Accepting request 901340 from home:favogt:bcfips

- Make the fips pattern supersede "patterns-server-enterprise-fips", take missing pieces and obsolete it OBS-URL: https://build.opensuse.org/request/show/901340 OBS-URL: https://build.opensuse.org/package/show/system:install:head/patterns-base?expand=0&rev=186
2021-06-23 01:11:33 +00:00 · 2021-06-23 01:11:33 +00:00 · 43e88f426d
commit 43e88f426d
parent 45bf10ba52
2 changed files with 26 additions and 4 deletions
--- a/patterns-base.changes
+++ b/patterns-base.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Jun 22 11:52:12 UTC 2021 - Fabian Vogt <fvogt@suse.com>
+
+- Make the fips pattern supersede "patterns-server-enterprise-fips",
+  take missing pieces and obsolete it
+
 -------------------------------------------------------------------
 Fri Jun 18 10:12:18 UTC 2021 - Fabian Vogt <fvogt@suse.com>

--- a/patterns-base.spec
+++ b/patterns-base.spec
@ -536,11 +536,19 @@ This is the enhanced base runtime system with lots of convenience packages.
 ################################################################################

 %package fips
-%pattern_basetechnologies
-Summary:        FIPS capable system
+%pattern_primaryfunctions
+Summary:        FIPS 140-2 specific packages
 Group:          Metapackages
 Provides:       pattern() = fips
 Provides:       pattern-icon() = pattern-basis_addon
+Provides:       pattern-order() = 3010
+Provides:       pattern-visible()
+Provides:       patterns-sles-fips = %{version}
+Obsoletes:      patterns-sles-fips < %{version}
+Provides:       patterns-server-enterprise-fips = %{version}
+Obsoletes:      patterns-server-enterprise-fips < %{version}
+Provides:       patterns-server-enterprise-fips-32bit = %{version}
+Obsoletes:      patterns-server-enterprise-fips-32bit < %{version}

 Requires:       (dracut-fips if dracut)
 Requires:       (libcryptsetup12-hmac if libcryptsetup12)
@ -549,9 +557,11 @@ Requires:       (libfreebl3-hmac if libfreebl3)
 Requires:       (libfreebl3-hmac-32bit if libfreebl3-32bit)
 Requires:       (libgcrypt20-hmac if libgcrypt20)
 Requires:       (libgnutls30-hmac if libgnutls30)
+Requires:       (libgnutls30-hmac-32bit if libgnutls30-32bit)
 Requires:       (libopenssl1_0_0-hmac if libopenssl1_0_0)
 Requires:       (libopenssl1_0_0-hmac-32bit if libopenssl1_0_0-32bit)
 Requires:       (libopenssl1_1-hmac if libopenssl1_1)
+Requires:       (libopenssl1_1-hmac-32bit if libopenssl1_1-32bit)
 Requires:       (libsoftokn3-hmac if libsoftokn3)
 Requires:       (libsoftokn3-hmac-32bit if libsoftokn3-32bit)
 Requires:       (openssh-fips if openssh-clients)
@ -559,8 +569,14 @@ Requires:       (openssh-fips if openssh-server)
 Requires:       (strongswan-hmac if strongswan)

 %description fips
-This pattern installs all packages necessary for a FIPS capable system, for instance
-HMACs for FIPS-140-2 integrity checking.
+This pattern installs the FIPS 140-2 specific packages that complete the various
+cryptographic modules in use. It is required if you want to run the
+machine with "fips=1".
+
+Please note that this pattern only enables FIPS 140-2 compliant operation, it does
+not directly make the system FIPS 140-2 certified nor validated.
+
+Please refer to SUSE official statements on the state of FIPS 140-2 certification.

 %files fips
 %dir %{_docdir}/patterns