commit libnettle for openSUSE:Factory

root Sat, 05 Oct 2019 07:20:06 -0700

Hello community,

here is the log from the commit of package libnettle for openSUSE:Factory 
checked in at 2019-10-05 16:18:33
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libnettle (Old)
 and      /work/SRC/openSUSE:Factory/.libnettle.new.2352 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "libnettle"

Sat Oct  5 16:18:33 2019 rev:33 rq:734381 version:3.5.1

Changes:
--------
--- /work/SRC/openSUSE:Factory/libnettle/libnettle.changes      2019-09-11 
10:19:40.007516172 +0200
+++ /work/SRC/openSUSE:Factory/.libnettle.new.2352/libnettle.changes    
2019-10-05 16:19:15.597600533 +0200
@@ -1,0 +2,6 @@
+Tue Oct  1 15:08:36 UTC 2019 - Vítězslav Čížek <vci...@suse.com>
+
+- Install checksums for binary integrity verification which are
+  required when running in FIPS mode (bsc#1152692, jsc#SLE-9518)
+
+-------------------------------------------------------------------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libnettle.spec ++++++
--- /var/tmp/diff_new_pack.yhC6Nu/_old  2019-10-05 16:19:16.021599429 +0200
+++ /var/tmp/diff_new_pack.yhC6Nu/_new  2019-10-05 16:19:16.021599429 +0200
@@ -31,6 +31,7 @@
 Source3:        baselibs.conf
 # PATCH-FIX-UPSTREAM respect cflags while building
 Patch0:         nettle-respect-cflags.patch
+BuildRequires:  fipscheck
 BuildRequires:  gmp-devel
 BuildRequires:  m4
 BuildRequires:  makeinfo
@@ -105,6 +106,22 @@
 %install
 %make_install
 
+# the hmac hashes:
+#
+# this is a hack that re-defines the __os_install_post macro
+# for a simple reason: the macro strips the binaries and thereby
+# invalidates a HMAC that may have been created earlier.
+# solution: create the hashes _after_ the macro runs.
+#
+# this shows up earlier because otherwise the %expand of
+# the macro is too late.
+# remark: This is the same as running
+#   openssl dgst -sha256 -hmac 'orboDeJITITejsirpADONivirpUkvarP'
+%{expand:%%global __os_install_post {%__os_install_post
+%{_bindir}/fipshmac %{buildroot}%{_libdir}/libnettle.so.%{soname}
+%{_bindir}/fipshmac %{buildroot}%{_libdir}/libhogweed.so.%{hogweed_soname}
+}}
+
 %post   -n libnettle%{soname} -p /sbin/ldconfig
 %postun -n libnettle%{soname} -p /sbin/ldconfig
 %post   -n libhogweed%{hogweed_soname} -p /sbin/ldconfig
@@ -123,10 +140,12 @@
 %doc AUTHORS ChangeLog NEWS README
 %{_libdir}/libnettle.so.%{soname}
 %{_libdir}/libnettle.so.%{soname}.*
+%{_libdir}/.libnettle.so.%{soname}.hmac
 
 %files -n libhogweed%{hogweed_soname}
 %{_libdir}/libhogweed.so.%{hogweed_soname}
 %{_libdir}/libhogweed.so.%{hogweed_soname}.*
+%{_libdir}/.libhogweed.so.%{hogweed_soname}.hmac
 
 %files -n libnettle-devel
 %{_includedir}/nettle

commit libnettle for openSUSE:Factory

Reply via email to