From 0a6250d3315138a67de558b9156f999ee987d951 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
Date: Fri, 24 Apr 2020 10:50:47 +0200
Subject: [PATCH] Move fipscheck hmac checksums to %%{_libdir}/fipscheck

---
 libxcrypt.spec | 104 ++++++++++++++++++++++++++++++++++---------------
 1 file changed, 72 insertions(+), 32 deletions(-)

diff --git a/libxcrypt.spec b/libxcrypt.spec
index 5d85ff4..8dfa17f 100644
--- a/libxcrypt.spec
+++ b/libxcrypt.spec
@@ -120,32 +120,44 @@
   --with-pkgconfigdir=%{_libdir}/pkgconfig
 
 
+# Macros for shorthand.
+%global _fipsdir %{_libdir}/fipscheck
+
+
 # Add generation of HMAC checksums of the final stripped
 # binaries.  %%define with lazy globbing is used here
 # intentionally, because using %%global does not work.
-%define __spec_install_post                           \
-%{?__debug_package:%{__debug_install_post}}           \
-%{__arch_install_post}                                \
-%{__os_install_post}                                  \
-fipshmac %{buildroot}%{_libdir}/libcrypt.so.%{sov}    \
-ln -s .libcrypt.so.%{sov}.hmac                        \\\
-  %{buildroot}%{_libdir}/.libcrypt.so.%{soc}.hmac     \
-if [[ %{with staticlib} == 1 ]]; then                 \
-  fipshmac %{buildroot}%{_libdir}/libcrypt.a          \
-  ln -s .libcrypt.a.hmac                              \\\
-    %{buildroot}%{_libdir}/.libxcrypt.a.hmac          \
-fi                                                    \
-if [[ %{with compat_pkg} == 1 ]]; then                \
-  fipshmac %{buildroot}%{_libdir}/libcrypt.so.%{csov} \
-  ln -s .libcrypt.so.%{csov}.hmac                     \\\
-    %{buildroot}%{_libdir}/.libcrypt.so.%{csoc}.hmac  \
-fi                                                    \
+%define __spec_install_post                 \
+%{?__debug_package:%{__debug_install_post}} \
+%{__arch_install_post}                      \
+%{__os_install_post}                        \
+libdir="%{buildroot}%{_libdir}"             \
+fipsdir="$libdir/fipscheck"                 \
+mkdir -p $fipsdir                           \
+fipshmac -d $fipsdir                        \\\
+  $libdir/libcrypt.so.%{sov}                \
+ln -s libcrypt.so.%{sov}.hmac               \\\
+  $fipsdir/libcrypt.so.%{soc}.hmac          \
+if [[ %{with staticlib} == 1 ]]; then       \
+  fipshmac -d $fipsdir                      \\\
+    $libdir/libcrypt.a                      \
+  if [[ %{without new_api} == 1 ]]; then    \
+    ln -s .libcrypt.a.hmac                  \\\
+      $fipsdir/libxcrypt.a.hmac             \
+  fi                                        \
+fi                                          \
+if [[ %{with compat_pkg} == 1 ]]; then      \
+  fipshmac -d $fipsdir                      \\\
+    $libdir/libcrypt.so.%{csov}             \
+  ln -s libcrypt.so.%{csov}.hmac            \\\
+    $fipsdir/libcrypt.so.%{csoc}.hmac       \
+fi                                          \
 %{nil}
 
 
 Name:           libxcrypt
 Version:        4.4.16
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Extended crypt library for descrypt, md5crypt, bcrypt, and others
 
 # For explicit license breakdown, see the
@@ -415,6 +427,7 @@ done
 
 
 %files
+%dir %{_fipsdir}
 %doc %dir %{_pkgdocdir}
 %doc %{_pkgdocdir}/NEWS
 %doc %{_pkgdocdir}/README
@@ -426,42 +439,69 @@ done
 %endif
 %doc %{_pkgdocdir}/THANKS
 %license AUTHORS COPYING.LIB LICENSING
-%{_libdir}/.libcrypt.so.{%{soc},%{sov}}.hmac
-%{_libdir}/libcrypt.so.{%{soc},%{sov}}
-%{_mandir}/man5/crypt.5.*
+%{_fipsdir}/libcrypt.so.%{soc}.hmac
+%{_fipsdir}/libcrypt.so.%{sov}.hmac
+%{_libdir}/libcrypt.so.%{soc}
+%{_libdir}/libcrypt.so.%{sov}
+%{_mandir}/man5/crypt.5*
 
 
 %if %{with compat_pkg}
 %files          compat
+%dir %{_fipsdir}
 %if %{with enosys_stubs}
 %doc %{_pkgdocdir}/README.posix
 %endif
-%{_libdir}/.libcrypt.so.{%{csoc},%{csov}}.hmac
-%{_libdir}/libcrypt.so.{%{csoc},%{csov}}
+%{_fipsdir}/libcrypt.so.%{csoc}.hmac
+%{_fipsdir}/libcrypt.so.%{csov}.hmac
+%{_libdir}/libcrypt.so.%{csoc}
+%{_libdir}/libcrypt.so.%{csov}
 %endif
 
 
 %files          devel
 %doc %{_pkgdocdir}/ChangeLog
 %doc %{_pkgdocdir}/TODO
-%{_libdir}/lib{,x}crypt.so
-%{_includedir}/{,x}crypt.h
-%{_libdir}/pkgconfig/{libcrypt,%{name}}.pc
-%{_mandir}/man3/crypt{,_r,_ra,_rn}.3.*
-%{_mandir}/man3/crypt_checksalt.3.*
-%{_mandir}/man3/crypt_gensalt{,_ra,_rn}.3.*
-%{_mandir}/man3/crypt_preferred_method.3.*
+%{_libdir}/libcrypt.so
+%if %{without new_api}
+%{_libdir}/libxcrypt.so
+%endif
+%{_includedir}/crypt.h
+%if %{without new_api}
+%{_includedir}/xcrypt.h
+%endif
+%{_libdir}/pkgconfig/libcrypt.pc
+%{_libdir}/pkgconfig/%{name}.pc
+%{_mandir}/man3/crypt.3*
+%{_mandir}/man3/crypt_r.3*
+%{_mandir}/man3/crypt_ra.3*
+%{_mandir}/man3/crypt_rn.3*
+%{_mandir}/man3/crypt_checksalt.3*
+%{_mandir}/man3/crypt_gensalt.3*
+%{_mandir}/man3/crypt_gensalt_ra.3*
+%{_mandir}/man3/crypt_gensalt_rn.3*
+%{_mandir}/man3/crypt_preferred_method.3*
 
 
 %if %{with staticlib}
 %files          static
+%dir %{_fipsdir}
 %doc %{_pkgdocdir}/README.static
-%{_libdir}/.lib{,x}crypt.a.hmac
-%{_libdir}/lib{,x}crypt.a
+%{_fipsdir}/libcrypt.a.hmac
+%if %{without new_api}
+%{_fipsdir}/libxcrypt.a.hmac
+%endif
+%{_libdir}/libcrypt.a
+%if %{without new_api}
+%{_libdir}/libxcrypt.a
+%endif
 %endif
 
 
 %changelog
+* Fri Apr 24 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.16-2
+- Move fipscheck hmac checksums to %%{_libdir}/fipscheck
+
 * Sat Apr 04 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.16-1
 - New upstream release