# Detect the distribution in use %global __despace head -n 1 | tr -d '[:space:]' | sed -e 's/[(].*[)]//g' %global __lower4 cut -c 1-4 | tr '[:upper:]' '[:lower:]' %global __distfile %([ -f /etc/SuSE-release ] && echo /etc/SuSE-release || echo /etc/redhat-release) %global __distinit %(sed -e 's/ release .*//' -e 's/\\([A-Za-z]\\)[^ ]*/\\1/g' %{__distfile} | %{__despace} | %{__lower4}) %global __distvers %(sed -e 's/.* release \\([^. ]*\\).*/\\1/' %{__distfile} | %{__despace}) # Identify CentOS Linux and Scientific Linux as rhel %if "%{__distinit}" == "c" || "%{__distinit}" == "cl" || "%{__distinit}" == "sl" || "%{__distinit}" == "sls" %global __distinit rhel %endif # Dist tag for Fedora is still "fc" %if "%{__distinit}" == "f" %global __distinit fc %endif %global enable_fipscheck %(openssl version | grep fips &> /dev/null && echo 1 || echo 0) %global __fipshmac %([ -x /usr/bin/fipshmac ] && echo /usr/bin/fipshmac || echo /bin/fipshmac) Name: libgcrypt Version: 1.4.6 Release: 4.2.cf.%{__distinit}%{__distvers} # Technically LGPLv2.1+, but Fedora's table doesn't draw a distinction. # Documentation and some utilities are GPLv2+ licensed. # These files are in the devel subpackage. License: LGPLv2+ Summary: A general-purpose cryptography library Group: System Environment/Libraries URL: http://www.gnupg.org/ Source0: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2 Source1: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2.sig Source2: wk@g10code.com # Make FIPS hmac compatible with fipscheck - non upstreamable Patch2: libgcrypt-1.4.4-use-fipscheck.patch # Fix ImplicitDSOLinking (missing -lgpg-error linkage in tests/), upstreamable Patch3: libgcrypt-1.4.5-ImplicitDSOLinking.patch # use /dev/urandom in the FIPS mode Patch4: libgcrypt-1.4.5-urandom.patch # fix tests in the FIPS mode, fix the FIPS-186-3 DSA keygen Patch5: libgcrypt-1.4.5-tests.patch # add configurable source of RNG seed in the FIPS mode Patch6: libgcrypt-1.4.6-fips-cfgrandom.patch # make the FIPS-186-3 DSA CAVS testable Patch7: libgcrypt-1.4.6-cavs.patch # compile rijndael with -fno-strict-aliasing Patch12: libgcrypt-1.4.6-aliasing.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu) BuildRequires: gawk, libgpg-error-devel >= 1.4, pkgconfig, symlinks BuildRequires: openssl %if %{enable_fipscheck} BuildRequires: fipscheck %endif %description Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. %package devel Summary: Development files for the libgcrypt package License: LGPLv2+ and GPLv2+ Group: Development/Libraries Requires: %{name}%{?_isa} = %{version}-%{release} Requires: libgpg-error-devel # From Fedora 14, %%{_datadir}/aclocal is included in the filesystem package %if %([ "%{__distinit}" != "fc" -o %{__distvers} -lt 14 ] && echo 1 || echo 0) Requires: automake %endif Requires(post): /sbin/install-info Requires(preun): /sbin/install-info %description devel Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This package contains files needed to develop applications using libgcrypt. %prep %setup -q %if %{enable_fipscheck} %patch2 -p1 -b .use-fipscheck %endif %patch3 -p1 -b .ImplicitDSOLinking %patch4 -p1 -b .urandom %patch5 -p1 -b .tests %patch6 -p1 -b .cfgrandom %patch7 -p1 -b .cavs %patch12 -p1 -b .aliasing iconv -f ISO-8859-1 -t UTF-8 < AUTHORS > AUTHORS.utf8 mv AUTHORS.utf8 AUTHORS %build %configure \ --enable-noexecstack \ %if %{enable_fipscheck} --enable-hmac-binary-check \ %endif --disable-static \ %ifarch sparc64 --disable-asm \ %endif --disable-O-flag-munging # Kill bogus RPATHs sed -i 's|^sys_lib_dlsearch_path_spec="/lib /usr/lib|sys_lib_dlsearch_path_spec="/%{_lib} %{_libdir}|' libtool make %{?_smp_mflags} %install rm -rf %{buildroot} make DESTDIR=%{buildroot} install # Change /usr/lib64 back to /usr/lib. This saves us from having to patch the # script to "know" that -L/usr/lib64 should be suppressed, and also removes # a file conflict between 32- and 64-bit versions of this package. sed -i -e 's,^libdir="/usr/lib.*"$,libdir="/usr/lib",g' %{buildroot}%{_bindir}/libgcrypt-config # Remove files we don't want packaged rm %{buildroot}%{_infodir}/dir rm %{buildroot}%{_libdir}/*.la # Relocate the shared libraries to /%%{_lib} mkdir -p %{buildroot}/%{_lib} for shlib in %{buildroot}%{_libdir}/*.so*; do if [ -L ${shlib} ]; then shlib_target=$(basename $(readlink ${shlib})) rm ${shlib} [ $(basename ${shlib}) = libgcrypt.so ] && ln -s %{buildroot}/%{_lib}/${shlib_target} ${shlib} else mv ${shlib} %{buildroot}/%{_lib}/ fi done symlinks -cs %{buildroot}%{_libdir} # Add the soname symlink back in /sbin/ldconfig -n %{buildroot}/%{_lib}/ # Create /etc/gcrypt (hardwired, not dependent on the configure invocation) so # that _someone_ owns it. mkdir -p -m 755 %{buildroot}/etc/gcrypt %check %if %{enable_fipscheck} %{__fipshmac} src/.libs/libgcrypt.so.?? %endif make check %if %{enable_fipscheck} # Add generation of HMAC checksums of the final stripped binaries %define __spec_install_post \ %{?__debug_package:%{__debug_install_post}} \ %{__arch_install_post} \ %{__os_install_post} \ %{__fipshmac} %{buildroot}/%{_lib}/*.so.?? \ %{nil} %endif %clean rm -rf %{buildroot} %post -p /sbin/ldconfig %postun -p /sbin/ldconfig %post devel /sbin/install-info %{_infodir}/gcrypt.info.gz %{_infodir}/dir || : %preun devel if [ $1 = 0 ]; then /sbin/install-info --delete %{_infodir}/gcrypt.info.gz %{_infodir}/dir || : fi %files %defattr(-,root,root,-) %doc COPYING.LIB AUTHORS NEWS THANKS %dir /etc/gcrypt /%{_lib}/libgcrypt.so.* %if %{enable_fipscheck} /%{_lib}/.libgcrypt.so.*.hmac %endif %files devel %defattr(-,root,root,-) %doc COPYING %{_bindir}/dumpsexp %{_bindir}/hmac256 %{_bindir}/libgcrypt-config %{_includedir}/gcrypt-module.h %{_includedir}/gcrypt.h %{_libdir}/libgcrypt.so %{_datadir}/aclocal/libgcrypt.m4 %{_infodir}/gcrypt.info* %changelog * Tue Oct 22 2013 Paul Howarth 1.4.6-4.2.cf - Un-hobble - use upstream's ecc support - Silence strict aliasing warning in Rijndael * Tue Jul 26 2011 Paul Howarth 1.4.6-4.1.cf - Fix dist tag for CentOS 6 and Scientific Linux * Tue Jun 21 2011 Paul Howarth 1.4.6-4.0.cf - Always xor seed from /dev/urandom over /etc/gcrypt/rngseed * Tue May 31 2011 Paul Howarth 1.4.6-3.0.cf - Make the FIPS-186-3 DSA implementation CAVS testable - Add configurable source of RNG seed /etc/gcrypt/rngseed in the FIPS mode (#700388) * Tue May 31 2011 Paul Howarth 1.4.6-2.0.cf - Nobody else likes macros for commands * Fri Feb 11 2011 Paul Howarth 1.4.6-1.0.cf - Update to 1.4.6 - New variants of the TIGER algorithm - New cipher algorithm mode for AES-WRAP * Mon Feb 7 2011 Paul Howarth 1.4.5-6.0.cf - Fix a bug in the FIPs-186-3 dsa parameter generation code - Use /dev/urandom for seeding in the FIPS mode - Make the tests pass in the FIPS mode * Fri May 14 2010 Paul Howarth 1.4.5-5.0.cf - Fix dist tag for RHEL-4 - Don't need automake dependency in devel package from F-14 * Tue Feb 23 2010 Paul Howarth 1.4.5-4.0.cf - Update to 1.4.5 - Fixed minor memory leak in DSA key generation - No more switching to FIPS mode if /proc/version is not readable - Fixed a sigill during Padlock detection on old CPUs - Fixed a hang on some W2000 machines - Boosted SHA-256/512 performance on ia32 boxes with gcc 4.3 - Fix FTBFS: ImplicitDSOLinking (#564973) - Disable upstream's fiddling with compiler optimization flags - Clarify license - some parts of devel package are GPLV2+ - Include credits, license text and NEWS as %%doc - Change URL from directory.fsf.org to www.gnupg.org - Tighten devel package's dependency on main package - Dist tag for Rawhide no longer needs special-casing * Thu Jun 18 2009 Paul Howarth 1.4.4-6.0.cf - Fix VIA padlock RNG inline assembly call (#505724) - fipshmac moved from /bin to /usr/bin, except on EL-5, so cater for both * Fri Mar 6 2009 Paul Howarth 1.4.4-4.0.cf - Rebuild for city-fan.org repo * Thu Mar 5 2009 Tomas Mraz 1.4.4-4 - With the integrity verification check the library needs to link to libdl (#488702) * Wed Mar 4 2009 Paul Howarth 1.4.4-3.0.cf - Add hmac FIPS integrity verification check where openssl supports it * Tue Mar 3 2009 Paul Howarth 1.4.4-2.0.cf - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Tue Mar 3 2009 Paul Howarth 1.4.4-1.0.cf - Import from Fedora - Simplify library relocation to /%%{_lib} by using the symlinks program - Kill rpaths to /usr/lib64 - Fix scriptlet dependencies - Add URL tag - This is a stable version, so remove bit about it being a development version from the package description * Wed Feb 25 2009 Fedora Release Engineering - 1.4.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Fri Jan 30 2009 Tomas Mraz 1.4.4-1 - update to 1.4.4 - do not abort when the fips mode kernel flag is inaccessible due to permissions (#470219) - hobble the library to drop the ECC support * Mon Oct 20 2008 Dennis Gilmore 1.4.3-2 - disable asm on sparc64 * Thu Sep 18 2008 Nalin Dahyabhai 1.4.3-1 - update to 1.4.3 - own /etc/gcrypt * Mon Sep 15 2008 Nalin Dahyabhai - invoke make with %%{?_smp_mflags} to build faster on multi-processor systems (Steve Grubb) * Mon Sep 8 2008 Nalin Dahyabhai 1.4.2-1 - update to 1.4.2 * Tue Apr 29 2008 Nalin Dahyabhai 1.4.1-1 - update to 1.4.1 - bump libgpgerror-devel requirement to 1.4, matching the requirement enforced by the configure script * Thu Apr 3 2008 Joe Orton 1.4.0-3 - add patch from upstream to fix severe performance regression in entropy gathering * Tue Feb 19 2008 Fedora Release Engineering - 1.4.0-2 - Autorebuild for GCC 4.3 * Mon Dec 10 2007 Nalin Dahyabhai - 1.4.0-1 - update to 1.4.0 * Tue Oct 16 2007 Nalin Dahyabhai - 1.2.4-6 - use ldconfig to build the soname symlink for packaging along with the shared library (#334731) * Wed Aug 22 2007 Nalin Dahyabhai - 1.2.4-5 - add missing gawk buildrequirement - switch from explicitly specifying the /dev/random RNG to just verifying that the non-LGPL ones were disabled by the configure script * Thu Aug 16 2007 Nalin Dahyabhai - 1.2.4-4 - clarify license - force use of the linux /dev/random RNG, to avoid accidentally falling back to others which would affect the license of the resulting library * Mon Jul 30 2007 Nalin Dahyabhai - 1.2.4-3 - disable static libraries (part of #249815) * Fri Jul 27 2007 Nalin Dahyabhai - 1.2.4-2 - move libgcrypt shared library to /%%{_lib} (#249815) * Tue Feb 6 2007 Nalin Dahyabhai - 1.2.4-1 - update to 1.2.4 * Mon Jan 22 2007 Nalin Dahyabhai - 1.2.3-2 - make use of install-info more failsafe (Ville Skyttä, #223705) * Fri Sep 1 2006 Nalin Dahyabhai - 1.2.3-1 - update to 1.2.3 * Wed Jul 12 2006 Jesse Keating - 1.2.2-3.1 - rebuild * Mon Jun 05 2006 Jesse Keating 1.2.2-3 - Added missing buildreq pkgconfig * Tue May 16 2006 Nalin Dahyabhai 1.2.2-2 - remove file conflicts in libgcrypt-config by making the 64-bit version think the libraries are in /usr/lib (which is wrong, but which it also prunes from the suggest --libs output, so no harm done, hopefully) * Fri Feb 10 2006 Jesse Keating - 1.2.2-1.2.1 - bump again for double-long bug on ppc(64) * Tue Feb 07 2006 Jesse Keating - 1.2.2-1.2 - rebuilt for new gcc4.1 snapshot and glibc changes * Fri Dec 09 2005 Jesse Keating - rebuilt * Wed Oct 5 2005 Nalin Dahyabhai 1.2.2-1 - update to 1.2.2 * Wed Mar 16 2005 Nalin Dahyabhai 1.2.1-1 - update to 1.2.1 * Fri Jul 30 2004 Florian La Roche - another try to package the symlink * Tue Jun 15 2004 Elliot Lee - rebuilt * Sun May 2 2004 Bill Nottingham - 1.2.0-1 - update to official 1.2.0 * Fri Apr 16 2004 Bill Nottingham - 1.1.94-1 - update to 1.1.94 * Tue Mar 02 2004 Elliot Lee - rebuilt * Sat Feb 21 2004 Florian La Roche - add symlinks to shared libs at compile time * Fri Feb 13 2004 Elliot Lee - rebuilt * Wed Jun 04 2003 Elliot Lee - rebuilt * Thu Mar 20 2003 Jeff Johnson 1.1.12-1 - upgrade to 1.1.12 (beta). * Fri Jun 21 2002 Tim Powers - automated rebuild * Sun May 26 2002 Tim Powers - automated rebuild * Tue May 21 2002 Jeff Johnson - update to 1.1.7 - change license to LGPL. - include splint annotations patch. - install info pages. * Tue Apr 2 2002 Nalin Dahyabhai 1.1.6-1 - update to 1.1.6 * Thu Jan 10 2002 Nalin Dahyabhai 1.1.5-1 - fix the Source tag so that it's a real URL * Thu Dec 20 2001 Nalin Dahyabhai - initial package