Accepting request 865444 from home:pmonrealgonzalez:branches:security:tls

- Update to git version 20210118 * Output sigalgs required by nss >=3.59 * Bump Python requirement to 3.6 * Kerberos 5: Fix policy generator to account for macs * Add AES-192 support (non-TLS scenarios) * Add documentation of the --check option - Fix the man pages generation - Add crypto-policies-asciidoc.patch - Test only supported modules - Add crypto-policies-test_supported_modules_only.patch - Add crypto-policies-typos.patch to fix some typos OBS-URL: https://build.opensuse.org/request/show/865444 OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=2
2021-01-21 14:53:23 +00:00 · 2021-01-21 14:53:23 +00:00 · c78ee41234
commit c78ee41234
parent af8d3f38d5
6 changed files with 105 additions and 14 deletions
--- a/README.SUSE
+++ b/README.SUSE
@ -0,0 +1,2 @@
+Currently only OpenSSL, GnuTLS, and NSS policies are supported.
+The rest of the modules ignore the policy settings for the time being.
--- a/crypto-policies-test_supported_modules_only.patch
+++ b/crypto-policies-test_supported_modules_only.patch
@ -0,0 +1,13 @@
+Index: fedora-crypto-policies-master/Makefile
+===================================================================
+--- fedora-crypto-policies-master.orig/Makefile
+++ fedora-crypto-policies-master/Makefile
+@@ -45,8 +45,6 @@ check:
+ 	tests/openssl.pl
+ 	tests/gnutls.pl
+ 	tests/nss.py
+-	tests/java.pl
+-	tests/krb5.py
+ 	top_srcdir=. tests/update-crypto-policies.sh
+ 
+ test: check runpylint
--- a/crypto-policies-typos.patch
+++ b/crypto-policies-typos.patch
@ -0,0 +1,48 @@
+From: Hideki Yamane <h-yamane@sios.com>
+Date: Sun, 25 Aug 2019 04:08:35 +0900
+Subject: fix typos
+
+---
+ crypto-policies.7.txt        | 2 +-
+ fips-finish-install          | 2 +-
+ fips-finish-install.8.txt    | 2 +-
+
+Index: fedora-crypto-policies-master/crypto-policies.7.txt
+===================================================================
+--- fedora-crypto-policies-master.orig/crypto-policies.7.txt
+++ fedora-crypto-policies-master/crypto-policies.7.txt
+@@ -236,7 +236,7 @@ To completely override a list value in a
+ sign. Combining 'list-items' with and without signs in a single list value assignment is
+ not allowed however an existing list value can be modified in multiple further assignments.
+ 
+-Non-list key values in the policy module files are simply overriden.
+Non-list key values in the policy module files are simply overridden.
+ 
+ The keys marked as *Optional* can be omitted in the policy definition
+ files. In that case, the values will be derived from the base
+Index: fedora-crypto-policies-master/fips-finish-install
+===================================================================
+--- fedora-crypto-policies-master.orig/fips-finish-install
+++ fedora-crypto-policies-master/fips-finish-install
+@@ -12,7 +12,7 @@ if test -f /run/ostree-booted; then
+ fi
+ 
+ if test x"$1" !=  x--complete ; then
+-	echo "Complete the instalation of FIPS modules."
+	echo "Complete the installation of FIPS modules."
+ 	echo "usage: $0 --complete"
+ 	exit 2
+ fi
+Index: fedora-crypto-policies-master/fips-finish-install.8.txt
+===================================================================
+--- fedora-crypto-policies-master.orig/fips-finish-install.8.txt
+++ fedora-crypto-policies-master/fips-finish-install.8.txt
+@@ -21,7 +21,7 @@ fips-finish-install(8)
+ 
+ NAME
+ ----
+-fips-finish-install - complete the instalation of FIPS modules.
+fips-finish-install - complete the installation of FIPS modules.
+ 
+ 
+ SYNOPSIS
--- a/crypto-policies.changes
+++ b/crypto-policies.changes
@ -1,3 +1,30 @@
+-------------------------------------------------------------------
+Thu Jan 21 14:44:07 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to git version 20210118
+  * Output sigalgs required by nss >=3.59
+  * Bump Python requirement to 3.6
+  * Kerberos 5: Fix policy generator to account for macs
+  * Add AES-192 support (non-TLS scenarios)
+  * Add documentation of the --check option
+
+-------------------------------------------------------------------
+Thu Jan 21 14:42:13 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
+
+- Fix the man pages generation
+- Add crypto-policies-asciidoc.patch
+
+-------------------------------------------------------------------
+Thu Jan 21 09:56:42 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
+
+- Test only supported modules
+- Add crypto-policies-test_supported_modules_only.patch
+
+-------------------------------------------------------------------
+Tue Dec 22 10:50:36 UTC 2020 - Pedro Monreal <pmonreal@suse.com>
+
+- Add crypto-policies-typos.patch to fix some typos
+
 -------------------------------------------------------------------
 Thu Nov 12 08:20:19 UTC 2020 - Vítězslav Čížek <vcizek@suse.com>

--- a/crypto-policies.spec
+++ b/crypto-policies.spec
@ -16,19 +16,19 @@
 #


-%global git_date 20201115
-#%global git_commit 85dccc5a5b7127e54e0c82b2b5ab5f5fb6fb5490
-#%{?git_commit:%global git_commit_hash %(c=%{git_commit}; echo ${c:0:7})}
+%global git_date 20210118
 %global _python_bytecompile_extra 0
 Name:           crypto-policies
 Version:        %{git_date}
-Release:        1.git%{git_commit_hash}%{?dist}
+Release:        0
 Summary:        System-wide crypto policies
 License:        LGPL-2.1-or-later
 URL:            https://gitlab.com/redhat-crypto/fedora-crypto-policies
-#Source0:        https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/archive/%{git_commit_hash}/%{name}-git%{git_commit_hash}.tar.gz
 Source0:        fedora-crypto-policies-master.tar.gz
+Source1:        README.SUSE
 Patch0:         crypto-policies-asciidoc.patch
+Patch1:         crypto-policies-typos.patch
+Patch2:         crypto-policies-test_supported_modules_only.patch
 BuildRequires:  asciidoc
 BuildRequires:  bind
 BuildRequires:  gnutls >= 3.6.0
@ -36,16 +36,16 @@ BuildRequires:  java-devel
 BuildRequires:  libxslt
 BuildRequires:  openssl
 BuildRequires:  perl
-BuildRequires:  python3-devel
+BuildRequires:  python3-devel >= 3.6
 BuildRequires:  perl(File::Copy)
 BuildRequires:  perl(File::Temp)
 BuildRequires:  perl(File::Which)
-BuildRequires:  perl(File::pushd)
+#BuildRequires:  perl(File::pushd)
 Recommends:     crypto-policies-scripts
-Conflicts:      gnutls < 3.6.11
-Conflicts:      libreswan < 3.28
+#Conflicts:      gnutls < 3.6.11
+#Conflicts:      libreswan < 3.28
 Conflicts:      nss < 3.44.0
-Conflicts:      openssh < 8.2p1
+#Conflicts:      openssh < 8.2p1
 BuildArch:      noarch

 %description
@ -69,7 +69,6 @@ The package also provides a tool fips-mode-setup, which can be used
 to enable or disable the system FIPS mode.

 %prep
-#%setup -q -n fedora-crypto-policies-%{git_commit_hash}-%{git_commit}
 %autosetup -p1 -n fedora-crypto-policies-master

 %build
@ -107,6 +106,8 @@ done

 %py3_compile %{buildroot}%{_datadir}/crypto-policies/python

+cp %{SOURCE1} %{buildroot}%{_sysconfdir}/crypto-policies
+
 %check
 %make_build check

@ -143,7 +144,6 @@ end
 %{_bindir}/update-crypto-policies --no-check >/dev/null 2>/dev/null || :

 %files
-
 %dir %{_sysconfdir}/crypto-policies/
 %dir %{_sysconfdir}/crypto-policies/back-ends/
 %dir %{_sysconfdir}/crypto-policies/state/
@ -152,6 +152,7 @@ end
 %dir %{_sysconfdir}/crypto-policies/policies/modules/
 %dir %{_datarootdir}/crypto-policies/

+%{_sysconfdir}/crypto-policies/README.SUSE
 %ghost %config(missingok,noreplace) %{_sysconfdir}/crypto-policies/config

 %ghost %config(missingok,noreplace) %{_sysconfdir}/crypto-policies/back-ends/gnutls.config
--- a/fedora-crypto-policies-master.tar.gz
+++ b/fedora-crypto-policies-master.tar.gz
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:3c9b25736802f9f0af94f213eae8f146cd7ba5cc5288fe33ab6e09c60e50ccb9
-size 54714
+oid sha256:1ca1dabb526ff35720512f6f1aa533112985e20d1521abbc1e990f8a2efdbd64
+size 55699