pool/libnettle
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 734377 from home:vitezslav_cizek:branches:security:tls

Browse Source 
- Install checksums for binary integrity verification which are
  required when running in FIPS mode (bsc#1152692, jsc#SLE-9518)

OBS-URL: https://build.opensuse.org/request/show/734377
OBS-URL: https://build.opensuse.org/package/show/security:tls/libnettle?expand=0&rev=9
This commit is contained in:
Tomáš Chvátal 2019-10-01 15:19:02 +00:00 committed by Git OBS Bridge
parent fd40c56ebf
commit a362a8c859
2 changed files with 25 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libnettle.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Tue Oct 1 15:08:36 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
- Install checksums for binary integrity verification which are
required when running in FIPS mode (bsc#1152692, jsc#SLE-9518)
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Aug 1 10:26:28 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de> Thu Aug 1 10:26:28 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de>

19
libnettle.spec
View File

@ -31,6 +31,7 @@ Source2: %{name}.keyring
Source3: baselibs.conf Source3: baselibs.conf
# PATCH-FIX-UPSTREAM respect cflags while building # PATCH-FIX-UPSTREAM respect cflags while building
Patch0: nettle-respect-cflags.patch Patch0: nettle-respect-cflags.patch
BuildRequires: fipscheck
BuildRequires: gmp-devel BuildRequires: gmp-devel
BuildRequires: m4 BuildRequires: m4
BuildRequires: makeinfo BuildRequires: makeinfo
@ -105,6 +106,22 @@ make %{?_smp_mflags}
%install %install
%make_install %make_install
# the hmac hashes:
#
# this is a hack that re-defines the __os_install_post macro
# for a simple reason: the macro strips the binaries and thereby
# invalidates a HMAC that may have been created earlier.
# solution: create the hashes _after_ the macro runs.
#
# this shows up earlier because otherwise the %expand of
# the macro is too late.
# remark: This is the same as running
# openssl dgst -sha256 -hmac 'orboDeJITITejsirpADONivirpUkvarP'
%{expand:%%global __os_install_post {%__os_install_post
%{_bindir}/fipshmac %{buildroot}%{_libdir}/libnettle.so.%{soname}
%{_bindir}/fipshmac %{buildroot}%{_libdir}/libhogweed.so.%{hogweed_soname}
}}
%post -n libnettle%{soname} -p /sbin/ldconfig %post -n libnettle%{soname} -p /sbin/ldconfig
%postun -n libnettle%{soname} -p /sbin/ldconfig %postun -n libnettle%{soname} -p /sbin/ldconfig
%post -n libhogweed%{hogweed_soname} -p /sbin/ldconfig %post -n libhogweed%{hogweed_soname} -p /sbin/ldconfig
@ -123,10 +140,12 @@ make check %{?_smp_mflags}
%doc AUTHORS ChangeLog NEWS README %doc AUTHORS ChangeLog NEWS README
%{_libdir}/libnettle.so.%{soname} %{_libdir}/libnettle.so.%{soname}
%{_libdir}/libnettle.so.%{soname}.* %{_libdir}/libnettle.so.%{soname}.*
%{_libdir}/.libnettle.so.%{soname}.hmac
%files -n libhogweed%{hogweed_soname} %files -n libhogweed%{hogweed_soname}
%{_libdir}/libhogweed.so.%{hogweed_soname} %{_libdir}/libhogweed.so.%{hogweed_soname}
%{_libdir}/libhogweed.so.%{hogweed_soname}.* %{_libdir}/libhogweed.so.%{hogweed_soname}.*
%{_libdir}/.libhogweed.so.%{hogweed_soname}.hmac
%files -n libnettle-devel %files -n libnettle-devel
%{_includedir}/nettle %{_includedir}/nettle