enable fips warning
This commit is contained in:
Zdenek Dohnal
parent
7ea9c9f4d5
commit
fd78a22e2c
83
vim-crypto-warning.patch
Normal file
83
vim-crypto-warning.patch
Normal file
@ -0,0 +1,83 @@
|
||||
diff -up vim81/src/config.h.in.crypto vim81/src/config.h.in
|
||||
--- vim81/src/config.h.in.crypto 2019-07-26 07:58:51.000000000 +0200
|
||||
+++ vim81/src/config.h.in 2019-09-16 14:18:32.994110646 +0200
|
||||
@@ -490,3 +490,12 @@
|
||||
|
||||
/* Define to inline symbol or empty */
|
||||
#undef inline
|
||||
+
|
||||
+/* Do we need FIPS warning? */
|
||||
+#undef HAVE_FIPS_WARNING
|
||||
+
|
||||
+/* Link to system-fips file */
|
||||
+#undef SYSTEM_FIPS_FILE_LINK
|
||||
+
|
||||
+/* Link to fips_enabled file */
|
||||
+#undef FIPS_ENABLED_FILE_LINK
|
||||
diff -up vim81/src/configure.ac.crypto vim81/src/configure.ac
|
||||
--- vim81/src/configure.ac.crypto 2019-09-16 14:18:32.990110675 +0200
|
||||
+++ vim81/src/configure.ac 2019-09-16 14:18:32.996110631 +0200
|
||||
@@ -534,6 +534,38 @@ else
|
||||
AC_MSG_RESULT(yes)
|
||||
fi
|
||||
|
||||
+dnl Checking if we want FIPS warning
|
||||
+
|
||||
+AC_MSG_CHECKING(--enable-fips-warning)
|
||||
+AC_ARG_ENABLE([fips-warning],
|
||||
+ AS_HELP_STRING([--enable-fips-warning], [Enable FIPS warning]),
|
||||
+ ,[enable_fips_warning="no"])
|
||||
+
|
||||
+if test "$enable_fips_warning" = "yes"; then
|
||||
+ AC_MSG_RESULT(yes)
|
||||
+ AC_DEFINE([HAVE_FIPS_WARNING])
|
||||
+
|
||||
+ dnl Setting path for system-fips file
|
||||
+
|
||||
+ AC_MSG_CHECKING(--with-system-fips-file argument)
|
||||
+ AC_ARG_WITH([system-fips-file], [ --with-system-fips-file=PATH Link to system-fips file (default: /etc/system-fips)],
|
||||
+ with_system_fips_file=$withval,
|
||||
+ with_system_fips_file="/etc/system-fips")
|
||||
+ AC_MSG_RESULT([$with_system_fips_file])
|
||||
+ AC_DEFINE_UNQUOTED([SYSTEM_FIPS_FILE_LINK], ["$with_system_fips_file"])
|
||||
+
|
||||
+ dnl Setting link to fips_enabled file
|
||||
+
|
||||
+ AC_MSG_CHECKING(--with-fips-enabled-file argument)
|
||||
+ AC_ARG_WITH([fips-enabled-file], [ --with-fips-enabled-file=PATH Link to fibs_enabled file (default: /proc/sys/crypto/fips_enabled)],
|
||||
+ with_fips_enabled_file=$withval,
|
||||
+ with_fips_enabled_file="/proc/sys/crypto/fips_enabled")
|
||||
+ AC_MSG_RESULT([$with_fips_enabled_file])
|
||||
+ AC_DEFINE_UNQUOTED([FIPS_ENABLED_FILE_LINK], ["$with_fips_enabled_file"])
|
||||
+else
|
||||
+ AC_MSG_RESULT(no)
|
||||
+fi
|
||||
+
|
||||
dnl Check for Lua feature.
|
||||
AC_MSG_CHECKING(--enable-luainterp argument)
|
||||
AC_ARG_ENABLE(luainterp,
|
||||
diff -up vim81/src/crypt.c.crypto vim81/src/crypt.c
|
||||
--- vim81/src/crypt.c.crypto 2019-09-16 14:18:32.996110631 +0200
|
||||
+++ vim81/src/crypt.c 2019-09-16 14:19:48.953550617 +0200
|
||||
@@ -524,6 +524,21 @@ crypt_check_method(int method)
|
||||
msg_scroll = TRUE;
|
||||
msg(_("Warning: Using a weak encryption method; see :help 'cm'"));
|
||||
}
|
||||
+#ifdef HAVE_FIPS_WARNING
|
||||
+ FILE *fips_enable_fd = fopen(FIPS_ENABLED_FILE_LINK, "r");
|
||||
+ if (fips_enable_fd == NULL)
|
||||
+ return;
|
||||
+
|
||||
+ int enabled = fgetc(fips_enable_fd);
|
||||
+
|
||||
+ if ( access(SYSTEM_FIPS_FILE_LINK, F_OK) != -1 && enabled == '1')
|
||||
+ {
|
||||
+ msg_scroll = TRUE;
|
||||
+ msg(_("Warning: This cryptography is not FIPS 140-2 compliant."));
|
||||
+ }
|
||||
+
|
||||
+ fclose(fips_enable_fd);
|
||||
+#endif
|
||||
}
|
||||
|
||||
void
|
||||
11
vim.spec
11
vim.spec
@ -21,7 +21,7 @@ Summary: The VIM editor
|
||||
URL: http://www.vim.org/
|
||||
Name: vim
|
||||
Version: %{baseversion}.%{patchlevel}
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
License: Vim and MIT
|
||||
Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}-%{patchlevel}.tar.bz2
|
||||
Source1: vim.sh
|
||||
@ -60,6 +60,8 @@ Patch3014: vim-7.4-releasestring-1318991.patch
|
||||
Patch3016: vim-8.0-copy-paste.patch
|
||||
# migrate shebangs in script to /usr/bin/python3 and use python2 when necessary
|
||||
Patch3017: vim-python3-tests.patch
|
||||
# fips warning
|
||||
Patch3018: vim-crypto-warning.patch
|
||||
|
||||
# gcc is no longer in buildroot by default
|
||||
BuildRequires: gcc
|
||||
@ -249,6 +251,7 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk
|
||||
%patch3014 -p1
|
||||
%patch3016 -p1
|
||||
%patch3017 -p1
|
||||
%patch3018 -p1
|
||||
|
||||
%build
|
||||
%if 0%{?rhel} > 7
|
||||
@ -298,6 +301,7 @@ perl -pi -e "s/vimrc/virc/" os_unix.h
|
||||
--with-tlib=ncurses --enable-gui=no --disable-gpm --exec-prefix=/ \
|
||||
--with-compiledby="<bugzilla@redhat.com>" \
|
||||
--with-modified-by="<bugzilla@redhat.com>" \
|
||||
--enable-fips-warning \
|
||||
--enable-fail-if-missing
|
||||
|
||||
make VIMRCLOC=/etc VIMRUNTIMEDIR=/usr/share/vim/%{vimdir} %{?_smp_mflags}
|
||||
@ -319,6 +323,7 @@ mv -f ex_cmds.c.save ex_cmds.c
|
||||
--enable-xim --enable-multibyte \
|
||||
--with-tlib=ncurses \
|
||||
--enable-gtk3-check --enable-gui=gtk3 \
|
||||
--enable-fips-warning \
|
||||
--with-compiledby="<bugzilla@redhat.com>" --enable-cscope \
|
||||
--with-modified-by="<bugzilla@redhat.com>" \
|
||||
%if "%{withnetbeans}" == "1"
|
||||
@ -355,6 +360,7 @@ make clean
|
||||
--enable-gui=no --exec-prefix=%{_prefix} --enable-multibyte \
|
||||
--enable-cscope --with-modified-by="<bugzilla@redhat.com>" \
|
||||
--with-tlib=ncurses \
|
||||
--enable-fips-warning \
|
||||
--with-compiledby="<bugzilla@redhat.com>" \
|
||||
%if "%{withnetbeans}" == "1"
|
||||
--enable-netbeans \
|
||||
@ -790,6 +796,9 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags
|
||||
%{_datadir}/icons/locolor/*/apps/*
|
||||
|
||||
%changelog
|
||||
* Mon Sep 16 2019 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.1.2019-2
|
||||
- enable fips warning
|
||||
|
||||
* Tue Sep 10 2019 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.1.2019-1
|
||||
- patchlevel 2019
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user