|
 |
b561c0 |
Summary: A library for integrity verification of FIPS validated modules
|
|
|
b561c0 |
Name: fipscheck
|
|
|
b561c0 |
Version: 1.4.1
|
|
|
b561c0 |
Release: 6%{?dist}
|
|
|
b561c0 |
License: BSD
|
|
|
b561c0 |
Group: System Environment/Libraries
|
|
|
b561c0 |
# This is a Red Hat maintained package which is specific to
|
|
|
b561c0 |
# our distribution.
|
|
|
b561c0 |
URL: http://fedorahosted.org/fipscheck/
|
|
|
b561c0 |
Source0: http://fedorahosted.org/releases/f/i/%{name}/%{name}-%{version}.tar.bz2
|
|
|
b561c0 |
# Prelink blacklist
|
|
|
b561c0 |
Source1: fipscheck.conf
|
|
|
b561c0 |
Patch1: fipscheck-1.4.1-empty-hmac.patch
|
|
|
b561c0 |
|
|
|
b561c0 |
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
|
|
|
b561c0 |
|
|
|
b561c0 |
BuildRequires: openssl-devel >= 0.9.8j
|
|
|
b561c0 |
|
|
|
b561c0 |
Requires: %{name}-lib%{?_isa} = %{version}-%{release}
|
|
|
b561c0 |
|
|
|
b561c0 |
%description
|
|
|
b561c0 |
FIPSCheck is a library for integrity verification of FIPS validated
|
|
|
b561c0 |
modules. The package also provides helper binaries for creation and
|
|
|
b561c0 |
verification of the HMAC-SHA256 checksum files.
|
|
|
b561c0 |
|
|
|
b561c0 |
%package lib
|
|
|
b561c0 |
Summary: Library files for %{name}
|
|
|
b561c0 |
Group: System Environment/Libraries
|
|
|
b561c0 |
|
|
|
b561c0 |
Requires: %{_bindir}/fipscheck
|
|
|
b561c0 |
|
|
|
b561c0 |
%description lib
|
|
|
b561c0 |
This package contains the FIPSCheck library.
|
|
|
b561c0 |
|
|
|
b561c0 |
%package devel
|
|
|
b561c0 |
Summary: Development files for %{name}
|
|
|
b561c0 |
Group: System Environment/Libraries
|
|
|
b561c0 |
|
|
|
b561c0 |
Requires: %{name}-lib%{?_isa} = %{version}-%{release}
|
|
|
b561c0 |
|
|
|
b561c0 |
%description devel
|
|
|
b561c0 |
This package contains development files for %{name}.
|
|
|
b561c0 |
|
|
|
b561c0 |
%prep
|
|
|
b561c0 |
%setup -q
|
|
|
b561c0 |
%patch1 -p1 -b .empty-hmac
|
|
|
b561c0 |
|
|
|
b561c0 |
%build
|
|
|
b561c0 |
%configure --disable-static
|
|
|
b561c0 |
|
|
|
b561c0 |
make %{?_smp_mflags}
|
|
|
b561c0 |
|
|
|
b561c0 |
# Add generation of HMAC checksums of the final stripped binaries
|
|
|
b561c0 |
%define __spec_install_post \
|
|
|
b561c0 |
%{?__debug_package:%{__debug_install_post}} \
|
|
|
b561c0 |
%{__arch_install_post} \
|
|
|
b561c0 |
%{__os_install_post} \
|
|
|
b561c0 |
$RPM_BUILD_ROOT%{_bindir}/fipshmac -d $RPM_BUILD_ROOT%{_libdir}/fipscheck $RPM_BUILD_ROOT%{_bindir}/fipscheck $RPM_BUILD_ROOT%{_libdir}/libfipscheck.so.1.2.1 \
|
|
|
b561c0 |
ln -s libfipscheck.so.1.2.1.hmac $RPM_BUILD_ROOT%{_libdir}/fipscheck/libfipscheck.so.1.hmac \
|
|
|
b561c0 |
%{nil}
|
|
|
b561c0 |
|
|
|
b561c0 |
%install
|
|
|
b561c0 |
rm -rf $RPM_BUILD_ROOT
|
|
|
b561c0 |
|
|
|
b561c0 |
make install DESTDIR=$RPM_BUILD_ROOT
|
|
|
b561c0 |
|
|
|
b561c0 |
find $RPM_BUILD_ROOT -type f -name "*.la" -delete
|
|
|
b561c0 |
|
|
|
b561c0 |
mkdir -p $RPM_BUILD_ROOT%{_libdir}/fipscheck
|
|
|
b561c0 |
|
|
|
b561c0 |
# Prelink blacklist
|
|
|
b561c0 |
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/prelink.conf.d
|
|
|
b561c0 |
install -m644 %{SOURCE1} \
|
|
|
b561c0 |
$RPM_BUILD_ROOT/%{_sysconfdir}/prelink.conf.d/fipscheck.conf
|
|
|
b561c0 |
|
|
|
b561c0 |
%clean
|
|
|
b561c0 |
rm -rf $RPM_BUILD_ROOT
|
|
|
b561c0 |
|
|
|
b561c0 |
%post lib -p /sbin/ldconfig
|
|
|
b561c0 |
|
|
|
b561c0 |
%postun lib -p /sbin/ldconfig
|
|
|
b561c0 |
|
|
|
b561c0 |
%files
|
|
|
b561c0 |
%defattr(-,root,root,-)
|
|
|
b561c0 |
%doc ChangeLog COPYING README AUTHORS
|
|
|
b561c0 |
%{_bindir}/fipscheck
|
|
|
b561c0 |
%{_bindir}/fipshmac
|
|
|
b561c0 |
%{_libdir}/fipscheck/fipscheck.hmac
|
|
|
b561c0 |
%{_mandir}/man8/*
|
|
|
b561c0 |
|
|
|
b561c0 |
%files lib
|
|
|
b561c0 |
%defattr(-,root,root,-)
|
|
|
b561c0 |
%{_libdir}/libfipscheck.so.*
|
|
|
b561c0 |
%dir %{_libdir}/fipscheck
|
|
|
b561c0 |
%{_libdir}/fipscheck/libfipscheck.so.*.hmac
|
|
|
b561c0 |
%dir %{_sysconfdir}/prelink.conf.d
|
|
|
b561c0 |
%{_sysconfdir}/prelink.conf.d/fipscheck.conf
|
|
|
b561c0 |
|
|
|
b561c0 |
%files devel
|
|
|
b561c0 |
%defattr(-,root,root,-)
|
|
|
b561c0 |
%{_includedir}/fipscheck.h
|
|
|
b561c0 |
%{_libdir}/libfipscheck.so
|
|
|
b561c0 |
%{_mandir}/man3/*
|
|
|
b561c0 |
|
|
|
b561c0 |
%changelog
|
|
|
b561c0 |
* Tue Feb 21 2017 Tomáš Mráz <tmraz@redhat.com> - 1.4.1-6
|
|
|
b561c0 |
- handle empty hmac file as checksum mismatch
|
|
|
b561c0 |
|
|
|
b561c0 |
* Mon Feb 10 2014 Tomáš Mráz <tmraz@redhat.com> - 1.4.1-5
|
|
|
b561c0 |
- fix the library path in prelink blacklist
|
|
|
b561c0 |
|
|
|
b561c0 |
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 1.4.1-4
|
|
|
b561c0 |
- Mass rebuild 2014-01-24
|
|
|
b561c0 |
|
|
|
b561c0 |
* Mon Jan 13 2014 Tomáš Mráz <tmraz@redhat.com> - 1.4.1-3
|
|
|
b561c0 |
- add versioned dependency to -lib on base package (#1010349)
|
|
|
b561c0 |
- add prelink blacklist
|
|
|
b561c0 |
|
|
|
b561c0 |
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 1.4.1-2
|
|
|
b561c0 |
- Mass rebuild 2013-12-27
|
|
|
b561c0 |
|
|
|
b561c0 |
* Tue Sep 10 2013 Tomáš Mráz <tmraz@redhat.com> - 1.4.1-1
|
|
|
b561c0 |
- fix inverted condition in FIPSCHECK_verify_ex()
|
|
|
b561c0 |
|
|
|
b561c0 |
* Fri Sep 6 2013 Tomáš Mráz <tmraz@redhat.com> - 1.4.0-1
|
|
|
b561c0 |
- added new API calls to support setting hmac suffix
|
|
|
b561c0 |
|
|
|
b561c0 |
* Mon Apr 16 2012 Tomas Mraz <tmraz@redhat.com> - 1.3.1-1
|
|
|
b561c0 |
- manual pages added by Paul Wouters
|
|
|
b561c0 |
|
|
|
b561c0 |
* Tue Sep 7 2010 Tomas Mraz <tmraz@redhat.com> - 1.3.0-1
|
|
|
b561c0 |
- look up the hmac files in the _libdir/fipscheck first
|
|
|
b561c0 |
|
|
|
b561c0 |
* Tue May 26 2009 Tomas Mraz <tmraz@redhat.com> - 1.2.0-1
|
|
|
b561c0 |
- add lib subpackage to avoid multilib on the base package
|
|
|
b561c0 |
- add ability to compute hmacs on multiple files at once
|
|
|
b561c0 |
- improved debugging with FIPSCHECK_DEBUG
|
|
|
b561c0 |
|
|
|
b561c0 |
* Thu Mar 19 2009 Tomas Mraz <tmraz@redhat.com> - 1.1.1-1
|
|
|
b561c0 |
- move binaries and libraries to /usr
|
|
|
b561c0 |
|
|
|
b561c0 |
* Wed Mar 18 2009 Tomas Mraz <tmraz@redhat.com> - 1.1.0-1
|
|
|
b561c0 |
- hmac check itself as required by FIPS
|
|
|
b561c0 |
|
|
|
b561c0 |
* Mon Feb 9 2009 Tomas Mraz <tmraz@redhat.com> - 1.0.4-1
|
|
|
b561c0 |
- add some docs to the README, require current openssl in Fedora
|
|
|
b561c0 |
|
|
|
b561c0 |
* Fri Oct 24 2008 Tomas Mraz <tmraz@redhat.com> - 1.0.3-1
|
|
|
b561c0 |
- use OpenSSL in FIPS mode to do the HMAC checksum instead of NSS
|
|
|
b561c0 |
|
|
|
b561c0 |
* Tue Sep 9 2008 Tomas Mraz <tmraz@redhat.com> - 1.0.2-1
|
|
|
b561c0 |
- fix test for prelink
|
|
|
b561c0 |
|
|
|
b561c0 |
* Mon Sep 8 2008 Tomas Mraz <tmraz@redhat.com> - 1.0.1-1
|
|
|
b561c0 |
- put binaries in /bin and libraries in /lib as fipscheck
|
|
|
b561c0 |
will be used by modules in /lib
|
|
|
b561c0 |
|
|
|
b561c0 |
* Mon Sep 8 2008 Tomas Mraz <tmraz@redhat.com> - 1.0.0-2
|
|
|
b561c0 |
- minor fixes for package review
|
|
|
b561c0 |
|
|
|
b561c0 |
* Wed Sep 3 2008 Tomas Mraz <tmraz@redhat.com> - 1.0.0-1
|
|
|
b561c0 |
- Initial spec file
|