From deff47403e8a111313238b366de220f4e10f616d Mon Sep 17 00:00:00 2001 From: duyiwei Date: Thu, 21 Mar 2024 11:27:41 +0800 Subject: [PATCH] package pruning to minimize dependencies Signed-off-by: duyiwei (cherry picked from commit be1bc11ab9a1e4e80c0e692e9c0952e1f5cbf364) --- crypto-policies.spec | 60 +++++++++++++++++++++++++++----------------- 1 file changed, 37 insertions(+), 23 deletions(-) diff --git a/crypto-policies.spec b/crypto-policies.spec index 6be7ecb..4094e3d 100644 --- a/crypto-policies.spec +++ b/crypto-policies.spec @@ -4,7 +4,7 @@ Name: crypto-policies Version: %{git_date} -Release: 1.git%{git_commit_hash} +Release: 2.git%{git_commit_hash} Summary: Crypto policies package for Fedora License: LGPLv2+ @@ -82,6 +82,7 @@ make %{?_smp_mflags} %install mkdir -p -m 755 %{buildroot}%{_datarootdir}/crypto-policies/ +mkdir -p -m 755 %{buildroot}%{_datarootdir}/crypto-policies/back-ends/ mkdir -p -m 755 %{buildroot}%{_sysconfdir}/crypto-policies/back-ends/ mkdir -p -m 755 %{buildroot}%{_sysconfdir}/crypto-policies/state/ mkdir -p -m 755 %{buildroot}%{_sysconfdir}/crypto-policies/local.d/ @@ -91,14 +92,21 @@ mkdir -p -m 755 %{buildroot}%{_bindir} make DESTDIR=%{buildroot} DIR=%{_datarootdir}/crypto-policies MANDIR=%{_mandir} %{?_smp_mflags} install install -p -m 644 default-config %{buildroot}%{_sysconfdir}/crypto-policies/config +touch %{buildroot}%{_sysconfdir}/crypto-policies/state/current +touch %{buildroot}%{_sysconfdir}/crypto-policies/state/CURRENT.pol # Create back-end configs for mounting with read-only /etc/ for d in LEGACY DEFAULT FUTURE FIPS ; do + mkdir -p -m 755 %{buildroot}%{_datarootdir}/crypto-policies/back-ends/$d for f in %{buildroot}%{_datarootdir}/crypto-policies/$d/* ; do - ln -s $(basename $f) $(dirname $f)/$(basename $f .txt).config + ln $f %{buildroot}%{_datarootdir}/crypto-policies/back-ends/$d/$(basename $f .txt).config done done +for f in %{buildroot}%{_datarootdir}/crypto-policies/DEFAULT/* ; do + ln -sf %{_datarootdir}/crypto-policies/DEFAULT/$(basename $f) %{buildroot}%{_sysconfdir}/crypto-policies/back-ends/$(basename $f .txt).config +done + %py_byte_compile %{__python3} %{buildroot}%{_datadir}/crypto-policies/python %check @@ -109,10 +117,9 @@ sed -i '/\ GOST-ONLY\ /d' Makefile make check %{?_smp_mflags} -%post +%posttrans scripts %{_bindir}/update-crypto-policies --no-check >/dev/null 2>/dev/null || : - %files %dir %{_sysconfdir}/crypto-policies/ @@ -125,35 +132,40 @@ make check %{?_smp_mflags} %config(noreplace) %{_sysconfdir}/crypto-policies/config -%ghost %{_sysconfdir}/crypto-policies/back-ends/gnutls.config -%ghost %{_sysconfdir}/crypto-policies/back-ends/openssl.config -%ghost %{_sysconfdir}/crypto-policies/back-ends/opensslcnf.config -%ghost %{_sysconfdir}/crypto-policies/back-ends/openssh.config -%ghost %{_sysconfdir}/crypto-policies/back-ends/opensshserver.config -%ghost %{_sysconfdir}/crypto-policies/back-ends/nss.config -%ghost %{_sysconfdir}/crypto-policies/back-ends/bind.config -%ghost %{_sysconfdir}/crypto-policies/back-ends/java.config -%ghost %{_sysconfdir}/crypto-policies/back-ends/krb5.config -%ghost %{_sysconfdir}/crypto-policies/back-ends/openjdk.config -%ghost %{_sysconfdir}/crypto-policies/back-ends/libreswan.config -%ghost %{_sysconfdir}/crypto-policies/back-ends/javasystem.config -%ghost %{_sysconfdir}/crypto-policies/back-ends/sequoia.config -%ghost %{_sysconfdir}/crypto-policies/back-ends/rpm-sequoia.config +%config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/gnutls.config +%config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/openssl.config +%config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/opensslcnf.config +%config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/openssh.config +%config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/opensshserver.config +%config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/nss.config +%config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/bind.config +%config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/java.config +%config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/javasystem.config +%config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/krb5.config +%config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/libreswan.config +%config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/libssh.config +%config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/sequoia.config +%config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/rpm-sequoia.config + +%ghost %{_sysconfdir}/crypto-policies/state/current +%ghost %{_sysconfdir}/crypto-policies/state/CURRENT.pol -%{_bindir}/update-crypto-policies %{_mandir}/man7/crypto-policies.7* -%{_mandir}/man8/update-crypto-policies.8* %{_datarootdir}/crypto-policies/LEGACY/* %{_datarootdir}/crypto-policies/DEFAULT/* %{_datarootdir}/crypto-policies/FUTURE/* %{_datarootdir}/crypto-policies/FIPS/* %{_datarootdir}/crypto-policies/EMPTY/* +%{_datarootdir}/crypto-policies/back-ends/* %{_datarootdir}/crypto-policies/default-config %{_datarootdir}/crypto-policies/reload-cmds.sh %{_datarootdir}/crypto-policies/policies -%{_datarootdir}/crypto-policies/python %files scripts +%{_bindir}/update-crypto-policies +%{_mandir}/man8/update-crypto-policies.8* +%{_datarootdir}/crypto-policies/python + %{_bindir}/fips-mode-setup %{_bindir}/fips-finish-install %{_mandir}/man8/fips-mode-setup.8* @@ -163,6 +175,9 @@ make check %{?_smp_mflags} %license COPYING.LESSER %changelog +* Thu Mar 21 2024 duyiwei - 20230614-2.git5f3458e +- package pruning to minimize dependencies + * Fri Jan 26 2024 yixiangzhike - 20230614-1.git5f3458e - update version to 20230614 - DEFAULT policy drop DH<2048bits,TLS1.0,TLS1.1,SHA-1 @@ -438,5 +453,4 @@ make check %{?_smp_mflags} - Updated spec based on comments by Petr Lautrbach. * Mon May 19 2014 Nikos Mavrogiannopoulos - 0.9-1-20140519gitf15621a -- Initial package build - +- Initial package build \ No newline at end of file -- Gitee