rpms/openssl
7
1
Fork 1
Code Issues Pull Requests Releases Activity

Add a openssl-fips-provider package

Browse Source 
This allows it to be replaced by fips-provider-next which is built as an
alternative fips provider. Adds a Suggests to still prefer the openssl's
own packge by default.

Resolves: RHEL-102408

Signed-off-by: Simo Sorce <simo@redhat.com>
This commit is contained in:
Simo Sorce 2025-07-14 12:04:17 -04:00
parent 12e10e275a
commit fd23d267e8
1 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
openssl.spec
View File

@ -125,8 +125,9 @@ protocols.
Summary: A general purpose cryptography library with TLS implementation Summary: A general purpose cryptography library with TLS implementation
Requires: ca-certificates >= 2008-5 Requires: ca-certificates >= 2008-5
Requires: crypto-policies >= 20180730 Requires: crypto-policies >= 20180730
%if ( %{defined rhel} && (! %{defined centos}) ) %if %{defined rhel}
Requires: openssl-fips-provider Requires: openssl-fips-provider
Suggests: openssl-fips-provider
%endif %endif
%description libs %description libs
@ -154,6 +155,17 @@ OpenSSL is a toolkit for supporting cryptography. The openssl-perl
package provides Perl scripts for converting certificates and keys package provides Perl scripts for converting certificates and keys
from other formats to the formats used by the OpenSSL toolkit. from other formats to the formats used by the OpenSSL toolkit.
%if %{defined centos}
%package fips-provider
Summary: The FIPS Provider module
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
%description fips-provider
OpenSSL is a toolkit for supporting cryptography. The openssl-fips-provider
package provides the fips.so provider, a cryptography provider that follows
FIPS requirements and provides FIPS approved algorithms.
%endif
%prep %prep
%autosetup -S git -n %{name}-%{version} %autosetup -S git -n %{name}-%{version}
@ -404,7 +416,7 @@ ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysco
%attr(0755,root,root) %{_libdir}/libssl.so.%{version} %attr(0755,root,root) %{_libdir}/libssl.so.%{version}
%{_libdir}/libssl.so.%{soversion} %{_libdir}/libssl.so.%{soversion}
%attr(0755,root,root) %{_libdir}/engines-%{soversion} %attr(0755,root,root) %{_libdir}/engines-%{soversion}
%attr(0755,root,root) %{_libdir}/ossl-modules %attr(0755,root,root) %{_libdir}/ossl-modules/legacy.so
%files devel %files devel
%doc CHANGES.md doc/dir-locals.example.el doc/openssl-c-indent.el %doc CHANGES.md doc/dir-locals.example.el doc/openssl-c-indent.el
@ -427,6 +439,11 @@ ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysco
%dir %{_sysconfdir}/pki/CA/crl %dir %{_sysconfdir}/pki/CA/crl
%dir %{_sysconfdir}/pki/CA/newcerts %dir %{_sysconfdir}/pki/CA/newcerts
%if %{defined centos}
%files fips-provider
%attr(0755,root,root) %{_libdir}/ossl-modules/fips.so
%endif
%ldconfig_scriptlets libs %ldconfig_scriptlets libs
%changelog %changelog