|
|
fa14b61 |
Summary: A library for integrity verification of FIPS validated modules
|
|
|
fa14b61 |
Name: fipscheck
|
|
|
2fba7f7 |
Version: 1.4.1
|
|
|
1e1a232 |
Release: 11%{?dist}
|
|
|
fa14b61 |
License: BSD
|
|
|
fa14b61 |
Group: System Environment/Libraries
|
|
|
fa14b61 |
# This is a Red Hat maintained package which is specific to
|
|
|
fa14b61 |
# our distribution.
|
|
|
1add910 |
URL: http://fedorahosted.org/fipscheck/
|
|
|
1add910 |
Source0: http://fedorahosted.org/releases/f/i/%{name}/%{name}-%{version}.tar.bz2
|
|
|
0ea759b |
# Prelink blacklist
|
|
|
0ea759b |
Source1: fipscheck.conf
|
|
|
fa14b61 |
|
|
|
fa14b61 |
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
|
|
|
fa14b61 |
|
|
|
fa14b61 |
BuildRequires: openssl-devel >= 0.9.8j
|
|
|
fa14b61 |
|
|
|
1749134 |
Requires: %{name}-lib%{?_isa} = %{version}-%{release}
|
|
|
1749134 |
|
|
|
fa14b61 |
%description
|
|
|
fa14b61 |
FIPSCheck is a library for integrity verification of FIPS validated
|
|
|
fa14b61 |
modules. The package also provides helper binaries for creation and
|
|
|
fa14b61 |
verification of the HMAC-SHA256 checksum files.
|
|
|
fa14b61 |
|
|
|
d5a9e71 |
%package lib
|
|
|
d5a9e71 |
Summary: Library files for %{name}
|
|
|
d5a9e71 |
Group: System Environment/Libraries
|
|
|
d5a9e71 |
|
|
|
d5a9e71 |
Requires: %{_bindir}/fipscheck
|
|
|
d5a9e71 |
|
|
|
d5a9e71 |
%description lib
|
|
|
d5a9e71 |
This package contains the FIPSCheck library.
|
|
|
d5a9e71 |
|
|
|
fa14b61 |
%package devel
|
|
|
fa14b61 |
Summary: Development files for %{name}
|
|
|
fa14b61 |
Group: System Environment/Libraries
|
|
|
fa14b61 |
|
|
|
1749134 |
Requires: %{name}-lib%{?_isa} = %{version}-%{release}
|
|
|
fa14b61 |
|
|
|
fa14b61 |
%description devel
|
|
|
fa14b61 |
This package contains development files for %{name}.
|
|
|
fa14b61 |
|
|
|
fa14b61 |
%prep
|
|
|
fa14b61 |
%setup -q
|
|
|
fa14b61 |
|
|
|
fa14b61 |
%build
|
|
|
da78e5d |
%configure --disable-static
|
|
|
fa14b61 |
|
|
|
fa14b61 |
make %{?_smp_mflags}
|
|
|
fa14b61 |
|
|
|
830ad0f |
# Add generation of HMAC checksums of the final stripped binaries
|
|
|
830ad0f |
%define __spec_install_post \
|
|
|
830ad0f |
%{?__debug_package:%{__debug_install_post}} \
|
|
|
830ad0f |
%{__arch_install_post} \
|
|
|
830ad0f |
%{__os_install_post} \
|
|
|
2fba7f7 |
$RPM_BUILD_ROOT%{_bindir}/fipshmac -d $RPM_BUILD_ROOT%{_libdir}/fipscheck $RPM_BUILD_ROOT%{_bindir}/fipscheck $RPM_BUILD_ROOT%{_libdir}/libfipscheck.so.1.2.1 \
|
|
|
2fba7f7 |
ln -s libfipscheck.so.1.2.1.hmac $RPM_BUILD_ROOT%{_libdir}/fipscheck/libfipscheck.so.1.hmac \
|
|
|
830ad0f |
%{nil}
|
|
|
830ad0f |
|
|
|
fa14b61 |
%install
|
|
|
fa14b61 |
rm -rf $RPM_BUILD_ROOT
|
|
|
fa14b61 |
|
|
|
fa14b61 |
make install DESTDIR=$RPM_BUILD_ROOT
|
|
|
fa14b61 |
|
|
|
fa14b61 |
find $RPM_BUILD_ROOT -type f -name "*.la" -delete
|
|
|
fa14b61 |
|
|
|
c7430a1 |
mkdir -p $RPM_BUILD_ROOT%{_libdir}/fipscheck
|
|
|
c7430a1 |
|
|
|
fa14b61 |
%clean
|
|
|
fa14b61 |
rm -rf $RPM_BUILD_ROOT
|
|
|
fa14b61 |
|
|
|
f0bbaf4 |
%post lib -p /sbin/ldconfig
|
|
|
fa14b61 |
|
|
|
f0bbaf4 |
%postun lib -p /sbin/ldconfig
|
|
|
fa14b61 |
|
|
|
fa14b61 |
%files
|
|
|
fa14b61 |
%defattr(-,root,root,-)
|
|
|
2d7f3e8 |
%{!?_licensedir:%global license %%doc}
|
|
|
2d7f3e8 |
%license COPYING
|
|
|
2d7f3e8 |
%doc ChangeLog README AUTHORS
|
|
|
da78e5d |
%{_bindir}/fipscheck
|
|
|
da78e5d |
%{_bindir}/fipshmac
|
|
|
c7430a1 |
%{_libdir}/fipscheck/fipscheck.hmac
|
|
|
90dd29a |
%{_mandir}/man8/*
|
|
|
fa14b61 |
|
|
|
d5a9e71 |
%files lib
|
|
|
d5a9e71 |
%defattr(-,root,root,-)
|
|
|
d5a9e71 |
%{_libdir}/libfipscheck.so.*
|
|
|
c7430a1 |
%dir %{_libdir}/fipscheck
|
|
|
c7430a1 |
%{_libdir}/fipscheck/libfipscheck.so.*.hmac
|
|
|
d5a9e71 |
|
|
|
fa14b61 |
%files devel
|
|
|
fa14b61 |
%defattr(-,root,root,-)
|
|
|
fa14b61 |
%{_includedir}/fipscheck.h
|
|
|
fa14b61 |
%{_libdir}/libfipscheck.so
|
|
|
90dd29a |
%{_mandir}/man3/*
|
|
|
fa14b61 |
|
|
|
fa14b61 |
%changelog
|
|
|
1e1a232 |
* Tue Apr 12 2016 Tomáš Mráz <tmraz@redhat.com> - 1.4.1-11
|
|
|
1e1a232 |
- remove the prelink blacklist as prelink is gone (#1324950)
|
|
|
1e1a232 |
|
|
|
6126d33 |
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.1-10
|
|
|
6126d33 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
|
|
6126d33 |
|
|
|
63d98d3 |
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.1-9
|
|
|
63d98d3 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
|
|
63d98d3 |
|
|
|
995d337 |
* Sat Feb 21 2015 Till Maas <opensource@till.name> - 1.4.1-8
|
|
|
995d337 |
- Rebuilt for Fedora 23 Change
|
|
|
995d337 |
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
|
|
|
995d337 |
|
|
|
f6f2043 |
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.1-7
|
|
|
f6f2043 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
|
|
f6f2043 |
|
|
|
2d7f3e8 |
* Sat Jul 12 2014 Tom Callaway <spot@fedoraproject.org> - 1.4.1-6
|
|
|
2d7f3e8 |
- fix license handling
|
|
|
2d7f3e8 |
|
|
|
63ad434 |
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.1-5
|
|
|
63ad434 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
|
|
63ad434 |
|
|
|
e03de09 |
* Mon Feb 10 2014 Tomáš Mráz <tmraz@redhat.com> - 1.4.1-4
|
|
|
e03de09 |
- fix the library path in prelink blacklist
|
|
|
e03de09 |
|
|
|
1749134 |
* Tue Sep 24 2013 Tomáš Mráz <tmraz@redhat.com> - 1.4.1-3
|
|
|
1749134 |
- add versioned dependency to -lib on base package (#1010349)
|
|
|
1749134 |
|
|
|
0ea759b |
* Fri Sep 20 2013 Tomáš Mráz <tmraz@redhat.com> - 1.4.1-2
|
|
|
0ea759b |
- add prelink blacklist
|
|
|
0ea759b |
|
|
|
0ea759b |
* Tue Sep 10 2013 Tomáš Mráz <tmraz@redhat.com> - 1.4.1-1
|
|
|
2fba7f7 |
- fix inverted condition in FIPSCHECK_verify_ex()
|
|
|
2fba7f7 |
|
|
|
2a7d5e0 |
* Fri Sep 6 2013 Tomáš Mráz <tmraz@redhat.com> - 1.4.0-1
|
|
|
2f6ca3c |
- added new API calls to support setting hmac suffix
|
|
|
db20d61 |
|
|
|
2a7d5e0 |
* Mon Apr 16 2012 Tomas Mraz <tmraz@redhat.com> - 1.3.1-1
|
|
|
90dd29a |
- manual pages added by Paul Wouters
|
|
|
43f1663 |
|
|
|
2a7d5e0 |
* Tue Sep 7 2010 Tomas Mraz <tmraz@redhat.com> - 1.3.0-1
|
|
|
c7430a1 |
- look up the hmac files in the _libdir/fipscheck first
|
|
|
c20e5fc |
|
|
|
2a7d5e0 |
* Tue May 26 2009 Tomas Mraz <tmraz@redhat.com> - 1.2.0-1
|
|
|
d5a9e71 |
- add lib subpackage to avoid multilib on the base package
|
|
|
d5a9e71 |
- add ability to compute hmacs on multiple files at once
|
|
|
d5a9e71 |
- improved debugging with FIPSCHECK_DEBUG
|
|
|
d5a9e71 |
|
|
|
2a7d5e0 |
* Thu Mar 19 2009 Tomas Mraz <tmraz@redhat.com> - 1.1.1-1
|
|
|
da78e5d |
- move binaries and libraries to /usr
|
|
|
da78e5d |
|
|
|
2a7d5e0 |
* Wed Mar 18 2009 Tomas Mraz <tmraz@redhat.com> - 1.1.0-1
|
|
|
830ad0f |
- hmac check itself as required by FIPS
|
|
|
12b174f |
|
|
|
2a7d5e0 |
* Mon Feb 9 2009 Tomas Mraz <tmraz@redhat.com> - 1.0.4-1
|
|
|
fa14b61 |
- add some docs to the README, require current openssl in Fedora
|
|
|
fa14b61 |
|
|
|
2a7d5e0 |
* Fri Oct 24 2008 Tomas Mraz <tmraz@redhat.com> - 1.0.3-1
|
|
|
fa14b61 |
- use OpenSSL in FIPS mode to do the HMAC checksum instead of NSS
|
|
|
fa14b61 |
|
|
|
2a7d5e0 |
* Tue Sep 9 2008 Tomas Mraz <tmraz@redhat.com> - 1.0.2-1
|
|
|
fa14b61 |
- fix test for prelink
|
|
|
fa14b61 |
|
|
|
2a7d5e0 |
* Mon Sep 8 2008 Tomas Mraz <tmraz@redhat.com> - 1.0.1-1
|
|
|
fa14b61 |
- put binaries in /bin and libraries in /lib as fipscheck
|
|
|
fa14b61 |
will be used by modules in /lib
|
|
|
fa14b61 |
|
|
|
2a7d5e0 |
* Mon Sep 8 2008 Tomas Mraz <tmraz@redhat.com> - 1.0.0-2
|
|
|
fa14b61 |
- minor fixes for package review
|
|
|
fa14b61 |
|
|
|
2a7d5e0 |
* Wed Sep 3 2008 Tomas Mraz <tmraz@redhat.com> - 1.0.0-1
|
|
|
fa14b61 |
- Initial spec file
|