diff --git a/crypto-policies-git71ca85f.tar.gz b/crypto-policies-git71ca85f.tar.gz deleted file mode 100644 index 9506b48d64392332ac5d53c8fefdc3f9a674b13d..0000000000000000000000000000000000000000 Binary files a/crypto-policies-git71ca85f.tar.gz and /dev/null differ diff --git a/crypto-policies-git781bbd4.tar.gz b/crypto-policies-git781bbd4.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..b8b3732b23481e5f26be61e326c1f5f65e79a36c Binary files /dev/null and b/crypto-policies-git781bbd4.tar.gz differ diff --git a/crypto-policies.spec b/crypto-policies.spec index 93b3356bf448b37508466a34313500e4120b9919..deb5a33f4cf2812fc4fb960c6b65ff55ad0c4283 100644 --- a/crypto-policies.spec +++ b/crypto-policies.spec @@ -1,9 +1,12 @@ -%global git_date 20180925 -%global git_commit_hash 71ca85f +#Note: The crypto-policies package provides the TLS 1.0, 1.1, and SHA-1 algorithms. The libvirt, qume, and glib-networking packages will use these algorithms. When modifying this package, check whether these algorithms are modified to avoid affecting the compilation of the preceding three packages. + +%global git_date 20200619 +%global git_commit 781bbd45b7286408502ec47b5acc8ae85c604a68 +%global git_commit_hash 781bbd4 Name: crypto-policies Version: %{git_date} -Release: 3.git%{git_commit_hash} +Release: 1.git%{git_commit_hash} Summary: Crypto policies package for Fedora License: LGPLv2+ @@ -11,7 +14,7 @@ URL: https://gitlab.com/redhat-crypto/fedora-crypto-policies # This is a tarball of the git repository without the .git/ # directory. -Source0: crypto-policies-git%{git_commit_hash}.tar.gz +Source0: https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/archive/%{git_commit_hash}/%{name}-git%{git_commit_hash}.tar.gz BuildArch: noarch BuildRequires: asciidoc @@ -24,7 +27,7 @@ BuildRequires: perl-interpreter BuildRequires: perl-generators BuildRequires: perl(File::pushd), perl(File::Temp), perl(File::Copy) BuildRequires: perl(File::Which) -BuildRequires: python3 +BuildRequires: python3-devel # used by update-crypto-policies Requires: coreutils @@ -43,9 +46,26 @@ SSL/TLS libraries. The policy set by the tool will be the default policy used by these back-ends unless the application user configures them otherwise. https://fedoraproject.org/wiki/Changes/CryptoPolicy +%package scripts +Summary: Tool to switch between crypto policies +Requires: %{name} = %{version}-%{release} +Recommends: grubby + +# fips-mode-setup merged into the scripts subpackage +Obsoletes: fips-mode-setup < 20200702-1.c40cede +Provides: fips-mode-setup = %{version}-%{release} + +%description scripts +This package provides a tool update-crypto-policies, which applies +the policies provided by the crypto-policies package. These can be +either the pre-built policies from the base package or custom policies +defined in simple policy definition files. + +The package also provides a tool fips-mode-setup, which can be used +to enable or disable the system FIPS mode. %prep -%setup -q -n %{name} +%setup -q -n fedora-%{name}-%{git_commit_hash}-%{git_commit} %build make %{?_smp_mflags} @@ -53,25 +73,39 @@ make %{?_smp_mflags} %install mkdir -p -m 755 %{buildroot}%{_datarootdir}/crypto-policies/ mkdir -p -m 755 %{buildroot}%{_sysconfdir}/crypto-policies/back-ends/ +mkdir -p -m 755 %{buildroot}%{_sysconfdir}/crypto-policies/state/ mkdir -p -m 755 %{buildroot}%{_sysconfdir}/crypto-policies/local.d/ -mkdir -p -m 755 %{buildroot}%{_mandir}/man8 +mkdir -p -m 755 %{buildroot}%{_sysconfdir}/crypto-policies/policies/ +mkdir -p -m 755 %{buildroot}%{_sysconfdir}/crypto-policies/policies/modules/ mkdir -p -m 755 %{buildroot}%{_bindir} -make DESTDIR=%{buildroot} DIR=%{_datarootdir}/crypto-policies MANDIR=%{_mandir}/man8 %{?_smp_mflags} install +make DESTDIR=%{buildroot} DIR=%{_datarootdir}/crypto-policies MANDIR=%{_mandir} %{?_smp_mflags} install install -p -m 644 default-config %{buildroot}%{_sysconfdir}/crypto-policies/config +# Create back-end configs for mounting with read-only /etc/ +for d in LEGACY DEFAULT FUTURE FIPS ; do + for f in %{buildroot}%{_datarootdir}/crypto-policies/$d/* ; do + ln -s $(basename $f) $(dirname $f)/$(basename $f .txt).config + done +done + +%py_byte_compile %{__python3} %{buildroot}%{_datadir}/crypto-policies/python + %check make check %{?_smp_mflags} %post -%{_bindir}/update-crypto-policies --no-check >/dev/null +%{_bindir}/update-crypto-policies --no-check >/dev/null 2>/dev/null || : %files %dir %{_sysconfdir}/crypto-policies/ %dir %{_sysconfdir}/crypto-policies/back-ends/ +%dir %{_sysconfdir}/crypto-policies/state/ %dir %{_sysconfdir}/crypto-policies/local.d/ +%dir %{_sysconfdir}/crypto-policies/policies/ +%dir %{_sysconfdir}/crypto-policies/policies/modules/ %dir %{_datarootdir}/crypto-policies/ %config(noreplace) %{_sysconfdir}/crypto-policies/config @@ -89,11 +123,8 @@ make check %{?_smp_mflags} %ghost %{_sysconfdir}/crypto-policies/back-ends/libreswan.config %{_bindir}/update-crypto-policies -%{_bindir}/fips-mode-setup -%{_bindir}/fips-finish-install -%{_mandir}/man8/update-crypto-policies.8.gz -%{_mandir}/man8/fips-mode-setup.8.gz -%{_mandir}/man8/fips-finish-install.8.gz +%{_mandir}/man7/crypto-policies.7* +%{_mandir}/man8/update-crypto-policies.8* %{_datarootdir}/crypto-policies/LEGACY/* %{_datarootdir}/crypto-policies/DEFAULT/* %{_datarootdir}/crypto-policies/NEXT/* @@ -102,11 +133,22 @@ make check %{?_smp_mflags} %{_datarootdir}/crypto-policies/EMPTY/* %{_datarootdir}/crypto-policies/default-config %{_datarootdir}/crypto-policies/reload-cmds.sh +%{_datarootdir}/crypto-policies/policies +%{_datarootdir}/crypto-policies/python + +%files scripts +%{_bindir}/fips-mode-setup +%{_bindir}/fips-finish-install +%{_mandir}/man8/fips-mode-setup.8* +%{_mandir}/man8/fips-finish-install.8* %{!?_licensedir:%global license %%doc} %license COPYING.LESSER %changelog +* Thu Aug 27 2020 wangchen - 20200619-1.git781bbd4 +- update to 20200619 + * Sun Mar 15 2020 openEuler Buildteam - 20180925-3.git71ca85f - fix make check failed