Specify --with-fips140-module-name and --with-fips140-module-version

Related: #2033220 Signed-off-by: Daiki Ueno <dueno@redhat.com>
2022-02-02 09:19:11 +01:00 · 2022-02-02 09:19:11 +01:00 · 1454d59d19
parent 8b49674631
commit 1454d59d19
1 changed files with 21 additions and 0 deletions
--- a/gnutls.spec
+++ b/gnutls.spec
@ -1,3 +1,17 @@
+%define srpmhash() %{lua:
+local files = rpm.expand("%_specdir/gnutls.spec")
+for i, p in ipairs(patches) do
+   files = files.." "..p
+end
+for i, p in ipairs(sources) do
+   files = files.." "..p
+end
+local sha256sum = assert(io.popen("cat "..files.."| sha256sum"))
+local hash = sha256sum:read("*a")
+sha256sum:close()
+print(string.sub(hash, 0, 16))
+}
+
 Version: 3.7.3
 Release: 3%{?dist}
 Patch1:	gnutls-3.6.7-no-now-guile.patch
@ -185,9 +199,16 @@ GUILD=%{_bindir}/guild2.2
 export GUILD
 %endif

+%if %{with fips}
+eval $(sed -n 's/^\(\(NAME\|VERSION_ID\)=.*\)/OS_\1/p' /etc/os-release)
+export FIPS_MODULE_NAME="$OS_NAME $OS_VERSION_ID %name"
+%endif
+
 %configure \
 %if %{with fips}
           --enable-fips140-mode \
+           --with-fips140-module-name="$FIPS_MODULE_NAME" \
+           --with-fips140-module-version=%{version}-%{srpmhash} \
 %endif
 %if %{with gost}
    	   --enable-gost \