Resolves: RHEL-42424 Signed-off-by: Daiki Ueno <dueno@redhat.com>
219 lines
6.0 KiB
219 lines
6.0 KiB
# Recent so-version, so we do not bump accidentally.
%global nettle_so_ver 8
%global hogweed_so_ver 6
# Set to 1 when building a bootstrap for a bumped so-name.
%global bootstrap 0
%if 0%{?bootstrap}
%global version_old 3.5.1
%global nettle_so_ver_old 7
%global hogweed_so_ver_old 5
%if %{defined rhel}
# * RHEL 9 and later include nettle in the gnutls module boundary,
# and HMAC is calculated there with its own tool.
# * RHEL 9 and later statically links to gmp to ensure zeroization of CSP.
%if 0%{?rhel} < 9
%bcond_without fipshmac
%bcond_with bundle_gmp
%bcond_with fipshmac
%bcond_without bundle_gmp
Name: nettle
Version: 3.10
Release: %{?autorelease}%{!?autorelease:1%{?dist}}
Summary: A low-level cryptographic library
License: LGPL-3.0-or-later OR GPL-2.0-or-later
URL: http://www.lysator.liu.se/~nisse/nettle/
Source0: %{name}-%{version}-hobbled.tar.xz
#Source0: http://www.lysator.liu.se/~nisse/archive/%%{name}-%%{version}.tar.gz
%if 0%{?bootstrap}
Source1: %{name}-%{version_old}-hobbled.tar.xz
Source2: nettle-3.5-remove-ecc-testsuite.patch
Patch: nettle-3.8-zeroize-stack.patch
Source100: gmp-6.2.1.tar.xz
# Taken from the main gmp package
Source101: gmp-6.2.1-intel-cet.patch
Source102: gmp-6.2.1-zeroize-allocator.patch
BuildRequires: make
BuildRequires: gcc
%if !%{with bundle_gmp}
BuildRequires: gmp-devel
BuildRequires: m4
BuildRequires: libtool, automake, autoconf, gettext-devel
%if %{with fipshmac}
BuildRequires: fipscheck
%package devel
Summary: Development headers for a low-level cryptographic library
Requires: %{name} = %{version}-%{release}
Requires: gmp-devel%{?_isa}
Nettle is a cryptographic library that is designed to fit easily in more
or less any context: In crypto toolkits for object-oriented languages
(C++, Python, Pike, ...), in applications like LSH or GNUPG, or even in
kernel space.
%description devel
Nettle is a cryptographic library that is designed to fit easily in more
or less any context: In crypto toolkits for object-oriented languages
(C++, Python, Pike, ...), in applications like LSH or GNUPG, or even in
kernel space. This package contains the files needed for developing
applications with nettle.
%autosetup -Tb 0 -p1
%if %{with bundle_gmp}
mkdir -p bundled_gmp
pushd bundled_gmp
tar --strip-components=1 -xf %{SOURCE100}
patch -p1 < %{SOURCE101}
patch -p1 < %{SOURCE102}
# Prevent -lgmp appearing in the compiler command line in dependent components
sed -i '/^Libs.private:/d' hogweed.pc.in
%if 0%{?bootstrap}
mkdir -p bootstrap_ver
pushd bootstrap_ver
tar --strip-components=1 -xf %{SOURCE1}
patch -p1 < %{SOURCE2}
# Disable -ggdb3 which makes debugedit unhappy
sed s/ggdb3/g/ -i configure
sed 's/ecc-192.c//g' -i Makefile.in
sed 's/ecc-224.c//g' -i Makefile.in
# Disable -ggdb3 which makes debugedit unhappy
sed s/ggdb3/g/ -i configure
sed 's/ecc-secp192r1.c//g' -i Makefile.in
sed 's/ecc-secp224r1.c//g' -i Makefile.in
%if %{with bundle_gmp}
pushd bundled_gmp
autoreconf -ifv
%configure --disable-cxx --disable-shared --enable-fat --with-pic
autoreconf -ifv
# For annocheck
export ASM_FLAGS="-Wa,--generate-missing-build-notes=yes"
%configure --enable-shared --enable-fat \
%if %{with bundle_gmp}
--with-include-path=$PWD/bundled_gmp --with-lib-path=$PWD/bundled_gmp/.libs \
%if 0%{?bootstrap}
pushd bootstrap_ver
%configure --with-tests
%if %{with fipshmac}
%define fipshmac() \
fipshmac -d $RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libdir}/%1.* \
file=`basename $RPM_BUILD_ROOT%{_libdir}/%1.*.hmac` && \
mv $RPM_BUILD_ROOT%{_libdir}/$file $RPM_BUILD_ROOT%{_libdir}/.$file && \
ln -s .$file $RPM_BUILD_ROOT%{_libdir}/.%1.hmac
%if 0%{?bootstrap}
%define bootstrap_fips 1
%define __spec_install_post \
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
%{__os_install_post} \
%fipshmac libnettle.so.%{nettle_so_ver} \
%fipshmac libhogweed.so.%{hogweed_so_ver} \
%{?bootstrap_fips:%fipshmac libnettle.so.%{nettle_so_ver_old}} \
%{?bootstrap_fips:%fipshmac libhogweed.so.%{hogweed_so_ver_old}} \
%if 0%{?bootstrap}
make -C bootstrap_ver install-shared-nettle DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p"
make -C bootstrap_ver install-shared-hogweed DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p"
chmod 0755 $RPM_BUILD_ROOT%{_libdir}/libnettle.so.%{nettle_so_ver_old}.*
chmod 0755 $RPM_BUILD_ROOT%{_libdir}/libhogweed.so.%{hogweed_so_ver_old}.*
make install-shared DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p"
mkdir -p $RPM_BUILD_ROOT%{_infodir}
install -p -m 644 nettle.info $RPM_BUILD_ROOT%{_infodir}/
rm -f $RPM_BUILD_ROOT%{_libdir}/*.a
rm -f $RPM_BUILD_ROOT%{_infodir}/dir
rm -f $RPM_BUILD_ROOT%{_bindir}/nettle-lfib-stream
rm -f $RPM_BUILD_ROOT%{_bindir}/pkcs1-conv
rm -f $RPM_BUILD_ROOT%{_bindir}/sexp-conv
rm -f $RPM_BUILD_ROOT%{_bindir}/nettle-hash
rm -f $RPM_BUILD_ROOT%{_bindir}/nettle-pbkdf2
chmod 0755 $RPM_BUILD_ROOT%{_libdir}/libnettle.so.%{nettle_so_ver}.*
chmod 0755 $RPM_BUILD_ROOT%{_libdir}/libhogweed.so.%{hogweed_so_ver}.*
make check
%if 0%{?bootstrap}
%if %{with fipshmac}
%files devel
%doc descore.README nettle.html nettle.pdf