diff --git a/README.md b/README.md deleted file mode 100644 index 7342728d557c602f51c6d278bba9f3dd9faaf356..0000000000000000000000000000000000000000 --- a/README.md +++ /dev/null @@ -1,11 +0,0 @@ -Anolis OS -======================================= -# 代码仓库说明 -## 分支说明 ->进行代码开发工作时,请注意选择当前版本对应的分支 -* aX分支为对应大版本的主分支,如a8分支对应当前最新版本 -* aX.Y分支为对应小版本的维护分支,如a8.2分支对应8.2版本 -## 开发流程 -1. 首先fork目标分支到自己的namespace -2. 在自己的fork分支上做出修改 -3. 向对应的仓库中提交merge request,源分支为fork分支 diff --git a/crypto-policies-git8b8e5af.tar.gz b/crypto-policies-git8b8e5af.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..ec38a80759d0295c9e4028d9edecde71cfe2a726 Binary files /dev/null and b/crypto-policies-git8b8e5af.tar.gz differ diff --git a/crypto-policies.spec b/crypto-policies.spec new file mode 100644 index 0000000000000000000000000000000000000000..92640fb2b3e678473eb881f547818a9189f91774 --- /dev/null +++ b/crypto-policies.spec @@ -0,0 +1,190 @@ +%global git_date 20220314 +%global git_commit 8b8e5af4e37cd7d3b12396cd2a2f7487a700680f +%{?git_commit:%global git_commit_hash %(c=%{git_commit}; echo ${c:0:7})} + +Name: crypto-policies +Version: %{git_date} +Release: 1%{?dist} +Summary: System-wide crypto policies + +License: LGPLv2+ +URL: https://gitlab.com/redhat-crypto/fedora-crypto-policies +Source0: https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/archive/%{git_commit_hash}/%{name}-git%{git_commit_hash}.tar.gz + +BuildArch: noarch +BuildRequires: asciidoc +BuildRequires: libxslt +BuildRequires: openssl +BuildRequires: gnutls-utils >= 3.6.0 +BuildRequires: java-1.8.0-openjdk-devel +BuildRequires: bind +BuildRequires: perl-interpreter +BuildRequires: perl-generators +BuildRequires: perl(File::pushd), perl(File::Temp), perl(File::Copy) +BuildRequires: perl(File::Which) +BuildRequires: python3-devel >= 3.6 +BuildRequires: python3-pytest +BuildRequires: python3-pylint +BuildRequires: python3-flake8 +BuildRequires: python3-coverage +BuildRequires: codespell +BuildRequires: make + +%description +This package provides pre-built configuration files with +cryptographic policies for various cryptographic back-ends, +such as SSL/TLS libraries. + +%package scripts +Summary: Tool to switch between crypto policies +Requires: %{name} = %{version}-%{release} +Recommends: grubby + +# fips-mode-setup merged into the scripts subpackage +Obsoletes: fips-mode-setup < 20200702-1.c40cede +Provides: fips-mode-setup = %{version}-%{release} + +%description scripts +This package provides a tool update-crypto-policies, which applies +the policies provided by the crypto-policies package. These can be +either the pre-built policies from the base package or custom policies +defined in simple policy definition files. + +The package also provides a tool fips-mode-setup, which can be used +to enable or disable the system FIPS mode. + +%prep +%setup -q -n fedora-crypto-policies-%{git_commit} +%autopatch -p1 + + +%build +%make_build + +%install +mkdir -p -m 755 %{buildroot}%{_datarootdir}/crypto-policies/ +mkdir -p -m 755 %{buildroot}%{_datarootdir}/crypto-policies/back-ends/ +mkdir -p -m 755 %{buildroot}%{_sysconfdir}/crypto-policies/back-ends/ +mkdir -p -m 755 %{buildroot}%{_sysconfdir}/crypto-policies/state/ +mkdir -p -m 755 %{buildroot}%{_sysconfdir}/crypto-policies/local.d/ +mkdir -p -m 755 %{buildroot}%{_sysconfdir}/crypto-policies/policies/ +mkdir -p -m 755 %{buildroot}%{_sysconfdir}/crypto-policies/policies/modules/ +mkdir -p -m 755 %{buildroot}%{_bindir} + +make DESTDIR=%{buildroot} DIR=%{_datarootdir}/crypto-policies MANDIR=%{_mandir} %{?_smp_mflags} install +install -p -m 644 default-config %{buildroot}%{_sysconfdir}/crypto-policies/config +touch %{buildroot}%{_sysconfdir}/crypto-policies/state/current +touch %{buildroot}%{_sysconfdir}/crypto-policies/state/CURRENT.pol + +rm -rf %{buildroot}%{_datarootdir}/crypto-policies/GOST-ONLY + +for d in LEGACY DEFAULT FUTURE FIPS ; do + mkdir -p -m 755 %{buildroot}%{_datarootdir}/crypto-policies/back-ends/$d + for f in %{buildroot}%{_datarootdir}/crypto-policies/$d/* ; do + ln $f %{buildroot}%{_datarootdir}/crypto-policies/back-ends/$d/$(basename $f .txt).config + done +done + +for f in %{buildroot}%{_datarootdir}/crypto-policies/DEFAULT/* ; do + ln -sf %{_datarootdir}/crypto-policies/DEFAULT/$(basename $f) %{buildroot}%{_sysconfdir}/crypto-policies/back-ends/$(basename $f .txt).config +done + +%py_byte_compile %{__python3} %{buildroot}%{_datadir}/crypto-policies/python + +%check +make test %{?_smp_mflags} + + +%post -p +if not posix.access("%{_sysconfdir}/crypto-policies/config") then + local policy = "DEFAULT" + local cf = io.open("/proc/sys/crypto/fips_enabled", "r") + if cf then + if cf:read() == "1" then + policy = "FIPS" + end + cf:close() + end + cf = io.open("%{_sysconfdir}/crypto-policies/config", "w") + if cf then + cf:write(policy.."\n") + cf:close() + end + cf = io.open("%{_sysconfdir}/crypto-policies/state/current", "w") + if cf then + cf:write(policy.."\n") + cf:close() + end + local policypath = "%{_datarootdir}/crypto-policies/"..policy + for fn in posix.files(policypath) do + if fn ~= "." and fn ~= ".." then + local backend = fn:gsub(".*/", ""):gsub("%%..*", "") + local cfgfn = "%{_sysconfdir}/crypto-policies/back-ends/"..backend..".config" + posix.unlink(cfgfn) + posix.symlink(policypath.."/"..fn, cfgfn) + end + end +end + +%posttrans scripts +%{_bindir}/update-crypto-policies --no-check >/dev/null 2>/dev/null || : + + +%files + +%dir %{_sysconfdir}/crypto-policies/ +%dir %{_sysconfdir}/crypto-policies/back-ends/ +%dir %{_sysconfdir}/crypto-policies/state/ +%dir %{_sysconfdir}/crypto-policies/local.d/ +%dir %{_sysconfdir}/crypto-policies/policies/ +%dir %{_sysconfdir}/crypto-policies/policies/modules/ +%dir %{_datarootdir}/crypto-policies/ + +%ghost %config(missingok,noreplace) %{_sysconfdir}/crypto-policies/config + +%ghost %config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/gnutls.config +%ghost %config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/openssl.config +%ghost %config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/opensslcnf.config +%ghost %config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/openssh.config +%ghost %config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/opensshserver.config +%ghost %config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/nss.config +%ghost %config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/bind.config +%ghost %config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/java.config +%ghost %config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/javasystem.config +%ghost %config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/krb5.config +%ghost %config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/libreswan.config +%ghost %config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/libssh.config + +%ghost %{_sysconfdir}/crypto-policies/state/current +%ghost %{_sysconfdir}/crypto-policies/state/CURRENT.pol + +%{_mandir}/man7/crypto-policies.7* +%{_datarootdir}/crypto-policies/LEGACY +%{_datarootdir}/crypto-policies/DEFAULT +%{_datarootdir}/crypto-policies/FUTURE +%{_datarootdir}/crypto-policies/FIPS +%{_datarootdir}/crypto-policies/EMPTY +%{_datarootdir}/crypto-policies/back-ends +%{_datarootdir}/crypto-policies/default-config +%{_datarootdir}/crypto-policies/reload-cmds.sh +%{_datarootdir}/crypto-policies/policies + +%license COPYING.LESSER + + +%license COPYING.LESSER + +%files scripts +%{_bindir}/update-crypto-policies +%{_mandir}/man8/update-crypto-policies.8* +%{_datarootdir}/crypto-policies/python + +%{_bindir}/fips-mode-setup +%{_bindir}/fips-finish-install +%{_mandir}/man8/fips-mode-setup.8* +%{_mandir}/man8/fips-finish-install.8* + + +%changelog +* Mon Mar 14 2022 forrest_ly - 20220314-1 +- Init for Anolis OS 23