- updated to 4.0.0

2022-01-18 13:13:32 +00:00 · 2022-01-18 13:13:32 +00:00 · f552792404
parent 1511303a73
commit f552792404
5 changed files with 37 additions and 96 deletions
--- a/libica-3.8.0-configure.patch
+++ b/libica-3.8.0-configure.patch
@ -1,67 +0,0 @@
-From a70dfe13b7dd2914ad29175ae026284bd5461e0e Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
-Date: Mon, 24 May 2021 12:21:55 +0000
-Subject: [PATCH] fix handling of --disable-foo options
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Currently passing eg. --disable-debug actually enables the debug build
-as one would expect from --enable-debug. The fix is to omit setting the
-enable_foo variable as the "action-if-given" parameter of AC_ARG_ENABLE,
-because it handles both the --enable and --disable forms.
-
-Signed-off-by: Dan Horák <dan@danny.cz>
---
- configure.ac | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index ae6370c..9dc4786 100644
--- a/configure.ac
-+++ b/configure.ac
-@@ -35,7 +35,7 @@ FLAGS="-Wall -Wextra -mzarch"
- dnl --- enable_debug
- AC_ARG_ENABLE(debug,
-               [  --enable-debug          turn on debugging flags],
-              [enable_debug="yes"],[enable_debug="no"])
-+              [],[enable_debug="no"])
- AM_CONDITIONAL(DEBUG, test x$enable_debug = xyes)
- 
- if test "x$enable_debug" = xyes; then
-@@ -46,7 +46,7 @@ fi
- dnl --- enable_coverage
- AC_ARG_ENABLE(coverage,
-               [  --enable-coverage       turn on coverage testing],
-              [enable_coverage="yes"],[enable_coverage="no"])
-+              [],[enable_coverage="no"])
- AM_CONDITIONAL(COVERAGE, test x$enable_coverage = xyes)
- 
- if test "x$enable_coverage" = xyes; then
-@@ -57,7 +57,7 @@ fi
- dnl --- enable_fips
- AC_ARG_ENABLE(fips,
-               [  --enable-fips           built with FIPS mode support],
-              [enable_fips="yes"],[enable_fips="no"])
-+              [],[enable_fips="no"])
- AM_CONDITIONAL(ICA_FIPS, test x$enable_fips = xyes)
- 
- if test "x$enable_fips" = xyes; then
-@@ -74,7 +74,7 @@ fi
- dnl --- enable_sanitizer
- AC_ARG_ENABLE(sanitizer,
-               [  --enable-sanitizer      turn on sanitizer (may not work on all systems)],
-              [enable_sanitizer="yes"],[enable_sanitizer="no"])
-+              [],[enable_sanitizer="no"])
- AM_CONDITIONAL(SANITIZER, test x$enable_sanitizer = xyes)
- 
- if test "x$enable_sanitizer" = xyes; then
-@@ -86,7 +86,7 @@ fi
- dnl --- enable_internal tests
- AC_ARG_ENABLE(internal_tests,
-               [  --enable-internal-tests built internal tests],
-              [enable_internal_tests="yes"],[enable_internal_tests="no"])
-+              [],[enable_internal_tests="no"])
- AM_CONDITIONAL(ICA_INTERNAL_TESTS, test x$enable_internal_tests = xyes)
- 
- if test "x$enable_internal_tests" = xyes; then
--- a/libica-4.0.0-annotate.patch
+++ b/libica-4.0.0-annotate.patch
@ -1,4 +1,4 @@
-From 0e4592f46c6c4a94eef66257af423d57c73af134 Mon Sep 17 00:00:00 2001
+From daad2a867cff48a7c4322716917d63538b083284 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
 Date: Tue, 25 Sep 2018 13:44:32 +0200
 Subject: [libica PATCH] add build note to assembler sources
@ -25,10 +25,10 @@ Signed-off-by: Dan Horák <dan@danny.cz>
 3 files changed, 7 insertions(+), 3 deletions(-)

 diff --git a/configure.ac b/configure.ac
-index ae6370c..bc2fff4 100644
+index 958371c..b8d0e42 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -99,12 +99,16 @@ if test "x$enable_coverage" = xno && test "x$enable_debug" = xno && test "x$enab
+@@ -113,12 +113,16 @@ if test "x$enable_coverage" = xno && test "x$enable_debug" = xno && test "x$enab
 	FLAGS="$FLAGS -O3 -D_FORTIFY_SOURCE=2"
 fi
 
@ -46,7 +46,7 @@ index ae6370c..bc2fff4 100644
 AC_OUTPUT
 
 diff --git a/libica.spec b/libica.spec
-index 812b73d..3461b65 100644
+index d71890a..e51430e 100644
 --- a/libica.spec
 +++ b/libica.spec
@@ -9,7 +9,7 @@ URL:           https://github.com/opencryptoki/libica
@ -59,10 +59,10 @@ index 812b73d..3461b65 100644
 %description
 Interface library on Linux for IBM System z to utilize CPACF
 diff --git a/src/Makefile.am b/src/Makefile.am
-index 4a1ef14..d6f7f7f 100644
+index c630048..1b5ec71 100644
 --- a/src/Makefile.am
 +++ b/src/Makefile.am
-@@ -30,13 +30,13 @@ SOURCES_common = ica_api.c init.c icastats_shared.c s390_rsa.c \
+@@ -31,13 +31,13 @@ SOURCES_common = ica_api.c init.c icastats_shared.c s390_rsa.c \
 		    include/rng.h
 
 libica_la_CFLAGS = ${CFLAGS_common} -DLIBNAME=\"libica\"
@ -72,12 +72,12 @@ index 4a1ef14..d6f7f7f 100644
 libica_la_LDFLAGS = ${LDFLAGS_common}
 libica_la_SOURCES = ${SOURCES_common}
 
- libica_cex_la_CFLAGS = ${CFLAGS_common} -DNO_CPACF -DNO_SW_FALLBACKS -DLIBNAME=\"libica-cex\"
+ libica_cex_la_CFLAGS = ${CFLAGS_common} -DNO_CPACF -DLIBNAME=\"libica-cex\"
 -libica_cex_la_CCASFLAGS = ${AM_CFLAGS}
 +libica_cex_la_CCASFLAGS = ${AM_CFLAGS} ${ICA_ASFLAGS}
 libica_cex_la_LIBADD = ${LIBS_common}
 libica_cex_la_LDFLAGS = ${LDFLAGS_common}
 libica_cex_la_SOURCES = ${SOURCES_common}
 -- 
-2.26.3
+2.31.1

--- a/libica-4.0.0-hmac.patch
+++ b/libica-4.0.0-hmac.patch
@ -1,12 +1,14 @@
-From da198ddc689ee877e2fe9724a5f0252ffca5265c Mon Sep 17 00:00:00 2001
+From 7e6e303e6aef019047eb6dfcdedbfe7da2a88526 Mon Sep 17 00:00:00 2001
 From: Joerg Schmidbauer <jschmidb@de.ibm.com>
-Date: Wed, 2 Jun 2021 09:40:47 +0200
+Date: Tue, 11 Jan 2022 16:04:15 +0100
 Subject: [PATCH] Compute HMAC from installed library

 The HMAC hash was computed from the libica in the build tree, but
 the runtime check is run against the installed libica and those 2
-files were different. The runtime one has debuginfo stripped
-(and placed into a separate file), thus the hashes are different.
+files may be different. E.g. if the runtime one has debuginfo stripped
+(and placed into a separate file), the hashes are different.
+This commit introduces a new make target: fipsinstall, which creates
+the HMAC files in the install directory.

 Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
 ---
@ -15,7 +17,7 @@ Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
 2 files changed, 11 insertions(+), 6 deletions(-)

 diff --git a/Makefile.am b/Makefile.am
-index c86cdd3..55de3b2 100644
+index 2d8ab9e..e14abb5 100644
 --- a/Makefile.am
 +++ b/Makefile.am
@@ -17,11 +17,8 @@ coverage: check
@ -29,20 +31,20 @@ index c86cdd3..55de3b2 100644
 -	cd $(DESTDIR)$(libdir) && ln -sf .libica-cex.so.$(VERSION).hmac .libica-cex.so.$(MAJOR).hmac
 +fipsinstall:
 +	 $(AM_V_GEN)$(MAKE) -C src fipsinstall
- 
- uninstall-hook:
- 	rm -f $(DESTDIR)$(libdir)/.libica.so.$(MAJOR).hmac
-@@ -30,3 +27,5 @@ uninstall-hook:
- 	rm -f $(DESTDIR)$(libdir)/.libica-cex.so.$(VERSION).hmac
+ if ICA_OPENSSL3
+ 	test -f $(DESTDIR)$(sysconfdir)/libica || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/libica
+ 	test -f $(DESTDIR)$(sysconfdir)/libica/openssl3-fips.cnf || $(INSTALL) -m 644 ${top_builddir}/src/openssl3-fips.cnf $(DESTDIR)$(sysconfdir)/libica/openssl3-fips.cnf || true
+@@ -38,3 +35,5 @@ if ICA_OPENSSL3
+ endif
 endif
 
 +.PHONY: fipsinstall
 +
 diff --git a/src/Makefile.am b/src/Makefile.am
-index 4a1ef14..5367d49 100644
+index c630048..4c92c96 100644
 --- a/src/Makefile.am
 +++ b/src/Makefile.am
-@@ -46,6 +46,12 @@ mp.S	: mp.pl
+@@ -47,6 +47,12 @@ mp.S	: mp.pl
 	./mp.pl mp.S
 
 if ICA_FIPS
@ -55,12 +57,12 @@ index 4a1ef14..5367d49 100644
 hmac-file-lnk: hmac-file
 	$(AM_V_GEN) cd ${top_builddir}/src/.libs && ln -sf .libica.so.$(VERSION1).hmac .libica.so.$(MAJOR).hmac
 	$(AM_V_GEN) cd ${top_builddir}/src/.libs && ln -sf .libica-cex.so.$(VERSION1).hmac .libica-cex.so.$(MAJOR).hmac
-@@ -108,4 +114,4 @@ internal_tests_ec_internal_test_SOURCES = \
+@@ -110,4 +116,4 @@ internal_tests_ec_internal_test_SOURCES = \
 		    include/rng.h ../test/testcase.h
 endif
 
 -.PHONY: hmac-file hmac-file-lnk
 +.PHONY: hmac-file hmac-file-lnk fipsinstall
 -- 
-2.29.2.windows.2
+2.34.1

--- a/libica.spec
+++ b/libica.spec
@ -2,19 +2,17 @@

 Summary: Library for accessing ICA hardware crypto on IBM z Systems
 Name: libica
-Version: 3.8.0
-Release: 5%{?dist}
+Version: 4.0.0
+Release: 1%{?dist}
 License: CPL
 URL: https://github.com/opencryptoki/
 Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
 # annotate assembler source
 # https://bugzilla.redhat.com/show_bug.cgi?id=1630582
 # https://github.com/opencryptoki/libica/pull/24
-Patch0: %{name}-3.8.0-annotate.patch
-# https://github.com/opencryptoki/libica/commit/a70dfe13b7dd2914ad29175ae026284bd5461e0e
-Patch1: %{name}-3.8.0-configure.patch
+Patch0: %{name}-4.0.0-annotate.patch
 # https://github.com/opencryptoki/libica/issues/62
-Patch2: %{name}-3.8.0-hmac.patch
+Patch1: %{name}-4.0.0-hmac.patch
 BuildRequires: gcc
 BuildRequires: openssl-devel
 BuildRequires: openssl
@ -87,6 +85,11 @@ fi
 %{_bindir}/icainfo-cex
 %{_bindir}/icastats
 %if %{with_fips}
+%if 0%{?fedora} >= 36
+# openssl 3.0 is available since Fedora 36
+%dir %{_sysconfdir}/libica
+%{_sysconfdir}/libica/openssl3-fips.cnf
+%endif
 %{_libdir}/.libica.*.hmac
 %{_libdir}/.libica-cex.*.hmac
 %endif
@ -103,6 +106,9 @@ fi


 %changelog
+* Thu Jan 13 2022 Dan Horák <dan[at]danny.cz> - 4.0.0-1
+- updated to 4.0.0
+
 * Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.8.0-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild

--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (libica-3.8.0.tar.gz) = 18441420c5a8a6b79151146c982f6fac4b346f8dfd60c17aee488fc982509281754ae8e81636a653cc094f4e34c007dab2e764f16b6fef022a584ce9110c6994
+SHA512 (libica-4.0.0.tar.gz) = ce950ce591d023b93bf8acbec4ef9eefbf2e3f4fc22a289ebb8d93d180655bb79e433c245d00d4a94828deaefd586bfd96907c55a88fcec86aef3eddfb0687b9