1
0

Accepting request 865444 from home:pmonrealgonzalez:branches:security:tls

- Update to git version 20210118
  * Output sigalgs required by nss >=3.59
  * Bump Python requirement to 3.6
  * Kerberos 5: Fix policy generator to account for macs
  * Add AES-192 support (non-TLS scenarios)
  * Add documentation of the --check option

- Fix the man pages generation
- Add crypto-policies-asciidoc.patch

- Test only supported modules
- Add crypto-policies-test_supported_modules_only.patch

- Add crypto-policies-typos.patch to fix some typos

OBS-URL: https://build.opensuse.org/request/show/865444
OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=2
This commit is contained in:
Pedro Monreal Gonzalez 2021-01-21 14:53:23 +00:00 committed by Git OBS Bridge
parent af8d3f38d5
commit c78ee41234
6 changed files with 105 additions and 14 deletions

2
README.SUSE Normal file
View File

@ -0,0 +1,2 @@
Currently only OpenSSL, GnuTLS, and NSS policies are supported.
The rest of the modules ignore the policy settings for the time being.

View File

@ -0,0 +1,13 @@
Index: fedora-crypto-policies-master/Makefile
===================================================================
--- fedora-crypto-policies-master.orig/Makefile
+++ fedora-crypto-policies-master/Makefile
@@ -45,8 +45,6 @@ check:
tests/openssl.pl
tests/gnutls.pl
tests/nss.py
- tests/java.pl
- tests/krb5.py
top_srcdir=. tests/update-crypto-policies.sh
test: check runpylint

View File

@ -0,0 +1,48 @@
From: Hideki Yamane <h-yamane@sios.com>
Date: Sun, 25 Aug 2019 04:08:35 +0900
Subject: fix typos
---
crypto-policies.7.txt | 2 +-
fips-finish-install | 2 +-
fips-finish-install.8.txt | 2 +-
Index: fedora-crypto-policies-master/crypto-policies.7.txt
===================================================================
--- fedora-crypto-policies-master.orig/crypto-policies.7.txt
+++ fedora-crypto-policies-master/crypto-policies.7.txt
@@ -236,7 +236,7 @@ To completely override a list value in a
sign. Combining 'list-items' with and without signs in a single list value assignment is
not allowed however an existing list value can be modified in multiple further assignments.
-Non-list key values in the policy module files are simply overriden.
+Non-list key values in the policy module files are simply overridden.
The keys marked as *Optional* can be omitted in the policy definition
files. In that case, the values will be derived from the base
Index: fedora-crypto-policies-master/fips-finish-install
===================================================================
--- fedora-crypto-policies-master.orig/fips-finish-install
+++ fedora-crypto-policies-master/fips-finish-install
@@ -12,7 +12,7 @@ if test -f /run/ostree-booted; then
fi
if test x"$1" != x--complete ; then
- echo "Complete the instalation of FIPS modules."
+ echo "Complete the installation of FIPS modules."
echo "usage: $0 --complete"
exit 2
fi
Index: fedora-crypto-policies-master/fips-finish-install.8.txt
===================================================================
--- fedora-crypto-policies-master.orig/fips-finish-install.8.txt
+++ fedora-crypto-policies-master/fips-finish-install.8.txt
@@ -21,7 +21,7 @@ fips-finish-install(8)
NAME
----
-fips-finish-install - complete the instalation of FIPS modules.
+fips-finish-install - complete the installation of FIPS modules.
SYNOPSIS

View File

@ -1,3 +1,30 @@
-------------------------------------------------------------------
Thu Jan 21 14:44:07 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
- Update to git version 20210118
* Output sigalgs required by nss >=3.59
* Bump Python requirement to 3.6
* Kerberos 5: Fix policy generator to account for macs
* Add AES-192 support (non-TLS scenarios)
* Add documentation of the --check option
-------------------------------------------------------------------
Thu Jan 21 14:42:13 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
- Fix the man pages generation
- Add crypto-policies-asciidoc.patch
-------------------------------------------------------------------
Thu Jan 21 09:56:42 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
- Test only supported modules
- Add crypto-policies-test_supported_modules_only.patch
-------------------------------------------------------------------
Tue Dec 22 10:50:36 UTC 2020 - Pedro Monreal <pmonreal@suse.com>
- Add crypto-policies-typos.patch to fix some typos
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Nov 12 08:20:19 UTC 2020 - Vítězslav Čížek <vcizek@suse.com> Thu Nov 12 08:20:19 UTC 2020 - Vítězslav Čížek <vcizek@suse.com>

View File

@ -16,19 +16,19 @@
# #
%global git_date 20201115 %global git_date 20210118
#%global git_commit 85dccc5a5b7127e54e0c82b2b5ab5f5fb6fb5490
#%{?git_commit:%global git_commit_hash %(c=%{git_commit}; echo ${c:0:7})}
%global _python_bytecompile_extra 0 %global _python_bytecompile_extra 0
Name: crypto-policies Name: crypto-policies
Version: %{git_date} Version: %{git_date}
Release: 1.git%{git_commit_hash}%{?dist} Release: 0
Summary: System-wide crypto policies Summary: System-wide crypto policies
License: LGPL-2.1-or-later License: LGPL-2.1-or-later
URL: https://gitlab.com/redhat-crypto/fedora-crypto-policies URL: https://gitlab.com/redhat-crypto/fedora-crypto-policies
#Source0: https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/archive/%{git_commit_hash}/%{name}-git%{git_commit_hash}.tar.gz
Source0: fedora-crypto-policies-master.tar.gz Source0: fedora-crypto-policies-master.tar.gz
Source1: README.SUSE
Patch0: crypto-policies-asciidoc.patch Patch0: crypto-policies-asciidoc.patch
Patch1: crypto-policies-typos.patch
Patch2: crypto-policies-test_supported_modules_only.patch
BuildRequires: asciidoc BuildRequires: asciidoc
BuildRequires: bind BuildRequires: bind
BuildRequires: gnutls >= 3.6.0 BuildRequires: gnutls >= 3.6.0
@ -36,16 +36,16 @@ BuildRequires: java-devel
BuildRequires: libxslt BuildRequires: libxslt
BuildRequires: openssl BuildRequires: openssl
BuildRequires: perl BuildRequires: perl
BuildRequires: python3-devel BuildRequires: python3-devel >= 3.6
BuildRequires: perl(File::Copy) BuildRequires: perl(File::Copy)
BuildRequires: perl(File::Temp) BuildRequires: perl(File::Temp)
BuildRequires: perl(File::Which) BuildRequires: perl(File::Which)
BuildRequires: perl(File::pushd) #BuildRequires: perl(File::pushd)
Recommends: crypto-policies-scripts Recommends: crypto-policies-scripts
Conflicts: gnutls < 3.6.11 #Conflicts: gnutls < 3.6.11
Conflicts: libreswan < 3.28 #Conflicts: libreswan < 3.28
Conflicts: nss < 3.44.0 Conflicts: nss < 3.44.0
Conflicts: openssh < 8.2p1 #Conflicts: openssh < 8.2p1
BuildArch: noarch BuildArch: noarch
%description %description
@ -69,7 +69,6 @@ The package also provides a tool fips-mode-setup, which can be used
to enable or disable the system FIPS mode. to enable or disable the system FIPS mode.
%prep %prep
#%setup -q -n fedora-crypto-policies-%{git_commit_hash}-%{git_commit}
%autosetup -p1 -n fedora-crypto-policies-master %autosetup -p1 -n fedora-crypto-policies-master
%build %build
@ -107,6 +106,8 @@ done
%py3_compile %{buildroot}%{_datadir}/crypto-policies/python %py3_compile %{buildroot}%{_datadir}/crypto-policies/python
cp %{SOURCE1} %{buildroot}%{_sysconfdir}/crypto-policies
%check %check
%make_build check %make_build check
@ -143,7 +144,6 @@ end
%{_bindir}/update-crypto-policies --no-check >/dev/null 2>/dev/null || : %{_bindir}/update-crypto-policies --no-check >/dev/null 2>/dev/null || :
%files %files
%dir %{_sysconfdir}/crypto-policies/ %dir %{_sysconfdir}/crypto-policies/
%dir %{_sysconfdir}/crypto-policies/back-ends/ %dir %{_sysconfdir}/crypto-policies/back-ends/
%dir %{_sysconfdir}/crypto-policies/state/ %dir %{_sysconfdir}/crypto-policies/state/
@ -152,6 +152,7 @@ end
%dir %{_sysconfdir}/crypto-policies/policies/modules/ %dir %{_sysconfdir}/crypto-policies/policies/modules/
%dir %{_datarootdir}/crypto-policies/ %dir %{_datarootdir}/crypto-policies/
%{_sysconfdir}/crypto-policies/README.SUSE
%ghost %config(missingok,noreplace) %{_sysconfdir}/crypto-policies/config %ghost %config(missingok,noreplace) %{_sysconfdir}/crypto-policies/config
%ghost %config(missingok,noreplace) %{_sysconfdir}/crypto-policies/back-ends/gnutls.config %ghost %config(missingok,noreplace) %{_sysconfdir}/crypto-policies/back-ends/gnutls.config

View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1 version https://git-lfs.github.com/spec/v1
oid sha256:3c9b25736802f9f0af94f213eae8f146cd7ba5cc5288fe33ab6e09c60e50ccb9 oid sha256:1ca1dabb526ff35720512f6f1aa533112985e20d1521abbc1e990f8a2efdbd64
size 54714 size 55699