Add virtual package to pull in nettle/gmp dependencies for FIPS
This adds a new subpackage `gnutls-fips` with strict version requirements to nettle and gmp under FIPS, as gnutls now calculates library integrity (HMAC) over those libraries. Related: RHEL-35857 Signed-off-by: Daiki Ueno <dueno@redhat.com>
This commit is contained in:
parent
2ab069ca80
commit
e49ae825cb
31
gnutls.spec
31
gnutls.spec
@ -41,6 +41,13 @@ Patch: gnutls-3.7.8-ktls_skip_tls12_chachapoly_test.patch
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
|
||||||
|
%define fips_requires() %{lua:
|
||||||
|
local f = assert(io.popen("rpm -q --queryformat '%{EVR}' --whatprovides "..rpm.expand("'%1%{?_isa}'")))
|
||||||
|
local v = f:read("*all")
|
||||||
|
f:close()
|
||||||
|
print("Requires: "..rpm.expand("%1%{?_isa}").." = "..v.."\\n")
|
||||||
|
}
|
||||||
|
|
||||||
Summary: A TLS protocol implementation
|
Summary: A TLS protocol implementation
|
||||||
Name: gnutls
|
Name: gnutls
|
||||||
# The libraries are LGPLv2.1+, utilities are GPLv3+
|
# The libraries are LGPLv2.1+, utilities are GPLv3+
|
||||||
@ -71,6 +78,7 @@ BuildRequires: p11-kit-trust, ca-certificates
|
|||||||
Requires: crypto-policies
|
Requires: crypto-policies
|
||||||
Requires: p11-kit-trust
|
Requires: p11-kit-trust
|
||||||
Requires: libtasn1 >= 4.3
|
Requires: libtasn1 >= 4.3
|
||||||
|
# always bump when a nettle release is packaged
|
||||||
Requires: nettle >= 3.9.1
|
Requires: nettle >= 3.9.1
|
||||||
%if %{with tpm12}
|
%if %{with tpm12}
|
||||||
Recommends: trousers >= 0.3.11.2
|
Recommends: trousers >= 0.3.11.2
|
||||||
@ -136,6 +144,14 @@ Summary: A DANE protocol implementation for GnuTLS
|
|||||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
%if %{with fips}
|
||||||
|
%package fips
|
||||||
|
Summary: Virtual package to install packages required to use %{name} under FIPS mode
|
||||||
|
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||||
|
%{fips_requires nettle}
|
||||||
|
%{fips_requires gmp}
|
||||||
|
%endif
|
||||||
|
|
||||||
%description
|
%description
|
||||||
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
|
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
|
||||||
protocols and technologies around them. It provides a simple C language
|
protocols and technologies around them. It provides a simple C language
|
||||||
@ -179,6 +195,17 @@ This package contains library that implements the DANE protocol for verifying
|
|||||||
TLS certificates through DNSSEC.
|
TLS certificates through DNSSEC.
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
%if %{with fips}
|
||||||
|
%description fips
|
||||||
|
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
|
||||||
|
protocols and technologies around them. It provides a simple C language
|
||||||
|
application programming interface (API) to access the secure communications
|
||||||
|
protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and
|
||||||
|
other required structures.
|
||||||
|
This package does not contain any file, but installs required packages
|
||||||
|
to use GnuTLS under FIPS mode.
|
||||||
|
%endif
|
||||||
|
|
||||||
%if %{with mingw}
|
%if %{with mingw}
|
||||||
%package -n mingw32-%{name}
|
%package -n mingw32-%{name}
|
||||||
Summary: MinGW GnuTLS TLS/SSL encryption library
|
Summary: MinGW GnuTLS TLS/SSL encryption library
|
||||||
@ -433,6 +460,10 @@ popd
|
|||||||
%{_libdir}/libgnutls-dane.so.*
|
%{_libdir}/libgnutls-dane.so.*
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
%if %{with fips}
|
||||||
|
%files fips
|
||||||
|
%endif
|
||||||
|
|
||||||
%if %{with mingw}
|
%if %{with mingw}
|
||||||
%files -n mingw32-%{name}
|
%files -n mingw32-%{name}
|
||||||
%license LICENSE doc/COPYING doc/COPYING.LESSER
|
%license LICENSE doc/COPYING doc/COPYING.LESSER
|
||||||
|
Loading…
Reference in New Issue
Block a user