rpms/gnutls
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Port packaging changes from CentOS Stream 9

Browse Source 
This adds the following cleanups:
- Conditionalize features with bcond: tpm2, certificate_compression, and tests
- Remove leftover libopts cleanup
- Move autoreconf invocation from %prep to %build, to speed up fedpkg prep
- Switch to using %autosetup -S git
- Ignore errors in gpgverify to work around build under FIPS
- Support FIPS module version

Signed-off-by: Daiki Ueno <dueno@redhat.com>
This commit is contained in:
Daiki Ueno 2022-08-26 20:55:49 +09:00
parent 9936110449
commit a64b049712
1 changed files with 58 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
gnutls.spec
View File

@ -1,9 +1,22 @@
# This spec file has been automatically updated %define srpmhash() %{lua:
local files = rpm.expand("%_specdir/gnutls.spec")
for i, p in ipairs(patches) do
files = files.." "..p
end
for i, p in ipairs(sources) do
files = files.." "..p
end
local sha256sum = assert(io.popen("cat "..files.."| sha256sum"))
local hash = sha256sum:read("*a")
sha256sum:close()
print(string.sub(hash, 0, 16))
}
Version: 3.7.7 Version: 3.7.7
Release: %{?autorelease}%{!?autorelease:1%{?dist}} Release: %{?autorelease}%{!?autorelease:1%{?dist}}
Patch1: gnutls-3.6.7-no-now-guile.patch Patch: gnutls-3.6.7-no-now-guile.patch
Patch2: gnutls-3.2.7-rpath.patch Patch: gnutls-3.2.7-rpath.patch
Patch3: gnutls-3.7.7-fix-ktls.patch Patch: gnutls-3.7.7-fix-ktls.patch
%bcond_without bootstrap %bcond_without bootstrap
%bcond_without dane %bcond_without dane
@ -15,14 +28,20 @@ Patch3: gnutls-3.7.7-fix-ktls.patch
%bcond_without fips %bcond_without fips
%endif %endif
%bcond_with tpm12 %bcond_with tpm12
%bcond_without tpm2
%bcond_without gost %bcond_without gost
%bcond_with certificate_compression
%bcond_without tests
Summary: A TLS protocol implementation Summary: A TLS protocol implementation
Name: gnutls Name: gnutls
# The libraries are LGPLv2.1+, utilities are GPLv3+ # The libraries are LGPLv2.1+, utilities are GPLv3+
License: GPLv3+ and LGPLv2+ License: GPLv3+ and LGPLv2+
BuildRequires: p11-kit-devel >= 0.21.3, gettext-devel BuildRequires: p11-kit-devel >= 0.21.3, gettext-devel
BuildRequires: zlib-devel, readline-devel, libtasn1-devel >= 4.3 BuildRequires: readline-devel, libtasn1-devel >= 4.3
%if %{with certificate_compression}
BuildRequires: zlib-devel, brotli-devel, libzstd-devel
%endif
%if %{with bootstrap} %if %{with bootstrap}
BuildRequires: automake, autoconf, gperf, libtool, texinfo BuildRequires: automake, autoconf, gperf, libtool, texinfo
%endif %endif
@ -30,10 +49,14 @@ BuildRequires: nettle-devel >= 3.5.1
%if %{with tpm12} %if %{with tpm12}
BuildRequires: trousers-devel >= 0.3.11.2 BuildRequires: trousers-devel >= 0.3.11.2
%endif %endif
%if %{with tpm2}
BuildRequires: tpm2-tss-devel >= 3.0.3
%endif
BuildRequires: libidn2-devel BuildRequires: libidn2-devel
BuildRequires: libunistring-devel BuildRequires: libunistring-devel
BuildRequires: net-tools, datefudge, softhsm, gcc, gcc-c++ BuildRequires: net-tools, datefudge, softhsm, gcc, gcc-c++
BuildRequires: gnupg2 BuildRequires: gnupg2
BuildRequires: git-core
# for a sanity check on cert loading # for a sanity check on cert loading
BuildRequires: p11-kit-trust, ca-certificates BuildRequires: p11-kit-trust, ca-certificates
@ -149,11 +172,17 @@ This package contains Guile bindings for the library.
%endif %endif
%prep %prep
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' # Workaround: to allow building the package under FIPS, do not treat
# errors in the GPG check as fatal, where EdDSA signature verification
# is not allowed:
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' || :
%autosetup -p1 -S git
%build
%define _lto_cflags %{nil}
%autosetup -p1
%if %{with bootstrap} %if %{with bootstrap}
rm -f src/libopts/*.c src/libopts/*.h src/libopts/compat/*.c src/libopts/compat/*.h
autoreconf -fi autoreconf -fi
%endif %endif
@ -162,12 +191,6 @@ rm -f lib/minitasn1/*.c lib/minitasn1/*.h
echo "SYSTEM=NORMAL" >> tests/system.prio echo "SYSTEM=NORMAL" >> tests/system.prio
# Note that we explicitly enable SHA1, as SHA1 deprecation is handled
# via the crypto policies
%build
%define _lto_cflags %{nil}
CCASFLAGS="$CCASFLAGS -Wa,--generate-missing-build-notes=yes" CCASFLAGS="$CCASFLAGS -Wa,--generate-missing-build-notes=yes"
export CCASFLAGS export CCASFLAGS
@ -180,9 +203,16 @@ GUILD=%{_bindir}/guild2.2
export GUILD export GUILD
%endif %endif
%if %{with fips}
eval $(sed -n 's/^\(\(NAME\|VERSION_ID\)=.*\)/OS_\1/p' /etc/os-release)
export FIPS_MODULE_NAME="$OS_NAME ${OS_VERSION_ID%%.*} %name"
%endif
%configure \ %configure \
%if %{with fips} %if %{with fips}
--enable-fips140-mode \ --enable-fips140-mode \
--with-fips140-module-name="$FIPS_MODULE_NAME" \
--with-fips140-module-version=%{version}-%{srpmhash} \
%endif %endif
%if %{with gost} %if %{with gost}
--enable-gost \ --enable-gost \
@ -200,6 +230,12 @@ export GUILD
%else %else
--without-tpm \ --without-tpm \
%endif %endif
%if %{with tpm2}
--with-tpm2 \
%else
--without-tpm2 \
%endif
--enable-ktls \
--htmldir=%{_docdir}/manual \ --htmldir=%{_docdir}/manual \
%if %{with guile} %if %{with guile}
--enable-guile \ --enable-guile \
@ -212,10 +248,14 @@ export GUILD
--enable-libdane \ --enable-libdane \
%else %else
--disable-libdane \ --disable-libdane \
%endif
%if %{with certificate_compression}
--with-zlib --with-brotli --with-zstd \
%else
--without-zlib --without-brotli --without-zstd \
%endif %endif
--disable-rpath \ --disable-rpath \
--with-default-priority-string="@SYSTEM" \ --with-default-priority-string="@SYSTEM"
--enable-ktls
make %{?_smp_mflags} V=1 make %{?_smp_mflags} V=1
@ -249,7 +289,9 @@ sed -i "s^$RPM_BUILD_ROOT/usr^^" $RPM_BUILD_ROOT%{_libdir}/.gnutls.hmac
%find_lang gnutls %find_lang gnutls
%check %check
%if %{with tests}
make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null
%endif
%files -f gnutls.lang %files -f gnutls.lang
%{_libdir}/libgnutls.so.30* %{_libdir}/libgnutls.so.30*