|
|
|
|
@ -27,13 +27,14 @@
|
|
|
|
|
|
|
|
|
|
Name: crypto-policies
|
|
|
|
|
Version: 20230731
|
|
|
|
|
Release: 1.git94f0e2c%{?dist}.1
|
|
|
|
|
Release: 1.git94f0e2c%{?dist}.1.1
|
|
|
|
|
Summary: System-wide crypto policies
|
|
|
|
|
|
|
|
|
|
License: LGPLv2+
|
|
|
|
|
URL: https://gitlab.com/redhat-crypto/fedora-crypto-policies
|
|
|
|
|
# For RHEL-9.3 we use the upstream branch rhel9.3 and are freezing version at 20230731-1.git94f0e2c.
|
|
|
|
|
Source0: https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/archive/%{git_commit_hash}/%{name}-git%{git_commit_hash}.tar.gz
|
|
|
|
|
Patch1: 0001-Added-GOST-policy-also-added-experimental-PAM-genera.patch
|
|
|
|
|
|
|
|
|
|
BuildArch: noarch
|
|
|
|
|
BuildRequires: asciidoc
|
|
|
|
|
@ -60,6 +61,9 @@ Conflicts: gnutls < 3.7.2-3
|
|
|
|
|
%else
|
|
|
|
|
Conflicts: gnutls < 3.7.6-22
|
|
|
|
|
%endif
|
|
|
|
|
Requires: openssl-gost-engine
|
|
|
|
|
Requires: authselect
|
|
|
|
|
Requires: findutils
|
|
|
|
|
|
|
|
|
|
%description
|
|
|
|
|
This package provides pre-built configuration files with
|
|
|
|
|
@ -192,6 +196,8 @@ end
|
|
|
|
|
%dir %{_sysconfdir}/crypto-policies/policies/
|
|
|
|
|
%dir %{_sysconfdir}/crypto-policies/policies/modules/
|
|
|
|
|
%dir %{_datarootdir}/crypto-policies/
|
|
|
|
|
%dir %{_sysconfdir}/authselect/custom/sssd_gost/
|
|
|
|
|
%{_sysconfdir}/authselect/custom/sssd_gost/*
|
|
|
|
|
|
|
|
|
|
%ghost %config(missingok,noreplace) %{_sysconfdir}/crypto-policies/config
|
|
|
|
|
|
|
|
|
|
@ -208,6 +214,7 @@ end
|
|
|
|
|
%ghost %config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/libreswan.config
|
|
|
|
|
%ghost %config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/libssh.config
|
|
|
|
|
%ghost %config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/openssl_fips.config
|
|
|
|
|
%ghost %config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/auth.config
|
|
|
|
|
# %verify(not mode) comes from the fact
|
|
|
|
|
# these turn into symlinks and back to regular files at will, see bz1898986
|
|
|
|
|
|
|
|
|
|
@ -219,6 +226,8 @@ end
|
|
|
|
|
%{_datarootdir}/crypto-policies/DEFAULT
|
|
|
|
|
%{_datarootdir}/crypto-policies/FUTURE
|
|
|
|
|
%{_datarootdir}/crypto-policies/FIPS
|
|
|
|
|
%{_datarootdir}/crypto-policies/GOST-ONLY
|
|
|
|
|
%{_datarootdir}/crypto-policies/GOST-ONLY-PAM
|
|
|
|
|
%{_datarootdir}/crypto-policies/back-ends
|
|
|
|
|
%{_datarootdir}/crypto-policies/default-config
|
|
|
|
|
%{_datarootdir}/crypto-policies/reload-cmds.sh
|
|
|
|
|
@ -230,6 +239,7 @@ end
|
|
|
|
|
%{_bindir}/update-crypto-policies
|
|
|
|
|
%{_mandir}/man8/update-crypto-policies.8*
|
|
|
|
|
%{_datarootdir}/crypto-policies/python
|
|
|
|
|
%{_datarootdir}/crypto-policies-scripts/auth_apply.sh
|
|
|
|
|
|
|
|
|
|
%{_bindir}/fips-mode-setup
|
|
|
|
|
%{_bindir}/fips-finish-install
|
|
|
|
|
@ -237,6 +247,9 @@ end
|
|
|
|
|
%{_mandir}/man8/fips-finish-install.8*
|
|
|
|
|
|
|
|
|
|
%changelog
|
|
|
|
|
* Tue Jan 23 2024 Alexey Berezhok <alexey.berezhok@msvsphere-os.ru> - 20230731-1.git94f0e2c.1.1
|
|
|
|
|
- Added GOST policy also added experimental PAM generator
|
|
|
|
|
|
|
|
|
|
* Wed Sep 20 2023 Alexander Sosedkin <asosedkin@redhat.com> - 20230731-1.git94f0e2c.1
|
|
|
|
|
- OSPP subpolicy: tighten beyond reason for OSPP 4.3
|
|
|
|
|
|
|
|
|
|
|
Alexey Berezhok
10 months ago