1 |
guillomovitch |
257018 |
%define maj 1.0.0 |
2 |
blino |
733 |
%define engines_name %mklibname openssl-engines %{maj} |
3 |
|
|
%define libname %mklibname openssl %{maj} |
4 |
|
|
%define develname %mklibname openssl -d |
5 |
|
|
%define staticname %mklibname openssl -s -d |
6 |
|
|
|
7 |
|
|
%define conflict1 %mklibname openssl 0.9.7 |
8 |
|
|
%define conflict2 %mklibname openssl 0.9.8 |
9 |
|
|
|
10 |
|
|
# Number of threads to spawn when testing some threading fixes. |
11 |
|
|
#define thread_test_threads %{?threads:%{threads}}%{!?threads:1} |
12 |
|
|
|
13 |
guillomovitch |
494272 |
%define with_krb5 0 |
14 |
blino |
733 |
|
15 |
|
|
Summary: Secure Sockets Layer communications libs & utils |
16 |
|
|
Name: openssl |
17 |
luigiwalser |
1057012 |
Version: 1.0.2j |
18 |
luigiwalser |
1055424 |
Release: %mkrel 1 |
19 |
blino |
733 |
License: BSD-like |
20 |
|
|
Group: System/Libraries |
21 |
|
|
URL: http://www.openssl.org/ |
22 |
fwang |
394893 |
Source0: http://www.openssl.org/source/%{name}-%{version}.tar.gz |
23 |
|
|
Source1: http://www.openssl.org/source/%{name}-%{version}.tar.gz.asc |
24 |
blino |
733 |
Source2: Makefile.certificate |
25 |
|
|
Source3: make-dummy-cert |
26 |
|
|
Source4: openssl-thread-test.c |
27 |
|
|
# (gb) 0.9.7b-4mdk: Handle RPM_OPT_FLAGS in Configure |
28 |
luigiwalser |
908064 |
Patch2: openssl-1.0.2e-optflags.patch |
29 |
blino |
733 |
# (oe) support Brazilian Government OTHERNAME X509v3 field (#14158) |
30 |
|
|
# http://www.iti.gov.br/resolucoes/RESOLU__O_13_DE_26_04_2002.PDF |
31 |
luigiwalser |
816018 |
Patch6: openssl-1.0.2-icpbrasil.diff |
32 |
guillomovitch |
256937 |
# http://qa.mandriva.com/show_bug.cgi?id=32621 |
33 |
luigiwalser |
816018 |
# patch15 removed: https://bugs.mageia.org/show_bug.cgi?id=15027 |
34 |
|
|
#Patch15: openssl-0.9.8e-crt.patch |
35 |
guillomovitch |
256937 |
|
36 |
|
|
# fedora patches |
37 |
luigiwalser |
816018 |
Patch7: openssl-1.0.2-defaults.patch |
38 |
|
|
Patch12: openssl-1.0.2-x509.patch |
39 |
|
|
Patch13: openssl-1.0.2-version-add-engines.patch |
40 |
|
|
Patch16: openssl-1.0.2-enginesdir.patch |
41 |
|
|
Patch17: openssl-1.0.2-pkgconfig-krb5.patch |
42 |
tmb |
981608 |
Patch18: openssl-1.0.2g-manfix.patch |
43 |
|
|
Patch19: openssl-1.0.2g-disable-sslv2v3.patch |
44 |
guillomovitch |
256937 |
|
45 |
blino |
733 |
# MIPS and ARM support |
46 |
luigiwalser |
818950 |
Patch300: openssl-1.0.2a-mips.patch |
47 |
|
|
Patch301: openssl-1.0.2a-arm.patch |
48 |
blino |
733 |
Requires: %{libname} = %{version}-%{release} |
49 |
|
|
Requires: rootcerts |
50 |
guillomovitch |
337573 |
%if %with_krb5 |
51 |
guillomovitch |
256938 |
BuildRequires: krb5-devel |
52 |
guillomovitch |
337573 |
%endif |
53 |
blino |
733 |
BuildRequires: multiarch-utils >= 1.0.3 |
54 |
|
|
BuildRequires: chrpath |
55 |
|
|
BuildRequires: zlib-devel |
56 |
|
|
# (tv) for test suite: |
57 |
|
|
BuildRequires: bc |
58 |
|
|
|
59 |
|
|
%description |
60 |
|
|
The openssl certificate management tool and the shared libraries that provide |
61 |
|
|
various encryption and decription algorithms and protocols, including DES, RC4, |
62 |
|
|
RSA and SSL. |
63 |
|
|
|
64 |
|
|
%package -n %{engines_name} |
65 |
|
|
Summary: Engines for openssl |
66 |
|
|
Group: System/Libraries |
67 |
|
|
Obsoletes: openssl-engines < 1.0.0a-5 |
68 |
|
|
Provides: openssl-engines = %{version}-%{release} |
69 |
|
|
|
70 |
|
|
%description -n %{engines_name} |
71 |
|
|
This package provides engines for openssl. |
72 |
|
|
|
73 |
|
|
%package -n %{libname} |
74 |
|
|
Summary: Secure Sockets Layer communications libs |
75 |
|
|
Group: System/Libraries |
76 |
|
|
Requires: %{engines_name} >= %{version}-%{release} |
77 |
|
|
Provides: %{libname} = %{version}-%{release} |
78 |
|
|
|
79 |
|
|
%description -n %{libname} |
80 |
|
|
The libraries files are needed for various cryptographic algorithms |
81 |
|
|
and protocols, including DES, RC4, RSA and SSL. |
82 |
|
|
|
83 |
|
|
%package -n %{develname} |
84 |
|
|
Summary: Secure Sockets Layer communications libs & headers & utils |
85 |
|
|
Group: Development/Other |
86 |
|
|
Requires: %{libname} = %{version}-%{release} |
87 |
|
|
Provides: libopenssl-devel |
88 |
|
|
Provides: openssl-devel = %{version}-%{release} |
89 |
|
|
# temporary opsolete, will be a conflict later. a compat package |
90 |
|
|
# with openssl-0.9.7 devel libs will be provided soon |
91 |
|
|
Obsoletes: %{conflict1}-devel |
92 |
|
|
Obsoletes: %{conflict2}-devel |
93 |
|
|
Obsoletes: %{mklibname openssl 1.0.0}-devel |
94 |
|
|
Provides: %{name}-devel = %{version}-%{release} |
95 |
|
|
|
96 |
|
|
%description -n %{develname} |
97 |
|
|
The libraries and include files needed to compile apps with support |
98 |
|
|
for various cryptographic algorithms and protocols, including DES, RC4, RSA |
99 |
|
|
and SSL. |
100 |
|
|
|
101 |
|
|
%package -n %{staticname} |
102 |
|
|
Summary: Secure Sockets Layer communications static libs |
103 |
|
|
Group: Development/Other |
104 |
|
|
Requires: %{develname} = %{version}-%{release} |
105 |
|
|
Provides: libopenssl-static-devel |
106 |
|
|
Provides: openssl-static-devel = %{version}-%{release} |
107 |
|
|
# temporary opsolete, will be a conflict later. a compat package |
108 |
|
|
# with openssl-0.9.7 static-devel libs will be provided soon |
109 |
|
|
Obsoletes: %{conflict1}-static-devel |
110 |
|
|
Obsoletes: %{conflict2}-static-devel |
111 |
|
|
Obsoletes: %{mklibname openssl 1.0.0}-static-devel |
112 |
|
|
Provides: %{name}-static-devel = %{version}-%{release} |
113 |
|
|
|
114 |
|
|
%description -n %{staticname} |
115 |
|
|
The static libraries needed to compile apps with support for various |
116 |
|
|
cryptographic algorithms and protocols, including DES, RC4, RSA and SSL. |
117 |
|
|
|
118 |
tv |
1020393 |
%package perl |
119 |
|
|
Summary: Perl scripts provided with OpenSSL |
120 |
|
|
Group: System/Libraries |
121 |
|
|
Requires: %{name}%{?_isa} = %{version}-%{release} |
122 |
|
|
Conflicts: %name <= 1.0.2h-1.mga6 |
123 |
|
|
|
124 |
|
|
%description perl |
125 |
|
|
OpenSSL is a toolkit for supporting cryptography. The openssl-perl |
126 |
|
|
package provides Perl scripts for converting certificates and keys |
127 |
|
|
from other formats to the formats used by the OpenSSL toolkit. |
128 |
|
|
|
129 |
blino |
733 |
%prep |
130 |
|
|
|
131 |
ovitters |
877880 |
%setup -q |
132 |
blino |
733 |
%patch2 -p1 -b .optflags |
133 |
|
|
%patch6 -p0 -b .icpbrasil |
134 |
|
|
%patch7 -p1 -b .defaults |
135 |
|
|
%patch12 -p1 -b .x509 |
136 |
|
|
%patch13 -p1 -b .version-add-engines |
137 |
luigiwalser |
816018 |
#patch15 -p1 -b .crt |
138 |
guillomovitch |
256937 |
%patch16 -p1 -b .engines |
139 |
guillomovitch |
256938 |
%patch17 -p1 -b .krb5 |
140 |
sander85 |
432014 |
%patch18 -p1 -b .manfix |
141 |
luigiwalser |
792707 |
%patch19 -p1 -b .v2v3 |
142 |
blino |
733 |
|
143 |
|
|
%patch300 -p1 -b .mips |
144 |
|
|
%patch301 -p1 -b .arm |
145 |
|
|
|
146 |
|
|
perl -pi -e "s,^(OPENSSL_LIBNAME=).+$,\1%{_lib}," Makefile.org engines/Makefile |
147 |
|
|
|
148 |
|
|
cp %{SOURCE2} Makefile.certificate |
149 |
|
|
cp %{SOURCE3} make-dummy-cert |
150 |
|
|
cp %{SOURCE4} openssl-thread-test.c |
151 |
|
|
|
152 |
|
|
%build |
153 |
|
|
%serverbuild |
154 |
|
|
|
155 |
|
|
# Figure out which flags we want to use. |
156 |
|
|
# default |
157 |
|
|
sslarch=%{_os}-%{_arch} |
158 |
|
|
%ifarch %ix86 |
159 |
|
|
sslarch=linux-elf |
160 |
|
|
if ! echo %{_target} | grep -q i[56]86 ; then |
161 |
|
|
sslflags="no-asm" |
162 |
|
|
fi |
163 |
|
|
%endif |
164 |
|
|
%ifarch sparcv9 |
165 |
|
|
sslarch=linux-sparcv9 |
166 |
|
|
%endif |
167 |
|
|
%ifarch alpha |
168 |
|
|
sslarch=linux-alpha-gcc |
169 |
|
|
%endif |
170 |
|
|
%ifarch s390 |
171 |
|
|
sslarch="linux-generic32 -DB_ENDIAN -DNO_ASM" |
172 |
|
|
%endif |
173 |
|
|
%ifarch s390x |
174 |
|
|
sslarch="linux-generic64 -DB_ENDIAN -DNO_ASM" |
175 |
|
|
%endif |
176 |
|
|
|
177 |
|
|
# ia64, x86_64, ppc, ppc64 are OK by default |
178 |
|
|
# Configure the build tree. Override OpenSSL defaults with known-good defaults |
179 |
|
|
# usable on all platforms. The Configure script already knows to use -fPIC and |
180 |
|
|
# RPM_OPT_FLAGS, so we can skip specifiying them here. |
181 |
|
|
./Configure \ |
182 |
guillomovitch |
256937 |
--prefix=%{_prefix} \ |
183 |
blino |
733 |
--openssldir=%{_sysconfdir}/pki/tls ${sslflags} \ |
184 |
guillomovitch |
256937 |
--libdir=%{_lib}/ \ |
185 |
guillomovitch |
337573 |
%if %with_krb5 |
186 |
guillomovitch |
256938 |
--with-krb5-flavor=MIT --with-krb5-dir=%{_prefix} \ |
187 |
guillomovitch |
337573 |
%endif |
188 |
guillomovitch |
327008 |
--enginesdir=%{_libdir}/openssl/%{version}/engines \ |
189 |
luigiwalser |
983119 |
zlib no-idea no-rc5 enable-camellia shared enable-tlsext ${sslarch} \ |
190 |
guillomovitch |
639996 |
%ifarch x86_64 |
191 |
|
|
enable-ec_nistp_64_gcc_128 |
192 |
|
|
%endif |
193 |
blino |
733 |
|
194 |
|
|
# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be |
195 |
|
|
# marked as not requiring an executable stack. |
196 |
|
|
RPM_OPT_FLAGS="%{optflags} -Wa,--noexecstack" |
197 |
|
|
make depend |
198 |
|
|
make all build-shared |
199 |
|
|
|
200 |
|
|
# Generate hashes for the included certs. |
201 |
|
|
make rehash build-shared |
202 |
|
|
|
203 |
|
|
%check |
204 |
|
|
# Verify that what was compiled actually works. |
205 |
|
|
export LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}} |
206 |
|
|
|
207 |
|
|
make -C test apps tests |
208 |
|
|
|
209 |
|
|
gcc -o openssl-thread-test \ |
210 |
|
|
%{?_with_krb5:`krb5-config --cflags`} \ |
211 |
|
|
-I./include \ |
212 |
|
|
%{optflags} \ |
213 |
|
|
openssl-thread-test.c \ |
214 |
|
|
-L. -lssl -lcrypto \ |
215 |
|
|
%{?_with_krb5:`krb5-config --libs`} \ |
216 |
|
|
-lpthread -lz -ldl |
217 |
|
|
|
218 |
|
|
./openssl-thread-test --threads %{thread_test_threads} |
219 |
|
|
|
220 |
|
|
%install |
221 |
|
|
%makeinstall \ |
222 |
|
|
INSTALL_PREFIX=%{buildroot} \ |
223 |
|
|
MANDIR=%{_mandir} \ |
224 |
|
|
build-shared |
225 |
|
|
|
226 |
guillomovitch |
327008 |
install -d -m 755 %{buildroot}%{_libdir}/openssl/%{version} |
227 |
|
|
mv %{buildroot}%{_libdir}/engines %{buildroot}%{_libdir}/openssl/%{version} |
228 |
blino |
733 |
|
229 |
|
|
# make the rootcerts dir |
230 |
|
|
install -d %{buildroot}%{_sysconfdir}/pki/tls/rootcerts |
231 |
|
|
|
232 |
|
|
# Install a makefile for generating keys and self-signed certs, and a script |
233 |
|
|
# for generating them on the fly. |
234 |
|
|
install -d %{buildroot}%{_sysconfdir}/pki/tls/certs |
235 |
|
|
install -m0644 Makefile.certificate %{buildroot}%{_sysconfdir}/pki/tls/certs/Makefile |
236 |
|
|
install -m0755 make-dummy-cert %{buildroot}%{_sysconfdir}/pki/tls/certs/make-dummy-cert |
237 |
|
|
|
238 |
|
|
# Pick a CA script. |
239 |
|
|
mv %{buildroot}%{_sysconfdir}/pki/tls/misc/CA.sh %{buildroot}%{_sysconfdir}/pki/tls/misc/CA |
240 |
|
|
|
241 |
|
|
install -d %{buildroot}%{_sysconfdir}/pki/CA |
242 |
|
|
install -d %{buildroot}%{_sysconfdir}/pki/CA/private |
243 |
|
|
|
244 |
|
|
# openssl was named ssleay in "ancient" times. |
245 |
|
|
ln -snf openssl %{buildroot}%{_bindir}/ssleay |
246 |
|
|
|
247 |
|
|
# The man pages rand.3 and passwd.1 conflict with other packages |
248 |
|
|
# Rename them to ssl-* and also make a symlink from openssl-* to ssl-* |
249 |
|
|
mv %{buildroot}%{_mandir}/man1/passwd.1 %{buildroot}%{_mandir}/man1/ssl-passwd.1 |
250 |
oden |
330865 |
ln -sf ssl-passwd.1%{_extension} %{buildroot}%{_mandir}/man1/openssl-passwd.1%{_extension} |
251 |
blino |
733 |
|
252 |
|
|
for i in rand err; do |
253 |
|
|
mv %{buildroot}%{_mandir}/man3/$i.3 %{buildroot}%{_mandir}/man3/ssl-$i.3 |
254 |
oden |
330865 |
ln -snf ssl-$i.3%{_extension} %{buildroot}%{_mandir}/man3/openssl-$i.3%{_extension} |
255 |
blino |
733 |
done |
256 |
|
|
|
257 |
|
|
rm -rf {main,devel}-doc-info |
258 |
|
|
mkdir -p {main,devel}-doc-info |
259 |
guillomovitch |
191621 |
cat > main-doc-info/README.mga <<EOF |
260 |
blino |
733 |
Warning: |
261 |
|
|
The man page of passwd, passwd.1, has been renamed to ssl-passwd.1 |
262 |
|
|
to avoid a conflict with passwd.1 man page from the package passwd. |
263 |
|
|
EOF |
264 |
|
|
|
265 |
guillomovitch |
191621 |
cat > devel-doc-info/README.mga <<EOF |
266 |
blino |
733 |
Warning: |
267 |
|
|
The man page of rand, rand.3, has been renamed to ssl-rand.3 |
268 |
|
|
to avoid a conflict with rand.3 from the package man-pages |
269 |
|
|
The man page of err, err.3, has been renamed to ssl-err.3 |
270 |
|
|
to avoid a conflict with err.3 from the package man-pages |
271 |
|
|
EOF |
272 |
|
|
|
273 |
|
|
chmod 755 %{buildroot}%{_libdir}/pkgconfig |
274 |
|
|
|
275 |
|
|
%multiarch_includes %{buildroot}%{_includedir}/openssl/opensslconf.h |
276 |
|
|
|
277 |
|
|
# strip cannot touch these unless 755 |
278 |
guillomovitch |
327008 |
chmod 755 %{buildroot}%{_libdir}/openssl/%{version}/engines/*.so* |
279 |
blino |
733 |
chmod 755 %{buildroot}%{_libdir}/*.so* |
280 |
|
|
chmod 755 %{buildroot}%{_bindir}/* |
281 |
|
|
|
282 |
|
|
# nuke a mistake |
283 |
|
|
rm -f %{buildroot}%{_mandir}/man3/.3 |
284 |
|
|
|
285 |
|
|
# nuke rpath |
286 |
|
|
chrpath -d %{buildroot}%{_bindir}/openssl |
287 |
|
|
|
288 |
|
|
# Fix libdir. |
289 |
|
|
pushd %{buildroot}%{_libdir}/pkgconfig |
290 |
|
|
for i in *.pc ; do |
291 |
|
|
sed 's,^libdir=${exec_prefix}/lib$,libdir=${exec_prefix}/%{_lib},g' \ |
292 |
|
|
$i >$i.tmp && \ |
293 |
|
|
cat $i.tmp >$i && \ |
294 |
|
|
rm -f $i.tmp |
295 |
|
|
done |
296 |
|
|
popd |
297 |
|
|
|
298 |
|
|
# adjust ssldir |
299 |
|
|
perl -pi -e "s|^CATOP=.*|CATOP=%{_sysconfdir}/pki/tls|g" %{buildroot}%{_sysconfdir}/pki/tls/misc/CA |
300 |
|
|
perl -pi -e "s|^\\\$CATOP\=\".*|\\\$CATOP\=\"%{_sysconfdir}/pki/tls\";|g" %{buildroot}%{_sysconfdir}/pki/tls/misc/CA.pl |
301 |
|
|
perl -pi -e "s|\./demoCA|%{_sysconfdir}/pki/tls|g" %{buildroot}%{_sysconfdir}/pki/tls/openssl.cnf |
302 |
|
|
|
303 |
|
|
%files |
304 |
|
|
%doc FAQ INSTALL LICENSE NEWS PROBLEMS main-doc-info/README* |
305 |
guillomovitch |
256937 |
%doc README README.ASN1 README.ENGINE |
306 |
blino |
733 |
%dir %{_sysconfdir}/pki |
307 |
|
|
%dir %{_sysconfdir}/pki/CA |
308 |
|
|
%dir %{_sysconfdir}/pki/CA/private |
309 |
|
|
%dir %{_sysconfdir}/pki/tls |
310 |
|
|
%dir %{_sysconfdir}/pki/tls/certs |
311 |
|
|
%dir %{_sysconfdir}/pki/tls/misc |
312 |
|
|
%dir %{_sysconfdir}/pki/tls/private |
313 |
|
|
%dir %{_sysconfdir}/pki/tls/rootcerts |
314 |
tv |
1020393 |
%{_sysconfdir}/pki/tls/misc/CA |
315 |
|
|
%{_sysconfdir}/pki/tls/misc/c_* |
316 |
guillomovitch |
191620 |
%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf |
317 |
|
|
%{_sysconfdir}/pki/tls/certs/make-dummy-cert |
318 |
|
|
%{_sysconfdir}/pki/tls/certs/Makefile |
319 |
|
|
%{_bindir}/* |
320 |
tv |
1020393 |
%exclude %{_bindir}/c_rehash |
321 |
guillomovitch |
191620 |
%{_mandir}/man[157]/* |
322 |
blino |
733 |
|
323 |
|
|
%files -n %{libname} |
324 |
|
|
%doc FAQ INSTALL LICENSE NEWS PROBLEMS README* |
325 |
fwang |
257304 |
%{_libdir}/lib*.so.%{maj} |
326 |
blino |
733 |
|
327 |
|
|
%files -n %{engines_name} |
328 |
guillomovitch |
311668 |
%{_libdir}/openssl |
329 |
blino |
733 |
|
330 |
|
|
%files -n %{develname} |
331 |
|
|
%doc CHANGES doc/* devel-doc-info/README* |
332 |
guillomovitch |
191620 |
%dir %{_includedir}/openssl |
333 |
blino |
733 |
%multiarch %{multiarch_includedir}/openssl/opensslconf.h |
334 |
guillomovitch |
191620 |
%{_includedir}/openssl/* |
335 |
|
|
%{_libdir}/lib*.so |
336 |
|
|
%{_mandir}/man3/* |
337 |
|
|
%{_libdir}/pkgconfig/* |
338 |
blino |
733 |
|
339 |
|
|
%files -n %{staticname} |
340 |
fwang |
395433 |
%{_libdir}/lib*.a |
341 |
tv |
1020393 |
|
342 |
|
|
%files perl |
343 |
|
|
%defattr(-,root,root) |
344 |
|
|
%attr(0755,root,root) %{_bindir}/c_rehash |
345 |
|
|
%attr(0644,root,root) %{_mandir}/man1*/*.pl* |
346 |
|
|
%{_sysconfdir}/pki/tls/misc/*.pl |
347 |
|
|
%{_sysconfdir}/pki/tls/misc/tsget |