#46 Draft: Dynamically generate nettle/gmp dependencies for FIPS
Opened a year ago by ueno. Modified a year ago

file modified
+11 -1
@@ -15,6 +15,13 @@ 

  %bcond_with tpm12

  %bcond_without gost

  

+ %define fips_requires() %{lua:

+ local f = assert(io.popen("rpm -q --queryformat '%{VERSION}-%{RELEASE}' --whatprovides "..rpm.expand("'%1%{?_isa}'")))

+ local v = f:read("*all")

+ f:close()

+ print("Requires: "..rpm.expand("%1%{?_isa}").." = "..v.."\\n")

+ }

+ 

  Summary: A TLS protocol implementation

  Name: gnutls

  # The libraries are LGPLv2.1+, utilities are GPLv3+
@@ -38,7 +45,10 @@ 

  Requires: crypto-policies

  Requires: p11-kit-trust

  Requires: libtasn1 >= 4.3

- Requires: nettle >= 3.4.1

+ %if %{with fips}

+ %{fips_requires nettle}

+ %{fips_requires gmp}

+ %endif

  %if %{with tpm12}

  Recommends: trousers >= 0.3.11.2

  %endif

rebased onto b8b18b6cb27fb1c4acf65919d92d9b055583bfee

a year ago

On current rawhide, it generates:

rpm -qR results_gnutls/3.7.6/6.fc37/gnutls-3.7.6-6.fc36.x86_64.rpm | grep '^\(nettle\|gmp\)'
gmp(x86-64) = 6.2.1-1.fc36
nettle(x86-64) = 3.8-1.fc37

Neat, didn't know it was possible. Less explicit to the reader, but I like the foolprofing. r+

Wait no, I take it back...

If a builder happens to be a multiarch machine, rpm will list the package version twice, resulting in an invalid version.

(a multiarch machine with two versions of the package coinstalled)

rebased onto 1e09d22

a year ago

Yeah, good point; I've changed the selection option from -qa to -q --whatprovides 'nettle(x86-64)'.

Should be fine now, r+

Metadata