diff --git a/crypto-policies-git71ca85f.tar.gz b/crypto-policies-git71ca85f.tar.gz deleted file mode 100644 index 9506b48..0000000 Binary files a/crypto-policies-git71ca85f.tar.gz and /dev/null differ diff --git a/crypto-policies-gitc40cede.tar.gz b/crypto-policies-gitc40cede.tar.gz new file mode 100644 index 0000000..dd7addb Binary files /dev/null and b/crypto-policies-gitc40cede.tar.gz differ diff --git a/crypto-policies.spec b/crypto-policies.spec index 93b3356..b475bc9 100644 --- a/crypto-policies.spec +++ b/crypto-policies.spec @@ -1,9 +1,10 @@ -%global git_date 20180925 -%global git_commit_hash 71ca85f +%global git_date 20200702 +%global git_commit c40cedee6e5225dc72e590f9ff0282d876a2e5d5 +%global git_commit_hash c40cede Name: crypto-policies Version: %{git_date} -Release: 3.git%{git_commit_hash} +Release: 1.git%{git_commit_hash} Summary: Crypto policies package for Fedora License: LGPLv2+ @@ -11,7 +12,7 @@ URL: https://gitlab.com/redhat-crypto/fedora-crypto-policies # This is a tarball of the git repository without the .git/ # directory. -Source0: crypto-policies-git%{git_commit_hash}.tar.gz +Source0: https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/archive/%{git_commit_hash}/%{name}-git%{git_commit_hash}.tar.gz BuildArch: noarch BuildRequires: asciidoc @@ -24,7 +25,7 @@ BuildRequires: perl-interpreter BuildRequires: perl-generators BuildRequires: perl(File::pushd), perl(File::Temp), perl(File::Copy) BuildRequires: perl(File::Which) -BuildRequires: python3 +BuildRequires: python3-devel # used by update-crypto-policies Requires: coreutils @@ -43,9 +44,26 @@ SSL/TLS libraries. The policy set by the tool will be the default policy used by these back-ends unless the application user configures them otherwise. https://fedoraproject.org/wiki/Changes/CryptoPolicy +%package scripts +Summary: Tool to switch between crypto policies +Requires: %{name} = %{version}-%{release} +Recommends: grubby + +# fips-mode-setup merged into the scripts subpackage +Obsoletes: fips-mode-setup < 20200702-1.c40cede +Provides: fips-mode-setup = %{version}-%{release} + +%description scripts +This package provides a tool update-crypto-policies, which applies +the policies provided by the crypto-policies package. These can be +either the pre-built policies from the base package or custom policies +defined in simple policy definition files. + +The package also provides a tool fips-mode-setup, which can be used +to enable or disable the system FIPS mode. %prep -%setup -q -n %{name} +%setup -q -n fedora-%{name}-%{git_commit_hash}-%{git_commit} %build make %{?_smp_mflags} @@ -53,25 +71,39 @@ make %{?_smp_mflags} %install mkdir -p -m 755 %{buildroot}%{_datarootdir}/crypto-policies/ mkdir -p -m 755 %{buildroot}%{_sysconfdir}/crypto-policies/back-ends/ +mkdir -p -m 755 %{buildroot}%{_sysconfdir}/crypto-policies/state/ mkdir -p -m 755 %{buildroot}%{_sysconfdir}/crypto-policies/local.d/ -mkdir -p -m 755 %{buildroot}%{_mandir}/man8 +mkdir -p -m 755 %{buildroot}%{_sysconfdir}/crypto-policies/policies/ +mkdir -p -m 755 %{buildroot}%{_sysconfdir}/crypto-policies/policies/modules/ mkdir -p -m 755 %{buildroot}%{_bindir} -make DESTDIR=%{buildroot} DIR=%{_datarootdir}/crypto-policies MANDIR=%{_mandir}/man8 %{?_smp_mflags} install +make DESTDIR=%{buildroot} DIR=%{_datarootdir}/crypto-policies MANDIR=%{_mandir} %{?_smp_mflags} install install -p -m 644 default-config %{buildroot}%{_sysconfdir}/crypto-policies/config +# Create back-end configs for mounting with read-only /etc/ +for d in LEGACY DEFAULT FUTURE FIPS ; do + for f in %{buildroot}%{_datarootdir}/crypto-policies/$d/* ; do + ln -s $(basename $f) $(dirname $f)/$(basename $f .txt).config + done +done + +%py_byte_compile %{__python3} %{buildroot}%{_datadir}/crypto-policies/python + %check make check %{?_smp_mflags} %post -%{_bindir}/update-crypto-policies --no-check >/dev/null +%{_bindir}/update-crypto-policies --no-check >/dev/null 2>/dev/null || : %files %dir %{_sysconfdir}/crypto-policies/ %dir %{_sysconfdir}/crypto-policies/back-ends/ +%dir %{_sysconfdir}/crypto-policies/state/ %dir %{_sysconfdir}/crypto-policies/local.d/ +%dir %{_sysconfdir}/crypto-policies/policies/ +%dir %{_sysconfdir}/crypto-policies/policies/modules/ %dir %{_datarootdir}/crypto-policies/ %config(noreplace) %{_sysconfdir}/crypto-policies/config @@ -89,24 +121,31 @@ make check %{?_smp_mflags} %ghost %{_sysconfdir}/crypto-policies/back-ends/libreswan.config %{_bindir}/update-crypto-policies -%{_bindir}/fips-mode-setup -%{_bindir}/fips-finish-install -%{_mandir}/man8/update-crypto-policies.8.gz -%{_mandir}/man8/fips-mode-setup.8.gz -%{_mandir}/man8/fips-finish-install.8.gz +%{_mandir}/man7/crypto-policies.7* +%{_mandir}/man8/update-crypto-policies.8* %{_datarootdir}/crypto-policies/LEGACY/* %{_datarootdir}/crypto-policies/DEFAULT/* -%{_datarootdir}/crypto-policies/NEXT/* %{_datarootdir}/crypto-policies/FUTURE/* %{_datarootdir}/crypto-policies/FIPS/* %{_datarootdir}/crypto-policies/EMPTY/* %{_datarootdir}/crypto-policies/default-config %{_datarootdir}/crypto-policies/reload-cmds.sh +%{_datarootdir}/crypto-policies/policies +%{_datarootdir}/crypto-policies/python + +%files scripts +%{_bindir}/fips-mode-setup +%{_bindir}/fips-finish-install +%{_mandir}/man8/fips-mode-setup.8* +%{_mandir}/man8/fips-finish-install.8* %{!?_licensedir:%global license %%doc} %license COPYING.LESSER %changelog +* Sat Aug 1 2020 yang_zhuang_zhuang - 20200702-1.gitc40cede +- update version to 20200702 + * Sun Mar 15 2020 openEuler Buildteam - 20180925-3.git71ca85f - fix make check failed