Fix SHA-1 algorithm availability
Resolves: https://issues.redhat.com/browse/RHEL-46788 Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
This commit is contained in:
parent
32e338fcbe
commit
cd5cce02a8
4
openssl-swtpm.cnf
Normal file
4
openssl-swtpm.cnf
Normal file
@ -0,0 +1,4 @@
|
||||
.include /etc/ssl/openssl.cnf
|
||||
|
||||
[evp_properties]
|
||||
rh-allow-sha1-signatures = yes
|
12
swtpm-custom-openssl.patch
Normal file
12
swtpm-custom-openssl.patch
Normal file
@ -0,0 +1,12 @@
|
||||
Binary files swtpm-0.9.0/.git/index and swtpm-0.9.0.new/.git/index differ
|
||||
diff -rup swtpm-0.9.0/src/swtpm/main.c swtpm-0.9.0.new/src/swtpm/main.c
|
||||
--- swtpm-0.9.0/src/swtpm/main.c 2024-07-08 09:34:00.488080859 +0100
|
||||
+++ swtpm-0.9.0.new/src/swtpm/main.c 2024-07-08 09:33:40.057884795 +0100
|
||||
@@ -70,6 +70,7 @@ int main(int argc, char **argv)
|
||||
fprintf(stderr, "Missing TPM interface type.\n");
|
||||
return 1;
|
||||
}
|
||||
+ setenv("OPENSSL_CONF", "/etc/ssl/openssl-swtpm.cnf", 1);
|
||||
if (!strcmp(argv[1], "socket")) {
|
||||
return swtpm_main(argc-1, &argv[1], argv[0], "socket");
|
||||
#ifdef WITH_CHARDEV
|
15
swtpm.spec
15
swtpm.spec
@ -8,11 +8,16 @@
|
||||
Summary: TPM Emulator
|
||||
Name: swtpm
|
||||
Version: 0.8.0
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
License: BSD
|
||||
Url: https://github.com/stefanberger/swtpm
|
||||
Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
|
||||
Patch0001: 0001-swtpm_setup-fix-Werror-maybe-uninitialized.patch
|
||||
# Prevent crypto policies disabling SHA-1.
|
||||
# swtpm algorithm list is unconditional. Since it advertizes
|
||||
# SHA-1, we MUST always provide a working SHA-1 impl
|
||||
Source1: openssl-swtpm.cnf
|
||||
Patch0002: swtpm-custom-openssl.patch
|
||||
|
||||
BuildRequires: make
|
||||
BuildRequires: git-core
|
||||
@ -103,6 +108,9 @@ make %{?_smp_mflags} check VERBOSE=1
|
||||
rm -f $RPM_BUILD_ROOT%{_libdir}/%{name}/*.{a,la,so}
|
||||
rm $RPM_BUILD_ROOT%{_mandir}/man8/swtpm_cuse.8*
|
||||
|
||||
%__install -d %{buildroot}%{_sysconfdir}/ssl
|
||||
cp %{SOURCE1} %{buildroot}/%{_sysconfdir}/ssl/
|
||||
|
||||
%post
|
||||
for pp in /usr/share/selinux/packages/swtpm.pp \
|
||||
/usr/share/selinux/packages/swtpm_svirt.pp; do
|
||||
@ -130,6 +138,7 @@ fi
|
||||
%{_mandir}/man8/swtpm.8*
|
||||
%{_datadir}/selinux/packages/swtpm.pp
|
||||
%{_datadir}/selinux/packages/swtpm_svirt.pp
|
||||
%{_sysconfdir}/ssl/openssl-swtpm.cnf
|
||||
|
||||
%files libs
|
||||
%license LICENSE
|
||||
@ -175,6 +184,10 @@ fi
|
||||
%{_datadir}/swtpm/swtpm-create-tpmca
|
||||
|
||||
%changelog
|
||||
* Mon Jul 08 2024 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.8.0-2
|
||||
- Fix SHA-1 algorithm availability
|
||||
Resolves: RHEL-46788
|
||||
|
||||
* Tue Nov 22 2022 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.8.0-1
|
||||
- Update to v0.8.0 release
|
||||
Resolves: rhbz#2092944
|
||||
|
Loading…
Reference in New Issue
Block a user