Update spec file, remove fipsmodule.cnf

Related: rhbz#2026445
This commit is contained in:
Dmitry Belyavskiy 2022-01-13 13:35:22 +01:00
parent 6cdaa527d8
commit e63c4b68b2

View File

@ -15,7 +15,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl Name: openssl
Version: 3.0.0 Version: 3.0.0
Release: 6%{?dist} Release: 7%{?dist}
Epoch: 1 Epoch: 1
# We have to remove certain patented algorithms from the openssl source # We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below. # tarball with the hobble-openssl script which is included below.
@ -67,6 +67,10 @@ Patch33: 0033-FIPS-embed-hmac.patch
Patch34: 0034.fipsinstall_disable.patch Patch34: 0034.fipsinstall_disable.patch
# Skip unavailable algorithms running `openssl speed` # Skip unavailable algorithms running `openssl speed`
Patch35: 0035-speed-skip-unavailable-dgst.patch Patch35: 0035-speed-skip-unavailable-dgst.patch
# Minimize fips services
Patch45: 0045-FIPS-services-minimize.patch
# Enable SHA1 HMAC in FIPS mode
Patch46: 0046-FIPS-permitsha1-hmac.patch
# Tmp: coverity # Tmp: coverity
Patch100: 0100-coverity.patch Patch100: 0100-coverity.patch
@ -310,9 +314,8 @@ touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf.dist rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf.dist
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf.dist rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf.dist
%ifarch i686 #we don't use native fipsmodule.cnf because FIPS module is loaded automatically
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/fipsmodule.cnf rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/fipsmodule.cnf
%endif
# Determine which arch opensslconf.h is going to try to #include. # Determine which arch opensslconf.h is going to try to #include.
basearch=%{_arch} basearch=%{_arch}
@ -374,9 +377,6 @@ install -m644 %{SOURCE9} \
%{_libdir}/libssl.so.%{soversion} %{_libdir}/libssl.so.%{soversion}
%attr(0755,root,root) %{_libdir}/engines-%{soversion} %attr(0755,root,root) %{_libdir}/engines-%{soversion}
%attr(0755,root,root) %{_libdir}/ossl-modules %attr(0755,root,root) %{_libdir}/ossl-modules
%ifnarch i686
%config(noreplace) %{_sysconfdir}/pki/tls/fipsmodule.cnf
%endif
%files devel %files devel
%doc CHANGES.md doc/dir-locals.example.el doc/openssl-c-indent.el %doc CHANGES.md doc/dir-locals.example.el doc/openssl-c-indent.el
@ -400,6 +400,11 @@ install -m644 %{SOURCE9} \
%ldconfig_scriptlets libs %ldconfig_scriptlets libs
%changelog %changelog
* Mon Jan 17 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-7
- Remove algorithms we don't plan to certify from fips module
- Remove native fipsmodule.cnf
- Related: rhbz#2026445
* Tue Dec 21 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-6 * Tue Dec 21 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-6
- openssl speed should run in FIPS mode - openssl speed should run in FIPS mode
- Related: rhbz#1977318 - Related: rhbz#1977318