current/SPECS/openssl.spec

%define maj 1.1
%define libname %mklibname openssl %{maj}
%define develname %mklibname openssl -d
%define staticname %mklibname openssl -s -d

%define conflict1 %mklibname openssl 0.9.7
%define conflict2 %mklibname openssl 0.9.8

%define with_krb5 0

Summary:        Secure Sockets Layer communications libs & utils
Name:           openssl
Version:        1.1.0f
Release:        %mkrel 1
License:        BSD-like
Group:          System/Libraries
URL:            http://www.openssl.org/
Source0:        http://www.openssl.org/source/%{name}-%{version}.tar.gz
Source1:        http://www.openssl.org/source/%{name}-%{version}.tar.gz.asc
Source2:        Makefile.certificate
Source4:        openssl-thread-test.c
Source6:    make-dummy-cert
Source7:    renew-dummy-cert
Source12:   ec_curve.c
Source13:   ectest.c
# (oe) support Brazilian Government OTHERNAME X509v3 field (#14158)
# http://www.iti.gov.br/resolucoes/RESOLU__O_13_DE_26_04_2002.PDF
Patch6:         openssl-1.0.2l-icpbrasil.diff

# fedora patches
Patch1: openssl-1.1.0-build.patch
Patch3: openssl-1.1.0-no-html.patch
Patch21: openssl-1.1.0-issuer-hash.patch
Patch22: openssl-1.1.0-algo-doc.patch
Patch23: openssl-1.1.0-manfix.patch
Patch31: openssl-1.1.0-ca-dir.patch
Patch32: openssl-1.1.0-version-add-engines.patch
Patch33: openssl-1.1.0-apps-dgst.patch
Patch34: openssl-1.1.0-starttls-xmpp.patch
Patch35: openssl-1.1.0-chil-fixes.patch
Patch36: openssl-1.1.0-secure-getenv.patch
Patch37: openssl-1.1.0-ec-curves.patch
Patch38: openssl-1.1.0-no-weak-verify.patch
Patch39: openssl-1.1.0-cc-reqs.patch
Patch40: openssl-1.1.0-disable-ssl3.patch
Patch41: openssl-1.1.0-system-cipherlist.patch
Patch43: openssl-1.1.0-afalg-eventfd2.patch
Patch44: openssl-1.1.0-bio-fd-preserve-nl.patch
Patch45: openssl-1.1.0-weak-ciphers.patch
Patch70: openssl-1.1.0-thread-local.patch
Patch71: openssl-1.1.0-dtls-failure.patch

# MIPS and ARM support
Patch300:       openssl-1.0.2a-mips.patch
Patch301:       openssl-1.0.2a-arm.patch
Requires:       %{libname} = %{version}-%{release}
Requires:       rootcerts
%if %with_krb5
BuildRequires: krb5-devel
%endif
BuildRequires:  multiarch-utils >= 1.0.3
BuildRequires:  chrpath
BuildRequires:  pkgconfig(zlib)
BuildRequires:  sctp-devel
# (tv) for test suite:
BuildRequires:  bc

%description
The openssl certificate management tool and the shared libraries that provide
various encryption and decription algorithms and protocols, including DES, RC4,
RSA and SSL.

%package -n     %{libname}
Summary:        Secure Sockets Layer communications libs
Group:          System/Libraries
Requires:   crypto-policies
Provides:       %{libname} = %{version}-%{release}

%description -n %{libname}
The libraries files are needed for various cryptographic algorithms
and protocols, including DES, RC4, RSA and SSL.

%package -n     %{develname}
Summary:        Secure Sockets Layer communications libs & headers & utils
Group:          Development/Other
Requires:       %{libname} = %{version}-%{release}
Provides:       libopenssl-devel
Provides:       openssl-devel = %{version}-%{release}
# temporary opsolete, will be a conflict later. a compat package
# with openssl-0.9.7 devel libs will be provided soon
Obsoletes:      %{conflict1}-devel
Obsoletes:      %{conflict2}-devel
Obsoletes:      %{mklibname openssl 1.0.0}-devel
Provides:       %{name}-devel = %{version}-%{release}

%description -n %{develname}
The libraries and include files needed to compile apps with support
for various cryptographic algorithms and protocols, including DES, RC4, RSA
and SSL.

%package -n     %{staticname}
Summary:        Secure Sockets Layer communications static libs
Group:          Development/Other
Requires:       %{develname} = %{version}-%{release}
Provides:       libopenssl-static-devel
Provides:       openssl-static-devel = %{version}-%{release}
# temporary opsolete, will be a conflict later. a compat package
# with openssl-0.9.7 static-devel libs will be provided soon
Obsoletes:      %{conflict1}-static-devel
Obsoletes:      %{conflict2}-static-devel
Obsoletes:      %{mklibname openssl 1.0.0}-static-devel
Provides:       %{name}-static-devel = %{version}-%{release}

%description -n %{staticname}
The static libraries needed to compile apps with support for various
cryptographic algorithms and protocols, including DES, RC4, RSA and SSL.

%package perl
Summary: Perl scripts provided with OpenSSL
Group:   System/Libraries
Requires: %{name}%{?_isa} = %{version}-%{release}
Conflicts: %name <= 1.0.2h-1.mga6

%description perl
OpenSSL is a toolkit for supporting cryptography. The openssl-perl
package provides Perl scripts for converting certificates and keys
from other formats to the formats used by the OpenSSL toolkit.

%prep
%setup -q

cp %{SOURCE12} crypto/ec/
cp %{SOURCE13} test/

%patch1 -p1 -b .build 
%patch3 -p1 -b .no-html
%patch6 -p1 -b .icpbrasil

%patch21 -p1 -b .issuer-hash
%patch22 -p1 -b .algo-doc
%patch23 -p1 -b .manfix
%patch31 -p1 -b .ca-dir
%patch32 -p1 -b .version-add-engines
%patch33 -p1 -b .dgst
%patch34 -p1 -b .xmpp
%patch35 -p1 -b .chil
%patch36 -p1 -b .secure-getenv
%patch37 -p1 -b .curves
%patch38 -p1 -b .no-md5-verify
%patch39 -p1 -b .cc-reqs
%patch40 -p1 -b .disable-ssl3
%patch41 -p1 -b .system-cipherlist
%patch43 -p1 -b .eventfd2
%patch44 -p1 -b .preserve-nl
%patch45 -p1 -b .weak-ciphers
%patch70 -p1 -b .thread-local
%patch71 -p1 -b .dtls-failure

#patch300 -p1 -b .mips
#patch301 -p1 -b .arm

#perl -pi -e "s,^(OPENSSL_LIBNAME=).+$,\1%{_lib}," Makefile.org engines/Makefile

%build
%serverbuild

# Figure out which flags we want to use.
# default
sslarch=%{_os}-%{_target_cpu}
%ifarch %ix86
sslarch=linux-elf
if ! echo %{_target} | grep -q i[56]86 ; then
    sslflags="no-asm 386"
fi
%endif
%ifarch x86_64
sslflags=enable-ec_nistp_64_gcc_128
%endif
%ifarch %{arm}
sslarch=linux-armv4
%endif

# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
# marked as not requiring an executable stack.
# Also add -DPURIFY to make using valgrind with openssl easier as we do not
# want to depend on the uninitialized memory as a source of entropy anyway.
RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DPURIFY"

# ia64, x86_64, ppc, ppc64 are OK by default
# Configure the build tree.  Override OpenSSL defaults with known-good defaults
# usable on all platforms.  The Configure script already knows to use -fPIC and
# RPM_OPT_FLAGS, so we can skip specifiying them here.
./Configure \
    --prefix=%{_prefix} \
    --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
    --system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \
%if %with_krb5
    --with-krb5-flavor=MIT --with-krb5-dir=%{_prefix} \
%endif
     zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
     enable-cms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method \
     enable-weak-ssl-ciphers no-mdc2 no-ec2m shared ${sslarch} \
    $RPM_OPT_FLAGS

util/mkdef.pl crypto update

make all

%check
# Verify that what was compiled actually works.

# We must revert patch31 before tests otherwise they will fail
patch -p1 -R < %{PATCH31}

export LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
export OPENSSL_ENABLE_MD5_VERIFY=

make test

patch -p1 < %{PATCH31}

%install
%make_install

# make the rootcerts dir
install -d %{buildroot}%{_sysconfdir}/pki/tls/rootcerts

# Install a makefile for generating keys and self-signed certs, and a script
# for generating them on the fly.
mkdir -p %{buildroot}%{_sysconfdir}/pki/tls/certs
install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pki/tls/certs/Makefile
install -m 755 %{SOURCE6} %{buildroot}%{_bindir}/make-dummy-cert
install -m 755 %{SOURCE7} %{buildroot}%{_bindir}/renew-dummy-cert

# Move runable perl scripts to bindir
mv %{buildroot}%{_sysconfdir}/pki/tls/misc/*.pl %{buildroot}%{_bindir}
mv %{buildroot}%{_sysconfdir}/pki/tls/misc/tsget %{buildroot}%{_bindir}

install -d %{buildroot}%{_sysconfdir}/pki/CA
install -d %{buildroot}%{_sysconfdir}/pki/CA/private
install -d %{buildroot}%{_sysconfdir}/pki/CA/certs
install -d %{buildroot}%{_sysconfdir}/pki/CA/crl
install -d %{buildroot}%{_sysconfdir}/pki/CA/newcerts

rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf.dist

# fix man pages conflicts with other packages
for i in passwd rand ; do
    mv %{buildroot}%{_mandir}/man1/$i.1 %{buildroot}%{_mandir}/man1/ssl-$i.1
done

%multiarch_includes %{buildroot}%{_includedir}/openssl/opensslconf.h

# nuke rpath
chrpath -d %{buildroot}%{_bindir}/openssl

# Fix libdir.
for i in %{buildroot}%{_libdir}/pkgconfig/*.pc; do
        sed -i 's,^libdir=${exec_prefix}/lib$,libdir=${exec_prefix}/%{_lib},g' $i
done

# adjust ssldir
perl -pi -e "s|^\\\$CATOP\=\".*|\\\$CATOP\=\"%{_sysconfdir}/pki/tls\";|g" %{buildroot}%{_bindir}/CA.pl
perl -pi -e "s|\./demoCA|%{_sysconfdir}/pki/tls|g" %{buildroot}%{_sysconfdir}/pki/tls/openssl.cnf

%files
%doc FAQ INSTALL LICENSE NEWS README*
%dir %{_sysconfdir}/pki
%dir %{_sysconfdir}/pki/tls
%dir %{_sysconfdir}/pki/tls/certs
%dir %{_sysconfdir}/pki/tls/misc
%dir %{_sysconfdir}/pki/tls/private
%dir %{_sysconfdir}/pki/tls/rootcerts
%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
%{_sysconfdir}/pki/tls/certs/Makefile
%{_bindir}/make-dummy-cert
%{_bindir}/renew-dummy-cert
%{_bindir}/openssl
%{_mandir}/man[157]/*
%exclude %{_mandir}/man1*/c_rehash*
%exclude %{_mandir}/man1*/*.pl*
%exclude %{_mandir}/man1*/tsget*

%files -n %{libname}
%doc FAQ LICENSE NEWS README*
%{_libdir}/lib*.so.%{maj}
%{_libdir}/engines-%{maj}

%files -n %{develname}
%doc CHANGES doc/*
%dir %{_includedir}/openssl
%multiarch %{multiarch_includedir}/openssl/opensslconf.h
%{_includedir}/openssl
%{_libdir}/lib*.so
%{_mandir}/man3/*
%{_libdir}/pkgconfig/*.pc

%files -n %{staticname}
%{_libdir}/lib*.a

%files perl
%{_bindir}/c_rehash
%{_bindir}/*.pl
%{_bindir}/tsget
%{_mandir}/man1*/c_rehash*
%{_mandir}/man1*/*.pl*
%{_mandir}/man1*/tsget*
%dir %{_sysconfdir}/pki/CA
%dir %{_sysconfdir}/pki/CA/private
%dir %{_sysconfdir}/pki/CA/certs
%dir %{_sysconfdir}/pki/CA/crl
%dir %{_sysconfdir}/pki/CA/newcerts
1	guillomovitch	1133938	%define maj 1.1
2	blino	733	%define libname %mklibname openssl %{maj}
3			%define develname %mklibname openssl -d
4			%define staticname %mklibname openssl -s -d
5
6			%define conflict1 %mklibname openssl 0.9.7
7			%define conflict2 %mklibname openssl 0.9.8
8
9	guillomovitch	494272	%define with_krb5 0
10	blino	733
11			Summary: Secure Sockets Layer communications libs & utils
12			Name: openssl
13	guillomovitch	1133938	Version: 1.1.0f
14			Release: %mkrel 1
15	blino	733	License: BSD-like
16			Group: System/Libraries
17			URL: http://www.openssl.org/
18	fwang	394893	Source0: http://www.openssl.org/source/%{name}-%{version}.tar.gz
19			Source1: http://www.openssl.org/source/%{name}-%{version}.tar.gz.asc
20	blino	733	Source2: Makefile.certificate
21			Source4: openssl-thread-test.c
22	guillomovitch	1133938	Source6: make-dummy-cert
23			Source7: renew-dummy-cert
24			Source12: ec_curve.c
25			Source13: ectest.c
26	blino	733	# (oe) support Brazilian Government OTHERNAME X509v3 field (#14158)
27			# http://www.iti.gov.br/resolucoes/RESOLU__O_13_DE_26_04_2002.PDF
28	akien	1104774	Patch6: openssl-1.0.2l-icpbrasil.diff
29	guillomovitch	256937
30			# fedora patches
31	guillomovitch	1133938	Patch1: openssl-1.1.0-build.patch
32			Patch3: openssl-1.1.0-no-html.patch
33			Patch21: openssl-1.1.0-issuer-hash.patch
34			Patch22: openssl-1.1.0-algo-doc.patch
35			Patch23: openssl-1.1.0-manfix.patch
36			Patch31: openssl-1.1.0-ca-dir.patch
37			Patch32: openssl-1.1.0-version-add-engines.patch
38			Patch33: openssl-1.1.0-apps-dgst.patch
39			Patch34: openssl-1.1.0-starttls-xmpp.patch
40			Patch35: openssl-1.1.0-chil-fixes.patch
41			Patch36: openssl-1.1.0-secure-getenv.patch
42			Patch37: openssl-1.1.0-ec-curves.patch
43			Patch38: openssl-1.1.0-no-weak-verify.patch
44			Patch39: openssl-1.1.0-cc-reqs.patch
45			Patch40: openssl-1.1.0-disable-ssl3.patch
46			Patch41: openssl-1.1.0-system-cipherlist.patch
47			Patch43: openssl-1.1.0-afalg-eventfd2.patch
48			Patch44: openssl-1.1.0-bio-fd-preserve-nl.patch
49			Patch45: openssl-1.1.0-weak-ciphers.patch
50			Patch70: openssl-1.1.0-thread-local.patch
51			Patch71: openssl-1.1.0-dtls-failure.patch
52	guillomovitch	256937
53	blino	733	# MIPS and ARM support
54	luigiwalser	818950	Patch300: openssl-1.0.2a-mips.patch
55			Patch301: openssl-1.0.2a-arm.patch
56	blino	733	Requires: %{libname} = %{version}-%{release}
57			Requires: rootcerts
58	guillomovitch	337573	%if %with_krb5
59	guillomovitch	256938	BuildRequires: krb5-devel
60	guillomovitch	337573	%endif
61	blino	733	BuildRequires: multiarch-utils >= 1.0.3
62			BuildRequires: chrpath
63	ovitters	1145412	BuildRequires: pkgconfig(zlib)
64	guillomovitch	1133938	BuildRequires: sctp-devel
65	blino	733	# (tv) for test suite:
66			BuildRequires: bc
67
68			%description
69			The openssl certificate management tool and the shared libraries that provide
70			various encryption and decription algorithms and protocols, including DES, RC4,
71			RSA and SSL.
72
73			%package -n %{libname}
74			Summary: Secure Sockets Layer communications libs
75			Group: System/Libraries
76	guillomovitch	1133938	Requires: crypto-policies
77	blino	733	Provides: %{libname} = %{version}-%{release}
78
79			%description -n %{libname}
80			The libraries files are needed for various cryptographic algorithms
81			and protocols, including DES, RC4, RSA and SSL.
82
83			%package -n %{develname}
84			Summary: Secure Sockets Layer communications libs & headers & utils
85			Group: Development/Other
86			Requires: %{libname} = %{version}-%{release}
87			Provides: libopenssl-devel
88			Provides: openssl-devel = %{version}-%{release}
89			# temporary opsolete, will be a conflict later. a compat package
90			# with openssl-0.9.7 devel libs will be provided soon
91			Obsoletes: %{conflict1}-devel
92			Obsoletes: %{conflict2}-devel
93			Obsoletes: %{mklibname openssl 1.0.0}-devel
94			Provides: %{name}-devel = %{version}-%{release}
95
96			%description -n %{develname}
97			The libraries and include files needed to compile apps with support
98			for various cryptographic algorithms and protocols, including DES, RC4, RSA
99			and SSL.
100
101			%package -n %{staticname}
102			Summary: Secure Sockets Layer communications static libs
103			Group: Development/Other
104			Requires: %{develname} = %{version}-%{release}
105			Provides: libopenssl-static-devel
106			Provides: openssl-static-devel = %{version}-%{release}
107			# temporary opsolete, will be a conflict later. a compat package
108			# with openssl-0.9.7 static-devel libs will be provided soon
109			Obsoletes: %{conflict1}-static-devel
110			Obsoletes: %{conflict2}-static-devel
111			Obsoletes: %{mklibname openssl 1.0.0}-static-devel
112			Provides: %{name}-static-devel = %{version}-%{release}
113
114			%description -n %{staticname}
115			The static libraries needed to compile apps with support for various
116			cryptographic algorithms and protocols, including DES, RC4, RSA and SSL.
117
118	tv	1020393	%package perl
119			Summary: Perl scripts provided with OpenSSL
120			Group: System/Libraries
121			Requires: %{name}%{?_isa} = %{version}-%{release}
122			Conflicts: %name <= 1.0.2h-1.mga6
123
124			%description perl
125			OpenSSL is a toolkit for supporting cryptography. The openssl-perl
126			package provides Perl scripts for converting certificates and keys
127			from other formats to the formats used by the OpenSSL toolkit.
128
129	blino	733	%prep
130	ovitters	877880	%setup -q
131	guillomovitch	1133938
132			cp %{SOURCE12} crypto/ec/
133			cp %{SOURCE13} test/
134
135			%patch1 -p1 -b .build
136			%patch3 -p1 -b .no-html
137	akien	1104774	%patch6 -p1 -b .icpbrasil
138	blino	733
139	guillomovitch	1133938	%patch21 -p1 -b .issuer-hash
140			%patch22 -p1 -b .algo-doc
141			%patch23 -p1 -b .manfix
142			%patch31 -p1 -b .ca-dir
143			%patch32 -p1 -b .version-add-engines
144			%patch33 -p1 -b .dgst
145			%patch34 -p1 -b .xmpp
146			%patch35 -p1 -b .chil
147			%patch36 -p1 -b .secure-getenv
148			%patch37 -p1 -b .curves
149			%patch38 -p1 -b .no-md5-verify
150			%patch39 -p1 -b .cc-reqs
151			%patch40 -p1 -b .disable-ssl3
152			%patch41 -p1 -b .system-cipherlist
153			%patch43 -p1 -b .eventfd2
154			%patch44 -p1 -b .preserve-nl
155			%patch45 -p1 -b .weak-ciphers
156			%patch70 -p1 -b .thread-local
157			%patch71 -p1 -b .dtls-failure
158	blino	733
159	guillomovitch	1133938	#patch300 -p1 -b .mips
160			#patch301 -p1 -b .arm
161	blino	733
162	guillomovitch	1133938	#perl -pi -e "s,^(OPENSSL_LIBNAME=).+$,\1%{_lib}," Makefile.org engines/Makefile
163	blino	733
164	akien	1104774	%build
165	blino	733	%serverbuild
166
167			# Figure out which flags we want to use.
168			# default
169	guillomovitch	1133938	sslarch=%{_os}-%{_target_cpu}
170	blino	733	%ifarch %ix86
171			sslarch=linux-elf
172			if ! echo %{_target} \| grep -q i[56]86 ; then
173	guillomovitch	1133938	sslflags="no-asm 386"
174	blino	733	fi
175			%endif
176	guillomovitch	1133938	%ifarch x86_64
177			sslflags=enable-ec_nistp_64_gcc_128
178	blino	733	%endif
179	guillomovitch	1133938	%ifarch %{arm}
180			sslarch=linux-armv4
181	blino	733	%endif
182
183	guillomovitch	1133938	# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
184			# marked as not requiring an executable stack.
185			# Also add -DPURIFY to make using valgrind with openssl easier as we do not
186			# want to depend on the uninitialized memory as a source of entropy anyway.
187			RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DPURIFY"
188
189	blino	733	# ia64, x86_64, ppc, ppc64 are OK by default
190			# Configure the build tree. Override OpenSSL defaults with known-good defaults
191			# usable on all platforms. The Configure script already knows to use -fPIC and
192			# RPM_OPT_FLAGS, so we can skip specifiying them here.
193			./Configure \
194	guillomovitch	256937	--prefix=%{_prefix} \
195	blino	733	--openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
196	guillomovitch	1133938	--system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \
197	guillomovitch	337573	%if %with_krb5
198	guillomovitch	256938	--with-krb5-flavor=MIT --with-krb5-dir=%{_prefix} \
199	guillomovitch	337573	%endif
200	guillomovitch	1133938	zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
201			enable-cms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method \
202			enable-weak-ssl-ciphers no-mdc2 no-ec2m shared ${sslarch} \
203			$RPM_OPT_FLAGS
204	blino	733
205	guillomovitch	1133938	util/mkdef.pl crypto update
206	blino	733
207	guillomovitch	1133938	make all
208	blino	733
209			%check
210			# Verify that what was compiled actually works.
211	guillomovitch	1133938
212			# We must revert patch31 before tests otherwise they will fail
213			patch -p1 -R < %{PATCH31}
214
215	blino	733	export LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
216	guillomovitch	1133938	export OPENSSL_ENABLE_MD5_VERIFY=
217	blino	733
218	guillomovitch	1133938	make test
219	blino	733
220	guillomovitch	1133938	patch -p1 < %{PATCH31}
221	blino	733
222			%install
223	guillomovitch	1133938	%make_install
224	blino	733
225			# make the rootcerts dir
226			install -d %{buildroot}%{_sysconfdir}/pki/tls/rootcerts
227
228			# Install a makefile for generating keys and self-signed certs, and a script
229			# for generating them on the fly.
230	guillomovitch	1133938	mkdir -p %{buildroot}%{_sysconfdir}/pki/tls/certs
231			install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pki/tls/certs/Makefile
232			install -m 755 %{SOURCE6} %{buildroot}%{_bindir}/make-dummy-cert
233			install -m 755 %{SOURCE7} %{buildroot}%{_bindir}/renew-dummy-cert
234	blino	733
235	guillomovitch	1133938	# Move runable perl scripts to bindir
236			mv %{buildroot}%{_sysconfdir}/pki/tls/misc/*.pl %{buildroot}%{_bindir}
237			mv %{buildroot}%{_sysconfdir}/pki/tls/misc/tsget %{buildroot}%{_bindir}
238	blino	733
239			install -d %{buildroot}%{_sysconfdir}/pki/CA
240			install -d %{buildroot}%{_sysconfdir}/pki/CA/private
241	guillomovitch	1133938	install -d %{buildroot}%{_sysconfdir}/pki/CA/certs
242			install -d %{buildroot}%{_sysconfdir}/pki/CA/crl
243			install -d %{buildroot}%{_sysconfdir}/pki/CA/newcerts
244	blino	733
245	guillomovitch	1133938	rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf.dist
246	blino	733
247	guillomovitch	1133938	# fix man pages conflicts with other packages
248			for i in passwd rand ; do
249			mv %{buildroot}%{_mandir}/man1/$i.1 %{buildroot}%{_mandir}/man1/ssl-$i.1
250	blino	733	done
251
252			%multiarch_includes %{buildroot}%{_includedir}/openssl/opensslconf.h
253
254			# nuke rpath
255			chrpath -d %{buildroot}%{_bindir}/openssl
256
257			# Fix libdir.
258	guillomovitch	1133938	for i in %{buildroot}%{_libdir}/pkgconfig/*.pc; do
259			sed -i 's,^libdir=${exec_prefix}/lib$,libdir=${exec_prefix}/%{_lib},g' $i
260			done
261	blino	733
262			# adjust ssldir
263	guillomovitch	1133938	perl -pi -e "s\|^\\\$CATOP\=\".*\|\\\$CATOP\=\"%{_sysconfdir}/pki/tls\";\|g" %{buildroot}%{_bindir}/CA.pl
264	blino	733	perl -pi -e "s\|\./demoCA\|%{_sysconfdir}/pki/tls\|g" %{buildroot}%{_sysconfdir}/pki/tls/openssl.cnf
265
266	akien	1104774	%files
267	guillomovitch	1133938	%doc FAQ INSTALL LICENSE NEWS README*
268	blino	733	%dir %{_sysconfdir}/pki
269			%dir %{_sysconfdir}/pki/tls
270			%dir %{_sysconfdir}/pki/tls/certs
271			%dir %{_sysconfdir}/pki/tls/misc
272			%dir %{_sysconfdir}/pki/tls/private
273			%dir %{_sysconfdir}/pki/tls/rootcerts
274	guillomovitch	191620	%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
275			%{_sysconfdir}/pki/tls/certs/Makefile
276	guillomovitch	1133938	%{_bindir}/make-dummy-cert
277			%{_bindir}/renew-dummy-cert
278			%{_bindir}/openssl
279	guillomovitch	191620	%{_mandir}/man[157]/*
280	guillomovitch	1133938	%exclude %{_mandir}/man1/c_rehash
281			%exclude %{_mandir}/man1/.pl*
282			%exclude %{_mandir}/man1/tsget
283	blino	733
284			%files -n %{libname}
285	guillomovitch	1133938	%doc FAQ LICENSE NEWS README*
286	fwang	257304	%{_libdir}/lib*.so.%{maj}
287	guillomovitch	1133938	%{_libdir}/engines-%{maj}
288	blino	733
289			%files -n %{develname}
290	guillomovitch	1133938	%doc CHANGES doc/*
291	guillomovitch	191620	%dir %{_includedir}/openssl
292	blino	733	%multiarch %{multiarch_includedir}/openssl/opensslconf.h
293	guillomovitch	1133938	%{_includedir}/openssl
294	guillomovitch	191620	%{_libdir}/lib*.so
295			%{_mandir}/man3/*
296	guillomovitch	1133938	%{_libdir}/pkgconfig/*.pc
297	blino	733
298			%files -n %{staticname}
299	fwang	395433	%{_libdir}/lib*.a
300	tv	1020393
301			%files perl
302	guillomovitch	1133938	%{_bindir}/c_rehash
303			%{_bindir}/*.pl
304			%{_bindir}/tsget
305			%{_mandir}/man1/c_rehash
306			%{_mandir}/man1/.pl*
307			%{_mandir}/man1/tsget
308			%dir %{_sysconfdir}/pki/CA
309			%dir %{_sysconfdir}/pki/CA/private
310			%dir %{_sysconfdir}/pki/CA/certs
311			%dir %{_sysconfdir}/pki/CA/crl
312			%dir %{_sysconfdir}/pki/CA/newcerts