Split "fips" bcond into "fipshmac" and "bundle_gmp"
Related: RHEL-39951 Signed-off-by: Daiki Ueno <dueno@redhat.com>
This commit is contained in:
Daiki Ueno
parent
c826d23e28
commit
c88b4d7a62
29
nettle.spec
29
nettle.spec
@ -11,10 +11,17 @@
|
||||
%global hogweed_so_ver_old 5
|
||||
%endif
|
||||
|
||||
# RHEL 9 and later include nettle in the gnutls module boundary,
|
||||
# and HMAC is calculated there with its own tool.
|
||||
%if %{defined rhel} && 0%{?rhel} < 9
|
||||
%bcond_without fips
|
||||
%if %{defined rhel}
|
||||
# * RHEL 9 and later include nettle in the gnutls module boundary,
|
||||
# and HMAC is calculated there with its own tool.
|
||||
# * RHEL 9 and later statically links to gmp to ensure zeroization of CSP.
|
||||
%if 0%{?rhel} < 9
|
||||
%bcond_without fipshmac
|
||||
%bcond_with bundle_gmp
|
||||
%else
|
||||
%bcond_with fipshmac
|
||||
%bcond_without bundle_gmp
|
||||
%endif
|
||||
%endif
|
||||
|
||||
Name: nettle
|
||||
@ -39,12 +46,12 @@ Source102: gmp-6.2.1-zeroize-allocator.patch
|
||||
|
||||
BuildRequires: make
|
||||
BuildRequires: gcc
|
||||
%if !%{with fips}
|
||||
%if !%{with bundle_gmp}
|
||||
BuildRequires: gmp-devel
|
||||
%endif
|
||||
BuildRequires: m4
|
||||
BuildRequires: libtool, automake, autoconf, gettext-devel
|
||||
%if %{with fips}
|
||||
%if %{with fipshmac}
|
||||
BuildRequires: fipscheck
|
||||
%endif
|
||||
|
||||
@ -70,7 +77,7 @@ applications with nettle.
|
||||
%prep
|
||||
%autosetup -Tb 0 -p1
|
||||
|
||||
%if %{with fips}
|
||||
%if %{with bundle_gmp}
|
||||
mkdir -p bundled_gmp
|
||||
pushd bundled_gmp
|
||||
tar --strip-components=1 -xf %{SOURCE100}
|
||||
@ -101,7 +108,7 @@ sed 's/ecc-secp192r1.c//g' -i Makefile.in
|
||||
sed 's/ecc-secp224r1.c//g' -i Makefile.in
|
||||
|
||||
%build
|
||||
%if %{with fips}
|
||||
%if %{with bundle_gmp}
|
||||
pushd bundled_gmp
|
||||
autoreconf -ifv
|
||||
%configure --disable-cxx --disable-shared --enable-fat --with-pic
|
||||
@ -113,7 +120,7 @@ autoreconf -ifv
|
||||
# For annocheck
|
||||
export ASM_FLAGS="-Wa,--generate-missing-build-notes=yes"
|
||||
%configure --enable-shared --enable-fat \
|
||||
%if %{with fips}
|
||||
%if %{with bundle_gmp}
|
||||
--with-include-path=$PWD/bundled_gmp --with-lib-path=$PWD/bundled_gmp/.libs \
|
||||
%endif
|
||||
%{nil}
|
||||
@ -127,7 +134,7 @@ autoconf
|
||||
popd
|
||||
%endif
|
||||
|
||||
%if %{with fips}
|
||||
%if %{with fipshmac}
|
||||
%define fipshmac() \
|
||||
fipshmac -d $RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libdir}/%1.* \
|
||||
file=`basename $RPM_BUILD_ROOT%{_libdir}/%1.*.hmac` && \
|
||||
@ -191,7 +198,7 @@ make check
|
||||
%{_libdir}/libhogweed.so.%{hogweed_so_ver_old}
|
||||
%{_libdir}/libhogweed.so.%{hogweed_so_ver_old}.*
|
||||
%endif
|
||||
%if %{with fips}
|
||||
%if %{with fipshmac}
|
||||
%{_libdir}/.libhogweed.so.*.hmac
|
||||
%{_libdir}/.libnettle.so.*.hmac
|
||||
%endif
|
||||
|
||||
Loading…
Reference in New Issue
Block a user