libkcapi/libkcapi.spec

%global sysctl_prio       50
%global sysctl_optmem_max 81920
%global distroname_ext    %{_vendor}

# Define enable_docbook_pdf to 0,
# if you don't need pdf and ps document.
%global enable_docbook_pdf 1

# Calculate hmac file after installing for binary
%define __spec_install_post                    \
%{?__debug_package:%{__debug_install_post}}    \
%{__arch_install_post}                         \
%{__os_install_post}                           \
bin/kcapi-hasher -n sha512hmac %{buildroot}%{_bindir}/sha1hmac   | cut -f 1 -d ' ' > %{buildroot}/%{_lib}/hmaccalc/sha1hmac.hmac        \
bin/kcapi-hasher -n sha512hmac %{buildroot}%{_bindir}/sha224hmac | cut -f 1 -d ' ' > %{buildroot}/%{_lib}/hmaccalc/sha224hmac.hmac      \
bin/kcapi-hasher -n sha512hmac %{buildroot}%{_bindir}/sha256hmac | cut -f 1 -d ' ' > %{buildroot}/%{_lib}/hmaccalc/sha256hmac.hmac      \
bin/kcapi-hasher -n sha512hmac %{buildroot}%{_bindir}/sha384hmac | cut -f 1 -d ' ' > %{buildroot}/%{_lib}/hmaccalc/sha384hmac.hmac      \
bin/kcapi-hasher -n sha512hmac %{buildroot}%{_bindir}/sha512hmac | cut -f 1 -d ' ' > %{buildroot}/%{_lib}/hmaccalc/sha512hmac.hmac      \
bin/kcapi-hasher -n sha512hmac %{buildroot}%{_bindir}/sm3hmac | cut -f 1 -d ' ' > %{buildroot}/%{_lib}/hmaccalc/sm3hmac.hmac            \
hardlink -cfv %{buildroot}%{_bindir}           \
bin/kcapi-hasher -n fipshmac -d %{buildroot}/%{_lib}/fipscheck   %{buildroot}/%{_lib}/libkcapi.so.%{version} || exit 1      \
ln -s libkcapi.so.%{version}.hmac    %{buildroot}/%{_lib}/fipscheck/libkcapi.so.1.hmac   \
%{nil}

Name:           libkcapi
Version:        1.4.0
Release:        6
Summary:        libkcapi - Linux Kernel Crypto API User Space Interface Library

License:        BSD or GPLv2
URL:            http://www.chronox.de/%{name}.html
Source0:        http://www.chronox.de/%{name}/%{name}-%{version}.tar.xz
Source1:        http://www.chronox.de/%{name}/%{name}-%{version}.tar.xz.asc

Patch0:       libkcapi-1.1.1-lib_Fix_kcapi_handle_destroy_closing_FD_0.patch
Patch1:       backport-Append-newline-to-stdout.patch
Patch2:       backport-Prevent-cppcheck-from-defining-CHECK_DIR.patch

BuildRequires:  clang coreutils cppcheck gcc hardlink
BuildRequires:  libtool openssl perl systemd xmlto  kernel-headers >= 4.10.0
%if 0%{?enable_docbook_pdf}
BuildRequires:  docbook-utils-pdf
%endif

Requires:       systemd

Provides:       %{name}-tools
Provides:       hmaccalc          == 0.9.14-10.1
Provides:       hmaccalc%{?_isa}  == 0.9.14-10.1
Provides:       %{name}-hmaccalc

Obsoletes:      %{name}-replacements <= %{version}-%{release}
Obsoletes:      %{name}-tools
Obsoletes:      hmaccalc          <= 0.9.14-10
Obsoletes:      %{name}-hmaccalc

%description
The Linux kernel exports a Netlink interface of type AF_ALG to allow user space to utilize the kernel crypto API.
libkcapi uses this Netlink interface and exports easy to use APIs so that a developer does not need to consider the low-level Netlink interface handling.
The library does not implement any cipher algorithms. All consumer requests are sent to the kernel for processing.
Results from the kernel crypto API are returned to the consumer via the library API.

%package        devel
Summary:        Development files for the %{name} package
Requires:       %{name} == %{version}-%{release}

Obsoletes:      %{name}-static
Provides:       %{name}-static

%description    devel
Header files for applications that use %{name}.

%package tests
Summary:        Testing scripts for the %{name} package
Requires:       %{name}%{?_isa}  == %{version}-%{release}
Requires:       %{name}-tools
Requires:       %{name}-hmaccalc
Requires:       coreutils
Requires:       openssl
Requires:       perl

%description    tests
Auxiliary scripts for testing %{name}.

%package_help

%prep
%autosetup -p 1

cat << EOF > README.%{distroname_ext}
This package increases the default limit of the ancillary buffer size
per kernel socket defined in \`net.core.optmem_max\` to %{sysctl_optmem_max} bytes.

For this preset to become active it requires a reboot after the
installation of this package.  You can also manually increase this
limit by invocing \`sysctl net.core.optmem_max=%{sysctl_optmem_max}\` as the
super-user, e.g. using \`su\` or \`sudo\` on the terminal.

This is done to provide consumers of the new Linux Kernel Crypto API
User Space Interface a well sufficient and reasonable maximum limit
by default, especially when using AIO with a larger amount of IOVECs.

For further information about the AF_ALG kernel socket and AIO, see
the discussion at the kernel-crypto mailing-list:
https://www.mail-archive.com/linux-crypto@vger.kernel.org/msg30417.html

See the instructions given in '%{_sysctldir}/50-default.conf',
if you need or want to override the preset made by this package.
EOF

cat << EOF > %{sysctl_prio}-%{name}-optmem_max.conf
# See the 'README.%{distroname_ext}' file shipped in %%doc
# with the %{name} package.
#
# See '%{_sysctldir}/50-default.conf',
# if you need or want to override this preset.

# Increase the ancillary buffer size per socket.
net.core.optmem_max = %{sysctl_optmem_max}
EOF

%{_bindir}/autoreconf -fiv


%build
%configure               \
  --libdir=/%{_lib}      \
  --disable-silent-rules \
  --enable-kcapi-encapp  \
  --enable-kcapi-dgstapp \
  --enable-kcapi-hasher  \
  --enable-kcapi-rngapp  \
  --enable-kcapi-speed   \
  --enable-kcapi-test    \
  --enable-shared        \
  --enable-static        \
  --enable-sum-prefix=   \
  --enable-sum-dir=/%{_lib} \
  --with-pkgconfigdir=%{_libdir}/pkgconfig
%make_build all doc


%install
%make_install

# Install sysctl.d preset.
mkdir -p %{buildroot}%{_sysctldir}
install -Dpm 0644 -t %{buildroot}%{_sysctldir} %{sysctl_prio}-%{name}-optmem_max.conf

# Install into proper location for inclusion by %%doc.
mkdir -p %{buildroot}%{_pkgdocdir}
install -Dpm 0644 -t %{buildroot}%{_pkgdocdir} README.%{distroname_ext}  README.md CHANGES.md TODO
%if 0%{?enable_docbook_pdf}
install -Dpm 0644 -t %{buildroot}%{_pkgdocdir} doc/%{name}.p{df,s}
%endif
cp -pr lib/doc/html %{buildroot}%{_pkgdocdir}

# Install replacement tools, if enabled.
rm -f %{buildroot}%{_bindir}/md5sum       \
      %{buildroot}%{_bindir}/sha*sum      \
      %{buildroot}%{_bindir}/fips*        \
      %{buildroot}%{_bindir}/sm*sum

find %{buildroot} -type f -name '*.la' -print -delete
find %{buildroot} -type f -name '*.hmac' -print -delete
find %{buildroot} -type f -size 0 -print -delete
find %{buildroot}%{_pkgdocdir} -type f -print | xargs %{__chmod} -c 0644
find %{buildroot}%{_pkgdocdir} -type d -print | xargs %{__chmod} -c 0755

for d in %{_mandir} %{_pkgdocdir}; do
  hardlink -cfv %{buildroot}$d
done

%ldconfig_scriptlets

%check
for t in cppcheck scan;do
    %make_build $t
done

pushd test
ENABLE_FUZZ_TEST=1 \
NO_32BIT_TEST=1 \
./test-invocation.sh ||:
popd

%files
%doc %dir %{_pkgdocdir}
%doc %{_pkgdocdir}/README.md
%license COPYING*
/%{_lib}/%{name}.so.*
/%{_lib}/fipscheck/%{name}.so.*
%doc %{_pkgdocdir}/README.%{distroname_ext}
%{_sysctldir}/%{sysctl_prio}-%{name}-optmem_max.conf
%{_bindir}/kcapi*
%{_bindir}/sha*hmac
%{_bindir}/sm*hmac
/%{_lib}/hmaccalc/sha*hmac.hmac
/%{_lib}/hmaccalc/sm*hmac.hmac

%files          devel
%doc %{_pkgdocdir}/CHANGES.md
%doc %{_pkgdocdir}/TODO
%{_includedir}/kcapi.h
/%{_lib}/%{name}.so
%{_libdir}/pkgconfig/%{name}.pc
/%{_lib}/%{name}.a

%files          tests
%{_libexecdir}/%{name}/*

%files          help
%doc %{_pkgdocdir}
%exclude %{_pkgdocdir}/README.md
%exclude %{_pkgdocdir}/README.%{distroname_ext}
%exclude %{_pkgdocdir}/CHANGES.md
%exclude %{_pkgdocdir}/TODO
%{_mandir}/man1/kcapi*.1.*
%{_mandir}/man3/kcapi_*.3.*

%changelog
* Thu Jan 18 2024 yixiangzhike <yixiangzhike007@163.com> - 1.4.0-6
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:simplified control macro

* Wed Aug 16 2023 yixiangzhike <yixiangzhike007@163.com> - 1.4.0-5
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:refix the failure of building with cppcheck>=2.11 by using upstream patch

* Tue Aug 15 2023 yixiangzhike <yixiangzhike007@163.com> - 1.4.0-4
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:append newline to command /usr/bin/sha*hmac

* Tue Jul 25 2023 yixiangzhike <yixiangzhike007@163.com> - 1.4.0-3
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:fix the failure of building with cppcheck >= 2.11

* Fri Apr 28 2023 yixiangzhike <yixiangzhike007@163.com> - 1.4.0-2
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:calculate hmac file after installing for binary

* Wed Nov 16 2022 yixiangzhike <yixiangzhike007@163.com> - 1.4.0-1
- Type:enhancement
- ID:NA
- SUG:NA
- DESC:Update to 1.4.0

* Wed Jul 13 2022 yixiangzhike <yixiangzhike007@163.com> - 1.3.1-5
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:add macro to control docbook-utils-pdf dependency

* Fri Apr 29 2022 yixiangzhike <yixiangzhike007@163.com> - 1.3.1-4
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:delete duplicate files from libkcapi-help

* Fri Apr 15 2022 yixiangzhike <yixiangzhike007@163.com> - 1.3.1-3
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:fix printf usage errors highlighted by covscan

* Wed Jan 26 2022 yixiangzhike <yixiangzhike007@163.com> - 1.3.1-2
- Type:enhancement
- ID:NA
- SUG:NA
- DESC:enable test suite in check

* Thu Dec 30 2021 yixiangzhike <yixiangzhike007@163.com> - 1.3.1-1
- Type:enhancement
- ID:NA
- SUG:NA
- DESC:Update to 1.3.1

* Fri Jul 30 2021 chenyanpanHW <chenyanpan@huawei.com> - 1.2.0-5
- DESC: delete -S git from %autosetup, and delete BuildRequires git

* Fri Nov 20 2020 panxiaohe <panxiaohe@huawei.com> - 1.2.0-4
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:Solve the failure when installing libkcapi-devel

* Thu Oct 22 2020 zhangxingliang <zhangxingliang3@huawei.com> - 1.2.0-3
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:Solve the failure when installing libkcapi-tests

* Fri Oct 16 2020 zhangxingliang <zhangxingliang3@huawei.com> - 1.2.0-2
- Type:enhancement
- ID:NA
- SUG:NA
- DESC:Detach the sub package libkcapi-tests from libkcapi

* Fri Jul 17 2020 yang_zhuang_zhuang<yangzhuangzhuang1@huawei.com> - 1.2.0-1
- Type:enhancement
- ID:NA
- SUG:NA
- DESC:update to 1.2.0

* Thu Nov 14 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.1.5-2
- Correct provides of hmaccalc

* Tue Sep 3 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.1.5-1
- Package init