diff --git a/compat-openssl11.spec b/compat-openssl11.spec index bca3e3d..872ecec 100644 --- a/compat-openssl11.spec +++ b/compat-openssl11.spec @@ -22,7 +22,7 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: compat-openssl11 Version: 1.1.1k -Release: 1%{?dist} +Release: 2%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -235,6 +235,8 @@ done %check # Verify that what was compiled actually works. +cp apps/openssl.cnf apps/openssl11.cnf + # Hack - either enable SCTP AUTH chunks in kernel or disable sctp for check (sysctl net.sctp.addip_enable=1 && sysctl net.sctp.auth_enable=1) || \ (echo 'Failed to enable SCTP AUTH chunks, disabling SCTP for tests...' && @@ -245,29 +247,12 @@ done # We must revert patch31 before tests otherwise they will fail patch -p1 -R < %{PATCH31} -LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}} -export LD_LIBRARY_PATH -crypto/fips/fips_standalone_hmac libcrypto.so.%{soversion} >.libcrypto.so.%{soversion}.hmac -ln -s .libcrypto.so.%{soversion}.hmac .libcrypto.so.hmac -crypto/fips/fips_standalone_hmac libssl.so.%{soversion} >.libssl.so.%{soversion}.hmac -ln -s .libssl.so.%{soversion}.hmac .libssl.so.hmac OPENSSL_ENABLE_MD5_VERIFY= export OPENSSL_ENABLE_MD5_VERIFY OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file export OPENSSL_SYSTEM_CIPHERS_OVERRIDE make test -# Add generation of HMAC checksum of the final stripped library -%define __spec_install_post \ - %{?__debug_package:%{__debug_install_post}} \ - %{__arch_install_post} \ - %{__os_install_post} \ - crypto/fips/fips_standalone_hmac $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{version}.hmac \ - ln -sf .libcrypto.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{soversion}.hmac \ - crypto/fips/fips_standalone_hmac $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{version}.hmac \ - ln -sf .libssl.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{soversion}.hmac \ -%{nil} - %define __provides_exclude_from %{_libdir}/openssl %install @@ -302,6 +287,9 @@ rm -rf $RPM_BUILD_ROOT%{_mandir}/man3* rm -rf $RPM_BUILD_ROOT%{_libdir}/*.so rm -rf $RPM_BUILD_ROOT%{_libdir}/pkgconfig +# Install compat config file +install -m 644 apps/openssl11.cnf $RPM_BUILD_ROOT%{_sysconfdir}/pki/openssl11.cnf + %files %license LICENSE %doc FAQ NEWS README @@ -309,13 +297,22 @@ rm -rf $RPM_BUILD_ROOT%{_libdir}/pkgconfig %attr(0755,root,root) %{_libdir}/libcrypto.so.%{soversion} %attr(0755,root,root) %{_libdir}/libssl.so.%{version} %attr(0755,root,root) %{_libdir}/libssl.so.%{soversion} -%attr(0644,root,root) %{_libdir}/.libcrypto.so.*.hmac -%attr(0644,root,root) %{_libdir}/.libssl.so.*.hmac %attr(0755,root,root) %{_libdir}/engines-%{soversion} +%config(noreplace) %{_sysconfdir}/pki/openssl11.cnf + +%dir %{_sysconfdir}/pki +%attr(0644,root,root) %{_sysconfdir}/pki/openssl11.cnf %ldconfig_scriptlets %changelog +* Mon Aug 16 2021 Sahana Prasad - 1:1.1.1k-2 +- Remove support for building FIPS mode binaries for the + compat libraries +- Ships openssl11.cnf as the configuration file. +- Resolves: rhbz#1993795 +- Related: rhbz#1947584 + * Thu Apr 08 2021 Sahana Prasad - 1:1.1.1k-1 - Repackage old openssl 1.1.1k package into compat-openssl11 Resolves: bz#1947584