[openswan: 1/2] - Use new fipscheck to make .hmac files placement FHS compliant
Tomáš Mráz
tmraz at fedoraproject.org
Wed Sep 8 15:34:53 UTC 2010
commit ca585fb54da831a428416a4e16e2d52da4f0e908
Author: Tomas Mraz <tmraz at redhat.com>
Date: Wed Sep 8 17:32:56 2010 +0200
- Use new fipscheck to make .hmac files placement FHS compliant
openswan.spec | 53 +++++++++++++----------------------------------------
1 files changed, 13 insertions(+), 40 deletions(-)
---
diff --git a/openswan.spec b/openswan.spec
index 6455cfb..4cf854b 100644
--- a/openswan.spec
+++ b/openswan.spec
@@ -4,13 +4,13 @@
%define USE_MODP_RFC5114 1
%define USE_NM 1
%define nss_version 3.12.3-2
-%define fipscheck_version 1.2.0-1
+%define fipscheck_version 1.3.0
Summary: IPSEC implementation with IKEv1 and IKEv2 keying protocols
Name: openswan
Version: 2.6.28
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2+
Url: http://www.openswan.org/
Source: openswan-%{version}.tar.gz
@@ -36,6 +36,7 @@ Requires(preun): /sbin/service
%if %{USE_FIPSCHECK}
BuildRequires: fipscheck-devel >= %{fipscheck_version}
+Requires: fipscheck%{_isa} >= %{fipscheck_version}
%endif
%if %{USE_LIBCAP_NG}
@@ -114,43 +115,8 @@ FS=$(pwd)
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
%{__os_install_post} \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/setup \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/addconn \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/auto \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/barf \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_copyright \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/eroute \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/ikeping \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_include \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_keycensor \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/klipsdebug \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/look \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/newhostkey \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/pf_key \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_pluto_adns \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_plutoload \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_plutorun \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/ranbits \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_realsetup \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/rsasigkey \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/pluto \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_secretcensor \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/secrets \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/showdefaults \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/showhostkey \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/showpolicy \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/spi \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/spigrp \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_startklips \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_startnetkey \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/tncfg \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_updown \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_updown.klips \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_updown.mast \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_updown.netkey \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/verify \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/whack \
- fipshmac $RPM_BUILD_ROOT%{_sbindir}/ipsec \
+ fipshmac -d $RPM_BUILD_ROOT%{_libdir}/fipscheck $RPM_BUILD_ROOT%{_libexecdir}/ipsec/* \
+ fipshmac -d $RPM_BUILD_ROOT%{_libdir}/fipscheck $RPM_BUILD_ROOT%{_sbindir}/ipsec \
%{nil}
%endif
@@ -174,6 +140,10 @@ install -d -m 0700 $RPM_BUILD_ROOT%{_localstatedir}/run/pluto
install -d $RPM_BUILD_ROOT%{_sbindir}
find $RPM_BUILD_ROOT/etc/ipsec.d -type f -exec chmod 644 {} \;
+%if %{USE_FIPSCHECK}
+mkdir -p $RPM_BUILD_ROOT%{_libdir}/fipscheck
+%endif
+
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}
install -m 600 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/ipsec.conf
@@ -209,7 +179,7 @@ rm -rf $RPM_BUILD_ROOT
%{_initrddir}/ipsec
%{_sbindir}/ipsec
%if %{USE_FIPSCHECK}
-%{_sbindir}/.ipsec.hmac
+%{_libdir}/fipscheck/*.hmac
%endif
%{_libexecdir}/ipsec
%{_mandir}/*/*.gz
@@ -230,6 +200,9 @@ fi
chkconfig --add ipsec || :
%changelog
+* Wed Sep 7 2010 Tomas Mraz <tmraz at redhat.com> - 2.6.28-2
+- Use new fipscheck to make .hmac files placement FHS compliant
+
* Fri Aug 13 2010 Avesh Agarwal <avagarwa at redhat.com> - 2.6.28-1
- New upstream release
- Updated existing patches
More information about the scm-commits
mailing list