/[packages]/updates/8/openssl/current/SPECS/openssl.spec
ViewVC logotype

Contents of /updates/8/openssl/current/SPECS/openssl.spec

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1563917 - (show annotations) (download)
Wed Apr 1 20:45:01 2020 UTC (3 years, 11 months ago) by ns80
Original Path: cauldron/openssl/current/SPECS/openssl.spec
File size: 9633 byte(s)
- new version 1.1.1f

1 %define maj 1.1
2 %define libname %mklibname openssl %{maj}
3 %define develname %mklibname openssl -d
4 %define staticname %mklibname openssl -s -d
5
6 %define with_krb5 0
7
8 Summary: Secure Sockets Layer communications libs & utils
9 Name: openssl
10 Version: 1.1.1f
11 Release: %mkrel 1
12 License: BSD-like
13 Group: System/Libraries
14 URL: http://www.openssl.org/
15 Source0: http://www.openssl.org/source/%{name}-%{version}.tar.gz
16 Source1: http://www.openssl.org/source/%{name}-%{version}.tar.gz.asc
17 Source2: Makefile.certificate
18 Source4: openssl-thread-test.c
19 Source6: make-dummy-cert
20 Source7: renew-dummy-cert
21 Source12: ec_curve.c
22 Source13: ectest.c
23
24 # fedora patches
25 Patch1: openssl-1.1.1-build.patch
26 Patch2: openssl-1.1.1-defaults.patch
27 Patch3: openssl-1.1.0-no-html.patch
28 Patch4: openssl-1.1.1-man-rename.patch
29 Patch21: openssl-1.1.0-issuer-hash.patch
30 Patch31: openssl-1.1.1-conf-paths.patch
31 Patch32: openssl-1.1.1-version-add-engines.patch
32 Patch33: openssl-1.1.1-apps-dgst.patch
33 Patch36: openssl-1.1.1-no-brainpool.patch
34 Patch37: openssl-1.1.1-ec-curves.patch
35 Patch38: openssl-1.1.1-no-weak-verify.patch
36 Patch40: openssl-1.1.1-disable-ssl3.patch
37 Patch41: openssl-1.1.1-system-cipherlist.patch
38 Patch43: openssl-1.1.1-ignore-bound.patch
39 Patch45: openssl-1.1.1-weak-ciphers.patch
40 Patch46: openssl-1.1.1-seclevel.patch
41 Patch47: openssl-1.1.1-ts-sha256-default.patch
42 Patch49: openssl-1.1.1-evp-kdf.patch
43 Patch50: openssl-1.1.1-ssh-kdf.patch
44 # Backported fixes including security fixes
45
46 # MIPS and ARM support
47 Patch300: openssl-1.0.2a-mips.patch
48 Patch301: openssl-1.0.2a-arm.patch
49
50 Requires: %{libname} = %{version}-%{release}
51 Requires: rootcerts
52 %if %with_krb5
53 BuildRequires: krb5-devel
54 %endif
55 BuildRequires: multiarch-utils >= 1.0.3
56 BuildRequires: chrpath
57 BuildRequires: pkgconfig(zlib)
58 BuildRequires: pkgconfig(libsctp)
59 # (tv) for test suite:
60 BuildRequires: bc
61
62 %description
63 The openssl certificate management tool and the shared libraries that provide
64 various encryption and decription algorithms and protocols, including DES, RC4,
65 RSA and SSL.
66
67 %package -n %{libname}
68 Summary: Secure Sockets Layer communications libs
69 Group: System/Libraries
70 Requires: crypto-policies
71 Provides: %{libname} = %{version}-%{release}
72
73 %description -n %{libname}
74 The libraries files are needed for various cryptographic algorithms
75 and protocols, including DES, RC4, RSA and SSL.
76
77 %package -n %{develname}
78 Summary: Secure Sockets Layer communications libs & headers & utils
79 Group: Development/Other
80 Requires: %{libname} = %{version}-%{release}
81 Provides: libopenssl-devel
82 Provides: %{name}-devel = %{version}-%{release}
83 Obsoletes: %{mklibname openssl 1.0.0}-devel
84
85 %description -n %{develname}
86 The libraries and include files needed to compile apps with support
87 for various cryptographic algorithms and protocols, including DES, RC4, RSA
88 and SSL.
89
90 %package -n %{staticname}
91 Summary: Secure Sockets Layer communications static libs
92 Group: Development/Other
93 Requires: %{develname} = %{version}-%{release}
94 Provides: libopenssl-static-devel
95 Provides: %{name}-static-devel = %{version}-%{release}
96 Obsoletes: %{mklibname openssl 1.0.0}-static-devel
97
98 %description -n %{staticname}
99 The static libraries needed to compile apps with support for various
100 cryptographic algorithms and protocols, including DES, RC4, RSA and SSL.
101
102 %package perl
103 Summary: Perl scripts provided with OpenSSL
104 Group: System/Libraries
105 Requires: %{name}%{?_isa} = %{version}-%{release}
106 Conflicts: %name <= 1.0.2h-1.mga6
107
108 %description perl
109 OpenSSL is a toolkit for supporting cryptography. The openssl-perl
110 package provides Perl scripts for converting certificates and keys
111 from other formats to the formats used by the OpenSSL toolkit.
112
113 %prep
114 %setup -q
115
116 cp %{SOURCE12} crypto/ec/
117 cp %{SOURCE13} test/
118
119 %patch1 -p1 -b .build
120 %patch2 -p1 -b .default
121 %patch3 -p1 -b .no-html
122 %patch4 -p1 -b .man-rename
123
124 %patch21 -p1 -b .issuer-hash
125
126 %patch31 -p1 -b .ca-dir
127 %patch32 -p1 -b .version-add-engines
128 %patch33 -p1 -b .dgst
129 %patch36 -p1 -b .no-brainpool
130 %patch37 -p1 -b .curves
131 %patch38 -p1 -b .no-weak-verify
132 %patch40 -p1 -b .disable-ssl3
133 %patch41 -p1 -b .system-cipherlist
134 %patch43 -p1 -b .ignore-bound
135 %patch45 -p1 -b .weak-ciphers
136 %patch46 -p1 -b .seclevel
137 %patch47 -p1 -b .ts-sha256-defaul
138 %patch49 -p1 -b .evp-kdf
139 %patch50 -p1 -b .ssh-kdf
140
141 #perl -pi -e "s,^(OPENSSL_LIBNAME=).+$,\1%{_lib}," Makefile.org engines/Makefile
142
143 %build
144 %serverbuild
145
146 # Figure out which flags we want to use.
147 # default
148 sslarch=%{_os}-%{_target_cpu}
149 %ifarch %ix86
150 sslarch=linux-elf
151 if ! echo %{_target} | grep -q i[56]86 ; then
152 sslflags="no-asm 386"
153 fi
154 %endif
155 %ifarch x86_64
156 sslflags=enable-ec_nistp_64_gcc_128
157 %endif
158 %ifarch %{arm}
159 sslarch=linux-armv4
160 %endif
161
162 # Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
163 # marked as not requiring an executable stack.
164 # Also add -DPURIFY to make using valgrind with openssl easier as we do not
165 # want to depend on the uninitialized memory as a source of entropy anyway.
166 RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -Wa,--generate-missing-build-notes=yes -DPURIFY $RPM_LD_FLAGS"
167
168 # ia64, x86_64, ppc, ppc64 are OK by default
169 # Configure the build tree. Override OpenSSL defaults with known-good defaults
170 # usable on all platforms. The Configure script already knows to use -fPIC and
171 # RPM_OPT_FLAGS, so we can skip specifiying them here.
172 ./Configure \
173 --prefix=%{_prefix} \
174 --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
175 --system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \
176 %if %with_krb5
177 --with-krb5-flavor=MIT --with-krb5-dir=%{_prefix} \
178 %endif
179 zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
180 enable-cms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method \
181 enable-weak-ssl-ciphers \
182 no-mdc2 no-ec2m no-sm2 no-sm4 \
183 shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\""'
184
185 util/mkdef.pl crypto update
186
187 make all
188
189 %check
190 %ifnarch %ix86
191
192 (sysctl net.sctp.addip_enable=1 && sysctl net.sctp.auth_enable=1) || \
193 (echo 'Failed to enable SCTP AUTH chunks, disabling SCTP for tests...' &&
194 sed '/"zlib-dynamic" => "default",/a\ \ "sctp" => "default",' configdata.pm > configdata.pm.new && \
195 touch -r configdata.pm configdata.pm.new && \
196 mv -f configdata.pm.new configdata.pm)
197
198 # We must revert patch31 before tests otherwise they will fail
199 patch -p1 -R < %{PATCH31}
200
201 export LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
202 export OPENSSL_ENABLE_MD5_VERIFY=
203 export OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file
204
205 make test
206 %endif
207
208 %install
209 %make_install
210
211 # make the rootcerts dir
212 install -d %{buildroot}%{_sysconfdir}/pki/tls/rootcerts
213
214 # Install a makefile for generating keys and self-signed certs, and a script
215 # for generating them on the fly.
216 mkdir -p %{buildroot}%{_sysconfdir}/pki/tls/certs
217 install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pki/tls/certs/Makefile
218 install -m 755 %{SOURCE6} %{buildroot}%{_bindir}/make-dummy-cert
219 install -m 755 %{SOURCE7} %{buildroot}%{_bindir}/renew-dummy-cert
220
221 # Move runable perl scripts to bindir
222 mv %{buildroot}%{_sysconfdir}/pki/tls/misc/*.pl %{buildroot}%{_bindir}
223 mv %{buildroot}%{_sysconfdir}/pki/tls/misc/tsget %{buildroot}%{_bindir}
224
225 install -d %{buildroot}%{_sysconfdir}/pki/CA
226 install -d %{buildroot}%{_sysconfdir}/pki/CA/private
227 install -d %{buildroot}%{_sysconfdir}/pki/CA/certs
228 install -d %{buildroot}%{_sysconfdir}/pki/CA/crl
229 install -d %{buildroot}%{_sysconfdir}/pki/CA/newcerts
230
231 rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf.dist
232 rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf.dist
233
234 # fix man pages conflicts with other packages
235 for i in passwd rand ; do
236 mv %{buildroot}%{_mandir}/man1/$i.1 %{buildroot}%{_mandir}/man1/ssl-$i.1
237 done
238
239 %multiarch_includes %{buildroot}%{_includedir}/openssl/opensslconf.h
240
241 # nuke rpath
242 chrpath -d %{buildroot}%{_bindir}/openssl
243
244 # Fix libdir.
245 for i in %{buildroot}%{_libdir}/pkgconfig/*.pc; do
246 sed -i 's,^libdir=${exec_prefix}/lib$,libdir=${exec_prefix}/%{_lib},g' $i
247 done
248
249 # adjust ssldir
250 perl -pi -e "s|^\\\$CATOP\=\".*|\\\$CATOP\=\"%{_sysconfdir}/pki/tls\";|g" %{buildroot}%{_bindir}/CA.pl
251 perl -pi -e "s|\./demoCA|%{_sysconfdir}/pki/tls|g" %{buildroot}%{_sysconfdir}/pki/tls/openssl.cnf
252
253 %files
254 %doc FAQ INSTALL LICENSE NEWS README*
255 %dir %{_sysconfdir}/pki
256 %dir %{_sysconfdir}/pki/tls
257 %dir %{_sysconfdir}/pki/tls/certs
258 %dir %{_sysconfdir}/pki/tls/misc
259 %dir %{_sysconfdir}/pki/tls/private
260 %dir %{_sysconfdir}/pki/tls/rootcerts
261 %config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
262 %config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf
263 %{_sysconfdir}/pki/tls/certs/Makefile
264 %{_bindir}/make-dummy-cert
265 %{_bindir}/renew-dummy-cert
266 %{_bindir}/openssl
267 %{_mandir}/man[157]/*
268 %exclude %{_mandir}/man1*/*rehash*
269 %exclude %{_mandir}/man1*/*.pl*
270 %exclude %{_mandir}/man1*/*tsget*
271
272 %files -n %{libname}
273 %doc FAQ LICENSE NEWS README*
274 %{_libdir}/lib*.so.%{maj}
275 %{_libdir}/engines-%{maj}
276
277 %files -n %{develname}
278 %doc CHANGES doc/*
279 %dir %{_includedir}/openssl
280 %multiarch %{multiarch_includedir}/openssl/opensslconf.h
281 %{_includedir}/openssl
282 %{_libdir}/lib*.so
283 %{_mandir}/man3/*
284 %{_libdir}/pkgconfig/*.pc
285
286 %files -n %{staticname}
287 %{_libdir}/lib*.a
288
289 %files perl
290 %{_bindir}/c_rehash
291 %{_bindir}/*.pl
292 %{_bindir}/tsget
293 %{_mandir}/man1*/*rehash*
294 %{_mandir}/man1*/*.pl*
295 %{_mandir}/man1*/*tsget*
296 %dir %{_sysconfdir}/pki/CA
297 %dir %{_sysconfdir}/pki/CA/private
298 %dir %{_sysconfdir}/pki/CA/certs
299 %dir %{_sysconfdir}/pki/CA/crl
300 %dir %{_sysconfdir}/pki/CA/newcerts

  ViewVC Help
Powered by ViewVC 1.1.30