rpms/AusweisApp2
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

merge into: rpms:rawhide
Branches Tags
rpms:rawhide
rpms:main
rpms:f41
rpms:f42
rpms:f43
rpms:f40
rpms:f39
rpms:f38
rpms:f37
rpms:f36
rpms:epel8
rpms:epel9
rpms:f35
rpms:epel8-playground
rpms:f34
rpms:f33
rpms:f31
rpms:f32
rpms:epel7
...
pull from: rpms:f38
Branches Tags
rpms:main
rpms:rawhide
rpms:f41
rpms:f42
rpms:f43
rpms:f40
rpms:f39
rpms:f38
rpms:f37
rpms:f36
rpms:epel8
rpms:epel9
rpms:f35
rpms:epel8-playground
rpms:f34
rpms:f33
rpms:f31
rpms:f32
rpms:epel7
Sign in to create a new pull request.

11 commits
rawhide ... f38

Author SHA1 Message Date
Julian Sikorski
016c08c942 Update to 2.1.1 2024-04-11 20:31:12 +02:00
Julian Sikorski
520d0a2bec Really fix OpenSSL config generation 2024-03-02 19:51:50 +01:00
Julian Sikorski
956b0e586a Fix OpenSSL config generation 2024-03-02 19:35:40 +01:00
Julian Sikorski
15d64f00d1 Add background information for the legacy openssl API patch 2024-03-02 19:35:40 +01:00
Julian Sikorski
3829033411 Update to 2.1.0 2024-03-01 09:49:11 +01:00
Julian Sikorski
c402d3daa3 Update to 2.0.3 2024-01-20 12:46:39 +01:00
Julian Sikorski
a56407eb95 Update to 2.0.2 2024-01-12 20:17:52 +01:00
Julian Sikorski
6234d9f3d5 Force the use of legacy OpenSSL API to fix issues with explicit EC curves 2024-01-05 22:55:10 +01:00
Julian Sikorski
4db057b8ac Add dependencies needed to render the GUI properly 2024-01-02 13:33:31 +01:00
Julian Sikorski
daa75e1321 Convert to %autorelease and %autochangelog 
[skip changelog]
 2024-01-02 13:33:24 +01:00
Julian Sikorski
5b8f5b0184 Update to 2.0.1 
Fix up config.json.in section names
 2023-12-28 16:15:02 +01:00
8 changed files with 610 additions and 222 deletions
Download patch file Download diff file Expand all files Collapse all files

14
.gitignore vendored
View file

@ -1,2 +1,16 @@
/AusweisApp2-*.tar.gz /AusweisApp2-*.tar.gz
/AusweisApp2-pubring.gpg /AusweisApp2-pubring.gpg
/AusweisApp-2.0.1.tar.gz
/AusweisApp-pubring.gpg
/AusweisApp-2.0.2.tar.gz
/AusweisApp-2.0.2.tar.gz.asc
/AusweisApp-2.0.2.tar.gz.sha256
/AusweisApp-2.0.3.tar.gz
/AusweisApp-2.0.3.tar.gz.asc
/AusweisApp-2.0.3.tar.gz.sha256
/AusweisApp-2.1.0.tar.gz
/AusweisApp-2.1.0.tar.gz.asc
/AusweisApp-2.1.0.tar.gz.sha256
/AusweisApp-2.1.1.tar.gz
/AusweisApp-2.1.1.tar.gz.asc
/AusweisApp-2.1.1.tar.gz.sha256

16
AusweisApp2-1.26.7.tar.gz.asc
View file

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEaZvzBVsKSSJO/efHLXR5pTFFEIgFAmTDxJ8ACgkQLXR5pTFF
EIh9Dw//ZMA+HUaRMp9wUCbPxm9XfT2WmVSAdlQPFUcNlue9LTVRGQKzqm0aYHE1
qDjBdg2u5icS+pcZiX8zgnSijsxUIOVlqEeOq3Ww+X4P5LGI9HugVYCUIGAKrSEr
vGNSnsGs7v7akKVjZea45G6hdGOSm1UrPMp36rSCXmEMzuhDVCg76Ue0rHy2uN9D
2rud1CuLSDEKQs3MqkU1E5lRVX2uuKPz8xgVZTxYixJGlfCa7lPlO1dhEJzAqEtN
r1CMDinjYzjTu3K9ecj5w0HuB/w6VNtAchZ6nT4oUNDUp4AzWYcJEhVVN9iqVRdF
FGijIvMdoe1Zb15b6/lLdzqU1jazJN24swvRzcLFPFsfV7trrIThzv+Mf+LfKEwb
qGUp6cm27y0KxXCuszRhwkAvBgPsOyPzlvcWMTUgoa5bLzOdCwB60iQ0ADCaz306
GWLZER98OyLeHLP7E/nSv13GlMckqZkOwcR0Fv6yzY0KIZ86loHMeAbxmIcucnOV
bY8Wffe4wfQQhGY/fsgP5v3swwlv1vBtYfLF4CbcFBiW0WJbD3mkt3hJ24E+nrUl
6vhuoj1RJVkEhhF8gnleSxiH1EfsQcKOWKOO3UDFwUQxwtJJ6f8lQXUP+vB3NP/9
q24xmU1XW4F+F72o2GD262aJn+HpbgWQzUEbMLQx5eAwrs+Dq08=
=Nkl8
-----END PGP SIGNATURE-----

1
AusweisApp2-1.26.7.tar.gz.sha256
View file

@ -1 +0,0 @@
8062fe04332e9a7bee4c75fe3ef3efda6748c1a19a6fda8770f7914939c7bd28 AusweisApp2-1.26.7.tar.gz

362
AusweisApp2-2.0.1-use-legacy-openssl-api.patch Normal file
View file

@ -0,0 +1,362 @@
diff -up AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.cpp.legacyapi AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.cpp
--- AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.cpp.legacyapi 2023-11-08 16:55:33.000000000 +0100
+++ AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.cpp 2024-01-05 22:06:07.585023942 +0100
@@ -182,7 +182,6 @@ QByteArray EcdsaPublicKey::getUncompress
}
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
QSharedPointer<EC_GROUP> EcdsaPublicKey::createGroup(const CurveData& pData) const
{
QSharedPointer<EC_GROUP> group = EcUtil::create(EC_GROUP_new_curve_GFp(pData.p.data(), pData.a.data(), pData.b.data(), nullptr));
@@ -209,8 +208,6 @@ QSharedPointer<EC_GROUP> EcdsaPublicKey:
}
-#endif
-
QSharedPointer<EVP_PKEY> EcdsaPublicKey::createKey(const QByteArray& pPublicPoint) const
{
return createKey(reinterpret_cast<const uchar*>(pPublicPoint.constData()), static_cast<int>(pPublicPoint.size()));
@@ -239,7 +236,6 @@ QSharedPointer<EVP_PKEY> EcdsaPublicKey:
return nullptr;
}
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
const auto& group = createGroup(curveData);
if (group.isNull())
{
@@ -275,39 +271,4 @@ QSharedPointer<EVP_PKEY> EcdsaPublicKey:
return key;
-#else
- const auto& params = EcUtil::create([&curveData, pPublicPoint, pPublicPointLength, this](OSSL_PARAM_BLD* pBuilder){
- return OSSL_PARAM_BLD_push_BN(pBuilder, "p", curveData.p.data())
- && OSSL_PARAM_BLD_push_BN(pBuilder, "a", curveData.a.data())
- && OSSL_PARAM_BLD_push_BN(pBuilder, "b", curveData.b.data())
- && OSSL_PARAM_BLD_push_BN(pBuilder, "order", curveData.order.data())
- && OSSL_PARAM_BLD_push_BN(pBuilder, "cofactor", curveData.cofactor.data())
- && OSSL_PARAM_BLD_push_octet_string(pBuilder, "pub", pPublicPoint, static_cast<size_t>(pPublicPointLength))
- && OSSL_PARAM_BLD_push_octet_string(pBuilder, "generator", mBasePoint->data, static_cast<size_t>(mBasePoint->length))
- && OSSL_PARAM_BLD_push_utf8_string(pBuilder, "field-type", "prime-field", 12);
- });
-
- if (params == nullptr)
- {
- qCCritical(card) << "Cannot set parameter";
- return nullptr;
- }
-
- auto ctx = EcUtil::create(EVP_PKEY_CTX_new_from_name(nullptr, "EC", nullptr));
- if (!EVP_PKEY_fromdata_init(ctx.data()))
- {
- qCCritical(card) << "Cannot init pkey";
- return nullptr;
- }
-
- EVP_PKEY* key = nullptr;
- if (!EVP_PKEY_fromdata(ctx.data(), &key, EVP_PKEY_PUBLIC_KEY, params.data()))
- {
- qCCritical(card) << "Cannot fetch data for pkey";
- return nullptr;
- }
-
- return EcUtil::create(key);
-
-#endif
}
diff -up AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.h.legacyapi AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.h
--- AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.h.legacyapi 2023-11-08 16:55:33.000000000 +0100
+++ AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.h 2024-01-05 21:26:24.850152676 +0100
@@ -13,9 +13,7 @@
#include <openssl/asn1t.h>
#include <openssl/evp.h>
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
- #include <openssl/ec.h>
-#endif
+#include <openssl/ec.h>
namespace governikus
@@ -105,9 +103,7 @@ using EcdsaPublicKey = struct ecdsapubli
[[nodiscard]] CurveData createCurveData() const;
[[nodiscard]] QSharedPointer<EVP_PKEY> createKey(const uchar* pPublicPoint, int pPublicPointLength) const;
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
[[nodiscard]] QSharedPointer<EC_GROUP> createGroup(const CurveData& pData) const;
-#endif
public:
static int decodeCallback(int pOperation, ASN1_VALUE** pVal, const ASN1_ITEM* pIt, void* pExarg);
diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.cpp.legacyapi AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.cpp
--- AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.cpp.legacyapi 2023-11-08 16:55:33.000000000 +0100
+++ AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.cpp 2024-01-05 21:51:28.494919678 +0100
@@ -37,13 +37,8 @@ QByteArray EcdhGenericMapping::generateT
mTerminalKey = EcUtil::generateKey(mCurve);
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- return EcUtil::getEncodedPublicKey(mTerminalKey);
-
-#else
return EcUtil::point2oct(mCurve, EC_KEY_get0_public_key(mTerminalKey.data()));
-#endif
}
@@ -56,12 +51,7 @@ bool EcdhGenericMapping::generateEphemer
return false;
}
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- const QSharedPointer<const EC_POINT> terminalPubKeyPtr = EcUtil::oct2point(mCurve, EcUtil::getEncodedPublicKey(mTerminalKey));
- const EC_POINT* terminalPubKey = terminalPubKeyPtr.data();
-#else
const EC_POINT* terminalPubKey = EC_KEY_get0_public_key(mTerminalKey.data());
-#endif
if (!EC_POINT_cmp(mCurve.data(), terminalPubKey, cardPubKey.data(), nullptr))
{
qCCritical(card) << "The exchanged public keys are equal.";
@@ -81,12 +71,7 @@ bool EcdhGenericMapping::generateEphemer
QSharedPointer<EC_POINT> EcdhGenericMapping::createNewGenerator(const QSharedPointer<const EC_POINT>& pCardPubKey, const QSharedPointer<const BIGNUM>& pS)
{
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- const auto& privKeyPtr = EcUtil::getPrivateKey(mTerminalKey);
- const BIGNUM* privKey = privKeyPtr.data();
-#else
const BIGNUM* privKey = EC_KEY_get0_private_key(mTerminalKey.data());
-#endif
if (!privKey)
{
diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.h.legacyapi AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.h
--- AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.h.legacyapi 2023-11-08 16:55:33.000000000 +0100
+++ AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.h 2024-01-05 21:52:19.801808499 +0100
@@ -22,11 +22,7 @@ class EcdhGenericMapping
private:
const QSharedPointer<EC_GROUP> mCurve;
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- QSharedPointer<EVP_PKEY> mTerminalKey;
-#else
QSharedPointer<EC_KEY> mTerminalKey;
-#endif
QSharedPointer<EC_POINT> createNewGenerator(const QSharedPointer<const EC_POINT>& pCardPubKey, const QSharedPointer<const BIGNUM>& pS);
diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcdhKeyAgreement.cpp.legacyapi AusweisApp-2.0.1/src/card/base/pace/ec/EcdhKeyAgreement.cpp
--- AusweisApp-2.0.1/src/card/base/pace/ec/EcdhKeyAgreement.cpp.legacyapi 2023-11-08 16:55:33.000000000 +0100
+++ AusweisApp-2.0.1/src/card/base/pace/ec/EcdhKeyAgreement.cpp 2024-01-05 21:37:17.920243239 +0100
@@ -105,15 +105,8 @@ KeyAgreement::CardResult EcdhKeyAgreemen
return {CardReturnCode::PROTOCOL_ERROR};
}
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- const QByteArray terminalEphemeralPublicKeyBytes = EcUtil::getEncodedPublicKey(terminalEphemeralKey);
-
- const auto& privKeyPtr = EcUtil::getPrivateKey(terminalEphemeralKey);
- const BIGNUM* terminalEphemeralPrivateKey = privKeyPtr.data();
-#else
const QByteArray terminalEphemeralPublicKeyBytes = EcUtil::point2oct(curve, EC_KEY_get0_public_key(terminalEphemeralKey.data()));
const BIGNUM* const terminalEphemeralPrivateKey = EC_KEY_get0_private_key(terminalEphemeralKey.data());
-#endif
// Make a copy of the terminal public key for later mutual authentication.
mTerminalPublicKey = EcUtil::oct2point(curve, terminalEphemeralPublicKeyBytes);
diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.cpp.legacyapi AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.cpp
--- AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.cpp.legacyapi 2023-11-08 16:55:33.000000000 +0100
+++ AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.cpp 2024-01-05 20:33:28.156797843 +0100
@@ -88,137 +88,6 @@ QSharedPointer<EC_POINT> EcUtil::oct2poi
}
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-QByteArray EcUtil::getEncodedPublicKey(const QSharedPointer<EVP_PKEY>& pKey)
-{
- if (pKey.isNull())
- {
- qCCritical(card) << "Cannot use undefined key";
- return nullptr;
- }
-
- uchar* key = nullptr;
- const size_t length = EVP_PKEY_get1_encoded_public_key(pKey.data(), &key);
- const auto guard = qScopeGuard([key] {
- OPENSSL_free(key);
- });
-
- return length > 0 ? QByteArray(reinterpret_cast<char*>(key), static_cast<int>(length)) : QByteArray();
-}
-
-
-QSharedPointer<BIGNUM> EcUtil::getPrivateKey(const QSharedPointer<const EVP_PKEY>& pKey)
-{
- BIGNUM* privKey = nullptr;
- EVP_PKEY_get_bn_param(pKey.data(), "priv", &privKey);
- return EcUtil::create(privKey);
-}
-
-
-QSharedPointer<OSSL_PARAM> EcUtil::create(const std::function<bool(OSSL_PARAM_BLD* pBuilder)>& pFunc)
-{
- OSSL_PARAM_BLD* bld = OSSL_PARAM_BLD_new();
- const auto guard = qScopeGuard([bld] {
- OSSL_PARAM_BLD_free(bld);
- });
-
- if (bld == nullptr)
- {
- qCCritical(card) << "Cannot create parameter builder";
- return nullptr;
- }
-
- if (OSSL_PARAM* params = nullptr;
- pFunc(bld) && (params = OSSL_PARAM_BLD_to_param(bld)) != nullptr)
- {
- static auto deleter = [](OSSL_PARAM* pParam)
- {
- OSSL_PARAM_free(pParam);
- };
-
- return QSharedPointer<OSSL_PARAM>(params, deleter);
- }
-
- qCCritical(card) << "Cannot create parameter";
- return nullptr;
-}
-
-
-QSharedPointer<EVP_PKEY> EcUtil::generateKey(const QSharedPointer<const EC_GROUP>& pCurve)
-{
- if (pCurve.isNull())
- {
- qCCritical(card) << "Curve is undefined";
- return nullptr;
- }
-
- auto generator = EcUtil::point2oct(pCurve, EC_GROUP_get0_generator(pCurve.data()));
-
- auto order = EcUtil::create(BN_new());
- if (!EC_GROUP_get_order(pCurve.data(), order.data(), nullptr))
- {
- qCCritical(card) << "Cannot fetch order";
- return nullptr;
- }
-
- auto cofactor = EcUtil::create(BN_new());
- if (!EC_GROUP_get_cofactor(pCurve.data(), cofactor.data(), nullptr))
- {
- qCCritical(card) << "Cannot fetch cofactor";
- return nullptr;
- }
-
- auto p = EcUtil::create(BN_new());
- auto a = EcUtil::create(BN_new());
- auto b = EcUtil::create(BN_new());
- if (!EC_GROUP_get_curve(pCurve.data(), p.data(), a.data(), b.data(), nullptr))
- {
- qCCritical(card) << "Cannot fetch a, b or p";
- return nullptr;
- }
-
- const auto& params = EcUtil::create([&p, &a, &b, &order, &cofactor, &generator](OSSL_PARAM_BLD* pBuilder){
- return OSSL_PARAM_BLD_push_BN(pBuilder, "p", p.data())
- && OSSL_PARAM_BLD_push_BN(pBuilder, "a", a.data())
- && OSSL_PARAM_BLD_push_BN(pBuilder, "b", b.data())
- && OSSL_PARAM_BLD_push_BN(pBuilder, "order", order.data())
- && OSSL_PARAM_BLD_push_BN(pBuilder, "cofactor", cofactor.data())
- && OSSL_PARAM_BLD_push_octet_string(pBuilder, "generator", generator.data(), static_cast<size_t>(generator.size()))
- && OSSL_PARAM_BLD_push_utf8_string(pBuilder, "field-type", "prime-field", 12);
- });
-
- if (params == nullptr)
- {
- qCCritical(card) << "Cannot set parameter";
- return nullptr;
- }
-
- auto ctx = EcUtil::create(EVP_PKEY_CTX_new_from_name(nullptr, "EC", nullptr));
- if (!ctx)
- {
- qCCritical(card) << "Cannot create EVP_PKEY_CTX";
- return nullptr;
- }
- EVP_PKEY_keygen_init(ctx.data());
-
- if (!EVP_PKEY_CTX_set_params(ctx.data(), params.data()))
- {
- qCCritical(card) << "Cannot set params to EVP_PKEY_CTX";
- return nullptr;
- }
-
- EVP_PKEY* key = nullptr;
- if (!EVP_PKEY_generate(ctx.data(), &key))
- {
- qCCritical(card) << "Cannot create EVP_PKEY";
- return nullptr;
- }
-
- return EcUtil::create(key);
-}
-
-
-#else
QSharedPointer<EC_KEY> EcUtil::generateKey(const QSharedPointer<const EC_GROUP>& pCurve)
{
if (pCurve.isNull())
@@ -242,6 +111,3 @@ QSharedPointer<EC_KEY> EcUtil::generateK
return key;
}
-
-
-#endif
diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.h.legacyapi AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.h
--- AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.h.legacyapi 2023-11-08 16:55:33.000000000 +0100
+++ AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.h 2024-01-05 22:15:17.157430740 +0100
@@ -30,9 +30,7 @@ class EcUtil
static QSharedPointer<EC_GROUP> create(EC_GROUP* pEcGroup);
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
static QSharedPointer<EC_KEY> create(EC_KEY* pEcKey);
-#endif
static QSharedPointer<EC_POINT> create(EC_POINT* pEcPoint);
@@ -42,14 +40,7 @@ class EcUtil
static QSharedPointer<EVP_PKEY_CTX> create(EVP_PKEY_CTX* pEcGroup);
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- static QByteArray getEncodedPublicKey(const QSharedPointer<EVP_PKEY>& pKey);
- static QSharedPointer<BIGNUM> getPrivateKey(const QSharedPointer<const EVP_PKEY>& pKey);
- static QSharedPointer<OSSL_PARAM> create(const std::function<bool(OSSL_PARAM_BLD* pBuilder)>& pFunc);
- static QSharedPointer<EVP_PKEY> generateKey(const QSharedPointer<const EC_GROUP>& pCurve);
-#else
static QSharedPointer<EC_KEY> generateKey(const QSharedPointer<const EC_GROUP>& pCurve);
-#endif
static QSharedPointer<EC_GROUP> createCurve(int pNid);
};
@@ -66,7 +57,6 @@ inline QSharedPointer<EC_GROUP> EcUtil::
}
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
inline QSharedPointer<EC_KEY> EcUtil::create(EC_KEY* pEcKey)
{
static auto deleter = [](EC_KEY* ecKey)
@@ -78,8 +68,6 @@ inline QSharedPointer<EC_KEY> EcUtil::cr
}
-#endif
-
inline QSharedPointer<EC_POINT> EcUtil::create(EC_POINT* pEcPoint)
{
static auto deleter = [](EC_POINT* ecPoint)

244
AusweisApp2.spec
View file

@ -6,10 +6,10 @@
%{?__debug_package:%{__debug_install_post}} \ %{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \ %{__arch_install_post} \
%{__os_install_post} \ %{__os_install_post} \
fipshmac %{buildroot}%{_bindir}/%{name} \\\ fipshmac %{buildroot}%{_bindir}/%{newname} \\\
%{buildroot}%{_libexecdir}/%{name} \\\ %{buildroot}%{_libexecdir}/%{newname} \\\
%{buildroot}%{_datadir}/%{name}/openssl.cnf \ %{buildroot}%{_datadir}/%{newname}/openssl.cnf \
c="%{buildroot}%{_datadir}/%{name}/config.json" \ c="%{buildroot}%{_datadir}/%{newname}/config.json" \
if [[ -f ${c} ]]; then \ if [[ -f ${c} ]]; then \
fipshmac ${c} \ fipshmac ${c} \
fi \ fi \
@ -37,10 +37,12 @@ fi \
# Package summary. Gets overwritten by subpackages otherwise. # Package summary. Gets overwritten by subpackages otherwise.
%global pkg_sum Online identification with German ID card (Personalausweis) %global pkg_sum Online identification with German ID card (Personalausweis)
# Upstream renamed to AusweisApp with 2.0 release
%global newname AusweisApp
Name: AusweisApp2 Name: AusweisApp2
Version: 1.26.7 Version: 2.1.1
Release: 3%{?dist} Release: %autorelease
Summary: %{pkg_sum} Summary: %{pkg_sum}
License: EUPL 1.2 License: EUPL 1.2
@ -53,15 +55,19 @@ URL: https://www.ausweisapp.bund.de/en
# gpg2 --keyserver keyserver.ubuntu.com --recv-keys 699BF3055B0A49224EFDE7C72D7479A531451088 # gpg2 --keyserver keyserver.ubuntu.com --recv-keys 699BF3055B0A49224EFDE7C72D7479A531451088
# gpg2 --export --export-options export-minimal 699BF3055B0A49224EFDE7C72D7479A531451088 > %%{name}-pubring.gpg # gpg2 --export --export-options export-minimal 699BF3055B0A49224EFDE7C72D7479A531451088 > %%{name}-pubring.gpg
Source0000: %{rel_url}/%{name}-%{version}.tar.gz Source0000: %{rel_url}/%{newname}-%{version}.tar.gz
Source0001: %{rel_url}/%{name}-%{version}.tar.gz.asc Source0001: %{rel_url}/%{newname}-%{version}.tar.gz.asc
Source0002: %{name}-pubring.gpg Source0002: %{name}-pubring.gpg
Source0003: %{rel_url}/%{name}-%{version}.tar.gz.sha256 Source0003: %{rel_url}/%{newname}-%{version}.tar.gz.sha256
Source0004: https://joinup.ec.europa.eu/sites/default/files/custom-page/attachment/2020-03/EUPL-1.2%%20EN.txt#/EUPL-12_EN.txt Source0004: https://joinup.ec.europa.eu/sites/default/files/custom-page/attachment/2020-03/EUPL-1.2%%20EN.txt#/EUPL-12_EN.txt
Source1000: gen_openssl_cnf.py Source1000: gen_openssl_cnf.py
# Downstream. # Downstream.
Patch01000: %{name}-1.24.1-use_Qt_TranslationsPath.patch Patch01000: %{name}-1.24.1-use_Qt_TranslationsPath.patch
# Needed because Fedora's openssl does not support elliptic curves using custom parameters.
# Request to enable them was denied: https://bugzilla.redhat.com/show_bug.cgi?id=2259403
# It is currently not clear if the legacy API works by accident or by design. It does work as of January 2024.
Patch01001: %{name}-2.0.1-use-legacy-openssl-api.patch
BuildRequires: cmake BuildRequires: cmake
BuildRequires: crypto-policies BuildRequires: crypto-policies
@ -124,6 +130,12 @@ Requires: openssl-libs%{?_isa} >= 3.0.8-2
# Needed for running fipscheck on application startup. # Needed for running fipscheck on application startup.
# Requires: fipscheck # Requires: fipscheck
%if 0%{?qt6_build}
# Needed for GUI elements to be rendered
Requires: qt6-qtimageformats%{?_isa}
Requires: qt6-qtsvg%{?_isa}
%endif
%description %description
The AusweisApp2 is a software to identify yourself online The AusweisApp2 is a software to identify yourself online
with your ID card (Personalausweis) or your electronic with your ID card (Personalausweis) or your electronic
@ -180,7 +192,7 @@ pushd %{_sourcedir}
sha256sum -c %{SOURCE3} sha256sum -c %{SOURCE3}
popd popd
%autosetup -p 1 %autosetup -p 1 -n %{newname}-%{version}
install -pm 0644 %{SOURCE4} LICENSE.en.txt install -pm 0644 %{SOURCE4} LICENSE.en.txt
# Generate application specific OpenSSL configuration. # Generate application specific OpenSSL configuration.
@ -192,13 +204,13 @@ install -pm 0644 %{SOURCE4} LICENSE.en.txt
cat << EOF > fedora_%{name}_wrapper.sh cat << EOF > fedora_%{name}_wrapper.sh
#!/bin/sh #!/bin/sh
# /usr/bin/fipscheck \\ # /usr/bin/fipscheck \\
# %{_bindir}/%{name} \\ # %{_bindir}/%{newname} \\
# %{_libexecdir}/%{name} \\ # %{_libexecdir}/%{newname} \\
# %{_datadir}/%{name}/config.json \\ # %{_datadir}/%{newname}/config.json \\
# %{_datadir}/%{name}/openssl.cnf \\ # %{_datadir}/%{newname}/openssl.cnf \\
# || exit \$?; # || exit \$?;
OPENSSL_CONF=%{_datadir}/%{name}/openssl.cnf \\ OPENSSL_CONF=%{_datadir}/%{newname}/openssl.cnf \\
%{_libexecdir}/%{name} "\$@"; %{_libexecdir}/%{newname} "\$@";
EOF EOF
@ -220,13 +232,13 @@ EOF
%if (0%{?fedora} || 0%{?rhel} > 8) %if (0%{?fedora} || 0%{?rhel} > 8)
# Documentation. # Documentation.
%cmake_build --target inst inte notes sdk %cmake_build --target installation_integration notes sdk
%if %{with doxy} %if %{with doxy}
%cmake_build --target doxy %cmake_build --target doxy
%endif %endif
%else %else
# Documentation. # Documentation.
%ninja_build -C %{_vpath_builddir} inst inte notes sdk %ninja_build -C %{_vpath_builddir} installation_integration notes sdk
%if %{with doxy} %if %{with doxy}
%ninja_build -C %{_vpath_builddir} doxy %ninja_build -C %{_vpath_builddir} doxy
%endif %endif
@ -239,29 +251,28 @@ EOF
# Relocate the application binary so we can call it through # Relocate the application binary so we can call it through
# a shell wrapper and move installed files to proper locations. # a shell wrapper and move installed files to proper locations.
mkdir -p %{buildroot}{%{_libexecdir},%{_qt5_translationdir}} mkdir -p %{buildroot}{%{_libexecdir},%{_qt5_translationdir}}
mv %{buildroot}%{_bindir}/%{name} %{buildroot}%{_libexecdir}/%{name} mv %{buildroot}%{_bindir}/%{newname} %{buildroot}%{_libexecdir}/%{newname}
# Install the shell wrapper and custom OpenSSL configuration. # Install the shell wrapper and custom OpenSSL configuration.
install -pm 0755 fedora_%{name}_wrapper.sh %{buildroot}%{_bindir}/%{name} install -pm 0755 fedora_%{name}_wrapper.sh %{buildroot}%{_bindir}/%{newname}
install -pm 0644 fedora_%{name}_openssl.cnf \ install -pm 0644 fedora_%{name}_openssl.cnf \
%{buildroot}%{_datadir}/%{name}/openssl.cnf %{buildroot}%{_datadir}/%{newname}/openssl.cnf
# Move translation in proper location. # Move translation in proper location.
%if !(0%{?qt6_build}) %if !(0%{?qt6_build})
mv %{buildroot}%{_datadir}/%{name}/translations/* \ mv %{buildroot}%{_datadir}/%{newname}/translations/* \
%{buildroot}%{_qt5_translationdir} %{buildroot}%{_qt5_translationdir}
rm -fr %{buildroot}%{_datadir}/%{name}/translations rm -fr %{buildroot}%{_datadir}/%{newname}/translations
%endif %endif
# Excessive docs. # Excessive docs.
mkdir -p %{buildroot}%{_pkgdocdir}/{installation,integration,notes,sdk} mkdir -p %{buildroot}%{_pkgdocdir}/{installation_integration,notes,sdk}
install -pm 0644 README.rst %{buildroot}%{_pkgdocdir} install -pm 0644 README.rst %{buildroot}%{_pkgdocdir}
%if %{with doxy} %if %{with doxy}
mkdir -p %{buildroot}%{_pkgdocdir}/doxy mkdir -p %{buildroot}%{_pkgdocdir}/doxy
cp -a %{_vpath_builddir}/doc/html/* %{buildroot}%{_pkgdocdir}/doxy cp -a %{_vpath_builddir}/doc/html/* %{buildroot}%{_pkgdocdir}/doxy
%endif %endif
cp -a %{_vpath_builddir}/docs/inst/html/* %{buildroot}%{_pkgdocdir}/installation cp -a %{_vpath_builddir}/docs/installation_integration/html/* %{buildroot}%{_pkgdocdir}/installation_integration
cp -a %{_vpath_builddir}/docs/inte/html/* %{buildroot}%{_pkgdocdir}/integration
cp -a %{_vpath_builddir}/docs/notes/html/* %{buildroot}%{_pkgdocdir}/notes cp -a %{_vpath_builddir}/docs/notes/html/* %{buildroot}%{_pkgdocdir}/notes
cp -a %{_vpath_builddir}/docs/sdk/html/* %{buildroot}%{_pkgdocdir}/sdk cp -a %{_vpath_builddir}/docs/sdk/html/* %{buildroot}%{_pkgdocdir}/sdk
find %{buildroot}%{_pkgdocdir} -type d -print0 | xargs -0 chmod -c 0755 find %{buildroot}%{_pkgdocdir} -type d -print0 | xargs -0 chmod -c 0755
@ -291,12 +302,12 @@ desktop-file-validate %{buildroot}%{_datadir}/applications/*.desktop
%license AUTHORS %license AUTHORS
%license LICENSE.en.txt %license LICENSE.en.txt
%license LICENSE.txt %license LICENSE.txt
%{_bindir}/.%{name}.hmac %{_bindir}/.%{newname}.hmac
%{_bindir}/%{name} %{_bindir}/%{newname}
%{_datadir}/applications/com.governikus.%{lc_name}.desktop %{_datadir}/applications/com.governikus.%{lc_name}.desktop
%{_libexecdir}/.%{name}.hmac %{_libexecdir}/.%{newname}.hmac
%{_libexecdir}/%{name} %{_libexecdir}/%{newname}
%{_mandir}/man1/%{name}.1* %{_mandir}/man1/%{newname}.1*
%{_metainfodir}/com.governikus.%{lc_name}.metainfo.xml %{_metainfodir}/com.governikus.%{lc_name}.metainfo.xml
@ -305,7 +316,7 @@ desktop-file-validate %{buildroot}%{_datadir}/applications/*.desktop
%else %else
%files data -f %{lc_name}.icons -f %{lc_name}.lang %files data -f %{lc_name}.icons -f %{lc_name}.lang
%endif %endif
%{_datadir}/%{name} %{_datadir}/%{newname}
%files doc %files doc
@ -314,171 +325,4 @@ desktop-file-validate %{buildroot}%{_datadir}/applications/*.desktop
%changelog %changelog
* Fri Oct 13 2023 Jan Grulich <jgrulich@redhat.com> - 1.26.7-3 %autochangelog
- Rebuild (qt6)
* Thu Oct 05 2023 Jan Grulich <jgrulich@redhat.com> - 1.26.7-2
- Rebuild (qt6)
* Fri Jul 28 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.7-1
- New upstream release
Fixes rhbz#2227358
* Fri Jul 28 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.6-1
- New upstream release
Fixes rhbz#2227095
* Wed Jul 26 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.5-1
- New upstream release
Fixes rhbz#2226708
* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.26.4-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Fri Jul 14 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.4-4
- Rebuild(Qt_6.5)
Fixes rhbz#2222625
* Sun Jun 04 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.4-3
- Rebuild(Qt_6.5)
* Sun May 07 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.4-2
- Rebuild(Qt_6.5)
* Mon May 01 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.4-1
- New upstream release
* Thu Mar 23 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.3-1
- New upstream release
- Enable use of Brainpool ECC
* Sat Jan 28 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.2-2
- Drop Qt6 version lock, as this is already ensured by symbol versioning
* Sun Jan 22 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.2-1
- New upstream release
* Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.24.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Sun Nov 27 2022 Björn Esser <besser82@fedoraproject.org> - 1.24.4-2
- Rebuild(qt6)
* Sun Nov 06 2022 Björn Esser <besser82@fedoraproject.org> - 1.24.4-1
- New upstream release
* Fri Sep 02 2022 Björn Esser <besser82@fedoraproject.org> - 1.24.1-1
- New upstream release
* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.22.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Wed Jan 26 2022 Björn Esser <besser82@fedoraproject.org> - 1.22.3-1
- New upstream release
- Explicitly BR '/usr/bin/fipshmac' instead of fipscheck package
* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.22.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 1.22.2-4
- Rebuilt with OpenSSL 3.0.0
* Tue Aug 31 2021 Björn Esser <besser82@fedoraproject.org> - 1.22.2-3
- Drop forge-macros and perform tarbal verification during %%prep
* Tue Aug 31 2021 Björn Esser <besser82@fedoraproject.org> - 1.22.2-2
- Add a patch to disable use of Brainpool Elliptic Curves
* Sun Aug 22 2021 Björn Esser <besser82@fedoraproject.org> - 1.22.2-1
- New upstream release
- Disable enforcing of FIPS mode for OpenSSL
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.20.2-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Mon Jan 25 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.20.2-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Sun Nov 15 08:50:35 CET 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-10
- Add runtime dependency on qt5-qtquickcontrols2
* Sat Oct 3 12:51:03 CEST 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-9
- Disable fipscheck in shell wrapper as it does not work in Fedora 33+
* Sat Sep 26 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-8
- Make shell wrapper exit with the exit code of fipscheck on failure
* Sat Sep 26 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-7
- Calculate fipshmac for config files and shell wrapper
- Run fipscheck in shell wrapper before application starts
* Fri Sep 25 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-6
- Use a python script to generate a tailored OpenSSL configuration
* Thu Sep 24 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-5
- Some small spec file optimizations
* Thu Sep 24 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-4
- Use a more elaborate application specific OpenSSL configuration
This also re-enables SHA384 hashes in ciphers
* Wed Sep 23 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-3
- Do not enable SHA384 ciphers in custom OpenSSL configuration
* Wed Sep 23 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-2
- Use application specific OpenSSL config through a shell wrapper
* Mon Sep 07 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-1
- New upstream release
* Mon Aug 24 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-3
- Add a patch to load translations from Qt5 TranslationsPath
- Move translation files to proper location
- Drop invokation of ctest, as we cannot run the testsuite
from a release build
- Replace patch adding English license with the actual license file
* Fri Aug 21 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-2
- Add a patch to exclude the build directory in the Doxyfile
- Merge doc-api package with the doc package, since the Doxygen
API documentation can be shipped noarch'ed as well now
* Wed Aug 19 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-1
- Initial import (#1851205)
* Fri Jul 17 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.11
- Use %%cmake_{build,install} macros on newer distributions
* Sat Jul 04 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.10
- Add license text in English language
* Fri Jun 26 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.9
- Also obsolete package with %%{name} previous to this package version
* Fri Jun 26 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.8
- Ensure archful packages always require equal architecture
* Fri Jun 26 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.7
- Make sure permissions of the documentation files are correct
- Remove hidden files in documentation
- Drop 'LICENSE.officially.txt', as it only applies to binary copies,
which are distributed on behalf of the federal government of Germany
* Thu Jun 25 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.6
- Use '--help-all' option when generating man-page
- Split build of Doxygen API docs from building user docs
* Thu Jun 25 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.5
- Add generated man-page
* Thu Jun 25 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.4
- Use a macro for lowercase package name
* Thu Jun 25 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.3
- Use ninja-build instead of GNU Make to speed up the build a bit
* Thu Jun 25 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.2
- Adaptions for building on EPEL
* Wed Jun 24 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.1
- Initial spec file for review

172
changelog Normal file
View file

@ -0,0 +1,172 @@
* Thu Dec 28 2023 Julian Sikorski <belegdol@fedoraproject.org> - 2.0.1-1
- Update to 2.0.1
- Fix up config.json.in section names
* Fri Oct 13 2023 Jan Grulich <jgrulich@redhat.com> - 1.26.7-3
- Rebuild (qt6)
* Thu Oct 05 2023 Jan Grulich <jgrulich@redhat.com> - 1.26.7-2
- Rebuild (qt6)
* Fri Jul 28 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.7-1
- New upstream release
Fixes rhbz#2227358
* Fri Jul 28 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.6-1
- New upstream release
Fixes rhbz#2227095
* Wed Jul 26 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.5-1
- New upstream release
Fixes rhbz#2226708
* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.26.4-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Fri Jul 14 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.4-4
- Rebuild(Qt_6.5)
Fixes rhbz#2222625
* Sun Jun 04 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.4-3
- Rebuild(Qt_6.5)
* Sun May 07 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.4-2
- Rebuild(Qt_6.5)
* Mon May 01 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.4-1
- New upstream release
* Thu Mar 23 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.3-1
- New upstream release
- Enable use of Brainpool ECC
* Sat Jan 28 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.2-2
- Drop Qt6 version lock, as this is already ensured by symbol versioning
* Sun Jan 22 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.2-1
- New upstream release
* Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.24.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Sun Nov 27 2022 Björn Esser <besser82@fedoraproject.org> - 1.24.4-2
- Rebuild(qt6)
* Sun Nov 06 2022 Björn Esser <besser82@fedoraproject.org> - 1.24.4-1
- New upstream release
* Fri Sep 02 2022 Björn Esser <besser82@fedoraproject.org> - 1.24.1-1
- New upstream release
* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.22.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Wed Jan 26 2022 Björn Esser <besser82@fedoraproject.org> - 1.22.3-1
- New upstream release
- Explicitly BR '/usr/bin/fipshmac' instead of fipscheck package
* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.22.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 1.22.2-4
- Rebuilt with OpenSSL 3.0.0
* Tue Aug 31 2021 Björn Esser <besser82@fedoraproject.org> - 1.22.2-3
- Drop forge-macros and perform tarbal verification during %%prep
* Tue Aug 31 2021 Björn Esser <besser82@fedoraproject.org> - 1.22.2-2
- Add a patch to disable use of Brainpool Elliptic Curves
* Sun Aug 22 2021 Björn Esser <besser82@fedoraproject.org> - 1.22.2-1
- New upstream release
- Disable enforcing of FIPS mode for OpenSSL
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.20.2-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Mon Jan 25 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.20.2-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Sun Nov 15 08:50:35 CET 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-10
- Add runtime dependency on qt5-qtquickcontrols2
* Sat Oct 3 12:51:03 CEST 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-9
- Disable fipscheck in shell wrapper as it does not work in Fedora 33+
* Sat Sep 26 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-8
- Make shell wrapper exit with the exit code of fipscheck on failure
* Sat Sep 26 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-7
- Calculate fipshmac for config files and shell wrapper
- Run fipscheck in shell wrapper before application starts
* Fri Sep 25 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-6
- Use a python script to generate a tailored OpenSSL configuration
* Thu Sep 24 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-5
- Some small spec file optimizations
* Thu Sep 24 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-4
- Use a more elaborate application specific OpenSSL configuration
This also re-enables SHA384 hashes in ciphers
* Wed Sep 23 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-3
- Do not enable SHA384 ciphers in custom OpenSSL configuration
* Wed Sep 23 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-2
- Use application specific OpenSSL config through a shell wrapper
* Mon Sep 07 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-1
- New upstream release
* Mon Aug 24 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-3
- Add a patch to load translations from Qt5 TranslationsPath
- Move translation files to proper location
- Drop invokation of ctest, as we cannot run the testsuite
from a release build
- Replace patch adding English license with the actual license file
* Fri Aug 21 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-2
- Add a patch to exclude the build directory in the Doxyfile
- Merge doc-api package with the doc package, since the Doxygen
API documentation can be shipped noarch'ed as well now
* Wed Aug 19 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-1
- Initial import (#1851205)
* Fri Jul 17 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.11
- Use %%cmake_{build,install} macros on newer distributions
* Sat Jul 04 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.10
- Add license text in English language
* Fri Jun 26 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.9
- Also obsolete package with %%{name} previous to this package version
* Fri Jun 26 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.8
- Ensure archful packages always require equal architecture
* Fri Jun 26 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.7
- Make sure permissions of the documentation files are correct
- Remove hidden files in documentation
- Drop 'LICENSE.officially.txt', as it only applies to binary copies,
which are distributed on behalf of the federal government of Germany
* Thu Jun 25 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.6
- Use '--help-all' option when generating man-page
- Split build of Doxygen API docs from building user docs
* Thu Jun 25 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.5
- Add generated man-page
* Thu Jun 25 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.4
- Use a macro for lowercase package name
* Thu Jun 25 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.3
- Use ninja-build instead of GNU Make to speed up the build a bit
* Thu Jun 25 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.2
- Adaptions for building on EPEL
* Wed Jun 24 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.1
- Initial spec file for review

19
gen_openssl_cnf.py
View file

@ -49,8 +49,9 @@ class _Const(object):
return [ return [
'tlsSettings', 'tlsSettings',
'tlsSettingsPsk', 'tlsSettingsPsk',
'tlsSettingsRemoteReader', 'tlsSettingsRemoteIfd',
'tlsSettingsRemoteReaderPairing', 'tlsSettingsRemoteIfdPairing',
'tlsSettingsLocalIfd',
] ]
@constant @constant
@ -75,10 +76,14 @@ class _Const(object):
@constant @constant
def KEYSIZE_SECTIONS(): def KEYSIZE_SECTIONS():
return [ return [
'minStaticKeySizes', 'minKeySizes',
'minEphemeralKeySizes', 'sizesIfd',
] ]
@constant
def KEYSIZE_MIN_SECTION():
return 'min'
@constant @constant
def TLS_VERSIONS(): def TLS_VERSIONS():
return { return {
@ -100,9 +105,15 @@ def get_min_ssl_sec_level(json_data):
if option in json_data[section]: if option in json_data[section]:
if min_keysize > json_data[section][option]: if min_keysize > json_data[section][option]:
min_keysize = json_data[section][option] min_keysize = json_data[section][option]
elif option in json_data[section][CONST.KEYSIZE_MIN_SECTION]:
if min_keysize > json_data[section][CONST.KEYSIZE_MIN_SECTION][option]:
min_keysize = json_data[section][CONST.KEYSIZE_MIN_SECTION][option]
if CONST.KEYSIZE_EC_OPTION in json_data[section]: if CONST.KEYSIZE_EC_OPTION in json_data[section]:
if min_ecsize > json_data[section][CONST.KEYSIZE_EC_OPTION]: if min_ecsize > json_data[section][CONST.KEYSIZE_EC_OPTION]:
min_ecsize = json_data[section][CONST.KEYSIZE_EC_OPTION] min_ecsize = json_data[section][CONST.KEYSIZE_EC_OPTION]
elif CONST.KEYSIZE_EC_OPTION in json_data[section][CONST.KEYSIZE_MIN_SECTION]:
if min_ecsize > json_data[section][CONST.KEYSIZE_MIN_SECTION][CONST.KEYSIZE_EC_OPTION]:
min_ecsize = json_data[section][CONST.KEYSIZE_MIN_SECTION][CONST.KEYSIZE_EC_OPTION]
if min_keysize >= 1000 and min_ecsize >= 160: if min_keysize >= 1000 and min_ecsize >= 160:
sec_level = 1 sec_level = 1

4
sources
View file

@ -1,2 +1,4 @@
SHA512 (AusweisApp2-1.26.7.tar.gz) = 4a94042efc5f95e2df6518fcaf863ed6deebb160d35a5cdd7155a3b6aa6128b213408ce42310d942ee4e83e03cb2c3d898738846bb37995aa1ff03f660ac54b0 SHA512 (AusweisApp-2.1.1.tar.gz) = f2cc9de898c3b2e61eb9ac208a21d60708aceeeb79d73f0382bc4b68e4011178217594bd99ac24b07d0d3fbd80b46e5c3ddc6c76bb764e24dc473197f4e1d4c9
SHA512 (AusweisApp-2.1.1.tar.gz.asc) = 560a7e53f1d991e03d584caf29e158d72b1ca654682a14b2507347deb761b9c333db54550124b380fd2d84a861ea120ef6548075ca76e4b9bf462d9d22ebc725
SHA512 (AusweisApp-2.1.1.tar.gz.sha256) = 49296a1d54b014f74fbda708d3a428178223f476ceb352a781c6942e88a1a853d30bccaa3fafc325944becd4fe61b3036a4e3985d5b185aaf8579ea12c60a40f
SHA512 (AusweisApp2-pubring.gpg) = 3aae27b673f4eb2f7d3bda6c839b3d11829a730bde546e92abb889abb1c2453e786dc906154074485406692f5b9abbb3e1fb293e6b397696b6371016723621cd SHA512 (AusweisApp2-pubring.gpg) = 3aae27b673f4eb2f7d3bda6c839b3d11829a730bde546e92abb889abb1c2453e786dc906154074485406692f5b9abbb3e1fb293e6b397696b6371016723621cd