/[packages]/updates/8/openssl/current/SPECS/openssl.spec
ViewVC logotype

Contents of /updates/8/openssl/current/SPECS/openssl.spec

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1256515 - (show annotations) (download)
Mon Sep 3 08:38:55 2018 UTC (5 years, 6 months ago) by ns80
Original Path: cauldron/openssl/current/SPECS/openssl.spec
File size: 9603 byte(s)
- disable tests for i586 as it fails on BS

1 %define maj 1.1
2 %define libname %mklibname openssl %{maj}
3 %define develname %mklibname openssl -d
4 %define staticname %mklibname openssl -s -d
5
6 %define conflict1 %mklibname openssl 0.9.7
7 %define conflict2 %mklibname openssl 0.9.8
8
9 %define with_krb5 0
10
11 Summary: Secure Sockets Layer communications libs & utils
12 Name: openssl
13 Version: 1.1.0i
14 Release: %mkrel 2
15 License: BSD-like
16 Group: System/Libraries
17 URL: http://www.openssl.org/
18 Source0: http://www.openssl.org/source/%{name}-%{version}.tar.gz
19 Source1: http://www.openssl.org/source/%{name}-%{version}.tar.gz.asc
20 Source2: Makefile.certificate
21 Source4: openssl-thread-test.c
22 Source6: make-dummy-cert
23 Source7: renew-dummy-cert
24 Source12: ec_curve.c
25 Source13: ectest.c
26 # (oe) support Brazilian Government OTHERNAME X509v3 field (#14158)
27 # http://www.iti.gov.br/resolucoes/RESOLU__O_13_DE_26_04_2002.PDF
28 Patch6: openssl-1.0.2l-icpbrasil.diff
29
30 # fedora patches
31 Patch1: openssl-1.1.0-build.patch
32 Patch3: openssl-1.1.0-no-html.patch
33 Patch21: openssl-1.1.0-issuer-hash.patch
34 Patch22: openssl-1.1.0-algo-doc.patch
35 Patch23: openssl-1.1.0-manfix.patch
36 Patch31: openssl-1.1.0-ca-dir.patch
37 Patch32: openssl-1.1.0-version-add-engines.patch
38 Patch33: openssl-1.1.0-apps-dgst.patch
39 Patch34: openssl-1.1.0-starttls-xmpp.patch
40 Patch35: openssl-1.1.0-chil-fixes.patch
41 Patch36: openssl-1.1.0-secure-getenv.patch
42 Patch37: openssl-1.1.0-ec-curves.patch
43 Patch38: openssl-1.1.0-no-weak-verify.patch
44 Patch39: openssl-1.1.0-cc-reqs.patch
45 Patch40: openssl-1.1.0-disable-ssl3.patch
46 Patch41: openssl-1.1.0-system-cipherlist.patch
47 Patch44: openssl-1.1.0-bio-fd-preserve-nl.patch
48 Patch45: openssl-1.1.0-weak-ciphers.patch
49
50 # Upstream patches
51 # https://github.com/openssl/openssl/issues/5772
52 Patch100: 0001-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch
53
54 # MIPS and ARM support
55 Patch300: openssl-1.0.2a-mips.patch
56 Patch301: openssl-1.0.2a-arm.patch
57
58 Requires: %{libname} = %{version}-%{release}
59 Requires: rootcerts
60 %if %with_krb5
61 BuildRequires: krb5-devel
62 %endif
63 BuildRequires: multiarch-utils >= 1.0.3
64 BuildRequires: chrpath
65 BuildRequires: pkgconfig(zlib)
66 # (tv) for test suite:
67 BuildRequires: bc
68
69 %description
70 The openssl certificate management tool and the shared libraries that provide
71 various encryption and decription algorithms and protocols, including DES, RC4,
72 RSA and SSL.
73
74 %package -n %{libname}
75 Summary: Secure Sockets Layer communications libs
76 Group: System/Libraries
77 Requires: crypto-policies
78 Provides: %{libname} = %{version}-%{release}
79
80 %description -n %{libname}
81 The libraries files are needed for various cryptographic algorithms
82 and protocols, including DES, RC4, RSA and SSL.
83
84 %package -n %{develname}
85 Summary: Secure Sockets Layer communications libs & headers & utils
86 Group: Development/Other
87 Requires: %{libname} = %{version}-%{release}
88 Provides: libopenssl-devel
89 Provides: %{name}-devel = %{version}-%{release}
90 # temporary opsolete, will be a conflict later. a compat package
91 # with openssl-0.9.7 devel libs will be provided soon
92 Obsoletes: %{conflict1}-devel
93 Obsoletes: %{conflict2}-devel
94 Obsoletes: %{mklibname openssl 1.0.0}-devel
95
96 %description -n %{develname}
97 The libraries and include files needed to compile apps with support
98 for various cryptographic algorithms and protocols, including DES, RC4, RSA
99 and SSL.
100
101 %package -n %{staticname}
102 Summary: Secure Sockets Layer communications static libs
103 Group: Development/Other
104 Requires: %{develname} = %{version}-%{release}
105 Provides: libopenssl-static-devel
106 Provides: %{name}-static-devel = %{version}-%{release}
107 # temporary opsolete, will be a conflict later. a compat package
108 # with openssl-0.9.7 static-devel libs will be provided soon
109 Obsoletes: %{conflict1}-static-devel
110 Obsoletes: %{conflict2}-static-devel
111 Obsoletes: %{mklibname openssl 1.0.0}-static-devel
112
113 %description -n %{staticname}
114 The static libraries needed to compile apps with support for various
115 cryptographic algorithms and protocols, including DES, RC4, RSA and SSL.
116
117 %package perl
118 Summary: Perl scripts provided with OpenSSL
119 Group: System/Libraries
120 Requires: %{name}%{?_isa} = %{version}-%{release}
121 Conflicts: %name <= 1.0.2h-1.mga6
122
123 %description perl
124 OpenSSL is a toolkit for supporting cryptography. The openssl-perl
125 package provides Perl scripts for converting certificates and keys
126 from other formats to the formats used by the OpenSSL toolkit.
127
128 %prep
129 %setup -q
130
131 cp %{SOURCE12} crypto/ec/
132 cp %{SOURCE13} test/
133
134 %patch1 -p1 -b .build
135 %patch3 -p1 -b .no-html
136 %patch6 -p1 -b .icpbrasil
137
138 %patch21 -p1 -b .issuer-hash
139 %patch22 -p1 -b .algo-doc
140 %patch23 -p1 -b .manfix
141 %patch31 -p1 -b .ca-dir
142 %patch32 -p1 -b .version-add-engines
143 %patch33 -p1 -b .dgst
144 %patch34 -p1 -b .xmpp
145 %patch35 -p1 -b .chil
146 %patch36 -p1 -b .secure-getenv
147 %patch37 -p1 -b .curves
148 %patch38 -p1 -b .no-md5-verify
149 %patch39 -p1 -b .cc-reqs
150 %patch40 -p1 -b .disable-ssl3
151 %patch41 -p1 -b .system-cipherlist
152 %patch44 -p1 -b .preserve-nl
153 %patch45 -p1 -b .weak-ciphers
154
155 #patch100 -p1 -b .c_rehash-fix
156
157 #patch300 -p1 -b .mips
158 #patch301 -p1 -b .arm
159
160 #perl -pi -e "s,^(OPENSSL_LIBNAME=).+$,\1%{_lib}," Makefile.org engines/Makefile
161
162 %build
163 %serverbuild
164
165 # Figure out which flags we want to use.
166 # default
167 sslarch=%{_os}-%{_target_cpu}
168 %ifarch %ix86
169 sslarch=linux-elf
170 if ! echo %{_target} | grep -q i[56]86 ; then
171 sslflags="no-asm 386"
172 fi
173 %endif
174 %ifarch x86_64
175 sslflags=enable-ec_nistp_64_gcc_128
176 %endif
177 %ifarch %{arm}
178 sslarch=linux-armv4
179 %endif
180
181 # Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
182 # marked as not requiring an executable stack.
183 # Also add -DPURIFY to make using valgrind with openssl easier as we do not
184 # want to depend on the uninitialized memory as a source of entropy anyway.
185 RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DPURIFY"
186
187 # ia64, x86_64, ppc, ppc64 are OK by default
188 # Configure the build tree. Override OpenSSL defaults with known-good defaults
189 # usable on all platforms. The Configure script already knows to use -fPIC and
190 # RPM_OPT_FLAGS, so we can skip specifiying them here.
191 ./Configure \
192 --prefix=%{_prefix} \
193 --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
194 --system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \
195 %if %with_krb5
196 --with-krb5-flavor=MIT --with-krb5-dir=%{_prefix} \
197 %endif
198 zlib enable-camellia enable-seed enable-rfc3779 \
199 enable-cms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method \
200 enable-weak-ssl-ciphers no-mdc2 no-ec2m shared ${sslarch} \
201 $RPM_OPT_FLAGS
202
203 util/mkdef.pl crypto update
204
205 make all
206
207 %check
208 # Verify that what was compiled actually works.
209
210 # We must revert patch31 before tests otherwise they will fail
211 patch -p1 -R < %{PATCH31}
212
213 export LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
214 export OPENSSL_ENABLE_MD5_VERIFY=
215
216 %ifnarch %ix86
217 make test
218 %endif
219
220 patch -p1 < %{PATCH31}
221
222 %install
223 %make_install
224
225 # make the rootcerts dir
226 install -d %{buildroot}%{_sysconfdir}/pki/tls/rootcerts
227
228 # Install a makefile for generating keys and self-signed certs, and a script
229 # for generating them on the fly.
230 mkdir -p %{buildroot}%{_sysconfdir}/pki/tls/certs
231 install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pki/tls/certs/Makefile
232 install -m 755 %{SOURCE6} %{buildroot}%{_bindir}/make-dummy-cert
233 install -m 755 %{SOURCE7} %{buildroot}%{_bindir}/renew-dummy-cert
234
235 # Move runable perl scripts to bindir
236 mv %{buildroot}%{_sysconfdir}/pki/tls/misc/*.pl %{buildroot}%{_bindir}
237 mv %{buildroot}%{_sysconfdir}/pki/tls/misc/tsget %{buildroot}%{_bindir}
238
239 install -d %{buildroot}%{_sysconfdir}/pki/CA
240 install -d %{buildroot}%{_sysconfdir}/pki/CA/private
241 install -d %{buildroot}%{_sysconfdir}/pki/CA/certs
242 install -d %{buildroot}%{_sysconfdir}/pki/CA/crl
243 install -d %{buildroot}%{_sysconfdir}/pki/CA/newcerts
244
245 rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf.dist
246
247 # fix man pages conflicts with other packages
248 for i in passwd rand ; do
249 mv %{buildroot}%{_mandir}/man1/$i.1 %{buildroot}%{_mandir}/man1/ssl-$i.1
250 done
251
252 %multiarch_includes %{buildroot}%{_includedir}/openssl/opensslconf.h
253
254 # nuke rpath
255 chrpath -d %{buildroot}%{_bindir}/openssl
256
257 # Fix libdir.
258 for i in %{buildroot}%{_libdir}/pkgconfig/*.pc; do
259 sed -i 's,^libdir=${exec_prefix}/lib$,libdir=${exec_prefix}/%{_lib},g' $i
260 done
261
262 # adjust ssldir
263 perl -pi -e "s|^\\\$CATOP\=\".*|\\\$CATOP\=\"%{_sysconfdir}/pki/tls\";|g" %{buildroot}%{_bindir}/CA.pl
264 perl -pi -e "s|\./demoCA|%{_sysconfdir}/pki/tls|g" %{buildroot}%{_sysconfdir}/pki/tls/openssl.cnf
265
266 %files
267 %doc FAQ INSTALL LICENSE NEWS README*
268 %dir %{_sysconfdir}/pki
269 %dir %{_sysconfdir}/pki/tls
270 %dir %{_sysconfdir}/pki/tls/certs
271 %dir %{_sysconfdir}/pki/tls/misc
272 %dir %{_sysconfdir}/pki/tls/private
273 %dir %{_sysconfdir}/pki/tls/rootcerts
274 %config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
275 %{_sysconfdir}/pki/tls/certs/Makefile
276 %{_bindir}/make-dummy-cert
277 %{_bindir}/renew-dummy-cert
278 %{_bindir}/openssl
279 %{_mandir}/man[157]/*
280 %exclude %{_mandir}/man1*/*rehash*
281 %exclude %{_mandir}/man1*/*.pl*
282 %exclude %{_mandir}/man1*/*tsget*
283
284 %files -n %{libname}
285 %doc FAQ LICENSE NEWS README*
286 %{_libdir}/lib*.so.%{maj}
287 %{_libdir}/engines-%{maj}
288
289 %files -n %{develname}
290 %doc CHANGES doc/*
291 %dir %{_includedir}/openssl
292 %multiarch %{multiarch_includedir}/openssl/opensslconf.h
293 %{_includedir}/openssl
294 %{_libdir}/lib*.so
295 %{_mandir}/man3/*
296 %{_libdir}/pkgconfig/*.pc
297
298 %files -n %{staticname}
299 %{_libdir}/lib*.a
300
301 %files perl
302 %{_bindir}/c_rehash
303 %{_bindir}/*.pl
304 %{_bindir}/tsget
305 %{_mandir}/man1*/*rehash*
306 %{_mandir}/man1*/*.pl*
307 %{_mandir}/man1*/*tsget*
308 %dir %{_sysconfdir}/pki/CA
309 %dir %{_sysconfdir}/pki/CA/private
310 %dir %{_sysconfdir}/pki/CA/certs
311 %dir %{_sysconfdir}/pki/CA/crl
312 %dir %{_sysconfdir}/pki/CA/newcerts

  ViewVC Help
Powered by ViewVC 1.1.30