oqsprovider/oqsprovider.spec

%global oqs_version 0.8.0
%global liboqs_min_version 0.12.0-1
Name:       oqsprovider
Version:    %{oqs_version}
Release:    5%{?dist}
Summary:    oqsprovider is an OpenSSL provider for quantum-safe algorithms based on liboqs

License:    Apache-2.0 AND MIT
URL:        https://github.com/open-quantum-safe/oqs-provider.git
Source0:    https://github.com/open-quantum-safe/oqs-provider/archive/refs/tags/%{oqs_version}.tar.gz
Source1:    oqsprovider.conf

# https://github.com/open-quantum-safe/oqs-provider/pull/603
Patch01:    01-remove-prenist.patch
# https://github.com/open-quantum-safe/oqs-provider/pull/606
Patch02:    02-mlkem1024-hybrid.patch
Patch03:    03-iana-kem-only.patch

Requires: liboqs >= %{liboqs_min_version}
Requires: openssl
BuildRequires: ninja-build
BuildRequires: cmake
BuildRequires: gcc
BuildRequires: liboqs-devel
BuildRequires: openssl-devel
BuildRequires: liboqs >= %{liboqs_min_version}

%description
oqs-provider fully enables quantum-safe cryptography for KEM key
establishment in TLS1.3 including management of such keys via the OpenSSL (3.0)
provider interface and hybrid KEM schemes. Also, QSC signatures including CMS
functionality are available via the OpenSSL EVP interface. Key persistence is
provided via the encode/decode mechanism and X.509 data structures.

%prep
%autosetup -T -b 0 -p1 -n oqs-provider-%{oqs_version}

%build
%cmake -GNinja -DCMAKE_BUILD_TYPE=Debug -DOQS_KEM_ENCODERS=ON -LAH ..
%cmake_build

%check
cd "%{_vpath_builddir}"
OPENSSL_CONF=/dev/null ctest -V

%install
mkdir -p $RPM_BUILD_ROOT/%{_libdir}/ossl-modules
install %{_vpath_builddir}/lib/oqsprovider.so $RPM_BUILD_ROOT/%{_libdir}/ossl-modules
(cd $RPM_BUILD_ROOT/%{_libdir}/ossl-modules/ && ln -s oqsprovider.so oqsprovider.so.%{oqs_version})
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.d
install -m644 '%{SOURCE1}' \
        $RPM_BUILD_ROOT/%{_sysconfdir}/pki/tls/openssl.d/oqsprovider.conf

%files
%license LICENSE.txt
%{_libdir}/ossl-modules/oqsprovider.so.%{oqs_version}
%{_libdir}/ossl-modules/oqsprovider.so
%config(noreplace) %{_sysconfdir}/pki/tls/openssl.d/oqsprovider.conf

%changelog
* Thu Feb 06 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 0.8.0-5
- Reverting previous commit
  Related: RHEL-65422

* Wed Feb 05 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 0.8.0-4
- Fix private key format
  Related: RHEL-65422

* Fri Jan 03 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 0.8.0-3
- Enable mlkem1024 hybrid (upstream backport)
  Resolves: RHEL-70817

* Thu Jan 02 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 0.8.0-2
- rebuilt
  Related: RHEL-65422

* Thu Jan 02 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 0.8.0-1
- Rebase oqsprovider to 0.8.0
  Resolves: RHEL-65422

* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 0.7.0-3
- Bump release for October 2024 mass rebuild:
  Resolves: RHEL-64018

* Thu Oct 24 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 0.7.0-2
- OQS provider should provide only standard groups
  Resolves: RHEL-64277

* Thu Oct 17 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 0.7.0-1
- Rebase oqsprovider to 0.7.0
  Resolves: RHEL-56155

* Thu Oct 03 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 0.6.1-2
- Add drop-in configuration for oqsprovider
  Resolves: RHEL-56891

* Thu Jul 11 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 0.6.1-1
- Rebase oqsprovider to 0.6.1
  Resolves: RHEL-43146

* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 0.5.3-4
- Bump release for June 2024 mass rebuild

* Thu Mar 21 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 0.5.3-3
- add gating.yaml
  Related: RHEL-25983

* Fri Mar 01 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 0.5.3-2
- We run tests with specially crafted OpenSSL configuration, not the system one
  Resolves: RHEL-25983

* Thu Feb 01 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 0.5.3-1
- Update to 0.5.3 version
  Enable KEM encoders

* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild

* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild

* Fri Oct 27 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 0.5.2-1
- Switch to 0.5.2 version
  Resolves: rhbz#2224598

* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild

* Tue Jul 18 2023 Dmitry Belyavskiy - 0.5.0-1
- Initial build of oqsprovider for Fedora
Rebase oqsprovider to 0.8.0 Resolves: RHEL-65422 2025-01-02 12:27:04 +00:00			`%global oqs_version 0.8.0`
			`%global liboqs_min_version 0.12.0-1`
Initial import (fedora#2223569). 2023-07-18 15:14:01 +00:00			`Name: oqsprovider`
			`Version: %{oqs_version}`
Reverting previous commit Related: RHEL-65422 2025-02-06 11:45:12 +00:00			`Release: 5%{?dist}`
Initial import (fedora#2223569). 2023-07-18 15:14:01 +00:00			`Summary: oqsprovider is an OpenSSL provider for quantum-safe algorithms based on liboqs`

			`License: Apache-2.0 AND MIT`
			`URL: https://github.com/open-quantum-safe/oqs-provider.git`
Add drop-in configuration for oqsprovider Resolves: RHEL-56891 2024-10-03 11:58:08 +00:00			`Source0: https://github.com/open-quantum-safe/oqs-provider/archive/refs/tags/%{oqs_version}.tar.gz`
			`Source1: oqsprovider.conf`
Initial import (fedora#2223569). 2023-07-18 15:14:01 +00:00
Enable mlkem1024 hybrid (upstream backport) Resolves: RHEL-70817 2025-01-03 14:51:50 +00:00			`# https://github.com/open-quantum-safe/oqs-provider/pull/603`
			`Patch01: 01-remove-prenist.patch`
			`# https://github.com/open-quantum-safe/oqs-provider/pull/606`
			`Patch02: 02-mlkem1024-hybrid.patch`
			`Patch03: 03-iana-kem-only.patch`
OQS provider should provide only standard groups Resolves: RHEL-64277 2024-10-24 16:13:41 +00:00
Add drop-in configuration for oqsprovider Resolves: RHEL-56891 2024-10-03 11:58:08 +00:00			`Requires: liboqs >= %{liboqs_min_version}`
Initial import (fedora#2223569). 2023-07-18 15:14:01 +00:00			`Requires: openssl`
			`BuildRequires: ninja-build`
			`BuildRequires: cmake`
			`BuildRequires: gcc`
			`BuildRequires: liboqs-devel`
			`BuildRequires: openssl-devel`
Add drop-in configuration for oqsprovider Resolves: RHEL-56891 2024-10-03 11:58:08 +00:00			`BuildRequires: liboqs >= %{liboqs_min_version}`
Initial import (fedora#2223569). 2023-07-18 15:14:01 +00:00
			`%description`
			`oqs-provider fully enables quantum-safe cryptography for KEM key`
			`establishment in TLS1.3 including management of such keys via the OpenSSL (3.0)`
			`provider interface and hybrid KEM schemes. Also, QSC signatures including CMS`
			`functionality are available via the OpenSSL EVP interface. Key persistence is`
			`provided via the encode/decode mechanism and X.509 data structures.`

			`%prep`
We run tests with specially crafted OpenSSL configuration, not the system one Resolves: RHEL-25983 2024-03-20 16:02:44 +00:00			`%autosetup -T -b 0 -p1 -n oqs-provider-%{oqs_version}`
Initial import (fedora#2223569). 2023-07-18 15:14:01 +00:00
			`%build`
Reverting previous commit Related: RHEL-65422 2025-02-06 11:45:12 +00:00			`%cmake -GNinja -DCMAKE_BUILD_TYPE=Debug -DOQS_KEM_ENCODERS=ON -LAH ..`
Initial import (fedora#2223569). 2023-07-18 15:14:01 +00:00			`%cmake_build`

			`%check`
			`cd "%{_vpath_builddir}"`
We run tests with specially crafted OpenSSL configuration, not the system one Resolves: RHEL-25983 2024-03-20 16:02:44 +00:00			`OPENSSL_CONF=/dev/null ctest -V`
Initial import (fedora#2223569). 2023-07-18 15:14:01 +00:00
			`%install`
			`mkdir -p $RPM_BUILD_ROOT/%{_libdir}/ossl-modules`
Switch to 0.5.2 version Resolves: rhbz#2224598 2023-10-27 11:00:38 +00:00			`install %{_vpath_builddir}/lib/oqsprovider.so $RPM_BUILD_ROOT/%{_libdir}/ossl-modules`
			`(cd $RPM_BUILD_ROOT/%{_libdir}/ossl-modules/ && ln -s oqsprovider.so oqsprovider.so.%{oqs_version})`
Add drop-in configuration for oqsprovider Resolves: RHEL-56891 2024-10-03 11:58:08 +00:00			`mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.d`
			`install -m644 '%{SOURCE1}' \`
			`$RPM_BUILD_ROOT/%{_sysconfdir}/pki/tls/openssl.d/oqsprovider.conf`
Initial import (fedora#2223569). 2023-07-18 15:14:01 +00:00
			`%files`
			`%license LICENSE.txt`
			`%{_libdir}/ossl-modules/oqsprovider.so.%{oqs_version}`
			`%{_libdir}/ossl-modules/oqsprovider.so`
Add drop-in configuration for oqsprovider Resolves: RHEL-56891 2024-10-03 11:58:08 +00:00			`%config(noreplace) %{_sysconfdir}/pki/tls/openssl.d/oqsprovider.conf`
Initial import (fedora#2223569). 2023-07-18 15:14:01 +00:00
			`%changelog`
Reverting previous commit Related: RHEL-65422 2025-02-06 11:45:12 +00:00			`* Thu Feb 06 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 0.8.0-5`
			`- Reverting previous commit`
			`Related: RHEL-65422`

Fix private key format Related: RHEL-65422 2025-02-05 10:53:57 +00:00			`* Wed Feb 05 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 0.8.0-4`
			`- Fix private key format`
			`Related: RHEL-65422`

Enable mlkem1024 hybrid (upstream backport) Resolves: RHEL-70817 2025-01-03 14:51:50 +00:00			`* Fri Jan 03 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 0.8.0-3`
			`- Enable mlkem1024 hybrid (upstream backport)`
			`Resolves: RHEL-70817`

rebuilt Related: RHEL-65422 2025-01-02 15:29:02 +00:00			`* Thu Jan 02 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 0.8.0-2`
			`- rebuilt`
			`Related: RHEL-65422`

Rebase oqsprovider to 0.8.0 Resolves: RHEL-65422 2025-01-02 12:27:04 +00:00			`* Thu Jan 02 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 0.8.0-1`
			`- Rebase oqsprovider to 0.8.0`
			`Resolves: RHEL-65422`

Bump release for October 2024 mass rebuild: Resolves: RHEL-64018 2024-10-29 15:53:21 +00:00			`* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 0.7.0-3`
			`- Bump release for October 2024 mass rebuild:`
			`Resolves: RHEL-64018`

OQS provider should provide only standard groups Resolves: RHEL-64277 2024-10-24 16:13:41 +00:00			`* Thu Oct 24 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 0.7.0-2`
			`- OQS provider should provide only standard groups`
			`Resolves: RHEL-64277`

Rebase oqsprovider to 0.7.0 Resolves: RHEL-56155 2024-10-17 13:10:15 +00:00			`* Thu Oct 17 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 0.7.0-1`
			`- Rebase oqsprovider to 0.7.0`
			`Resolves: RHEL-56155`

Add drop-in configuration for oqsprovider Resolves: RHEL-56891 2024-10-03 11:58:08 +00:00			`* Thu Oct 03 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 0.6.1-2`
			`- Add drop-in configuration for oqsprovider`
			`Resolves: RHEL-56891`

Rebase oqsprovider to 0.6.1 Resolves: RHEL-43146 2024-07-11 08:35:36 +00:00			`* Thu Jul 11 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 0.6.1-1`
			`- Rebase oqsprovider to 0.6.1`
			`Resolves: RHEL-43146`

Bump release for June 2024 mass rebuild 2024-06-24 16:06:23 +00:00			`* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 0.5.3-4`
			`- Bump release for June 2024 mass rebuild`

add gating.yaml Related: RHEL-25983 2024-03-21 10:48:40 +00:00			`* Thu Mar 21 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 0.5.3-3`
			`- add gating.yaml`
			`Related: RHEL-25983`

We run tests with specially crafted OpenSSL configuration, not the system one Resolves: RHEL-25983 2024-03-20 16:02:44 +00:00			`* Fri Mar 01 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 0.5.3-2`
			`- We run tests with specially crafted OpenSSL configuration, not the system one`
			`Resolves: RHEL-25983`

Update to 0.5.3 2024-02-01 16:22:28 +00:00			`* Thu Feb 01 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 0.5.3-1`
			`- Update to 0.5.3 version`
			`Enable KEM encoders`

Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild 2024-01-25 11:35:35 +00:00			`* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.2-3`
			`- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild`

Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild 2024-01-21 11:29:20 +00:00			`* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.2-2`
			`- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild`

Switch to 0.5.2 version Resolves: rhbz#2224598 2023-10-27 11:00:38 +00:00			`* Fri Oct 27 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 0.5.2-1`
			`- Switch to 0.5.2 version`
			`Resolves: rhbz#2224598`

Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org> 2023-07-20 18:17:53 +00:00			`* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.0-2`
			`- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild`

Initial import (fedora#2223569). 2023-07-18 15:14:01 +00:00			`* Tue Jul 18 2023 Dmitry Belyavskiy - 0.5.0-1`
			`- Initial build of oqsprovider for Fedora`