SHA256
1
0
forked from pool/libkcapi
libkcapi/libkcapi.spec
Marcus Meissner 9ab73937f1 Accepting request 765261 from home:msmeissn:branches:security
- updated to 1.1.5:
  - Fix invocation of ansi_cprng in FIPS mode during testing
  - Fix testing on kernels >= 5.0
  - Add virtualization test for kernel 5.1
  - Fix the limit between vmsplice() and sendmsg() by Christophe Leroy
  - Fix remove code duplication by Ondrej Mosnáček
  - Fix potential memleak in speed-test
- updated to 1.1.4:
  - Fix: use sendmsg when processing more than 1<<16 bytes input data which improves performance on some architectures
- updated to 1.1.3:
  - Fix: default location of FIPS 140-2 HMAC control file is .<orig file>.hmac (was accidentally moved to <orig file>.hmac with 1.1.0)
- updated to 1.1.2:
  - Fix: Bug fixes for GCC 8.1.0 regarding string length checks by Krzysztof Kozlowski
  - Enhancement: ensure that tests execute on architectures other than X86 by Ondrej Mosnáček
  - Fix: Bug fix to initialize FDs at the correct time in kcapi-kernel-if.c by Ondrej Mosnáček
  - Test fix: Support test execution outside build environment by Ondrej Mosnáček
- updated to 1.1.1:
  - Fix: Bug fixes for kcapi_hasher by Ondrej Mosnáček
- updated to 1.1.0:
  - API Enhancement: Addition of kcapi_handle_reinit
  - Fix: simplify code by removing the internal *_fd functions from kcapi-kernel-if.c
  - Test enhancement: add IIV speed testing
  - Fix: add a loop around the read system call to always obtain all generated data
  - Fix: use host compiler for compiling docproc (reported by Christophe LEROY, fixed by Björn Esser)
  - Fix: make error handling of hashing applications consistent with coreutils applications (reported by Christophe LEROY)
  - Fix: support for zero length files (patched by Ondrej Mosnáček)
  - Fix: support for zero message hashes on kernels <= 4.9 (patched by Ondrej Mosnáček)
  - Fix: Add Travis CI test system provided by Ondrej Mosnáček
  - Fix: Add several fixes to kcapi-hasher by Ondrej Mosnáček
  - Fix: Add additional tests for kcapi-hasher by Ondrej Mosnáček

OBS-URL: https://build.opensuse.org/request/show/765261
OBS-URL: https://build.opensuse.org/package/show/security/libkcapi?expand=0&rev=20
2020-01-17 12:58:39 +00:00

163 lines
6.3 KiB
RPMSpec

#
# spec file for package libkcapi
#
# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: libkcapi
Version: 1.1.5
Release: 0
Summary: Linux Kernel Crypto API User Space Interface Library
License: GPL-2.0-only
Group: Productivity/Security
URL: http://www.chronox.de/libkcapi.html
Source: https://www.chronox.de/libkcapi/libkcapi-%{version}.tar.xz
Source1: https://www.chronox.de/libkcapi/libkcapi-%{version}.tar.xz.asc
Source2: libkcapi.keyring
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
BuildRequires: openssl
BuildRequires: xmlto
%description
libkcapi exports APIs so that developers need not consider the low-level
Netlink interface handling that is used for accesing the Linux kernel crypto
API.
%package -n libkcapi1
Summary: Linux Kernel Crypto API User Space Interface Library
Group: System/Libraries
%description -n libkcapi1
libkcapi allows user-space to access the Linux kernel crypto API.
%package devel
Summary: Linux Kernel Crypto API User Space Interface Library
Group: Development/Languages/C and C++
Requires: libkcapi1 = %{version}
%description devel
libkcapi exports APIs so that developers need not consider the low-level
Netlink interface handling that is used for accesing the Linux kernel crypto
API.
The library does not implement any cipher algorithms. All consumer requests are
sent to the kernel for processing. Results from the kernel crypto API are
returned to the consumer via the library API.
The kernel interface and therefore this library can be used by unprivileged
processes.
This library does not perform any memcpy for processing the cryptographic data!
The library uses scatter / gather lists to eliminate the need for moving data
around in memory.
%package tools
Summary: Linux Kernel Crypto API User Space Tools
Group: Development/Tools/Other
%description tools
libkcapi user space tools to access certain hash algorithms.
%prep
%setup -q
%build
autoreconf -i
%configure \
--disable-static \
--enable-kcapi-test \
--enable-kcapi-speed \
--enable-kcapi-hasher \
--enable-kcapi-rngapp \
--enable-kcapi-encapp \
--enable-kcapi-dgstapp
make %{?_smp_mflags}
%install
make install DESTDIR=%{buildroot} LIBDIR="%{_libdir}" %{?_smp_mflags}
rm %{buildroot}/%_libdir/libkcapi.la
# Add generation of HMAC checksums of the final fipshmac fipscheck stripped binaries
%define __spec_install_post \
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
%{__os_install_post} \
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_bindir/fipscheck |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.fipscheck.hmac \
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_bindir/fipshmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.fipshmac.hmac \
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_bindir/sha1sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha1sum.hmac \
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_bindir/sha256sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha256sum.hmac \
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_bindir/sha384sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha384sum.hmac \
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_bindir/sha512sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha512sum.hmac \
openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_bindir/sha1hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha1hmac.hmac \
openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_bindir/sha256hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha256hmac.hmac \
openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_bindir/sha384hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha384hmac.hmac \
openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_bindir/sha512hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha512hmac.hmac \
openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_libdir/libkcapi.so|sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libdir/.libkcapi.so.hmac \
openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_libdir/libkcapi.so.1|sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libdir/.libkcapi.so.1.hmac \
openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_libdir/libkcapi.so.%version|sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libdir/.libkcapi.so.%version.hmac \
%{nil}
%post -n libkcapi1 -p /sbin/ldconfig
%postun -n libkcapi1 -p /sbin/ldconfig
%files -n libkcapi1
%license COPYING
%doc CHANGES.md
%{_libdir}/libkcapi.so.1.*
%{_libdir}/libkcapi.so.1
%{_libdir}/.libkcapi.so.1*
%files devel
%{_includedir}/kcapi.h
%{_mandir}/man3/*
%{_libdir}/libkcapi.so
%{_libdir}/.libkcapi.so.hmac
%{_libdir}/pkgconfig/libkcapi.pc
%files tools
%dir %{_libexecdir}/libkcapi
%{_bindir}/*hmac*
%{_bindir}/*sum*
%{_bindir}/*fips*
%{_bindir}/kcapi
%{_bindir}/kcapi-convenience
%{_bindir}/kcapi-dgst
%{_bindir}/kcapi-enc
%{_bindir}/kcapi-enc-test-large
%{_bindir}/kcapi-rng
%{_bindir}/kcapi-speed
%{_bindir}/.*hmac
%{_libexecdir}/libkcapi/kcapi
%{_libexecdir}/libkcapi/kcapi-convenience
%{_libexecdir}/libkcapi/compile-test.sh
%{_libexecdir}/libkcapi/hasher-test.sh
%{_libexecdir}/libkcapi/kcapi-convenience.sh
%{_libexecdir}/libkcapi/kcapi-dgst-test.sh
%{_libexecdir}/libkcapi/kcapi-enc-test-large
%{_libexecdir}/libkcapi/kcapi-enc-test-large.sh
%{_libexecdir}/libkcapi/kcapi-enc-test.sh
%{_libexecdir}/libkcapi/kcapi-fuzz-test.sh
%{_libexecdir}/libkcapi/libtest.sh
%{_libexecdir}/libkcapi/test-invocation.sh
%{_libexecdir}/libkcapi/test.sh
%{_libexecdir}/libkcapi/virttest.sh
%{_mandir}/man1/kcapi*
%changelog