returned lost nss.fips.cfg
This commit is contained in:
Jiri Vanek
parent
e5b29df731
commit
c41e92d502
|
|
@ -391,7 +391,7 @@
|
|||
%global top_level_dir_name %{origin}
|
||||
%global top_level_dir_name_backup %{top_level_dir_name}-backup
|
||||
%global buildver 7
|
||||
%global rpmrelease 3
|
||||
%global rpmrelease 4
|
||||
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
|
||||
%if %is_system_jdk
|
||||
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
|
||||
|
|
@ -628,6 +628,9 @@ Source15: TestSecurityProperties.java
|
|||
# Ensure vendor settings are correct
|
||||
Source16: CheckVendor.java
|
||||
|
||||
# nss fips configuration file
|
||||
Source17: nss.fips.cfg.in
|
||||
|
||||
# Ensure translations are available for new timezones
|
||||
Source18: TestTranslations.java
|
||||
|
||||
|
|
@ -1050,6 +1053,9 @@ done
|
|||
# Setup nss.cfg
|
||||
sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg
|
||||
|
||||
# Setup nss.fips.cfg
|
||||
sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE17} > nss.fips.cfg
|
||||
|
||||
%build
|
||||
%if (0%{?rhel} > 0 && 0%{?rhel} < 8)
|
||||
mkdir bootjdk
|
||||
|
|
@ -1212,6 +1218,9 @@ function installjdk() {
|
|||
# Install nss.cfg right away as we will be using the JRE above
|
||||
install -m 644 nss.cfg ${imagepath}/conf/security/
|
||||
|
||||
# Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies)
|
||||
install -m 644 nss.fips.cfg ${imagepath}/conf/security/
|
||||
|
||||
# Create fake alt-java as a placeholder for future alt-java
|
||||
if [ -d man/man1 ] ; then
|
||||
pushd ${imagepath}
|
||||
|
|
@ -1633,10 +1642,13 @@ done
|
|||
%license %{unpacked_licenses}/%{jdkportablesourcesarchive -- %%{nil}}
|
||||
|
||||
%changelog
|
||||
* Wed May 10 2023 Jiri Vanek <gnu.andrew@redhat.com> - 1:17.0.7.0.7-4
|
||||
- returned lost nss.fips.cfg
|
||||
|
||||
* Wed May 10 2023 Jiri Vanek <gnu.andrew@redhat.com> - 1:17.0.7.0.7-3
|
||||
- enabled all crypto
|
||||
|
||||
* Tue Mar 09 2023 Jiri Vanek <jvanekw@redhat.com> - 1:17.0.7.0.7-2
|
||||
* Tue May 09 2023 Jiri Vanek <jvanekw@redhat.com> - 1:17.0.7.0.7-2
|
||||
- added and applied, on demand, patch2003 jdk8305995-footprint_regression_from_jdk_8224957
|
||||
|
||||
* Wed Apr 26 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.7.0.7
|
||||
|
|
|
|||
|
|
@ -0,0 +1,8 @@
|
|||
name = NSS-FIPS
|
||||
nssLibraryDirectory = @NSS_LIBDIR@
|
||||
nssSecmodDirectory = sql:/etc/pki/nssdb
|
||||
nssDbMode = readOnly
|
||||
nssModule = fips
|
||||
|
||||
attributes(*,CKO_SECRET_KEY,CKK_GENERIC_SECRET)={ CKA_SIGN=true }
|
||||
|
||||
Loading…
Reference in New Issue