[fipscheck/f20] add prelink blacklist
Tomáš Mráz
tmraz at fedoraproject.org
Fri Sep 20 10:12:07 UTC 2013
commit 0ea759ba201acfb24263ba14b9a345a6b58f8beb
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: Fri Sep 20 12:11:54 2013 +0200
add prelink blacklist
fipscheck.conf | 2 ++
fipscheck.spec | 40 ++++++++++++++++++++++++++--------------
2 files changed, 28 insertions(+), 14 deletions(-)
---
diff --git a/fipscheck.conf b/fipscheck.conf
new file mode 100644
index 0000000..3d0ce65
--- /dev/null
+++ b/fipscheck.conf
@@ -0,0 +1,2 @@
+-b /lib{,64}/libfipscheck.so.*
+-b /usr/bin/fipscheck
diff --git a/fipscheck.spec b/fipscheck.spec
index 2d1a349..7f698e7 100644
--- a/fipscheck.spec
+++ b/fipscheck.spec
@@ -1,13 +1,15 @@
Summary: A library for integrity verification of FIPS validated modules
Name: fipscheck
Version: 1.4.1
-Release: 1%{?dist}
+Release: 2%{?dist}
License: BSD
Group: System Environment/Libraries
# This is a Red Hat maintained package which is specific to
# our distribution.
URL: http://fedorahosted.org/fipscheck/
Source0: http://fedorahosted.org/releases/f/i/%{name}/%{name}-%{version}.tar.bz2
+# Prelink blacklist
+Source1: fipscheck.conf
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
@@ -62,6 +64,11 @@ find $RPM_BUILD_ROOT -type f -name "*.la" -delete
mkdir -p $RPM_BUILD_ROOT%{_libdir}/fipscheck
+# Prelink blacklist
+mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/prelink.conf.d
+install -m644 %{SOURCE1} \
+ $RPM_BUILD_ROOT/%{_sysconfdir}/prelink.conf.d/fipscheck.conf
+
%clean
rm -rf $RPM_BUILD_ROOT
@@ -82,6 +89,8 @@ rm -rf $RPM_BUILD_ROOT
%{_libdir}/libfipscheck.so.*
%dir %{_libdir}/fipscheck
%{_libdir}/fipscheck/libfipscheck.so.*.hmac
+%dir %{_sysconfdir}/prelink.conf.d
+%{_sysconfdir}/prelink.conf.d/fipscheck.conf
%files devel
%defattr(-,root,root,-)
@@ -90,44 +99,47 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man3/*
%changelog
-* Tue Sep 10 2013 Tomáš Mráz - 1.4.1-1
+* Fri Sep 20 2013 Tomáš Mráz <tmraz at redhat.com> - 1.4.1-2
+- add prelink blacklist
+
+* Tue Sep 10 2013 Tomáš Mráz <tmraz at redhat.com> - 1.4.1-1
- fix inverted condition in FIPSCHECK_verify_ex()
-* Fri Sep 6 2013 Tomáš Mráz - 1.4.0-1
+* Fri Sep 6 2013 Tomáš Mráz <tmraz at redhat.com>- 1.4.0-1
- added new API calls to support setting hmac suffix
-* Mon Apr 16 2012 Tomas Mraz - 1.3.1-1
+* Mon Apr 16 2012 Tomas Mraz <tmraz at redhat.com>- 1.3.1-1
- manual pages added by Paul Wouters
-* Tue Sep 7 2010 Tomas Mraz - 1.3.0-1
+* Tue Sep 7 2010 Tomas Mraz <tmraz at redhat.com>- 1.3.0-1
- look up the hmac files in the _libdir/fipscheck first
-* Tue May 26 2009 Tomas Mraz - 1.2.0-1
+* Tue May 26 2009 Tomas Mraz <tmraz at redhat.com>- 1.2.0-1
- add lib subpackage to avoid multilib on the base package
- add ability to compute hmacs on multiple files at once
- improved debugging with FIPSCHECK_DEBUG
-* Thu Mar 19 2009 Tomas Mraz - 1.1.1-1
+* Thu Mar 19 2009 Tomas Mraz <tmraz at redhat.com>- 1.1.1-1
- move binaries and libraries to /usr
-* Wed Mar 18 2009 Tomas Mraz - 1.1.0-1
+* Wed Mar 18 2009 Tomas Mraz <tmraz at redhat.com>- 1.1.0-1
- hmac check itself as required by FIPS
-* Mon Feb 9 2009 Tomas Mraz - 1.0.4-1
+* Mon Feb 9 2009 Tomas Mraz <tmraz at redhat.com>- 1.0.4-1
- add some docs to the README, require current openssl in Fedora
-* Fri Oct 24 2008 Tomas Mraz - 1.0.3-1
+* Fri Oct 24 2008 Tomas Mraz <tmraz at redhat.com>- 1.0.3-1
- use OpenSSL in FIPS mode to do the HMAC checksum instead of NSS
-* Tue Sep 9 2008 Tomas Mraz - 1.0.2-1
+* Tue Sep 9 2008 Tomas Mraz <tmraz at redhat.com>- 1.0.2-1
- fix test for prelink
-* Mon Sep 8 2008 Tomas Mraz - 1.0.1-1
+* Mon Sep 8 2008 Tomas Mraz <tmraz at redhat.com>- 1.0.1-1
- put binaries in /bin and libraries in /lib as fipscheck
will be used by modules in /lib
-* Mon Sep 8 2008 Tomas Mraz - 1.0.0-2
+* Mon Sep 8 2008 Tomas Mraz <tmraz at redhat.com>- 1.0.0-2
- minor fixes for package review
-* Wed Sep 3 2008 Tomas Mraz - 1.0.0-1
+* Wed Sep 3 2008 Tomas Mraz <tmraz at redhat.com>- 1.0.0-1
- Initial spec file
More information about the scm-commits
mailing list