Add drop-in configuration for oqsprovider

Resolves: RHEL-56891
2024-10-03 13:58:08 +02:00 · 2024-10-03 13:58:08 +02:00 · 0d94ed33c9
commit 0d94ed33c9
parent 3d803997fa
3 changed files with 33 additions and 3 deletions
--- a/01-nosha1-test.patch
+++ b/01-nosha1-test.patch
@ -0,0 +1,12 @@
+diff -up oqs-provider-0.6.1/test/tlstest_helpers.c.xxx oqs-provider-0.6.1/test/tlstest_helpers.c
+--- oqs-provider-0.6.1/test/tlstest_helpers.c.xxx	2024-10-03 17:54:19.127349786 +0200
+++ oqs-provider-0.6.1/test/tlstest_helpers.c	2024-10-03 17:54:28.356566812 +0200
+@@ -28,7 +28,7 @@ int create_cert_key(OSSL_LIB_CTX *libctx
+         || !X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
+                                        (unsigned char *)"localhost", -1, -1, 0)
+         || !X509_set_issuer_name(x509, name)
+-        || !X509_sign(x509, pkey, EVP_sha1())
+        || !X509_sign(x509, pkey, EVP_sha256())
+         || !(keybio = BIO_new_file(privkeyfilename, "wb"))
+         || !PEM_write_bio_PrivateKey(keybio, pkey, NULL, NULL, 0, NULL, NULL)
+         || !(certbio = BIO_new_file(certfilename, "wb"))
--- a/oqsprovider.conf
+++ b/oqsprovider.conf
@ -0,0 +1,5 @@
+[provider_sect]
+oqsprovider = oqs_sect
+
+[oqs_sect]
+activate = 1
--- a/oqsprovider.spec
+++ b/oqsprovider.spec
@ -1,20 +1,25 @@
 %global oqs_version 0.6.1
+%global liboqs_min_version 0.11.0
 Name:       oqsprovider
 Version:    %{oqs_version}
-Release:    1%{?dist}
+Release:    2%{?dist}
 Summary:    oqsprovider is an OpenSSL provider for quantum-safe algorithms based on liboqs

 License:    Apache-2.0 AND MIT
 URL:        https://github.com/open-quantum-safe/oqs-provider.git
-Source:     https://github.com/open-quantum-safe/oqs-provider/archive/refs/tags/%{oqs_version}.tar.gz
+Source0:    https://github.com/open-quantum-safe/oqs-provider/archive/refs/tags/%{oqs_version}.tar.gz
+Source1:    oqsprovider.conf

-Requires: liboqs >= 0.10.1
+Patch1:	    01-nosha1-test.patch
+
+Requires: liboqs >= %{liboqs_min_version}
 Requires: openssl
 BuildRequires: ninja-build
 BuildRequires: cmake
 BuildRequires: gcc
 BuildRequires: liboqs-devel
 BuildRequires: openssl-devel
+BuildRequires: liboqs >= %{liboqs_min_version}

 %description
 oqs-provider fully enables quantum-safe cryptography for KEM key
@ -38,13 +43,21 @@ OPENSSL_CONF=/dev/null ctest -V
 mkdir -p $RPM_BUILD_ROOT/%{_libdir}/ossl-modules
 install %{_vpath_builddir}/lib/oqsprovider.so $RPM_BUILD_ROOT/%{_libdir}/ossl-modules
 (cd $RPM_BUILD_ROOT/%{_libdir}/ossl-modules/ && ln -s oqsprovider.so oqsprovider.so.%{oqs_version})
+mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.d
+install -m644 '%{SOURCE1}' \
+        $RPM_BUILD_ROOT/%{_sysconfdir}/pki/tls/openssl.d/oqsprovider.conf

 %files
 %license LICENSE.txt
 %{_libdir}/ossl-modules/oqsprovider.so.%{oqs_version}
 %{_libdir}/ossl-modules/oqsprovider.so
+%config(noreplace) %{_sysconfdir}/pki/tls/openssl.d/oqsprovider.conf

 %changelog
+* Thu Oct 03 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 0.6.1-2
+- Add drop-in configuration for oqsprovider
+  Resolves: RHEL-56891
+
 * Thu Jul 11 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 0.6.1-1
 - Rebase oqsprovider to 0.6.1
  Resolves: RHEL-43146