From e7fc48b9eb591919cfc4acc75e2ac80e7dc6b1e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= Date: Tue, 16 Jan 2018 18:47:27 +0100 Subject: [PATCH] Initial import (rhbz#1533929) --- .gitignore | 1 + ...1.0.3-Makefile_absolute_path_docproc.patch | 23 + ...1.0.3-Makefile_pdftex_custom_homedir.patch | 32 ++ libkcapi-1.0.3-autotools_full_path.patch | 197 ++++++++ ...capi-1.0.3-hasher_test_hmaccalc_path.patch | 29 ++ libkcapi-1.0.3-libtool_pic_pie.patch | 199 ++++++++ ...est_invocation_fix_bash_coding_error.patch | 23 + libkcapi-1.0.3.tar.xz.asc | 16 + libkcapi.spec | 435 ++++++++++++++++++ sources | 1 + 10 files changed, 956 insertions(+) create mode 100644 .gitignore create mode 100644 libkcapi-1.0.3-Makefile_absolute_path_docproc.patch create mode 100644 libkcapi-1.0.3-Makefile_pdftex_custom_homedir.patch create mode 100644 libkcapi-1.0.3-autotools_full_path.patch create mode 100644 libkcapi-1.0.3-hasher_test_hmaccalc_path.patch create mode 100644 libkcapi-1.0.3-libtool_pic_pie.patch create mode 100644 libkcapi-1.0.3-test_invocation_fix_bash_coding_error.patch create mode 100644 libkcapi-1.0.3.tar.xz.asc create mode 100644 libkcapi.spec create mode 100644 sources diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..7ab9515 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/libkcapi-1.0.3.tar.xz diff --git a/libkcapi-1.0.3-Makefile_absolute_path_docproc.patch b/libkcapi-1.0.3-Makefile_absolute_path_docproc.patch new file mode 100644 index 0000000..f80a027 --- /dev/null +++ b/libkcapi-1.0.3-Makefile_absolute_path_docproc.patch @@ -0,0 +1,23 @@ +From ee348492dfdd2df1d7e1c431d106dfe11edfcd86 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= +Date: Fri, 12 Jan 2018 22:47:44 +0100 +Subject: [PATCH] Makefile: Use absolute path to built docproc + +Signed-off-by: Stephan Mueller +--- + Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile.am b/Makefile.am +index f1caf3e..0a867d5 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -196,7 +196,7 @@ TEMPFILE := $(shell mktemp) + + %.xml: %.tmpl lib/doc/bin/docproc$(EXEEXT) + $(SED) "s/@@LIBVERSION@@/$(VERSION)/" < $< > $(TEMPFILE) +- LIBVERSION=$(VERSION) SRCTREE=lib/ ./lib/doc/bin/docproc$(EXEEXT) doc $(TEMPFILE) > $@ ++ LIBVERSION=$(VERSION) SRCTREE=lib/ $(abs_top_builddir)/lib/doc/bin/docproc$(EXEEXT) doc $(TEMPFILE) > $@ + rm $(TEMPFILE) + + if HAVE_DB2PDF diff --git a/libkcapi-1.0.3-Makefile_pdftex_custom_homedir.patch b/libkcapi-1.0.3-Makefile_pdftex_custom_homedir.patch new file mode 100644 index 0000000..7e812cb --- /dev/null +++ b/libkcapi-1.0.3-Makefile_pdftex_custom_homedir.patch @@ -0,0 +1,32 @@ +From 176c6e3d47ff63a6f51b92a05ce19857099ba74a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= +Date: Fri, 12 Jan 2018 22:48:27 +0100 +Subject: [PATCH] Makefile: Use seperate homedirs for pdf and ps generation + +Signed-off-by: Stephan Mueller +--- + Makefile.am | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index 0a867d5..cc4d123 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -205,7 +205,7 @@ DOC_TARGETS += pdf + pdf: pdf-stamp + pdf-stamp: lib/doc/libkcapi.xml + $(MKDIR_P) doc/pdf +- db2pdf -o doc/pdf $< ++ HOME=$(abs_top_builddir)/doc/pdf db2pdf -o doc/pdf $< + mv doc/pdf/*.pdf doc + rm -r doc/pdf + touch $@ +@@ -217,7 +217,7 @@ DOC_TARGETS += ps + ps: ps-stamp + ps-stamp: lib/doc/libkcapi.xml + $(MKDIR_P) doc/ps +- db2ps -o doc/ps $< ++ HOME=$(abs_top_builddir)/doc/ps db2ps -o doc/ps $< + mv doc/ps/*.ps doc + rm -r doc/ps + touch $@ diff --git a/libkcapi-1.0.3-autotools_full_path.patch b/libkcapi-1.0.3-autotools_full_path.patch new file mode 100644 index 0000000..383e21d --- /dev/null +++ b/libkcapi-1.0.3-autotools_full_path.patch @@ -0,0 +1,197 @@ +From b9bced05dae319c6a00c2adce8953d468404a95c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= +Date: Sat, 13 Jan 2018 14:22:42 +0100 +Subject: [PATCH] autotools: Use full path for external programs + +Signed-off-by: Stephan Mueller +--- + Makefile.am | 68 +++++++++++++++++++++++++++++++++--------------------------- + configure.ac | 35 ++++++++++++++++++------------- + 2 files changed, 58 insertions(+), 45 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index 66464e1..cbb1302 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -144,8 +144,11 @@ kcapi_hasher_links = sha1sum sha224sum sha256sum sha384sum sha512sum \ + + install-exec-hook: + (cd $(DESTDIR)$(bindir) && \ +- ($(foreach link, $(kcapi_hasher_links), ln -f kcapi-hasher $(link);)) && \ +- ($(foreach link, $(kcapi_hasher_links), openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $(link) > .$(link).hmac;))) ++ ($(foreach link, $(kcapi_hasher_links), $(LN) -f kcapi-hasher $(link);))) ++if HAVE_OPENSSL ++ (cd $(DESTDIR)$(bindir) && \ ++ ($(foreach link, $(kcapi_hasher_links), $(OPENSSL) sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $(link) > .$(link).hmac;))) ++endif + endif + + if ENABLE_KCAPI_RNGAPP +@@ -195,7 +198,7 @@ MOSTLYCLEANFILES = $(analyze_plists) + + $(analyze_plists): %.plist: %.c + @echo " CCSA " $@ +- @clang --analyze $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) -Ilib/ $< -o $@ ++ @$(CLANG) --analyze $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) -Ilib/ $< -o $@ + + scan: $(analyze_plists) + +@@ -204,16 +207,19 @@ endif + + if HAVE_CPPCHECK + cppcheck: +- cppcheck --enable=performance,warning,portability $(sort $(SCAN_FILES)) ++ $(CPPCHECK) --enable=performance,warning,portability $(sort $(SCAN_FILES)) + endif + + if HAVE_MKTEMP +-TEMPFILE := $(shell mktemp) ++DOCPROC_TEMP := $(shell $(MKTEMP)) ++else ++DOCPROC_TEMP := $(abs_top_builddir)/docproc.temp ++endif + + %.xml: %.tmpl lib/doc/bin/docproc$(EXEEXT) +- $(SED) "s/@@LIBVERSION@@/$(VERSION)/" < $< > $(TEMPFILE) +- LIBVERSION=$(VERSION) SRCTREE=lib/ $(abs_top_builddir)/lib/doc/bin/docproc$(EXEEXT) doc $(TEMPFILE) > $@ +- rm $(TEMPFILE) ++ $(SED) "s/@@LIBVERSION@@/$(VERSION)/" < $< > $(DOCPROC_TEMP) ++ LIBVERSION=$(VERSION) SRCTREE=lib/ $(abs_top_builddir)/lib/doc/bin/docproc$(EXEEXT) doc $(DOCPROC_TEMP) > $@ ++ -rm $(DOCPROC_TEMP) + + if HAVE_DB2PDF + DOC_TARGETS += pdf +@@ -221,10 +227,10 @@ DOC_TARGETS += pdf + pdf: pdf-stamp + pdf-stamp: lib/doc/libkcapi.xml + $(MKDIR_P) doc/pdf +- HOME=$(abs_top_builddir)/doc/pdf db2pdf -o doc/pdf $< +- mv doc/pdf/*.pdf doc +- rm -r doc/pdf +- touch $@ ++ HOME=$(abs_top_builddir)/doc/pdf $(DB2PDF) -o doc/pdf $< ++ $(MV) doc/pdf/*.pdf doc ++ -rm -r doc/pdf ++ $(TOUCH) $@ + endif + + if HAVE_DB2PS +@@ -233,10 +239,10 @@ DOC_TARGETS += ps + ps: ps-stamp + ps-stamp: lib/doc/libkcapi.xml + $(MKDIR_P) doc/ps +- HOME=$(abs_top_builddir)/doc/ps db2ps -o doc/ps $< +- mv doc/ps/*.ps doc +- rm -r doc/ps +- touch $@ ++ HOME=$(abs_top_builddir)/doc/ps $(DB2PS) -o doc/ps $< ++ $(MV) doc/ps/*.ps doc ++ -rm -r doc/ps ++ $(TOUCH) $@ + endif + + if HAVE_XMLTO +@@ -245,36 +251,36 @@ DOC_TARGETS += html + html: html-stamp + html-stamp: lib/doc/libkcapi.xml + $(MKDIR_P) lib/doc/html +- xmlto html -m lib/doc/stylesheet.xsl --skip-validation -o lib/doc/html/ $< 2>/dev/null +- touch $@ ++ $(XMLTO) html -m lib/doc/stylesheet.xsl --skip-validation -o lib/doc/html/ $< 2>/dev/null ++ $(TOUCH) $@ + + DOC_TARGETS += man + + man: man-stamp + man-stamp: lib/doc/libkcapi.xml + $(MKDIR_P) lib/doc/man +- xmlto man -m lib/doc/stylesheet.xsl --skip-validation -o lib/doc/man/ $< 2>/dev/null +- touch $@ ++ $(XMLTO) man -m lib/doc/stylesheet.xsl --skip-validation -o lib/doc/man/ $< 2>/dev/null ++ $(TOUCH) $@ + + devel_manpages = lib/doc/man/*.3 + man_MANS += $(devel_manpages) + + $(devel_manpages): man + endif +-endif + + doc: $(sort $(DOC_TARGETS)) + + clean-local: +- rm -f *-stamp +- rm -f lib/doc/*.xml +- rm -f lib/doc/*.pdf +- rm -f lib/doc/*.ps +- rm -rf lib/doc/man/ +- rm -rf lib/doc/html/ +- rm -rf doc/ +- rm -rf bin/ ++ -rm -f $(DOCPROC_TEMP) ++ -rm -f *-stamp ++ -rm -f lib/doc/*.xml ++ -rm -f lib/doc/*.pdf ++ -rm -f lib/doc/*.ps ++ -rm -rf lib/doc/man/ ++ -rm -rf lib/doc/html/ ++ -rm -rf doc/ ++ -rm -rf bin/ + + distclean-local: +- rm -f lib/doc/Makefile* +- rm -rf autom4te.cache/ ++ -rm -f lib/doc/Makefile* ++ -rm -rf autom4te.cache/ +diff --git a/configure.ac b/configure.ac +index f3a2c97..6555c26 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -27,26 +27,33 @@ AC_CONFIG_MACRO_DIR([m4]) + AX_PROG_CC_FOR_BUILD + AX_CHECK_PIE + +-AC_CHECK_PROG([CLANG], [clang], [yes]) +-AC_CHECK_PROG([CPPCHECK], [cppcheck], [yes]) +-AC_CHECK_PROG([XMLTO], [xmlto], [yes]) +-AC_CHECK_PROG([DB2PDF], [db2pdf], [yes]) +-AC_CHECK_PROG([DB2PS], [db2ps], [yes]) +-AC_CHECK_PROG([MKTEMP], [mktemp], [yes]) ++AC_PATH_PROG([OPENSSL], [openssl]) ++AC_PATH_PROG([CLANG], [clang]) ++AC_PATH_PROG([CPPCHECK], [cppcheck]) ++AC_PATH_PROG([XMLTO], [xmlto]) ++AC_PATH_PROG([DB2PDF], [db2pdf]) ++AC_PATH_PROG([DB2PS], [db2ps]) ++AC_PATH_PROG([MKTEMP], [mktemp]) + + AC_SEARCH_LIBS(clock_gettime,rt) + AC_PROG_MKDIR_P + AC_PROG_SED + AC_PROG_INSTALL + AC_PROG_LN_S +- +-AM_CONDITIONAL([HAVE_CLANG], [test "x$CLANG" = "xyes" ]) +-AM_CONDITIONAL([HAVE_CPPCHECK], [test "x$CPPCHECK" = "xyes"]) +-AM_CONDITIONAL([HAVE_XMLTO], [test "x$XMLTO" = "xyes"]) +-AM_CONDITIONAL([HAVE_DB2PDF], [test "x$DB2PDF" = "xyes"]) +-AM_CONDITIONAL([HAVE_DB2PS], [test "x$DB2PS" = "xyes"]) +-AM_CONDITIONAL([HAVE_MKTEMP], [test "x$MKTEMP" = "xyes"]) +- ++AC_PATH_PROG([CP], [cp]) ++AC_PATH_PROG([LN], [ln]) ++AC_PATH_PROG([MV], [mv]) ++AC_PATH_PROG([TOUCH], [touch]) ++ ++AM_CONDITIONAL([HAVE_OPENSSL], [test "x$OPENSSL" != "x"]) ++AM_CONDITIONAL([HAVE_CLANG], [test "x$CLANG" != "x"]) ++AM_CONDITIONAL([HAVE_CPPCHECK], [test "x$CPPCHECK" != "x"]) ++AM_CONDITIONAL([HAVE_XMLTO], [test "x$XMLTO" != "x"]) ++AM_CONDITIONAL([HAVE_DB2PDF], [test "x$DB2PDF" != "x"]) ++AM_CONDITIONAL([HAVE_DB2PS], [test "x$DB2PS" != "x"]) ++AM_CONDITIONAL([HAVE_MKTEMP], [test "x$MKTEMP" != "x"]) ++ ++AM_COND_IF([HAVE_OPENSSL], [], [AC_MSG_WARN([openssl not installed])]) + AM_COND_IF([HAVE_CLANG], [], [AC_MSG_WARN([clang not installed])]) + AM_COND_IF([HAVE_CPPCHECK], [], [AC_MSG_WARN([cppcheck not installed])]) + AM_COND_IF([HAVE_XMLTO], [], [AC_MSG_WARN([xmlto not installed])]) diff --git a/libkcapi-1.0.3-hasher_test_hmaccalc_path.patch b/libkcapi-1.0.3-hasher_test_hmaccalc_path.patch new file mode 100644 index 0000000..2622a6e --- /dev/null +++ b/libkcapi-1.0.3-hasher_test_hmaccalc_path.patch @@ -0,0 +1,29 @@ +From ba147c9cce460c29076968c9e9e1a3828c0e9143 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= +Date: Sat, 13 Jan 2018 14:30:44 +0100 +Subject: [PATCH] hasher-test: Search for hmaccalc in full $PATH + +Signed-off-by: Stephan Mueller +--- + test/hasher-test.sh | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/test/hasher-test.sh b/test/hasher-test.sh +index f82182c..65b6da0 100755 +--- a/test/hasher-test.sh ++++ b/test/hasher-test.sh +@@ -99,10 +99,11 @@ do + hash=$(basename $i) + hash=${hash%%hmac} + hasher=$i +- i=$(basename $i) ++ t=$(basename $i) ++ i=$(command -v $t) + +- [ ! -x "/bin/$i" ] && { +- echo_deact "hmaccalc reference application /bin/$i missing" ++ [ -z "$i" ] && { ++ echo_deact "hmaccalc reference application $t missing" + continue + } + diff --git a/libkcapi-1.0.3-libtool_pic_pie.patch b/libkcapi-1.0.3-libtool_pic_pie.patch new file mode 100644 index 0000000..5874cf8 --- /dev/null +++ b/libkcapi-1.0.3-libtool_pic_pie.patch @@ -0,0 +1,199 @@ +From 63855e3e2414afbe232e5ea2e4bdfb03b786344a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= +Date: Sat, 13 Jan 2018 13:19:47 +0100 +Subject: [PATCH] autotools: Let libtool handle PIC/PIE flags + +Signed-off-by: Stephan Mueller +--- + Makefile.am | 34 +++++++++++++++++++++++++--------- + configure.ac | 5 +++-- + m4/ax_check_pie.m4 | 19 +++++++++++++++++++ + 3 files changed, 47 insertions(+), 11 deletions(-) + create mode 100644 m4/ax_check_pie.m4 + +diff --git a/Makefile.am b/Makefile.am +index cc4d123..66464e1 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -5,8 +5,15 @@ lib_LTLIBRARIES = libkcapi.la + COMMON_CPPFLAGS = -Wextra -Wall -pedantic -fwrapv --param ssp-buffer-size=4 -O2 -Werror -std=gnu99 + COMMON_LDFLAGS = -Wl,-z,relro,-z,now + ++libtool: $(LIBTOOL_DEPS) ++ $(SHELL) ./config.status libtool ++ + noinst_PROGRAMS = lib/doc/bin/docproc + ++EXTRA_lib_doc_bin_docproc_DEPENDENCIES = libtool ++ ++EXTRA_libkcapi_la_DEPENDENCIES = libtool ++ + libkcapi_la_SOURCES = lib/cryptouser.h \ + lib/internal.h \ + lib/kcapi.h \ +@@ -29,6 +36,7 @@ if DISABLE_LIB_MD + libkcapi_la_SOURCES += + else + libkcapi_la_SOURCES += lib/kcapi-md.c ++ + if DISABLE_LIB_KDF + libkcapi_la_SOURCES += + else +@@ -60,7 +68,7 @@ else + libkcapi_la_SOURCES += + endif + +-libkcapi_la_CPPFLAGS = $(COMMON_CPPFLAGS) -fPIC -fvisibility=hidden ++libkcapi_la_CPPFLAGS = $(COMMON_CPPFLAGS) -fvisibility=hidden + libkcapi_la_LDFLAGS = $(COMMON_LDFLAGS) -Wl,--version-script,$(top_srcdir)/lib/version.lds -version-number `echo $(VERSION) | sed 's/\./:/g'` + + SCAN_FILES = $(libkcapi_la_SOURCES) +@@ -72,28 +80,31 @@ bin_PROGRAMS = + if ENABLE_KCAPI_TEST + bin_PROGRAMS += bin/kcapi + +-bin_kcapi_CPPFLAGS = $(COMMON_CPPFLAGS) -Wno-overlength-strings -pie -fPIE -g -Ilib/ ++bin_kcapi_CPPFLAGS = $(COMMON_CPPFLAGS) -Wno-overlength-strings -g -Ilib/ + bin_kcapi_LDFLAGS = $(COMMON_LDFLAGS) + bin_kcapi_LDADD = libkcapi.la + bin_kcapi_SOURCES = test/kcapi-main.c ++EXTRA_bin_kcapi_DEPENDENCIES = libtool + + SCAN_FILES += $(bin_kcapi_SOURCES) + + bin_PROGRAMS += bin/kcapi-enc-test-large + +-bin_kcapi_enc_test_large_CPPFLAGS = $(COMMON_CPPFLAGS) -Wno-overlength-strings -pie -fPIE -g -Ilib/ ++bin_kcapi_enc_test_large_CPPFLAGS = $(COMMON_CPPFLAGS) -Wno-overlength-strings -g -Ilib/ + bin_kcapi_enc_test_large_LDFLAGS = $(COMMON_LDFLAGS) + bin_kcapi_enc_test_large_LDADD = libkcapi.la + bin_kcapi_enc_test_large_SOURCES = test/kcapi-enc-test-large.c ++EXTRA_bin_kcapi_enc_test_large_DEPENDENCIES = libtool + + SCAN_FILES += $(bin_kcapi_enc_test_large_SOURCES) + + bin_PROGRAMS += bin/kcapi-convenience + +-bin_kcapi_convenience_CPPFLAGS = $(COMMON_CPPFLAGS) -Wno-overlength-strings -pie -fPIE -g -Ilib/ ++bin_kcapi_convenience_CPPFLAGS = $(COMMON_CPPFLAGS) -Wno-overlength-strings -g -Ilib/ + bin_kcapi_convenience_LDFLAGS = $(COMMON_LDFLAGS) + bin_kcapi_convenience_LDADD = libkcapi.la + bin_kcapi_convenience_SOURCES = test/kcapi-convenience.c ++EXTRA_bin_kcapi_convenience_DEPENDENCIES = libtool + + SCAN_FILES += $(bin_kcapi_convenience_SOURCES) + endif +@@ -101,7 +112,7 @@ endif + if ENABLE_KCAPI_SPEED + bin_PROGRAMS += bin/kcapi-speed + +-bin_kcapi_speed_CPPFLAGS = $(COMMON_CPPFLAGS) -pie -fPIE -Wno-variadic-macros -Ilib/ ++bin_kcapi_speed_CPPFLAGS = $(COMMON_CPPFLAGS) -Wno-variadic-macros -Ilib/ + bin_kcapi_speed_LDFLAGS = $(COMMON_LDFLAGS) + bin_kcapi_speed_LDADD = libkcapi.la + bin_kcapi_speed_SOURCES = speed-test/cryptoperf.h \ +@@ -111,6 +122,7 @@ bin_kcapi_speed_SOURCES = speed-test/cryptoperf.h \ + speed-test/cryptoperf-main.c \ + speed-test/cryptoperf-rng.c \ + speed-test/cryptoperf-skcipher.c ++EXTRA_bin_kcapi_speed_DEPENDENCIES = libtool + + SCAN_FILES += $(bin_kcapi_speed_SOURCES) + endif +@@ -118,10 +130,11 @@ endif + if ENABLE_KCAPI_HASHER + bin_PROGRAMS += bin/kcapi-hasher + +-bin_kcapi_hasher_CPPFLAGS = $(COMMON_CPPFLAGS) -fPIC -Ilib/ ++bin_kcapi_hasher_CPPFLAGS = $(COMMON_CPPFLAGS) -Ilib/ + bin_kcapi_hasher_LDFLAGS = $(COMMON_LDFLAGS) -ldl + bin_kcapi_hasher_LDADD = libkcapi.la + bin_kcapi_hasher_SOURCES = apps/kcapi-hasher.c apps/app-internal.c ++EXTRA_bin_kcapi_hasher_DEPENDENCIES = libtool + + SCAN_FILES += $(bin_kcapi_hasher_SOURCES) + +@@ -138,10 +151,11 @@ endif + if ENABLE_KCAPI_RNGAPP + bin_PROGRAMS += bin/kcapi-rng + +-bin_kcapi_rng_CPPFLAGS = $(COMMON_CPPFLAGS) -pie -fPIE -Ilib/ ++bin_kcapi_rng_CPPFLAGS = $(COMMON_CPPFLAGS) -Ilib/ + bin_kcapi_rng_LDFLAGS = $(COMMON_LDFLAGS) + bin_kcapi_rng_LDADD = libkcapi.la + bin_kcapi_rng_SOURCES = apps/kcapi-rng.c apps/app-internal.c ++EXTRA_bin_kcapi_rng_DEPENDENCIES = libtool + + SCAN_FILES += $(bin_kcapi_rng_SOURCES) + man_MANS += apps/kcapi-rng.1 +@@ -150,10 +164,11 @@ endif + if ENABLE_KCAPI_ENCAPP + bin_PROGRAMS += bin/kcapi-enc + +-bin_kcapi_enc_CPPFLAGS = $(COMMON_CPPFLAGS) -pie -fPIE -Ilib/ ++bin_kcapi_enc_CPPFLAGS = $(COMMON_CPPFLAGS) -Ilib/ + bin_kcapi_enc_LDFLAGS = $(COMMON_LDFLAGS) + bin_kcapi_enc_LDADD = libkcapi.la + bin_kcapi_enc_SOURCES = apps/kcapi-enc.c apps/app-internal.c ++EXTRA_bin_kcapi_enc_DEPENDENCIES = libtool + + SCAN_FILES += $(bin_kcapi_enc_SOURCES) + man_MANS += apps/kcapi-enc.1 +@@ -162,10 +177,11 @@ endif + if ENABLE_KCAPI_DGSTAPP + bin_PROGRAMS += bin/kcapi-dgst + +-bin_kcapi_dgst_CPPFLAGS = $(COMMON_CPPFLAGS) -pie -fPIE -Ilib/ ++bin_kcapi_dgst_CPPFLAGS = $(COMMON_CPPFLAGS) -Ilib/ + bin_kcapi_dgst_LDFLAGS = $(COMMON_LDFLAGS) + bin_kcapi_dgst_LDADD = libkcapi.la + bin_kcapi_dgst_SOURCES = apps/kcapi-dgst.c apps/app-internal.c ++EXTRA_bin_kcapi_dgst_DEPENDENCIES = libtool + + SCAN_FILES += $(bin_kcapi_dgst_SOURCES) + man_MANS += apps/kcapi-dgst.1 +diff --git a/configure.ac b/configure.ac +index 245d059..f3a2c97 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -19,12 +19,13 @@ AC_DEFINE([KCAPI_MAJVERSION], [__KCAPI_MAJVERSION]) + AC_DEFINE([KCAPI_MINVERSION], [__KCAPI_MINVERSION]) + AC_DEFINE([KCAPI_PATCHLEVEL], [__KCAPI_PATCHLEVEL]) + AM_INIT_AUTOMAKE([foreign]) +-LT_INIT ++LT_INIT([pic-only]) ++AC_SUBST([LIBTOOL_DEPS]) + AC_PROG_CC + AC_CONFIG_FILES([Makefile]) +-AM_PROG_LIBTOOL + AC_CONFIG_MACRO_DIR([m4]) + AX_PROG_CC_FOR_BUILD ++AX_CHECK_PIE + + AC_CHECK_PROG([CLANG], [clang], [yes]) + AC_CHECK_PROG([CPPCHECK], [cppcheck], [yes]) +diff --git a/m4/ax_check_pie.m4 b/m4/ax_check_pie.m4 +new file mode 100644 +index 0000000..a149af8 +--- /dev/null ++++ b/m4/ax_check_pie.m4 +@@ -0,0 +1,19 @@ ++AC_DEFUN([AX_CHECK_PIE], [ ++ AC_ARG_ENABLE([pie], AS_HELP_STRING([--disable-pie], [Disable Position-Independent Executable]), [], [enable_pie=yes]) ++ AS_IF([test "x$enable_pie" = "xyes"], [ ++ AC_MSG_CHECKING([if $CC supports PIE]) ++ BAKLDFLAGS="$LDFLAGS" ++ BAKCFLAGS="$CFLAGS" ++ LDFLAGS="$LDFLAGS -pie" ++ CFLAGS="$CFLAGS -fpie -fPIE -DPIE" ++ AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], [ ++ if $CC $CFLAGS $LDFLAGS -o conftest conftest.c 2>&1 | grep "warning: no debug symbols in executable" >/dev/null; then ++ LDFLAGS="$BAKLDFLAGS" ++ AC_MSG_RESULT(no) ++ else ++ AC_MSG_RESULT(yes) ++ fi ++ rm -f conftest conftest.c conftest.o ++ ], [LDFLAGS="$BAKLDFLAGS" ; CFLAGS="$BAKCFLAGS" ; AC_MSG_RESULT(no)]) ++ ]) ++]) diff --git a/libkcapi-1.0.3-test_invocation_fix_bash_coding_error.patch b/libkcapi-1.0.3-test_invocation_fix_bash_coding_error.patch new file mode 100644 index 0000000..47d972f --- /dev/null +++ b/libkcapi-1.0.3-test_invocation_fix_bash_coding_error.patch @@ -0,0 +1,23 @@ +From bc7c26efe5ab5c7644fac421b2fb6b1b687c4d0e Mon Sep 17 00:00:00 2001 +From: Stephan Mueller +Date: Sat, 13 Jan 2018 23:33:24 +0100 +Subject: [PATCH] fix bash coding error + +Signed-off-by: Stephan Mueller +--- + test/test-invocation.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/test-invocation.sh b/test/test-invocation.sh +index 1da861b..d381330 100755 +--- a/test/test-invocation.sh ++++ b/test/test-invocation.sh +@@ -125,7 +125,7 @@ make distclean > /dev/null 2>&1 + + # if we are on 64 bit system, test 32 bit alternative mode, + # except is has been disabled explicitly. +-if [ $(uname -m | grep -q "x86_64") && -z "$NO_32BIT_TEST" ] ++if $(uname -m | grep -q "x86_64") && [ -z "$NO_32BIT_TEST" ] + then + LDFLAGS=-m32 CFLAGS=-m32 ./configure $COMPILE_OPTS + make diff --git a/libkcapi-1.0.3.tar.xz.asc b/libkcapi-1.0.3.tar.xz.asc new file mode 100644 index 0000000..910dd8e --- /dev/null +++ b/libkcapi-1.0.3.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEXw1EZZTSv2l3qYKK8CxjnYQ7XxEFAlpZK6wACgkQ8CxjnYQ7 +XxEwZQ/8D2P8+ulnSP76ECOkcRsJZ3MGcTJWwvXzjk7wiGJtowOeyhiTvf1snULR +NmAAAPufRMKNWPktfPJEQy1HujdNTICb6LFcF3iJxPLuRLUJEY5yRo6Y/SC0b3pD +CC6KDehuxjas5X+E6lvZnf2E0FU/oc5YGmGFI8Kt6yeN2Lk3E1BeUyBGnYOZLlPF +tPs49VNa5jMNnslmuVcngkNDTt7XdwfmALZX3rajZNaqOEvSn6SZqBQSqYrpQLww +d7+hWgX4HiJ5dBel0cRPsFMMJwlrWOVk0ZxT8nGBpzFq0WvEJLE/Hc0F6TvS921v +8gPoVkyiEFCiK9TrN95DsYGwCYLptz6kLHYwOCXYkrkusAPDi0ynuJMF3WcUGJr4 +XjiDdN1qTZvJKa86lVkd41lBHciwF/L2mGrlGtkVGempPmqFTeTaLPxz0AY8MroA +qficChHou9jU7qQSmAczVWXK53e4k9Ejq5Ks0CgsQAJdpB4O/orj6+hWwqpNmaSp +Lx9lKrTEOYiMpS/UgbcXfrm9O8rewywuJq88GdMa0xHSm1oS50kAhWizYQm9pYc2 +RviS0CgfGeGUFbQspoZA6AXiwHylSrJndgKml9qz5O+5ahrCk6uSYGcWBTWk/7Pl +IcyM0Avb+qWUCdOLwknocdiSUP8KPA3utiiufpH4EgLBquVMnHg= +=xov2 +-----END PGP SIGNATURE----- diff --git a/libkcapi.spec b/libkcapi.spec new file mode 100644 index 0000000..27e2067 --- /dev/null +++ b/libkcapi.spec @@ -0,0 +1,435 @@ +# Shared object version of libkcapi. +%global vmajor 1 +%global vminor 0 +%global vpatch 3 + +# Do we build the replacements package? +%bcond_with replacements + +# Priority for the sysctl.d preset. +%global sysctl_prio 50 + +# Value used for the sysctl.d preset. +%global sysctl_optmem_max 81920 + +# Lowest limit to run the testsuite. If we cannot obtain this +# value, we asume the testsuite cannot be run. +%global test_optmem_max %(%{__cat} /proc/sys/net/core/optmem_max || echo 0) + +# For picking patches from upstream commits or pull requests. +%global giturl https://github.com/smuellerDD/%{name} + +# Do we replace some coreutils? +%if %{with replacements} +%bcond_with replace_coreutils +%if %{with replace_coreutils} +# TODO: Adapt this when replacing some coreutils initially. +%global coreutils_evr 8.29-1 +%endif +%endif + +# Do we replace fipscheck? +%if %{with replacements} +%bcond_with replace_fipscheck +%if %{with replace_fipscheck} +# TODO: Adapt this when replacing fipscheck initially. +%global fipscheck_evr 1.5.0-3 +%endif +%endif + +# Do we replace hmaccalc? +%if %{with replacements} +%bcond_with replace_hmaccalc +%if %{with replace_hmaccalc} +# TODO: Adapt this when replacing hmaccalc initially. +%global hmaccalc_evr 0.9.14-8 +%endif +%endif + +# Add generation of HMAC checksums of the final stripped +# binaries. %%define with lazy globbing is used here +# intentionally, because using %%global does not work. +%define __spec_install_post \ +%{?__debug_package:%{__debug_install_post}} \ +%{__arch_install_post} \ +%{__os_install_post} \ +%{_bindir}/fipshmac %{buildroot}%{_bindir}/* \ +%{_sbindir}/hardlink -cfv %{buildroot}%{_bindir} \ +%{_bindir}/fipshmac %{buildroot}/%{_lib}/libkcapi.so.%{version} \ +%{__ln_s} .libkcapi.so.%{version}.hmac \\\ + %{buildroot}/%{_lib}/.libkcapi.so.%{vmajor}.hmac \ +%{nil} + + +Name: libkcapi +Version: %{vmajor}.%{vminor}.%{vpatch} +Release: 1%{?dist} +Summary: User space interface to the Linux Kernel Crypto API + +License: BSD or GPLv2 +URL: http://www.chronox.de/%{name}.html +Source0: http://www.chronox.de/%{name}/%{name}-%{version}.tar.xz +Source1: http://www.chronox.de/%{name}/%{name}-%{version}.tar.xz.asc + +Patch0: %{giturl}/commit/ee348492dfdd2df1d7e1c431d106dfe11edfcd86.patch#/%{name}-1.0.3-Makefile_absolute_path_docproc.patch +Patch1: %{giturl}/commit/176c6e3d47ff63a6f51b92a05ce19857099ba74a.patch#/%{name}-1.0.3-Makefile_pdftex_custom_homedir.patch +Patch2: %{giturl}/commit/63855e3e2414afbe232e5ea2e4bdfb03b786344a.patch#/%{name}-1.0.3-libtool_pic_pie.patch +Patch3: %{giturl}/commit/b9bced05dae319c6a00c2adce8953d468404a95c.patch#/%{name}-1.0.3-autotools_full_path.patch +Patch4: %{giturl}/commit/ba147c9cce460c29076968c9e9e1a3828c0e9143.patch#/%{name}-1.0.3-hasher_test_hmaccalc_path.patch +Patch5: %{giturl}/commit/bc7c26efe5ab5c7644fac421b2fb6b1b687c4d0e.patch#/%{name}-1.0.3-test_invocation_fix_bash_coding_error.patch + +BuildRequires: clang +BuildRequires: coreutils +BuildRequires: cppcheck +BuildRequires: docbook-utils-pdf +BuildRequires: fipscheck +BuildRequires: gcc +BuildRequires: hardlink +BuildRequires: hmaccalc +BuildRequires: libtool +BuildRequires: openssl +BuildRequires: systemd +BuildRequires: xmlto + +# For ownership of %%{_sysctldir}. +Requires: systemd + +%if !%{with replacements} +Obsoletes: %{name}-replacements%{?_isa} <= %{version}-%{release} +%endif + +%description +libkcapi allows user-space to access the Linux kernel crypto API. + +This library uses the netlink interface and exports easy to use APIs +so that a developer does not need to consider the low-level netlink +interface handling. + +The library does not implement any cipher algorithms. All consumer +requests are sent to the kernel for processing. Results from the +kernel crypto API are returned to the consumer via the library API. + +The kernel interface and therefore this library can be used by +unprivileged processes. + + +%package devel +Summary: Development files for the %{name} package +Requires: %{name}%{?_isa} == %{version}-%{release} + +%description devel +Header files for applications that use %{name}. + + +%package doc +Summary: User documentation for the %{name} package +BuildArch: noarch + +%description doc +User documentation for %{name}. + + +%if %{with replacements} +%package replacements +Summary: Drop-in replacements provided by the %{name} package +Requires: %{name}%{?_isa} == %{version}-%{release} + +%if %{with replace_coreutils} +Requires: coreutils%{?_isa} >= %{coreutils_evr} + +Conflicts: coreutils < %{coreutils_evr} +Conflicts: coreutils-single +%endif +%if %{with replace_fipscheck} +Obsoletes: fipscheck <= %{fipscheck_evr} + +Provides: fipscheck == %{fipscheck_evr}.1 +Provides: fipscheck%{?_isa} == %{fipscheck_evr}.1 +%endif +%if %{with replace_hmaccalc} +Obsoletes: hmaccalc <= %{hmaccalc_evr} + +Provides: hmaccalc == %{hmaccalc_evr}.1 +Provides: hmaccalc%{?_isa} == %{hmaccalc_evr}.1 +%endif + +%description replacements +Provides drop-in replacements for +%if %{with replace_fipscheck} + * fipscheck and fipshmac (fipscheck) +%endif +%if %{with replace_hmaccalc} + * sha*hmac (hmaccalc) +%endif +%if %{with replace_coreutils} + * sha*sum (coreutils) +%endif +tools using %{name}. +%endif + + +%package static +Summary: Static library for -static linking with %{name} +Requires: %{name}-devel%{?_isa} == %{version}-%{release} + +%description static +This package contains the %{name} static libraries for -static +linking. You don't need this, unless you link statically, which +is highly discouraged. + + +%package tools +Summary: Utility applications for the %{name} package +Requires: %{name}%{?_isa} == %{version}-%{release} + +%description tools +Utility applications that are provided with %{name}. This includes +tools to use message digests, symmetric ciphers and random number +generators implemented in the Linux kernel from command line. + + +%prep +%autosetup -p 1 + +%{__cat} << EOF > README.fedora +This package increases the default limit of the ancillary buffer size +per kernel socket defined in \`net.core.optmem_max\` to %{sysctl_optmem_max} bytes. + +For this preset to become active it requires a reboot after the +installation of this package. You can also manually increase this +limit by invocing \`sysctl net.core.optmem_max=%{sysctl_optmem_max}\` as the +super-user, e.g. using \`su\` or \`sudo\` on the terminal. + +This is done to provide consumers of the new Linux Kernel Crypto API +User Space Interface a well sufficient and reasonable maximum limit +by default, especially when using AIO with a larger amount of IOVECs. + +For further information about the AF_ALG kernel socket and AIO, see +the discussion at the kernel-crypto mailing-list: +https://www.mail-archive.com/linux-crypto@vger.kernel.org/msg30417.html + +See the instructions given in '%{_sysctldir}/50-default.conf', +if you need or want to override the preset made by this package. +EOF + +%{__cat} << EOF > %{sysctl_prio}-%{name}-optmem_max.conf +# See the 'README.fedora' file shipped in %%doc +# with the %{name} package. +# +# See '%{_sysctldir}/50-default.conf', +# if you need or want to override this preset. + +# Increase the ancillary buffer size per socket. +net.core.optmem_max = %{sysctl_optmem_max} +EOF + +%{_bindir}/autoreconf -fiv + + +%build +%configure \ + --libdir=/%{_lib} \ + --disable-silent-rules \ + --enable-kcapi-encapp \ + --enable-kcapi-dgstapp \ + --enable-kcapi-hasher \ + --enable-kcapi-rngapp \ + --enable-kcapi-speed \ + --enable-kcapi-test \ + --enable-shared \ + --enable-static \ + --with-pkgconfigdir=%{_libdir}/pkgconfig +%make_build all doc + + +%install +%make_install + +# Install sysctl.d preset. +%{__install} -Dpm 0644 -t %{buildroot}%{_sysctldir} \ + %{sysctl_prio}-%{name}-optmem_max.conf + +# Install into proper location for inclusion by %%doc. +%{__install} -Dpm 0644 -t %{buildroot}%{_pkgdocdir} \ + README.fedora README.md CHANGES TODO \ + doc/%{name}.p{df,s} +%{__cp} -pr lib/doc/html %{buildroot}%{_pkgdocdir} + +%if !%{with replacements} +%{__rm} -f \ + %{buildroot}%{_bindir}/fips* \ + %{buildroot}%{_bindir}/kcapi-hasher \ + %{buildroot}%{_bindir}/md5sum \ + %{buildroot}%{_bindir}/sha*hmac \ + %{buildroot}%{_bindir}/sha*sum +%endif + +# We don't ship autocrap dumplings. +%{_bindir}/find %{buildroot} -type f -name '*.la' -print -delete + +# HMAC checksums are generated during __spec_install_post. +%{_bindir}/find %{buildroot} -type f -name '*.hmac' -print -delete + +# Remove 0-size files. +%{_bindir}/find %{buildroot} -type f -size 0 -print -delete + +# Make sure all docs have non-exec permissions, except for the dirs. +%{_bindir}/find %{buildroot}%{_pkgdocdir} -type f -print | \ + %{_bindir}/xargs %{__chmod} -c 0644 +%{_bindir}/find %{buildroot}%{_pkgdocdir} -type d -print | \ + %{_bindir}/xargs %{__chmod} -c 0755 + +# Possibly save some space by hardlinking. +for d in %{_mandir} %{_pkgdocdir}; do + %{_sbindir}/hardlink -cfv %{buildroot}$d +done + + +%check +# Some basic sanity checks. +for t in cppcheck scan; do + %make_build $t +done + +# On some arches `/proc/sys/net/core/optmem_max` is lower than 20480, +# which is the lowest limit needed to run the testsuite. If that limit +# is not met, we do not run it. +%if %{test_optmem_max} >= 20480 +# Real testsuite. +pushd test +ENABLE_FUZZ_TEST=1 \ +NO_32BIT_TEST=1 \ + ./test-invocation.sh +popd +%endif + + +%post -p /sbin/ldconfig + + +%postun -p /sbin/ldconfig + + +%files +%doc %dir %{_pkgdocdir} +%doc %{_pkgdocdir}/README.fedora +%doc %{_pkgdocdir}/README.md +%license COPYING* +/%{_lib}/%{name}.so.%{vmajor} +/%{_lib}/%{name}.so.%{version} +/%{_lib}/.%{name}.so.%{vmajor}.hmac +/%{_lib}/.%{name}.so.%{version}.hmac +%{_sysctldir}/%{sysctl_prio}-%{name}-optmem_max.conf + + +%files devel +%doc %{_pkgdocdir}/CHANGES +%doc %{_pkgdocdir}/TODO +%{_includedir}/kcapi.h +%{_mandir}/man3/kcapi_*.3.* +/%{_lib}/%{name}.so +%{_libdir}/pkgconfig/%{name}.pc + + +%files doc +%doc %{_pkgdocdir} +%license %{_datadir}/licenses/%{name}* + + +%if %{with replacements} +%files replacements +%{_bindir}/kcapi-hasher +%{_bindir}/.kcapi-hasher.hmac +%if %{with replace_coreutils} +%{_bindir}/md5sum +%{_bindir}/.md5sum.hmac +%{_bindir}/sha*sum +%{_bindir}/.sha*sum.hmac +%else +%exclude %{_bindir}/md5sum +%exclude %{_bindir}/.md5sum.hmac +%exclude %{_bindir}/sha*sum +%exclude %{_bindir}/.sha*sum.hmac +%endif +%if %{with replace_fipscheck} +%{_bindir}/fips* +%{_bindir}/.fips*.hmac +%else +%exclude %{_bindir}/fips* +%exclude %{_bindir}/.fips*.hmac +%endif +%if %{with replace_hmaccalc} +%{_bindir}/sha*hmac +%{_bindir}/.sha*hmac.hmac +%else +%exclude %{_bindir}/sha*hmac +%exclude %{_bindir}/.sha*hmac.hmac +%endif +%endif + + +%files static +/%{_lib}/%{name}.a + + +%files tools +%if %{with replacements} +%exclude %{_bindir}/kcapi-hasher +%exclude %{_bindir}/.kcapi-hasher.hmac +%endif +%{_bindir}/kcapi* +%{_bindir}/.kcapi*.hmac +%{_mandir}/man1/kcapi*.1.* + + +%changelog +* Tue Jan 16 2018 Björn Esser - 1.0.3-1 +- Initial import (rhbz#1533929) + +* Tue Jan 16 2018 Björn Esser - 1.0.3-0.13 +- Increase optmem_max preset to 81920 + +* Tue Jan 16 2018 Björn Esser - 1.0.3-0.12 +- Add sysctl.d preset and README.fedora + +* Mon Jan 15 2018 Björn Esser - 1.0.3-0.11 +- Make the contents of the -replacements package configurable + +* Mon Jan 15 2018 Björn Esser - 1.0.3-0.10 +- Fix Obsoletes of the -replacements package + +* Sun Jan 14 2018 Björn Esser - 1.0.3-0.9 +- Disable the -replacements package until we have a plan for it + +* Sun Jan 14 2018 Björn Esser - 1.0.3-0.8 +- Move the kcapi-hasher binary to -replacements package, since it is + not of much use without the linked invocation names and saves the + extra Requires on the -tools package + +* Sun Jan 14 2018 Björn Esser - 1.0.3-0.7 +- Fix internal Requires of sub-packages +- Hardlink files in %%{_bindir} + +* Sun Jan 14 2018 Björn Esser - 1.0.3-0.6 +- Add patches from upstream + +* Sat Jan 13 2018 Björn Esser - 1.0.3-0.5 +- Add patches from upstream + +* Sat Jan 13 2018 Björn Esser - 1.0.3-0.4 +- Asume the testsuite cannot be run, if the value of optmem_max cannot + be obtained + +* Sat Jan 13 2018 Björn Esser - 1.0.3-0.3 +- Move libraries to /%%{_lib} instead of %%{_libdir}, which is useful + during boot when the library might be needed before a potentially + seperate /usr partition is mounted + +* Sat Jan 13 2018 Björn Esser - 1.0.3-0.2 +- Asume optmem_max is at least 20480, if the real value cannot be obtained + +* Fri Jan 12 2018 Björn Esser - 1.0.3-0.1 +- New upstream release + +* Wed Jan 10 2018 Björn Esser - 1.0.2-0.1 +- Initial rpm release (rhbz#1533929) diff --git a/sources b/sources new file mode 100644 index 0000000..b933792 --- /dev/null +++ b/sources @@ -0,0 +1 @@ +SHA512 (libkcapi-1.0.3.tar.xz) = 2fe6b4c4129be7c1a9fcfadeaeb7eb9c709bf129574c46014542547787e3b96aadf14a9a17ecadb58968e3e14731f44a9bd20ea47aa3bbc0a3a6327a24a92a65