Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

adding provider check #11

Merged
merged 1 commit into from
Nov 5, 2024
Merged

adding provider check #11

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/workflows/fipsmodule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ jobs:
dnf -y install epel-release
dnf -y install mock rpm-build
echo "Running mock build"
echo "config_opts['macros']['provider'] = 'provider'" >> .mock-config/rocky-lts92-x86_64.cfg
mock -v -r .mock-config/rocky-lts92-x86_64.cfg \
--spec="./SPECS/openssl.spec" \
--sources="./SOURCES" \
Expand Down
9 changes: 6 additions & 3 deletions SPECS/openssl.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
Version: 3.0.7
Release: 27%{?dist}.0.2.2
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know this ship is well sailed, but I'm concerned about bumping at the end here as our dist tags are not very compatible with RHEL/Rocky's. For example, Rocky's dist tag of elMajor[_Minor] in this version, creating 3.0.7-27.el8_10.0.2.2 (for example) will always precede 3.0.7-27.el8_10.ciqfips.0.2.3, because of the .ciqfips being compared against .0.

Release: 27%{?dist}.0.2.3
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
Expand Down Expand Up @@ -246,7 +246,7 @@ protocols.
Summary: A general purpose cryptography library with TLS implementation
Requires: ca-certificates >= 2008-5
Requires: crypto-policies >= 20180730
%if ( %{defined rhel} && (! %{defined centos}) )
%if (! %{defined provider})
Requires: openssl-fips-provider
%endif

Expand Down Expand Up @@ -401,7 +401,7 @@ make test HARNESS_JOBS=8
# Add generation of HMAC checksum of the final stripped library
# We manually copy standard definition of __spec_install_post
# and add hmac calculation/embedding to fips.so
%if ( %{defined rhel} && (! %{defined centos}) )
%if (! %{defined provider})
%define __spec_install_post \
rm -rf $RPM_BUILD_ROOT/%{_libdir}/ossl-modules/fips.so \
%{?__debug_package:%{__debug_install_post}} \
Expand Down Expand Up @@ -558,6 +558,9 @@ ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysco
%ldconfig_scriptlets libs

%changelog
* Tue Oct 29 2024 Jason Rodriguez <[email protected]> - 3.0.7-27.0.2.3
- enable provider check

* Tue Oct 15 2024 Jason Rodriguez <[email protected]> - 3.0.7-27.0.2.2
- Rocky FIPS provider updating Rocky references
- Adding requirment for FIPS provider
Expand Down