forked from pool/libkcapi
Marcus Meissner
9ab73937f1
- updated to 1.1.5: - Fix invocation of ansi_cprng in FIPS mode during testing - Fix testing on kernels >= 5.0 - Add virtualization test for kernel 5.1 - Fix the limit between vmsplice() and sendmsg() by Christophe Leroy - Fix remove code duplication by Ondrej MosnáÄek - Fix potential memleak in speed-test - updated to 1.1.4: - Fix: use sendmsg when processing more than 1<<16 bytes input data which improves performance on some architectures - updated to 1.1.3: - Fix: default location of FIPS 140-2 HMAC control file is .<orig file>.hmac (was accidentally moved to <orig file>.hmac with 1.1.0) - updated to 1.1.2: - Fix: Bug fixes for GCC 8.1.0 regarding string length checks by Krzysztof Kozlowski - Enhancement: ensure that tests execute on architectures other than X86 by Ondrej MosnáÄek - Fix: Bug fix to initialize FDs at the correct time in kcapi-kernel-if.c by Ondrej MosnáÄek - Test fix: Support test execution outside build environment by Ondrej MosnáÄek - updated to 1.1.1: - Fix: Bug fixes for kcapi_hasher by Ondrej MosnáÄek - updated to 1.1.0: - API Enhancement: Addition of kcapi_handle_reinit - Fix: simplify code by removing the internal *_fd functions from kcapi-kernel-if.c - Test enhancement: add IIV speed testing - Fix: add a loop around the read system call to always obtain all generated data - Fix: use host compiler for compiling docproc (reported by Christophe LEROY, fixed by Björn Esser) - Fix: make error handling of hashing applications consistent with coreutils applications (reported by Christophe LEROY) - Fix: support for zero length files (patched by Ondrej MosnáÄek) - Fix: support for zero message hashes on kernels <= 4.9 (patched by Ondrej MosnáÄek) - Fix: Add Travis CI test system provided by Ondrej MosnáÄek - Fix: Add several fixes to kcapi-hasher by Ondrej MosnáÄek - Fix: Add additional tests for kcapi-hasher by Ondrej MosnáÄek OBS-URL: https://build.opensuse.org/request/show/765261 OBS-URL: https://build.opensuse.org/package/show/security/libkcapi?expand=0&rev=20
163 lines
6.3 KiB
RPMSpec
163 lines
6.3 KiB
RPMSpec
#
|
|
# spec file for package libkcapi
|
|
#
|
|
# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
|
#
|
|
|
|
|
|
Name: libkcapi
|
|
Version: 1.1.5
|
|
Release: 0
|
|
Summary: Linux Kernel Crypto API User Space Interface Library
|
|
License: GPL-2.0-only
|
|
Group: Productivity/Security
|
|
URL: http://www.chronox.de/libkcapi.html
|
|
Source: https://www.chronox.de/libkcapi/libkcapi-%{version}.tar.xz
|
|
Source1: https://www.chronox.de/libkcapi/libkcapi-%{version}.tar.xz.asc
|
|
Source2: libkcapi.keyring
|
|
BuildRequires: autoconf
|
|
BuildRequires: automake
|
|
BuildRequires: libtool
|
|
BuildRequires: openssl
|
|
BuildRequires: xmlto
|
|
|
|
%description
|
|
libkcapi exports APIs so that developers need not consider the low-level
|
|
Netlink interface handling that is used for accesing the Linux kernel crypto
|
|
API.
|
|
|
|
%package -n libkcapi1
|
|
Summary: Linux Kernel Crypto API User Space Interface Library
|
|
Group: System/Libraries
|
|
|
|
%description -n libkcapi1
|
|
libkcapi allows user-space to access the Linux kernel crypto API.
|
|
|
|
%package devel
|
|
Summary: Linux Kernel Crypto API User Space Interface Library
|
|
Group: Development/Languages/C and C++
|
|
Requires: libkcapi1 = %{version}
|
|
|
|
%description devel
|
|
libkcapi exports APIs so that developers need not consider the low-level
|
|
Netlink interface handling that is used for accesing the Linux kernel crypto
|
|
API.
|
|
|
|
The library does not implement any cipher algorithms. All consumer requests are
|
|
sent to the kernel for processing. Results from the kernel crypto API are
|
|
returned to the consumer via the library API.
|
|
|
|
The kernel interface and therefore this library can be used by unprivileged
|
|
processes.
|
|
|
|
This library does not perform any memcpy for processing the cryptographic data!
|
|
The library uses scatter / gather lists to eliminate the need for moving data
|
|
around in memory.
|
|
|
|
%package tools
|
|
Summary: Linux Kernel Crypto API User Space Tools
|
|
Group: Development/Tools/Other
|
|
|
|
%description tools
|
|
libkcapi user space tools to access certain hash algorithms.
|
|
|
|
%prep
|
|
%setup -q
|
|
|
|
%build
|
|
autoreconf -i
|
|
%configure \
|
|
--disable-static \
|
|
--enable-kcapi-test \
|
|
--enable-kcapi-speed \
|
|
--enable-kcapi-hasher \
|
|
--enable-kcapi-rngapp \
|
|
--enable-kcapi-encapp \
|
|
--enable-kcapi-dgstapp
|
|
|
|
make %{?_smp_mflags}
|
|
|
|
%install
|
|
make install DESTDIR=%{buildroot} LIBDIR="%{_libdir}" %{?_smp_mflags}
|
|
rm %{buildroot}/%_libdir/libkcapi.la
|
|
|
|
# Add generation of HMAC checksums of the final fipshmac fipscheck stripped binaries
|
|
%define __spec_install_post \
|
|
%{?__debug_package:%{__debug_install_post}} \
|
|
%{__arch_install_post} \
|
|
%{__os_install_post} \
|
|
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_bindir/fipscheck |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.fipscheck.hmac \
|
|
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_bindir/fipshmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.fipshmac.hmac \
|
|
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_bindir/sha1sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha1sum.hmac \
|
|
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_bindir/sha256sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha256sum.hmac \
|
|
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_bindir/sha384sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha384sum.hmac \
|
|
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_bindir/sha512sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha512sum.hmac \
|
|
openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_bindir/sha1hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha1hmac.hmac \
|
|
openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_bindir/sha256hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha256hmac.hmac \
|
|
openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_bindir/sha384hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha384hmac.hmac \
|
|
openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_bindir/sha512hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha512hmac.hmac \
|
|
openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_libdir/libkcapi.so|sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libdir/.libkcapi.so.hmac \
|
|
openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_libdir/libkcapi.so.1|sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libdir/.libkcapi.so.1.hmac \
|
|
openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_libdir/libkcapi.so.%version|sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libdir/.libkcapi.so.%version.hmac \
|
|
%{nil}
|
|
|
|
%post -n libkcapi1 -p /sbin/ldconfig
|
|
|
|
%postun -n libkcapi1 -p /sbin/ldconfig
|
|
|
|
%files -n libkcapi1
|
|
%license COPYING
|
|
%doc CHANGES.md
|
|
%{_libdir}/libkcapi.so.1.*
|
|
%{_libdir}/libkcapi.so.1
|
|
%{_libdir}/.libkcapi.so.1*
|
|
|
|
%files devel
|
|
%{_includedir}/kcapi.h
|
|
%{_mandir}/man3/*
|
|
%{_libdir}/libkcapi.so
|
|
%{_libdir}/.libkcapi.so.hmac
|
|
%{_libdir}/pkgconfig/libkcapi.pc
|
|
|
|
%files tools
|
|
%dir %{_libexecdir}/libkcapi
|
|
%{_bindir}/*hmac*
|
|
%{_bindir}/*sum*
|
|
%{_bindir}/*fips*
|
|
%{_bindir}/kcapi
|
|
%{_bindir}/kcapi-convenience
|
|
%{_bindir}/kcapi-dgst
|
|
%{_bindir}/kcapi-enc
|
|
%{_bindir}/kcapi-enc-test-large
|
|
%{_bindir}/kcapi-rng
|
|
%{_bindir}/kcapi-speed
|
|
%{_bindir}/.*hmac
|
|
%{_libexecdir}/libkcapi/kcapi
|
|
%{_libexecdir}/libkcapi/kcapi-convenience
|
|
%{_libexecdir}/libkcapi/compile-test.sh
|
|
%{_libexecdir}/libkcapi/hasher-test.sh
|
|
%{_libexecdir}/libkcapi/kcapi-convenience.sh
|
|
%{_libexecdir}/libkcapi/kcapi-dgst-test.sh
|
|
%{_libexecdir}/libkcapi/kcapi-enc-test-large
|
|
%{_libexecdir}/libkcapi/kcapi-enc-test-large.sh
|
|
%{_libexecdir}/libkcapi/kcapi-enc-test.sh
|
|
%{_libexecdir}/libkcapi/kcapi-fuzz-test.sh
|
|
%{_libexecdir}/libkcapi/libtest.sh
|
|
%{_libexecdir}/libkcapi/test-invocation.sh
|
|
%{_libexecdir}/libkcapi/test.sh
|
|
%{_libexecdir}/libkcapi/virttest.sh
|
|
%{_mandir}/man1/kcapi*
|
|
|
|
%changelog
|