Added GOST support

i8 changed/i8c/crypto-policies-20230731-1.git3177e06.el8.inferit
Alexey Berezhok 5 months ago
parent 0ffe07ade0
commit 712e57006c

File diff suppressed because it is too large Load Diff

@ -6,13 +6,14 @@
Name: crypto-policies Name: crypto-policies
Version: %{git_date} Version: %{git_date}
Release: 1.git%{git_commit_hash}%{?dist} Release: 1.git%{git_commit_hash}%{?dist}.inferit
Summary: System-wide crypto policies Summary: System-wide crypto policies
License: LGPLv2+ License: LGPLv2+
URL: https://gitlab.com/redhat-crypto/fedora-crypto-policies URL: https://gitlab.com/redhat-crypto/fedora-crypto-policies
# For RHEL-8 we use the upstream branch rhel8 # For RHEL-8 we use the upstream branch rhel8
Source0: https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/archive/%{git_commit_hash}/%{name}-git%{git_commit_hash}.tar.gz Source0: https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/archive/%{git_commit_hash}/%{name}-git%{git_commit_hash}.tar.gz
Patch1: 0001-Added-GOST-policy-to-crypto-policy.patch
BuildArch: noarch BuildArch: noarch
BuildRequires: asciidoc BuildRequires: asciidoc
@ -37,6 +38,9 @@ Conflicts: gnutls < 3.6.12
Conflicts: libssh < 0.9.4 Conflicts: libssh < 0.9.4
# Most users want this, the split is mostly for minimal images # Most users want this, the split is mostly for minimal images
Recommends: crypto-policies-scripts Recommends: crypto-policies-scripts
Recommends: openssl-gost-engine
Requires: authselect
Requires: findutils
# Self-obsolete to install both subpackages after split # Self-obsolete to install both subpackages after split
Obsoletes: %{name} < 20200527-1.git0a29b28 Obsoletes: %{name} < 20200527-1.git0a29b28
@ -143,6 +147,11 @@ end
%dir %{_sysconfdir}/crypto-policies/policies/ %dir %{_sysconfdir}/crypto-policies/policies/
%dir %{_sysconfdir}/crypto-policies/policies/modules/ %dir %{_sysconfdir}/crypto-policies/policies/modules/
%dir %{_datarootdir}/crypto-policies/ %dir %{_datarootdir}/crypto-policies/
%dir %{_sysconfdir}/authselect/custom/sssd_gost/
%dir %{_sysconfdir}/authselect/custom/minimal_gost/
%{_sysconfdir}/authselect/custom/sssd_gost/*
%{_sysconfdir}/authselect/custom/minimal_gost/*
%ghost %config(missingok,noreplace) %{_sysconfdir}/crypto-policies/config %ghost %config(missingok,noreplace) %{_sysconfdir}/crypto-policies/config
@ -157,6 +166,7 @@ end
%ghost %config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/krb5.config %ghost %config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/krb5.config
%ghost %config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/libreswan.config %ghost %config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/libreswan.config
%ghost %config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/libssh.config %ghost %config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/libssh.config
%ghost %config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/auth.config
# %verify(not mode) comes from the fact # %verify(not mode) comes from the fact
# these turn into symlinks and back to regular files at will, see bz1898986 # these turn into symlinks and back to regular files at will, see bz1898986
@ -169,6 +179,8 @@ end
%{_datarootdir}/crypto-policies/FUTURE %{_datarootdir}/crypto-policies/FUTURE
%{_datarootdir}/crypto-policies/FIPS %{_datarootdir}/crypto-policies/FIPS
%{_datarootdir}/crypto-policies/EMPTY %{_datarootdir}/crypto-policies/EMPTY
%{_datarootdir}/crypto-policies/GOST-ONLY
%{_datarootdir}/crypto-policies/GOST-ONLY-PAM
%{_datarootdir}/crypto-policies/back-ends %{_datarootdir}/crypto-policies/back-ends
%{_datarootdir}/crypto-policies/default-config %{_datarootdir}/crypto-policies/default-config
%{_datarootdir}/crypto-policies/reload-cmds.sh %{_datarootdir}/crypto-policies/reload-cmds.sh
@ -181,6 +193,7 @@ end
%{_bindir}/update-crypto-policies %{_bindir}/update-crypto-policies
%{_mandir}/man8/update-crypto-policies.8* %{_mandir}/man8/update-crypto-policies.8*
%{_datarootdir}/crypto-policies/python %{_datarootdir}/crypto-policies/python
%{_datarootdir}/crypto-policies-scripts/auth_apply.sh
%{_bindir}/fips-mode-setup %{_bindir}/fips-mode-setup
%{_bindir}/fips-finish-install %{_bindir}/fips-finish-install
@ -188,11 +201,17 @@ end
%{_mandir}/man8/fips-finish-install.8* %{_mandir}/man8/fips-finish-install.8*
%changelog %changelog
* Thu Jul 18 2024 Alexey Berezhok <alexey.berezhok@msvsphere-os.ru> - 20230731-1.git3177e06.inferit
- Added support GOST and PAM-GOST profiles for crypto-policies in the UI interface
* Tue Jul 31 2023 Alexander Sosedkin <asosedkin@redhat.com> - 20230731-1.git3177e06 * Tue Jul 31 2023 Alexander Sosedkin <asosedkin@redhat.com> - 20230731-1.git3177e06
- krb5: sort enctypes mac-first, cipher-second, prioritize SHA-2 ones - krb5: sort enctypes mac-first, cipher-second, prioritize SHA-2 ones
- krb5: fix policy generator to account for macs - krb5: fix policy generator to account for macs
- docs: replace `FIPS 140-2` with just `FIPS 140` - docs: replace `FIPS 140-2` with just `FIPS 140`
* Tue Jul 25 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 20221215-1.gitece0092
- Rebuilt for MSVSphere 8.8
* Thu Dec 15 2022 Alexander Sosedkin <asosedkin@redhat.com> - 20221215-1.gitece0092 * Thu Dec 15 2022 Alexander Sosedkin <asosedkin@redhat.com> - 20221215-1.gitece0092
- bind: expand the list of disableable algorithms - bind: expand the list of disableable algorithms
- tests/java: fix java.security.disableSystemPropertiesFile=true - tests/java: fix java.security.disableSystemPropertiesFile=true

Loading…
Cancel
Save