import crypto-policies-20200629-1.git806b5d3.el8
This commit is contained in:
CentOS Sources
parent
1d2a0511f1
commit
33f90e1694
@ -1 +1 @@
|
|||||||
2834b0c37f4c14cfeebb650da7565d2f3830c9c9 SOURCES/crypto-policies-git63fc906.tar.gz
|
b17e88d01d90c55feb4dd5f5e8faf8e96d3a8069 SOURCES/crypto-policies-git806b5d3.tar.gz
|
||||||
|
|||||||
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/crypto-policies-git63fc906.tar.gz
|
SOURCES/crypto-policies-git806b5d3.tar.gz
|
||||||
|
|||||||
@ -1,12 +1,12 @@
|
|||||||
%global git_date 20200527
|
%global git_date 20200629
|
||||||
%global git_commit 63fc906fb32cd699f9bc0a48f9c3b9d0fa7310dd
|
%global git_commit 806b5d33a0cac789fd07da2d2a7c25767b8533a7
|
||||||
%{?git_commit:%global git_commit_hash %(c=%{git_commit}; echo ${c:0:7})}
|
%{?git_commit:%global git_commit_hash %(c=%{git_commit}; echo ${c:0:7})}
|
||||||
|
|
||||||
%global _python_bytecompile_extra 0
|
%global _python_bytecompile_extra 0
|
||||||
|
|
||||||
Name: crypto-policies
|
Name: crypto-policies
|
||||||
Version: %{git_date}
|
Version: %{git_date}
|
||||||
Release: 4.git%{git_commit_hash}%{?dist}
|
Release: 1.git%{git_commit_hash}%{?dist}
|
||||||
Summary: System-wide crypto policies
|
Summary: System-wide crypto policies
|
||||||
|
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
@ -27,16 +27,10 @@ BuildRequires: perl(File::pushd), perl(File::Temp), perl(File::Copy)
|
|||||||
BuildRequires: perl(File::Which)
|
BuildRequires: perl(File::Which)
|
||||||
BuildRequires: python3-devel
|
BuildRequires: python3-devel
|
||||||
|
|
||||||
# used by update-crypto-policies
|
|
||||||
Requires: coreutils
|
|
||||||
Requires: grep
|
|
||||||
Requires: sed
|
|
||||||
Requires(post): coreutils
|
|
||||||
Requires(post): grep
|
|
||||||
Requires(post): sed
|
|
||||||
Conflicts: nss < 3.44.0
|
Conflicts: nss < 3.44.0
|
||||||
Conflicts: libreswan < 3.28
|
Conflicts: libreswan < 3.28
|
||||||
Conflicts: openssh < 8.0p1-5
|
Conflicts: openssh < 8.0p1-5
|
||||||
|
Conflicts: gnutls < 3.6.12
|
||||||
# Most users want this, the split is mostly for minimal images
|
# Most users want this, the split is mostly for minimal images
|
||||||
Recommends: crypto-policies-scripts
|
Recommends: crypto-policies-scripts
|
||||||
|
|
||||||
@ -102,30 +96,30 @@ make check %{?_smp_mflags}
|
|||||||
|
|
||||||
%post -p <lua>
|
%post -p <lua>
|
||||||
if not posix.access("%{_sysconfdir}/crypto-policies/config") then
|
if not posix.access("%{_sysconfdir}/crypto-policies/config") then
|
||||||
local f = io.open("/proc/sys/crypto/fips_enabled", "r")
|
local policy = "DEFAULT"
|
||||||
if f then
|
local cf = io.open("/proc/sys/crypto/fips_enabled", "r")
|
||||||
local policy = "DEFAULT"
|
if cf then
|
||||||
if f:read() == "1" then
|
if cf:read() == "1" then
|
||||||
policy = "FIPS"
|
policy = "FIPS"
|
||||||
end
|
end
|
||||||
f:close()
|
cf:close()
|
||||||
local cf = io.open("%{_sysconfdir}/crypto-policies/config", "w")
|
end
|
||||||
if cf then
|
cf = io.open("%{_sysconfdir}/crypto-policies/config", "w")
|
||||||
cf:write(policy.."\n")
|
if cf then
|
||||||
cf:close()
|
cf:write(policy.."\n")
|
||||||
end
|
cf:close()
|
||||||
cf = io.open("%{_sysconfdir}/crypto-policies/state/current", "w")
|
end
|
||||||
if cf then
|
cf = io.open("%{_sysconfdir}/crypto-policies/state/current", "w")
|
||||||
cf:write(policy.."\n")
|
if cf then
|
||||||
cf:close()
|
cf:write(policy.."\n")
|
||||||
end
|
cf:close()
|
||||||
local policypath = "%{_datarootdir}/crypto-policies/"..policy
|
end
|
||||||
for fn in posix.files(policypath) do
|
local policypath = "%{_datarootdir}/crypto-policies/"..policy
|
||||||
local backend = fn:gsub(".*/", ""):gsub("%%..*", "")
|
for fn in posix.files(policypath) do
|
||||||
local cfgfn = "%{_sysconfdir}/crypto-policies/back-ends/"..backend..".config"
|
local backend = fn:gsub(".*/", ""):gsub("%%..*", "")
|
||||||
posix.unlink(cfgfn)
|
local cfgfn = "%{_sysconfdir}/crypto-policies/back-ends/"..backend..".config"
|
||||||
posix.symlink(policypath.."/"..fn, cfgfn)
|
posix.unlink(cfgfn)
|
||||||
end
|
posix.symlink(policypath.."/"..fn, cfgfn)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -185,6 +179,19 @@ end
|
|||||||
%{_mandir}/man8/fips-finish-install.8*
|
%{_mandir}/man8/fips-finish-install.8*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Jul 1 2020 Tomáš Mráz <tmraz@redhat.com> - 20200629-1.git806b5d3
|
||||||
|
- disallow X448/ED448 in FIPS policy with gnutls >= 3.6.12
|
||||||
|
- add AD-SUPPORT policy module
|
||||||
|
|
||||||
|
* Wed Jun 10 2020 Tomáš Mráz <tmraz@redhat.com> - 20200610-1.git0ac8b1f
|
||||||
|
- fallback to FIPS policy instead of the default-config in FIPS mode
|
||||||
|
- java: Document properly how to override the crypto policy
|
||||||
|
- krb5: No support for 3des anymore
|
||||||
|
- reorder the signature algorithms to follow the order in default openssl list
|
||||||
|
|
||||||
|
* Tue Jun 9 2020 Tomáš Mráz <tmraz@redhat.com> - 20200527-5.gitb234a47
|
||||||
|
- make the post script work in environments where /proc/sys is not available
|
||||||
|
|
||||||
* Fri May 29 2020 Tomáš Mráz <tmraz@redhat.com> - 20200527-4.gitb234a47
|
* Fri May 29 2020 Tomáš Mráz <tmraz@redhat.com> - 20200527-4.gitb234a47
|
||||||
- automatically set up FIPS policy in FIPS mode on first install
|
- automatically set up FIPS policy in FIPS mode on first install
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user