Hello community, here is the log from the commit of package gnutls for openSUSE:Factory checked in at 2019-10-05 16:18:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gnutls (Old) and /work/SRC/openSUSE:Factory/.gnutls.new.2352 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnutls" Sat Oct 5 16:18:27 2019 rev:119 rq:734380 version:3.6.9 Changes: -------- --- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes 2019-08-07 13:54:12.204857629 +0200 +++ /work/SRC/openSUSE:Factory/.gnutls.new.2352/gnutls.changes 2019-10-05 16:19:14.525603324 +0200 @@ -1,0 +2,6 @@ +Tue Sep 24 13:16:02 UTC 2019 - Vítězslav Čížek <[email protected]> + +- Install checksums for binary integrity verification which are + required when running in FIPS mode (bsc#1152692, jsc#SLE-9518) + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnutls.spec ++++++ --- /var/tmp/diff_new_pack.x5dgvA/_old 2019-10-05 16:19:15.445600928 +0200 +++ /var/tmp/diff_new_pack.x5dgvA/_new 2019-10-05 16:19:15.449600917 +0200 @@ -44,6 +44,7 @@ BuildRequires: automake BuildRequires: datefudge BuildRequires: fdupes +BuildRequires: fipscheck BuildRequires: gcc-c++ # The test suite calls /usr/bin/ss from iproute2. It's our own duty to ensure we have it present BuildRequires: iproute2 @@ -185,6 +186,21 @@ %{nil} make %{?_smp_mflags} +# the hmac hashes: +# +# this is a hack that re-defines the __os_install_post macro +# for a simple reason: the macro strips the binaries and thereby +# invalidates a HMAC that may have been created earlier. +# solution: create the hashes _after_ the macro runs. +# +# this shows up earlier because otherwise the %expand of +# the macro is too late. +# remark: This is the same as running +# openssl dgst -sha256 -hmac 'orboDeJITITejsirpADONivirpUkvarP' +%{expand:%%global __os_install_post {%__os_install_post +%{_bindir}/fipshmac %{buildroot}%{_libdir}/libgnutls.so.%{gnutls_sover} +}} + %install %make_install rm -rf %{buildroot}%{_datadir}/locale/en@{,bold}quot @@ -252,6 +268,7 @@ %files -n libgnutls%{gnutls_sover} %{_libdir}/libgnutls.so.%{gnutls_sover}* +%{_libdir}/.libgnutls.so.%{gnutls_sover}*.hmac %if %{with dane} %files -n libgnutls-dane%{gnutls_dane_sover}
