rpms
/
crypto-policies
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: rpms:c9
Branches Tags
rpms:i10cs
rpms:cs10
rpms:i9.5-beta
rpms:i9
rpms:i9c-beta
rpms:c9-beta
rpms:i8
rpms:i9-beta
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9
...
pull from: rpms:i9-beta
Branches Tags
rpms:i10cs
rpms:cs10
rpms:i9.5-beta
rpms:i9
rpms:i9c-beta
rpms:c9-beta
rpms:i8
rpms:i9-beta
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9

No commits in common. 'c9' and 'i9-beta' have entirely different histories.
c9 ... i9-beta

4 changed files with 3263 additions and 9 deletions
Show Stats

2
.crypto-policies.metadata
Unescape View File

@ -1 +1 @@
7b2c7705996b7c988b1fa4852da8e14656326979 SOURCES/crypto-policies-gitb972148.tar.gz
ebca51d3017ee207680f9ae109e49ed78e8f479b SOURCES/crypto-policies-git94f0e2c.tar.gz

2
.gitignore vendored
Unescape View File

@ -1 +1 @@
SOURCES/crypto-policies-gitb972148.tar.gz
SOURCES/crypto-policies-git94f0e2c.tar.gz

3229
SOURCES/0001-Added-GOST-policy-also-added-experimental-PAM-genera.patch
View File

File diff suppressed because it is too large Load Diff

39
SPECS/crypto-policies.spec
Unescape View File

@ -1,4 +1,5 @@
%global git_commit b972148fd57556f86921a85c960b8808a8a09291
%global git_date 20230731
%global git_commit 94f0e2c4f7ebf2b1513b405d11227bae79ffe070
%{?git_commit:%global git_commit_hash %(c=%{git_commit}; echo ${c:0:7})}
%global _python_bytecompile_extra 0
@ -26,14 +27,15 @@
%endif
Name: crypto-policies
Version: 20230731
Release: 1.git94f0e2c%{?dist}.1
Version: %{git_date}
Release: 1.git%{git_commit_hash}%{?dist}.inferit.2
Summary: System-wide crypto policies
License: LGPLv2+
URL: https://gitlab.com/redhat-crypto/fedora-crypto-policies
# For RHEL-9.3 we use the upstream branch rhel9.3 and are freezing version at 20230731-1.git94f0e2c.
# For RHEL-9 we use the upstream branch rhel9.
Source0: https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/archive/%{git_commit_hash}/%{name}-git%{git_commit_hash}.tar.gz
Patch1: 0001-Added-GOST-policy-also-added-experimental-PAM-genera.patch
BuildArch: noarch
BuildRequires: asciidoc
@ -41,7 +43,7 @@ BuildRequires: libxslt
BuildRequires: openssl
BuildRequires: nss-tools
BuildRequires: gnutls-utils >= 3.6.0
BuildRequires: java-devel
BuildRequires: java-1.8.0-openjdk-devel
BuildRequires: bind
BuildRequires: perl-interpreter
BuildRequires: perl-generators
@ -61,6 +63,10 @@ Conflicts: gnutls < 3.7.2-3
Conflicts: gnutls < 3.7.6-22
%endif
Recommends: openssl-gost-engine
Requires: authselect
Requires: findutils
%description
This package provides pre-built configuration files with
cryptographic policies for various cryptographic back-ends,
@ -113,6 +119,7 @@ mkdir -p -m 755 %{buildroot}%{_sysconfdir}/crypto-policies/local.d/
mkdir -p -m 755 %{buildroot}%{_sysconfdir}/crypto-policies/policies/
mkdir -p -m 755 %{buildroot}%{_sysconfdir}/crypto-policies/policies/modules/
mkdir -p -m 755 %{buildroot}%{_bindir}
mkdir -p -m 755 %{buildroot}/var/log/crypto-cmc/
make DESTDIR=%{buildroot} DIR=%{_datarootdir}/crypto-policies MANDIR=%{_mandir} %{?_smp_mflags} install
install -p -m 644 default-config %{buildroot}%{_sysconfdir}/crypto-policies/config
@ -192,6 +199,11 @@ end
%dir %{_sysconfdir}/crypto-policies/policies/
%dir %{_sysconfdir}/crypto-policies/policies/modules/
%dir %{_datarootdir}/crypto-policies/
%dir %{_sysconfdir}/authselect/custom/sssd_gost/
%dir %{_sysconfdir}/authselect/custom/minimal_gost/
%dir /var/log/crypto-cmc
%{_sysconfdir}/authselect/custom/sssd_gost/*
%{_sysconfdir}/authselect/custom/minimal_gost/*
%ghost %config(missingok,noreplace) %{_sysconfdir}/crypto-policies/config
@ -208,6 +220,7 @@ end
%ghost %config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/libreswan.config
%ghost %config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/libssh.config
%ghost %config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/openssl_fips.config
%ghost %config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/auth.config
# %verify(not mode) comes from the fact
# these turn into symlinks and back to regular files at will, see bz1898986
@ -219,6 +232,8 @@ end
%{_datarootdir}/crypto-policies/DEFAULT
%{_datarootdir}/crypto-policies/FUTURE
%{_datarootdir}/crypto-policies/FIPS
%{_datarootdir}/crypto-policies/GOST-ONLY
%{_datarootdir}/crypto-policies/GOST-ONLY-PAM
%{_datarootdir}/crypto-policies/back-ends
%{_datarootdir}/crypto-policies/default-config
%{_datarootdir}/crypto-policies/reload-cmds.sh
@ -230,6 +245,7 @@ end
%{_bindir}/update-crypto-policies
%{_mandir}/man8/update-crypto-policies.8*
%{_datarootdir}/crypto-policies/python
%{_datarootdir}/crypto-policies-scripts/auth_apply.sh
%{_bindir}/fips-mode-setup
%{_bindir}/fips-finish-install
@ -237,8 +253,14 @@ end
%{_mandir}/man8/fips-finish-install.8*
%changelog
* Wed Sep 20 2023 Alexander Sosedkin <asosedkin@redhat.com> - 20230731-1.git94f0e2c.1
- OSPP subpolicy: tighten beyond reason for OSPP 4.3
* Sat Feb 10 2024 Alexey Berezhok <alexey.berezhok@msvsphere-os.ru> - 20230731-1.git94f0e2c.inferit.2
- Added GOST policy also added experimental PAM generator
* Thu Feb 08 2024 Arkady L. Shane <tigro@msvsphere-os.ru> - 20230731-1.git94f0e2c.inferit.1
- Use Recommends: openssl-gost-engine instead of Requires
* Tue Jan 23 2024 Alexey Berezhok <alexey.berezhok@msvsphere-os.ru> - 20230731-1.git94f0e2c.inferit
- Added GOST policy also added experimental PAM generator
* Mon Jul 31 2023 Alexander Sosedkin <asosedkin@redhat.com> - 20230731-1.git94f0e2c
- krb5: sort enctypes mac-first, cipher-second, prioritize SHA-2 ones
@ -256,6 +278,9 @@ end
- openssl: set Groups explicitly
- openssl: add support for Brainpool curves
* Fri Apr 14 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 20221215-1.git9a18988
- Rebuilt for MSVSphere 9.2 beta
* Thu Dec 15 2022 Alexander Sosedkin <asosedkin@redhat.com> - 20221215-1.git9a18988
- bind: expand the list of disableable algorithms

Write Preview
Loading…
Cancel
Save