import crypto-policies-20191128-2.git23e1bf1.el8
This commit is contained in:
CentOS Sources
Stepan Oksanichenko
parent
2c5c148c51
commit
3dec5f3185
|
|
@ -1 +1 @@
|
|||
cd143a381b920b2175b5faac4b0a9a03f2d9c541 SOURCES/crypto-policies-git21ffdc8.tar.gz
|
||||
bca7f9bff61fcb2c905a139b90575e8623744dc4 SOURCES/crypto-policies-git23e1bf1.tar.gz
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
SOURCES/crypto-policies-git21ffdc8.tar.gz
|
||||
SOURCES/crypto-policies-git23e1bf1.tar.gz
|
||||
|
|
|
|||
|
|
@ -1,17 +1,19 @@
|
|||
%global git_date 20190613
|
||||
%global git_commit_hash 21ffdc8
|
||||
%global git_date 20191128
|
||||
%global git_commit_hash 23e1bf1
|
||||
|
||||
%global _python_bytecompile_extra 0
|
||||
|
||||
Name: crypto-policies
|
||||
Version: %{git_date}
|
||||
Release: 1.git%{git_commit_hash}%{?dist}
|
||||
Summary: Systemwide crypto policies
|
||||
Release: 2.git%{git_commit_hash}%{?dist}
|
||||
Summary: System-wide crypto policies
|
||||
|
||||
License: LGPLv2+
|
||||
URL: https://gitlab.com/redhat-crypto/fedora-crypto-policies
|
||||
|
||||
# This is a tarball of the git repository without the .git/
|
||||
# directory.
|
||||
# For RHEL-8 we use the upstream branch next-default.
|
||||
# For RHEL-8 we use the upstream branch rhel8.
|
||||
Source0: crypto-policies-git%{git_commit_hash}.tar.gz
|
||||
|
||||
BuildArch: noarch
|
||||
|
|
@ -34,9 +36,9 @@ Requires: sed
|
|||
Requires(post): coreutils
|
||||
Requires(post): grep
|
||||
Requires(post): sed
|
||||
# Temporarily switched off
|
||||
# Conflicts: nss < 3.44.0
|
||||
Conflicts: nss < 3.44.0
|
||||
Conflicts: libreswan < 3.28
|
||||
Conflicts: openssh < 8.0p1
|
||||
# used by fips-mode-setup
|
||||
Recommends: grubby
|
||||
|
||||
|
|
@ -52,34 +54,47 @@ to enable or disable the system FIPS mode.
|
|||
%prep
|
||||
%setup -q -n %{name}
|
||||
|
||||
# Temporarily remove CURVE25519 from the NSS config
|
||||
for f in back-ends/nss.pl tests/outputs/*-nss.txt ; do sed -i -E 's/CURVE25519:?//' $f ; done
|
||||
|
||||
|
||||
%build
|
||||
make %{?_smp_mflags}
|
||||
%make_build
|
||||
|
||||
%install
|
||||
mkdir -p -m 755 %{buildroot}%{_datarootdir}/crypto-policies/
|
||||
mkdir -p -m 755 %{buildroot}%{_datarootdir}/crypto-policies/back-ends/
|
||||
mkdir -p -m 755 %{buildroot}%{_sysconfdir}/crypto-policies/back-ends/
|
||||
mkdir -p -m 755 %{buildroot}%{_sysconfdir}/crypto-policies/state/
|
||||
mkdir -p -m 755 %{buildroot}%{_sysconfdir}/crypto-policies/local.d/
|
||||
mkdir -p -m 755 %{buildroot}%{_sysconfdir}/crypto-policies/policies/
|
||||
mkdir -p -m 755 %{buildroot}%{_sysconfdir}/crypto-policies/policies/modules/
|
||||
mkdir -p -m 755 %{buildroot}%{_bindir}
|
||||
|
||||
make DESTDIR=%{buildroot} DIR=%{_datarootdir}/crypto-policies MANDIR=%{_mandir} %{?_smp_mflags} install
|
||||
install -p -m 644 default-config %{buildroot}%{_sysconfdir}/crypto-policies/config
|
||||
|
||||
# Create back-end configs for mounting with read-only /etc/
|
||||
for d in LEGACY DEFAULT FUTURE FIPS ; do
|
||||
mkdir -p -m 755 %{buildroot}%{_datarootdir}/crypto-policies/back-ends/$d
|
||||
for f in %{buildroot}%{_datarootdir}/crypto-policies/$d/* ; do
|
||||
ln $f %{buildroot}%{_datarootdir}/crypto-policies/back-ends/$d/$(basename $f .txt).config
|
||||
done
|
||||
done
|
||||
|
||||
%py_byte_compile %{__python3} %{buildroot}%{_datadir}/crypto-policies/python
|
||||
|
||||
%check
|
||||
make check %{?_smp_mflags}
|
||||
|
||||
%post
|
||||
%{_bindir}/update-crypto-policies --no-check >/dev/null
|
||||
%posttrans
|
||||
%{_bindir}/update-crypto-policies --no-check >/dev/null 2>/dev/null || :
|
||||
|
||||
|
||||
%files
|
||||
|
||||
%dir %{_sysconfdir}/crypto-policies/
|
||||
%dir %{_sysconfdir}/crypto-policies/back-ends/
|
||||
%dir %{_sysconfdir}/crypto-policies/state/
|
||||
%dir %{_sysconfdir}/crypto-policies/local.d/
|
||||
%dir %{_sysconfdir}/crypto-policies/policies/
|
||||
%dir %{_sysconfdir}/crypto-policies/policies/modules/
|
||||
%dir %{_datarootdir}/crypto-policies/
|
||||
|
||||
%config(noreplace) %{_sysconfdir}/crypto-policies/config
|
||||
|
|
@ -95,6 +110,7 @@ make check %{?_smp_mflags}
|
|||
%ghost %{_sysconfdir}/crypto-policies/back-ends/krb5.config
|
||||
%ghost %{_sysconfdir}/crypto-policies/back-ends/openjdk.config
|
||||
%ghost %{_sysconfdir}/crypto-policies/back-ends/libreswan.config
|
||||
%ghost %{_sysconfdir}/crypto-policies/back-ends/libssh.config
|
||||
|
||||
%{_bindir}/update-crypto-policies
|
||||
%{_bindir}/fips-mode-setup
|
||||
|
|
@ -103,18 +119,49 @@ make check %{?_smp_mflags}
|
|||
%{_mandir}/man8/update-crypto-policies.8*
|
||||
%{_mandir}/man8/fips-mode-setup.8*
|
||||
%{_mandir}/man8/fips-finish-install.8*
|
||||
%{_datarootdir}/crypto-policies/LEGACY/*
|
||||
%{_datarootdir}/crypto-policies/DEFAULT/*
|
||||
%{_datarootdir}/crypto-policies/FUTURE/*
|
||||
%{_datarootdir}/crypto-policies/FIPS/*
|
||||
%{_datarootdir}/crypto-policies/EMPTY/*
|
||||
%{_datarootdir}/crypto-policies/LEGACY
|
||||
%{_datarootdir}/crypto-policies/DEFAULT
|
||||
%{_datarootdir}/crypto-policies/FUTURE
|
||||
%{_datarootdir}/crypto-policies/FIPS
|
||||
%{_datarootdir}/crypto-policies/EMPTY
|
||||
%{_datarootdir}/crypto-policies/back-ends
|
||||
%{_datarootdir}/crypto-policies/default-config
|
||||
%{_datarootdir}/crypto-policies/reload-cmds.sh
|
||||
%{_datarootdir}/crypto-policies/policies
|
||||
%{_datarootdir}/crypto-policies/python
|
||||
|
||||
%{!?_licensedir:%global license %%doc}
|
||||
%license COPYING.LESSER
|
||||
|
||||
%changelog
|
||||
* Mon Dec 16 2019 Tomáš Mráz <tmraz@redhat.com> - 20191128-2.git23e1bf1
|
||||
- move the pre-built .config files to /usr/share/crypto-policies/back-ends
|
||||
|
||||
* Fri Nov 29 2019 Tomáš Mráz <tmraz@redhat.com> - 20191128-1.git23e1bf1
|
||||
- fips-mode-setup: compatibility with RHCOS
|
||||
|
||||
* Thu Nov 28 2019 Tomáš Mráz <tmraz@redhat.com> - 20191127-1.git1179826
|
||||
- add FIPS subpolicy for OSPP
|
||||
|
||||
* Tue Oct 29 2019 Tomáš Mráz <tmraz@redhat.com> - 20191022-1.gite17cc3a
|
||||
- custom crypto policies support
|
||||
- update-crypto-policies: fix handling of list operations in policy modules
|
||||
- update-crypto-policies: fix updating of the current policy marker
|
||||
- fips-mode-setup: fixes related to containers and non-root execution
|
||||
- make it possible to use fips-mode-setup --check without dracut
|
||||
- add .config symlinks so a crypto policy can be set with read-only
|
||||
/etc by bind-mounting /usr/share/crypto-policies/<policy> to
|
||||
/etc/crypto-policies/back-ends
|
||||
- run the update-crypto-policies in posttrans
|
||||
|
||||
* Wed Aug 7 2019 Tomáš Mráz <tmraz@redhat.com> - 20190807-1.git9b1477b
|
||||
- gnutls: enable TLS-1.3 in the FIPS policy
|
||||
|
||||
* Mon Aug 5 2019 Tomáš Mráz <tmraz@redhat.com> - 20190613-2.git21ffdc8
|
||||
- fix ownership of policy directories
|
||||
- nss: enable X25519 in appropriate policies and conflict with old nss
|
||||
- openssh: conflict with old incompatible openssh version
|
||||
|
||||
* Thu Jun 13 2019 Tomáš Mráz <tmraz@redhat.com> - 20190613-1.git21ffdc8
|
||||
- openssh: add missing curve25519-sha256 to the key exchange list
|
||||
- openssh: fix RSA certificate support
|
||||
|
|
|
|||
Loading…
Reference in New Issue