forked from rpms/openssl
Update spec file, remove fipsmodule.cnf
Related: rhbz#2026445
This commit is contained in:
parent
6cdaa527d8
commit
e63c4b68b2
17
openssl.spec
17
openssl.spec
@ -15,7 +15,7 @@
|
|||||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 3.0.0
|
Version: 3.0.0
|
||||||
Release: 6%{?dist}
|
Release: 7%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
# We have to remove certain patented algorithms from the openssl source
|
# We have to remove certain patented algorithms from the openssl source
|
||||||
# tarball with the hobble-openssl script which is included below.
|
# tarball with the hobble-openssl script which is included below.
|
||||||
@ -67,6 +67,10 @@ Patch33: 0033-FIPS-embed-hmac.patch
|
|||||||
Patch34: 0034.fipsinstall_disable.patch
|
Patch34: 0034.fipsinstall_disable.patch
|
||||||
# Skip unavailable algorithms running `openssl speed`
|
# Skip unavailable algorithms running `openssl speed`
|
||||||
Patch35: 0035-speed-skip-unavailable-dgst.patch
|
Patch35: 0035-speed-skip-unavailable-dgst.patch
|
||||||
|
# Minimize fips services
|
||||||
|
Patch45: 0045-FIPS-services-minimize.patch
|
||||||
|
# Enable SHA1 HMAC in FIPS mode
|
||||||
|
Patch46: 0046-FIPS-permitsha1-hmac.patch
|
||||||
# Tmp: coverity
|
# Tmp: coverity
|
||||||
Patch100: 0100-coverity.patch
|
Patch100: 0100-coverity.patch
|
||||||
|
|
||||||
@ -310,9 +314,8 @@ touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf
|
|||||||
|
|
||||||
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf.dist
|
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf.dist
|
||||||
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf.dist
|
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf.dist
|
||||||
%ifarch i686
|
#we don't use native fipsmodule.cnf because FIPS module is loaded automatically
|
||||||
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/fipsmodule.cnf
|
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/fipsmodule.cnf
|
||||||
%endif
|
|
||||||
|
|
||||||
# Determine which arch opensslconf.h is going to try to #include.
|
# Determine which arch opensslconf.h is going to try to #include.
|
||||||
basearch=%{_arch}
|
basearch=%{_arch}
|
||||||
@ -374,9 +377,6 @@ install -m644 %{SOURCE9} \
|
|||||||
%{_libdir}/libssl.so.%{soversion}
|
%{_libdir}/libssl.so.%{soversion}
|
||||||
%attr(0755,root,root) %{_libdir}/engines-%{soversion}
|
%attr(0755,root,root) %{_libdir}/engines-%{soversion}
|
||||||
%attr(0755,root,root) %{_libdir}/ossl-modules
|
%attr(0755,root,root) %{_libdir}/ossl-modules
|
||||||
%ifnarch i686
|
|
||||||
%config(noreplace) %{_sysconfdir}/pki/tls/fipsmodule.cnf
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%files devel
|
%files devel
|
||||||
%doc CHANGES.md doc/dir-locals.example.el doc/openssl-c-indent.el
|
%doc CHANGES.md doc/dir-locals.example.el doc/openssl-c-indent.el
|
||||||
@ -400,6 +400,11 @@ install -m644 %{SOURCE9} \
|
|||||||
%ldconfig_scriptlets libs
|
%ldconfig_scriptlets libs
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jan 17 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-7
|
||||||
|
- Remove algorithms we don't plan to certify from fips module
|
||||||
|
- Remove native fipsmodule.cnf
|
||||||
|
- Related: rhbz#2026445
|
||||||
|
|
||||||
* Tue Dec 21 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-6
|
* Tue Dec 21 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-6
|
||||||
- openssl speed should run in FIPS mode
|
- openssl speed should run in FIPS mode
|
||||||
- Related: rhbz#1977318
|
- Related: rhbz#1977318
|
||||||
|
Loading…
Reference in New Issue
Block a user