Hello community, here is the log from the commit of package libnettle for openSUSE:Leap:15.2 checked in at 2020-04-14 14:20:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/libnettle (Old) and /work/SRC/openSUSE:Leap:15.2/.libnettle.new.3248 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libnettle" Tue Apr 14 14:20:35 2020 rev:29 rq:793091 version:3.4.1 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/libnettle/libnettle.changes 2020-01-15 15:22:14.582470063 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.libnettle.new.3248/libnettle.changes 2020-04-14 14:20:53.109270192 +0200 @@ -1,0 +2,6 @@ +Tue Oct 1 15:08:36 UTC 2019 - Vítězslav Čížek <[email protected]> + +- Install checksums for binary integrity verification which are + required when running in FIPS mode (bsc#1152692, jsc#SLE-9518) + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libnettle.spec ++++++ --- /var/tmp/diff_new_pack.JeaZrF/_old 2020-04-14 14:20:53.493270478 +0200 +++ /var/tmp/diff_new_pack.JeaZrF/_new 2020-04-14 14:20:53.497270481 +0200 @@ -31,11 +31,11 @@ Source3: baselibs.conf # PATCH-FIX-UPSTREAM respect cflags while building Patch0: nettle-respect-cflags.patch +BuildRequires: fipscheck BuildRequires: gmp-devel BuildRequires: m4 BuildRequires: makeinfo BuildRequires: pkgconfig - Requires(post): %{install_info_prereq} %description @@ -106,6 +106,22 @@ %install %make_install +# the hmac hashes: +# +# this is a hack that re-defines the __os_install_post macro +# for a simple reason: the macro strips the binaries and thereby +# invalidates a HMAC that may have been created earlier. +# solution: create the hashes _after_ the macro runs. +# +# this shows up earlier because otherwise the %expand of +# the macro is too late. +# remark: This is the same as running +# openssl dgst -sha256 -hmac 'orboDeJITITejsirpADONivirpUkvarP' +%{expand:%%global __os_install_post {%__os_install_post +%{_bindir}/fipshmac %{buildroot}%{_libdir}/libnettle.so.%{soname} +%{_bindir}/fipshmac %{buildroot}%{_libdir}/libhogweed.so.%{hogweed_soname} +}} + %post -n libnettle%{soname} -p /sbin/ldconfig %postun -n libnettle%{soname} -p /sbin/ldconfig %post -n libhogweed%{hogweed_soname} -p /sbin/ldconfig @@ -124,10 +140,12 @@ %doc AUTHORS ChangeLog NEWS README TODO %{_libdir}/libnettle.so.%{soname} %{_libdir}/libnettle.so.%{soname}.* +%{_libdir}/.libnettle.so.%{soname}.hmac %files -n libhogweed%{hogweed_soname} %{_libdir}/libhogweed.so.%{hogweed_soname} %{_libdir}/libhogweed.so.%{hogweed_soname}.* +%{_libdir}/.libhogweed.so.%{hogweed_soname}.hmac %files -n libnettle-devel %{_includedir}/nettle
