current/SPECS/openssl.spec

%define maj     1.1
%define libname     %mklibname openssl %{maj}
%define develname   %mklibname openssl -d
%define staticname  %mklibname openssl -s -d

%define with_krb5   0

Summary:    Secure Sockets Layer communications libs & utils
Name:       openssl
Version:    1.1.1d
Release:    %mkrel 1
License:    BSD-like
Group:      System/Libraries
URL:        http://www.openssl.org/
Source0:    http://www.openssl.org/source/%{name}-%{version}.tar.gz
Source1:    http://www.openssl.org/source/%{name}-%{version}.tar.gz.asc
Source2:    Makefile.certificate
Source4:    openssl-thread-test.c
Source6:    make-dummy-cert
Source7:    renew-dummy-cert
Source12:   ec_curve.c
Source13:   ectest.c

# fedora patches
Patch1:     openssl-1.1.1-build.patch
Patch2:     openssl-1.1.1-defaults.patch
Patch3:     openssl-1.1.0-no-html.patch
Patch4:     openssl-1.1.1-man-rename.patch
Patch21:    openssl-1.1.0-issuer-hash.patch
Patch31:    openssl-1.1.1-conf-paths.patch
Patch32:    openssl-1.1.1-version-add-engines.patch
Patch33:    openssl-1.1.1-apps-dgst.patch
Patch36:    openssl-1.1.1-no-brainpool.patch
Patch37:    openssl-1.1.1-ec-curves.patch
Patch38:    openssl-1.1.1-no-weak-verify.patch
Patch40:    openssl-1.1.1-disable-ssl3.patch
Patch41:    openssl-1.1.1-system-cipherlist.patch
Patch43:    openssl-1.1.1-ignore-bound.patch
Patch45:    openssl-1.1.1-weak-ciphers.patch
Patch46:    openssl-1.1.1-seclevel.patch
Patch47:    openssl-1.1.1-ts-sha256-default.patch
Patch49:    openssl-1.1.1-evp-kdf.patch
Patch50:    openssl-1.1.1-ssh-kdf.patch
# Backported fixes including security fixes
Patch51:    openssl-1.1.1-upstream-sync.patch
Patch54:    openssl-1.1.1-regression-fixes.patch

# MIPS and ARM support
Patch300:   openssl-1.0.2a-mips.patch
Patch301:   openssl-1.0.2a-arm.patch

Requires:   %{libname} = %{version}-%{release}
Requires:   rootcerts
%if %with_krb5
BuildRequires:  krb5-devel
%endif
BuildRequires:  multiarch-utils >= 1.0.3
BuildRequires:  chrpath
BuildRequires:  pkgconfig(zlib)
BuildRequires:  pkgconfig(libsctp)
# (tv) for test suite:
BuildRequires:  bc

%description
The openssl certificate management tool and the shared libraries that provide
various encryption and decription algorithms and protocols, including DES, RC4,
RSA and SSL.

%package -n %{libname}
Summary:    Secure Sockets Layer communications libs
Group:      System/Libraries
Requires:   crypto-policies
Provides:   %{libname} = %{version}-%{release}

%description -n %{libname}
The libraries files are needed for various cryptographic algorithms
and protocols, including DES, RC4, RSA and SSL.

%package -n %{develname}
Summary:    Secure Sockets Layer communications libs & headers & utils
Group:      Development/Other
Requires:   %{libname} = %{version}-%{release}
Provides:   libopenssl-devel
Provides:   %{name}-devel = %{version}-%{release}
Obsoletes:  %{mklibname openssl 1.0.0}-devel

%description -n %{develname}
The libraries and include files needed to compile apps with support
for various cryptographic algorithms and protocols, including DES, RC4, RSA
and SSL.

%package -n %{staticname}
Summary:    Secure Sockets Layer communications static libs
Group:      Development/Other
Requires:   %{develname} = %{version}-%{release}
Provides:   libopenssl-static-devel
Provides:   %{name}-static-devel = %{version}-%{release}
Obsoletes:  %{mklibname openssl 1.0.0}-static-devel

%description -n %{staticname}
The static libraries needed to compile apps with support for various
cryptographic algorithms and protocols, including DES, RC4, RSA and SSL.

%package    perl
Summary:    Perl scripts provided with OpenSSL
Group:      System/Libraries
Requires:   %{name}%{?_isa} = %{version}-%{release}
Conflicts:  %name <= 1.0.2h-1.mga6

%description    perl
OpenSSL is a toolkit for supporting cryptography. The openssl-perl
package provides Perl scripts for converting certificates and keys
from other formats to the formats used by the OpenSSL toolkit.

%prep
%setup -q

cp %{SOURCE12} crypto/ec/
cp %{SOURCE13} test/

%patch1 -p1 -b .build
%patch2 -p1 -b .default
%patch3 -p1 -b .no-html
%patch4 -p1 -b .man-rename

%patch21 -p1 -b .issuer-hash

%patch31 -p1 -b .ca-dir
%patch32 -p1 -b .version-add-engines
%patch33 -p1 -b .dgst
%patch36 -p1 -b .no-brainpool
%patch37 -p1 -b .curves
%patch38 -p1 -b .no-weak-verify
%patch40 -p1 -b .disable-ssl3
%patch41 -p1 -b .system-cipherlist
%patch43 -p1 -b .ignore-bound
%patch45 -p1 -b .weak-ciphers
%patch46 -p1 -b .seclevel
%patch47 -p1 -b .ts-sha256-defaul
%patch49 -p1 -b .evp-kdf
%patch50 -p1 -b .ssh-kdf
%patch51 -p1 -b .upstream-sync
%patch54 -p1 -b .regression

#perl -pi -e "s,^(OPENSSL_LIBNAME=).+$,\1%{_lib}," Makefile.org engines/Makefile

%build
%serverbuild

# Figure out which flags we want to use.
# default
sslarch=%{_os}-%{_target_cpu}
%ifarch %ix86
sslarch=linux-elf
if ! echo %{_target} | grep -q i[56]86 ; then
    sslflags="no-asm 386"
fi
%endif
%ifarch x86_64
sslflags=enable-ec_nistp_64_gcc_128
%endif
%ifarch %{arm}
sslarch=linux-armv4
%endif

# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
# marked as not requiring an executable stack.
# Also add -DPURIFY to make using valgrind with openssl easier as we do not
# want to depend on the uninitialized memory as a source of entropy anyway.
RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -Wa,--generate-missing-build-notes=yes -DPURIFY $RPM_LD_FLAGS"

# ia64, x86_64, ppc, ppc64 are OK by default
# Configure the build tree.  Override OpenSSL defaults with known-good defaults
# usable on all platforms.  The Configure script already knows to use -fPIC and
# RPM_OPT_FLAGS, so we can skip specifiying them here.
./Configure \
    --prefix=%{_prefix} \
    --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
    --system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \
%if %with_krb5
    --with-krb5-flavor=MIT --with-krb5-dir=%{_prefix} \
%endif
     zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
     enable-cms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method \
     enable-weak-ssl-ciphers \
     no-mdc2 no-ec2m no-sm2 no-sm4 \
     shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\""'

util/mkdef.pl crypto update

make all

%check
%ifnarch %ix86

(sysctl net.sctp.addip_enable=1 && sysctl net.sctp.auth_enable=1) || \
(echo 'Failed to enable SCTP AUTH chunks, disabling SCTP for tests...' &&
 sed '/"zlib-dynamic" => "default",/a\ \ "sctp" => "default",' configdata.pm > configdata.pm.new && \
 touch -r configdata.pm configdata.pm.new && \
 mv -f configdata.pm.new configdata.pm)

# We must revert patch31 before tests otherwise they will fail
patch -p1 -R < %{PATCH31}

export LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
export OPENSSL_ENABLE_MD5_VERIFY=
export OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file

make test
%endif

%install
%make_install

# make the rootcerts dir
install -d %{buildroot}%{_sysconfdir}/pki/tls/rootcerts

# Install a makefile for generating keys and self-signed certs, and a script
# for generating them on the fly.
mkdir -p %{buildroot}%{_sysconfdir}/pki/tls/certs
install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pki/tls/certs/Makefile
install -m 755 %{SOURCE6} %{buildroot}%{_bindir}/make-dummy-cert
install -m 755 %{SOURCE7} %{buildroot}%{_bindir}/renew-dummy-cert

# Move runable perl scripts to bindir
mv %{buildroot}%{_sysconfdir}/pki/tls/misc/*.pl %{buildroot}%{_bindir}
mv %{buildroot}%{_sysconfdir}/pki/tls/misc/tsget %{buildroot}%{_bindir}

install -d %{buildroot}%{_sysconfdir}/pki/CA
install -d %{buildroot}%{_sysconfdir}/pki/CA/private
install -d %{buildroot}%{_sysconfdir}/pki/CA/certs
install -d %{buildroot}%{_sysconfdir}/pki/CA/crl
install -d %{buildroot}%{_sysconfdir}/pki/CA/newcerts

rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf.dist
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf.dist

# fix man pages conflicts with other packages
for i in passwd rand ; do
    mv %{buildroot}%{_mandir}/man1/$i.1 %{buildroot}%{_mandir}/man1/ssl-$i.1
done

%multiarch_includes %{buildroot}%{_includedir}/openssl/opensslconf.h

# nuke rpath
chrpath -d %{buildroot}%{_bindir}/openssl

# Fix libdir.
for i in %{buildroot}%{_libdir}/pkgconfig/*.pc; do
    sed -i 's,^libdir=${exec_prefix}/lib$,libdir=${exec_prefix}/%{_lib},g' $i
done

# adjust ssldir
perl -pi -e "s|^\\\$CATOP\=\".*|\\\$CATOP\=\"%{_sysconfdir}/pki/tls\";|g" %{buildroot}%{_bindir}/CA.pl
perl -pi -e "s|\./demoCA|%{_sysconfdir}/pki/tls|g" %{buildroot}%{_sysconfdir}/pki/tls/openssl.cnf

%files
%doc FAQ INSTALL LICENSE NEWS README*
%dir %{_sysconfdir}/pki
%dir %{_sysconfdir}/pki/tls
%dir %{_sysconfdir}/pki/tls/certs
%dir %{_sysconfdir}/pki/tls/misc
%dir %{_sysconfdir}/pki/tls/private
%dir %{_sysconfdir}/pki/tls/rootcerts
%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
%config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf
%{_sysconfdir}/pki/tls/certs/Makefile
%{_bindir}/make-dummy-cert
%{_bindir}/renew-dummy-cert
%{_bindir}/openssl
%{_mandir}/man[157]/*
%exclude %{_mandir}/man1*/*rehash*
%exclude %{_mandir}/man1*/*.pl*
%exclude %{_mandir}/man1*/*tsget*

%files -n %{libname}
%doc FAQ LICENSE NEWS README*
%{_libdir}/lib*.so.%{maj}
%{_libdir}/engines-%{maj}

%files -n %{develname}
%doc CHANGES doc/*
%dir %{_includedir}/openssl
%multiarch %{multiarch_includedir}/openssl/opensslconf.h
%{_includedir}/openssl
%{_libdir}/lib*.so
%{_mandir}/man3/*
%{_libdir}/pkgconfig/*.pc

%files -n %{staticname}
%{_libdir}/lib*.a

%files perl
%{_bindir}/c_rehash
%{_bindir}/*.pl
%{_bindir}/tsget
%{_mandir}/man1*/*rehash*
%{_mandir}/man1*/*.pl*
%{_mandir}/man1*/*tsget*
%dir %{_sysconfdir}/pki/CA
%dir %{_sysconfdir}/pki/CA/private
%dir %{_sysconfdir}/pki/CA/certs
%dir %{_sysconfdir}/pki/CA/crl
%dir %{_sysconfdir}/pki/CA/newcerts
1	%define maj 1.1
2	%define libname %mklibname openssl %{maj}
3	%define develname %mklibname openssl -d
4	%define staticname %mklibname openssl -s -d
5
6	%define with_krb5 0
7
8	Summary: Secure Sockets Layer communications libs & utils
9	Name: openssl
10	Version: 1.1.1d
11	Release: %mkrel 1
12	License: BSD-like
13	Group: System/Libraries
14	URL: http://www.openssl.org/
15	Source0: http://www.openssl.org/source/%{name}-%{version}.tar.gz
16	Source1: http://www.openssl.org/source/%{name}-%{version}.tar.gz.asc
17	Source2: Makefile.certificate
18	Source4: openssl-thread-test.c
19	Source6: make-dummy-cert
20	Source7: renew-dummy-cert
21	Source12: ec_curve.c
22	Source13: ectest.c
23
24	# fedora patches
25	Patch1: openssl-1.1.1-build.patch
26	Patch2: openssl-1.1.1-defaults.patch
27	Patch3: openssl-1.1.0-no-html.patch
28	Patch4: openssl-1.1.1-man-rename.patch
29	Patch21: openssl-1.1.0-issuer-hash.patch
30	Patch31: openssl-1.1.1-conf-paths.patch
31	Patch32: openssl-1.1.1-version-add-engines.patch
32	Patch33: openssl-1.1.1-apps-dgst.patch
33	Patch36: openssl-1.1.1-no-brainpool.patch
34	Patch37: openssl-1.1.1-ec-curves.patch
35	Patch38: openssl-1.1.1-no-weak-verify.patch
36	Patch40: openssl-1.1.1-disable-ssl3.patch
37	Patch41: openssl-1.1.1-system-cipherlist.patch
38	Patch43: openssl-1.1.1-ignore-bound.patch
39	Patch45: openssl-1.1.1-weak-ciphers.patch
40	Patch46: openssl-1.1.1-seclevel.patch
41	Patch47: openssl-1.1.1-ts-sha256-default.patch
42	Patch49: openssl-1.1.1-evp-kdf.patch
43	Patch50: openssl-1.1.1-ssh-kdf.patch
44	# Backported fixes including security fixes
45	Patch51: openssl-1.1.1-upstream-sync.patch
46	Patch54: openssl-1.1.1-regression-fixes.patch
47
48	# MIPS and ARM support
49	Patch300: openssl-1.0.2a-mips.patch
50	Patch301: openssl-1.0.2a-arm.patch
51
52	Requires: %{libname} = %{version}-%{release}
53	Requires: rootcerts
54	%if %with_krb5
55	BuildRequires: krb5-devel
56	%endif
57	BuildRequires: multiarch-utils >= 1.0.3
58	BuildRequires: chrpath
59	BuildRequires: pkgconfig(zlib)
60	BuildRequires: pkgconfig(libsctp)
61	# (tv) for test suite:
62	BuildRequires: bc
63
64	%description
65	The openssl certificate management tool and the shared libraries that provide
66	various encryption and decription algorithms and protocols, including DES, RC4,
67	RSA and SSL.
68
69	%package -n %{libname}
70	Summary: Secure Sockets Layer communications libs
71	Group: System/Libraries
72	Requires: crypto-policies
73	Provides: %{libname} = %{version}-%{release}
74
75	%description -n %{libname}
76	The libraries files are needed for various cryptographic algorithms
77	and protocols, including DES, RC4, RSA and SSL.
78
79	%package -n %{develname}
80	Summary: Secure Sockets Layer communications libs & headers & utils
81	Group: Development/Other
82	Requires: %{libname} = %{version}-%{release}
83	Provides: libopenssl-devel
84	Provides: %{name}-devel = %{version}-%{release}
85	Obsoletes: %{mklibname openssl 1.0.0}-devel
86
87	%description -n %{develname}
88	The libraries and include files needed to compile apps with support
89	for various cryptographic algorithms and protocols, including DES, RC4, RSA
90	and SSL.
91
92	%package -n %{staticname}
93	Summary: Secure Sockets Layer communications static libs
94	Group: Development/Other
95	Requires: %{develname} = %{version}-%{release}
96	Provides: libopenssl-static-devel
97	Provides: %{name}-static-devel = %{version}-%{release}
98	Obsoletes: %{mklibname openssl 1.0.0}-static-devel
99
100	%description -n %{staticname}
101	The static libraries needed to compile apps with support for various
102	cryptographic algorithms and protocols, including DES, RC4, RSA and SSL.
103
104	%package perl
105	Summary: Perl scripts provided with OpenSSL
106	Group: System/Libraries
107	Requires: %{name}%{?_isa} = %{version}-%{release}
108	Conflicts: %name <= 1.0.2h-1.mga6
109
110	%description perl
111	OpenSSL is a toolkit for supporting cryptography. The openssl-perl
112	package provides Perl scripts for converting certificates and keys
113	from other formats to the formats used by the OpenSSL toolkit.
114
115	%prep
116	%setup -q
117
118	cp %{SOURCE12} crypto/ec/
119	cp %{SOURCE13} test/
120
121	%patch1 -p1 -b .build
122	%patch2 -p1 -b .default
123	%patch3 -p1 -b .no-html
124	%patch4 -p1 -b .man-rename
125
126	%patch21 -p1 -b .issuer-hash
127
128	%patch31 -p1 -b .ca-dir
129	%patch32 -p1 -b .version-add-engines
130	%patch33 -p1 -b .dgst
131	%patch36 -p1 -b .no-brainpool
132	%patch37 -p1 -b .curves
133	%patch38 -p1 -b .no-weak-verify
134	%patch40 -p1 -b .disable-ssl3
135	%patch41 -p1 -b .system-cipherlist
136	%patch43 -p1 -b .ignore-bound
137	%patch45 -p1 -b .weak-ciphers
138	%patch46 -p1 -b .seclevel
139	%patch47 -p1 -b .ts-sha256-defaul
140	%patch49 -p1 -b .evp-kdf
141	%patch50 -p1 -b .ssh-kdf
142	%patch51 -p1 -b .upstream-sync
143	%patch54 -p1 -b .regression
144
145	#perl -pi -e "s,^(OPENSSL_LIBNAME=).+$,\1%{_lib}," Makefile.org engines/Makefile
146
147	%build
148	%serverbuild
149
150	# Figure out which flags we want to use.
151	# default
152	sslarch=%{_os}-%{_target_cpu}
153	%ifarch %ix86
154	sslarch=linux-elf
155	if ! echo %{_target} \| grep -q i[56]86 ; then
156	sslflags="no-asm 386"
157	fi
158	%endif
159	%ifarch x86_64
160	sslflags=enable-ec_nistp_64_gcc_128
161	%endif
162	%ifarch %{arm}
163	sslarch=linux-armv4
164	%endif
165
166	# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
167	# marked as not requiring an executable stack.
168	# Also add -DPURIFY to make using valgrind with openssl easier as we do not
169	# want to depend on the uninitialized memory as a source of entropy anyway.
170	RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -Wa,--generate-missing-build-notes=yes -DPURIFY $RPM_LD_FLAGS"
171
172	# ia64, x86_64, ppc, ppc64 are OK by default
173	# Configure the build tree. Override OpenSSL defaults with known-good defaults
174	# usable on all platforms. The Configure script already knows to use -fPIC and
175	# RPM_OPT_FLAGS, so we can skip specifiying them here.
176	./Configure \
177	--prefix=%{_prefix} \
178	--openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
179	--system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \
180	%if %with_krb5
181	--with-krb5-flavor=MIT --with-krb5-dir=%{_prefix} \
182	%endif
183	zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
184	enable-cms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method \
185	enable-weak-ssl-ciphers \
186	no-mdc2 no-ec2m no-sm2 no-sm4 \
187	shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\""'
188
189	util/mkdef.pl crypto update
190
191	make all
192
193	%check
194	%ifnarch %ix86
195
196	(sysctl net.sctp.addip_enable=1 && sysctl net.sctp.auth_enable=1) \|\| \
197	(echo 'Failed to enable SCTP AUTH chunks, disabling SCTP for tests...' &&
198	sed '/"zlib-dynamic" => "default",/a\ \ "sctp" => "default",' configdata.pm > configdata.pm.new && \
199	touch -r configdata.pm configdata.pm.new && \
200	mv -f configdata.pm.new configdata.pm)
201
202	# We must revert patch31 before tests otherwise they will fail
203	patch -p1 -R < %{PATCH31}
204
205	export LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
206	export OPENSSL_ENABLE_MD5_VERIFY=
207	export OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file
208
209	make test
210	%endif
211
212	%install
213	%make_install
214
215	# make the rootcerts dir
216	install -d %{buildroot}%{_sysconfdir}/pki/tls/rootcerts
217
218	# Install a makefile for generating keys and self-signed certs, and a script
219	# for generating them on the fly.
220	mkdir -p %{buildroot}%{_sysconfdir}/pki/tls/certs
221	install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pki/tls/certs/Makefile
222	install -m 755 %{SOURCE6} %{buildroot}%{_bindir}/make-dummy-cert
223	install -m 755 %{SOURCE7} %{buildroot}%{_bindir}/renew-dummy-cert
224
225	# Move runable perl scripts to bindir
226	mv %{buildroot}%{_sysconfdir}/pki/tls/misc/*.pl %{buildroot}%{_bindir}
227	mv %{buildroot}%{_sysconfdir}/pki/tls/misc/tsget %{buildroot}%{_bindir}
228
229	install -d %{buildroot}%{_sysconfdir}/pki/CA
230	install -d %{buildroot}%{_sysconfdir}/pki/CA/private
231	install -d %{buildroot}%{_sysconfdir}/pki/CA/certs
232	install -d %{buildroot}%{_sysconfdir}/pki/CA/crl
233	install -d %{buildroot}%{_sysconfdir}/pki/CA/newcerts
234
235	rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf.dist
236	rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf.dist
237
238	# fix man pages conflicts with other packages
239	for i in passwd rand ; do
240	mv %{buildroot}%{_mandir}/man1/$i.1 %{buildroot}%{_mandir}/man1/ssl-$i.1
241	done
242
243	%multiarch_includes %{buildroot}%{_includedir}/openssl/opensslconf.h
244
245	# nuke rpath
246	chrpath -d %{buildroot}%{_bindir}/openssl
247
248	# Fix libdir.
249	for i in %{buildroot}%{_libdir}/pkgconfig/*.pc; do
250	sed -i 's,^libdir=${exec_prefix}/lib$,libdir=${exec_prefix}/%{_lib},g' $i
251	done
252
253	# adjust ssldir
254	perl -pi -e "s\|^\\\$CATOP\=\".*\|\\\$CATOP\=\"%{_sysconfdir}/pki/tls\";\|g" %{buildroot}%{_bindir}/CA.pl
255	perl -pi -e "s\|\./demoCA\|%{_sysconfdir}/pki/tls\|g" %{buildroot}%{_sysconfdir}/pki/tls/openssl.cnf
256
257	%files
258	%doc FAQ INSTALL LICENSE NEWS README*
259	%dir %{_sysconfdir}/pki
260	%dir %{_sysconfdir}/pki/tls
261	%dir %{_sysconfdir}/pki/tls/certs
262	%dir %{_sysconfdir}/pki/tls/misc
263	%dir %{_sysconfdir}/pki/tls/private
264	%dir %{_sysconfdir}/pki/tls/rootcerts
265	%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
266	%config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf
267	%{_sysconfdir}/pki/tls/certs/Makefile
268	%{_bindir}/make-dummy-cert
269	%{_bindir}/renew-dummy-cert
270	%{_bindir}/openssl
271	%{_mandir}/man[157]/*
272	%exclude %{_mandir}/man1/rehash*
273	%exclude %{_mandir}/man1/.pl*
274	%exclude %{_mandir}/man1/tsget*
275
276	%files -n %{libname}
277	%doc FAQ LICENSE NEWS README*
278	%{_libdir}/lib*.so.%{maj}
279	%{_libdir}/engines-%{maj}
280
281	%files -n %{develname}
282	%doc CHANGES doc/*
283	%dir %{_includedir}/openssl
284	%multiarch %{multiarch_includedir}/openssl/opensslconf.h
285	%{_includedir}/openssl
286	%{_libdir}/lib*.so
287	%{_mandir}/man3/*
288	%{_libdir}/pkgconfig/*.pc
289
290	%files -n %{staticname}
291	%{_libdir}/lib*.a
292
293	%files perl
294	%{_bindir}/c_rehash
295	%{_bindir}/*.pl
296	%{_bindir}/tsget
297	%{_mandir}/man1/rehash*
298	%{_mandir}/man1/.pl*
299	%{_mandir}/man1/tsget*
300	%dir %{_sysconfdir}/pki/CA
301	%dir %{_sysconfdir}/pki/CA/private
302	%dir %{_sysconfdir}/pki/CA/certs
303	%dir %{_sysconfdir}/pki/CA/crl
304	%dir %{_sysconfdir}/pki/CA/newcerts