[cryptsetup] Build with fipscheck (verification in fips mode). Clean up spec file, use install to /usr.

[Milan Broz]

commit 1deeeab3ad838c2505f8a31013d62839e77ae6c4
Author: Milan Broz <mbroz at redhat.com>
Date:   Thu May 31 13:09:54 2012 +0200

    Build with fipscheck (verification in fips mode).
    Clean up spec file, use install to /usr.

 cryptsetup.spec |   41 +++++++++++++++++++++++++----------------
 1 files changed, 25 insertions(+), 16 deletions(-)
---
diff --git a/cryptsetup.spec b/cryptsetup.spec
index be20f08..d200c48 100644
--- a/cryptsetup.spec
+++ b/cryptsetup.spec
@@ -1,18 +1,19 @@
 Summary: A utility for setting up encrypted disks
 Name: cryptsetup
 Version: 1.4.3
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2 and LGPLv2+
 Group: Applications/System
 URL: http://cryptsetup.googlecode.com/
 BuildRequires: libgcrypt-devel, popt-devel, device-mapper-devel
 BuildRequires: libgpg-error-devel, libuuid-devel, libsepol-devel
 BuildRequires: libselinux-devel, python-devel
+BuildRequires: fipscheck-devel >= 1.3.0
 Provides: cryptsetup-luks = %{version}-%{release}
 Obsoletes: cryptsetup-luks < 1.4.0
 Requires: cryptsetup-libs = %{version}-%{release}
+Requires: fipscheck-lib%{_isa} >= 1.3.0
 
-%define _root_sbindir /sbin
 %define upstream_version %{version}
 Source0: http://cryptsetup.googlecode.com/files/cryptsetup-%{upstream_version}.tar.bz2
 
@@ -38,6 +39,7 @@ Group: System Environment/Libraries
 Summary: Cryptsetup shared library
 Provides: cryptsetup-luks-libs = %{version}-%{release}
 Obsoletes: cryptsetup-luks-libs < 1.4.0
+Requires: fipscheck-lib%{_isa} >= 1.3.0
 
 %description libs
 This package contains the cryptsetup shared library, libcryptsetup.
@@ -58,24 +60,25 @@ for setting up disk encryption using dm-crypt kernel module.
 chmod -x python/pycryptsetup-test.py
 
 %build
-%configure  --sbindir=%{_root_sbindir} --libdir=/%{_lib} --enable-python
+%configure --enable-python --enable-fips
 # remove rpath
 sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
 sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
 make %{?_smp_mflags}
 
 %install
-rm -rf $RPM_BUILD_ROOT
-make install DESTDIR=$RPM_BUILD_ROOT
-rm -rf  $RPM_BUILD_ROOT/%{_lib}/*.la $RPM_BUILD_ROOT/%{_lib}/cryptsetup
-
-# move libcryptsetup.so to %%{_libdir}
-pushd $RPM_BUILD_ROOT/%{_lib}
-rm libcryptsetup.so
-mkdir -p $RPM_BUILD_ROOT/%{_libdir}
-ln -s ../../%{_lib}/$(ls libcryptsetup.so.?.?.?) $RPM_BUILD_ROOT/%{_libdir}/libcryptsetup.so
-mv $RPM_BUILD_ROOT/%{_lib}/pkgconfig $RPM_BUILD_ROOT/%{_libdir}
-popd
+# Generate HMAC checksums (FIPS)
+%define __spec_install_post \
+  %{?__debug_package:%{__debug_install_post}} \
+  %{__arch_install_post} \
+  %{__os_install_post} \
+  fipshmac -d %{buildroot}/%{_libdir}/fipscheck %{buildroot}/%{_sbindir}/cryptsetup \
+  fipshmac -d %{buildroot}/%{_libdir}/fipscheck %{buildroot}/%{_libdir}/libcryptsetup.so.* \
+%{nil}
+
+make install DESTDIR=%{buildroot}
+rm -rf %{buildroot}/%{_libdir}/*.la
+install -d %{buildroot}/%{_libdir}/fipscheck
 %find_lang cryptsetup
 
 %post -n cryptsetup-libs -p /sbin/ldconfig
@@ -85,7 +88,8 @@ popd
 %files -f cryptsetup.lang
 %doc COPYING ChangeLog AUTHORS TODO FAQ
 %{_mandir}/man8/cryptsetup.8.gz
-%{_root_sbindir}/cryptsetup
+%{_sbindir}/cryptsetup
+%{_libdir}/fipscheck/cryptsetup.hmac
 
 %files devel
 %doc docs/examples/*
@@ -95,7 +99,8 @@ popd
 
 %files libs
 %doc COPYING
-/%{_lib}/libcryptsetup.so.*
+%{_libdir}/libcryptsetup.so.*
+%{_libdir}/fipscheck/libcryptsetup.so.*.hmac
 
 %files python
 %doc COPYING.LGPL python/pycryptsetup-test.py
@@ -105,6 +110,10 @@ popd
 %clean
 
 %changelog
+* Thu May 31 2012 Milan Broz <mbroz at redhat.com> - 1.4.3-2
+- Build with fipscheck (verification in fips mode).
+- Clean up spec file, use install to /usr.
+
 * Thu May 31 2012 Milan Broz <mbroz at redhat.com> - 1.4.3-1
 - Update to cryptsetup 1.4.3.