From 1deeeab3ad838c2505f8a31013d62839e77ae6c4 Mon Sep 17 00:00:00 2001 From: Milan Broz Date: May 31 2012 11:09:54 +0000 Subject: Build with fipscheck (verification in fips mode). Clean up spec file, use install to /usr. --- diff --git a/cryptsetup.spec b/cryptsetup.spec index be20f08..d200c48 100644 --- a/cryptsetup.spec +++ b/cryptsetup.spec @@ -1,18 +1,19 @@ Summary: A utility for setting up encrypted disks Name: cryptsetup Version: 1.4.3 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 and LGPLv2+ Group: Applications/System URL: http://cryptsetup.googlecode.com/ BuildRequires: libgcrypt-devel, popt-devel, device-mapper-devel BuildRequires: libgpg-error-devel, libuuid-devel, libsepol-devel BuildRequires: libselinux-devel, python-devel +BuildRequires: fipscheck-devel >= 1.3.0 Provides: cryptsetup-luks = %{version}-%{release} Obsoletes: cryptsetup-luks < 1.4.0 Requires: cryptsetup-libs = %{version}-%{release} +Requires: fipscheck-lib%{_isa} >= 1.3.0 -%define _root_sbindir /sbin %define upstream_version %{version} Source0: http://cryptsetup.googlecode.com/files/cryptsetup-%{upstream_version}.tar.bz2 @@ -38,6 +39,7 @@ Group: System Environment/Libraries Summary: Cryptsetup shared library Provides: cryptsetup-luks-libs = %{version}-%{release} Obsoletes: cryptsetup-luks-libs < 1.4.0 +Requires: fipscheck-lib%{_isa} >= 1.3.0 %description libs This package contains the cryptsetup shared library, libcryptsetup. @@ -58,24 +60,25 @@ for setting up disk encryption using dm-crypt kernel module. chmod -x python/pycryptsetup-test.py %build -%configure --sbindir=%{_root_sbindir} --libdir=/%{_lib} --enable-python +%configure --enable-python --enable-fips # remove rpath sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool make %{?_smp_mflags} %install -rm -rf $RPM_BUILD_ROOT -make install DESTDIR=$RPM_BUILD_ROOT -rm -rf $RPM_BUILD_ROOT/%{_lib}/*.la $RPM_BUILD_ROOT/%{_lib}/cryptsetup - -# move libcryptsetup.so to %%{_libdir} -pushd $RPM_BUILD_ROOT/%{_lib} -rm libcryptsetup.so -mkdir -p $RPM_BUILD_ROOT/%{_libdir} -ln -s ../../%{_lib}/$(ls libcryptsetup.so.?.?.?) $RPM_BUILD_ROOT/%{_libdir}/libcryptsetup.so -mv $RPM_BUILD_ROOT/%{_lib}/pkgconfig $RPM_BUILD_ROOT/%{_libdir} -popd +# Generate HMAC checksums (FIPS) +%define __spec_install_post \ + %{?__debug_package:%{__debug_install_post}} \ + %{__arch_install_post} \ + %{__os_install_post} \ + fipshmac -d %{buildroot}/%{_libdir}/fipscheck %{buildroot}/%{_sbindir}/cryptsetup \ + fipshmac -d %{buildroot}/%{_libdir}/fipscheck %{buildroot}/%{_libdir}/libcryptsetup.so.* \ +%{nil} + +make install DESTDIR=%{buildroot} +rm -rf %{buildroot}/%{_libdir}/*.la +install -d %{buildroot}/%{_libdir}/fipscheck %find_lang cryptsetup %post -n cryptsetup-libs -p /sbin/ldconfig @@ -85,7 +88,8 @@ popd %files -f cryptsetup.lang %doc COPYING ChangeLog AUTHORS TODO FAQ %{_mandir}/man8/cryptsetup.8.gz -%{_root_sbindir}/cryptsetup +%{_sbindir}/cryptsetup +%{_libdir}/fipscheck/cryptsetup.hmac %files devel %doc docs/examples/* @@ -95,7 +99,8 @@ popd %files libs %doc COPYING -/%{_lib}/libcryptsetup.so.* +%{_libdir}/libcryptsetup.so.* +%{_libdir}/fipscheck/libcryptsetup.so.*.hmac %files python %doc COPYING.LGPL python/pycryptsetup-test.py @@ -105,6 +110,10 @@ popd %clean %changelog +* Thu May 31 2012 Milan Broz - 1.4.3-2 +- Build with fipscheck (verification in fips mode). +- Clean up spec file, use install to /usr. + * Thu May 31 2012 Milan Broz - 1.4.3-1 - Update to cryptsetup 1.4.3.