303 lines
8.9 KiB
RPMSpec
303 lines
8.9 KiB
RPMSpec
Name: libgcrypt
|
|
Version: 1.4.4
|
|
Release: 6%{?dist}
|
|
Source0: libgcrypt-%{version}-hobbled.tar.bz2
|
|
# The original libgcrypt sources now contain potentially patented ECC
|
|
# cipher support. We have to remove it in the tarball we ship with
|
|
# the hobble-libgcrypt script.
|
|
#Source0: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2
|
|
#Source1: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2.sig
|
|
Source2: wk@g10code.com
|
|
Source3: hobble-libgcrypt
|
|
Patch1: libgcrypt-1.4.4-fips-no-access.patch
|
|
Patch2: libgcrypt-1.4.4-use-fipscheck.patch
|
|
Patch3: libgcrypt-1.4.4-padlock.patch
|
|
|
|
# Technically LGPLv2.1+, but Fedora's table doesn't draw a distinction.
|
|
License: LGPLv2+
|
|
Summary: A general-purpose cryptography library
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-root
|
|
BuildRequires: gawk, libgpg-error-devel >= 1.4, pkgconfig
|
|
BuildRequires: fipscheck
|
|
Group: System Environment/Libraries
|
|
|
|
%package devel
|
|
Summary: Development files for the %{name} package.
|
|
Group: Development/Libraries
|
|
PreReq: /sbin/install-info
|
|
Requires: libgpg-error-devel
|
|
Requires: %{name} = %{version}-%{release}
|
|
|
|
%description
|
|
Libgcrypt is a general purpose crypto library based on the code used
|
|
in GNU Privacy Guard. This is a development version.
|
|
|
|
%description devel
|
|
Libgcrypt is a general purpose crypto library based on the code used
|
|
in GNU Privacy Guard. This package contains files needed to develop
|
|
applications using libgcrypt.
|
|
|
|
%prep
|
|
%setup -q
|
|
%{SOURCE3}
|
|
%patch1 -p1 -b .no-access
|
|
%patch2 -p1 -b .use-fipscheck
|
|
%patch3 -p1 -b .padlock
|
|
|
|
%build
|
|
%configure --disable-static \
|
|
%ifarch sparc64
|
|
--disable-asm \
|
|
%endif
|
|
--enable-noexecstack \
|
|
--enable-hmac-binary-check \
|
|
--enable-pubkey-ciphers='dsa elgamal rsa'
|
|
make %{?_smp_mflags}
|
|
|
|
%check
|
|
fipshmac src/.libs/libgcrypt.so.??
|
|
make check
|
|
|
|
# Add generation of HMAC checksums of the final stripped binaries
|
|
%define __spec_install_post \
|
|
%{?__debug_package:%{__debug_install_post}} \
|
|
%{__arch_install_post} \
|
|
%{__os_install_post} \
|
|
fipshmac $RPM_BUILD_ROOT/%{_lib}/*.so.?? \
|
|
%{nil}
|
|
|
|
%install
|
|
rm -fr $RPM_BUILD_ROOT
|
|
%makeinstall
|
|
|
|
# Change /usr/lib64 back to /usr/lib. This saves us from having to patch the
|
|
# script to "know" that -L/usr/lib64 should be suppressed, and also removes
|
|
# a file conflict between 32- and 64-bit versions of this package.
|
|
sed -i -e 's,^libdir="/usr/lib.*"$,libdir="/usr/lib",g' $RPM_BUILD_ROOT/%{_bindir}/libgcrypt-config
|
|
|
|
rm -f ${RPM_BUILD_ROOT}/%{_infodir}/dir ${RPM_BUILD_ROOT}/%{_libdir}/*.la
|
|
/sbin/ldconfig -n $RPM_BUILD_ROOT/%{_libdir}
|
|
|
|
# Relocate the shared libraries to /%{_lib}.
|
|
mkdir -p $RPM_BUILD_ROOT/%{_lib}
|
|
for shlib in $RPM_BUILD_ROOT/%{_libdir}/*.so* ; do
|
|
if test -L "$shlib" ; then
|
|
rm "$shlib"
|
|
else
|
|
mv "$shlib" $RPM_BUILD_ROOT/%{_lib}/
|
|
fi
|
|
done
|
|
|
|
# Figure out where /%{_lib} is relative to %{_libdir}.
|
|
touch $RPM_BUILD_ROOT/root_marker
|
|
relroot=..
|
|
while ! test -f $RPM_BUILD_ROOT/%{_libdir}/$relroot/root_marker ; do
|
|
relroot=$relroot/..
|
|
done
|
|
|
|
# Overwrite development symlinks.
|
|
pushd $RPM_BUILD_ROOT/%{_libdir}
|
|
for shlib in $relroot/%{_lib}/lib*.so.* ; do
|
|
shlib=`echo "$shlib" | sed -e 's,//,/,g'`
|
|
target=`basename "$shlib" | sed -e 's,\.so.*,,g'`.so
|
|
ln -sf $shlib $target
|
|
done
|
|
popd
|
|
|
|
# Add soname symlink.
|
|
/sbin/ldconfig -n $RPM_BUILD_ROOT/%{_lib}/
|
|
rm -f $RPM_BUILD_ROOT/root_marker
|
|
|
|
# Create /etc/gcrypt (hardwired, not dependent on the configure invocation) so
|
|
# that _someone_ owns it.
|
|
mkdir -p -m 755 $RPM_BUILD_ROOT/etc/gcrypt
|
|
|
|
%clean
|
|
rm -fr $RPM_BUILD_ROOT
|
|
|
|
%post -p /sbin/ldconfig
|
|
|
|
%postun -p /sbin/ldconfig
|
|
|
|
%post devel
|
|
/sbin/install-info %{_infodir}/gcrypt.info.gz %{_infodir}/dir
|
|
exit 0
|
|
|
|
%preun devel
|
|
if [ $1 = 0 ]; then
|
|
/sbin/install-info --delete %{_infodir}/gcrypt.info.gz %{_infodir}/dir
|
|
fi
|
|
exit 0
|
|
|
|
%files
|
|
%defattr(-,root,root)
|
|
%dir /etc/gcrypt
|
|
/%{_lib}/libgcrypt.so.*
|
|
/%{_lib}/.libgcrypt.so.*.hmac
|
|
|
|
%files devel
|
|
%defattr(-,root,root)
|
|
%{_bindir}/%{name}-config
|
|
%{_bindir}/dumpsexp
|
|
%{_bindir}/hmac256
|
|
%{_includedir}/*
|
|
%{_libdir}/*.so
|
|
%{_datadir}/aclocal/*
|
|
|
|
%{_infodir}/gcrypt.info*
|
|
|
|
%changelog
|
|
* Thu Jun 18 2009 Tomas Mraz <tmraz@redhat.com> 1.4.4-6
|
|
- and now really apply the padlock patch
|
|
|
|
* Wed Jun 17 2009 Tomas Mraz <tmraz@redhat.com> 1.4.4-5
|
|
- fix VIA padlock RNG inline assembly call (#505724)
|
|
|
|
* Thu Mar 5 2009 Tomas Mraz <tmraz@redhat.com> 1.4.4-4
|
|
- with the integrity verification check the library needs to link to libdl
|
|
(#488702)
|
|
|
|
* Tue Mar 3 2009 Tomas Mraz <tmraz@redhat.com> 1.4.4-3
|
|
- add hmac FIPS integrity verification check
|
|
|
|
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.4-2
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
|
|
|
|
* Fri Jan 30 2009 Tomas Mraz <tmraz@redhat.com> 1.4.4-1
|
|
- update to 1.4.4
|
|
- do not abort when the fips mode kernel flag is inaccessible
|
|
due to permissions (#470219)
|
|
- hobble the library to drop the ECC support
|
|
|
|
* Mon Oct 20 2008 Dennis Gilmore <dennis@ausil.us> 1.4.3-2
|
|
- disable asm on sparc64
|
|
|
|
* Thu Sep 18 2008 Nalin Dahyabhai <nalin@redhat.com> 1.4.3-1
|
|
- update to 1.4.3
|
|
- own /etc/gcrypt
|
|
|
|
* Mon Sep 15 2008 Nalin Dahyabhai <nalin@redhat.com>
|
|
- invoke make with %%{?_smp_mflags} to build faster on multi-processor
|
|
systems (Steve Grubb)
|
|
|
|
* Mon Sep 8 2008 Nalin Dahyabhai <nalin@redhat.com> 1.4.2-1
|
|
- update to 1.4.2
|
|
|
|
* Tue Apr 29 2008 Nalin Dahyabhai <nalin@redhat.com> 1.4.1-1
|
|
- update to 1.4.1
|
|
- bump libgpgerror-devel requirement to 1.4, matching the requirement enforced
|
|
by the configure script
|
|
|
|
* Thu Apr 3 2008 Joe Orton <jorton@redhat.com> 1.4.0-3
|
|
- add patch from upstream to fix severe performance regression
|
|
in entropy gathering
|
|
|
|
* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 1.4.0-2
|
|
- Autorebuild for GCC 4.3
|
|
|
|
* Mon Dec 10 2007 Nalin Dahyabhai <nalin@redhat.com> - 1.4.0-1
|
|
- update to 1.4.0
|
|
|
|
* Tue Oct 16 2007 Nalin Dahyabhai <nalin@redhat.com> - 1.2.4-6
|
|
- use ldconfig to build the soname symlink for packaging along with the
|
|
shared library (#334731)
|
|
|
|
* Wed Aug 22 2007 Nalin Dahyabhai <nalin@redhat.com> - 1.2.4-5
|
|
- add missing gawk buildrequirement
|
|
- switch from explicitly specifying the /dev/random RNG to just verifying
|
|
that the non-LGPL ones were disabled by the configure script
|
|
|
|
* Thu Aug 16 2007 Nalin Dahyabhai <nalin@redhat.com> - 1.2.4-4
|
|
- clarify license
|
|
- force use of the linux /dev/random RNG, to avoid accidentally falling back
|
|
to others which would affect the license of the resulting library
|
|
|
|
* Mon Jul 30 2007 Nalin Dahyabhai <nalin@redhat.com> - 1.2.4-3
|
|
- disable static libraries (part of #249815)
|
|
|
|
* Fri Jul 27 2007 Nalin Dahyabhai <nalin@redhat.com> - 1.2.4-2
|
|
- move libgcrypt shared library to /%{_lib} (#249815)
|
|
|
|
* Tue Feb 6 2007 Nalin Dahyabhai <nalin@redhat.com> - 1.2.4-1
|
|
- update to 1.2.4
|
|
|
|
* Mon Jan 22 2007 Nalin Dahyabhai <nalin@redhat.com> - 1.2.3-2
|
|
- make use of install-info more failsafe (Ville Skyttä, #223705)
|
|
|
|
* Fri Sep 1 2006 Nalin Dahyabhai <nalin@redhat.com> - 1.2.3-1
|
|
- update to 1.2.3
|
|
|
|
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 1.2.2-3.1
|
|
- rebuild
|
|
|
|
* Mon Jun 05 2006 Jesse Keating <jkeating@redhat.com> 1.2.2-3
|
|
- Added missing buildreq pkgconfig
|
|
|
|
* Tue May 16 2006 Nalin Dahyabhai <nalin@redhat.com> 1.2.2-2
|
|
- remove file conflicts in libgcrypt-config by making the 64-bit version
|
|
think the libraries are in /usr/lib (which is wrong, but which it also
|
|
prunes from the suggest --libs output, so no harm done, hopefully)
|
|
|
|
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.2.2-1.2.1
|
|
- bump again for double-long bug on ppc(64)
|
|
|
|
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 1.2.2-1.2
|
|
- rebuilt for new gcc4.1 snapshot and glibc changes
|
|
|
|
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
|
|
- rebuilt
|
|
|
|
* Wed Oct 5 2005 Nalin Dahyabhai <nalin@redhat.com> 1.2.2-1
|
|
- update to 1.2.2
|
|
|
|
* Wed Mar 16 2005 Nalin Dahyabhai <nalin@redhat.com> 1.2.1-1
|
|
- update to 1.2.1
|
|
|
|
* Fri Jul 30 2004 Florian La Roche <Florian.LaRoche@redhat.de>
|
|
- another try to package the symlink
|
|
|
|
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
|
|
- rebuilt
|
|
|
|
* Sun May 2 2004 Bill Nottingham <notting@redhat.com> - 1.2.0-1
|
|
- update to official 1.2.0
|
|
|
|
* Fri Apr 16 2004 Bill Nottingham <notting@redhat.com> - 1.1.94-1
|
|
- update to 1.1.94
|
|
|
|
* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
|
|
- rebuilt
|
|
|
|
* Sat Feb 21 2004 Florian La Roche <Florian.LaRoche@redhat.de>
|
|
- add symlinks to shared libs at compile time
|
|
|
|
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
|
|
- rebuilt
|
|
|
|
* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
|
|
- rebuilt
|
|
|
|
* Thu Mar 20 2003 Jeff Johnson <jbj@redhat.com> 1.1.12-1
|
|
- upgrade to 1.1.12 (beta).
|
|
|
|
* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
|
|
- automated rebuild
|
|
|
|
* Sun May 26 2002 Tim Powers <timp@redhat.com>
|
|
- automated rebuild
|
|
|
|
* Tue May 21 2002 Jeff Johnson <jbj@redhat.com>
|
|
- update to 1.1.7
|
|
- change license to LGPL.
|
|
- include splint annotations patch.
|
|
- install info pages.
|
|
|
|
* Tue Apr 2 2002 Nalin Dahyabhai <nalin@redhat.com> 1.1.6-1
|
|
- update to 1.1.6
|
|
|
|
* Thu Jan 10 2002 Nalin Dahyabhai <nalin@redhat.com> 1.1.5-1
|
|
- fix the Source tag so that it's a real URL
|
|
|
|
* Wed Dec 20 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
- initial package
|