[cryptsetup] Build with fipscheck (verification in fips mode). Clean up spec file, use install to /usr.
Milan Broz
mbroz at fedoraproject.org
Thu May 31 11:10:13 UTC 2012
commit 1deeeab3ad838c2505f8a31013d62839e77ae6c4
Author: Milan Broz <mbroz at redhat.com>
Date: Thu May 31 13:09:54 2012 +0200
Build with fipscheck (verification in fips mode).
Clean up spec file, use install to /usr.
cryptsetup.spec | 41 +++++++++++++++++++++++++----------------
1 files changed, 25 insertions(+), 16 deletions(-)
---
diff --git a/cryptsetup.spec b/cryptsetup.spec
index be20f08..d200c48 100644
--- a/cryptsetup.spec
+++ b/cryptsetup.spec
@@ -1,18 +1,19 @@
Summary: A utility for setting up encrypted disks
Name: cryptsetup
Version: 1.4.3
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2 and LGPLv2+
Group: Applications/System
URL: http://cryptsetup.googlecode.com/
BuildRequires: libgcrypt-devel, popt-devel, device-mapper-devel
BuildRequires: libgpg-error-devel, libuuid-devel, libsepol-devel
BuildRequires: libselinux-devel, python-devel
+BuildRequires: fipscheck-devel >= 1.3.0
Provides: cryptsetup-luks = %{version}-%{release}
Obsoletes: cryptsetup-luks < 1.4.0
Requires: cryptsetup-libs = %{version}-%{release}
+Requires: fipscheck-lib%{_isa} >= 1.3.0
-%define _root_sbindir /sbin
%define upstream_version %{version}
Source0: http://cryptsetup.googlecode.com/files/cryptsetup-%{upstream_version}.tar.bz2
@@ -38,6 +39,7 @@ Group: System Environment/Libraries
Summary: Cryptsetup shared library
Provides: cryptsetup-luks-libs = %{version}-%{release}
Obsoletes: cryptsetup-luks-libs < 1.4.0
+Requires: fipscheck-lib%{_isa} >= 1.3.0
%description libs
This package contains the cryptsetup shared library, libcryptsetup.
@@ -58,24 +60,25 @@ for setting up disk encryption using dm-crypt kernel module.
chmod -x python/pycryptsetup-test.py
%build
-%configure --sbindir=%{_root_sbindir} --libdir=/%{_lib} --enable-python
+%configure --enable-python --enable-fips
# remove rpath
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
make %{?_smp_mflags}
%install
-rm -rf $RPM_BUILD_ROOT
-make install DESTDIR=$RPM_BUILD_ROOT
-rm -rf $RPM_BUILD_ROOT/%{_lib}/*.la $RPM_BUILD_ROOT/%{_lib}/cryptsetup
-
-# move libcryptsetup.so to %%{_libdir}
-pushd $RPM_BUILD_ROOT/%{_lib}
-rm libcryptsetup.so
-mkdir -p $RPM_BUILD_ROOT/%{_libdir}
-ln -s ../../%{_lib}/$(ls libcryptsetup.so.?.?.?) $RPM_BUILD_ROOT/%{_libdir}/libcryptsetup.so
-mv $RPM_BUILD_ROOT/%{_lib}/pkgconfig $RPM_BUILD_ROOT/%{_libdir}
-popd
+# Generate HMAC checksums (FIPS)
+%define __spec_install_post \
+ %{?__debug_package:%{__debug_install_post}} \
+ %{__arch_install_post} \
+ %{__os_install_post} \
+ fipshmac -d %{buildroot}/%{_libdir}/fipscheck %{buildroot}/%{_sbindir}/cryptsetup \
+ fipshmac -d %{buildroot}/%{_libdir}/fipscheck %{buildroot}/%{_libdir}/libcryptsetup.so.* \
+%{nil}
+
+make install DESTDIR=%{buildroot}
+rm -rf %{buildroot}/%{_libdir}/*.la
+install -d %{buildroot}/%{_libdir}/fipscheck
%find_lang cryptsetup
%post -n cryptsetup-libs -p /sbin/ldconfig
@@ -85,7 +88,8 @@ popd
%files -f cryptsetup.lang
%doc COPYING ChangeLog AUTHORS TODO FAQ
%{_mandir}/man8/cryptsetup.8.gz
-%{_root_sbindir}/cryptsetup
+%{_sbindir}/cryptsetup
+%{_libdir}/fipscheck/cryptsetup.hmac
%files devel
%doc docs/examples/*
@@ -95,7 +99,8 @@ popd
%files libs
%doc COPYING
-/%{_lib}/libcryptsetup.so.*
+%{_libdir}/libcryptsetup.so.*
+%{_libdir}/fipscheck/libcryptsetup.so.*.hmac
%files python
%doc COPYING.LGPL python/pycryptsetup-test.py
@@ -105,6 +110,10 @@ popd
%clean
%changelog
+* Thu May 31 2012 Milan Broz <mbroz at redhat.com> - 1.4.3-2
+- Build with fipscheck (verification in fips mode).
+- Clean up spec file, use install to /usr.
+
* Thu May 31 2012 Milan Broz <mbroz at redhat.com> - 1.4.3-1
- Update to cryptsetup 1.4.3.
More information about the scm-commits
mailing list