rpm/gnutls
SHA256
1
0
Fork 0
forked from pool/gnutls
Code Pull Requests Activity

Accepting request 734378 from home:vitezslav_cizek:branches:security:tls

Browse Source 
- Install checksums for binary integrity verification which are
  required when running in FIPS mode (bsc#1152692, jsc#SLE-9518)

OBS-URL: https://build.opensuse.org/request/show/734378
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=24
This commit is contained in:
Tomáš Chvátal 2019-10-01 15:18:43 +00:00 committed by Git OBS Bridge
parent ef95c81a37
commit 8ed96b3590
2 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
gnutls.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Tue Sep 24 13:16:02 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
- Install checksums for binary integrity verification which are
required when running in FIPS mode (bsc#1152692, jsc#SLE-9518)
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jul 31 17:05:53 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de> Wed Jul 31 17:05:53 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de>

17
gnutls.spec
View File

@ -44,6 +44,7 @@ BuildRequires: autogen
BuildRequires: automake BuildRequires: automake
BuildRequires: datefudge BuildRequires: datefudge
BuildRequires: fdupes BuildRequires: fdupes
BuildRequires: fipscheck
BuildRequires: gcc-c++ BuildRequires: gcc-c++
# The test suite calls /usr/bin/ss from iproute2. It's our own duty to ensure we have it present # The test suite calls /usr/bin/ss from iproute2. It's our own duty to ensure we have it present
BuildRequires: iproute2 BuildRequires: iproute2
@ -185,6 +186,21 @@ export CXXFLAGS="%{optflags} -fPIE"
%{nil} %{nil}
make %{?_smp_mflags} make %{?_smp_mflags}
# the hmac hashes:
#
# this is a hack that re-defines the __os_install_post macro
# for a simple reason: the macro strips the binaries and thereby
# invalidates a HMAC that may have been created earlier.
# solution: create the hashes _after_ the macro runs.
#
# this shows up earlier because otherwise the %expand of
# the macro is too late.
# remark: This is the same as running
# openssl dgst -sha256 -hmac 'orboDeJITITejsirpADONivirpUkvarP'
%{expand:%%global __os_install_post {%__os_install_post
%{_bindir}/fipshmac %{buildroot}%{_libdir}/libgnutls.so.%{gnutls_sover}
}}
%install %install
%make_install %make_install
rm -rf %{buildroot}%{_datadir}/locale/en@{,bold}quot rm -rf %{buildroot}%{_datadir}/locale/en@{,bold}quot
@ -252,6 +268,7 @@ make %{?_smp_mflags} check || {
%files -n libgnutls%{gnutls_sover} %files -n libgnutls%{gnutls_sover}
%{_libdir}/libgnutls.so.%{gnutls_sover}* %{_libdir}/libgnutls.so.%{gnutls_sover}*
%{_libdir}/.libgnutls.so.%{gnutls_sover}*.hmac
%if %{with dane} %if %{with dane}
%files -n libgnutls-dane%{gnutls_dane_sover} %files -n libgnutls-dane%{gnutls_dane_sover}