PR#46: Draft: Dynamically generate nettle/gmp dependencies for FIPS - rpms/gnutls

Daiki Ueno • a year ago

1e09d22

gnutls.spec

file modified

+11 -1

		`@@ -15,6 +15,13 @@`
		`%bcond_with tpm12`
		`%bcond_without gost`

		`+ %define fips_requires() %{lua:`
		`+ local f = assert(io.popen("rpm -q --queryformat '%{VERSION}-%{RELEASE}' --whatprovides "..rpm.expand("'%1%{?_isa}'")))`
		`+ local v = f:read("*all")`
		`+ f:close()`
		`+ print("Requires: "..rpm.expand("%1%{?_isa}").." = "..v.."\\n")`
		`+ }`
		`+`
		`Summary: A TLS protocol implementation`
		`Name: gnutls`
		`# The libraries are LGPLv2.1+, utilities are GPLv3+`
		`@@ -38,7 +45,10 @@`
		`Requires: crypto-policies`
		`Requires: p11-kit-trust`
		`Requires: libtasn1 >= 4.3`
		`- Requires: nettle >= 3.4.1`
		`+ %if %{with fips}`
		`+ %{fips_requires nettle}`
		`+ %{fips_requires gmp}`
		`+ %endif`
		`%if %{with tpm12}`
		`Recommends: trousers >= 0.3.11.2`
		`%endif`

Signed-off-by: Daiki Ueno dueno@redhat.com

rebased onto b8b18b6cb27fb1c4acf65919d92d9b055583bfee

a year ago

[citest]

On current rawhide, it generates:

rpm -qR results_gnutls/3.7.6/6.fc37/gnutls-3.7.6-6.fc36.x86_64.rpm | grep '^\(nettle\|gmp\)'
gmp(x86-64) = 6.2.1-1.fc36
nettle(x86-64) = 3.8-1.fc37

Neat, didn't know it was possible. Less explicit to the reader, but I like the foolprofing. r+

Wait no, I take it back...

If a builder happens to be a multiarch machine, rpm will list the package version twice, resulting in an invalid version.

(a multiarch machine with two versions of the package coinstalled)

rebased onto 1e09d22

a year ago

Yeah, good point; I've changed the selection option from -qa to -q --whatprovides 'nettle(x86-64)'.

Should be fine now, r+

Assignee

None

Tags

No Tags