SHA256
1
0
forked from pool/cryptsetup

Accepting request 1093121 from home:pmonrealgonzalez:branches:security

- Enable running the regression test suite.
- Force a regeneration of the man pages from AsciiDoc.
- Add LUKS1 and LUKS2 On-Disk Format Specification pdfs to doc.

- FIPS: Remove not needed libcryptsetup12-hmac package that contains
  the HMAC checksums for integrity checking for FIPS. [bsc#1185116]
  * Remove the cryptsetup-rpmlintrc file.
  * Remove not needed fipscheck dependency.

OBS-URL: https://build.opensuse.org/request/show/1093121
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=188
This commit is contained in:
Pedro Monreal Gonzalez 2023-06-15 12:05:44 +00:00 committed by Git OBS Bridge
parent 43e9b52bc7
commit b44b295cd3
4 changed files with 30 additions and 32 deletions

View File

@ -1,2 +1,3 @@
libcryptsetup12 libcryptsetup12
libcryptsetup12-hmac provides "libcryptsetup12-hmac-<targettype> = %{version}"
obsoletes "libcryptsetup12-hmac-<targettype> < %{version}"

View File

@ -1,5 +0,0 @@
# intentionally named
addFilter("libcryptsetup.*hmac.* hidden-file-or-dir .*\.libcryptsetup\.so\..*\.hmac")
# hmacs for identical files are identical
addFilter("libcryptsetup.*hmac.* files-duplicate .*\.libcryptsetup\.so\..*\.hmac")

View File

@ -1,3 +1,18 @@
-------------------------------------------------------------------
Wed Jun 14 08:07:56 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
- Enable running the regression test suite.
- Force a regeneration of the man pages from AsciiDoc.
- Add LUKS1 and LUKS2 On-Disk Format Specification pdfs to doc.
-------------------------------------------------------------------
Wed Jun 14 07:31:41 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
- FIPS: Remove not needed libcryptsetup12-hmac package that contains
the HMAC checksums for integrity checking for FIPS. [bsc#1185116]
* Remove the cryptsetup-rpmlintrc file.
* Remove not needed fipscheck dependency.
------------------------------------------------------------------- -------------------------------------------------------------------
Sun Feb 12 21:15:43 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de> Sun Feb 12 21:15:43 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>

View File

@ -29,10 +29,7 @@ Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/cryptsetu
Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/cryptsetup-%{version}.tar.sign Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/cryptsetup-%{version}.tar.sign
Source2: baselibs.conf Source2: baselibs.conf
Source3: cryptsetup.keyring Source3: cryptsetup.keyring
Source4: %{name}-rpmlintrc
BuildRequires: device-mapper-devel BuildRequires: device-mapper-devel
BuildRequires: fipscheck
BuildRequires: fipscheck-devel
BuildRequires: libjson-c-devel BuildRequires: libjson-c-devel
BuildRequires: libpwquality-devel BuildRequires: libpwquality-devel
BuildRequires: libselinux-devel BuildRequires: libselinux-devel
@ -78,6 +75,7 @@ Summary: Cryptsetup Documentation
Group: Documentation/Man Group: Documentation/Man
Supplements: (cryptsetup and man) Supplements: (cryptsetup and man)
Supplements: (cryptsetup and patterns-base-documentation) Supplements: (cryptsetup and patterns-base-documentation)
BuildArch: noarch
%description doc %description doc
Documentation and man pages for cryptsetup Documentation and man pages for cryptsetup
@ -85,7 +83,8 @@ Documentation and man pages for cryptsetup
%package -n libcryptsetup%{so_ver} %package -n libcryptsetup%{so_ver}
Summary: Library for setting up dm-crypt Based Encrypted Block Devices Summary: Library for setting up dm-crypt Based Encrypted Block Devices
Group: System/Libraries Group: System/Libraries
Suggests: libcryptsetup%{so_ver}-hmac = %{version}-%{release} Provides: libcryptsetup%{so_ver}-hmac = %{version}
Obsoletes: libcryptsetup%{so_ver}-hmac < %{version}
%description -n libcryptsetup%{so_ver} %description -n libcryptsetup%{so_ver}
cryptsetup is used to conveniently set up dm-crypt based device-mapper cryptsetup is used to conveniently set up dm-crypt based device-mapper
@ -94,15 +93,6 @@ volumes as well as LUKS formatted ones. The package additionally
includes support for automatically setting up encrypted volumes at boot includes support for automatically setting up encrypted volumes at boot
time via the config file %{_sysconfdir}/crypttab. time via the config file %{_sysconfdir}/crypttab.
%package -n libcryptsetup%{so_ver}-hmac
Summary: Checksums for libcryptsetup%{so_ver}
Group: System/Base
Requires: libcryptsetup%{so_ver} = %{version}-%{release}
%description -n libcryptsetup%{so_ver}-hmac
This package contains HMAC checksums for integrity checking of libcryptsetup4,
used for FIPS.
%package -n lib%{name}-devel %package -n lib%{name}-devel
Summary: Header files for libcryptsetup Summary: Header files for libcryptsetup
Group: Development/Libraries/C and C++ Group: Development/Libraries/C and C++
@ -123,6 +113,9 @@ time via the config file %{_sysconfdir}/crypttab.
%autosetup -p1 %autosetup -p1
%build %build
# force regeneration of manual pages from AsciiDoc
rm -f man/*.8
%configure \ %configure \
--enable-selinux \ --enable-selinux \
--enable-fips \ --enable-fips \
@ -137,13 +130,6 @@ time via the config file %{_sysconfdir}/crypttab.
%make_build %make_build
%install %install
# Generate HMAC checksums (FIPS)
%define __spec_install_post \
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
%__os_install_post \
fipshmac %{buildroot}/%{_libdir}/libcryptsetup.so.* \
%{nil}
%make_install %make_install
%if 0%{?suse_version} < 1550 %if 0%{?suse_version} < 1550
@ -152,9 +138,12 @@ ln -s ..%{_sbindir}/cryptsetup %{buildroot}/sbin
%endif %endif
# don't want this file in /lib (FHS compat check), and can't move it to /usr/lib # don't want this file in /lib (FHS compat check), and can't move it to /usr/lib
find %{buildroot} -type f -name "*.la" -delete -print find %{buildroot} -type f -name "*.la" -delete -print
#
%find_lang %{name} --all-name %find_lang %{name} --all-name
%check
%make_build check
%post %post
%{?regenerate_initrd_post} %{?regenerate_initrd_post}
%tmpfiles_create %{_tmpfilesdir}/cryptsetup.conf %tmpfiles_create %{_tmpfilesdir}/cryptsetup.conf
@ -178,15 +167,13 @@ find %{buildroot} -type f -name "*.la" -delete -print
%{_sbindir}/veritysetup %{_sbindir}/veritysetup
%{_sbindir}/integritysetup %{_sbindir}/integritysetup
%{_tmpfilesdir}/cryptsetup.conf %{_tmpfilesdir}/cryptsetup.conf
%ghost %attr(700, -, -) %dir /run/cryptsetup
%files lang -f %{name}.lang %files lang -f %{name}.lang
%files -n libcryptsetup%{so_ver} %files -n libcryptsetup%{so_ver}
%{_libdir}/libcryptsetup.so.%{so_ver}* %{_libdir}/libcryptsetup.so.%{so_ver}*
%files -n libcryptsetup%{so_ver}-hmac
%{_libdir}/.libcryptsetup.so.%{so_ver}*hmac
%files -n lib%{name}-devel %files -n lib%{name}-devel
%doc docs/examples/ %doc docs/examples/
%{_includedir}/libcryptsetup.h %{_includedir}/libcryptsetup.h
@ -194,14 +181,14 @@ find %{buildroot} -type f -name "*.la" -delete -print
%{_libdir}/pkgconfig/* %{_libdir}/pkgconfig/*
%files ssh %files ssh
%license COPYING COPYING.LGPL %license COPYING*
%dir %{_libdir}/%{name} %dir %{_libdir}/%{name}
%{_libdir}/%{name}/libcryptsetup-token-ssh.so %{_libdir}/%{name}/libcryptsetup-token-ssh.so
%{_mandir}/man8/cryptsetup-ssh.8.gz %{_mandir}/man8/cryptsetup-ssh.8.gz
%{_sbindir}/cryptsetup-ssh %{_sbindir}/cryptsetup-ssh
%files doc %files doc
%doc AUTHORS FAQ.md README.md docs/*ReleaseNotes %doc AUTHORS FAQ.md README.md docs/*ReleaseNotes docs/on-disk-format*.pdf
%{_mandir}/man8/cryptsetup.8.gz %{_mandir}/man8/cryptsetup.8.gz
%{_mandir}/man8/cryptsetup-benchmark.8.gz %{_mandir}/man8/cryptsetup-benchmark.8.gz
%{_mandir}/man8/cryptsetup-bitlkDump.8.gz %{_mandir}/man8/cryptsetup-bitlkDump.8.gz