Add bcond to statically link to GMP
In CentOS Stream 9 and RHEL 9, we link to libgmp statically to ensure zeroization of internally allocated memory areas according to FIPS 140-3. This ports the ability to Fedora, in a way it is configured with a `--with bundled_gmp` build conditional. Resolves: RHEL-35857 Signed-off-by: Daiki Ueno <dueno@redhat.com>
This commit is contained in:
parent
e49ae825cb
commit
c8d0a15246
33
gnutls.spec
33
gnutls.spec
@ -40,6 +40,12 @@ Patch: gnutls-3.7.8-ktls_skip_tls12_chachapoly_test.patch
|
|||||||
%bcond_with mingw
|
%bcond_with mingw
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
%if 0%{?rhel} >= 9 && %{with fips}
|
||||||
|
%bcond_without bundled_gmp
|
||||||
|
%else
|
||||||
|
%bcond_with bundled_gmp
|
||||||
|
%endif
|
||||||
|
|
||||||
|
|
||||||
%define fips_requires() %{lua:
|
%define fips_requires() %{lua:
|
||||||
local f = assert(io.popen("rpm -q --queryformat '%{EVR}' --whatprovides "..rpm.expand("'%1%{?_isa}'")))
|
local f = assert(io.popen("rpm -q --queryformat '%{EVR}' --whatprovides "..rpm.expand("'%1%{?_isa}'")))
|
||||||
@ -114,6 +120,12 @@ Source0: https://www.gnupg.org/ftp/gcrypt/gnutls/v%{short_version}/%{name}-%{ver
|
|||||||
Source1: https://www.gnupg.org/ftp/gcrypt/gnutls/v%{short_version}/%{name}-%{version}.tar.xz.sig
|
Source1: https://www.gnupg.org/ftp/gcrypt/gnutls/v%{short_version}/%{name}-%{version}.tar.xz.sig
|
||||||
Source2: https://gnutls.org/gnutls-release-keyring.gpg
|
Source2: https://gnutls.org/gnutls-release-keyring.gpg
|
||||||
|
|
||||||
|
%if %{with bundled_gmp}
|
||||||
|
Source100: gmp-6.2.1.tar.xz
|
||||||
|
# Taken from the main gmp package
|
||||||
|
Source101: gmp-6.2.1-intel-cet.patch
|
||||||
|
%endif
|
||||||
|
|
||||||
# Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174
|
# Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174
|
||||||
Provides: bundled(gnulib) = 20130424
|
Provides: bundled(gnulib) = 20130424
|
||||||
|
|
||||||
@ -149,8 +161,10 @@ Requires: %{name}%{?_isa} = %{version}-%{release}
|
|||||||
Summary: Virtual package to install packages required to use %{name} under FIPS mode
|
Summary: Virtual package to install packages required to use %{name} under FIPS mode
|
||||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||||
%{fips_requires nettle}
|
%{fips_requires nettle}
|
||||||
|
%if !%{with bundled_gmp}
|
||||||
%{fips_requires gmp}
|
%{fips_requires gmp}
|
||||||
%endif
|
%endif
|
||||||
|
%endif
|
||||||
|
|
||||||
%description
|
%description
|
||||||
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
|
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
|
||||||
@ -235,9 +249,28 @@ for MinGW.
|
|||||||
|
|
||||||
%autosetup -p1 -S git
|
%autosetup -p1 -S git
|
||||||
|
|
||||||
|
%if %{with bundled_gmp}
|
||||||
|
mkdir -p bundled_gmp
|
||||||
|
pushd bundled_gmp
|
||||||
|
tar --strip-components=1 -xf %{SOURCE100}
|
||||||
|
patch -p1 < %{SOURCE101}
|
||||||
|
popd
|
||||||
|
%endif
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%define _lto_cflags %{nil}
|
%define _lto_cflags %{nil}
|
||||||
|
|
||||||
|
%if %{with bundled_gmp}
|
||||||
|
pushd bundled_gmp
|
||||||
|
autoreconf -ifv
|
||||||
|
%configure --disable-cxx --disable-shared --enable-fat --with-pic
|
||||||
|
%make_build
|
||||||
|
popd
|
||||||
|
|
||||||
|
export GMP_CFLAGS="-I$PWD/bundled_gmp"
|
||||||
|
export GMP_LIBS="$PWD/bundled_gmp/.libs/libgmp.a"
|
||||||
|
%endif
|
||||||
|
|
||||||
%if %{with bootstrap}
|
%if %{with bootstrap}
|
||||||
autoreconf -fi
|
autoreconf -fi
|
||||||
%endif
|
%endif
|
||||||
|
Loading…
Reference in New Issue
Block a user