| |
@@ -41,6 +41,13 @@
|
| |
%endif
|
| |
|
| |
|
| |
+ %define fips_requires() %{lua:
|
| |
+ local f = assert(io.popen("rpm -q --queryformat '%{EVR}' --whatprovides "..rpm.expand("'%1%{?_isa}'")))
|
| |
+ local v = f:read("*all")
|
| |
+ f:close()
|
| |
+ print("Requires: "..rpm.expand("%1%{?_isa}").." = "..v.."\\n")
|
| |
+ }
|
| |
+
|
| |
Summary: A TLS protocol implementation
|
| |
Name: gnutls
|
| |
# The libraries are LGPLv2.1+, utilities are GPLv3+
|
| |
@@ -71,6 +78,7 @@
|
| |
Requires: crypto-policies
|
| |
Requires: p11-kit-trust
|
| |
Requires: libtasn1 >= 4.3
|
| |
+ # always bump when a nettle release is packaged
|
| |
Requires: nettle >= 3.9.1
|
| |
%if %{with tpm12}
|
| |
Recommends: trousers >= 0.3.11.2
|
| |
@@ -136,6 +144,14 @@
|
| |
Requires: %{name}%{?_isa} = %{version}-%{release}
|
| |
%endif
|
| |
|
| |
+ %if %{with fips}
|
| |
+ %package fips
|
| |
+ Summary: Virtual package to install packages required to use %{name} under FIPS mode
|
| |
+ Requires: %{name}%{?_isa} = %{version}-%{release}
|
| |
+ %{fips_requires nettle}
|
| |
+ %{fips_requires gmp}
|
| |
+ %endif
|
| |
+
|
| |
%description
|
| |
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
|
| |
protocols and technologies around them. It provides a simple C language
|
| |
@@ -179,6 +195,17 @@
|
| |
TLS certificates through DNSSEC.
|
| |
%endif
|
| |
|
| |
+ %if %{with fips}
|
| |
+ %description fips
|
| |
+ GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
|
| |
+ protocols and technologies around them. It provides a simple C language
|
| |
+ application programming interface (API) to access the secure communications
|
| |
+ protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and
|
| |
+ other required structures.
|
| |
+ This package does not contain any file, but installs required packages
|
| |
+ to use GnuTLS under FIPS mode.
|
| |
+ %endif
|
| |
+
|
| |
%if %{with mingw}
|
| |
%package -n mingw32-%{name}
|
| |
Summary: MinGW GnuTLS TLS/SSL encryption library
|
| |
@@ -433,6 +460,10 @@
|
| |
%{_libdir}/libgnutls-dane.so.*
|
| |
%endif
|
| |
|
| |
+ %if %{with fips}
|
| |
+ %files fips
|
| |
+ %endif
|
| |
+
|
| |
%if %{with mingw}
|
| |
%files -n mingw32-%{name}
|
| |
%license LICENSE doc/COPYING doc/COPYING.LESSER
|
| |
This adds a new subpackage
gnutls-fips
with strict versionrequirements to nettle and gmp under FIPS, as gnutls now calculates
library integrity (HMAC) over those libraries.