forked from pool/libgcrypt
Accepting request 1127956 from home:ohollmann:branches:devel:libraries:c_c++
- Re-create HMAC checksum after RPM build strips the library (bsc#1217058) OBS-URL: https://build.opensuse.org/request/show/1127956 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=176
This commit is contained in:
parent
53013ef12a
commit
0d824d09dc
@ -1,3 +1,9 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Nov 21 10:36:09 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
|
||||||
|
|
||||||
|
- Re-create HMAC checksum after RPM build strips the library
|
||||||
|
(bsc#1217058)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Nov 15 09:54:00 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
|
Wed Nov 15 09:54:00 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
|
||||||
|
|
||||||
|
@ -131,11 +131,27 @@ make -k check
|
|||||||
# run the regression tests also in FIPS mode
|
# run the regression tests also in FIPS mode
|
||||||
LIBGCRYPT_FORCE_FIPS_MODE=1 make -k check || true
|
LIBGCRYPT_FORCE_FIPS_MODE=1 make -k check || true
|
||||||
|
|
||||||
# Install the FIPS hmac file
|
|
||||||
cp src/.libgcrypt.so.%{libsover}.hmac %{buildroot}%{_libdir}/
|
|
||||||
|
|
||||||
%install
|
%install
|
||||||
%make_install
|
%make_install
|
||||||
|
|
||||||
|
# this is a hack that re-defines the __spec_install_post macro
|
||||||
|
# for a simple reason: the macro strips the binaries and thereby
|
||||||
|
# invalidates a HMAC that may have been created earlier.
|
||||||
|
# solution: create the hashes _after_ the macro runs.
|
||||||
|
|
||||||
|
%define libpath %{buildroot}%{_libdir}/libgcrypt.so.%{libsover}.?.?
|
||||||
|
%define __spec_install_post \
|
||||||
|
%{?__debug_package:%{__debug_install_post}} \
|
||||||
|
%{__arch_install_post} \
|
||||||
|
%{__os_install_post} \
|
||||||
|
cd src \
|
||||||
|
sed -i -e 's|FILE=.*|FILE=\\\$1|' gen-note-integrity.sh \
|
||||||
|
READELF=readelf AWK=awk ECHO_N="-n" bash gen-note-integrity.sh %{libpath} > %{libpath}.hmac \
|
||||||
|
objcopy --update-section .note.fdo.integrity=%{libpath}.hmac %{libpath} %{libpath}.new \
|
||||||
|
mv -f %{libpath}.new %{libpath} \
|
||||||
|
rm -f %{libpath}.hmac \
|
||||||
|
%{nil}
|
||||||
|
|
||||||
rm %{buildroot}%{_libdir}/%{name}.la
|
rm %{buildroot}%{_libdir}/%{name}.la
|
||||||
|
|
||||||
# Create /etc/gcrypt directory and install random.conf
|
# Create /etc/gcrypt directory and install random.conf
|
||||||
@ -153,7 +169,6 @@ install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/gcrypt/hwf.deny
|
|||||||
%dir %{_sysconfdir}/gcrypt
|
%dir %{_sysconfdir}/gcrypt
|
||||||
%config(noreplace) %{_sysconfdir}/gcrypt/random.conf
|
%config(noreplace) %{_sysconfdir}/gcrypt/random.conf
|
||||||
%config(noreplace) %{_sysconfdir}/gcrypt/hwf.deny
|
%config(noreplace) %{_sysconfdir}/gcrypt/hwf.deny
|
||||||
%{_libdir}/.libgcrypt.so.*.hmac
|
|
||||||
|
|
||||||
%files devel
|
%files devel
|
||||||
%license COPYING COPYING.LIB LICENSES
|
%license COPYING COPYING.LIB LICENSES
|
||||||
|
Loading…
Reference in New Issue
Block a user