[openswan] - Use new fipscheck to make .hmac files placement FHS compliant

Tomáš Mráz tmraz at fedoraproject.org
Wed Sep 8 15:32:54 UTC 2010 

commit 07370e48a4b2565d90d9a2bb11319eabe94f993c
Author: Tomas Mraz <mraz at zaphne.frost.loc>
Date:   Wed Sep 8 17:32:56 2010 +0200

    - Use new fipscheck to make .hmac files placement FHS compliant

 openswan.spec |   53 +++++++++++++----------------------------------------
 1 files changed, 13 insertions(+), 40 deletions(-)
---
diff --git a/openswan.spec b/openswan.spec
index 6455cfb..4cf854b 100644
--- a/openswan.spec
+++ b/openswan.spec
@@ -4,13 +4,13 @@
 %define USE_MODP_RFC5114 1
 %define USE_NM 1
 %define nss_version 3.12.3-2
-%define fipscheck_version 1.2.0-1
+%define fipscheck_version 1.3.0
 
 Summary: IPSEC implementation with IKEv1 and IKEv2 keying protocols
 Name: openswan
 Version: 2.6.28
 
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 Url: http://www.openswan.org/
 Source: openswan-%{version}.tar.gz
@@ -36,6 +36,7 @@ Requires(preun): /sbin/service
 
 %if %{USE_FIPSCHECK}
 BuildRequires: fipscheck-devel >= %{fipscheck_version}
+Requires: fipscheck%{_isa} >= %{fipscheck_version}
 %endif
 
 %if %{USE_LIBCAP_NG}
@@ -114,43 +115,8 @@ FS=$(pwd)
     %{?__debug_package:%{__debug_install_post}} \
     %{__arch_install_post} \
     %{__os_install_post} \
-  fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/setup \
-  fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/addconn \
-  fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/auto \
-  fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/barf \
-  fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_copyright \
-  fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/eroute \
-  fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/ikeping \
-  fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_include \
-  fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_keycensor \
-  fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/klipsdebug \
-  fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/look \
-  fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/newhostkey \
-  fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/pf_key \
-  fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_pluto_adns \
-  fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_plutoload \
-  fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_plutorun \
-  fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/ranbits \
-  fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_realsetup \
-  fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/rsasigkey \
-  fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/pluto \
-  fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_secretcensor \
-  fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/secrets \
-  fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/showdefaults \
-  fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/showhostkey \
-  fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/showpolicy \
-  fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/spi \
-  fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/spigrp \
-  fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_startklips \
-  fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_startnetkey \
-  fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/tncfg \
-  fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_updown \
-  fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_updown.klips \
-  fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_updown.mast \
-  fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_updown.netkey \
-  fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/verify \
-  fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/whack \
-  fipshmac $RPM_BUILD_ROOT%{_sbindir}/ipsec \
+  fipshmac -d $RPM_BUILD_ROOT%{_libdir}/fipscheck $RPM_BUILD_ROOT%{_libexecdir}/ipsec/* \
+  fipshmac -d $RPM_BUILD_ROOT%{_libdir}/fipscheck $RPM_BUILD_ROOT%{_sbindir}/ipsec \
 %{nil}
 %endif
 
@@ -174,6 +140,10 @@ install -d -m 0700 $RPM_BUILD_ROOT%{_localstatedir}/run/pluto
 install -d $RPM_BUILD_ROOT%{_sbindir}
 find $RPM_BUILD_ROOT/etc/ipsec.d -type f -exec chmod 644 {} \;
 
+%if %{USE_FIPSCHECK}
+mkdir -p $RPM_BUILD_ROOT%{_libdir}/fipscheck
+%endif
+
 mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}
 install -m 600 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/ipsec.conf
 
@@ -209,7 +179,7 @@ rm -rf $RPM_BUILD_ROOT
 %{_initrddir}/ipsec
 %{_sbindir}/ipsec
 %if %{USE_FIPSCHECK}
-%{_sbindir}/.ipsec.hmac
+%{_libdir}/fipscheck/*.hmac
 %endif
 %{_libexecdir}/ipsec
 %{_mandir}/*/*.gz
@@ -230,6 +200,9 @@ fi
 chkconfig --add ipsec || :
 
 %changelog
+* Wed Sep  7 2010 Tomas Mraz <tmraz at redhat.com> - 2.6.28-2
+- Use new fipscheck to make .hmac files placement FHS compliant
+
 * Fri Aug 13 2010 Avesh Agarwal <avagarwa at redhat.com> - 2.6.28-1
 - New upstream release
 - Updated existing patches

More information about the scm-commits mailing list