commit libgcrypt for openSUSE:Factory

Sat, 25 Nov 2023 12:42:09 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package libgcrypt for openSUSE:Factory 
checked in at 2023-11-23 21:38:31
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libgcrypt (Old)
 and      /work/SRC/openSUSE:Factory/.libgcrypt.new.25432 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "libgcrypt"

Thu Nov 23 21:38:31 2023 rev:101 rq:1127966 version:1.10.3

Changes:
--------
--- /work/SRC/openSUSE:Factory/libgcrypt/libgcrypt.changes      2023-11-17 
20:47:58.881614933 +0100
+++ /work/SRC/openSUSE:Factory/.libgcrypt.new.25432/libgcrypt.changes   
2023-11-23 21:38:33.266864091 +0100
@@ -1,0 +2,6 @@
+Tue Nov 21 10:36:09 UTC 2023 - Otto Hollmann <otto.hollm...@suse.com>
+
+- Re-create HMAC checksum after RPM build strips the library
+  (bsc#1217058)
+
+-------------------------------------------------------------------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libgcrypt.spec ++++++
--- /var/tmp/diff_new_pack.xG18jt/_old  2023-11-23 21:38:34.046892826 +0100
+++ /var/tmp/diff_new_pack.xG18jt/_new  2023-11-23 21:38:34.050892974 +0100
@@ -131,11 +131,27 @@
 # run the regression tests also in FIPS mode
 LIBGCRYPT_FORCE_FIPS_MODE=1 make -k check || true
 
-# Install the FIPS hmac file
-cp src/.libgcrypt.so.%{libsover}.hmac %{buildroot}%{_libdir}/
-
 %install
 %make_install
+
+# this is a hack that re-defines the __spec_install_post macro
+# for a simple reason: the macro strips the binaries and thereby
+# invalidates a HMAC that may have been created earlier.
+# solution: create the hashes _after_ the macro runs.
+
+%define libpath %{buildroot}%{_libdir}/libgcrypt.so.%{libsover}.?.?
+%define __spec_install_post \
+    %{?__debug_package:%{__debug_install_post}} \
+    %{__arch_install_post} \
+    %{__os_install_post} \
+    cd src \
+    sed -i -e 's|FILE=.*|FILE=\\\$1|' gen-note-integrity.sh \
+    READELF=readelf AWK=awk ECHO_N="-n" bash gen-note-integrity.sh %{libpath} 
> %{libpath}.hmac \
+    objcopy --update-section .note.fdo.integrity=%{libpath}.hmac %{libpath} 
%{libpath}.new \
+    mv -f %{libpath}.new %{libpath} \
+    rm -f %{libpath}.hmac \
+%{nil}
+
 rm %{buildroot}%{_libdir}/%{name}.la
 
 # Create /etc/gcrypt directory and install random.conf
@@ -153,7 +169,6 @@
 %dir %{_sysconfdir}/gcrypt
 %config(noreplace) %{_sysconfdir}/gcrypt/random.conf
 %config(noreplace) %{_sysconfdir}/gcrypt/hwf.deny
-%{_libdir}/.libgcrypt.so.*.hmac
 
 %files devel
 %license COPYING COPYING.LIB LICENSES

Reply via email to