# # spec file for package libgcrypt # # Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %define build_hmac256 1 %define separate_hmac256_binary 0 %define libsoname %{name}20 %define sosuffix 20.0.2 %define cavs_dir %{_libexecdir}/%{name}/cavs Name: libgcrypt Version: 1.6.2 Release: 0 Summary: The GNU Crypto Library License: GPL-2.0+ and LGPL-2.1+ and GPL-3.0+ Group: Development/Libraries/C and C++ Url: http://directory.fsf.org/wiki/Libgcrypt Source: ftp://ftp.gnupg.org/gcrypt/libgcrypt/%{name}-%{version}.tar.bz2 Source1: ftp://ftp.gnupg.org/gcrypt/libgcrypt/%{name}-%{version}.tar.bz2.sig Source2: baselibs.conf # http://www.gnupg.org/signature_key.en.html Source4: %{name}.keyring # cavs test framework Source5: cavs-test.sh Source6: cavs_driver.pl Patch0: %{name}-ppc64.patch Patch1: %{name}-strict-aliasing.patch Patch3: %{name}-1.4.1-rijndael_no_strict_aliasing.patch Patch4: %{name}-sparcv9.diff #PATCH-FIX-UPSTREAM: bnc#701267, explicitly link with $(DL_LIBS) #was: libgcrypt-1.5.0-as-needed.patch Patch5: libgcrypt-unresolved-dladdr.patch #PATCH-FIX-SUSE: N/A Patch7: libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff Patch12: libgcrypt-1.6.1-use-fipscheck.patch Patch13: libgcrypt-1.6.1-fips-cavs.patch #PATCH-FIX-SUSE: bnc#724841, fix a random device opening routine Patch14: libgcrypt-1.6.1-fips-cfgrandom.patch # add support for SP800-90A DRBG (fate#316929, bnc#856312) Patch21: v9-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch Patch22: 0002-Compile-DRBG.patch Patch23: 0003-Function-definitions-of-interfaces-for-random.c.patch Patch24: 0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch Patch25: 0005-Function-definitions-for-gcry_control-callbacks.patch Patch26: 0006-DRBG-specific-gcry_control-requests.patch Patch27: v9-0007-User-interface-to-DRBG.patch Patch28: libgcrypt-fix-rng.patch Patch29: libgcrypt-init-at-elf-load-fips.patch #PATCH-FIX-SUSE add FIPS CAVS test app for DRBG Patch30: drbg_test.patch #PATCH-FIX-SUSE bnc#894216 make DSA compliant with FIPS 186-4 Patch31: libgcrypt-fips-dsa.patch #PATCH-FIX-SUSE run FIPS self-test from constructor Patch32: libgcrypt-fips_run_selftest_at_constructor.patch #PATCH-FIX-SUSE bnc#896202 make ECDSA compliant with FIPS 186-4 Patch33: libgcrypt-fips_ecdsa.patch BuildRequires: automake >= 1.11 BuildRequires: libgpg-error-devel >= 1.11 BuildRequires: libtool BuildRoot: %{_tmppath}/%{name}-%{version}-build %if 0%{?suse_version} > 1310 BuildRequires: fipscheck %endif %description Libgcrypt is a general purpose library of cryptographic building blocks. It is originally based on code used by GnuPG. It does not provide any implementation of OpenPGP or other protocols. Thorough understanding of applied cryptography is required to use Libgcrypt. %package -n %{libsoname} Summary: The GNU Crypto Library License: GPL-2.0+ and LGPL-2.1+ Group: Development/Libraries/C and C++ %description -n %{libsoname} Libgcrypt is a general purpose crypto library based on the code used in GnuPG (alpha version). %package -n %{libsoname}-hmac Summary: HMAC checksums for the GNU Crypto Library License: GPL-2.0+ and LGPL-2.1+ Group: Development/Libraries/C and C++ %description -n %{libsoname}-hmac Libgcrypt is a general purpose crypto library based on the code used in GnuPG (alpha version). This package contains the HMAC checksum files for integrity checking the library, as required by FIPS 140-2. %package devel Summary: The GNU Crypto Library License: GFDL-1.1 and GPL-2.0+ and LGPL-2.1+ and MIT Group: Development/Libraries/C and C++ Requires: %{libsoname} = %{version} Requires: glibc-devel Requires: libgpg-error-devel >= 1.8 Requires(post): %{install_info_prereq} %description devel Libgcrypt is a general purpose library of cryptographic building blocks. It is originally based on code used by GnuPG. It does not provide any implementation of OpenPGP or other protocols. Thorough understanding of applied cryptography is required to use Libgcrypt. This package contains needed files to compile and link against the library. %package cavs Summary: The GNU Crypto Library License: GFDL-1.1 and GPL-2.0+ and LGPL-2.1+ and MIT Group: Development/Libraries/C and C++ Requires: %{libsoname} = %{version} Requires: %{libsoname}-hmac %description cavs CAVS testing framework for libgcrypt %if 0%{?separate_hmac256_binary} %package hmac256 Summary: The GNU Crypto Library License: GPL-2.0+ and LGPL-2.1+ Group: Development/Libraries/C and C++ Requires: %{libsoname} = %{version} Requires: libgpg-error-devel Requires(post): %{install_info_prereq} %description hmac256 Libgcrypt is a general purpose library of cryptographic building blocks. It is originally based on code used by GnuPG. It does not provide any implementation of OpenPGP or other protocols. Thorough understanding of applied cryptography is required to use Libgcrypt. %endif # #if separate_hmac256_binary %prep %setup -q %patch0 -p1 %patch1 %patch3 -p1 %patch4 -p1 %patch5 -p1 %patch7 -p1 %if 0%{?suse_version} > 1310 %patch12 -p1 %patch21 -p1 %patch22 -p1 %patch23 -p1 %patch24 -p1 %patch25 -p1 %patch26 -p1 %patch27 -p1 %patch28 -p1 %patch29 -p1 %patch30 -p1 %patch31 -p1 %patch32 -p1 %patch33 -p1 %endif %patch13 -p1 %patch14 -p1 %build echo building with build_hmac256 set to %{build_hmac256} %{?suse_update_config} autoreconf -fi export CFLAGS="%{optflags} $(getconf LFS_CFLAGS)" %configure --with-pic \ --enable-noexecstack \ --disable-static \ --enable-m-guard \ %ifarch %{sparc} --disable-asm \ %endif --enable-hmac-binary-check \ --enable-random=linux make %{?_smp_mflags} %if 0%{?build_hmac256} # this is a hack that re-defines the __os_install_post macro # for a simple reason: the macro strips the binaries and thereby # invalidates a HMAC that may have been created earlier. # solution: create the hashes _after_ the macro runs. # # this shows up earlier because otherwise the %expand of # the macro is too late. %if 0%{?suse_version} > 1310 %{expand:%%global __os_install_post {%__os_install_post fipshmac %{buildroot}/%{_bindir}/hmac256 fipshmac %{buildroot}/%{_libdir}/*.so.?? }} %else %{expand:%%global __os_install_post {%__os_install_post %{buildroot}/%{_bindir}/hmac256 "What am I, a doctor or a moonshuttle conductor?" \ < %{buildroot}/%{_bindir}/hmac256 > %{buildroot}/%{_bindir}/.hmac256.hmac %{buildroot}/%{_bindir}/hmac256 "What am I, a doctor or a moonshuttle conductor?" \ < %{buildroot}/%{_libdir}/libgcrypt.so.%{sosuffix} > %{buildroot}/%{_libdir}/.libgcrypt.so.20.hmac }} %endif %endif %check %if 0%{?suse_version} > 1310 fipshmac src/.libs/libgcrypt.so.?? %endif # Nice idea. however this uses /dev/random, which hangs # on hardware without random feeds. # so lets not run it inside OBS # make check %install make DESTDIR=%{buildroot} install %{?_smp_mflags} rm %{buildroot}%{_libdir}/%{name}.la # cavs install -m 0755 -d %{buildroot}%{cavs_dir} install -m 0755 %{SOURCE5} %{buildroot}%{cavs_dir} install -m 0755 %{SOURCE6} %{buildroot}%{cavs_dir} %if 0%{?suse_version} > 1310 mv %{buildroot}%{_bindir}/fips186_dsa %{buildroot}%{cavs_dir} mv %{buildroot}%{_bindir}/fipsdrv %{buildroot}%{cavs_dir} mv %{buildroot}%{_bindir}/drbg_test %{buildroot}%{cavs_dir} %endif %post -n %{libsoname} -p /sbin/ldconfig %postun -n %{libsoname} -p /sbin/ldconfig %post devel %install_info --info-dir=%{_infodir} %{_infodir}/gcrypt.info.gz %install_info --info-dir=%{_infodir} %{_infodir}/gcrypt-1.info.gz %install_info --info-dir=%{_infodir} %{_infodir}/gcrypt-2.info.gz %postun devel %install_info_delete --info-dir=%{_infodir} %{_infodir}/gcrypt.info.gz %install_info_delete --info-dir=%{_infodir} %{_infodir}/gcrypt-1.info.gz %install_info_delete --info-dir=%{_infodir} %{_infodir}/gcrypt-2.info.gz %files -n %{libsoname} %defattr(-,root,root) %doc COPYING.LIB %{_libdir}/%{name}.so.* %files -n %{libsoname}-hmac %defattr(-,root,root) %if 0%{?build_hmac256} %{_libdir}/.libgcrypt.so.*.hmac %endif # %if 0%{?build_hmac256} %files devel %defattr(-,root,root) %doc AUTHORS COPYING COPYING.LIB ChangeLog NEWS README THANKS TODO %{_infodir}/gcrypt.info.gz %{_infodir}/gcrypt.info-1.gz %{_infodir}/gcrypt.info-2.gz %{_bindir}/dumpsexp %{_bindir}/mpicalc %{_bindir}/%{name}-config %{_libdir}/%{name}.so %{_includedir}/gcrypt*.h %{_datadir}/aclocal/%{name}.m4 %if 0%{?separate_hmac256_binary} %files hmac256 %defattr(-,root,root) %endif # %if 0%{?separate_hmac256_binary} %{_bindir}/hmac256 %{_bindir}/.hmac256.hmac %doc %{_mandir}/man1/hmac256.1* %files cavs %defattr(-,root,root) %{_libexecdir}/%{name} %changelog