returned lost nss.fips.cfg

2023-05-11 15:59:27 +02:00 · 2023-05-11 15:59:27 +02:00 · c41e92d502
commit c41e92d502
parent e5b29df731
2 changed files with 22 additions and 2 deletions
--- a/java-17-openjdk-portable.spec
+++ b/java-17-openjdk-portable.spec
@ -391,7 +391,7 @@
 %global top_level_dir_name   %{origin}
 %global top_level_dir_name_backup %{top_level_dir_name}-backup
 %global buildver        7
-%global rpmrelease      3
+%global rpmrelease      4
 # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
 %if %is_system_jdk
 # Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@ -628,6 +628,9 @@ Source15: TestSecurityProperties.java
 # Ensure vendor settings are correct
 Source16: CheckVendor.java

+# nss fips configuration file
+Source17: nss.fips.cfg.in
+
 # Ensure translations are available for new timezones
 Source18: TestTranslations.java

@ -1050,6 +1053,9 @@ done
 # Setup nss.cfg
 sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg

+# Setup nss.fips.cfg
+sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE17} > nss.fips.cfg
+
 %build
 %if (0%{?rhel} > 0 && 0%{?rhel} < 8)
 mkdir bootjdk
@ -1212,6 +1218,9 @@ function installjdk() {
        # Install nss.cfg right away as we will be using the JRE above
        install -m 644 nss.cfg ${imagepath}/conf/security/

+        # Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies)
+        install -m 644 nss.fips.cfg ${imagepath}/conf/security/
+
        # Create fake alt-java as a placeholder for future alt-java
        if [ -d man/man1 ] ; then
          pushd ${imagepath}
@ -1633,10 +1642,13 @@ done
 %license %{unpacked_licenses}/%{jdkportablesourcesarchive -- %%{nil}}

 %changelog
+* Wed May 10 2023 Jiri Vanek <gnu.andrew@redhat.com> - 1:17.0.7.0.7-4
+- returned lost nss.fips.cfg
+
 * Wed May 10 2023 Jiri Vanek <gnu.andrew@redhat.com> - 1:17.0.7.0.7-3
 - enabled all crypto

-* Tue Mar 09 2023 Jiri Vanek <jvanekw@redhat.com> - 1:17.0.7.0.7-2
+* Tue May 09 2023 Jiri Vanek <jvanekw@redhat.com> - 1:17.0.7.0.7-2
 - added and applied, on demand, patch2003 jdk8305995-footprint_regression_from_jdk_8224957

 * Wed Apr 26 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.7.0.7
--- a/nss.fips.cfg.in
+++ b/nss.fips.cfg.in
@ -0,0 +1,8 @@
+name = NSS-FIPS
+nssLibraryDirectory = @NSS_LIBDIR@
+nssSecmodDirectory = sql:/etc/pki/nssdb
+nssDbMode = readOnly
+nssModule = fips
+
+attributes(*,CKO_SECRET_KEY,CKK_GENERIC_SECRET)={ CKA_SIGN=true }
+