From 45bf10ba52257bfc4a9f7355de9c0f560e0d7f442cc638680a1796bea8c0053a Mon Sep 17 00:00:00 2001 From: Ludwig Nussel Date: Mon, 21 Jun 2021 07:34:17 +0000 Subject: [PATCH] Accepting request 900770 from home:favogt:bcfips - Add pattern to install necessary packages for FIPS (bsc#1183154) - Run pre_checkin.sh - Fix build for SLE OBS-URL: https://build.opensuse.org/request/show/900770 OBS-URL: https://build.opensuse.org/package/show/system:install:head/patterns-base?expand=0&rev=185 --- pattern-definition-32bit.txt | 22 +++------------------- patterns-base.changes | 7 +++++++ patterns-base.spec | 36 +++++++++++++++++++++++++++++++++--- pre_checkin.sh | 2 +- 4 files changed, 44 insertions(+), 23 deletions(-) diff --git a/pattern-definition-32bit.txt b/pattern-definition-32bit.txt index 0550a38..861a5ba 100644 --- a/pattern-definition-32bit.txt +++ b/pattern-definition-32bit.txt @@ -35,16 +35,16 @@ Recommends: libnss_usrfiles2-32bit Recommends: pam-32bit Recommends: pam-config-32bit Recommends: rpm-32bit -Recommends: sysconfig-32bit Recommends: system-user-nobody-32bit Recommends: systemd-32bit Recommends: util-linux-32bit Recommends: zypper-32bit -Recommends: rollback-helper-32bit Recommends: SUSEConnect-32bit +Recommends: rollback-helper-32bit Recommends: purge-kernels-service-32bit Recommends: busybox-static-32bit Recommends: elfutils-32bit +Recommends: glibc-locale-base-32bit Recommends: hostname-32bit Recommends: iproute2-32bit Recommends: issue-generator-32bit @@ -58,7 +58,6 @@ Recommends: terminfo-32bit Recommends: terminfo-iterm-32bit Recommends: terminfo-screen-32bit Recommends: timezone-32bit -Recommends: glibc-locale-base-32bit Recommends: ppc64-diag-32bit Recommends: haveged-32bit Provides: pattern() = base%2d32bit @@ -80,7 +79,6 @@ Summary: Enhanced Base System Recommends: openssh-32bit Recommends: aaa_base-extras-32bit Recommends: acl-32bit -Recommends: alsa-plugins-32bit Recommends: attr-32bit Recommends: autofs-32bit Recommends: bash-completion-32bit @@ -90,16 +88,8 @@ Recommends: cifs-utils-32bit Recommends: command-not-found-32bit Recommends: cpio-32bit Recommends: cpupower-32bit -Recommends: cronie-32bit Recommends: cryptsetup-32bit -Recommends: cups-32bit -Recommends: cups-client-32bit Recommends: curl-32bit -Recommends: cyrus-sasl-32bit -Recommends: cyrus-sasl-crammd5-32bit -Recommends: cyrus-sasl-digestmd5-32bit -Recommends: cyrus-sasl-gssapi-32bit -Recommends: cyrus-sasl-plain-32bit Recommends: deltarpm-32bit Recommends: diffutils-32bit Recommends: dos2unix-32bit @@ -112,8 +102,8 @@ Recommends: firewalld-32bit Recommends: fuse-32bit Recommends: gawk-32bit Recommends: gettext-runtime-32bit -Recommends: glibc-locale-base-32bit Recommends: glibc-locale-32bit +Recommends: glibc-locale-base-32bit Recommends: gpart-32bit Recommends: gpg2-32bit Recommends: gpm-32bit @@ -145,7 +135,6 @@ Recommends: nfsidmap-32bit Recommends: nscd-32bit Recommends: ntfs-3g-32bit Recommends: ntfsprogs-32bit -Recommends: openslp-32bit Recommends: pam-config-32bit Recommends: parted-32bit Recommends: pciutils-32bit @@ -153,7 +142,6 @@ Recommends: pciutils-ids-32bit Recommends: perl-Bootloader-32bit Recommends: perl-base-32bit Recommends: pinentry-32bit -Recommends: postfix-32bit Recommends: psmisc-32bit Recommends: rsync-32bit Recommends: rsyslog-32bit @@ -164,13 +152,10 @@ Recommends: sed-32bit Recommends: sg3_utils-32bit Recommends: smartmontools-32bit Recommends: sudo-32bit -Recommends: sysconfig-32bit Recommends: system-tuning-common-SUSE-32bit Recommends: systemd-sysvinit-32bit Recommends: time-32bit Recommends: timezone-32bit -Recommends: translation-update-32bit -Recommends: udev-32bit Recommends: udev-configure-printer-32bit Recommends: usbutils-32bit Recommends: vim-32bit @@ -204,7 +189,6 @@ Recommends: ucode-amd-32bit Recommends: ucode-intel-32bit Recommends: joe-32bit Recommends: mpt-status-32bit -Recommends: perl-TermReadLine-Gnu-32bit Recommends: prctl-32bit Recommends: procinfo-32bit Recommends: procmail-32bit diff --git a/patterns-base.changes b/patterns-base.changes index 77a821a..6af2c45 100644 --- a/patterns-base.changes +++ b/patterns-base.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Fri Jun 18 10:12:18 UTC 2021 - Fabian Vogt + +- Add pattern to install necessary packages for FIPS (bsc#1183154) +- Run pre_checkin.sh +- Fix build for SLE + ------------------------------------------------------------------- Thu Jun 17 11:27:22 UTC 2021 - Dominique Leuenberger diff --git a/patterns-base.spec b/patterns-base.spec index 20dada9..8bade12 100644 --- a/patterns-base.spec +++ b/patterns-base.spec @@ -535,6 +535,37 @@ This is the enhanced base runtime system with lots of convenience packages. ################################################################################ +%package fips +%pattern_basetechnologies +Summary: FIPS capable system +Group: Metapackages +Provides: pattern() = fips +Provides: pattern-icon() = pattern-basis_addon + +Requires: (dracut-fips if dracut) +Requires: (libcryptsetup12-hmac if libcryptsetup12) +Requires: (libcryptsetup12-hmac-32bit if libcryptsetup12-32bit) +Requires: (libfreebl3-hmac if libfreebl3) +Requires: (libfreebl3-hmac-32bit if libfreebl3-32bit) +Requires: (libgcrypt20-hmac if libgcrypt20) +Requires: (libgnutls30-hmac if libgnutls30) +Requires: (libopenssl1_0_0-hmac if libopenssl1_0_0) +Requires: (libopenssl1_0_0-hmac-32bit if libopenssl1_0_0-32bit) +Requires: (libopenssl1_1-hmac if libopenssl1_1) +Requires: (libsoftokn3-hmac if libsoftokn3) +Requires: (libsoftokn3-hmac-32bit if libsoftokn3-32bit) +Requires: (openssh-fips if openssh-clients) +Requires: (openssh-fips if openssh-server) +Requires: (strongswan-hmac if strongswan) + +%description fips +This pattern installs all packages necessary for a FIPS capable system, for instance +HMACs for FIPS-140-2 integrity checking. + +%files fips +%dir %{_docdir}/patterns +%{_docdir}/patterns/fips.txt + ################################################################################ %package minimal_base @@ -981,14 +1012,13 @@ for i in apparmor base enhanced_base minimal_base sw_management x11 x11_enhanced done # These packages don't generate a 32bit pattern -for i in \ +for i in basesystem bootloader basic_desktop documentation fips transactional_base \ %if 0%{?is_opensuse} -basesystem bootloader basic_desktop console documentation selinux transactional_base update_test \ +console selinux update_test \ %else %ifnarch s390 s390x 32bit \ %endif -basesystem bootloader basic_desktop documentation \ %endif %ifarch armv6hl armv7hl aarch64 x11_raspberrypi \ diff --git a/pre_checkin.sh b/pre_checkin.sh index 7f273ca..35d1ba7 100644 --- a/pre_checkin.sh +++ b/pre_checkin.sh @@ -1,3 +1,3 @@ #!/bin/sh -perl create_32bit-patterns_file.pl -p base -s apparmor_opt -s basesystem -s basic_desktop -s bootloader -s console -s documentation -s enhanced_base_opt -s minimal_base_conflicts -s readonly_root_tools -s selinux -s transactional_base -s update_test -s x11_opt -s x11_raspberrypi > pattern-definition-32bit.txt +perl create_32bit-patterns_file.pl -p base -s apparmor_opt -s basesystem -s basic_desktop -s bootloader -s console -s documentation -s enhanced_base_opt -s fips -s minimal_base_conflicts -s readonly_root_tools -s selinux -s transactional_base -s update_test -s x11_opt -s x11_raspberrypi > pattern-definition-32bit.txt