1 |
%define maj 1.1 |
2 |
%define libname %mklibname openssl %{maj} |
3 |
%define develname %mklibname openssl -d |
4 |
%define staticname %mklibname openssl -s -d |
5 |
|
6 |
%define conflict1 %mklibname openssl 0.9.7 |
7 |
%define conflict2 %mklibname openssl 0.9.8 |
8 |
|
9 |
%define with_krb5 0 |
10 |
|
11 |
Summary: Secure Sockets Layer communications libs & utils |
12 |
Name: openssl |
13 |
Version: 1.1.0i |
14 |
Release: %mkrel 2 |
15 |
License: BSD-like |
16 |
Group: System/Libraries |
17 |
URL: http://www.openssl.org/ |
18 |
Source0: http://www.openssl.org/source/%{name}-%{version}.tar.gz |
19 |
Source1: http://www.openssl.org/source/%{name}-%{version}.tar.gz.asc |
20 |
Source2: Makefile.certificate |
21 |
Source4: openssl-thread-test.c |
22 |
Source6: make-dummy-cert |
23 |
Source7: renew-dummy-cert |
24 |
Source12: ec_curve.c |
25 |
Source13: ectest.c |
26 |
# (oe) support Brazilian Government OTHERNAME X509v3 field (#14158) |
27 |
# http://www.iti.gov.br/resolucoes/RESOLU__O_13_DE_26_04_2002.PDF |
28 |
Patch6: openssl-1.0.2l-icpbrasil.diff |
29 |
|
30 |
# fedora patches |
31 |
Patch1: openssl-1.1.0-build.patch |
32 |
Patch3: openssl-1.1.0-no-html.patch |
33 |
Patch21: openssl-1.1.0-issuer-hash.patch |
34 |
Patch22: openssl-1.1.0-algo-doc.patch |
35 |
Patch23: openssl-1.1.0-manfix.patch |
36 |
Patch31: openssl-1.1.0-ca-dir.patch |
37 |
Patch32: openssl-1.1.0-version-add-engines.patch |
38 |
Patch33: openssl-1.1.0-apps-dgst.patch |
39 |
Patch34: openssl-1.1.0-starttls-xmpp.patch |
40 |
Patch35: openssl-1.1.0-chil-fixes.patch |
41 |
Patch36: openssl-1.1.0-secure-getenv.patch |
42 |
Patch37: openssl-1.1.0-ec-curves.patch |
43 |
Patch38: openssl-1.1.0-no-weak-verify.patch |
44 |
Patch39: openssl-1.1.0-cc-reqs.patch |
45 |
Patch40: openssl-1.1.0-disable-ssl3.patch |
46 |
Patch41: openssl-1.1.0-system-cipherlist.patch |
47 |
Patch44: openssl-1.1.0-bio-fd-preserve-nl.patch |
48 |
Patch45: openssl-1.1.0-weak-ciphers.patch |
49 |
|
50 |
# Upstream patches |
51 |
# https://github.com/openssl/openssl/issues/5772 |
52 |
Patch100: 0001-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch |
53 |
|
54 |
# MIPS and ARM support |
55 |
Patch300: openssl-1.0.2a-mips.patch |
56 |
Patch301: openssl-1.0.2a-arm.patch |
57 |
|
58 |
Requires: %{libname} = %{version}-%{release} |
59 |
Requires: rootcerts |
60 |
%if %with_krb5 |
61 |
BuildRequires: krb5-devel |
62 |
%endif |
63 |
BuildRequires: multiarch-utils >= 1.0.3 |
64 |
BuildRequires: chrpath |
65 |
BuildRequires: pkgconfig(zlib) |
66 |
# (tv) for test suite: |
67 |
BuildRequires: bc |
68 |
|
69 |
%description |
70 |
The openssl certificate management tool and the shared libraries that provide |
71 |
various encryption and decription algorithms and protocols, including DES, RC4, |
72 |
RSA and SSL. |
73 |
|
74 |
%package -n %{libname} |
75 |
Summary: Secure Sockets Layer communications libs |
76 |
Group: System/Libraries |
77 |
Requires: crypto-policies |
78 |
Provides: %{libname} = %{version}-%{release} |
79 |
|
80 |
%description -n %{libname} |
81 |
The libraries files are needed for various cryptographic algorithms |
82 |
and protocols, including DES, RC4, RSA and SSL. |
83 |
|
84 |
%package -n %{develname} |
85 |
Summary: Secure Sockets Layer communications libs & headers & utils |
86 |
Group: Development/Other |
87 |
Requires: %{libname} = %{version}-%{release} |
88 |
Provides: libopenssl-devel |
89 |
Provides: %{name}-devel = %{version}-%{release} |
90 |
# temporary opsolete, will be a conflict later. a compat package |
91 |
# with openssl-0.9.7 devel libs will be provided soon |
92 |
Obsoletes: %{conflict1}-devel |
93 |
Obsoletes: %{conflict2}-devel |
94 |
Obsoletes: %{mklibname openssl 1.0.0}-devel |
95 |
|
96 |
%description -n %{develname} |
97 |
The libraries and include files needed to compile apps with support |
98 |
for various cryptographic algorithms and protocols, including DES, RC4, RSA |
99 |
and SSL. |
100 |
|
101 |
%package -n %{staticname} |
102 |
Summary: Secure Sockets Layer communications static libs |
103 |
Group: Development/Other |
104 |
Requires: %{develname} = %{version}-%{release} |
105 |
Provides: libopenssl-static-devel |
106 |
Provides: %{name}-static-devel = %{version}-%{release} |
107 |
# temporary opsolete, will be a conflict later. a compat package |
108 |
# with openssl-0.9.7 static-devel libs will be provided soon |
109 |
Obsoletes: %{conflict1}-static-devel |
110 |
Obsoletes: %{conflict2}-static-devel |
111 |
Obsoletes: %{mklibname openssl 1.0.0}-static-devel |
112 |
|
113 |
%description -n %{staticname} |
114 |
The static libraries needed to compile apps with support for various |
115 |
cryptographic algorithms and protocols, including DES, RC4, RSA and SSL. |
116 |
|
117 |
%package perl |
118 |
Summary: Perl scripts provided with OpenSSL |
119 |
Group: System/Libraries |
120 |
Requires: %{name}%{?_isa} = %{version}-%{release} |
121 |
Conflicts: %name <= 1.0.2h-1.mga6 |
122 |
|
123 |
%description perl |
124 |
OpenSSL is a toolkit for supporting cryptography. The openssl-perl |
125 |
package provides Perl scripts for converting certificates and keys |
126 |
from other formats to the formats used by the OpenSSL toolkit. |
127 |
|
128 |
%prep |
129 |
%setup -q |
130 |
|
131 |
cp %{SOURCE12} crypto/ec/ |
132 |
cp %{SOURCE13} test/ |
133 |
|
134 |
%patch1 -p1 -b .build |
135 |
%patch3 -p1 -b .no-html |
136 |
%patch6 -p1 -b .icpbrasil |
137 |
|
138 |
%patch21 -p1 -b .issuer-hash |
139 |
%patch22 -p1 -b .algo-doc |
140 |
%patch23 -p1 -b .manfix |
141 |
%patch31 -p1 -b .ca-dir |
142 |
%patch32 -p1 -b .version-add-engines |
143 |
%patch33 -p1 -b .dgst |
144 |
%patch34 -p1 -b .xmpp |
145 |
%patch35 -p1 -b .chil |
146 |
%patch36 -p1 -b .secure-getenv |
147 |
%patch37 -p1 -b .curves |
148 |
%patch38 -p1 -b .no-md5-verify |
149 |
%patch39 -p1 -b .cc-reqs |
150 |
%patch40 -p1 -b .disable-ssl3 |
151 |
%patch41 -p1 -b .system-cipherlist |
152 |
%patch44 -p1 -b .preserve-nl |
153 |
%patch45 -p1 -b .weak-ciphers |
154 |
|
155 |
#patch100 -p1 -b .c_rehash-fix |
156 |
|
157 |
#patch300 -p1 -b .mips |
158 |
#patch301 -p1 -b .arm |
159 |
|
160 |
#perl -pi -e "s,^(OPENSSL_LIBNAME=).+$,\1%{_lib}," Makefile.org engines/Makefile |
161 |
|
162 |
%build |
163 |
%serverbuild |
164 |
|
165 |
# Figure out which flags we want to use. |
166 |
# default |
167 |
sslarch=%{_os}-%{_target_cpu} |
168 |
%ifarch %ix86 |
169 |
sslarch=linux-elf |
170 |
if ! echo %{_target} | grep -q i[56]86 ; then |
171 |
sslflags="no-asm 386" |
172 |
fi |
173 |
%endif |
174 |
%ifarch x86_64 |
175 |
sslflags=enable-ec_nistp_64_gcc_128 |
176 |
%endif |
177 |
%ifarch %{arm} |
178 |
sslarch=linux-armv4 |
179 |
%endif |
180 |
|
181 |
# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be |
182 |
# marked as not requiring an executable stack. |
183 |
# Also add -DPURIFY to make using valgrind with openssl easier as we do not |
184 |
# want to depend on the uninitialized memory as a source of entropy anyway. |
185 |
RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DPURIFY" |
186 |
|
187 |
# ia64, x86_64, ppc, ppc64 are OK by default |
188 |
# Configure the build tree. Override OpenSSL defaults with known-good defaults |
189 |
# usable on all platforms. The Configure script already knows to use -fPIC and |
190 |
# RPM_OPT_FLAGS, so we can skip specifiying them here. |
191 |
./Configure \ |
192 |
--prefix=%{_prefix} \ |
193 |
--openssldir=%{_sysconfdir}/pki/tls ${sslflags} \ |
194 |
--system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \ |
195 |
%if %with_krb5 |
196 |
--with-krb5-flavor=MIT --with-krb5-dir=%{_prefix} \ |
197 |
%endif |
198 |
zlib enable-camellia enable-seed enable-rfc3779 \ |
199 |
enable-cms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method \ |
200 |
enable-weak-ssl-ciphers no-mdc2 no-ec2m shared ${sslarch} \ |
201 |
$RPM_OPT_FLAGS |
202 |
|
203 |
util/mkdef.pl crypto update |
204 |
|
205 |
make all |
206 |
|
207 |
%check |
208 |
# Verify that what was compiled actually works. |
209 |
|
210 |
# We must revert patch31 before tests otherwise they will fail |
211 |
patch -p1 -R < %{PATCH31} |
212 |
|
213 |
export LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}} |
214 |
export OPENSSL_ENABLE_MD5_VERIFY= |
215 |
|
216 |
%ifnarch %ix86 |
217 |
make test |
218 |
%endif |
219 |
|
220 |
patch -p1 < %{PATCH31} |
221 |
|
222 |
%install |
223 |
%make_install |
224 |
|
225 |
# make the rootcerts dir |
226 |
install -d %{buildroot}%{_sysconfdir}/pki/tls/rootcerts |
227 |
|
228 |
# Install a makefile for generating keys and self-signed certs, and a script |
229 |
# for generating them on the fly. |
230 |
mkdir -p %{buildroot}%{_sysconfdir}/pki/tls/certs |
231 |
install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pki/tls/certs/Makefile |
232 |
install -m 755 %{SOURCE6} %{buildroot}%{_bindir}/make-dummy-cert |
233 |
install -m 755 %{SOURCE7} %{buildroot}%{_bindir}/renew-dummy-cert |
234 |
|
235 |
# Move runable perl scripts to bindir |
236 |
mv %{buildroot}%{_sysconfdir}/pki/tls/misc/*.pl %{buildroot}%{_bindir} |
237 |
mv %{buildroot}%{_sysconfdir}/pki/tls/misc/tsget %{buildroot}%{_bindir} |
238 |
|
239 |
install -d %{buildroot}%{_sysconfdir}/pki/CA |
240 |
install -d %{buildroot}%{_sysconfdir}/pki/CA/private |
241 |
install -d %{buildroot}%{_sysconfdir}/pki/CA/certs |
242 |
install -d %{buildroot}%{_sysconfdir}/pki/CA/crl |
243 |
install -d %{buildroot}%{_sysconfdir}/pki/CA/newcerts |
244 |
|
245 |
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf.dist |
246 |
|
247 |
# fix man pages conflicts with other packages |
248 |
for i in passwd rand ; do |
249 |
mv %{buildroot}%{_mandir}/man1/$i.1 %{buildroot}%{_mandir}/man1/ssl-$i.1 |
250 |
done |
251 |
|
252 |
%multiarch_includes %{buildroot}%{_includedir}/openssl/opensslconf.h |
253 |
|
254 |
# nuke rpath |
255 |
chrpath -d %{buildroot}%{_bindir}/openssl |
256 |
|
257 |
# Fix libdir. |
258 |
for i in %{buildroot}%{_libdir}/pkgconfig/*.pc; do |
259 |
sed -i 's,^libdir=${exec_prefix}/lib$,libdir=${exec_prefix}/%{_lib},g' $i |
260 |
done |
261 |
|
262 |
# adjust ssldir |
263 |
perl -pi -e "s|^\\\$CATOP\=\".*|\\\$CATOP\=\"%{_sysconfdir}/pki/tls\";|g" %{buildroot}%{_bindir}/CA.pl |
264 |
perl -pi -e "s|\./demoCA|%{_sysconfdir}/pki/tls|g" %{buildroot}%{_sysconfdir}/pki/tls/openssl.cnf |
265 |
|
266 |
%files |
267 |
%doc FAQ INSTALL LICENSE NEWS README* |
268 |
%dir %{_sysconfdir}/pki |
269 |
%dir %{_sysconfdir}/pki/tls |
270 |
%dir %{_sysconfdir}/pki/tls/certs |
271 |
%dir %{_sysconfdir}/pki/tls/misc |
272 |
%dir %{_sysconfdir}/pki/tls/private |
273 |
%dir %{_sysconfdir}/pki/tls/rootcerts |
274 |
%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf |
275 |
%{_sysconfdir}/pki/tls/certs/Makefile |
276 |
%{_bindir}/make-dummy-cert |
277 |
%{_bindir}/renew-dummy-cert |
278 |
%{_bindir}/openssl |
279 |
%{_mandir}/man[157]/* |
280 |
%exclude %{_mandir}/man1*/*rehash* |
281 |
%exclude %{_mandir}/man1*/*.pl* |
282 |
%exclude %{_mandir}/man1*/*tsget* |
283 |
|
284 |
%files -n %{libname} |
285 |
%doc FAQ LICENSE NEWS README* |
286 |
%{_libdir}/lib*.so.%{maj} |
287 |
%{_libdir}/engines-%{maj} |
288 |
|
289 |
%files -n %{develname} |
290 |
%doc CHANGES doc/* |
291 |
%dir %{_includedir}/openssl |
292 |
%multiarch %{multiarch_includedir}/openssl/opensslconf.h |
293 |
%{_includedir}/openssl |
294 |
%{_libdir}/lib*.so |
295 |
%{_mandir}/man3/* |
296 |
%{_libdir}/pkgconfig/*.pc |
297 |
|
298 |
%files -n %{staticname} |
299 |
%{_libdir}/lib*.a |
300 |
|
301 |
%files perl |
302 |
%{_bindir}/c_rehash |
303 |
%{_bindir}/*.pl |
304 |
%{_bindir}/tsget |
305 |
%{_mandir}/man1*/*rehash* |
306 |
%{_mandir}/man1*/*.pl* |
307 |
%{_mandir}/man1*/*tsget* |
308 |
%dir %{_sysconfdir}/pki/CA |
309 |
%dir %{_sysconfdir}/pki/CA/private |
310 |
%dir %{_sysconfdir}/pki/CA/certs |
311 |
%dir %{_sysconfdir}/pki/CA/crl |
312 |
%dir %{_sysconfdir}/pki/CA/newcerts |