diff --git a/libgcrypt.changes b/libgcrypt.changes index 0aae135..e9000a2 100644 --- a/libgcrypt.changes +++ b/libgcrypt.changes @@ -7,6 +7,7 @@ Thu Mar 27 14:57:22 UTC 2014 - meissner@suse.com - libgcrypt-fixed-sizet.patch: fixed an int type for -flto - libgcrypt-1.6.1-use-fipscheck.patch: use the fipscheck binary - libgcrypt-1.6.1-fips-cavs.patch: add CAVS tests +- use fipscheck only after 13.1 ------------------------------------------------------------------- Thu Jan 30 13:29:49 UTC 2014 - idonmez@suse.com diff --git a/libgcrypt.spec b/libgcrypt.spec index 1bfc997..b83ae86 100644 --- a/libgcrypt.spec +++ b/libgcrypt.spec @@ -56,7 +56,9 @@ Patch13: libgcrypt-1.6.1-fips-cavs.patch Patch14: libgcrypt-1.6.1-fips-cfgrandom.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: automake >= 1.11 +%if 0%{?suse_version} > 1310 BuildRequires: fipscheck +%endif BuildRequires: libgpg-error-devel >= 1.11 BuildRequires: libtool # not for base packages to avoid huge cycles @@ -123,7 +125,9 @@ understanding of applied cryptography is required to use Libgcrypt. %patch8 -p1 #%patch10 -p1 %patch11 -p1 +%if 0%{?suse_version} > 1310 %patch12 -p1 +%endif %patch13 -p1 %patch14 -p1 @@ -151,14 +155,26 @@ make %{?_smp_mflags} # # this shows up earlier because otherwise the %expand of # the macro is too late. +%if 0%{?suse_version} > 1310 %{expand:%%global __os_install_post {%__os_install_post fipshmac %{buildroot}/%{_bindir}/hmac256 fipshmac %{buildroot}/%{_libdir}/*.so.?? }} +%else +%{expand:%%global __os_install_post {%__os_install_post + +%{buildroot}/%{_bindir}/hmac256 "What am I, a doctor or a moonshuttle conductor?" \ + < %{buildroot}/%{_bindir}/hmac256 > %{buildroot}/%{_bindir}/.hmac256.hmac +%{buildroot}/%{_bindir}/hmac256 "What am I, a doctor or a moonshuttle conductor?" \ + < %{buildroot}/%{_libdir}/libgcrypt.so.%{sosuffix} > %{buildroot}/%{_libdir}/.libgcrypt.so.20.hmac +}} +%endif %endif %check +%if 0%{?suse_version} > 1310 fipshmac src/.libs/libgcrypt.so.?? +%endif # Nice idea. however this uses /dev/random, which hangs # on hardware without random feeds. # so lets not run it inside OBS