forked from pool/crypto-policies
Accepting request 865444 from home:pmonrealgonzalez:branches:security:tls
- Update to git version 20210118 * Output sigalgs required by nss >=3.59 * Bump Python requirement to 3.6 * Kerberos 5: Fix policy generator to account for macs * Add AES-192 support (non-TLS scenarios) * Add documentation of the --check option - Fix the man pages generation - Add crypto-policies-asciidoc.patch - Test only supported modules - Add crypto-policies-test_supported_modules_only.patch - Add crypto-policies-typos.patch to fix some typos OBS-URL: https://build.opensuse.org/request/show/865444 OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=2
This commit is contained in:
parent
af8d3f38d5
commit
c78ee41234
2
README.SUSE
Normal file
2
README.SUSE
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
Currently only OpenSSL, GnuTLS, and NSS policies are supported.
|
||||||
|
The rest of the modules ignore the policy settings for the time being.
|
13
crypto-policies-test_supported_modules_only.patch
Normal file
13
crypto-policies-test_supported_modules_only.patch
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
Index: fedora-crypto-policies-master/Makefile
|
||||||
|
===================================================================
|
||||||
|
--- fedora-crypto-policies-master.orig/Makefile
|
||||||
|
+++ fedora-crypto-policies-master/Makefile
|
||||||
|
@@ -45,8 +45,6 @@ check:
|
||||||
|
tests/openssl.pl
|
||||||
|
tests/gnutls.pl
|
||||||
|
tests/nss.py
|
||||||
|
- tests/java.pl
|
||||||
|
- tests/krb5.py
|
||||||
|
top_srcdir=. tests/update-crypto-policies.sh
|
||||||
|
|
||||||
|
test: check runpylint
|
48
crypto-policies-typos.patch
Normal file
48
crypto-policies-typos.patch
Normal file
@ -0,0 +1,48 @@
|
|||||||
|
From: Hideki Yamane <h-yamane@sios.com>
|
||||||
|
Date: Sun, 25 Aug 2019 04:08:35 +0900
|
||||||
|
Subject: fix typos
|
||||||
|
|
||||||
|
---
|
||||||
|
crypto-policies.7.txt | 2 +-
|
||||||
|
fips-finish-install | 2 +-
|
||||||
|
fips-finish-install.8.txt | 2 +-
|
||||||
|
|
||||||
|
Index: fedora-crypto-policies-master/crypto-policies.7.txt
|
||||||
|
===================================================================
|
||||||
|
--- fedora-crypto-policies-master.orig/crypto-policies.7.txt
|
||||||
|
+++ fedora-crypto-policies-master/crypto-policies.7.txt
|
||||||
|
@@ -236,7 +236,7 @@ To completely override a list value in a
|
||||||
|
sign. Combining 'list-items' with and without signs in a single list value assignment is
|
||||||
|
not allowed however an existing list value can be modified in multiple further assignments.
|
||||||
|
|
||||||
|
-Non-list key values in the policy module files are simply overriden.
|
||||||
|
+Non-list key values in the policy module files are simply overridden.
|
||||||
|
|
||||||
|
The keys marked as *Optional* can be omitted in the policy definition
|
||||||
|
files. In that case, the values will be derived from the base
|
||||||
|
Index: fedora-crypto-policies-master/fips-finish-install
|
||||||
|
===================================================================
|
||||||
|
--- fedora-crypto-policies-master.orig/fips-finish-install
|
||||||
|
+++ fedora-crypto-policies-master/fips-finish-install
|
||||||
|
@@ -12,7 +12,7 @@ if test -f /run/ostree-booted; then
|
||||||
|
fi
|
||||||
|
|
||||||
|
if test x"$1" != x--complete ; then
|
||||||
|
- echo "Complete the instalation of FIPS modules."
|
||||||
|
+ echo "Complete the installation of FIPS modules."
|
||||||
|
echo "usage: $0 --complete"
|
||||||
|
exit 2
|
||||||
|
fi
|
||||||
|
Index: fedora-crypto-policies-master/fips-finish-install.8.txt
|
||||||
|
===================================================================
|
||||||
|
--- fedora-crypto-policies-master.orig/fips-finish-install.8.txt
|
||||||
|
+++ fedora-crypto-policies-master/fips-finish-install.8.txt
|
||||||
|
@@ -21,7 +21,7 @@ fips-finish-install(8)
|
||||||
|
|
||||||
|
NAME
|
||||||
|
----
|
||||||
|
-fips-finish-install - complete the instalation of FIPS modules.
|
||||||
|
+fips-finish-install - complete the installation of FIPS modules.
|
||||||
|
|
||||||
|
|
||||||
|
SYNOPSIS
|
@ -1,3 +1,30 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jan 21 14:44:07 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
||||||
|
|
||||||
|
- Update to git version 20210118
|
||||||
|
* Output sigalgs required by nss >=3.59
|
||||||
|
* Bump Python requirement to 3.6
|
||||||
|
* Kerberos 5: Fix policy generator to account for macs
|
||||||
|
* Add AES-192 support (non-TLS scenarios)
|
||||||
|
* Add documentation of the --check option
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jan 21 14:42:13 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
||||||
|
|
||||||
|
- Fix the man pages generation
|
||||||
|
- Add crypto-policies-asciidoc.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jan 21 09:56:42 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
||||||
|
|
||||||
|
- Test only supported modules
|
||||||
|
- Add crypto-policies-test_supported_modules_only.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Dec 22 10:50:36 UTC 2020 - Pedro Monreal <pmonreal@suse.com>
|
||||||
|
|
||||||
|
- Add crypto-policies-typos.patch to fix some typos
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Nov 12 08:20:19 UTC 2020 - Vítězslav Čížek <vcizek@suse.com>
|
Thu Nov 12 08:20:19 UTC 2020 - Vítězslav Čížek <vcizek@suse.com>
|
||||||
|
|
||||||
|
@ -16,19 +16,19 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
|
|
||||||
%global git_date 20201115
|
%global git_date 20210118
|
||||||
#%global git_commit 85dccc5a5b7127e54e0c82b2b5ab5f5fb6fb5490
|
|
||||||
#%{?git_commit:%global git_commit_hash %(c=%{git_commit}; echo ${c:0:7})}
|
|
||||||
%global _python_bytecompile_extra 0
|
%global _python_bytecompile_extra 0
|
||||||
Name: crypto-policies
|
Name: crypto-policies
|
||||||
Version: %{git_date}
|
Version: %{git_date}
|
||||||
Release: 1.git%{git_commit_hash}%{?dist}
|
Release: 0
|
||||||
Summary: System-wide crypto policies
|
Summary: System-wide crypto policies
|
||||||
License: LGPL-2.1-or-later
|
License: LGPL-2.1-or-later
|
||||||
URL: https://gitlab.com/redhat-crypto/fedora-crypto-policies
|
URL: https://gitlab.com/redhat-crypto/fedora-crypto-policies
|
||||||
#Source0: https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/archive/%{git_commit_hash}/%{name}-git%{git_commit_hash}.tar.gz
|
|
||||||
Source0: fedora-crypto-policies-master.tar.gz
|
Source0: fedora-crypto-policies-master.tar.gz
|
||||||
|
Source1: README.SUSE
|
||||||
Patch0: crypto-policies-asciidoc.patch
|
Patch0: crypto-policies-asciidoc.patch
|
||||||
|
Patch1: crypto-policies-typos.patch
|
||||||
|
Patch2: crypto-policies-test_supported_modules_only.patch
|
||||||
BuildRequires: asciidoc
|
BuildRequires: asciidoc
|
||||||
BuildRequires: bind
|
BuildRequires: bind
|
||||||
BuildRequires: gnutls >= 3.6.0
|
BuildRequires: gnutls >= 3.6.0
|
||||||
@ -36,16 +36,16 @@ BuildRequires: java-devel
|
|||||||
BuildRequires: libxslt
|
BuildRequires: libxslt
|
||||||
BuildRequires: openssl
|
BuildRequires: openssl
|
||||||
BuildRequires: perl
|
BuildRequires: perl
|
||||||
BuildRequires: python3-devel
|
BuildRequires: python3-devel >= 3.6
|
||||||
BuildRequires: perl(File::Copy)
|
BuildRequires: perl(File::Copy)
|
||||||
BuildRequires: perl(File::Temp)
|
BuildRequires: perl(File::Temp)
|
||||||
BuildRequires: perl(File::Which)
|
BuildRequires: perl(File::Which)
|
||||||
BuildRequires: perl(File::pushd)
|
#BuildRequires: perl(File::pushd)
|
||||||
Recommends: crypto-policies-scripts
|
Recommends: crypto-policies-scripts
|
||||||
Conflicts: gnutls < 3.6.11
|
#Conflicts: gnutls < 3.6.11
|
||||||
Conflicts: libreswan < 3.28
|
#Conflicts: libreswan < 3.28
|
||||||
Conflicts: nss < 3.44.0
|
Conflicts: nss < 3.44.0
|
||||||
Conflicts: openssh < 8.2p1
|
#Conflicts: openssh < 8.2p1
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
@ -69,7 +69,6 @@ The package also provides a tool fips-mode-setup, which can be used
|
|||||||
to enable or disable the system FIPS mode.
|
to enable or disable the system FIPS mode.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
#%setup -q -n fedora-crypto-policies-%{git_commit_hash}-%{git_commit}
|
|
||||||
%autosetup -p1 -n fedora-crypto-policies-master
|
%autosetup -p1 -n fedora-crypto-policies-master
|
||||||
|
|
||||||
%build
|
%build
|
||||||
@ -107,6 +106,8 @@ done
|
|||||||
|
|
||||||
%py3_compile %{buildroot}%{_datadir}/crypto-policies/python
|
%py3_compile %{buildroot}%{_datadir}/crypto-policies/python
|
||||||
|
|
||||||
|
cp %{SOURCE1} %{buildroot}%{_sysconfdir}/crypto-policies
|
||||||
|
|
||||||
%check
|
%check
|
||||||
%make_build check
|
%make_build check
|
||||||
|
|
||||||
@ -143,7 +144,6 @@ end
|
|||||||
%{_bindir}/update-crypto-policies --no-check >/dev/null 2>/dev/null || :
|
%{_bindir}/update-crypto-policies --no-check >/dev/null 2>/dev/null || :
|
||||||
|
|
||||||
%files
|
%files
|
||||||
|
|
||||||
%dir %{_sysconfdir}/crypto-policies/
|
%dir %{_sysconfdir}/crypto-policies/
|
||||||
%dir %{_sysconfdir}/crypto-policies/back-ends/
|
%dir %{_sysconfdir}/crypto-policies/back-ends/
|
||||||
%dir %{_sysconfdir}/crypto-policies/state/
|
%dir %{_sysconfdir}/crypto-policies/state/
|
||||||
@ -152,6 +152,7 @@ end
|
|||||||
%dir %{_sysconfdir}/crypto-policies/policies/modules/
|
%dir %{_sysconfdir}/crypto-policies/policies/modules/
|
||||||
%dir %{_datarootdir}/crypto-policies/
|
%dir %{_datarootdir}/crypto-policies/
|
||||||
|
|
||||||
|
%{_sysconfdir}/crypto-policies/README.SUSE
|
||||||
%ghost %config(missingok,noreplace) %{_sysconfdir}/crypto-policies/config
|
%ghost %config(missingok,noreplace) %{_sysconfdir}/crypto-policies/config
|
||||||
|
|
||||||
%ghost %config(missingok,noreplace) %{_sysconfdir}/crypto-policies/back-ends/gnutls.config
|
%ghost %config(missingok,noreplace) %{_sysconfdir}/crypto-policies/back-ends/gnutls.config
|
||||||
|
@ -1,3 +1,3 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
version https://git-lfs.github.com/spec/v1
|
||||||
oid sha256:3c9b25736802f9f0af94f213eae8f146cd7ba5cc5288fe33ab6e09c60e50ccb9
|
oid sha256:1ca1dabb526ff35720512f6f1aa533112985e20d1521abbc1e990f8a2efdbd64
|
||||||
size 54714
|
size 55699
|
||||||
|
Loading…
Reference in New Issue
Block a user