RHEL 9.0.0 Alpha bootstrap
The content of this branch was automatically imported from Fedora ELN with the following as its source: https://src.fedoraproject.org/rpms/libkcapi#ba6b846bc343b2bab9fe27b664a4980d5a57c6f4
This commit is contained in:
parent
b6a8ac6521
commit
66e8475791
3
.gitignore
vendored
3
.gitignore
vendored
@ -0,0 +1,3 @@
|
|||||||
|
/libkcapi-*.tar.xz
|
||||||
|
/libkcapi-*.tar.xz.asc
|
||||||
|
/*.src.rpm
|
163
000-Kern-5.8-fix-MSG_MORE-usage.patch
Normal file
163
000-Kern-5.8-fix-MSG_MORE-usage.patch
Normal file
@ -0,0 +1,163 @@
|
|||||||
|
From b612c52c5ccf021d01e6c786db1a31a697f21d97 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Stephan Mueller <smueller@chronox.de>
|
||||||
|
Date: Thu, 13 Aug 2020 21:58:07 +0200
|
||||||
|
Subject: [PATCH] Kern 5.8: fix MSG_MORE usage
|
||||||
|
|
||||||
|
With kernel 5.8, a precise use of MSG_MORE is mandatory to support
|
||||||
|
a stream cipher approach (init -> update -> update -> ... -> final).
|
||||||
|
All but the last update operations must use MSG_MORE, the last update
|
||||||
|
operation must not use MSG_MORE.
|
||||||
|
|
||||||
|
Reported-by: Ondrej Mosnacek <omosnace@redhat.com>
|
||||||
|
Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
||||||
|
---
|
||||||
|
lib/kcapi-aead.c | 24 ++++++++++++++----------
|
||||||
|
lib/kcapi-kernel-if.c | 6 ++----
|
||||||
|
test/kcapi-main.c | 31 +++++++++++++++++--------------
|
||||||
|
3 files changed, 33 insertions(+), 28 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/kcapi-aead.c b/lib/kcapi-aead.c
|
||||||
|
index d241618..45a0bd7 100644
|
||||||
|
--- a/lib/kcapi-aead.c
|
||||||
|
+++ b/lib/kcapi-aead.c
|
||||||
|
@@ -210,13 +210,15 @@ _kcapi_aead_encrypt_aio_fallback(struct kcapi_handle *handle,
|
||||||
|
uint32_t iovlen, const uint8_t *iv)
|
||||||
|
{
|
||||||
|
uint32_t i;
|
||||||
|
- int32_t ret = kcapi_aead_stream_init_enc(handle, iv, NULL, 0);
|
||||||
|
-
|
||||||
|
- if (ret < 0)
|
||||||
|
- return ret;
|
||||||
|
+ int32_t ret = 0;
|
||||||
|
|
||||||
|
for (i = 0; i < iovlen; i++) {
|
||||||
|
- int rc = kcapi_aead_stream_update_last(handle, iniov, 1);
|
||||||
|
+ int rc = kcapi_aead_stream_init_enc(handle, iv, NULL, 0);
|
||||||
|
+
|
||||||
|
+ if (rc < 0)
|
||||||
|
+ return rc;
|
||||||
|
+
|
||||||
|
+ rc = kcapi_aead_stream_update_last(handle, iniov, 1);
|
||||||
|
if (rc < 0)
|
||||||
|
return rc;
|
||||||
|
|
||||||
|
@@ -271,13 +273,15 @@ _kcapi_aead_decrypt_aio_fallback(struct kcapi_handle *handle,
|
||||||
|
uint32_t iovlen, const uint8_t *iv)
|
||||||
|
{
|
||||||
|
uint32_t i;
|
||||||
|
- int32_t ret = kcapi_aead_stream_init_dec(handle, iv, NULL, 0);
|
||||||
|
-
|
||||||
|
- if (ret < 0)
|
||||||
|
- return ret;
|
||||||
|
+ int32_t ret = 0;
|
||||||
|
|
||||||
|
for (i = 0; i < iovlen; i++) {
|
||||||
|
- int rc = kcapi_aead_stream_update_last(handle, iniov, 1);
|
||||||
|
+ int rc = kcapi_aead_stream_init_dec(handle, iv, NULL, 0);
|
||||||
|
+
|
||||||
|
+ if (rc < 0)
|
||||||
|
+ return rc;
|
||||||
|
+
|
||||||
|
+ rc = kcapi_aead_stream_update_last(handle, iniov, 1);
|
||||||
|
if (rc < 0)
|
||||||
|
return rc;
|
||||||
|
|
||||||
|
diff --git a/lib/kcapi-kernel-if.c b/lib/kcapi-kernel-if.c
|
||||||
|
index bea994f..42cf1ad 100644
|
||||||
|
--- a/lib/kcapi-kernel-if.c
|
||||||
|
+++ b/lib/kcapi-kernel-if.c
|
||||||
|
@@ -439,8 +439,7 @@ int _kcapi_aio_send_iov(struct kcapi_handle *handle, struct iovec *iov,
|
||||||
|
if (0 > ret)
|
||||||
|
return ret;
|
||||||
|
} else {
|
||||||
|
- ret = _kcapi_common_send_meta(handle, NULL, 0, enc,
|
||||||
|
- len ? MSG_MORE : 0);
|
||||||
|
+ ret = _kcapi_common_send_meta(handle, NULL, 0, enc, MSG_MORE);
|
||||||
|
if (0 > ret)
|
||||||
|
return ret;
|
||||||
|
ret = _kcapi_common_vmsplice_iov(handle, iov, iovlen, 0);
|
||||||
|
@@ -1246,8 +1245,7 @@ int32_t _kcapi_cipher_crypt(struct kcapi_handle *handle, const uint8_t *in,
|
||||||
|
if (0 > ret)
|
||||||
|
return ret;
|
||||||
|
} else {
|
||||||
|
- ret = _kcapi_common_send_meta(handle, NULL, 0, enc,
|
||||||
|
- inlen ? MSG_MORE : 0);
|
||||||
|
+ ret = _kcapi_common_send_meta(handle, NULL, 0, enc, MSG_MORE);
|
||||||
|
if (0 > ret)
|
||||||
|
return ret;
|
||||||
|
ret = _kcapi_common_vmsplice_chunk(handle, in, inlen, 0);
|
||||||
|
diff --git a/test/kcapi-main.c b/test/kcapi-main.c
|
||||||
|
index 51f6ec7..64e466c 100644
|
||||||
|
--- a/test/kcapi-main.c
|
||||||
|
+++ b/test/kcapi-main.c
|
||||||
|
@@ -846,7 +846,7 @@ static int cavs_sym(struct kcapi_cavs *cavs_test, uint32_t loops,
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
- for(i = 0; i < loops; i++) {
|
||||||
|
+ for (i = 0; i < loops; i++) {
|
||||||
|
_get_time(&begin);
|
||||||
|
if (cavs_test->enc) {
|
||||||
|
ret = kcapi_cipher_encrypt(handle,
|
||||||
|
@@ -886,7 +886,7 @@ static int cavs_sym(struct kcapi_cavs *cavs_test, uint32_t loops,
|
||||||
|
}
|
||||||
|
|
||||||
|
static void mt_sym_writer(struct kcapi_handle *handle, struct iovec *iov,
|
||||||
|
- int forking)
|
||||||
|
+ int forking, int last)
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
@@ -899,7 +899,10 @@ static void mt_sym_writer(struct kcapi_handle *handle, struct iovec *iov,
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
- ret = kcapi_cipher_stream_update_last(handle, iov, 1);
|
||||||
|
+ if (last)
|
||||||
|
+ ret = kcapi_cipher_stream_update_last(handle, iov, 1);
|
||||||
|
+ else
|
||||||
|
+ ret = kcapi_cipher_stream_update(handle, iov, 1);
|
||||||
|
if (0 > ret)
|
||||||
|
printf("Sending of data failed\n");
|
||||||
|
|
||||||
|
@@ -1004,7 +1007,7 @@ static int cavs_sym_stream(struct kcapi_cavs *cavs_test, uint32_t loops,
|
||||||
|
iov.iov_len = cavs_test->ctlen;
|
||||||
|
}
|
||||||
|
|
||||||
|
- mt_sym_writer(handle_ptr, &iov, forking);
|
||||||
|
+ mt_sym_writer(handle_ptr, &iov, forking, i == (loops * 2 - 1));
|
||||||
|
|
||||||
|
outiov.iov_base = outbuf_ptr;
|
||||||
|
outiov.iov_len = outbuflen;
|
||||||
|
@@ -1636,21 +1639,21 @@ static int cavs_aead_stream(struct kcapi_cavs *cavs_test, uint32_t loops,
|
||||||
|
if (ret)
|
||||||
|
goto out;
|
||||||
|
|
||||||
|
- if (cavs_test->enc)
|
||||||
|
- ret = kcapi_aead_stream_init_enc(handle, newiv, NULL, 0);
|
||||||
|
-
|
||||||
|
- else
|
||||||
|
- ret = kcapi_aead_stream_init_dec(handle, newiv, NULL, 0);
|
||||||
|
- if (0 > ret) {
|
||||||
|
- printf("Initialization of cipher buffer failed\n");
|
||||||
|
- goto out;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
for (i = 0; i < loops; i++) {
|
||||||
|
int errsv = 0;
|
||||||
|
|
||||||
|
memset(outbuf, 0, outbuflen);
|
||||||
|
|
||||||
|
+ if (cavs_test->enc)
|
||||||
|
+ ret = kcapi_aead_stream_init_enc(handle, newiv, NULL, 0);
|
||||||
|
+ else
|
||||||
|
+ ret = kcapi_aead_stream_init_dec(handle, newiv, NULL, 0);
|
||||||
|
+ if (0 > ret) {
|
||||||
|
+ printf("Initialization of cipher buffer failed\n");
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+
|
||||||
|
iov.iov_base = cavs_test->assoc;
|
||||||
|
iov.iov_len = cavs_test->assoclen;
|
||||||
|
if (cavs_test->enc) {
|
9
fipshmac-openssl.sh
Normal file
9
fipshmac-openssl.sh
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Mocks fipshmac using the openssl tool.
|
||||||
|
# Only for use during RPM build.
|
||||||
|
|
||||||
|
[ "$1" = '-d' ] || exit 1
|
||||||
|
|
||||||
|
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP -hex "$3" | cut -f 2 -d ' ' \
|
||||||
|
>"$2/$(basename "$3").hmac"
|
6
gating.yaml
Normal file
6
gating.yaml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
--- !Policy
|
||||||
|
product_versions:
|
||||||
|
- fedora-*
|
||||||
|
decision_context: bodhi_update_push_stable
|
||||||
|
rules:
|
||||||
|
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
|
680
libkcapi.spec
Normal file
680
libkcapi.spec
Normal file
@ -0,0 +1,680 @@
|
|||||||
|
# Shared object version of libkcapi.
|
||||||
|
%global vmajor 1
|
||||||
|
%global vminor 2
|
||||||
|
%global vpatch 0
|
||||||
|
|
||||||
|
# Do we build the replacements packages?
|
||||||
|
%bcond_with replace_coreutils
|
||||||
|
# Replace fipscheck by default in Fedora 33+:
|
||||||
|
%if 0%{?fedora} >= 33 || 0%{?rhel} >= 9
|
||||||
|
%bcond_without replace_fipscheck
|
||||||
|
%else
|
||||||
|
%bcond_with replace_fipscheck
|
||||||
|
%endif
|
||||||
|
# Replace hmaccalc by default in Fedora 28+:
|
||||||
|
%if 0%{?fedora} >= 28 || 0%{?rhel} >= 8
|
||||||
|
%bcond_without replace_hmaccalc
|
||||||
|
%else
|
||||||
|
%bcond_with replace_hmaccalc
|
||||||
|
%endif
|
||||||
|
%if 0%{?fedora} >= 29 || 0%{?rhel} >= 8
|
||||||
|
%bcond_without test_package
|
||||||
|
%else
|
||||||
|
%bcond_with test_package
|
||||||
|
%endif
|
||||||
|
|
||||||
|
# This package needs at least Linux Kernel v4.10.0.
|
||||||
|
%global min_kernel_ver 4.10.0
|
||||||
|
|
||||||
|
# Do we need to tweak sysctl.d? In newer versions of the Linux
|
||||||
|
# Kernel the default ancillary buffer size is set high enough.
|
||||||
|
# TODO: Adapt this when the patch for net/core/sock.c is merged.
|
||||||
|
%if %{lua:print(rpm.vercmp('99.0.0', posix.uname('%r')));} >= 0
|
||||||
|
%global with_sysctl_tweak 1
|
||||||
|
%else
|
||||||
|
%global with_sysctl_tweak 0
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%if %{with_sysctl_tweak}
|
||||||
|
# Priority for the sysctl.d preset.
|
||||||
|
%global sysctl_prio 50
|
||||||
|
|
||||||
|
# Value used for the sysctl.d preset.
|
||||||
|
%global sysctl_optmem_max 81920
|
||||||
|
|
||||||
|
# Extension for the README.distro file.
|
||||||
|
%global distroname_ext %{?fedora:fedora}%{?rhel:redhat}
|
||||||
|
%endif
|
||||||
|
|
||||||
|
# Lowest limit to run the testsuite. If we cannot obtain this
|
||||||
|
# value, we asume the testsuite cannot be run.
|
||||||
|
%global test_optmem_max %(%{__cat} /proc/sys/net/core/optmem_max || echo 0)
|
||||||
|
|
||||||
|
# For picking patches from upstream commits or pull requests.
|
||||||
|
%global giturl https://github.com/smuellerDD/%{name}
|
||||||
|
|
||||||
|
# Do we replace some coreutils?
|
||||||
|
%if %{with replace_coreutils}
|
||||||
|
# TODO: Adapt this when replacing some coreutils initially.
|
||||||
|
%global coreutils_evr 8.29-1%{?dist}
|
||||||
|
%endif
|
||||||
|
|
||||||
|
# Do we replace fipscheck?
|
||||||
|
%if %{with replace_fipscheck}
|
||||||
|
%global fipscheck_evr 1.5.0-9
|
||||||
|
%endif
|
||||||
|
|
||||||
|
# Do we replace hmaccalc?
|
||||||
|
%if %{with replace_hmaccalc}
|
||||||
|
%global hmaccalc_evr 0.9.14-10%{?dist}
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%global apps_hmaccalc sha1hmac sha224hmac sha256hmac sha384hmac sha512hmac
|
||||||
|
%global apps_fipscheck sha1sum sha224sum sha256sum sha384sum sha512sum md5sum fipscheck fipshmac
|
||||||
|
|
||||||
|
# On old kernels use mock hashers implemented via openssl
|
||||||
|
%if %{lua:print(rpm.vercmp(posix.uname('%r'), '3.19'));} >= 0
|
||||||
|
%global sha512hmac bin/kcapi-hasher -n sha512hmac
|
||||||
|
%global fipshmac bin/kcapi-hasher -n fipshmac
|
||||||
|
%else
|
||||||
|
%global sha512hmac bash %{_sourcedir}/sha512hmac-openssl.sh
|
||||||
|
%global fipshmac bash %{_sourcedir}/fipshmac-openssl.sh
|
||||||
|
%endif
|
||||||
|
|
||||||
|
# Add generation of HMAC checksums of the final stripped
|
||||||
|
# binaries. %%define with lazy globbing is used here
|
||||||
|
# intentionally, because using %%global does not work.
|
||||||
|
%define __spec_install_post \
|
||||||
|
%{?__debug_package:%{__debug_install_post}} \
|
||||||
|
%{__arch_install_post} \
|
||||||
|
%{__os_install_post} \
|
||||||
|
bin_path=%{buildroot}%{_bindir} \
|
||||||
|
lib_path=%{buildroot}/%{_lib} \
|
||||||
|
for app in %{apps_hmaccalc}; do \
|
||||||
|
test -e "$bin_path"/$app || continue \
|
||||||
|
{ %sha512hmac "$bin_path"/$app || exit 1; } \\\
|
||||||
|
| cut -f 1 -d ' ' >"$lib_path"/hmaccalc/$app.hmac \
|
||||||
|
done \
|
||||||
|
for app in %{apps_fipscheck}; do \
|
||||||
|
test -e "$bin_path"/$app || continue \
|
||||||
|
%fipshmac -d "$lib_path"/fipscheck "$bin_path"/$app || exit 1 \
|
||||||
|
done \
|
||||||
|
%{_bindir}/hardlink -cfv %{buildroot}%{_bindir} \
|
||||||
|
%fipshmac -d "$lib_path"/fipscheck \\\
|
||||||
|
"$lib_path"/libkcapi.so.%{version} || exit 1 \
|
||||||
|
%{__ln_s} libkcapi.so.%{version}.hmac \\\
|
||||||
|
"$lib_path"/fipscheck/libkcapi.so.%{vmajor}.hmac \
|
||||||
|
%{nil}
|
||||||
|
|
||||||
|
|
||||||
|
Name: libkcapi
|
||||||
|
Version: %{vmajor}.%{vminor}.%{vpatch}
|
||||||
|
Release: 3%{?dist}
|
||||||
|
Summary: User space interface to the Linux Kernel Crypto API
|
||||||
|
|
||||||
|
License: BSD or GPLv2
|
||||||
|
URL: http://www.chronox.de/%{name}.html
|
||||||
|
Source0: http://www.chronox.de/%{name}/%{name}-%{version}.tar.xz
|
||||||
|
Source1: http://www.chronox.de/%{name}/%{name}-%{version}.tar.xz.asc
|
||||||
|
Source2: sha512hmac-openssl.sh
|
||||||
|
Source3: fipshmac-openssl.sh
|
||||||
|
|
||||||
|
Patch0: %{giturl}/commit/b612c52c5ccf.patch#/000-Kern-5.8-fix-MSG_MORE-usage.patch
|
||||||
|
|
||||||
|
BuildRequires: bash
|
||||||
|
BuildRequires: clang
|
||||||
|
BuildRequires: coreutils
|
||||||
|
BuildRequires: cppcheck
|
||||||
|
BuildRequires: docbook-utils-pdf
|
||||||
|
BuildRequires: gcc
|
||||||
|
BuildRequires: git
|
||||||
|
BuildRequires: hardlink
|
||||||
|
BuildRequires: kernel-headers >= %{min_kernel_ver}
|
||||||
|
BuildRequires: libtool
|
||||||
|
BuildRequires: openssl
|
||||||
|
BuildRequires: perl-interpreter
|
||||||
|
BuildRequires: systemd
|
||||||
|
BuildRequires: xmlto
|
||||||
|
|
||||||
|
# For ownership of %%{_sysctldir}.
|
||||||
|
Requires: systemd
|
||||||
|
|
||||||
|
Obsoletes: %{name}-replacements <= %{version}-%{release}
|
||||||
|
|
||||||
|
%description
|
||||||
|
libkcapi allows user-space to access the Linux kernel crypto API.
|
||||||
|
|
||||||
|
This library uses the netlink interface and exports easy to use APIs
|
||||||
|
so that a developer does not need to consider the low-level netlink
|
||||||
|
interface handling.
|
||||||
|
|
||||||
|
The library does not implement any cipher algorithms. All consumer
|
||||||
|
requests are sent to the kernel for processing. Results from the
|
||||||
|
kernel crypto API are returned to the consumer via the library API.
|
||||||
|
|
||||||
|
The kernel interface and therefore this library can be used by
|
||||||
|
unprivileged processes.
|
||||||
|
|
||||||
|
|
||||||
|
%package devel
|
||||||
|
Summary: Development files for the %{name} package
|
||||||
|
Requires: %{name}%{?_isa} == %{version}-%{release}
|
||||||
|
|
||||||
|
%description devel
|
||||||
|
Header files for applications that use %{name}.
|
||||||
|
|
||||||
|
|
||||||
|
%package doc
|
||||||
|
Summary: User documentation for the %{name} package
|
||||||
|
BuildArch: noarch
|
||||||
|
# Depend on one of the base packages because they have the license files
|
||||||
|
# We cannot just bundle them into doc because they might conflict with an
|
||||||
|
# older or newer version of the base package.
|
||||||
|
Requires: %{name} == %{version}-%{release}
|
||||||
|
|
||||||
|
%description doc
|
||||||
|
User documentation for %{name}.
|
||||||
|
|
||||||
|
|
||||||
|
%if %{with replace_coreutils}
|
||||||
|
%package checksum
|
||||||
|
Summary: Drop-in replacement for *sum utils provided by the %{name} package
|
||||||
|
Requires: %{name}%{?_isa} == %{version}-%{release}
|
||||||
|
|
||||||
|
Requires: coreutils%{?_isa} >= %{coreutils_evr}
|
||||||
|
|
||||||
|
Conflicts: coreutils < %{coreutils_evr}
|
||||||
|
Conflicts: coreutils-single
|
||||||
|
|
||||||
|
%description checksum
|
||||||
|
Provides drop-in replacements for sha*sum tools (from package
|
||||||
|
coreutils) using %{name}.
|
||||||
|
%endif
|
||||||
|
|
||||||
|
|
||||||
|
%if %{with replace_fipscheck}
|
||||||
|
%package fipscheck
|
||||||
|
Summary: Drop-in replacements for fipscheck/fipshmac provided by the %{name} package
|
||||||
|
Requires: %{name}%{?_isa} == %{version}-%{release}
|
||||||
|
|
||||||
|
Obsoletes: fipscheck <= %{fipscheck_evr}
|
||||||
|
|
||||||
|
Provides: fipscheck == %{fipscheck_evr}.1
|
||||||
|
Provides: fipscheck%{?_isa} == %{fipscheck_evr}.1
|
||||||
|
|
||||||
|
%description fipscheck
|
||||||
|
Provides drop-in replacements for fipscheck and fipshmac tools (from
|
||||||
|
package fipscheck) using %{name}.
|
||||||
|
%endif
|
||||||
|
|
||||||
|
|
||||||
|
%if %{with replace_hmaccalc}
|
||||||
|
%package hmaccalc
|
||||||
|
Summary: Drop-in replacements for hmaccalc provided by the %{name} package
|
||||||
|
Requires: %{name}%{?_isa} == %{version}-%{release}
|
||||||
|
|
||||||
|
Obsoletes: hmaccalc <= %{hmaccalc_evr}
|
||||||
|
|
||||||
|
Provides: hmaccalc == %{hmaccalc_evr}.1
|
||||||
|
Provides: hmaccalc%{?_isa} == %{hmaccalc_evr}.1
|
||||||
|
|
||||||
|
%description hmaccalc
|
||||||
|
Provides drop-in replacements for sha*hmac tools (from package
|
||||||
|
hmaccalc) using %{name}.
|
||||||
|
%endif
|
||||||
|
|
||||||
|
|
||||||
|
%package static
|
||||||
|
Summary: Static library for -static linking with %{name}
|
||||||
|
Requires: %{name}-devel%{?_isa} == %{version}-%{release}
|
||||||
|
|
||||||
|
%description static
|
||||||
|
This package contains the %{name} static libraries for -static
|
||||||
|
linking. You don't need this, unless you link statically, which
|
||||||
|
is highly discouraged.
|
||||||
|
|
||||||
|
|
||||||
|
%package tools
|
||||||
|
Summary: Utility applications for the %{name} package
|
||||||
|
Requires: %{name}%{?_isa} == %{version}-%{release}
|
||||||
|
|
||||||
|
%description tools
|
||||||
|
Utility applications that are provided with %{name}. This includes
|
||||||
|
tools to use message digests, symmetric ciphers and random number
|
||||||
|
generators implemented in the Linux kernel from command line.
|
||||||
|
|
||||||
|
|
||||||
|
%if %{with test_package}
|
||||||
|
%package tests
|
||||||
|
Summary: Testing scripts for the %{name} package
|
||||||
|
Requires: %{name}%{?_isa} == %{version}-%{release}
|
||||||
|
Requires: %{name}-tools%{?_isa} == %{version}-%{release}
|
||||||
|
%if %{with replace_hmaccalc}
|
||||||
|
Requires: %{name}-hmaccalc%{?_isa} == %{version}-%{release}
|
||||||
|
%endif
|
||||||
|
%if %{with replace_coreutils}
|
||||||
|
Requires: %{name}-checksum%{?_isa} == %{version}-%{release}
|
||||||
|
%endif
|
||||||
|
Requires: coreutils
|
||||||
|
Requires: openssl
|
||||||
|
Requires: perl-interpreter
|
||||||
|
|
||||||
|
%description tests
|
||||||
|
Auxiliary scripts for testing %{name}.
|
||||||
|
%endif
|
||||||
|
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%autosetup -p 1 -S git
|
||||||
|
|
||||||
|
%if %{with_sysctl_tweak}
|
||||||
|
%{__cat} << EOF > README.%{distroname_ext}
|
||||||
|
This package increases the default limit of the ancillary buffer size
|
||||||
|
per kernel socket defined in \`net.core.optmem_max\` to %{sysctl_optmem_max} bytes.
|
||||||
|
|
||||||
|
For this preset to become active it requires a reboot after the
|
||||||
|
installation of this package. You can also manually increase this
|
||||||
|
limit by invocing \`sysctl net.core.optmem_max=%{sysctl_optmem_max}\` as the
|
||||||
|
super-user, e.g. using \`su\` or \`sudo\` on the terminal.
|
||||||
|
|
||||||
|
This is done to provide consumers of the new Linux Kernel Crypto API
|
||||||
|
User Space Interface a well sufficient and reasonable maximum limit
|
||||||
|
by default, especially when using AIO with a larger amount of IOVECs.
|
||||||
|
|
||||||
|
For further information about the AF_ALG kernel socket and AIO, see
|
||||||
|
the discussion at the kernel-crypto mailing-list:
|
||||||
|
https://www.mail-archive.com/linux-crypto@vger.kernel.org/msg30417.html
|
||||||
|
|
||||||
|
See the instructions given in '%{_sysctldir}/50-default.conf',
|
||||||
|
if you need or want to override the preset made by this package.
|
||||||
|
EOF
|
||||||
|
|
||||||
|
%{__cat} << EOF > %{sysctl_prio}-%{name}-optmem_max.conf
|
||||||
|
# See the 'README.%{distroname_ext}' file shipped in %%doc
|
||||||
|
# with the %{name} package.
|
||||||
|
#
|
||||||
|
# See '%{_sysctldir}/50-default.conf',
|
||||||
|
# if you need or want to override this preset.
|
||||||
|
|
||||||
|
# Increase the ancillary buffer size per socket.
|
||||||
|
net.core.optmem_max = %{sysctl_optmem_max}
|
||||||
|
EOF
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%{_bindir}/autoreconf -fiv
|
||||||
|
|
||||||
|
|
||||||
|
%build
|
||||||
|
%configure \
|
||||||
|
--libdir=/%{_lib} \
|
||||||
|
--disable-silent-rules \
|
||||||
|
--enable-kcapi-encapp \
|
||||||
|
--enable-kcapi-dgstapp \
|
||||||
|
--enable-kcapi-hasher \
|
||||||
|
--enable-kcapi-rngapp \
|
||||||
|
--enable-kcapi-speed \
|
||||||
|
--enable-kcapi-test \
|
||||||
|
--enable-shared \
|
||||||
|
--enable-static \
|
||||||
|
--enable-sum-prefix= \
|
||||||
|
--enable-sum-dir=/%{_lib} \
|
||||||
|
--with-pkgconfigdir=%{_libdir}/pkgconfig
|
||||||
|
%make_build all doc
|
||||||
|
|
||||||
|
|
||||||
|
%install
|
||||||
|
%make_install
|
||||||
|
|
||||||
|
# Install sysctl.d preset.
|
||||||
|
%{__mkdir_p} %{buildroot}%{_sysctldir}
|
||||||
|
%{__install} -Dpm 0644 -t %{buildroot}%{_sysctldir} \
|
||||||
|
%{sysctl_prio}-%{name}-optmem_max.conf
|
||||||
|
|
||||||
|
# Install into proper location for inclusion by %%doc.
|
||||||
|
%{__mkdir_p} %{buildroot}%{_pkgdocdir}
|
||||||
|
%{__install} -Dpm 0644 -t %{buildroot}%{_pkgdocdir} \
|
||||||
|
%if %{with_sysctl_tweak}
|
||||||
|
README.%{distroname_ext} \
|
||||||
|
%endif
|
||||||
|
README.md CHANGES.md TODO doc/%{name}.p{df,s}
|
||||||
|
%{__cp} -pr lib/doc/html %{buildroot}%{_pkgdocdir}
|
||||||
|
|
||||||
|
# Install replacement tools, if enabled.
|
||||||
|
%if !%{with replace_coreutils}
|
||||||
|
%{__rm} -f \
|
||||||
|
%{buildroot}%{_bindir}/md5sum \
|
||||||
|
%{buildroot}%{_bindir}/sha*sum
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%if !%{with replace_fipscheck}
|
||||||
|
%{__rm} -f %{buildroot}%{_bindir}/fips*
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%if !%{with replace_hmaccalc}
|
||||||
|
%{__rm} -f %{buildroot}%{_bindir}/sha*hmac
|
||||||
|
%endif
|
||||||
|
|
||||||
|
# We don't ship autocrap dumplings.
|
||||||
|
%{_bindir}/find %{buildroot} -type f -name '*.la' -print -delete
|
||||||
|
|
||||||
|
# HMAC checksums are generated during __spec_install_post.
|
||||||
|
%{_bindir}/find %{buildroot} -type f -name '*.hmac' -print -delete
|
||||||
|
|
||||||
|
# Remove 0-size files.
|
||||||
|
%{_bindir}/find %{buildroot} -type f -size 0 -print -delete
|
||||||
|
|
||||||
|
# Make sure all docs have non-exec permissions, except for the dirs.
|
||||||
|
%{_bindir}/find %{buildroot}%{_pkgdocdir} -type f -print | \
|
||||||
|
%{_bindir}/xargs %{__chmod} -c 0644
|
||||||
|
%{_bindir}/find %{buildroot}%{_pkgdocdir} -type d -print | \
|
||||||
|
%{_bindir}/xargs %{__chmod} -c 0755
|
||||||
|
|
||||||
|
# Possibly save some space by hardlinking.
|
||||||
|
for d in %{_mandir} %{_pkgdocdir}; do
|
||||||
|
%{_bindir}/hardlink -cfv %{buildroot}$d
|
||||||
|
done
|
||||||
|
|
||||||
|
|
||||||
|
%check
|
||||||
|
# Some basic sanity checks.
|
||||||
|
for t in cppcheck scan; do
|
||||||
|
%make_build $t
|
||||||
|
done
|
||||||
|
|
||||||
|
# On some arches `/proc/sys/net/core/optmem_max` is lower than 20480,
|
||||||
|
# which is the lowest limit needed to run the testsuite. If that limit
|
||||||
|
# is not met, we do not run it.
|
||||||
|
%if %{test_optmem_max} >= 20480
|
||||||
|
# Skip the testsuite on old kernels.
|
||||||
|
%if %{lua:print(rpm.vercmp(posix.uname('%r'), '5.1'));} >= 0
|
||||||
|
# Real testsuite.
|
||||||
|
pushd test
|
||||||
|
ENABLE_FUZZ_TEST=1 \
|
||||||
|
NO_32BIT_TEST=1 \
|
||||||
|
./test-invocation.sh
|
||||||
|
popd
|
||||||
|
%endif
|
||||||
|
%endif
|
||||||
|
|
||||||
|
|
||||||
|
%ldconfig_scriptlets
|
||||||
|
|
||||||
|
|
||||||
|
%files
|
||||||
|
%doc %dir %{_pkgdocdir}
|
||||||
|
%doc %{_pkgdocdir}/README.md
|
||||||
|
%license COPYING*
|
||||||
|
/%{_lib}/%{name}.so.%{vmajor}
|
||||||
|
/%{_lib}/%{name}.so.%{version}
|
||||||
|
/%{_lib}/fipscheck/%{name}.so.%{vmajor}.hmac
|
||||||
|
/%{_lib}/fipscheck/%{name}.so.%{version}.hmac
|
||||||
|
%if %{with_sysctl_tweak}
|
||||||
|
%doc %{_pkgdocdir}/README.%{distroname_ext}
|
||||||
|
%{_sysctldir}/%{sysctl_prio}-%{name}-optmem_max.conf
|
||||||
|
%endif
|
||||||
|
|
||||||
|
|
||||||
|
%files devel
|
||||||
|
%doc %{_pkgdocdir}/CHANGES.md
|
||||||
|
%doc %{_pkgdocdir}/TODO
|
||||||
|
%{_includedir}/kcapi.h
|
||||||
|
%{_mandir}/man3/kcapi_*.3.*
|
||||||
|
/%{_lib}/%{name}.so
|
||||||
|
%{_libdir}/pkgconfig/%{name}.pc
|
||||||
|
|
||||||
|
|
||||||
|
%files doc
|
||||||
|
%doc %{_pkgdocdir}/html
|
||||||
|
%doc %{_pkgdocdir}/%{name}.pdf
|
||||||
|
%doc %{_pkgdocdir}/%{name}.ps
|
||||||
|
|
||||||
|
|
||||||
|
%if %{with replace_coreutils}
|
||||||
|
%files checksum
|
||||||
|
%{_bindir}/md5sum
|
||||||
|
%{_bindir}/sha*sum
|
||||||
|
/%{_lib}/fipscheck/md5sum.hmac
|
||||||
|
/%{_lib}/fipscheck/sha*sum.hmac
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%if %{with replace_fipscheck}
|
||||||
|
%files fipscheck
|
||||||
|
%{_bindir}/fips*
|
||||||
|
/%{_lib}/fipscheck/fips*.hmac
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%if %{with replace_hmaccalc}
|
||||||
|
%files hmaccalc
|
||||||
|
%{_bindir}/sha*hmac
|
||||||
|
/%{_lib}/hmaccalc/sha*hmac.hmac
|
||||||
|
%endif
|
||||||
|
|
||||||
|
|
||||||
|
%files static
|
||||||
|
/%{_lib}/%{name}.a
|
||||||
|
|
||||||
|
|
||||||
|
%files tools
|
||||||
|
%{_bindir}/kcapi*
|
||||||
|
%{_mandir}/man1/kcapi*.1.*
|
||||||
|
|
||||||
|
|
||||||
|
%if %{with test_package}
|
||||||
|
%files tests
|
||||||
|
%{_libexecdir}/%{name}/*
|
||||||
|
%endif
|
||||||
|
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
* Fri Aug 14 2020 Ondrej Mosnáček <omosnace@redhat.com> - 1.2.0-3
|
||||||
|
- Require perl-interpreter instead of full perl
|
||||||
|
- Backport fix for 5.9 kernels
|
||||||
|
|
||||||
|
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.0-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon May 25 2020 Sahana Prasad <omosnace@redhat.com> - 1.2.0-1
|
||||||
|
- Update to upstream version 1.2.0 tracked by BZ 1839592.
|
||||||
|
- Enable kcapi-enc tests as libkcapi BZ 1826022 is fixed.
|
||||||
|
- Remove 110-fipshmac-compat.patch as the changes are merged upstream.
|
||||||
|
- Remove 100-workaround-cppcheck-bug.patch as the changes are merged upstream.
|
||||||
|
|
||||||
|
* Tue May 05 2020 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.5-5
|
||||||
|
- Fix the CI test failures
|
||||||
|
- Enable building on old kernels
|
||||||
|
- Avoid conflicts between different versions of packages
|
||||||
|
|
||||||
|
* Thu Apr 23 2020 Tomáš Mráz <tmraz@redhat.com> - 1.1.5-4
|
||||||
|
- Add . prefix to files created by fipshmac if -d option is not specified
|
||||||
|
|
||||||
|
* Wed Apr 22 2020 Sahana Prasad <sahana@redhat.com> - 1.1.5-3
|
||||||
|
- Disables kcapi-enc tests until the kernel bug bz 1826022 is fixed.
|
||||||
|
- Produce also the fipscheck replacement package
|
||||||
|
|
||||||
|
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.5-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Aug 13 2019 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.5-1
|
||||||
|
- Update to upstream version 1.1.5
|
||||||
|
|
||||||
|
* Sat Jul 27 2019 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.4-6
|
||||||
|
- Backport patch to fix test failure on aarch64
|
||||||
|
- Remove no longer needed ppc64 workaround
|
||||||
|
|
||||||
|
* Sat Jul 27 2019 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.4-5
|
||||||
|
- Backport patch to fix tests
|
||||||
|
|
||||||
|
* Thu Jul 25 2019 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.4-4
|
||||||
|
- Work around cppcheck issue
|
||||||
|
- Enable gating
|
||||||
|
|
||||||
|
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.4-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon May 27 2019 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.4-2
|
||||||
|
- Fix FTBFS: hardlink is now in bindir
|
||||||
|
|
||||||
|
* Sat Feb 02 2019 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.4-1
|
||||||
|
- Update to upstream version 1.1.4
|
||||||
|
|
||||||
|
* Fri Feb 01 2019 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.3-3
|
||||||
|
- Fix build with new GCC
|
||||||
|
|
||||||
|
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.3-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Aug 23 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.3-1
|
||||||
|
- Update to upstream version 1.1.3
|
||||||
|
|
||||||
|
* Thu Aug 09 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-16
|
||||||
|
- Add missing dependencies to the tests package
|
||||||
|
- Update patch from upstream
|
||||||
|
|
||||||
|
* Thu Aug 09 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-15
|
||||||
|
- Build and tests require perl
|
||||||
|
|
||||||
|
* Thu Aug 09 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-14
|
||||||
|
- Add missing script to the 'tests' package
|
||||||
|
|
||||||
|
* Wed Aug 08 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-13
|
||||||
|
- Add missing requires to the 'tests' subpackage
|
||||||
|
|
||||||
|
* Tue Aug 07 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-12
|
||||||
|
- Produce a subpackage with test scripts
|
||||||
|
- Build the 'tests' subpackage conditionally
|
||||||
|
|
||||||
|
* Wed Aug 01 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-11
|
||||||
|
- Add patch to fix unwanted closing of FD 0
|
||||||
|
|
||||||
|
* Tue Jul 31 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-10
|
||||||
|
- Remove the kernel headers workaround
|
||||||
|
|
||||||
|
* Fri Jul 27 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.1.1-9
|
||||||
|
- Rebuild for new binutils
|
||||||
|
|
||||||
|
* Fri Jul 27 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-8
|
||||||
|
- Add more Coverity fixes from upstream
|
||||||
|
- Add patch to fix AEAD fuzz test for BE arches
|
||||||
|
- Fixup specfile
|
||||||
|
|
||||||
|
* Mon Jul 23 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-7
|
||||||
|
- Add various fixes from upstream
|
||||||
|
- Drop the Requires on kernel package
|
||||||
|
|
||||||
|
* Mon Jul 16 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-6
|
||||||
|
- Put .hmac files into a separate directory
|
||||||
|
|
||||||
|
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.1-5
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Jul 12 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-4
|
||||||
|
- Add patch to work around FTBFS on rawhide
|
||||||
|
|
||||||
|
* Wed Jul 11 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-3
|
||||||
|
- Fix off-by-one error in checkfile parsing
|
||||||
|
|
||||||
|
* Wed Jul 11 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-2
|
||||||
|
- Fix command-line parsing in libkcapi-hmaccalc
|
||||||
|
|
||||||
|
* Mon Jun 18 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-1
|
||||||
|
- Update to upstream version 1.1.1
|
||||||
|
|
||||||
|
* Wed May 09 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.0-5
|
||||||
|
- Skip CLang static analysis in RHEL
|
||||||
|
- Revert "Skip CLang static analysis in RHEL"
|
||||||
|
- Use own sha512hmac and fipscheck
|
||||||
|
|
||||||
|
* Wed May 02 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.0-4
|
||||||
|
- Fix description lines being too long
|
||||||
|
|
||||||
|
* Fri Apr 27 2018 Björn Esser <besser82@fedoraproject.org> - 1.1.0-3
|
||||||
|
- Fix conditional for hmaccalc replacement
|
||||||
|
|
||||||
|
* Mon Apr 16 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.0-2
|
||||||
|
- Enable hmaccalc replacements in Fedora 28+
|
||||||
|
|
||||||
|
* Thu Apr 12 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.0-1
|
||||||
|
- Update to upstream version 1.1.0
|
||||||
|
|
||||||
|
* Sat Mar 31 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-10
|
||||||
|
- Replace single patches with a monolitic one from upstream
|
||||||
|
- Obsolete replacements subpackage
|
||||||
|
- Ignore failing tests on %%{power64} temporarily
|
||||||
|
|
||||||
|
* Thu Mar 08 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.0.3-9
|
||||||
|
- Split up the replacements subpackage
|
||||||
|
|
||||||
|
* Mon Feb 26 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-8
|
||||||
|
- Increase optmem_max preset to 81920
|
||||||
|
|
||||||
|
* Mon Feb 26 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-7
|
||||||
|
- Obsoletes work by package name, not by provides (rhbz#1537225)
|
||||||
|
|
||||||
|
* Sun Feb 25 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-6
|
||||||
|
- Add patch to fix a copy-paste typo
|
||||||
|
|
||||||
|
* Sat Feb 17 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-5
|
||||||
|
- Add patch to fix build with -Werror
|
||||||
|
|
||||||
|
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org>
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sun Feb 04 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-3
|
||||||
|
- Switch to %%ldconfig_scriptlets
|
||||||
|
|
||||||
|
* Wed Jan 17 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-2
|
||||||
|
- Decrease optmem_max preset to 40960
|
||||||
|
- Let the build fail, if the minimum kernel version cannot be met
|
||||||
|
- Conditionalize the sysctl.d tweak on version of the kernel
|
||||||
|
- Conditionalize the name of README.distro on the distro
|
||||||
|
|
||||||
|
* Tue Jan 16 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-1
|
||||||
|
- Initial import (rhbz#1533929)
|
||||||
|
|
||||||
|
* Tue Jan 16 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.13
|
||||||
|
- Increase optmem_max preset to 81920
|
||||||
|
|
||||||
|
* Tue Jan 16 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.12
|
||||||
|
- Add sysctl.d preset and README.fedora
|
||||||
|
|
||||||
|
* Mon Jan 15 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.11
|
||||||
|
- Make the contents of the -replacements package configurable
|
||||||
|
|
||||||
|
* Mon Jan 15 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.10
|
||||||
|
- Fix Obsoletes of the -replacements package
|
||||||
|
|
||||||
|
* Sun Jan 14 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.9
|
||||||
|
- Disable the -replacements package until we have a plan for it
|
||||||
|
|
||||||
|
* Sun Jan 14 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.8
|
||||||
|
- Move the kcapi-hasher binary to -replacements package, since it is
|
||||||
|
not of much use without the linked invocation names and saves the
|
||||||
|
extra Requires on the -tools package
|
||||||
|
|
||||||
|
* Sun Jan 14 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.7
|
||||||
|
- Fix internal Requires of sub-packages
|
||||||
|
- Hardlink files in %%{_bindir}
|
||||||
|
|
||||||
|
* Sun Jan 14 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.6
|
||||||
|
- Add patches from upstream
|
||||||
|
|
||||||
|
* Sat Jan 13 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.5
|
||||||
|
- Add patches from upstream
|
||||||
|
|
||||||
|
* Sat Jan 13 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.4
|
||||||
|
- Asume the testsuite cannot be run, if the value of optmem_max cannot
|
||||||
|
be obtained
|
||||||
|
|
||||||
|
* Sat Jan 13 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.3
|
||||||
|
- Move libraries to /%%{_lib} instead of %%{_libdir}, which is useful
|
||||||
|
during boot when the library might be needed before a potentially
|
||||||
|
seperate /usr partition is mounted
|
||||||
|
|
||||||
|
* Sat Jan 13 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.2
|
||||||
|
- Asume optmem_max is at least 20480, if the real value cannot be obtained
|
||||||
|
|
||||||
|
* Fri Jan 12 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.1
|
||||||
|
- New upstream release
|
||||||
|
|
||||||
|
* Wed Jan 10 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.2-0.1
|
||||||
|
- Initial rpm release (rhbz#1533929)
|
6
sha512hmac-openssl.sh
Normal file
6
sha512hmac-openssl.sh
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Mocks sha512hmac using the openssl tool.
|
||||||
|
# Only for use during RPM build.
|
||||||
|
|
||||||
|
openssl sha512 -hmac FIPS-FTW-RHT2009 -hex "$1" | cut -f 2 -d ' '
|
2
sources
Normal file
2
sources
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
SHA512 (libkcapi-1.2.0.tar.xz) = f097aac4fb06d0e0a7f62376506caa2d4cdb03572be89286ff335684f9a10285ffea4b3cfb37fd49e51435aa6636256aa12f0cf970fd48b1358aace8ac14b289
|
||||||
|
SHA512 (libkcapi-1.2.0.tar.xz.asc) = 336769b04c75ee23d4cae98697a6ea14e5bd244bcefaa2396d80dab95538620c9353100685bd0568f61b8dfa3089c6ff7e4fdcdde949012ba0d7fe6aac650577
|
71
tests/fipscheck-smoke-test/Makefile
Normal file
71
tests/fipscheck-smoke-test/Makefile
Normal file
@ -0,0 +1,71 @@
|
|||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Makefile of /CoreOS/libgcrypt/smoke-test
|
||||||
|
# Description: Test calls upstream test suite.
|
||||||
|
# Author: Ondrej Moris <omoris@redhat.com>
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Copyright (c) 2010 Red Hat, Inc. All rights reserved.
|
||||||
|
#
|
||||||
|
# This copyrighted material is made available to anyone wishing
|
||||||
|
# to use, modify, copy, or redistribute it subject to the terms
|
||||||
|
# and conditions of the GNU General Public License version 2.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be
|
||||||
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||||
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||||
|
# PURPOSE. See the GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public
|
||||||
|
# License along with this program; if not, write to the Free
|
||||||
|
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||||
|
# Boston, MA 02110-1301, USA.
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
export TEST=/CoreOS/libgcrypt/smoke-test
|
||||||
|
export TESTVERSION=1.0
|
||||||
|
|
||||||
|
BUILT_FILES=
|
||||||
|
|
||||||
|
FILES=$(METADATA) runtest.sh Makefile PURPOSE
|
||||||
|
|
||||||
|
.PHONY: all install download clean
|
||||||
|
|
||||||
|
run: $(FILES) build
|
||||||
|
./runtest.sh
|
||||||
|
|
||||||
|
build: $(BUILT_FILES)
|
||||||
|
chmod a+x runtest.sh
|
||||||
|
|
||||||
|
clean:
|
||||||
|
rm -f *~ $(BUILT_FILES)
|
||||||
|
|
||||||
|
|
||||||
|
include /usr/share/rhts/lib/rhts-make.include
|
||||||
|
|
||||||
|
$(METADATA): Makefile
|
||||||
|
@echo "Owner: Ondrej Moris <omoris@redhat.com>" > $(METADATA)
|
||||||
|
@echo "Name: $(TEST)" >> $(METADATA)
|
||||||
|
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||||
|
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||||
|
@echo "Description: Test calls upstream test suite." >> $(METADATA)
|
||||||
|
@echo "Type: Sanity" >> $(METADATA)
|
||||||
|
@echo "TestTime: 15m" >> $(METADATA)
|
||||||
|
@echo "RunFor: libgcrypt" >> $(METADATA)
|
||||||
|
@echo "Requires: libgcrypt" >> $(METADATA)
|
||||||
|
@echo "Requires: nfs-utils" >> $(METADATA)
|
||||||
|
@echo "Requires: rpm-build" >> $(METADATA)
|
||||||
|
@echo "Requires: gawk" >> $(METADATA)
|
||||||
|
@echo "Requires: gcc-c++ fipscheck" >> $(METADATA)
|
||||||
|
@echo "Requires: libgpg-error-devel wget" >> $(METADATA)
|
||||||
|
@echo "Requires: pkgconfig texinfo libselinux-utils" >> $(METADATA)
|
||||||
|
@echo "Releases: -RHEL3 -RHEL4" >> $(METADATA)
|
||||||
|
@echo "Priority: Normal" >> $(METADATA)
|
||||||
|
@echo "Architectures: i386 x86_64 s390x ia64" >> $(METADATA)
|
||||||
|
@echo "License: GPLv2" >> $(METADATA)
|
||||||
|
@echo "Confidential: no" >> $(METADATA)
|
||||||
|
@echo "Destructive: no" >> $(METADATA)
|
||||||
|
|
||||||
|
rhts-lint $(METADATA)
|
3
tests/fipscheck-smoke-test/PURPOSE
Normal file
3
tests/fipscheck-smoke-test/PURPOSE
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
PURPOSE of /CoreOS/libgcrypt/Sanity/smoke-test
|
||||||
|
Description: Test calls upstream test suite.
|
||||||
|
Author: Ondrej Moris <omoris@redhat.com>
|
71
tests/fipscheck-smoke-test/runtest.sh
Executable file
71
tests/fipscheck-smoke-test/runtest.sh
Executable file
@ -0,0 +1,71 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# runtest.sh of /CoreOS/libgcrypt/smoke-test
|
||||||
|
# Description: Test calls upstream test suite.
|
||||||
|
# Author: Ondrej Moris <omoris@redhat.com>
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Copyright (c) 2010 Red Hat, Inc. All rights reserved.
|
||||||
|
#
|
||||||
|
# This copyrighted material is made available to anyone wishing
|
||||||
|
# to use, modify, copy, or redistribute it subject to the terms
|
||||||
|
# and conditions of the GNU General Public License version 2.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be
|
||||||
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||||
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||||
|
# PURPOSE. See the GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public
|
||||||
|
# License along with this program; if not, write to the Free
|
||||||
|
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||||
|
# Boston, MA 02110-1301, USA.
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
# Include rhts environment
|
||||||
|
#. /usr/bin/rhts-environment.sh
|
||||||
|
. /usr/share/beakerlib/beakerlib.sh
|
||||||
|
|
||||||
|
PACKAGE="libgcrypt"
|
||||||
|
|
||||||
|
rlJournalStart
|
||||||
|
|
||||||
|
rlPhaseStartSetup
|
||||||
|
TmpDir=`mktemp -d`
|
||||||
|
rlAssertRpm $PACKAGE
|
||||||
|
rlFileBackup --clean "/etc/gcrypt/fips_enabled"
|
||||||
|
rlRun "pushd $TmpDir" 0
|
||||||
|
rlFetchSrcForInstalled $PACKAGE
|
||||||
|
rlRun "rpm -ihv `ls *.rpm`" 0
|
||||||
|
if grep '1' /proc/sys/crypto/fips_enabled; then
|
||||||
|
rlRun "echo '1' > /etc/gcrypt/fips_enabled" 0
|
||||||
|
fi
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlPhaseStartTest
|
||||||
|
TOPDIR=`rpm --eval %_topdir`
|
||||||
|
rlRun "pushd $TOPDIR" 0
|
||||||
|
rlRun "rm -rf BUILD/libgcrypt-*" 0-255
|
||||||
|
rlRun "rpmbuild -vv -bc SPECS/libgcrypt.spec" 0
|
||||||
|
rlRun "pushd BUILD/libgcrypt-*" 0
|
||||||
|
rlRun "fipshmac src/.libs/libgcrypt.so.??" 0
|
||||||
|
rlRun "make check > $TmpDir/make_check.out" 0
|
||||||
|
rlRun "popd" 0
|
||||||
|
rlRun "popd" 0
|
||||||
|
rlRun "grep \"All [0-9]\+ tests passed\" $TmpDir/make_check.out" 0 \
|
||||||
|
"All tests passed"
|
||||||
|
rlRun "cat $TmpDir/make_check.out" 0
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlPhaseStartCleanup
|
||||||
|
rlRun "popd" 0
|
||||||
|
rlRun "rm -r $TmpDir" 0
|
||||||
|
rlFileRestore
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlJournalPrintText
|
||||||
|
rlJournalEnd
|
45
tests/tests.yml
Normal file
45
tests/tests.yml
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
- hosts: localhost
|
||||||
|
tags:
|
||||||
|
- classic
|
||||||
|
- container
|
||||||
|
roles:
|
||||||
|
- role: standard-test-basic
|
||||||
|
required_packages:
|
||||||
|
- libkcapi-tests
|
||||||
|
tests:
|
||||||
|
- upstream-basic-test:
|
||||||
|
run: /usr/libexec/libkcapi/test.sh
|
||||||
|
- upstream-enc-test:
|
||||||
|
run: /usr/libexec/libkcapi/kcapi-enc-test.sh
|
||||||
|
- upstream-enc-test-large:
|
||||||
|
run: /usr/libexec/libkcapi/kcapi-enc-test-large.sh
|
||||||
|
- upstream-dgst-test:
|
||||||
|
run: /usr/libexec/libkcapi/kcapi-dgst-test.sh
|
||||||
|
- upstream-hasher-test:
|
||||||
|
run: /usr/libexec/libkcapi/hasher-test.sh
|
||||||
|
- upstream-convenience-test:
|
||||||
|
run: /usr/libexec/libkcapi/kcapi-convenience.sh
|
||||||
|
- upstream-fuzz-test:
|
||||||
|
run: /usr/libexec/libkcapi/kcapi-fuzz-test.sh
|
||||||
|
|
||||||
|
- hosts: localhost
|
||||||
|
tags:
|
||||||
|
- classic
|
||||||
|
- container
|
||||||
|
roles:
|
||||||
|
- role: standard-test-beakerlib
|
||||||
|
required_packages:
|
||||||
|
- fipscheck
|
||||||
|
- gawk
|
||||||
|
- gcc-c++
|
||||||
|
- libgcrypt
|
||||||
|
- libgpg-error-devel
|
||||||
|
- libselinux-utils
|
||||||
|
- libtool
|
||||||
|
- nfs-utils
|
||||||
|
- pkgconfig
|
||||||
|
- rpm-build
|
||||||
|
- texinfo
|
||||||
|
- wget
|
||||||
|
tests:
|
||||||
|
- fipscheck-smoke-test
|
Loading…
Reference in New Issue
Block a user