current/SPECS/openssl.spec

%define maj     1.1
%define libname     %mklibname openssl %{maj}
%define develname   %mklibname openssl -d
%define staticname  %mklibname openssl -s -d

%define with_krb5   0

Summary:    Secure Sockets Layer communications libs & utils
Name:       openssl
Version:    1.1.1d
Release:    %mkrel 1
License:    BSD-like
Group:      System/Libraries
URL:        http://www.openssl.org/
Source0:    http://www.openssl.org/source/%{name}-%{version}.tar.gz
Source1:    http://www.openssl.org/source/%{name}-%{version}.tar.gz.asc
Source2:    Makefile.certificate
Source4:    openssl-thread-test.c
Source6:    make-dummy-cert
Source7:    renew-dummy-cert
Source12:   ec_curve.c
Source13:   ectest.c

# fedora patches
Patch1:     openssl-1.1.1-build.patch
Patch2:     openssl-1.1.1-defaults.patch
Patch3:     openssl-1.1.0-no-html.patch
Patch4:     openssl-1.1.1-man-rename.patch
Patch21:    openssl-1.1.0-issuer-hash.patch
Patch31:    openssl-1.1.1-conf-paths.patch
Patch32:    openssl-1.1.1-version-add-engines.patch
Patch33:    openssl-1.1.1-apps-dgst.patch
Patch36:    openssl-1.1.1-no-brainpool.patch
Patch37:    openssl-1.1.1-ec-curves.patch
Patch38:    openssl-1.1.1-no-weak-verify.patch
Patch40:    openssl-1.1.1-disable-ssl3.patch
Patch41:    openssl-1.1.1-system-cipherlist.patch
Patch43:    openssl-1.1.1-ignore-bound.patch
Patch45:    openssl-1.1.1-weak-ciphers.patch
Patch46:    openssl-1.1.1-seclevel.patch
Patch47:    openssl-1.1.1-ts-sha256-default.patch
Patch49:    openssl-1.1.1-evp-kdf.patch
Patch50:    openssl-1.1.1-ssh-kdf.patch
# Backported fixes including security fixes
Patch54:    openssl-1.1.1-regression-fixes.patch

# MIPS and ARM support
Patch300:   openssl-1.0.2a-mips.patch
Patch301:   openssl-1.0.2a-arm.patch

Requires:   %{libname} = %{version}-%{release}
Requires:   rootcerts
%if %with_krb5
BuildRequires:  krb5-devel
%endif
BuildRequires:  multiarch-utils >= 1.0.3
BuildRequires:  chrpath
BuildRequires:  pkgconfig(zlib)
BuildRequires:  pkgconfig(libsctp)
# (tv) for test suite:
BuildRequires:  bc

%description
The openssl certificate management tool and the shared libraries that provide
various encryption and decription algorithms and protocols, including DES, RC4,
RSA and SSL.

%package -n %{libname}
Summary:    Secure Sockets Layer communications libs
Group:      System/Libraries
Requires:   crypto-policies
Provides:   %{libname} = %{version}-%{release}

%description -n %{libname}
The libraries files are needed for various cryptographic algorithms
and protocols, including DES, RC4, RSA and SSL.

%package -n %{develname}
Summary:    Secure Sockets Layer communications libs & headers & utils
Group:      Development/Other
Requires:   %{libname} = %{version}-%{release}
Provides:   libopenssl-devel
Provides:   %{name}-devel = %{version}-%{release}
Obsoletes:  %{mklibname openssl 1.0.0}-devel

%description -n %{develname}
The libraries and include files needed to compile apps with support
for various cryptographic algorithms and protocols, including DES, RC4, RSA
and SSL.

%package -n %{staticname}
Summary:    Secure Sockets Layer communications static libs
Group:      Development/Other
Requires:   %{develname} = %{version}-%{release}
Provides:   libopenssl-static-devel
Provides:   %{name}-static-devel = %{version}-%{release}
Obsoletes:  %{mklibname openssl 1.0.0}-static-devel

%description -n %{staticname}
The static libraries needed to compile apps with support for various
cryptographic algorithms and protocols, including DES, RC4, RSA and SSL.

%package    perl
Summary:    Perl scripts provided with OpenSSL
Group:      System/Libraries
Requires:   %{name}%{?_isa} = %{version}-%{release}
Conflicts:  %name <= 1.0.2h-1.mga6

%description    perl
OpenSSL is a toolkit for supporting cryptography. The openssl-perl
package provides Perl scripts for converting certificates and keys
from other formats to the formats used by the OpenSSL toolkit.

%prep
%setup -q

cp %{SOURCE12} crypto/ec/
cp %{SOURCE13} test/

%patch1 -p1 -b .build
%patch2 -p1 -b .default
%patch3 -p1 -b .no-html
%patch4 -p1 -b .man-rename

%patch21 -p1 -b .issuer-hash

%patch31 -p1 -b .ca-dir
%patch32 -p1 -b .version-add-engines
%patch33 -p1 -b .dgst
%patch36 -p1 -b .no-brainpool
%patch37 -p1 -b .curves
%patch38 -p1 -b .no-weak-verify
%patch40 -p1 -b .disable-ssl3
%patch41 -p1 -b .system-cipherlist
%patch43 -p1 -b .ignore-bound
%patch45 -p1 -b .weak-ciphers
%patch46 -p1 -b .seclevel
%patch47 -p1 -b .ts-sha256-defaul
%patch49 -p1 -b .evp-kdf
%patch50 -p1 -b .ssh-kdf
%patch54 -p1 -b .regression

#perl -pi -e "s,^(OPENSSL_LIBNAME=).+$,\1%{_lib}," Makefile.org engines/Makefile

%build
%serverbuild

# Figure out which flags we want to use.
# default
sslarch=%{_os}-%{_target_cpu}
%ifarch %ix86
sslarch=linux-elf
if ! echo %{_target} | grep -q i[56]86 ; then
    sslflags="no-asm 386"
fi
%endif
%ifarch x86_64
sslflags=enable-ec_nistp_64_gcc_128
%endif
%ifarch %{arm}
sslarch=linux-armv4
%endif

# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
# marked as not requiring an executable stack.
# Also add -DPURIFY to make using valgrind with openssl easier as we do not
# want to depend on the uninitialized memory as a source of entropy anyway.
RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -Wa,--generate-missing-build-notes=yes -DPURIFY $RPM_LD_FLAGS"

# ia64, x86_64, ppc, ppc64 are OK by default
# Configure the build tree.  Override OpenSSL defaults with known-good defaults
# usable on all platforms.  The Configure script already knows to use -fPIC and
# RPM_OPT_FLAGS, so we can skip specifiying them here.
./Configure \
    --prefix=%{_prefix} \
    --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
    --system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \
%if %with_krb5
    --with-krb5-flavor=MIT --with-krb5-dir=%{_prefix} \
%endif
     zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
     enable-cms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method \
     enable-weak-ssl-ciphers \
     no-mdc2 no-ec2m no-sm2 no-sm4 \
     shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\""'

util/mkdef.pl crypto update

make all

%check
%ifnarch %ix86

(sysctl net.sctp.addip_enable=1 && sysctl net.sctp.auth_enable=1) || \
(echo 'Failed to enable SCTP AUTH chunks, disabling SCTP for tests...' &&
 sed '/"zlib-dynamic" => "default",/a\ \ "sctp" => "default",' configdata.pm > configdata.pm.new && \
 touch -r configdata.pm configdata.pm.new && \
 mv -f configdata.pm.new configdata.pm)

# We must revert patch31 before tests otherwise they will fail
patch -p1 -R < %{PATCH31}

export LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
export OPENSSL_ENABLE_MD5_VERIFY=
export OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file

make test
%endif

%install
%make_install

# make the rootcerts dir
install -d %{buildroot}%{_sysconfdir}/pki/tls/rootcerts

# Install a makefile for generating keys and self-signed certs, and a script
# for generating them on the fly.
mkdir -p %{buildroot}%{_sysconfdir}/pki/tls/certs
install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pki/tls/certs/Makefile
install -m 755 %{SOURCE6} %{buildroot}%{_bindir}/make-dummy-cert
install -m 755 %{SOURCE7} %{buildroot}%{_bindir}/renew-dummy-cert

# Move runable perl scripts to bindir
mv %{buildroot}%{_sysconfdir}/pki/tls/misc/*.pl %{buildroot}%{_bindir}
mv %{buildroot}%{_sysconfdir}/pki/tls/misc/tsget %{buildroot}%{_bindir}

install -d %{buildroot}%{_sysconfdir}/pki/CA
install -d %{buildroot}%{_sysconfdir}/pki/CA/private
install -d %{buildroot}%{_sysconfdir}/pki/CA/certs
install -d %{buildroot}%{_sysconfdir}/pki/CA/crl
install -d %{buildroot}%{_sysconfdir}/pki/CA/newcerts

rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf.dist
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf.dist

# fix man pages conflicts with other packages
for i in passwd rand ; do
    mv %{buildroot}%{_mandir}/man1/$i.1 %{buildroot}%{_mandir}/man1/ssl-$i.1
done

%multiarch_includes %{buildroot}%{_includedir}/openssl/opensslconf.h

# nuke rpath
chrpath -d %{buildroot}%{_bindir}/openssl

# Fix libdir.
for i in %{buildroot}%{_libdir}/pkgconfig/*.pc; do
    sed -i 's,^libdir=${exec_prefix}/lib$,libdir=${exec_prefix}/%{_lib},g' $i
done

# adjust ssldir
perl -pi -e "s|^\\\$CATOP\=\".*|\\\$CATOP\=\"%{_sysconfdir}/pki/tls\";|g" %{buildroot}%{_bindir}/CA.pl
perl -pi -e "s|\./demoCA|%{_sysconfdir}/pki/tls|g" %{buildroot}%{_sysconfdir}/pki/tls/openssl.cnf

%files
%doc FAQ INSTALL LICENSE NEWS README*
%dir %{_sysconfdir}/pki
%dir %{_sysconfdir}/pki/tls
%dir %{_sysconfdir}/pki/tls/certs
%dir %{_sysconfdir}/pki/tls/misc
%dir %{_sysconfdir}/pki/tls/private
%dir %{_sysconfdir}/pki/tls/rootcerts
%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
%config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf
%{_sysconfdir}/pki/tls/certs/Makefile
%{_bindir}/make-dummy-cert
%{_bindir}/renew-dummy-cert
%{_bindir}/openssl
%{_mandir}/man[157]/*
%exclude %{_mandir}/man1*/*rehash*
%exclude %{_mandir}/man1*/*.pl*
%exclude %{_mandir}/man1*/*tsget*

%files -n %{libname}
%doc FAQ LICENSE NEWS README*
%{_libdir}/lib*.so.%{maj}
%{_libdir}/engines-%{maj}

%files -n %{develname}
%doc CHANGES doc/*
%dir %{_includedir}/openssl
%multiarch %{multiarch_includedir}/openssl/opensslconf.h
%{_includedir}/openssl
%{_libdir}/lib*.so
%{_mandir}/man3/*
%{_libdir}/pkgconfig/*.pc

%files -n %{staticname}
%{_libdir}/lib*.a

%files perl
%{_bindir}/c_rehash
%{_bindir}/*.pl
%{_bindir}/tsget
%{_mandir}/man1*/*rehash*
%{_mandir}/man1*/*.pl*
%{_mandir}/man1*/*tsget*
%dir %{_sysconfdir}/pki/CA
%dir %{_sysconfdir}/pki/CA/private
%dir %{_sysconfdir}/pki/CA/certs
%dir %{_sysconfdir}/pki/CA/crl
%dir %{_sysconfdir}/pki/CA/newcerts
1	guillomovitch	1431659	%define maj 1.1
2			%define libname %mklibname openssl %{maj}
3			%define develname %mklibname openssl -d
4			%define staticname %mklibname openssl -s -d
5	blino	733
6	guillomovitch	1431659	%define with_krb5 0
7	blino	733
8	guillomovitch	1431659	Summary: Secure Sockets Layer communications libs & utils
9			Name: openssl
10	ns80	1462888	Version: 1.1.1d
11	guillomovitch	1431659	Release: %mkrel 1
12			License: BSD-like
13			Group: System/Libraries
14			URL: http://www.openssl.org/
15			Source0: http://www.openssl.org/source/%{name}-%{version}.tar.gz
16			Source1: http://www.openssl.org/source/%{name}-%{version}.tar.gz.asc
17			Source2: Makefile.certificate
18			Source4: openssl-thread-test.c
19			Source6: make-dummy-cert
20			Source7: renew-dummy-cert
21			Source12: ec_curve.c
22			Source13: ectest.c
23	blino	733
24	guillomovitch	256937	# fedora patches
25	guillomovitch	1431659	Patch1: openssl-1.1.1-build.patch
26			Patch2: openssl-1.1.1-defaults.patch
27			Patch3: openssl-1.1.0-no-html.patch
28			Patch4: openssl-1.1.1-man-rename.patch
29			Patch21: openssl-1.1.0-issuer-hash.patch
30			Patch31: openssl-1.1.1-conf-paths.patch
31			Patch32: openssl-1.1.1-version-add-engines.patch
32			Patch33: openssl-1.1.1-apps-dgst.patch
33			Patch36: openssl-1.1.1-no-brainpool.patch
34			Patch37: openssl-1.1.1-ec-curves.patch
35			Patch38: openssl-1.1.1-no-weak-verify.patch
36			Patch40: openssl-1.1.1-disable-ssl3.patch
37			Patch41: openssl-1.1.1-system-cipherlist.patch
38			Patch43: openssl-1.1.1-ignore-bound.patch
39			Patch45: openssl-1.1.1-weak-ciphers.patch
40			Patch46: openssl-1.1.1-seclevel.patch
41			Patch47: openssl-1.1.1-ts-sha256-default.patch
42			Patch49: openssl-1.1.1-evp-kdf.patch
43			Patch50: openssl-1.1.1-ssh-kdf.patch
44			# Backported fixes including security fixes
45			Patch54: openssl-1.1.1-regression-fixes.patch
46	guillomovitch	256937
47	blino	733	# MIPS and ARM support
48	guillomovitch	1431659	Patch300: openssl-1.0.2a-mips.patch
49			Patch301: openssl-1.0.2a-arm.patch
50	wally	1228710
51	guillomovitch	1431659	Requires: %{libname} = %{version}-%{release}
52			Requires: rootcerts
53	guillomovitch	337573	%if %with_krb5
54	guillomovitch	1431659	BuildRequires: krb5-devel
55	guillomovitch	337573	%endif
56	guillomovitch	1431659	BuildRequires: multiarch-utils >= 1.0.3
57			BuildRequires: chrpath
58			BuildRequires: pkgconfig(zlib)
59			BuildRequires: pkgconfig(libsctp)
60	blino	733	# (tv) for test suite:
61	guillomovitch	1431659	BuildRequires: bc
62	blino	733
63			%description
64			The openssl certificate management tool and the shared libraries that provide
65			various encryption and decription algorithms and protocols, including DES, RC4,
66			RSA and SSL.
67
68	guillomovitch	1431659	%package -n %{libname}
69			Summary: Secure Sockets Layer communications libs
70			Group: System/Libraries
71			Requires: crypto-policies
72			Provides: %{libname} = %{version}-%{release}
73	blino	733
74	guillomovitch	1431659	%description -n %{libname}
75	blino	733	The libraries files are needed for various cryptographic algorithms
76			and protocols, including DES, RC4, RSA and SSL.
77
78	guillomovitch	1431659	%package -n %{develname}
79			Summary: Secure Sockets Layer communications libs & headers & utils
80			Group: Development/Other
81			Requires: %{libname} = %{version}-%{release}
82			Provides: libopenssl-devel
83			Provides: %{name}-devel = %{version}-%{release}
84			Obsoletes: %{mklibname openssl 1.0.0}-devel
85	blino	733
86	guillomovitch	1431659	%description -n %{develname}
87	blino	733	The libraries and include files needed to compile apps with support
88			for various cryptographic algorithms and protocols, including DES, RC4, RSA
89			and SSL.
90
91	guillomovitch	1431659	%package -n %{staticname}
92			Summary: Secure Sockets Layer communications static libs
93			Group: Development/Other
94			Requires: %{develname} = %{version}-%{release}
95			Provides: libopenssl-static-devel
96			Provides: %{name}-static-devel = %{version}-%{release}
97			Obsoletes: %{mklibname openssl 1.0.0}-static-devel
98	blino	733
99	guillomovitch	1431659	%description -n %{staticname}
100	blino	733	The static libraries needed to compile apps with support for various
101			cryptographic algorithms and protocols, including DES, RC4, RSA and SSL.
102
103	guillomovitch	1431659	%package perl
104			Summary: Perl scripts provided with OpenSSL
105			Group: System/Libraries
106			Requires: %{name}%{?_isa} = %{version}-%{release}
107			Conflicts: %name <= 1.0.2h-1.mga6
108	tv	1020393
109	guillomovitch	1431659	%description perl
110	tv	1020393	OpenSSL is a toolkit for supporting cryptography. The openssl-perl
111			package provides Perl scripts for converting certificates and keys
112			from other formats to the formats used by the OpenSSL toolkit.
113
114	blino	733	%prep
115	ovitters	877880	%setup -q
116	guillomovitch	1133938
117			cp %{SOURCE12} crypto/ec/
118			cp %{SOURCE13} test/
119
120	guillomovitch	1431659	%patch1 -p1 -b .build
121			%patch2 -p1 -b .default
122	guillomovitch	1133938	%patch3 -p1 -b .no-html
123	guillomovitch	1431659	%patch4 -p1 -b .man-rename
124	blino	733
125	guillomovitch	1133938	%patch21 -p1 -b .issuer-hash
126	guillomovitch	1431659
127	guillomovitch	1133938	%patch31 -p1 -b .ca-dir
128			%patch32 -p1 -b .version-add-engines
129			%patch33 -p1 -b .dgst
130	guillomovitch	1431659	%patch36 -p1 -b .no-brainpool
131	guillomovitch	1133938	%patch37 -p1 -b .curves
132	guillomovitch	1431659	%patch38 -p1 -b .no-weak-verify
133	guillomovitch	1133938	%patch40 -p1 -b .disable-ssl3
134			%patch41 -p1 -b .system-cipherlist
135	guillomovitch	1431659	%patch43 -p1 -b .ignore-bound
136	guillomovitch	1133938	%patch45 -p1 -b .weak-ciphers
137	guillomovitch	1431659	%patch46 -p1 -b .seclevel
138			%patch47 -p1 -b .ts-sha256-defaul
139			%patch49 -p1 -b .evp-kdf
140			%patch50 -p1 -b .ssh-kdf
141			%patch54 -p1 -b .regression
142	blino	733
143	guillomovitch	1133938	#perl -pi -e "s,^(OPENSSL_LIBNAME=).+$,\1%{_lib}," Makefile.org engines/Makefile
144	blino	733
145	akien	1104774	%build
146	blino	733	%serverbuild
147
148			# Figure out which flags we want to use.
149			# default
150	guillomovitch	1133938	sslarch=%{_os}-%{_target_cpu}
151	blino	733	%ifarch %ix86
152			sslarch=linux-elf
153			if ! echo %{_target} \| grep -q i[56]86 ; then
154	guillomovitch	1133938	sslflags="no-asm 386"
155	blino	733	fi
156			%endif
157	guillomovitch	1133938	%ifarch x86_64
158			sslflags=enable-ec_nistp_64_gcc_128
159	blino	733	%endif
160	guillomovitch	1133938	%ifarch %{arm}
161			sslarch=linux-armv4
162	blino	733	%endif
163
164	guillomovitch	1133938	# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
165			# marked as not requiring an executable stack.
166			# Also add -DPURIFY to make using valgrind with openssl easier as we do not
167			# want to depend on the uninitialized memory as a source of entropy anyway.
168	guillomovitch	1431659	RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -Wa,--generate-missing-build-notes=yes -DPURIFY $RPM_LD_FLAGS"
169	guillomovitch	1133938
170	blino	733	# ia64, x86_64, ppc, ppc64 are OK by default
171			# Configure the build tree. Override OpenSSL defaults with known-good defaults
172			# usable on all platforms. The Configure script already knows to use -fPIC and
173			# RPM_OPT_FLAGS, so we can skip specifiying them here.
174			./Configure \
175	guillomovitch	256937	--prefix=%{_prefix} \
176	blino	733	--openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
177	guillomovitch	1133938	--system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \
178	guillomovitch	337573	%if %with_krb5
179	guillomovitch	256938	--with-krb5-flavor=MIT --with-krb5-dir=%{_prefix} \
180	guillomovitch	337573	%endif
181	guillomovitch	1431659	zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
182	guillomovitch	1133938	enable-cms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method \
183	guillomovitch	1431659	enable-weak-ssl-ciphers \
184			no-mdc2 no-ec2m no-sm2 no-sm4 \
185			shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\""'
186	blino	733
187	guillomovitch	1133938	util/mkdef.pl crypto update
188	blino	733
189	guillomovitch	1133938	make all
190	blino	733
191			%check
192	guillomovitch	1431659	%ifnarch %ix86
193	guillomovitch	1133938
194	guillomovitch	1431659	(sysctl net.sctp.addip_enable=1 && sysctl net.sctp.auth_enable=1) \|\| \
195			(echo 'Failed to enable SCTP AUTH chunks, disabling SCTP for tests...' &&
196			sed '/"zlib-dynamic" => "default",/a\ \ "sctp" => "default",' configdata.pm > configdata.pm.new && \
197			touch -r configdata.pm configdata.pm.new && \
198			mv -f configdata.pm.new configdata.pm)
199
200	guillomovitch	1133938	# We must revert patch31 before tests otherwise they will fail
201			patch -p1 -R < %{PATCH31}
202
203	blino	733	export LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
204	guillomovitch	1133938	export OPENSSL_ENABLE_MD5_VERIFY=
205	guillomovitch	1431659	export OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file
206	blino	733
207	ns80	1256515	make test
208			%endif
209	blino	733
210			%install
211	guillomovitch	1133938	%make_install
212	blino	733
213			# make the rootcerts dir
214			install -d %{buildroot}%{_sysconfdir}/pki/tls/rootcerts
215
216			# Install a makefile for generating keys and self-signed certs, and a script
217			# for generating them on the fly.
218	guillomovitch	1133938	mkdir -p %{buildroot}%{_sysconfdir}/pki/tls/certs
219			install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pki/tls/certs/Makefile
220			install -m 755 %{SOURCE6} %{buildroot}%{_bindir}/make-dummy-cert
221			install -m 755 %{SOURCE7} %{buildroot}%{_bindir}/renew-dummy-cert
222	blino	733
223	guillomovitch	1133938	# Move runable perl scripts to bindir
224			mv %{buildroot}%{_sysconfdir}/pki/tls/misc/*.pl %{buildroot}%{_bindir}
225			mv %{buildroot}%{_sysconfdir}/pki/tls/misc/tsget %{buildroot}%{_bindir}
226	blino	733
227			install -d %{buildroot}%{_sysconfdir}/pki/CA
228			install -d %{buildroot}%{_sysconfdir}/pki/CA/private
229	guillomovitch	1133938	install -d %{buildroot}%{_sysconfdir}/pki/CA/certs
230			install -d %{buildroot}%{_sysconfdir}/pki/CA/crl
231			install -d %{buildroot}%{_sysconfdir}/pki/CA/newcerts
232	blino	733
233	guillomovitch	1133938	rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf.dist
234	guillomovitch	1431659	rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf.dist
235	blino	733
236	guillomovitch	1133938	# fix man pages conflicts with other packages
237			for i in passwd rand ; do
238			mv %{buildroot}%{_mandir}/man1/$i.1 %{buildroot}%{_mandir}/man1/ssl-$i.1
239	blino	733	done
240
241			%multiarch_includes %{buildroot}%{_includedir}/openssl/opensslconf.h
242
243			# nuke rpath
244			chrpath -d %{buildroot}%{_bindir}/openssl
245
246			# Fix libdir.
247	guillomovitch	1133938	for i in %{buildroot}%{_libdir}/pkgconfig/*.pc; do
248	guillomovitch	1431659	sed -i 's,^libdir=${exec_prefix}/lib$,libdir=${exec_prefix}/%{_lib},g' $i
249	guillomovitch	1133938	done
250	blino	733
251			# adjust ssldir
252	guillomovitch	1133938	perl -pi -e "s\|^\\\$CATOP\=\".*\|\\\$CATOP\=\"%{_sysconfdir}/pki/tls\";\|g" %{buildroot}%{_bindir}/CA.pl
253	blino	733	perl -pi -e "s\|\./demoCA\|%{_sysconfdir}/pki/tls\|g" %{buildroot}%{_sysconfdir}/pki/tls/openssl.cnf
254
255	akien	1104774	%files
256	guillomovitch	1133938	%doc FAQ INSTALL LICENSE NEWS README*
257	blino	733	%dir %{_sysconfdir}/pki
258			%dir %{_sysconfdir}/pki/tls
259			%dir %{_sysconfdir}/pki/tls/certs
260			%dir %{_sysconfdir}/pki/tls/misc
261			%dir %{_sysconfdir}/pki/tls/private
262			%dir %{_sysconfdir}/pki/tls/rootcerts
263	guillomovitch	191620	%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
264	guillomovitch	1431659	%config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf
265	guillomovitch	191620	%{_sysconfdir}/pki/tls/certs/Makefile
266	guillomovitch	1133938	%{_bindir}/make-dummy-cert
267			%{_bindir}/renew-dummy-cert
268			%{_bindir}/openssl
269	guillomovitch	191620	%{_mandir}/man[157]/*
270	daviddavid	1206027	%exclude %{_mandir}/man1/rehash*
271	guillomovitch	1133938	%exclude %{_mandir}/man1/.pl*
272	daviddavid	1204885	%exclude %{_mandir}/man1/tsget*
273	blino	733
274			%files -n %{libname}
275	guillomovitch	1133938	%doc FAQ LICENSE NEWS README*
276	fwang	257304	%{_libdir}/lib*.so.%{maj}
277	guillomovitch	1133938	%{_libdir}/engines-%{maj}
278	blino	733
279			%files -n %{develname}
280	guillomovitch	1133938	%doc CHANGES doc/*
281	guillomovitch	191620	%dir %{_includedir}/openssl
282	blino	733	%multiarch %{multiarch_includedir}/openssl/opensslconf.h
283	guillomovitch	1133938	%{_includedir}/openssl
284	guillomovitch	191620	%{_libdir}/lib*.so
285			%{_mandir}/man3/*
286	guillomovitch	1133938	%{_libdir}/pkgconfig/*.pc
287	blino	733
288			%files -n %{staticname}
289	fwang	395433	%{_libdir}/lib*.a
290	tv	1020393
291			%files perl
292	guillomovitch	1133938	%{_bindir}/c_rehash
293			%{_bindir}/*.pl
294			%{_bindir}/tsget
295	daviddavid	1206027	%{_mandir}/man1/rehash*
296	guillomovitch	1133938	%{_mandir}/man1/.pl*
297	daviddavid	1204885	%{_mandir}/man1/tsget*
298	guillomovitch	1133938	%dir %{_sysconfdir}/pki/CA
299			%dir %{_sysconfdir}/pki/CA/private
300			%dir %{_sysconfdir}/pki/CA/certs
301			%dir %{_sysconfdir}/pki/CA/crl
302			%dir %{_sysconfdir}/pki/CA/newcerts