import crypto-policies-20221215-1.git9a18988.el9
This commit is contained in:
parent
1a01bcc547
commit
f662715b60
@ -1 +1 @@
|
|||||||
0890ea06566ded55ed48890da1a2fbb2128268b7 SOURCES/crypto-policies-git0fbe86f.tar.gz
|
fbe5c6bd87287dd2059da06f83ce4363ed898773 SOURCES/crypto-policies-git9a18988.tar.gz
|
||||||
|
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/crypto-policies-git0fbe86f.tar.gz
|
SOURCES/crypto-policies-git9a18988.tar.gz
|
||||||
|
@ -1,9 +1,31 @@
|
|||||||
%global git_date 20220815
|
%global git_date 20221215
|
||||||
%global git_commit 0fbe86f88d51fb210d536908b10450eb7467e1d6
|
%global git_commit 9a189880a1cda3c0bbedab06d405c0a724c0a2f7
|
||||||
%{?git_commit:%global git_commit_hash %(c=%{git_commit}; echo ${c:0:7})}
|
%{?git_commit:%global git_commit_hash %(c=%{git_commit}; echo ${c:0:7})}
|
||||||
|
|
||||||
%global _python_bytecompile_extra 0
|
%global _python_bytecompile_extra 0
|
||||||
|
|
||||||
|
# RSAMinSize vs RequiredRSASize vs nothing, remove when OpenSSH >= 9.1
|
||||||
|
%if 0%{?rhel} == 9
|
||||||
|
# RHEL-9: must be RequiredRSASize in RHEL >= 9.2, Conflicts-enforced,
|
||||||
|
%global MIN_RSA_NAME RequiredRSASize
|
||||||
|
%elif 0%{?rhel} == 10
|
||||||
|
# ELN: RequiredRSASize for openssh >= 9.0p1-5, RSAMinSize for >= 9.0p1-2
|
||||||
|
%if v"%(rpm -q openssh | head -n1)" >= v"openssh-9.0p1-5"
|
||||||
|
%global MIN_RSA_NAME RequiredRSASize
|
||||||
|
%elif v"%(rpm -q openssh | head -n1)" >= v"openssh-9.0p1-2"
|
||||||
|
%global MIN_RSA_NAME RSAMinSize
|
||||||
|
%else
|
||||||
|
%global MIN_RSA_NAME none
|
||||||
|
%endif
|
||||||
|
%else
|
||||||
|
# some other distro, follow autodetection which checks for openssh >= 9.1
|
||||||
|
%if v"%(rpm -q openssh | head -n1)" >= v"openssh-9.1"
|
||||||
|
%global MIN_RSA_NAME RequiredRSASize
|
||||||
|
%else
|
||||||
|
%global MIN_RSA_NAME none
|
||||||
|
%endif
|
||||||
|
%endif
|
||||||
|
|
||||||
Name: crypto-policies
|
Name: crypto-policies
|
||||||
Version: %{git_date}
|
Version: %{git_date}
|
||||||
Release: 1.git%{git_commit_hash}%{?dist}
|
Release: 1.git%{git_commit_hash}%{?dist}
|
||||||
@ -32,7 +54,7 @@ BuildRequires: make
|
|||||||
Conflicts: openssl < 1:3.0.1-10
|
Conflicts: openssl < 1:3.0.1-10
|
||||||
Conflicts: nss < 3.44.0
|
Conflicts: nss < 3.44.0
|
||||||
Conflicts: libreswan < 3.28
|
Conflicts: libreswan < 3.28
|
||||||
Conflicts: openssh < 8.7p1-10
|
Conflicts: openssh < 8.7p1-24
|
||||||
Conflicts: gnutls < 3.7.2-3
|
Conflicts: gnutls < 3.7.2-3
|
||||||
|
|
||||||
%description
|
%description
|
||||||
@ -60,6 +82,10 @@ to enable or disable the system FIPS mode.
|
|||||||
%autopatch -p1
|
%autopatch -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
sed -i \
|
||||||
|
"s/MIN_RSA_DEFAULT = .*/MIN_RSA_DEFAULT = '%{MIN_RSA_NAME}'/" \
|
||||||
|
python/policygenerators/openssh.py
|
||||||
|
grep "MIN_RSA_DEFAULT = '%{MIN_RSA_NAME}'" python/policygenerators/openssh.py
|
||||||
%make_build
|
%make_build
|
||||||
|
|
||||||
%install
|
%install
|
||||||
@ -95,7 +121,15 @@ done
|
|||||||
%py_byte_compile %{__python3} %{buildroot}%{_datadir}/crypto-policies/python
|
%py_byte_compile %{__python3} %{buildroot}%{_datadir}/crypto-policies/python
|
||||||
|
|
||||||
%check
|
%check
|
||||||
make ON_RHEL9=1 test %{?_smp_mflags}
|
# RSAMinSize vs RequiredRSASize vs nothing, remove when OpenSSH >= 9.1
|
||||||
|
%if "%{MIN_RSA_NAME}" == "none"
|
||||||
|
sed -i '/RequiredRSASize .*/d' tests/outputs/*.txt
|
||||||
|
%elif "%{MIN_RSA_NAME}" == "RSAMinSize"
|
||||||
|
sed -i 's/RequiredRSASize/RSAMinSize/' tests/outputs/*.txt
|
||||||
|
%else
|
||||||
|
[ "%{MIN_RSA_NAME}" == "RequiredRSASize" ] || exit 7
|
||||||
|
%endif
|
||||||
|
make ON_RHEL9=1 test
|
||||||
|
|
||||||
%post -p <lua>
|
%post -p <lua>
|
||||||
if not posix.access("%{_sysconfdir}/crypto-policies/config") then
|
if not posix.access("%{_sysconfdir}/crypto-policies/config") then
|
||||||
@ -185,6 +219,12 @@ end
|
|||||||
%{_mandir}/man8/fips-finish-install.8*
|
%{_mandir}/man8/fips-finish-install.8*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Dec 15 2022 Alexander Sosedkin <asosedkin@redhat.com> - 20221215-1.git9a18988
|
||||||
|
- bind: expand the list of disableable algorithms
|
||||||
|
|
||||||
|
* Mon Oct 03 2022 Alexander Sosedkin <asosedkin@redhat.com> - 20221003-1.git04dee29
|
||||||
|
- openssh: rename RSAMinSize option to RequiredRSASize
|
||||||
|
|
||||||
* Mon Aug 15 2022 Alexander Sosedkin <asosedkin@redhat.com> - 20220815-1.git0fbe86f
|
* Mon Aug 15 2022 Alexander Sosedkin <asosedkin@redhat.com> - 20220815-1.git0fbe86f
|
||||||
- openssh: add RSAMinSize option following min_rsa_size
|
- openssh: add RSAMinSize option following min_rsa_size
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user