1 |
%define maj 1.0.0 |
2 |
%define engines_name %mklibname openssl-engines %{maj} |
3 |
%define libname %mklibname openssl %{maj} |
4 |
%define develname %mklibname openssl -d |
5 |
%define staticname %mklibname openssl -s -d |
6 |
|
7 |
%define conflict1 %mklibname openssl 0.9.7 |
8 |
%define conflict2 %mklibname openssl 0.9.8 |
9 |
|
10 |
# Number of threads to spawn when testing some threading fixes. |
11 |
#define thread_test_threads %{?threads:%{threads}}%{!?threads:1} |
12 |
|
13 |
%define with_krb5 0 |
14 |
|
15 |
Summary: Secure Sockets Layer communications libs & utils |
16 |
Name: openssl |
17 |
Version: 1.0.1e |
18 |
Release: %mkrel 6 |
19 |
License: BSD-like |
20 |
Group: System/Libraries |
21 |
URL: http://www.openssl.org/ |
22 |
Source0: http://www.openssl.org/source/%{name}-%{version}.tar.gz |
23 |
Source1: http://www.openssl.org/source/%{name}-%{version}.tar.gz.asc |
24 |
Source2: Makefile.certificate |
25 |
Source3: make-dummy-cert |
26 |
Source4: openssl-thread-test.c |
27 |
# (gb) 0.9.7b-4mdk: Handle RPM_OPT_FLAGS in Configure |
28 |
Patch2: openssl-1.0.1c-optflags.patch |
29 |
# (oe) support Brazilian Government OTHERNAME X509v3 field (#14158) |
30 |
# http://www.iti.gov.br/resolucoes/RESOLU__O_13_DE_26_04_2002.PDF |
31 |
Patch6: openssl-0.9.8-beta6-icpbrasil.diff |
32 |
# http://qa.mandriva.com/show_bug.cgi?id=32621 |
33 |
Patch15: openssl-0.9.8e-crt.patch |
34 |
# upstream patch |
35 |
Patch8: openssl.git-147dbb2fe3bead7a10e2f280261b661ce7af7adc.patch |
36 |
|
37 |
# fedora patches |
38 |
Patch7: openssl-1.0.0f-defaults.patch |
39 |
Patch12: openssl-0.9.6-x509.patch |
40 |
Patch13: openssl-0.9.8j-version-add-engines.patch |
41 |
Patch16: openssl-1.0.0-beta5-enginesdir.patch |
42 |
Patch17: openssl-1.0.1-pkgconfig-krb5.patch |
43 |
Patch18: openssl-1.0.1e-manfix.patch |
44 |
Patch19: openssl-1.0.1e-cve-2013-6449.patch |
45 |
|
46 |
# MIPS and ARM support |
47 |
Patch300: openssl-1.0.1c-mips.patch |
48 |
Patch301: openssl-1.0.1c-arm.patch |
49 |
Requires: %{libname} = %{version}-%{release} |
50 |
Requires: perl-base |
51 |
Requires: rootcerts |
52 |
%if %with_krb5 |
53 |
BuildRequires: krb5-devel |
54 |
%endif |
55 |
BuildRequires: multiarch-utils >= 1.0.3 |
56 |
BuildRequires: chrpath |
57 |
BuildRequires: zlib-devel |
58 |
# (tv) for test suite: |
59 |
BuildRequires: bc |
60 |
|
61 |
%description |
62 |
The openssl certificate management tool and the shared libraries that provide |
63 |
various encryption and decription algorithms and protocols, including DES, RC4, |
64 |
RSA and SSL. |
65 |
|
66 |
%package -n %{engines_name} |
67 |
Summary: Engines for openssl |
68 |
Group: System/Libraries |
69 |
Obsoletes: openssl-engines < 1.0.0a-5 |
70 |
Provides: openssl-engines = %{version}-%{release} |
71 |
|
72 |
%description -n %{engines_name} |
73 |
This package provides engines for openssl. |
74 |
|
75 |
%package -n %{libname} |
76 |
Summary: Secure Sockets Layer communications libs |
77 |
Group: System/Libraries |
78 |
Requires: %{engines_name} >= %{version}-%{release} |
79 |
Provides: %{libname} = %{version}-%{release} |
80 |
|
81 |
%description -n %{libname} |
82 |
The libraries files are needed for various cryptographic algorithms |
83 |
and protocols, including DES, RC4, RSA and SSL. |
84 |
|
85 |
%package -n %{develname} |
86 |
Summary: Secure Sockets Layer communications libs & headers & utils |
87 |
Group: Development/Other |
88 |
Requires: %{libname} = %{version}-%{release} |
89 |
Provides: libopenssl-devel |
90 |
Provides: openssl-devel = %{version}-%{release} |
91 |
Obsoletes: openssl-devel |
92 |
# temporary opsolete, will be a conflict later. a compat package |
93 |
# with openssl-0.9.7 devel libs will be provided soon |
94 |
Obsoletes: %{conflict1}-devel |
95 |
Obsoletes: %{conflict2}-devel |
96 |
Obsoletes: %{mklibname openssl 1.0.0}-devel |
97 |
Provides: %{name}-devel = %{version}-%{release} |
98 |
|
99 |
%description -n %{develname} |
100 |
The libraries and include files needed to compile apps with support |
101 |
for various cryptographic algorithms and protocols, including DES, RC4, RSA |
102 |
and SSL. |
103 |
|
104 |
%package -n %{staticname} |
105 |
Summary: Secure Sockets Layer communications static libs |
106 |
Group: Development/Other |
107 |
Requires: %{develname} = %{version}-%{release} |
108 |
Provides: libopenssl-static-devel |
109 |
Provides: openssl-static-devel = %{version}-%{release} |
110 |
# temporary opsolete, will be a conflict later. a compat package |
111 |
# with openssl-0.9.7 static-devel libs will be provided soon |
112 |
Obsoletes: %{conflict1}-static-devel |
113 |
Obsoletes: %{conflict2}-static-devel |
114 |
Obsoletes: %{mklibname openssl 1.0.0}-static-devel |
115 |
Provides: %{name}-static-devel = %{version}-%{release} |
116 |
|
117 |
%description -n %{staticname} |
118 |
The static libraries needed to compile apps with support for various |
119 |
cryptographic algorithms and protocols, including DES, RC4, RSA and SSL. |
120 |
|
121 |
%prep |
122 |
|
123 |
%setup -q -n %{name}-%{version} |
124 |
%patch2 -p1 -b .optflags |
125 |
%patch6 -p0 -b .icpbrasil |
126 |
%patch7 -p1 -b .defaults |
127 |
%patch8 -p1 -b .SSL_get_certificate |
128 |
%patch12 -p1 -b .x509 |
129 |
%patch13 -p1 -b .version-add-engines |
130 |
%patch15 -p1 -b .crt |
131 |
%patch16 -p1 -b .engines |
132 |
%patch17 -p1 -b .krb5 |
133 |
%patch18 -p1 -b .manfix |
134 |
%patch19 -p1 -b .hash-crash |
135 |
|
136 |
%patch300 -p1 -b .mips |
137 |
%patch301 -p1 -b .arm |
138 |
|
139 |
perl -pi -e "s,^(OPENSSL_LIBNAME=).+$,\1%{_lib}," Makefile.org engines/Makefile |
140 |
|
141 |
cp %{SOURCE2} Makefile.certificate |
142 |
cp %{SOURCE3} make-dummy-cert |
143 |
cp %{SOURCE4} openssl-thread-test.c |
144 |
|
145 |
%build |
146 |
%serverbuild |
147 |
|
148 |
# Figure out which flags we want to use. |
149 |
# default |
150 |
sslarch=%{_os}-%{_arch} |
151 |
%ifarch %ix86 |
152 |
sslarch=linux-elf |
153 |
if ! echo %{_target} | grep -q i[56]86 ; then |
154 |
sslflags="no-asm" |
155 |
fi |
156 |
%endif |
157 |
%ifarch sparcv9 |
158 |
sslarch=linux-sparcv9 |
159 |
%endif |
160 |
%ifarch alpha |
161 |
sslarch=linux-alpha-gcc |
162 |
%endif |
163 |
%ifarch s390 |
164 |
sslarch="linux-generic32 -DB_ENDIAN -DNO_ASM" |
165 |
%endif |
166 |
%ifarch s390x |
167 |
sslarch="linux-generic64 -DB_ENDIAN -DNO_ASM" |
168 |
%endif |
169 |
|
170 |
# ia64, x86_64, ppc, ppc64 are OK by default |
171 |
# Configure the build tree. Override OpenSSL defaults with known-good defaults |
172 |
# usable on all platforms. The Configure script already knows to use -fPIC and |
173 |
# RPM_OPT_FLAGS, so we can skip specifiying them here. |
174 |
./Configure \ |
175 |
--prefix=%{_prefix} \ |
176 |
--openssldir=%{_sysconfdir}/pki/tls ${sslflags} \ |
177 |
--libdir=%{_lib}/ \ |
178 |
%if %with_krb5 |
179 |
--with-krb5-flavor=MIT --with-krb5-dir=%{_prefix} \ |
180 |
%endif |
181 |
--enginesdir=%{_libdir}/openssl/%{version}/engines \ |
182 |
zlib no-idea no-rc5 enable-camellia shared enable-tlsext ${sslarch} |
183 |
|
184 |
# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be |
185 |
# marked as not requiring an executable stack. |
186 |
RPM_OPT_FLAGS="%{optflags} -Wa,--noexecstack" |
187 |
make depend |
188 |
make all build-shared |
189 |
|
190 |
# Generate hashes for the included certs. |
191 |
make rehash build-shared |
192 |
|
193 |
%check |
194 |
# Verify that what was compiled actually works. |
195 |
export LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}} |
196 |
|
197 |
make -C test apps tests |
198 |
|
199 |
gcc -o openssl-thread-test \ |
200 |
%{?_with_krb5:`krb5-config --cflags`} \ |
201 |
-I./include \ |
202 |
%{optflags} \ |
203 |
openssl-thread-test.c \ |
204 |
-L. -lssl -lcrypto \ |
205 |
%{?_with_krb5:`krb5-config --libs`} \ |
206 |
-lpthread -lz -ldl |
207 |
|
208 |
./openssl-thread-test --threads %{thread_test_threads} |
209 |
|
210 |
%install |
211 |
rm -fr %{buildroot} |
212 |
|
213 |
%makeinstall \ |
214 |
INSTALL_PREFIX=%{buildroot} \ |
215 |
MANDIR=%{_mandir} \ |
216 |
build-shared |
217 |
|
218 |
install -d -m 755 %{buildroot}%{_libdir}/openssl/%{version} |
219 |
mv %{buildroot}%{_libdir}/engines %{buildroot}%{_libdir}/openssl/%{version} |
220 |
|
221 |
# make the rootcerts dir |
222 |
install -d %{buildroot}%{_sysconfdir}/pki/tls/rootcerts |
223 |
|
224 |
# Install a makefile for generating keys and self-signed certs, and a script |
225 |
# for generating them on the fly. |
226 |
install -d %{buildroot}%{_sysconfdir}/pki/tls/certs |
227 |
install -m0644 Makefile.certificate %{buildroot}%{_sysconfdir}/pki/tls/certs/Makefile |
228 |
install -m0755 make-dummy-cert %{buildroot}%{_sysconfdir}/pki/tls/certs/make-dummy-cert |
229 |
|
230 |
# Pick a CA script. |
231 |
mv %{buildroot}%{_sysconfdir}/pki/tls/misc/CA.sh %{buildroot}%{_sysconfdir}/pki/tls/misc/CA |
232 |
|
233 |
install -d %{buildroot}%{_sysconfdir}/pki/CA |
234 |
install -d %{buildroot}%{_sysconfdir}/pki/CA/private |
235 |
|
236 |
# openssl was named ssleay in "ancient" times. |
237 |
ln -snf openssl %{buildroot}%{_bindir}/ssleay |
238 |
|
239 |
# The man pages rand.3 and passwd.1 conflict with other packages |
240 |
# Rename them to ssl-* and also make a symlink from openssl-* to ssl-* |
241 |
mv %{buildroot}%{_mandir}/man1/passwd.1 %{buildroot}%{_mandir}/man1/ssl-passwd.1 |
242 |
ln -sf ssl-passwd.1%{_extension} %{buildroot}%{_mandir}/man1/openssl-passwd.1%{_extension} |
243 |
|
244 |
for i in rand err; do |
245 |
mv %{buildroot}%{_mandir}/man3/$i.3 %{buildroot}%{_mandir}/man3/ssl-$i.3 |
246 |
ln -snf ssl-$i.3%{_extension} %{buildroot}%{_mandir}/man3/openssl-$i.3%{_extension} |
247 |
done |
248 |
|
249 |
rm -rf {main,devel}-doc-info |
250 |
mkdir -p {main,devel}-doc-info |
251 |
cat > main-doc-info/README.mga <<EOF |
252 |
Warning: |
253 |
The man page of passwd, passwd.1, has been renamed to ssl-passwd.1 |
254 |
to avoid a conflict with passwd.1 man page from the package passwd. |
255 |
EOF |
256 |
|
257 |
cat > devel-doc-info/README.mga <<EOF |
258 |
Warning: |
259 |
The man page of rand, rand.3, has been renamed to ssl-rand.3 |
260 |
to avoid a conflict with rand.3 from the package man-pages |
261 |
The man page of err, err.3, has been renamed to ssl-err.3 |
262 |
to avoid a conflict with err.3 from the package man-pages |
263 |
EOF |
264 |
|
265 |
chmod 755 %{buildroot}%{_libdir}/pkgconfig |
266 |
|
267 |
%multiarch_includes %{buildroot}%{_includedir}/openssl/opensslconf.h |
268 |
|
269 |
# strip cannot touch these unless 755 |
270 |
chmod 755 %{buildroot}%{_libdir}/openssl/%{version}/engines/*.so* |
271 |
chmod 755 %{buildroot}%{_libdir}/*.so* |
272 |
chmod 755 %{buildroot}%{_bindir}/* |
273 |
|
274 |
# nuke a mistake |
275 |
rm -f %{buildroot}%{_mandir}/man3/.3 |
276 |
|
277 |
# nuke rpath |
278 |
chrpath -d %{buildroot}%{_bindir}/openssl |
279 |
|
280 |
# Fix libdir. |
281 |
pushd %{buildroot}%{_libdir}/pkgconfig |
282 |
for i in *.pc ; do |
283 |
sed 's,^libdir=${exec_prefix}/lib$,libdir=${exec_prefix}/%{_lib},g' \ |
284 |
$i >$i.tmp && \ |
285 |
cat $i.tmp >$i && \ |
286 |
rm -f $i.tmp |
287 |
done |
288 |
popd |
289 |
|
290 |
# adjust ssldir |
291 |
perl -pi -e "s|^CATOP=.*|CATOP=%{_sysconfdir}/pki/tls|g" %{buildroot}%{_sysconfdir}/pki/tls/misc/CA |
292 |
perl -pi -e "s|^\\\$CATOP\=\".*|\\\$CATOP\=\"%{_sysconfdir}/pki/tls\";|g" %{buildroot}%{_sysconfdir}/pki/tls/misc/CA.pl |
293 |
perl -pi -e "s|\./demoCA|%{_sysconfdir}/pki/tls|g" %{buildroot}%{_sysconfdir}/pki/tls/openssl.cnf |
294 |
|
295 |
%files |
296 |
%doc FAQ INSTALL LICENSE NEWS PROBLEMS main-doc-info/README* |
297 |
%doc README README.ASN1 README.ENGINE |
298 |
%dir %{_sysconfdir}/pki |
299 |
%dir %{_sysconfdir}/pki/CA |
300 |
%dir %{_sysconfdir}/pki/CA/private |
301 |
%dir %{_sysconfdir}/pki/tls |
302 |
%dir %{_sysconfdir}/pki/tls/certs |
303 |
%dir %{_sysconfdir}/pki/tls/misc |
304 |
%dir %{_sysconfdir}/pki/tls/private |
305 |
%dir %{_sysconfdir}/pki/tls/rootcerts |
306 |
%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf |
307 |
%{_sysconfdir}/pki/tls/certs/make-dummy-cert |
308 |
%{_sysconfdir}/pki/tls/certs/Makefile |
309 |
%{_sysconfdir}/pki/tls/misc/* |
310 |
%{_bindir}/* |
311 |
%{_mandir}/man[157]/* |
312 |
|
313 |
%files -n %{libname} |
314 |
%doc FAQ INSTALL LICENSE NEWS PROBLEMS README* |
315 |
%{_libdir}/lib*.so.%{maj} |
316 |
|
317 |
%files -n %{engines_name} |
318 |
%{_libdir}/openssl |
319 |
|
320 |
%files -n %{develname} |
321 |
%doc CHANGES doc/* devel-doc-info/README* |
322 |
%dir %{_includedir}/openssl |
323 |
%multiarch %{multiarch_includedir}/openssl/opensslconf.h |
324 |
%{_includedir}/openssl/* |
325 |
%{_libdir}/lib*.so |
326 |
%{_mandir}/man3/* |
327 |
%{_libdir}/pkgconfig/* |
328 |
|
329 |
%files -n %{staticname} |
330 |
%{_libdir}/lib*.a |