3
0
forked from pool/libgcrypt

Accepting request 1127956 from home:ohollmann:branches:devel:libraries:c_c++

- Re-create HMAC checksum after RPM build strips the library
  (bsc#1217058)

OBS-URL: https://build.opensuse.org/request/show/1127956
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=176
This commit is contained in:
Pedro Monreal Gonzalez 2023-11-21 17:32:01 +00:00 committed by Git OBS Bridge
parent 53013ef12a
commit 0d824d09dc
2 changed files with 25 additions and 4 deletions

View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Tue Nov 21 10:36:09 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
- Re-create HMAC checksum after RPM build strips the library
(bsc#1217058)
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Nov 15 09:54:00 UTC 2023 - Pedro Monreal <pmonreal@suse.com> Wed Nov 15 09:54:00 UTC 2023 - Pedro Monreal <pmonreal@suse.com>

View File

@ -131,11 +131,27 @@ make -k check
# run the regression tests also in FIPS mode # run the regression tests also in FIPS mode
LIBGCRYPT_FORCE_FIPS_MODE=1 make -k check || true LIBGCRYPT_FORCE_FIPS_MODE=1 make -k check || true
# Install the FIPS hmac file
cp src/.libgcrypt.so.%{libsover}.hmac %{buildroot}%{_libdir}/
%install %install
%make_install %make_install
# this is a hack that re-defines the __spec_install_post macro
# for a simple reason: the macro strips the binaries and thereby
# invalidates a HMAC that may have been created earlier.
# solution: create the hashes _after_ the macro runs.
%define libpath %{buildroot}%{_libdir}/libgcrypt.so.%{libsover}.?.?
%define __spec_install_post \
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
%{__os_install_post} \
cd src \
sed -i -e 's|FILE=.*|FILE=\\\$1|' gen-note-integrity.sh \
READELF=readelf AWK=awk ECHO_N="-n" bash gen-note-integrity.sh %{libpath} > %{libpath}.hmac \
objcopy --update-section .note.fdo.integrity=%{libpath}.hmac %{libpath} %{libpath}.new \
mv -f %{libpath}.new %{libpath} \
rm -f %{libpath}.hmac \
%{nil}
rm %{buildroot}%{_libdir}/%{name}.la rm %{buildroot}%{_libdir}/%{name}.la
# Create /etc/gcrypt directory and install random.conf # Create /etc/gcrypt directory and install random.conf
@ -153,7 +169,6 @@ install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/gcrypt/hwf.deny
%dir %{_sysconfdir}/gcrypt %dir %{_sysconfdir}/gcrypt
%config(noreplace) %{_sysconfdir}/gcrypt/random.conf %config(noreplace) %{_sysconfdir}/gcrypt/random.conf
%config(noreplace) %{_sysconfdir}/gcrypt/hwf.deny %config(noreplace) %{_sysconfdir}/gcrypt/hwf.deny
%{_libdir}/.libgcrypt.so.*.hmac
%files devel %files devel
%license COPYING COPYING.LIB LICENSES %license COPYING COPYING.LIB LICENSES