#1 Implement bootstrap logic for so-name bumps
Merged 2 months ago by ueno. Opened 2 months ago by ueno.
rpms/ ueno/nettle wip/dueno/bootstrap  into  master

@@ -0,0 +1,181 @@ 

+ diff --git a/examples/ecc-benchmark.c b/examples/ecc-benchmark.c

+ index 8e5e095..720d483 100644

+ --- a/examples/ecc-benchmark.c

+ +++ b/examples/ecc-benchmark.c

+ @@ -330,8 +330,6 @@ bench_curve (const struct ecc_curve *ecc)

+  }

+  

+  const struct ecc_curve * const curves[] = {

+ -  &nettle_secp_192r1,

+ -  &nettle_secp_224r1,

+    &_nettle_curve25519,

+    &nettle_secp_256r1,

+    &nettle_secp_384r1,

+ diff --git a/examples/hogweed-benchmark.c b/examples/hogweed-benchmark.c

+ index 3fabe20..0223fe7 100644

+ --- a/examples/hogweed-benchmark.c

+ +++ b/examples/hogweed-benchmark.c

+ @@ -393,24 +393,6 @@ bench_ecdsa_init (unsigned size)

+  

+    switch (size)

+      {

+ -    case 192:

+ -      ecc = &nettle_secp_192r1;

+ -      xs = "8e8e07360350fb6b7ad8370cfd32fa8c6bba785e6e200599";

+ -      ys = "7f82ddb58a43d59ff8dc66053002b918b99bd01bd68d6736";

+ -      zs = "f2e620e086d658b4b507996988480917640e4dc107808bdd";

+ -      ctx->digest = hash_string (&nettle_sha1, "abc");

+ -      ctx->digest_size = 20;

+ -      break;

+ -    case 224:

+ -      ecc = &nettle_secp_224r1;

+ -      xs = "993bf363f4f2bc0f255f22563980449164e9c894d9efd088d7b77334";

+ -      ys = "b75fff9849997d02d135140e4d0030944589586e22df1fc4b629082a";

+ -      zs = "cdfd01838247f5de3cc70b688418046f10a2bfaca6de9ec836d48c27";

+ -      ctx->digest = hash_string (&nettle_sha224, "abc");

+ -      ctx->digest_size = 28;

+ -      break;

+ -

+ -      /* From RFC 4754 */

+      case 256:

+        ecc = &nettle_secp_256r1;

+        xs = "2442A5CC 0ECD015F A3CA31DC 8E2BBC70 BF42D60C BCA20085 E0822CB0 4235E970";

+ @@ -581,16 +563,6 @@ bench_openssl_ecdsa_init (unsigned size)

+  

+    switch (size)

+      {

+ -    case 192:

+ -      ctx->key = EC_KEY_new_by_curve_name (NID_X9_62_prime192v1);

+ -      ctx->digest_length = 24; /* truncated */

+ -      ctx->digest = hash_string (&nettle_sha224, "abc");

+ -      break;

+ -    case 224:

+ -      ctx->key = EC_KEY_new_by_curve_name (NID_secp224r1);

+ -      ctx->digest_length = SHA224_DIGEST_SIZE;

+ -      ctx->digest = hash_string (&nettle_sha224, "abc");

+ -      break;

+      case 256:

+        ctx->key = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1);

+        ctx->digest_length = SHA256_DIGEST_SIZE;

+ @@ -701,14 +673,10 @@ struct alg alg_list[] = {

+  #if 0

+    { "dsa",2048, bench_dsa_init, bench_dsa_sign,   bench_dsa_verify, bench_dsa_clear },

+  #endif

+ -  { "ecdsa",  192, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },

+ -  { "ecdsa",  224, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },

+    { "ecdsa",  256, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },

+    { "ecdsa",  384, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },

+    { "ecdsa",  521, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },

+  #if WITH_OPENSSL

+ -  { "ecdsa (openssl)",  192, bench_openssl_ecdsa_init, bench_openssl_ecdsa_sign, bench_openssl_ecdsa_verify, bench_openssl_ecdsa_clear },

+ -  { "ecdsa (openssl)",  224, bench_openssl_ecdsa_init, bench_openssl_ecdsa_sign, bench_openssl_ecdsa_verify, bench_openssl_ecdsa_clear },

+    { "ecdsa (openssl)",  256, bench_openssl_ecdsa_init, bench_openssl_ecdsa_sign, bench_openssl_ecdsa_verify, bench_openssl_ecdsa_clear },

+    { "ecdsa (openssl)",  384, bench_openssl_ecdsa_init, bench_openssl_ecdsa_sign, bench_openssl_ecdsa_verify, bench_openssl_ecdsa_clear },

+    { "ecdsa (openssl)",  521, bench_openssl_ecdsa_init, bench_openssl_ecdsa_sign, bench_openssl_ecdsa_verify, bench_openssl_ecdsa_clear },

+ diff --git a/testsuite/ecdh-test.c b/testsuite/ecdh-test.c

+ index 5a2b39d..08870b1 100644

+ --- a/testsuite/ecdh-test.c

+ +++ b/testsuite/ecdh-test.c

+ @@ -138,26 +138,6 @@ test_dh (const char *name, const struct ecc_curve *ecc,

+  void

+  test_main(void)

+  {

+ -  test_dh ("secp-192r1", &nettle_secp_192r1,

+ -	   "3406157206141798348095184987208239421004566462391397236532",

+ -	   "1050363442265225480786760666329560655512990381040021438562",

+ -	   "5298249600854377235107392014200406283816103564916230704184",

+ -	   "738368960171459956677260317271477822683777845013274506165",

+ -	   "2585840779771604687467445319428618542927556223024046979917",

+ -	   "293088185788565313717816218507714888251468410990708684573",

+ -	   "149293809021051532782730990145509724807636529827149481690",

+ -	   "2891131861147398318714693938158856874319184314120776776192");

+ -

+ -  test_dh ("secp-224r1", &nettle_secp_224r1,

+ -	   "1321072106881784386340709783538698930880431939595776773514895067682",

+ -	   "6768311794185371282972144247871764855860666277647541840973645586477",

+ -	   "2880077809069104378181313860274147139049600284805670362929579614547",

+ -	   "13934723037778859565852601874354272638301919827851286722006496784914",

+ -	   "373124771833407982305885866158843810218322878380632071540538232035",

+ -	   "24223309755162432227459925493224336241652868856405241018762887667883",

+ -	   "8330362698029245839097779050425944245826040430538860338085968752913",

+ -	   "24167244512472228715617822000878192535267113543393576038737592837010");	   

+ -

+    test_dh ("secp-256r1", &nettle_secp_256r1,

+  	   "94731533361265297353914491124013058635674217345912524033267198103710636378786",

+  	   "22441589863306126152768848344973918725077248391248404659242620344938484650846",

+ diff --git a/testsuite/ecdsa-sign-test.c b/testsuite/ecdsa-sign-test.c

+ index 559de8e..1ca36c2 100644

+ --- a/testsuite/ecdsa-sign-test.c

+ +++ b/testsuite/ecdsa-sign-test.c

+ @@ -60,37 +60,6 @@ test_main (void)

+  {

+    /* Test cases for the smaller groups, verified with a

+       proof-of-concept implementation done for Yubico AB. */

+ -  test_ecdsa (&nettle_secp_192r1,

+ -	      "DC51D3866A15BACDE33D96F992FCA99D"

+ -	      "A7E6EF0934E70975", /* z */

+ -

+ -	      "9E56F509196784D963D1C0A401510EE7"

+ -	      "ADA3DCC5DEE04B15", /* k */

+ -

+ -	      SHEX("BA7816BF8F01CFEA414140DE5DAE2223"

+ -		   "B00361A396177A9C"), /* h */

+ -

+ -	      "8c478db6a5c131540cebc739f9c0a9a8"

+ -	      "c720c2abdd14a891", /* r */

+ -

+ -	      "a91fb738f9f175d72f9c98527e881c36"

+ -	      "8de68cb55ffe589"); /* s */

+ -

+ -  test_ecdsa (&nettle_secp_224r1,

+ -	      "446df0a771ed58403ca9cb316e617f6b"

+ -	      "158420465d00a69601e22858",  /* z */

+ -

+ -	      "4c13f1905ad7eb201178bc08e0c9267b"

+ -	      "4751c15d5e1831ca214c33f4",  /* z */

+ -

+ -	      SHEX("1b28a611fe62ab3649350525d06703ba"

+ -		   "4b979a1e543566fd5caa85c6"),  /* h */

+ -

+ -	      "2cc280778f3d067df6d3adbe3a6aad63"

+ -	      "bc75f08f5c5f915411902a99",  /* r */ 

+ -

+ -	      "d0f069fd0f108eb07b7bbc54c8d6c88d"

+ -	      "f2715c38a95c31a2b486995f"); /* s */

+  

+    /* From RFC 4754 */

+    test_ecdsa (&nettle_secp_256r1,

+ diff --git a/testsuite/testutils.c b/testsuite/testutils.c

+ index 6f89761..901f62b 100644

+ --- a/testsuite/testutils.c

+ +++ b/testsuite/testutils.c

+ @@ -1212,8 +1212,6 @@ test_dsa_key(const struct dsa_params *params,

+  }

+  

+  const struct ecc_curve * const ecc_curves[] = {

+ -  &nettle_secp_192r1,

+ -  &nettle_secp_224r1,

+    &nettle_secp_256r1,

+    &nettle_secp_384r1,

+    &nettle_secp_521r1,

+ @@ -1270,20 +1268,6 @@ test_ecc_mul_a (unsigned curve, unsigned n, const mp_limb_t *p)

+  {

+    /* For each curve, the points 2 g, 3 g and 4 g */

+    static const struct ecc_ref_point ref[6][3] = {

+ -    { { "dafebf5828783f2ad35534631588a3f629a70fb16982a888",

+ -	"dd6bda0d993da0fa46b27bbc141b868f59331afa5c7e93ab" },

+ -      { "76e32a2557599e6edcd283201fb2b9aadfd0d359cbb263da",

+ -	"782c37e372ba4520aa62e0fed121d49ef3b543660cfd05fd" },

+ -      { "35433907297cc378b0015703374729d7a4fe46647084e4ba",

+ -	"a2649984f2135c301ea3acb0776cd4f125389b311db3be32" }

+ -    },

+ -    { { "706a46dc76dcb76798e60e6d89474788d16dc18032d268fd1a704fa6",

+ -	"1c2b76a7bc25e7702a704fa986892849fca629487acf3709d2e4e8bb" },

+ -      { "df1b1d66a551d0d31eff822558b9d2cc75c2180279fe0d08fd896d04",

+ -	"a3f7f03cadd0be444c0aa56830130ddf77d317344e1af3591981a925" },

+ -      { "ae99feebb5d26945b54892092a8aee02912930fa41cd114e40447301",

+ -	"482580a0ec5bc47e88bc8c378632cd196cb3fa058a7114eb03054c9" },

+ -    },

+      { { "7cf27b188d034f7e8a52380304b51ac3c08969e277f21b35a60b48fc47669978",

+  	"7775510db8ed040293d9ac69f7430dbba7dade63ce982299e04b79d227873d1" },

+        { "5ecbe4d1a6330a44c8f7ef951d4bf165e6c6b721efada985fb41661bc6e7fd6c",

file modified
+75 -11

@@ -1,3 +1,16 @@ 

+ # Recent so-version, so we do not bump accidentally.

+ %global nettle_so_ver 7

+ %global hogweed_so_ver 5

+ 

+ # Set to 1 when building a bootstrap for a bumped so-name.

+ %global bootstrap 0

+ 

+ %if 0%{?bootstrap}

+ %global version_old 3.4.1rc1

+ %global nettle_so_ver_old 6

+ %global hogweed_so_ver_old 4

+ %endif

+ 

  %bcond_without fips

  

  Name:           nettle

@@ -9,6 +22,10 @@ 

  URL:            http://www.lysator.liu.se/~nisse/nettle/

  Source0:	%{name}-%{version}-hobbled.tar.xz

  #Source0:        http://www.lysator.liu.se/~nisse/archive/%{name}-%{version}.tar.gz

+ %if 0%{?bootstrap}

+ Source1:	%{name}-%{version_old}-hobbled.tar.xz

+ Source2:	nettle-3.3-remove-ecc-testsuite.patch

+ %endif

  Patch0:		nettle-3.5-remove-ecc-testsuite.patch

  Patch1:		nettle-3.4-annocheck.patch

  

@@ -39,7 +56,21 @@ 

  

  

  %prep

- %autosetup -p1

+ %autosetup -Tb 0 -p1

+ 

+ %if 0%{?bootstrap}

+ mkdir -p bootstrap_ver

+ pushd bootstrap_ver

+ tar --strip-components=1 -xf %{SOURCE1}

+ patch -p1 < %{SOURCE2}

+ 

+ # Disable -ggdb3 which makes debugedit unhappy

+ sed s/ggdb3/g/ -i configure

+ sed 's/ecc-192.c//g' -i Makefile.in

+ sed 's/ecc-224.c//g' -i Makefile.in

+ popd

+ %endif

+ 

  # Disable -ggdb3 which makes debugedit unhappy

  sed s/ggdb3/g/ -i configure

  sed 's/ecc-192.c//g' -i Makefile.in

@@ -50,19 +81,46 @@ 

  %configure --enable-shared --enable-fat

  make %{?_smp_mflags}

  

+ %if 0%{?bootstrap}

+ pushd bootstrap_ver

+ autoconf

+ %configure --with-tests

+ %make_build

+ popd

+ %endif

+ 

  %if %{with fips}

+ %define fipshmac() \

+ 	fipshmac -d $RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libdir}/%1.* \

+ 	file=`basename $RPM_BUILD_ROOT%{_libdir}/%1.*.hmac` && \

+ 	mv $RPM_BUILD_ROOT%{_libdir}/$file $RPM_BUILD_ROOT%{_libdir}/.$file && \

+ 	ln -s .$file $RPM_BUILD_ROOT%{_libdir}/.%1.hmac

+ 

+ %if 0%{?bootstrap}

+ %define bootstrap_fips 1

+ %endif

+ 

  %define __spec_install_post \

  	%{?__debug_package:%{__debug_install_post}} \

  	%{__arch_install_post} \

  	%{__os_install_post} \

- 	fipshmac -d $RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libdir}/libnettle.so.7.* \

- 	fipshmac -d $RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libdir}/libhogweed.so.5.* \

- 	file=`basename $RPM_BUILD_ROOT%{_libdir}/libnettle.so.7.*.hmac` && mv $RPM_BUILD_ROOT%{_libdir}/$file $RPM_BUILD_ROOT%{_libdir}/.$file && ln -s .$file $RPM_BUILD_ROOT%{_libdir}/.libnettle.so.7.hmac \

- 	file=`basename $RPM_BUILD_ROOT%{_libdir}/libhogweed.so.5.*.hmac` && mv $RPM_BUILD_ROOT%{_libdir}/$file $RPM_BUILD_ROOT%{_libdir}/.$file && ln -s .$file $RPM_BUILD_ROOT%{_libdir}/.libhogweed.so.5.hmac \

+ 	%fipshmac libnettle.so.%{nettle_so_ver} \

+ 	%fipshmac libhogweed.so.%{hogweed_so_ver} \

+ 	%{?bootstrap_fips:%fipshmac libnettle.so.%{nettle_so_ver_old}} \

+ 	%{?bootstrap_fips:%fipshmac libhogweed.so.%{hogweed_so_ver_old}} \

  %{nil}

  %endif

  

+ 

  %install

+ %if 0%{?bootstrap}

+ make -C bootstrap_ver install-shared-nettle DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p"

+ make -C bootstrap_ver install-shared-hogweed DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p"

+ 

+ chmod 0755 $RPM_BUILD_ROOT%{_libdir}/libnettle.so.%{nettle_so_ver_old}.*

+ chmod 0755 $RPM_BUILD_ROOT%{_libdir}/libhogweed.so.%{hogweed_so_ver_old}.*

+ %endif

+ 

  make install DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p"

  make install-shared DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p"

  mkdir -p $RPM_BUILD_ROOT%{_infodir}

@@ -75,8 +133,8 @@ 

  rm -f $RPM_BUILD_ROOT%{_bindir}/nettle-hash

  rm -f $RPM_BUILD_ROOT%{_bindir}/nettle-pbkdf2

  

- chmod 0755 $RPM_BUILD_ROOT%{_libdir}/libnettle.so.7.*

- chmod 0755 $RPM_BUILD_ROOT%{_libdir}/libhogweed.so.5.*

+ chmod 0755 $RPM_BUILD_ROOT%{_libdir}/libnettle.so.%{nettle_so_ver}.*

+ chmod 0755 $RPM_BUILD_ROOT%{_libdir}/libhogweed.so.%{hogweed_so_ver}.*

  

  %check

  make check

@@ -85,10 +143,16 @@ 

  %doc AUTHORS NEWS README

  %license COPYINGv2 COPYING.LESSERv3

  %{_infodir}/nettle.info.*

- %{_libdir}/libnettle.so.7

- %{_libdir}/libnettle.so.7.*

- %{_libdir}/libhogweed.so.5

- %{_libdir}/libhogweed.so.5.*

+ %{_libdir}/libnettle.so.%{nettle_so_ver}

+ %{_libdir}/libnettle.so.%{nettle_so_ver}.*

+ %{_libdir}/libhogweed.so.%{hogweed_so_ver}

+ %{_libdir}/libhogweed.so.%{hogweed_so_ver}.*

+ %if 0%{?bootstrap}

+ %{_libdir}/libnettle.so.%{nettle_so_ver_old}

+ %{_libdir}/libnettle.so.%{nettle_so_ver_old}.*

+ %{_libdir}/libhogweed.so.%{hogweed_so_ver_old}

+ %{_libdir}/libhogweed.so.%{hogweed_so_ver_old}.*

+ %endif

  %if %{with fips}

  %{_libdir}/.libhogweed.so.*.hmac

  %{_libdir}/.libnettle.so.*.hmac

file modified
+1

@@ -1,1 +1,2 @@ 

+ SHA512 (nettle-3.4.1rc1-hobbled.tar.xz) = f8ef3d484be99130b12ca6069ba69d196b490a382c6f592139466c5c4e40567c626b9a92e32c45d3627d16a3cd275aaeee58a47437c5a91cad75d9752c5da7c0

  SHA512 (nettle-3.5.1-hobbled.tar.xz) = dc67a06e42327bddc10ec303ce49309873aeb6dcd77f2775837d11c2982dcf11c663b712571ebd33862408d1a61c26eca629122ca20a591840777530571aeb9c

This installs the old version of nettle alongside the net version, to avoid possible bootstrapping failures on ABI bump.

Based on:
https://src.fedoraproject.org/rpms/qrencode/c/09e734ba1e283536dc56f9c292deb6b6f91fede2?branch=master

This is such a horrible hack, but it seems to work:
https://kojipkgs.fedoraproject.org//work/tasks/6009/36276009/build.log

Provides: libhogweed.so.4()(64bit) libhogweed.so.4(HOGWEED_4)(64bit) libhogweed.so.5()(64bit) libhogweed.so.5(HOGWEED_5)(64bit) libhogweed.so.5(HOGWEED_INTERNAL_5_0)(64bit) libnettle.so.6()(64bit) libnettle.so.6(NETTLE_6)(64bit) libnettle.so.7()(64bit) libnettle.so.7(NETTLE_7)(64bit) libnettle.so.7(NETTLE_INTERNAL_7_0)(64bit) nettle = 3.5.1-1.fc31 nettle(x86-64) = 3.5.1-1.fc31

rebased onto e0682aa

2 months ago

3 new commits added

  • Implement bootstrap logic for so-name bumps
  • Factor out fipshmac as a macro
  • Reduce the number of hard-coded so-versions
2 months ago

Pull-Request has been merged by ueno

2 months ago