[rpms/openssl] rebase_40beta: add -fips subpackage that contains the FIPS module files

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

From: Tomas Mraz <tmraz@fedoraproject.org>
To: git-commits@fedoraproject.org
Subject: [rpms/openssl] rebase_40beta: add -fips subpackage that contains the FIPS module files
Date: Tue, 09 Jun 2026 12:42:56 GMT	[thread overview]
Message-ID: <178100897669.1.15707657517557052010.rpms-openssl-bb2f3882f230@fedoraproject.org> (raw)

A new commit has been pushed.

Repo   : rpms/openssl
Branch : rebase_40beta
Commit : bb2f3882f2304735c24118240b741e42f8c2ef93
Author : Tomas Mraz <tmraz@fedoraproject.org>
Date   : 2013-08-27T16:03:43+02:00
Stats  : +39/-7 in 3 file(s)
URL    : https://src.fedoraproject.org/rpms/openssl/c/bb2f3882f2304735c24118240b741e42f8c2ef93?branch=rebase_40beta

Log:
add -fips subpackage that contains the FIPS module files

---
diff --git a/README.FIPS b/README.FIPS
index eb17bca..a11863f 100644
--- a/README.FIPS
+++ b/README.FIPS
@@ -3,13 +3,15 @@ User guide for the FIPS Red Hat Enterprise Linux - OpenSSL Module
 
 This package contains libraries which comprise the FIPS 140-2
 Red Hat Enterprise Linux - OPENSSL Module.
+Note that the openssl-fips subpackage needs to be installed for the
+OpenSSL FIPS module installation to be complete.
 
 The module files
 ================
-/usr/lib[64]/libcrypto.so.1.0.0d
-/usr/lib[64]/libssl.so.1.0.0d
-/usr/lib[64]/.libcrypto.so.1.0.0d.hmac
-/usr/lib[64]/.libssl.so.1.0.0d.hmac
+/usr/lib[64]/libcrypto.so.1.0.1e
+/usr/lib[64]/libssl.so.1.0.1e
+/usr/lib[64]/.libcrypto.so.1.0.1e.hmac
+/usr/lib[64]/.libssl.so.1.0.1e.hmac
 
 Dependencies
 ============

diff --git a/openssl-fips.conf b/openssl-fips.conf
new file mode 100644
index 0000000..e155f61
--- /dev/null
+++ b/openssl-fips.conf
@@ -0,0 +1,2 @@
+-b /usr/lib{,64}/libcrypto.so.*
+-b /usr/lib{,64}/libssl.so.*

diff --git a/openssl.spec b/openssl.spec
index 1d524be..68feaec 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -21,7 +21,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.0.1e
-Release: 15%{?dist}
+Release: 16%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -35,6 +35,7 @@ Source8: openssl-thread-test.c
 Source9: opensslconf-new.h
 Source10: opensslconf-new-warning.h
 Source11: README.FIPS
+Source12: openssl-fips.conf
 # Build changes
 Patch1: openssl-1.0.1-beta2-rpmbuild.patch
 Patch2: openssl-1.0.0f-defaults.patch
@@ -136,6 +137,16 @@ OpenSSL is a toolkit for supporting cryptography. The openssl-perl
 package provides Perl scripts for converting certificates and keys
 from other formats to the formats used by the OpenSSL toolkit.
 
+%package fips
+Summary: The FIPS module package for OpenSSL
+Group: System Environment/Libraries
+Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
+
+%description fips
+OpenSSL is a toolkit for supporting cryptography. The openssl-fips
+package provides files that complete the installation of the
+OpenSSL FIPS module.
+
 %prep
 %setup -q -n %{name}-%{version}
 
@@ -372,6 +383,11 @@ install -m644 %{SOURCE9} \
 	$RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf.h
 %endif
 
+#install prelink blacklist
+mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/prelink.conf.d
+install -m644 %{SOURCE12} \
+	$RPM_BUILD_ROOT/%{_sysconfdir}/prelink.conf.d/openssl-fips.conf
+
 # Remove unused files from upstream fips support
 rm -rf $RPM_BUILD_ROOT/%{_bindir}/openssl_fips_fingerprint
 rm -rf $RPM_BUILD_ROOT/%{_libdir}/fips_premain.*
@@ -414,8 +430,6 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
 %attr(0755,root,root) %{_libdir}/libcrypto.so.%{soversion}
 %attr(0755,root,root) %{_libdir}/libssl.so.%{version}
 %attr(0755,root,root) %{_libdir}/libssl.so.%{soversion}
-%attr(0644,root,root) %{_libdir}/.libcrypto.so.*.hmac
-%attr(0644,root,root) %{_libdir}/.libssl.so.*.hmac
 %attr(0755,root,root) %{_libdir}/openssl
 
 %files devel
@@ -436,11 +450,25 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
 %{_sysconfdir}/pki/tls/misc/*.pl
 %{_sysconfdir}/pki/tls/misc/tsget
 
+%files fips
+%defattr(-,root,root)
+%attr(0644,root,root) %{_libdir}/.libcrypto.so.*.hmac
+%attr(0644,root,root) %{_libdir}/.libssl.so.*.hmac
+# We don't want to depend on prelink for this directory
+%dir %{_sysconfdir}/prelink.conf.d
+%{_sysconfdir}/prelink.conf.d/openssl-fips.conf
+
 %post libs -p /sbin/ldconfig
 
 %postun libs -p /sbin/ldconfig
 
+%post fips
+prelink -u %{_libdir}/libcrypto.so.%{version} %{_libdir}/libssl.so.%{version} 2>/dev/null || :
+
 %changelog
+* Tue Aug 27 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-16
+- add -fips subpackage that contains the FIPS module files
+
 * Fri Aug 16 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-15
 - fix use of rdrand if available
 - more commits cherry picked from upstream

                 reply	other threads:[~2026-06-09 12:42 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=178100897669.1.15707657517557052010.rpms-openssl-bb2f3882f230@fedoraproject.org \
    --to=tmraz@fedoraproject.org \
    --cc=git-commits@fedoraproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox