66aed7db5cb7def09d5416ea54e45390fbc00d Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Tue, 24 Mar 2020 18:24:21 +0000 Subject: [PATCH 10/14] OBS-URL: https://build.opensuse.org/package/show/security/libkcapi?expand=0&rev=29 --- libkcapi.spec | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/libkcapi.spec b/libkcapi.spec index 35f393b..7c2d67b 100644 --- a/libkcapi.spec +++ b/libkcapi.spec @@ -89,27 +89,27 @@ autoreconf -i make %{?_smp_mflags} %install -make install DESTDIR=%{buildroot} LIBDIR="%{_libdir}" BINDIR=/usr/%_lib/libkcapi/ %{?_smp_mflags} +make install DESTDIR=%{buildroot} LIBDIR="%{_libdir}" BINDIR=/%_libexecdir/libkcapi/ %{?_smp_mflags} rm %{buildroot}/%_libdir/libkcapi.la -mkdir -p %{buildroot}/usr/%_lib/libkcapi/ -mv %{buildroot}/usr/bin/* %{buildroot}/usr/%_lib/libkcapi/ +mkdir -p %{buildroot}/%_libexecdir/libkcapi/ +mv %{buildroot}/usr/bin/* %{buildroot}/%_libexecdir/libkcapi/ # Add generation of HMAC checksums of the final fipshmac fipscheck stripped binaries %define __spec_install_post \ %{?__debug_package:%{__debug_install_post}} \ %{__arch_install_post} \ %{__os_install_post} \ - openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/usr/%_lib/libkcapi/fipscheck |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.fipscheck.hmac \ - openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/usr/%_lib/libkcapi/fipshmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.fipshmac.hmac \ - openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha1sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha1sum.hmac \ - openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha256sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha256sum.hmac \ - openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha384sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha384sum.hmac \ - openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha512sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha512sum.hmac \ - openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha1hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha1hmac.hmac \ - openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha256hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha256hmac.hmac \ - openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha384hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha384hmac.hmac \ - openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha512hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha512hmac.hmac \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_libexecdir/libkcapi/fipscheck |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libexecdir/libkcapi/.fipscheck.hmac \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_libexecdir/libkcapi/fipshmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libexecdir/libkcapi/.fipshmac.hmac \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_libexecdir/libkcapi/sha1sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libexecdir/libkcapi/.sha1sum.hmac \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_libexecdir/libkcapi/sha256sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libexecdir/libkcapi/.sha256sum.hmac \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_libexecdir/libkcapi/sha384sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libexecdir/libkcapi/.sha384sum.hmac \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_libexecdir/libkcapi/sha512sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libexecdir/libkcapi/.sha512sum.hmac \ + openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_libexecdir/libkcapi/sha1hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libexecdir/libkcapi/.sha1hmac.hmac \ + openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_libexecdir/libkcapi/sha256hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libexecdir/libkcapi/.sha256hmac.hmac \ + openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_libexecdir/libkcapi/sha384hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libexecdir/libkcapi/.sha384hmac.hmac \ + openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_libexecdir/libkcapi/sha512hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libexecdir/libkcapi/.sha512hmac.hmac \ openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_libdir/libkcapi.so|sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libdir/.libkcapi.so.hmac \ openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_libdir/libkcapi.so.1|sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libdir/.libkcapi.so.1.hmac \ openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_libdir/libkcapi.so.%version|sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libdir/.libkcapi.so.%version.hmac \ @@ -135,8 +135,8 @@ mv %{buildroot}/usr/bin/* %{buildroot}/usr/%_lib/libkcapi/ %files tools %dir %{_libexecdir}/libkcapi -/usr/%_lib/libkcapi/*sum* -/usr/%_lib/libkcapi/*hmac* +/%_libexecdir/libkcapi/*sum* +/%_libexecdir/libkcapi/*hmac* %{_libexecdir}/libkcapi/kcapi %{_libexecdir}/libkcapi/kcapi-convenience %{_libexecdir}/libkcapi/compile-test.sh From f3063ca487275aa5b62b8022285477e4e16b858101e85675547da5c95e7c2467 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Wed, 25 Mar 2020 06:24:45 +0000 Subject: [PATCH 11/14] OBS-URL: https://build.opensuse.org/package/show/security/libkcapi?expand=0&rev=30 --- libkcapi.spec | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/libkcapi.spec b/libkcapi.spec index 7c2d67b..67efe96 100644 --- a/libkcapi.spec +++ b/libkcapi.spec @@ -89,27 +89,27 @@ autoreconf -i make %{?_smp_mflags} %install -make install DESTDIR=%{buildroot} LIBDIR="%{_libdir}" BINDIR=/%_libexecdir/libkcapi/ %{?_smp_mflags} +make install DESTDIR=%{buildroot} LIBDIR="%{_libdir}" BINDIR=/%{_libexecdir}/libkcapi/ %{?_smp_mflags} rm %{buildroot}/%_libdir/libkcapi.la -mkdir -p %{buildroot}/%_libexecdir/libkcapi/ -mv %{buildroot}/usr/bin/* %{buildroot}/%_libexecdir/libkcapi/ +mkdir -p %{buildroot}/%{_libexecdir}/libkcapi/ +mv %{buildroot}/usr/bin/* %{buildroot}/%{_libexecdir}/libkcapi/ # Add generation of HMAC checksums of the final fipshmac fipscheck stripped binaries %define __spec_install_post \ %{?__debug_package:%{__debug_install_post}} \ %{__arch_install_post} \ %{__os_install_post} \ - openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_libexecdir/libkcapi/fipscheck |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libexecdir/libkcapi/.fipscheck.hmac \ - openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_libexecdir/libkcapi/fipshmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libexecdir/libkcapi/.fipshmac.hmac \ - openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_libexecdir/libkcapi/sha1sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libexecdir/libkcapi/.sha1sum.hmac \ - openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_libexecdir/libkcapi/sha256sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libexecdir/libkcapi/.sha256sum.hmac \ - openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_libexecdir/libkcapi/sha384sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libexecdir/libkcapi/.sha384sum.hmac \ - openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_libexecdir/libkcapi/sha512sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libexecdir/libkcapi/.sha512sum.hmac \ - openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_libexecdir/libkcapi/sha1hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libexecdir/libkcapi/.sha1hmac.hmac \ - openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_libexecdir/libkcapi/sha256hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libexecdir/libkcapi/.sha256hmac.hmac \ - openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_libexecdir/libkcapi/sha384hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libexecdir/libkcapi/.sha384hmac.hmac \ - openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_libexecdir/libkcapi/sha512hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libexecdir/libkcapi/.sha512hmac.hmac \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/fipscheck |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.fipscheck.hmac \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/fipshmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.fipshmac.hmac \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/sha1sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.sha1sum.hmac \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/sha256sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.sha256sum.hmac \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/sha384sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.sha384sum.hmac \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/sha512sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.sha512sum.hmac \ + openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/sha1hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.sha1hmac.hmac \ + openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/sha256hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.sha256hmac.hmac \ + openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/sha384hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.sha384hmac.hmac \ + openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/sha512hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.sha512hmac.hmac \ openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_libdir/libkcapi.so|sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libdir/.libkcapi.so.hmac \ openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_libdir/libkcapi.so.1|sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libdir/.libkcapi.so.1.hmac \ openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_libdir/libkcapi.so.%version|sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libdir/.libkcapi.so.%version.hmac \ @@ -135,8 +135,9 @@ mv %{buildroot}/usr/bin/* %{buildroot}/%_libexecdir/libkcapi/ %files tools %dir %{_libexecdir}/libkcapi -/%_libexecdir/libkcapi/*sum* -/%_libexecdir/libkcapi/*hmac* +%{_libexecdir}/libkcapi/*sum* +%{_libexecdir}/libkcapi/*hmac* +%{_libexecdir}/libkcapi/.*.hmac %{_libexecdir}/libkcapi/kcapi %{_libexecdir}/libkcapi/kcapi-convenience %{_libexecdir}/libkcapi/compile-test.sh From fa7295fd36f052aa1e1c26af93945f3f96c3b23fa224f85bc74c1514783fbe6c Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Wed, 25 Mar 2020 07:11:20 +0000 Subject: [PATCH 12/14] OBS-URL: https://build.opensuse.org/package/show/security/libkcapi?expand=0&rev=31 --- libkcapi.spec | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libkcapi.spec b/libkcapi.spec index 67efe96..cbc4b2b 100644 --- a/libkcapi.spec +++ b/libkcapi.spec @@ -94,6 +94,7 @@ rm %{buildroot}/%_libdir/libkcapi.la mkdir -p %{buildroot}/%{_libexecdir}/libkcapi/ mv %{buildroot}/usr/bin/* %{buildroot}/%{_libexecdir}/libkcapi/ +mv %{buildroot}/usr/bin/.??* %{buildroot}/%{_libexecdir}/libkcapi/ # Add generation of HMAC checksums of the final fipshmac fipscheck stripped binaries %define __spec_install_post \ @@ -148,6 +149,11 @@ mv %{buildroot}/usr/bin/* %{buildroot}/%{_libexecdir}/libkcapi/ %{_libexecdir}/libkcapi/kcapi-enc-test-large.sh %{_libexecdir}/libkcapi/kcapi-enc-test.sh %{_libexecdir}/libkcapi/kcapi-fuzz-test.sh +%{_libexecdir}/libkcapi/fipscheck +%{_libexecdir}/libkcapi/kcapi-dgst +%{_libexecdir}/libkcapi/kcapi-enc +%{_libexecdir}/libkcapi/kcapi-rng +%{_libexecdir}/libkcapi/kcapi-speed %{_libexecdir}/libkcapi/libtest.sh %{_libexecdir}/libkcapi/test-invocation.sh %{_libexecdir}/libkcapi/test.sh From 37e05d690f1f700e4d7e130f60ea09e2ea35994857c95bded2a48e42d579b8a3 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Wed, 25 Mar 2020 07:29:29 +0000 Subject: [PATCH 13/14] OBS-URL: https://build.opensuse.org/package/show/security/libkcapi?expand=0&rev=32 --- libkcapi.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/libkcapi.spec b/libkcapi.spec index cbc4b2b..98894be 100644 --- a/libkcapi.spec +++ b/libkcapi.spec @@ -77,6 +77,7 @@ libkcapi user space tools to access certain hash algorithms. %build autoreconf -i +export RPM_OPT_FLAGS="-fcommon $RPM_OPT_FLAGS" %configure \ --disable-static \ --enable-kcapi-test \ From 3403934813392b80540f17305bee779b3335de6b7374cf65368bd3b3d150e6b0 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Wed, 25 Mar 2020 07:39:37 +0000 Subject: [PATCH 14/14] OBS-URL: https://build.opensuse.org/package/show/security/libkcapi?expand=0&rev=33 --- libkcapi.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/libkcapi.spec b/libkcapi.spec index 98894be..cbc4b2b 100644 --- a/libkcapi.spec +++ b/libkcapi.spec @@ -77,7 +77,6 @@ libkcapi user space tools to access certain hash algorithms. %build autoreconf -i -export RPM_OPT_FLAGS="-fcommon $RPM_OPT_FLAGS" %configure \ --disable-static \ --enable-kcapi-test \