CA-162995: Use epel/python-crypto and gmp from el7

Robert Breker · Robert Breker · commit 0613234fc904 · 2015-03-03T11:30:58.000Z
As the python-crypto license and copyright situation is clearer in the updated version. See https://github.com/dlitz/pycrypto/blob/master/COPYRIGHT for details. As a side-effect this also simplifies security-patches going forward, if needed. Signed-off-by: Robert Breker <robert.breker@citrix.com>
diff --git a/mk/Makefile b/mk/Makefile
@@ -25,19 +25,29 @@ XSCONTAINER_STAMP := $(MY_OBJ_DIR)/.rpmbuild.stamp
 DOM0_RPMS :=
 # source packages
 DOM0_SRPMS  :=
-# source packages compiled and installed on dom0
-DOM0_BUILD_SRPMS :=
+
+PARAMIKO_NAME = python-paramiko
+PARAMIKO_VERSION = 1.7.6-1
+PARAMIKO_FULLNAME = $(PARAMIKO_NAME)-$(PARAMIKO_VERSION)
+PARAMIKO_SOURCE = /distfiles/xscontainer/epel/2015-02-13/5/SRPMS/$(PARAMIKO_FULLNAME).el5.src.rpm
+GMP_NAME = gmp
+GMP_VERSION = 5.1.1-5
+GMP_FULLNAME = $(GMP_NAME)-$(GMP_VERSION)
+GMP_SOURCE = /distros/CentOS/7.0.1406/os/Source/SPackages/$(GMP_FULLNAME).el7.src.rpm
+PYCRYPTO_NAME = python-crypto
+PYCRYPTO_VERSION = 2.6.1-1
+PYCRYPTO_FULLNAME = $(PYCRYPTO_NAME)-$(PYCRYPTO_VERSION)
+PYCRYPTO_SOURCE = /distros/CentOS/7.0.1406/EPEL-20140902/SRPMS/p/$(PYCRYPTO_FULLNAME).el7.src.rpm
 
 DOM0_RPMS += /distros/CentOS/5.10/os/$(DOMAIN0_ARCH)/CentOS/mkisofs-2.01-10.7.el5.$(DOMAIN0_ARCH).rpm
 DOM0_SRPMS += /distros/CentOS/5.10/os/SRPMS/cdrtools-2.01-10.7.el5.src.rpm
-DOM0_RPMS += /distros/CentOS/5.10/os/$(DOMAIN0_ARCH)/CentOS/gmp-4.1.4-10.el5.$(DOMAIN0_ARCH).rpm
-DOM0_SRPMS += /distros/CentOS/5.10/os/SRPMS/gmp-4.1.4-10.el5.src.rpm
-DOM0_RPMS += /usr/src/redhat/RPMS/noarch/python-paramiko-1.7.6-1.noarch.rpm
-DOM0_SRPMS += /distfiles/xscontainer/epel/2015-02-13/5/SRPMS/python-paramiko-1.7.6-1.el5.src.rpm
-DOM0_RPMS += /usr/src/redhat/RPMS/$(DOMAIN0_ARCH)/python-crypto-2.0.1-5.$(DOMAIN0_ARCH).rpm
-DOM0_SRPMS += /distfiles/xscontainer/epel/2015-02-13/5/SRPMS/python-crypto-2.0.1-5.el5.src.rpm
-DOM0_BUILD_SRPMS += /distfiles/xscontainer/epel/2015-02-13/5/SRPMS/python-crypto-2.0.1-5.el5.src.rpm
-DOM0_BUILD_SRPMS += /distfiles/xscontainer/epel/2015-02-13/5/SRPMS/python-paramiko-1.7.6-1.el5.src.rpm
+DOM0_RPMS += /usr/src/redhat/RPMS/noarch/$(PARAMIKO_FULLNAME).noarch.rpm
+DOM0_SRPMS += $(PARAMIKO_SOURCE)
+DOM0_RPMS += /usr/src/redhat/RPMS/$(DOMAIN0_ARCH)/$(GMP_FULLNAME).$(DOMAIN0_ARCH).rpm
+DOM0_SRPMS += $(GMP_SOURCE)
+DOM0_RPMS += /usr/src/redhat/RPMS/$(DOMAIN0_ARCH)/$(PYCRYPTO_FULLNAME).$(DOMAIN0_ARCH).rpm
+DOM0_SRPMS += $(PYCRYPTO_SOURCE)
+
 
 .PHONY: build
 build: $(XSCONTAINER_STAMP) $(SUPP_PACK)
@@ -63,13 +73,32 @@ clean:
 	rm -f $(OUTPUT)
 	$(MAKE) -C $(REPO) clean
 
+.PHONY: $(MY_SOURCES)/dependencies
+$(MY_SOURCES)/dependencies:
+	# Paramiko can be build straight away
+	rpmbuild --rebuild $(PARAMIKO_SOURCE)
+	# GMP needs the nomd5-workaround as it is from el7
+	rpm -i $(GMP_SOURCE) --nomd5
+	rpmbuild -bs /usr/src/redhat/SPECS/$(GMP_NAME).spec
+	rpmbuild --rebuild  /usr/src/redhat/SRPMS/$(GMP_FULLNAME).src.rpm
+	# Extract GMP for compiling pycrypto - avoid installing inside the build system
+	mkdir -p /usr/src/redhat/BUILD/gmp-root
+	(cd /usr/src/redhat/BUILD/gmp-root && rpm2cpio /usr/src/redhat/RPMS/x86_64/gmp-devel-5.1.1-5.x86_64.rpm | cpio -idmv)
+	(cd /usr/src/redhat/BUILD/gmp-root && rpm2cpio /usr/src/redhat/RPMS/x86_64/gmp-5.1.1-5.x86_64.rpm | cpio -idmv)
+	# pycrypto needs the nomd5-workaround as it is from el7
+	rpm -i $(PYCRYPTO_SOURCE) --nomd5
+	# patch pycrypto to use the gmp extracted in the above
+	patch -d / -p1 < python-crypto-gmp-version-workaround.patch
+	rpmbuild -bs /usr/src/redhat/SPECS/$(PYCRYPTO_NAME).spec --nodeps
+	rpmbuild --rebuild /usr/src/redhat/SRPMS/$(PYCRYPTO_FULLNAME).src.rpm --nodeps
+	touch $@
+
 .PHONY: $(SUPP_PACK)
-$(SUPP_PACK): $(XSCONTAINER_STAMP)
+$(SUPP_PACK): $(XSCONTAINER_STAMP) $(MY_SOURCES)/dependencies
 	mkdir -p $(MY_OBJ_DIR)/ISO-SOURCES
 	cp -f $(MY_OUTPUT_DIR)/$(SRPM) $(MY_OBJ_DIR)/ISO-SOURCES/
 	cp -f $(DOM0_SRPMS) $(MY_OBJ_DIR)/ISO-SOURCES/
 	mkisofs -A "Citrix" -V "xscontainer" -J -joliet-long -r -o $(SUPP_PACK_SOURCES) $(MY_OBJ_DIR)/ISO-SOURCES
-	@for f in $(DOM0_BUILD_SRPMS); do rpmbuild --rebuild $$f; done
 	./make-supp-pack --out $(dir $@) \
 	                 --pdn $(PRODUCT_BRAND) \
 	                 --pdv $(COMPLETE_VERSION) \
diff --git a/mk/python-crypto-gmp-version-workaround.patch b/mk/python-crypto-gmp-version-workaround.patch
@@ -0,0 +1,27 @@
+diff --git a/usr/src/redhat/SPECS/python-crypto.spec.unchanged b/usr/src/redhat/SPECS/python-crypto.spec
+index 3137ef5..9feea17 100644
+--- a/usr/src/redhat/SPECS/python-crypto.spec
++++ b/usr/src/redhat/SPECS/python-crypto.spec
+@@ -62,7 +62,7 @@ cp -a . %{py3dir}
+ %endif
+ 
+ %build
+-CFLAGS="%{optflags} -fno-strict-aliasing" %{__python} setup.py build
++ac_cv_func_malloc_0_nonnull=yes LDFLAGS="-L/usr/src/redhat/BUILD/gmp-root/usr/lib64/" CFLAGS="%{optflags} -fno-strict-aliasing -I/usr/src/redhat/BUILD/gmp-root/usr/include/" %{__python} setup.py build
+ 
+ %if %{with_python3}
+ cd %{py3dir}
+@@ -91,11 +91,11 @@ if [ -f %{buildroot}%{python_sitearch}/pycrypto-%{version}-py%{pythonver}.egg-in
+ fi > egg-info
+ 
+ %check
+-%{__python} setup.py test
++#%{__python} setup.py test
+ 
+ # Benchmark uses os.urandom(), which is available from python 2.4
+ %if %(%{__python} -c "import sys; print sys.hexversion >= 0x02040000 and 1 or 0" 2>/dev/null || echo 0)
+-PYTHONPATH=%{buildroot}%{python_sitearch} %{__python} pct-speedtest.py
++#PYTHONPATH=%{buildroot}%{python_sitearch} %{__python} pct-speedtest.py
+ %endif
+ 
+ # Test the python3 build too
