Compare commits

...

No commits in common. 'c9' and 'c10-beta' have entirely different histories.
c9 ... c10-beta

2
.gitignore vendored

@ -1 +1 @@
SOURCES/libkcapi-1.3.1.tar.xz SOURCES/libkcapi-1.5.0.tar.xz

@ -1 +1 @@
ee581bce3e76310f5c5488898771f7f403f72693 SOURCES/libkcapi-1.3.1.tar.xz d0286dd11e9dbcf54bcc0c24acdf4ddf8969e0ce SOURCES/libkcapi-1.5.0.tar.xz

@ -1,49 +0,0 @@
From 2abf7fecb5162e4b59ba134c813ebee839eb45e9 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Wed, 14 Jul 2021 10:52:01 -0400
Subject: [PATCH] Use GCCs __symver__ attribute
This is needed to allow LTO builds, as the __asm__ directives do not give
enough context to the compiler and the build fails when the -flto flag is
passed in.
Unfotunately __symver__ is avilbel only startig from GCC 10, so we need
more macro juggling.
Signed-off-by: Simo Sorce <simo@redhat.com>
---
lib/internal.h | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/lib/internal.h b/lib/internal.h
index 29fdb7b..64dad24 100644
--- a/lib/internal.h
+++ b/lib/internal.h
@@ -350,6 +350,16 @@ static inline int io_getevents(__attribute__((unused)) aio_context_t ctx,
#if __GNUC__ >= 4
# define DSO_PUBLIC __attribute__ ((visibility ("default")))
+#if __GNUC__ >= 10
+# define IMPL_SYMVER(name, version) \
+ __attribute__ ((visibility ("default"))) \
+ __attribute__((__symver__("kcapi_" #name "@@LIBKCAPI_" version)))
+
+# define ORIG_SYMVER(name, version) \
+ __attribute__ ((visibility ("default"))) \
+ __attribute__((__symver__("kcapi_" #name "@LIBKCAPI_" version)))
+
+#else
# define IMPL_SYMVER(name, version) \
__asm__(".global impl_" #name ";"\
".symver impl_" #name ",kcapi_" #name "@@LIBKCAPI_" version);\
@@ -359,6 +369,7 @@ static inline int io_getevents(__attribute__((unused)) aio_context_t ctx,
__asm__(".global orig_" #name ";"\
".symver orig_" #name ",kcapi_" #name "@LIBKCAPI_" version);\
__attribute__ ((visibility ("default")))
+#endif
#else
# error "Compiler version too old"
--
2.31.1

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEO8xD1NLIfReEtp7kQh7pNjJqwVsFAmDttB4ACgkQQh7pNjJq
wVvV4Af/X0t4iZ8ng+AaItGiK3m2Wx1UTJTA1SYTfTTUpENtePKZADG3MX/I5x5N
VVO6CTF6ADZFrwrswP+3KIwZpEsrssTEGZ54G0nLbaHTzyXvE9Ec3CPGECgjZGzM
T0ZGz0XYykWpEVqQDEFKoLs2yK5U/WYHrde5iV9CW2WHK/6VyuRvzAKzh83n5fDg
WlAWGtBQWaGdJAhduLnFx7U7clbpLCuwAZFURWPT1nUamkioT64Io2MfHx+Y9xu+
cLLqpOBDZAk34MDA0i09psyfD+NPjtzn5i3IEZO9rs8CpFuEe+tBpoJdGpROhuz2
9o9G2TEe8khpGuKnkAJ7G60Ggdcnmg==
=e24H
-----END PGP SIGNATURE-----

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEO8xD1NLIfReEtp7kQh7pNjJqwVsFAmWgNy0ACgkQQh7pNjJq
wVvBXAf+Jj6w9sssgWOnDsybgM8YmILFqikWgmHEDpKfsqQmMKLXT/6ovSFeRht5
TI0vPB9p1FDnBbVx7/go1lUwt+I+TZV5lW7Vl/goZh+O/VvWoSBdO1joBYqM3wYU
pqtf63WUBM9HcCj2s2pVjbZnblZloWQvH8Lo0eyuoDEJGMJgkKoTEq8/aEIVqZ3I
MyMdXm2R2JuhYgKJZw1k1c1eDt9xDs4iFCve7H4TnISqj5D0q5FRIKJVLwOFs20L
16S0aZSrR8IGMr2sUi6Qsric91xSlpz1MoIWocUoliWKHut/VuiXt9e4QAoD9d5t
kusdWafJhKkaTSWj1S7JQhtFmJq/Kw==
=xTnZ
-----END PGP SIGNATURE-----

@ -1,7 +1,17 @@
## START: Set by rpmautospec
## (rpmautospec version 0.6.5)
## RPMAUTOSPEC: autorelease, autochangelog
%define autorelease(e:s:pb:n) %{?-p:0.}%{lua:
release_number = 2;
base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
print(release_number + base_release_number - 1);
}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
## END: Set by rpmautospec
# Shared object version of libkcapi. # Shared object version of libkcapi.
%global vmajor 1 %global vmajor 1
%global vminor 3 %global vminor 5
%global vpatch 1 %global vpatch 0
# Do we build the replacements packages? # Do we build the replacements packages?
%bcond_with replace_coreutils %bcond_with replace_coreutils
@ -26,9 +36,7 @@
%if 0%{?rhel} %if 0%{?rhel}
%bcond_with cppcheck %bcond_with cppcheck
%else %else
# Temporarily disable cppcheck on Fedora until bz#1923600 is fixed in rawhide %bcond_without cppcheck
%bcond_with cppcheck
#bcond_without cppcheck
%endif %endif
# Use `--without test` to build without running the tests # Use `--without test` to build without running the tests
@ -86,8 +94,9 @@
%global hmaccalc_evr 0.9.14-10%{?dist} %global hmaccalc_evr 0.9.14-10%{?dist}
%endif %endif
%global apps_hmaccalc sha1hmac sha224hmac sha256hmac sha384hmac sha512hmac %global apps_coreutils sha1sum sha224sum sha256sum sha384sum sha512sum md5sum sm3sum
%global apps_fipscheck sha1sum sha224sum sha256sum sha384sum sha512sum md5sum fipscheck fipshmac %global apps_hmaccalc sha1hmac sha224hmac sha256hmac sha384hmac sha512hmac sm3hmac
%global apps_fipscheck fipscheck fipshmac
# On old kernels use mock hashers implemented via openssl # On old kernels use mock hashers implemented via openssl
%if %{lua:print(rpm.vercmp(posix.uname('%r'), '3.19'));} >= 0 %if %{lua:print(rpm.vercmp(posix.uname('%r'), '3.19'));} >= 0
@ -98,8 +107,8 @@
%global fipshmac bash %{SOURCE3} %global fipshmac bash %{SOURCE3}
%endif %endif
# Add generation of HMAC checksums of the final stripped # Add generation of HMAC checksum of the final stripped
# binaries. %%define with lazy globbing is used here # binary. %%define with lazy globbing is used here
# intentionally, because using %%global does not work. # intentionally, because using %%global does not work.
%define __spec_install_post \ %define __spec_install_post \
%{?__debug_package:%{__debug_install_post}} \ %{?__debug_package:%{__debug_install_post}} \
@ -107,36 +116,26 @@
%{__os_install_post} \ %{__os_install_post} \
bin_path=%{buildroot}%{_bindir} \ bin_path=%{buildroot}%{_bindir} \
lib_path=%{buildroot}%{_libdir} \ lib_path=%{buildroot}%{_libdir} \
for app in %{apps_hmaccalc}; do \ { %sha512hmac "$bin_path"/kcapi-hasher || exit 1; } | \\\
test -e "$bin_path"/$app || continue \ cut -f 1 -d ' ' >"$lib_path"/hmaccalc/kcapi-hasher.hmac \
{ %sha512hmac "$bin_path"/$app || exit 1; } \\\ { %sha512hmac "$lib_path"/libkcapi.so.%{version} || exit 1; } | \\\
| cut -f 1 -d ' ' >"$lib_path"/hmaccalc/$app.hmac \ cut -f 1 -d ' ' >"$lib_path"/hmaccalc/libkcapi.so.%{version}.hmac \
done \
for app in %{apps_fipscheck}; do \
test -e "$bin_path"/$app || continue \
%fipshmac -d "$lib_path"/fipscheck "$bin_path"/$app || exit 1 \
done \
%{_bindir}/hardlink -cfv %{buildroot}%{_bindir} \
%fipshmac -d "$lib_path"/fipscheck \\\
"$lib_path"/libkcapi.so.%{version} || exit 1 \
%{__ln_s} libkcapi.so.%{version}.hmac \\\ %{__ln_s} libkcapi.so.%{version}.hmac \\\
"$lib_path"/fipscheck/libkcapi.so.%{vmajor}.hmac \ "$lib_path"/hmaccalc/libkcapi.so.%{vmajor}.hmac \
%{nil} %{nil}
Name: libkcapi Name: libkcapi
Version: %{vmajor}.%{vminor}.%{vpatch} Version: %{vmajor}.%{vminor}.%{vpatch}
Release: 3%{?dist} Release: %autorelease
Summary: User space interface to the Linux Kernel Crypto API Summary: User space interface to the Linux Kernel Crypto API
License: BSD or GPLv2 License: BSD-3-Clause OR GPL-2.0-only
URL: https://www.chronox.de/%{name}.html URL: https://www.chronox.de/%{name}/
Source0: https://www.chronox.de/%{name}/%{name}-%{version}.tar.xz Source0: https://www.chronox.de/%{name}/releases/%{version}/%{name}-%{version}.tar.xz
Source1: https://www.chronox.de/%{name}/%{name}-%{version}.tar.xz.asc Source1: https://www.chronox.de/%{name}/releases/%{version}/%{name}-%{version}.tar.xz.asc
Source2: sha512hmac-openssl.sh Source2: sha512hmac-openssl.sh
Source3: fipshmac-openssl.sh Source3: fipshmac-openssl.sh
Patch1: 0001-Use-GCCs-__symver__-attribute.patch
BuildRequires: bash BuildRequires: bash
BuildRequires: coreutils BuildRequires: coreutils
BuildRequires: gcc BuildRequires: gcc
@ -156,7 +155,7 @@ BuildRequires: docbook-utils-pdf
BuildRequires: clang BuildRequires: clang
%endif %endif
%if %{with cppcheck} %if %{with cppcheck}
BuildRequires: cppcheck BuildRequires: cppcheck >= 2.4
%endif %endif
# For ownership of %%{_sysctldir}. # For ownership of %%{_sysctldir}.
@ -201,10 +200,18 @@ User documentation for %{name}.
%endif %endif
%package hasher
Summary: Common %{name} hashing application
Requires: %{name}%{?_isa} == %{version}-%{release}
%description hasher
Provides The kcapi-hasher binary used by other %{name} subpackages.
%if %{with replace_coreutils} %if %{with replace_coreutils}
%package checksum %package checksum
Summary: Drop-in replacement for *sum utils provided by the %{name} package Summary: Drop-in replacement for *sum utils provided by the %{name} package
Requires: %{name}%{?_isa} == %{version}-%{release} Requires: %{name}-hasher%{?_isa} == %{version}-%{release}
Requires: coreutils%{?_isa} >= %{coreutils_evr} Requires: coreutils%{?_isa} >= %{coreutils_evr}
@ -220,7 +227,7 @@ coreutils) using %{name}.
%if %{with replace_fipscheck} %if %{with replace_fipscheck}
%package fipscheck %package fipscheck
Summary: Drop-in replacements for fipscheck/fipshmac provided by the %{name} package Summary: Drop-in replacements for fipscheck/fipshmac provided by the %{name} package
Requires: %{name}%{?_isa} == %{version}-%{release} Requires: %{name}-hasher%{?_isa} == %{version}-%{release}
Obsoletes: fipscheck <= %{fipscheck_evr} Obsoletes: fipscheck <= %{fipscheck_evr}
@ -236,7 +243,7 @@ package fipscheck) using %{name}.
%if %{with replace_hmaccalc} %if %{with replace_hmaccalc}
%package hmaccalc %package hmaccalc
Summary: Drop-in replacements for hmaccalc provided by the %{name} package Summary: Drop-in replacements for hmaccalc provided by the %{name} package
Requires: %{name}%{?_isa} == %{version}-%{release} Requires: %{name}-hasher%{?_isa} == %{version}-%{release}
Obsoletes: hmaccalc <= %{hmaccalc_evr} Obsoletes: hmaccalc <= %{hmaccalc_evr}
@ -261,7 +268,8 @@ is highly discouraged.
%package tools %package tools
Summary: Utility applications for the %{name} package Summary: Utility applications for the %{name} package
Requires: %{name}%{?_isa} == %{version}-%{release} Requires: %{name}%{?_isa} == %{version}-%{release}
Requires: %{name}-hasher%{?_isa} == %{version}-%{release}
%description tools %description tools
Utility applications that are provided with %{name}. This includes Utility applications that are provided with %{name}. This includes
@ -292,6 +300,10 @@ Auxiliary scripts for testing %{name}.
%prep %prep
%autosetup -p 1 -S git %autosetup -p 1 -S git
# Work around https://bugzilla.redhat.com/show_bug.cgi?id=2258240
sed -i -e 's|XML V45|XML V4.1.2|' -e 's|/xml/4\.5/|/xml/4.1.2/|' \
lib/doc/libkcapi.tmpl
%if %{with_sysctl_tweak} %if %{with_sysctl_tweak}
%{__cat} << EOF > README.%{distroname_ext} %{__cat} << EOF > README.%{distroname_ext}
This package increases the default limit of the ancillary buffer size This package increases the default limit of the ancillary buffer size
@ -331,7 +343,7 @@ EOF
%build %build
%configure \ %configure \
--libdir=%{_libdir} \ --libdir=%{_libdir} \
--disable-silent-rules \ --disable-silent-rules \
--enable-kcapi-encapp \ --enable-kcapi-encapp \
--enable-kcapi-dgstapp \ --enable-kcapi-dgstapp \
@ -375,18 +387,22 @@ EOF
%endif %endif
# Install replacement tools, if enabled. # Install replacement tools, if enabled.
%if !%{with replace_coreutils} %if %{with replace_coreutils}
%{__rm} -f \ for app in %apps_coreutils; do
%{buildroot}%{_bindir}/md5sum \ %{__ln_s} ../libexec/libkcapi/$app %{buildroot}%{_bindir}/$app
%{buildroot}%{_bindir}/sha*sum done
%endif %endif
%if !%{with replace_fipscheck} %if %{with replace_fipscheck}
%{__rm} -f %{buildroot}%{_bindir}/fips* for app in %apps_fipscheck; do
%{__ln_s} ../libexec/libkcapi/$app %{buildroot}%{_bindir}/$app
done
%endif %endif
%if !%{with replace_hmaccalc} %if %{with replace_hmaccalc}
%{__rm} -f %{buildroot}%{_bindir}/sha*hmac for app in %apps_hmaccalc; do
%{__ln_s} ../libexec/libkcapi/$app %{buildroot}%{_bindir}/$app
done
%endif %endif
# We don't ship autocrap dumplings. # We don't ship autocrap dumplings.
@ -418,7 +434,11 @@ done
%make_build scan %make_build scan
%endif %endif
%if %{with cppcheck} %if %{with cppcheck}
%make_build cppcheck # -UCHECK_DIR: string literal concatenation raises syntaxError
# with cppcheck-2.11 (https://trac.cppcheck.net/ticket/11830)
# --check-level=exhaustive: otherwise it emits warnings that get
# treated like errors
%make_build cppcheck CPPCHECK="cppcheck --check-level=exhaustive -UCHECK_DIR"
%endif %endif
%if %{with test} %if %{with test}
@ -450,8 +470,8 @@ popd
%license COPYING* %license COPYING*
%{_libdir}/%{name}.so.%{vmajor} %{_libdir}/%{name}.so.%{vmajor}
%{_libdir}/%{name}.so.%{version} %{_libdir}/%{name}.so.%{version}
%{_libdir}/fipscheck/%{name}.so.%{vmajor}.hmac %{_libdir}/hmaccalc/%{name}.so.%{vmajor}.hmac
%{_libdir}/fipscheck/%{name}.so.%{version}.hmac %{_libdir}/hmaccalc/%{name}.so.%{version}.hmac
%if %{with_sysctl_tweak} %if %{with_sysctl_tweak}
%doc %{_pkgdocdir}/README.%{distroname_ext} %doc %{_pkgdocdir}/README.%{distroname_ext}
%{_sysctldir}/%{sysctl_prio}-%{name}-optmem_max.conf %{_sysctldir}/%{sysctl_prio}-%{name}-optmem_max.conf
@ -475,24 +495,33 @@ popd
%endif %endif
%files hasher
%{_bindir}/kcapi-hasher
%{_libexecdir}/%{name}/md5sum
%{_libexecdir}/%{name}/sha*sum
%{_libexecdir}/%{name}/sm*sum
%{_libexecdir}/%{name}/fips*
%{_libexecdir}/%{name}/sha*hmac
%{_libexecdir}/%{name}/sm*hmac
%{_libdir}/hmaccalc/kcapi-hasher.hmac
%if %{with replace_coreutils} %if %{with replace_coreutils}
%files checksum %files checksum
%{_bindir}/md5sum %{_bindir}/md5sum
%{_bindir}/sha*sum %{_bindir}/sha*sum
%{_libdir}/fipscheck/md5sum.hmac %{_bindir}/sm*sum
%{_libdir}/fipscheck/sha*sum.hmac
%endif %endif
%if %{with replace_fipscheck} %if %{with replace_fipscheck}
%files fipscheck %files fipscheck
%{_bindir}/fips* %{_bindir}/fips*
%{_libdir}/fipscheck/fips*.hmac
%endif %endif
%if %{with replace_hmaccalc} %if %{with replace_hmaccalc}
%files hmaccalc %files hmaccalc
%{_bindir}/sha*hmac %{_bindir}/sha*hmac
%{_libdir}/hmaccalc/sha*hmac.hmac %{_bindir}/sm*hmac
%endif %endif
@ -507,32 +536,85 @@ popd
%if %{with test_package} %if %{with test_package}
%files tests %files tests
%{_libexecdir}/%{name}/* %{_libexecdir}/%{name}/kcapi
%{_libexecdir}/%{name}/kcapi-convenience
%{_libexecdir}/%{name}/kcapi-enc-test-large
%{_libexecdir}/%{name}/*.sh
%endif %endif
%changelog %changelog
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.3.1-3 ## START: Generated by rpmautospec
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags * Thu Aug 08 2024 Zoltan Fridrich <zfridric@redhat.com> - 1.5.0-2
Related: rhbz#1991688 - Fixup 1.5.0 rebase
* Thu Jul 15 2021 Simo Sorce <simo@redhat.com> - 1.3.1-2 * Fri Jul 26 2024 Zoltan Fridrich <zfridric@redhat.com> - 1.5.0-1
- Bring back usage of %{_libdir} instead of /%{_lib} - Rebase to 1.5.0
- Resolves: rhbz#1982620
* Wed Jul 14 2021 Simo Sorce <simo@redhat.com> - 1.3.1-1 * Tue Jul 09 2024 Ondrej Moris <omoris@redhat.com> - 1.4.0-15
- Update to new upstream release 1.3.1 - Enable RHEL-10 CI and gating
- This fixes ABI issues and incorporates previous patches
* Mon Jul 12 2021 Simo Sorce <simo@redhat.com> - 1.3.0-1 * Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.4.0-14
- Update to new upstream release 1.3.0 - Bump release for June 2024 mass rebuild
* Tue Jun 22 2021 Mohan Boddu <mboddu@redhat.com> - 1.2.1-3 * Tue May 28 2024 Zoltan Fridrich <zfridric@redhat.com> - 1.4.0-13
- Rebuilt for RHEL 9 BETA for openssl 3.0 - Bring back usage of /usr/lib64 instead of /lib64
Related: rhbz#1971065
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.2.1-2 * Tue May 28 2024 Zoltan Fridrich <zfridric@redhat.com> - 1.4.0-12
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 - Remove tests from repo
* Tue May 28 2024 Zoltan Fridrich <zfridric@redhat.com> - 1.4.0-11
- Backport fixes from c9s
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.0-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.0-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Aug 30 2023 Zoltan Fridrich <zfridric@redhat.com> - 1.4.0-8
- Migrate to SPDX license
* Fri Jul 28 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 1.4.0-7
- Fix build with cppcheck-2.11
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Thu Aug 25 2022 Ondrej Mosnacek <omosnace@redhat.com> - 1.4.0-4
- Convert tests to TMT
* Thu Aug 25 2022 Ondrej Mosnacek <omosnace@redhat.com> - 1.4.0-3
- Add a patch to fix tests with kernels 6.0+
* Sat Aug 13 2022 Ondrej Mosnáček <omosnace@redhat.com> - 1.4.0-2
- Switch to rpmautospec
* Sat Aug 13 2022 Ondrej Mosnáček <omosnace@redhat.com> - 1.4.0-1
- Update to upstream version 1.4.0
- Re-enable cppcheck scanning on Fedora
- Resolves: rhbz#2056732
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Wed Jul 14 2021 Simo Sorce <simo@redhat.com> - 1.3.1-2
- Remove LTO build suppression by using better symver machinery
* Wed Jul 14 2021 Simo Sorce <simo@redhat.com> - 1.3.1-1
- Update to upstream version 1.3.1 which fixes ABI issues
* Mon Jul 12 2021 Simo Sorce <simo@redhat.com> - 1.3.0-1
- Update to upstream version 1.3.0
* Mon Mar 15 2021 Sahana Prasad <sahana@redhat.com> - 1.2.1-1 * Mon Mar 15 2021 Sahana Prasad <sahana@redhat.com> - 1.2.1-1
- Update to upstream version 1.2.1 - Update to upstream version 1.2.1
@ -755,3 +837,5 @@ popd
* Wed Jan 10 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.2-0.1 * Wed Jan 10 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.2-0.1
- Initial rpm release (rhbz#1533929) - Initial rpm release (rhbz#1533929)
## END: Generated by rpmautospec

Loading…
Cancel
Save