rpms/nettle
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Split "fips" bcond into "fipshmac" and "bundle_gmp"

Browse Source 
Related: RHEL-39951
Signed-off-by: Daiki Ueno <dueno@redhat.com>
This commit is contained in:
Daiki Ueno 2024-06-20 09:24:22 +09:00
parent c826d23e28
commit c88b4d7a62
1 changed files with 18 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
nettle.spec
View File

@ -11,10 +11,17 @@
%global hogweed_so_ver_old 5 %global hogweed_so_ver_old 5
%endif %endif
# RHEL 9 and later include nettle in the gnutls module boundary, %if %{defined rhel}
# and HMAC is calculated there with its own tool. # * RHEL 9 and later include nettle in the gnutls module boundary,
%if %{defined rhel} && 0%{?rhel} < 9 # and HMAC is calculated there with its own tool.
%bcond_without fips # * RHEL 9 and later statically links to gmp to ensure zeroization of CSP.
%if 0%{?rhel} < 9
%bcond_without fipshmac
%bcond_with bundle_gmp
%else
%bcond_with fipshmac
%bcond_without bundle_gmp
%endif
%endif %endif
Name: nettle Name: nettle
@ -39,12 +46,12 @@ Source102: gmp-6.2.1-zeroize-allocator.patch
BuildRequires: make BuildRequires: make
BuildRequires: gcc BuildRequires: gcc
%if !%{with fips} %if !%{with bundle_gmp}
BuildRequires: gmp-devel BuildRequires: gmp-devel
%endif %endif
BuildRequires: m4 BuildRequires: m4
BuildRequires: libtool, automake, autoconf, gettext-devel BuildRequires: libtool, automake, autoconf, gettext-devel
%if %{with fips} %if %{with fipshmac}
BuildRequires: fipscheck BuildRequires: fipscheck
%endif %endif
@ -70,7 +77,7 @@ applications with nettle.
%prep %prep
%autosetup -Tb 0 -p1 %autosetup -Tb 0 -p1
%if %{with fips} %if %{with bundle_gmp}
mkdir -p bundled_gmp mkdir -p bundled_gmp
pushd bundled_gmp pushd bundled_gmp
tar --strip-components=1 -xf %{SOURCE100} tar --strip-components=1 -xf %{SOURCE100}
@ -101,7 +108,7 @@ sed 's/ecc-secp192r1.c//g' -i Makefile.in
sed 's/ecc-secp224r1.c//g' -i Makefile.in sed 's/ecc-secp224r1.c//g' -i Makefile.in
%build %build
%if %{with fips} %if %{with bundle_gmp}
pushd bundled_gmp pushd bundled_gmp
autoreconf -ifv autoreconf -ifv
%configure --disable-cxx --disable-shared --enable-fat --with-pic %configure --disable-cxx --disable-shared --enable-fat --with-pic
@ -113,7 +120,7 @@ autoreconf -ifv
# For annocheck # For annocheck
export ASM_FLAGS="-Wa,--generate-missing-build-notes=yes" export ASM_FLAGS="-Wa,--generate-missing-build-notes=yes"
%configure --enable-shared --enable-fat \ %configure --enable-shared --enable-fat \
%if %{with fips} %if %{with bundle_gmp}
--with-include-path=$PWD/bundled_gmp --with-lib-path=$PWD/bundled_gmp/.libs \ --with-include-path=$PWD/bundled_gmp --with-lib-path=$PWD/bundled_gmp/.libs \
%endif %endif
%{nil} %{nil}
@ -127,7 +134,7 @@ autoconf
popd popd
%endif %endif
%if %{with fips} %if %{with fipshmac}
%define fipshmac() \ %define fipshmac() \
fipshmac -d $RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libdir}/%1.* \ fipshmac -d $RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libdir}/%1.* \
file=`basename $RPM_BUILD_ROOT%{_libdir}/%1.*.hmac` && \ file=`basename $RPM_BUILD_ROOT%{_libdir}/%1.*.hmac` && \
@ -191,7 +198,7 @@ make check
%{_libdir}/libhogweed.so.%{hogweed_so_ver_old} %{_libdir}/libhogweed.so.%{hogweed_so_ver_old}
%{_libdir}/libhogweed.so.%{hogweed_so_ver_old}.* %{_libdir}/libhogweed.so.%{hogweed_so_ver_old}.*
%endif %endif
%if %{with fips} %if %{with fipshmac}
%{_libdir}/.libhogweed.so.*.hmac %{_libdir}/.libhogweed.so.*.hmac
%{_libdir}/.libnettle.so.*.hmac %{_libdir}/.libnettle.so.*.hmac
%endif %endif