import libica-4.0.2-1.el8

This commit is contained in:
CentOS Sources 2022-11-08 01:55:16 -05:00 committed by Stepan Oksanichenko
parent 22dda75e00
commit febda2f2b2
6 changed files with 1607 additions and 78 deletions

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/libica-3.9.0.tar.gz
SOURCES/libica-4.0.2.tar.gz

View File

@ -1 +1 @@
98f9f376a8db6f58deab1e08987653170159fe41 SOURCES/libica-3.9.0.tar.gz
a9137e070966cefc5a2078893edc4693ee62088f SOURCES/libica-4.0.2.tar.gz

View File

@ -1,64 +0,0 @@
From da198ddc689ee877e2fe9724a5f0252ffca5265c Mon Sep 17 00:00:00 2001
From: Joerg Schmidbauer <jschmidb@de.ibm.com>
Date: Wed, 2 Jun 2021 09:40:47 +0200
Subject: [PATCH] Compute HMAC from installed library
The HMAC hash was computed from the libica in the build tree, but
the runtime check is run against the installed libica and those 2
files were different. The runtime one has debuginfo stripped
(and placed into a separate file), thus the hashes are different.
Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
---
Makefile.am | 9 ++++-----
src/Makefile.am | 8 +++++++-
2 files changed, 11 insertions(+), 6 deletions(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index 4a1ef14..5367d49 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -46,6 +46,12 @@ mp.S : mp.pl
./mp.pl mp.S
if ICA_FIPS
+fipsinstall:
+ $(AM_V_GEN) openssl dgst -sha256 -mac hmac -macopt hexkey:00000000 $(DESTDIR)$(libdir)/libica.so.$(VERSION1) | sed -e 's/^.* //' > $(DESTDIR)$(libdir)/.libica.so.$(VERSION1).hmac
+ $(AM_V_GEN) cd $(DESTDIR)$(libdir) && ln -s .libica.so.$(VERSION1).hmac .libica.so.$(MAJOR).hmac
+ $(AM_V_GEN) openssl dgst -sha256 -mac hmac -macopt hexkey:00000000 $(DESTDIR)$(libdir)/libica-cex.so.$(VERSION1) | sed -e 's/^.* //' > $(DESTDIR)$(libdir)/.libica-cex.so.$(VERSION1).hmac
+ $(AM_V_GEN) cd $(DESTDIR)$(libdir) && ln -s .libica-cex.so.$(VERSION1).hmac .libica-cex.so.$(MAJOR).hmac
+
hmac-file-lnk: hmac-file
$(AM_V_GEN) cd ${top_builddir}/src/.libs && ln -sf .libica.so.$(VERSION1).hmac .libica.so.$(MAJOR).hmac
$(AM_V_GEN) cd ${top_builddir}/src/.libs && ln -sf .libica-cex.so.$(VERSION1).hmac .libica-cex.so.$(MAJOR).hmac
@@ -108,4 +114,4 @@ internal_tests_ec_internal_test_SOURCES = \
include/rng.h ../test/testcase.h
endif
-.PHONY: hmac-file hmac-file-lnk
+.PHONY: hmac-file hmac-file-lnk fipsinstall
--
2.29.2.windows.2
diff -up libica-3.9.0/Makefile.am.orig libica-3.9.0/Makefile.am
--- libica-3.9.0/Makefile.am.orig 2022-02-08 09:50:48.320207446 +0100
+++ libica-3.9.0/Makefile.am 2022-02-08 09:51:25.945624410 +0100
@@ -17,11 +17,8 @@ coverage: check
cd ${top_builddir}/src && gcov .libs/*.gcda
if ICA_FIPS
-install-data-hook:
- $(INSTALL) -m 0444 ${top_builddir}/src/.libs/.libica.so.$(VERSION).hmac $(DESTDIR)$(libdir)
- cd $(DESTDIR)$(libdir) && ln -sf .libica.so.$(VERSION).hmac .libica.so.$(MAJOR).hmac
- $(INSTALL) -m 0444 ${top_builddir}/src/.libs/.libica-cex.so.$(VERSION).hmac $(DESTDIR)$(libdir)
- cd $(DESTDIR)$(libdir) && ln -sf .libica-cex.so.$(VERSION).hmac .libica-cex.so.$(MAJOR).hmac
+fipsinstall:
+ $(AM_V_GEN)$(MAKE) -C src fipsinstall
if ICA_OPENSSL3
test -f $(DESTDIR)$(sysconfdir)/libica || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/libica
test -f $(DESTDIR)$(sysconfdir)/libica/openssl3-fips.cnf || $(INSTALL) -m 644 ${top_builddir}/src/openssl3-fips.cnf $(DESTDIR)$(sysconfdir)/libica/openssl3-fips.cnf || true
@@ -38,3 +35,4 @@ if ICA_OPENSSL3
endif
endif
+.PHONY: fipsinstall

View File

@ -1,7 +1,7 @@
diff -up libica-3.8.0/src/Makefile.am.orig libica-3.8.0/src/Makefile.am
--- libica-3.8.0/src/Makefile.am.orig 2021-07-08 12:20:00.123572020 +0200
+++ libica-3.8.0/src/Makefile.am 2021-07-08 12:20:13.611929256 +0200
@@ -30,13 +30,13 @@ SOURCES_common = ica_api.c init.c icasta
diff -up libica-4.0.1/src/Makefile.am.orig libica-4.0.1/src/Makefile.am
--- libica-4.0.1/src/Makefile.am.orig 2022-03-22 13:13:36.186395805 +0100
+++ libica-4.0.1/src/Makefile.am 2022-03-22 13:13:55.224076905 +0100
@@ -31,13 +31,13 @@ SOURCES_common = ica_api.c init.c icasta
include/rng.h
libica_la_CFLAGS = ${CFLAGS_common} -DLIBNAME=\"libica\"
@ -11,7 +11,7 @@ diff -up libica-3.8.0/src/Makefile.am.orig libica-3.8.0/src/Makefile.am
libica_la_LDFLAGS = ${LDFLAGS_common}
libica_la_SOURCES = ${SOURCES_common}
libica_cex_la_CFLAGS = ${CFLAGS_common} -DNO_CPACF -DNO_SW_FALLBACKS -DLIBNAME=\"libica-cex\"
libica_cex_la_CFLAGS = ${CFLAGS_common} -DNO_CPACF -DLIBNAME=\"libica-cex\"
-libica_cex_la_CCASFLAGS = ${AM_CFLAGS}
+libica_cex_la_CCASFLAGS = ${AM_CFLAGS} -Wa,--generate-missing-build-notes=yes
libica_cex_la_LIBADD = ${LIBS_common}

File diff suppressed because it is too large Load Diff

View File

@ -1,8 +1,10 @@
%global with_fips 1
# workaround to keep ABI/soname stable at major version 3
%global fakeversion 3:99:1
Summary: Library for accessing ICA hardware crypto on IBM z Systems
Name: libica
Version: 3.9.0
Version: 4.0.2
Release: 1%{?dist}
License: CPL
Group: System Environment/Libraries
@ -10,9 +12,10 @@ URL: https://github.com/opencryptoki/
Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
# annotate assembler source
# https://bugzilla.redhat.com/show_bug.cgi?id=1630582
Patch0: %{name}-3.8.0-annotate.patch
# https://github.com/opencryptoki/libica/issues/62
Patch1: %{name}-3.9.0-hmac.patch
Patch0: %{name}-4.0.1-annotate.patch
# revert ABI to 3.x
# reverted commit 4a3a77232ee85cf9f4eb7ac2d366b613013b9048
Patch1: %{name}-4.0.1-revert-abi.patch
BuildRequires: gcc
BuildRequires: openssl
BuildRequires: openssl-devel
@ -51,11 +54,11 @@ sh ./bootstrap.sh
%else
--disable-fips
%endif
make %{?_smp_mflags}
make %{?_smp_mflags} VERSION=%{fakeversion}
%install
make install DESTDIR=$RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT VERSION=%{fakeversion}
rm %{buildroot}%{_libdir}/libica*.la
rm %{buildroot}%{_pkgdocdir}/{INSTALL,README.md}
@ -77,7 +80,7 @@ fi
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
%{__os_install_post} \
make fipsinstall DESTDIR=%{buildroot}
make fipsinstall DESTDIR=%{buildroot} VERSION=%{fakeversion}
%{nil}
%endif
@ -103,6 +106,14 @@ fi
%changelog
* Thu Jun 30 2022 Dan Horák <dhorak@redhat.com> - 4.0.2-1
- updated to 4.0.2 (#2101766)
- Resolves: #2101766
* Tue Mar 22 2022 Dan Horák <dhorak@redhat.com> - 4.0.1-1
- updated to 4.0.1 (#2043843)
- Resolves: #2043843 #2043904
* Tue Feb 08 2022 Dan Horák <dhorak@redhat.com> - 3.9.0-1
- updated to 3.9.0 (#1984972)
- Resolves: #1984972