From aa4d426b4d3527d7e166df1a05058c9a4a0f6683 Mon Sep 17 00:00:00 2001 From: Wojtek Kosior Date: Fri, 30 Apr 2021 00:33:56 +0200 Subject: initial/final commit --- openssl-1.1.0h/util/fipslink.pl | 115 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 115 insertions(+) create mode 100644 openssl-1.1.0h/util/fipslink.pl (limited to 'openssl-1.1.0h/util/fipslink.pl') diff --git a/openssl-1.1.0h/util/fipslink.pl b/openssl-1.1.0h/util/fipslink.pl new file mode 100644 index 0000000..18a9153 --- /dev/null +++ b/openssl-1.1.0h/util/fipslink.pl @@ -0,0 +1,115 @@ +#! /usr/bin/env perl +# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +sub check_env + { + my @ret; + foreach (@_) + { + die "Environment variable $_ not defined!\n" unless exists $ENV{$_}; + push @ret, $ENV{$_}; + } + return @ret; + } + + +my ($fips_cc,$fips_cc_args, $fips_link,$fips_target, $fips_libdir, $sha1_exe) + = check_env("FIPS_CC", "FIPS_CC_ARGS", "FIPS_LINK", "FIPS_TARGET", + "FIPSLIB_D", "FIPS_SHA1_EXE"); + + + +if (exists $ENV{"PREMAIN_DSO_EXE"}) + { + $fips_premain_dso = $ENV{"PREMAIN_DSO_EXE"}; + } + else + { + $fips_premain_dso = ""; + } + +check_hash($sha1_exe, "fips_premain.c"); +check_hash($sha1_exe, "fipscanister.lib"); + + +print "Integrity check OK\n"; + +if (is_premain_linked(@ARGV)) { + print "$fips_cc $fips_cc_args $fips_libdir/fips_premain.c\n"; + system "$fips_cc $fips_cc_args $fips_libdir/fips_premain.c"; + die "First stage Compile failure" if $? != 0; +} elsif (!defined($ENV{FIPS_SIG})) { + die "no fips_premain.obj linked"; +} + +print "$fips_link @ARGV\n"; +system "$fips_link @ARGV"; +die "First stage Link failure" if $? != 0; + +if (defined($ENV{FIPS_SIG})) { + print "$ENV{FIPS_SIG} $fips_target\n"; + system "$ENV{FIPS_SIG} $fips_target"; + die "$ENV{FIPS_SIG} $fips_target failed" if $? != 0; + exit; +} + +print "$fips_premain_dso $fips_target\n"; +system("$fips_premain_dso $fips_target >$fips_target.sha1"); +die "Get hash failure" if $? != 0; +open my $sha1_res, '<', $fips_target.".sha1" or die "Get hash failure"; +$fips_hash=<$sha1_res>; +close $sha1_res; +unlink $fips_target.".sha1"; +$fips_hash =~ s|\R$||; # Better chomp +die "Get hash failure" if $? != 0; + + +print "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c\n"; +system "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c"; +die "Second stage Compile failure" if $? != 0; + + +print "$fips_link @ARGV\n"; +system "$fips_link @ARGV"; +die "Second stage Link failure" if $? != 0; + +sub is_premain_linked + { + return 1 if (grep /fips_premain\.obj/,@_); + foreach (@_) + { + if (/^@(.*)/ && -f $1) + { + open FD,$1 or die "can't open $1"; + my $ret = (grep /fips_premain\.obj/,)?1:0; + close FD; + return $ret; + } + } + return 0; + } + +sub check_hash + { + my ($sha1_exe, $filename) = @_; + my ($hashfile, $hashval); + + open(IN, "${fips_libdir}/${filename}.sha1") || die "Cannot open file hash file ${fips_libdir}/${filename}.sha1"; + $hashfile = ; + close IN; + $hashval = `$sha1_exe ${fips_libdir}/$filename`; + $hashfile =~ s|\R$||; # Better chomp + $hashval =~ s|\R$||; # Better chomp + $hashfile =~ s/^.*=\s+//; + $hashval =~ s/^.*=\s+//; + die "Invalid hash syntax in file" if (length($hashfile) != 40); + die "Invalid hash received for file" if (length($hashval) != 40); + die "***HASH VALUE MISMATCH FOR FILE $filename ***" if ($hashval ne $hashfile); + } + + -- cgit v1.2.3 x packages) #:use-module (guix utils) #:use-module (srfi srfi-1) #:use-module (srfi srfi-2) #:use-module (srfi srfi-26) #:use-module (ice-9 match)) (define-public nfs-utils (package (name "nfs-utils") (version "2.4.3") (source (origin (method url-fetch) (uri (string-append "mirror://kernel.org/linux/utils/nfs-utils/" version "/nfs-utils-" version ".tar.xz")) (sha256 (base32 "16b5y82cjy1cvijg5zmdvivc6sfdlv2slyynxbwwyw43vpjzqrdg")))) (build-system gnu-build-system) (arguments `(#:configure-flags `("--disable-static" "--without-tcp-wrappers" ,(string-append "--with-start-statd=" (assoc-ref %outputs "out") "/sbin/start-statd") ,(string-append "--with-krb5=" (assoc-ref %build-inputs "mit-krb5")) ,(string-append "--with-pluginpath=" (assoc-ref %outputs "out") "/lib/libnfsidmap") "--enable-svcgss") #:phases (modify-phases %standard-phases (add-before 'configure 'adjust-command-file-names (lambda _ ;; Remove assumptions of FHS from start-statd script (substitute* `("utils/statd/start-statd") (("^PATH=.*") "") (("^flock") (string-append (assoc-ref %build-inputs "util-linux") "/bin/flock")) (("^exec rpc.statd") (string-append "exec " (assoc-ref %outputs "out") "/sbin/rpc.statd"))) ;; find rpcgen (substitute* "configure" (("/usr/local/bin/rpcgen") (which "rpcgen"))) ;; This hook tries to write to /var ;; That needs to be done by a service too. (substitute* `("Makefile.in") (("^install-data-hook:") "install-data-hook-disabled-for-guix:")) ;; Replace some hard coded paths. (substitute* `("utils/nfsd/nfssvc.c") (("/bin/mount") (string-append (assoc-ref %build-inputs "util-linux") "/bin/mount"))) (substitute* `("utils/statd/statd.c") (("/usr/sbin/") (string-append (assoc-ref %outputs "out") "/sbin/"))) (substitute* `("utils/mount/Makefile.in" "utils/nfsdcld/Makefile.in" "utils/nfsdcltrack/Makefile.in") (("^sbindir = /sbin") (string-append "sbindir = " (assoc-ref %outputs "out") "/sbin"))) #t))))) (inputs `(("keyutils" ,keyutils) ("libevent" ,libevent) ("rpcsvc-proto" ,rpcsvc-proto) ;for 'rpcgen' ("sqlite" ,sqlite) ("lvm2" ,lvm2) ("util-linux" ,util-linux) ; only for above substitutions ("util-linux:lib" ,util-linux "lib") ; for libblkid ("mit-krb5" ,mit-krb5) ("libtirpc" ,libtirpc) ("python-wrapper" ,python-wrapper))) ;for the Python based tools (native-inputs (list pkg-config)) (home-page "https://www.kernel.org/pub/linux/utils/nfs-utils/") (synopsis "Tools for loading and managing Linux NFS mounts") (description "The Network File System (NFS) was developed to allow machines to mount a disk partition on a remote machine as if it were a local disk. It allows for fast, seamless sharing of files across a network.") ;; It is hard to be sure what the licence is. Most of the source files ;; contain no licence notice at all. A few have a licence notice for a 3 ;; clause non-copyleft licence. However the tarball has a COPYING file ;; with the text of GPLv2 -- It seems then that GLPv2 is the most ;; restrictive licence, and until advice to the contrary we must assume ;; that is what is intended. (license license:gpl2))) (define-public nfs4-acl-tools (package (name "nfs4-acl-tools") (version "0.3.7") (source (origin (method git-fetch) ;; tarballs are available here: ;; http://linux-nfs.org/~bfields/nfs4-acl-tools/ (uri (git-reference (url "git://git.linux-nfs.org/projects/bfields/nfs4-acl-tools.git") (commit (string-append name "-" version)))) (file-name (git-file-name name version)) (sha256 (base32 "0lq9xdaskxysggs918vs8x42xvmg9nj7lla21ni2scw5ljld3h1i")) (patches (search-patches "nfs4-acl-tools-0.3.7-fixpaths.patch")))) (build-system gnu-build-system) (arguments `(#:tests? #f ; no tests #:phases (modify-phases %standard-phases (add-after 'unpack 'fix-bin-sh (lambda _ (substitute* "include/buildmacros" (("/bin/sh") (which "sh"))) #t))))) (native-inputs (list automake autoconf libtool)) (inputs (list attr)) (home-page "https://linux-nfs.org/wiki/index.php/Main_Page") (synopsis "Commandline ACL utilities for the Linux NFSv4 client") (description "This package provides the commandline utilities @command{nfs4_getfacl} and @command{nfs4_setfacl}, which are similar to their POSIX equivalents @command{getfacl} and @command{setfacl}. They fetch and manipulate access control lists for files and directories on NFSv4 mounts.") (license license:bsd-3)))
generated by cgit