From 0a59c902e02230d79f2a803286368c0db44b24be Mon Sep 17 00:00:00 2001 From: Björn Esser Date: Sep 23 2020 19:49:44 +0000 Subject: Move file generation to %%prep for easier debugging --- diff --git a/AusweisApp2.spec b/AusweisApp2.spec index 4c3a87c..6a840d3 100644 --- a/AusweisApp2.spec +++ b/AusweisApp2.spec @@ -129,6 +129,42 @@ This package contains the user and API documentation for %{name}. %forgeautosetup -p 1 install -pm 0644 %{SOURCE1} LICENSE.en.txt +# Create custom configuration for OpenSSL basing on the system's default +# configuration to enable all ciphers required by the application. +# This basically modifies the system's default configuration to enable +# all RSA-PSK algorithms and the ciphers using SHA384. +# A shell wrapper around the AusweisApp2 binary will take care of injecting +# this configuration before application startup and only for this specific +# application. +cat << EOF > %{name}_openssl.cnf +# This application specific OpenSSL configuration file basically +# modifies the system's default configuration to enable all +# RSA-PSK algorithms and the ciphers using SHA384, which are +# needed for AusweisApp2 to have full functionality. + +openssl_conf = AusweisApp2_conf + +[AusweisApp2_conf] +ssl_conf = AusweisApp2_OpenSSL + +[AusweisApp2_OpenSSL] +system_default = AusweisApp2_ciphers + +[AusweisApp2_ciphers] +EOF +grep 'CipherString' %{_datadir}/crypto-policies/DEFAULT/opensslcnf.txt | \ +sed -e 's!:-!:kRSAPSK&!' -e 's!:-kRSAPSK!!' -e 's!:-SHA384!!' \ + >> %{name}_openssl.cnf +grep -v 'CipherString' %{_datadir}/crypto-policies/DEFAULT/opensslcnf.txt \ + >> %{name}_openssl.cnf + +# Create the shell wrapper. +cat << EOF > %{name}_wrapper.sh +#!/bin/sh +OPENSSL_CONF=%{_datadir}/%{name}/openssl.cnf \\ +%{_libexecdir}/%{name} "\$@" +EOF + %build # The project does not ship any libraries that are meant to be @@ -179,49 +215,13 @@ help2man \ --output=%{buildroot}%{_mandir}/man1/%{name}.1 \ %{buildroot}%{_bindir}/%{name} -# Create custom configuration for OpenSSL basing on the system's default -# configuration to enable all ciphers required by the application. -# This basically modifies the system's default configuration to enable -# all RSA-PSK algorithms and the ciphers using SHA384. -# A shell wrapper around the AusweisApp2 binary will take care of injecting -# this configuration before application startup and only for this specific -# application. -cat << EOF >> %{buildroot}%{_datadir}/%{name}/openssl.cnf -# This application specific OpenSSL configuration file basically -# modifies the system's default configuration to enable all -# RSA-PSK algorithms and the ciphers using SHA384, which are -# needed for AusweisApp2 to have full functionality. - -openssl_conf = AusweisApp2_conf - -[AusweisApp2_conf] -ssl_conf = AusweisApp2_OpenSSL - -[AusweisApp2_OpenSSL] -system_default = AusweisApp2_ciphers - -[AusweisApp2_ciphers] -EOF -cat %{_datadir}/crypto-policies/DEFAULT/opensslcnf.txt | \ -grep 'CipherString' | \ -sed -e 's!:-!:kRSAPSK&!' -e 's!:-kRSAPSK!!' -e 's!:-SHA384!!' \ - >> %{buildroot}%{_datadir}/%{name}/openssl.cnf -cat %{_datadir}/crypto-policies/DEFAULT/opensslcnf.txt | \ -grep -v 'CipherString' \ - >> %{buildroot}%{_datadir}/%{name}/openssl.cnf -chmod 0644 %{buildroot}%{_datadir}/%{name}/openssl.cnf - # Relocate the application binary so we can call it through a shell wrapper. mkdir -p %{buildroot}%{_libexecdir} mv %{buildroot}%{_bindir}/%{name} %{buildroot}%{_libexecdir}/%{name} -# Create the shell wrapper. -cat << EOF >> %{buildroot}%{_bindir}/%{name} -#!/bin/sh -OPENSSL_CONF=%{_datadir}/%{name}/openssl.cnf \ -%{_libexecdir}/%{name} "\$@" -EOF -chmod 0755 %{buildroot}%{_bindir}/%{name} +# Install the shell wrapper and custom OpenSSL configuration. +install -pm 0755 %{name}_wrapper.sh %{buildroot}%{_bindir}/%{name} +install -pm 0644 %{name}_openssl.cnf %{buildroot}%{_datadir}/%{name}/openssl.cnf # Excessive docs. mkdir -p %{buildroot}%{_pkgdocdir}/{installation,integration,notes,sdk}