From a2683fa0b96fdb793a298e1271377ae05520c16a Mon Sep 17 00:00:00 2001 From: eabdullin Date: Wed, 1 Nov 2023 10:37:15 +0300 Subject: [PATCH] Use CentOS Stream spec --- .../openssl-ibmca-2.3.1-engine-warning.patch | 27 ---- SPECS/openssl-ibmca.spec | 151 ++++++------------ 2 files changed, 46 insertions(+), 132 deletions(-) delete mode 100644 SOURCES/openssl-ibmca-2.3.1-engine-warning.patch diff --git a/SOURCES/openssl-ibmca-2.3.1-engine-warning.patch b/SOURCES/openssl-ibmca-2.3.1-engine-warning.patch deleted file mode 100644 index c4d4aec..0000000 --- a/SOURCES/openssl-ibmca-2.3.1-engine-warning.patch +++ /dev/null @@ -1,27 +0,0 @@ -From b72865d57bf129c058bdb4e7301b9cb7ce16938e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Dan=20Hor=C3=A1k?= -Date: Fri, 13 Jan 2023 18:09:49 +0100 -Subject: [ibmca PATCH] warn the user when configuring the engine - -The engine feature is deprecated in OpenSSL 3.0 and will be removed. -Thus warn the user and recommend using the provider instead. ---- - src/engine/ibmca-engine-opensslconfig.in | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/engine/ibmca-engine-opensslconfig.in b/src/engine/ibmca-engine-opensslconfig.in -index e4b168b..ec7fbfc 100644 ---- a/src/engine/ibmca-engine-opensslconfig.in -+++ b/src/engine/ibmca-engine-opensslconfig.in -@@ -140,4 +140,8 @@ this file. - |; - } - -+print "WARNING: The OpenSSL engine feature is DEPRECATED since OpenSSL 3.0.\n"; -+print "WARNING: It will be removed in the future.\n"; -+print "WARNING: Please use the OpenSSL provider instead.\n"; -+ - generate(); --- -2.39.0 - diff --git a/SPECS/openssl-ibmca.spec b/SPECS/openssl-ibmca.spec index e635b32..ab290d1 100644 --- a/SPECS/openssl-ibmca.spec +++ b/SPECS/openssl-ibmca.spec @@ -1,38 +1,26 @@ %global enginesdir %(pkg-config --variable=enginesdir libcrypto) -%global modulesdir %(pkg-config --variable=modulesdir libcrypto) -%if 0%{?fedora} >= 36 || 0%{?rhel} >= 9 -%global with_openssl3 1 -%endif - - -Summary: OpenSSL engine and provider for IBMCA +Summary: A dynamic OpenSSL engine for IBMCA Name: openssl-ibmca Version: 2.4.0 Release: 2%{?dist} License: ASL 2.0 +Group: System Environment/Libraries URL: https://github.com/opencryptoki Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz -# post GA fixes -#Patch0: %%{name}-%%{version}-fixes.patch -# warn the user about engine being deprecated -Patch1: %{name}-2.3.1-engine-warning.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2221894 +# https://bugzilla.redhat.com/show_bug.cgi?id=2221891 # https://github.com/opencryptoki/openssl-ibmca/commit/3ea8f4ed58e075e097856437c0732e11771931d0 -Patch2: %{name}-2.4.0-engine-defaults.patch -Requires: libica >= 4.0.0 -BuildRequires: make +Patch0: %{name}-2.4.0-engine-defaults.patch +Requires: libica >= 3.8.0 BuildRequires: gcc -BuildRequires: libica-devel >= 4.0.0 +BuildRequires: libica-devel >= 3.8.0 BuildRequires: automake libtool -BuildRequires: openssl >= 3.0.5 -BuildRequires: perl(FindBin) +BuildRequires: openssl ExclusiveArch: s390 s390x %description -A dynamic OpenSSL engine and provider for IBMCA crypto hardware on IBM Z -machines to accelerate cryptographic operations. +A dynamic OpenSSL engine for IBMCA crypto hardware on IBM z Systems machines. %prep @@ -42,22 +30,16 @@ machines to accelerate cryptographic operations. %build -%configure --libdir=%{enginesdir} --with-libica-cex --with-libica-version=4 -%make_build +%configure --libdir=%{enginesdir} --with-libica-version=3 +make %{?_smp_mflags} %install %make_install -rm -f %{buildroot}%{enginesdir}/*.la - -%if 0%{?with_openssl3} -# provider is built when openssl3 is available, fix its location -mkdir -p %{buildroot}%{modulesdir} -mv %{buildroot}%{enginesdir}/ibmca-provider.so %{buildroot}%{modulesdir}/ibmca-provider.so -%endif +rm -f $RPM_BUILD_ROOT%{enginesdir}/*.la pushd src/engine -sed -i -e 's|/usr/local/lib|%{enginesdir}|' openssl.cnf.sample +sed -e 's|/usr/local/lib|%{enginesdir}|' openssl.cnf.sample > openssl.cnf.sample.%{_arch} popd # remove generated sample configs @@ -70,97 +52,56 @@ make check %files %license LICENSE -%doc ChangeLog README.md src/engine/openssl.cnf.sample -%doc src/engine/ibmca-engine-opensslconfig -%doc src/provider/ibmca-provider-opensslconfig +%doc ChangeLog README.md src/engine/openssl.cnf.sample.%{_arch} %{enginesdir}/ibmca.so %{_mandir}/man5/ibmca.5* -%if 0%{?with_openssl3} -%{modulesdir}/ibmca-provider.so -%{_mandir}/man5/ibmca-provider.5* -%endif %changelog -* Tue Jul 11 2023 Dan Horák - 2.4.0-2 -- engine: Only register those algos specified with default_algorithms (#2221894) -- Resolves: #2221894 +* Wed Jul 12 2023 Dan Horák - 2.4.0-2 +- engine: Only register those algos specified with default_algorithms (#2221891) +- Resolves: #2221891 -* Thu Apr 06 2023 Dan Horák - 2.4.0-1 -- updated to 2.4.0 (#2160084) -- Resolves: #2160084 +* Mon May 29 2023 Dan Horák - 2.4.0-1 +- updated to 2.4.0 (#2159722) +- Resolves: #2159722 -* Fri Jan 13 2023 Dan Horák - 2.3.1-2 -- fix provider configuration script (#2140028) -- Resolves: #2140028 +* Fri Jan 06 2023 Dan Horák - 2.3.1-1 +- updated to 2.3.1 (#2110379) +- Resolves: #2110379 -* Thu Jan 12 2023 Dan Horák - 2.3.1-1 -- updated to 2.3.1 (#2110378) -- Resolves: #2110378 +* Tue Mar 29 2022 Dan Horák - 2.3.0-1 +- updated to 2.3.0 (#2043842) +- Resolves: #2043842 -* Thu May 19 2022 Dan Horák - 2.3.0-1 -- updated to 2.3.0 (#2044177) -- add provider for openssl 3.x (#2044185) -- Resolves: #2044177 #2044185 - -* Wed Feb 02 2022 Dan Horák - 2.2.2-1 -- updated to 2.2.2 (#2016989) -- Resolves: #2016989 - -* Mon Oct 25 2021 Dan Horák - 2.2.1-1 -- updated to 2.2.1 (#2016989) - -* Mon Aug 09 2021 Mohan Boddu - 2.2.0-3 -- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags - Related: rhbz#1991688 +* Wed Oct 06 2021 Dan Horák - 2.2.1-1 +- updated to 2.2.1 (#1984971) +- Resolves: #1984971 * Mon Aug 09 2021 Dan Horák - 2.2.0-2 -- fix DSA and DH registration (#1989380) -- Resolves: #1989380 +- fix DSA and DH registration (#1989064) +- Resolves: #1989064 -* Fri Jun 04 2021 Dan Horák - 2.2.0-1 -- updated to 2.2.0 (#1869531) -- eliminate SW fallback functions (#1924117) -- Resolves: #1869531 #1924117 +* Tue Jul 13 2021 Dan Horák - 2.2.0-1 +- updated to 2.2.0 (#1919222) +- do not use libica software fallbacks (#1922204) +- Resolves: #1919222 #1922204 -* Wed May 12 2021 Dan Horák - 2.1.2-1 -- updated to 2.1.2 +* Thu May 21 2020 Dan Horák - 2.1.1-1 +- updated to 2.1.1 (#1780306) +- Resolves: #1780306 -* Fri Apr 16 2021 Mohan Boddu - 2.1.1-4 -- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 +* Tue Nov 05 2019 Dan Horák - 2.1.0-1 +- updated to 2.1.0 (#1726242) +- Resolves: #1726242, #1723854 -* Tue Jan 26 2021 Fedora Release Engineering - 2.1.1-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild +* Mon Apr 29 2019 Dan Horák - 2.0.3-1 +- updated to 2.0.3 (#1666622) +- Resolves: #1666622 #1659427 #1683099 -* Tue Jul 28 2020 Fedora Release Engineering - 2.1.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - -* Tue May 12 2020 Dan Horák - 2.1.1-1 -- updated to 2.1.1 - -* Wed Jan 29 2020 Fedora Release Engineering - 2.1.0-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - -* Mon Sep 09 2019 Dan Horák - 2.1.0-1 -- updated to 2.1.0 - -* Thu Jul 25 2019 Fedora Release Engineering - 2.0.3-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - -* Wed Apr 24 2019 Dan Horák - 2.0.3-1 -- updated to 2.0.3 - -* Fri Feb 01 2019 Fedora Release Engineering - 2.0.2-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - -* Thu Dec 13 2018 Dan Horák - 2.0.2-1 -- updated to 2.0.2 - -* Thu Aug 23 2018 Dan Horák - 2.0.0-3 -- run upstream test-suite during build - -* Fri Jul 13 2018 Fedora Release Engineering - 2.0.0-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild +* Tue Dec 11 2018 Dan Horák - 2.0.0-2 +- Fix doing rsa-me, altough rsa-crt would be possible +- Resolves: #1655654 * Mon Jun 18 2018 Dan Horák - 2.0.0-1 - updated to 2.0.0