1 |
%define maj 1.0.0 |
2 |
%define engines_name %mklibname openssl-engines %{maj} |
3 |
%define libname %mklibname openssl %{maj} |
4 |
%define develname %mklibname openssl -d |
5 |
%define staticname %mklibname openssl -s -d |
6 |
|
7 |
%define conflict1 %mklibname openssl 0.9.7 |
8 |
%define conflict2 %mklibname openssl 0.9.8 |
9 |
|
10 |
# Number of threads to spawn when testing some threading fixes. |
11 |
#define thread_test_threads %{?threads:%{threads}}%{!?threads:1} |
12 |
|
13 |
%define with_krb5 0 |
14 |
|
15 |
Summary: Secure Sockets Layer communications libs & utils |
16 |
Name: openssl |
17 |
Version: 1.0.1e |
18 |
Release: %mkrel 7 |
19 |
License: BSD-like |
20 |
Group: System/Libraries |
21 |
URL: http://www.openssl.org/ |
22 |
Source0: http://www.openssl.org/source/%{name}-%{version}.tar.gz |
23 |
Source1: http://www.openssl.org/source/%{name}-%{version}.tar.gz.asc |
24 |
Source2: Makefile.certificate |
25 |
Source3: make-dummy-cert |
26 |
Source4: openssl-thread-test.c |
27 |
# (gb) 0.9.7b-4mdk: Handle RPM_OPT_FLAGS in Configure |
28 |
Patch2: openssl-1.0.1c-optflags.patch |
29 |
# (oe) support Brazilian Government OTHERNAME X509v3 field (#14158) |
30 |
# http://www.iti.gov.br/resolucoes/RESOLU__O_13_DE_26_04_2002.PDF |
31 |
Patch6: openssl-0.9.8-beta6-icpbrasil.diff |
32 |
# http://qa.mandriva.com/show_bug.cgi?id=32621 |
33 |
Patch15: openssl-0.9.8e-crt.patch |
34 |
# upstream patch |
35 |
Patch8: openssl.git-147dbb2fe3bead7a10e2f280261b661ce7af7adc.patch |
36 |
|
37 |
# fedora patches |
38 |
Patch7: openssl-1.0.0f-defaults.patch |
39 |
Patch12: openssl-0.9.6-x509.patch |
40 |
Patch13: openssl-0.9.8j-version-add-engines.patch |
41 |
Patch16: openssl-1.0.0-beta5-enginesdir.patch |
42 |
Patch17: openssl-1.0.1-pkgconfig-krb5.patch |
43 |
Patch18: openssl-1.0.1e-manfix.patch |
44 |
Patch19: openssl-1.0.1e-cve-2013-6449.patch |
45 |
Patch20: openssl-1.0.1e-cve-2013-4353.patch |
46 |
|
47 |
# MIPS and ARM support |
48 |
Patch300: openssl-1.0.1c-mips.patch |
49 |
Patch301: openssl-1.0.1c-arm.patch |
50 |
Requires: %{libname} = %{version}-%{release} |
51 |
Requires: perl-base |
52 |
Requires: rootcerts |
53 |
%if %with_krb5 |
54 |
BuildRequires: krb5-devel |
55 |
%endif |
56 |
BuildRequires: multiarch-utils >= 1.0.3 |
57 |
BuildRequires: chrpath |
58 |
BuildRequires: zlib-devel |
59 |
# (tv) for test suite: |
60 |
BuildRequires: bc |
61 |
|
62 |
%description |
63 |
The openssl certificate management tool and the shared libraries that provide |
64 |
various encryption and decription algorithms and protocols, including DES, RC4, |
65 |
RSA and SSL. |
66 |
|
67 |
%package -n %{engines_name} |
68 |
Summary: Engines for openssl |
69 |
Group: System/Libraries |
70 |
Obsoletes: openssl-engines < 1.0.0a-5 |
71 |
Provides: openssl-engines = %{version}-%{release} |
72 |
|
73 |
%description -n %{engines_name} |
74 |
This package provides engines for openssl. |
75 |
|
76 |
%package -n %{libname} |
77 |
Summary: Secure Sockets Layer communications libs |
78 |
Group: System/Libraries |
79 |
Requires: %{engines_name} >= %{version}-%{release} |
80 |
Provides: %{libname} = %{version}-%{release} |
81 |
|
82 |
%description -n %{libname} |
83 |
The libraries files are needed for various cryptographic algorithms |
84 |
and protocols, including DES, RC4, RSA and SSL. |
85 |
|
86 |
%package -n %{develname} |
87 |
Summary: Secure Sockets Layer communications libs & headers & utils |
88 |
Group: Development/Other |
89 |
Requires: %{libname} = %{version}-%{release} |
90 |
Provides: libopenssl-devel |
91 |
Provides: openssl-devel = %{version}-%{release} |
92 |
Obsoletes: openssl-devel |
93 |
# temporary opsolete, will be a conflict later. a compat package |
94 |
# with openssl-0.9.7 devel libs will be provided soon |
95 |
Obsoletes: %{conflict1}-devel |
96 |
Obsoletes: %{conflict2}-devel |
97 |
Obsoletes: %{mklibname openssl 1.0.0}-devel |
98 |
Provides: %{name}-devel = %{version}-%{release} |
99 |
|
100 |
%description -n %{develname} |
101 |
The libraries and include files needed to compile apps with support |
102 |
for various cryptographic algorithms and protocols, including DES, RC4, RSA |
103 |
and SSL. |
104 |
|
105 |
%package -n %{staticname} |
106 |
Summary: Secure Sockets Layer communications static libs |
107 |
Group: Development/Other |
108 |
Requires: %{develname} = %{version}-%{release} |
109 |
Provides: libopenssl-static-devel |
110 |
Provides: openssl-static-devel = %{version}-%{release} |
111 |
# temporary opsolete, will be a conflict later. a compat package |
112 |
# with openssl-0.9.7 static-devel libs will be provided soon |
113 |
Obsoletes: %{conflict1}-static-devel |
114 |
Obsoletes: %{conflict2}-static-devel |
115 |
Obsoletes: %{mklibname openssl 1.0.0}-static-devel |
116 |
Provides: %{name}-static-devel = %{version}-%{release} |
117 |
|
118 |
%description -n %{staticname} |
119 |
The static libraries needed to compile apps with support for various |
120 |
cryptographic algorithms and protocols, including DES, RC4, RSA and SSL. |
121 |
|
122 |
%prep |
123 |
|
124 |
%setup -q -n %{name}-%{version} |
125 |
%patch2 -p1 -b .optflags |
126 |
%patch6 -p0 -b .icpbrasil |
127 |
%patch7 -p1 -b .defaults |
128 |
%patch8 -p1 -b .SSL_get_certificate |
129 |
%patch12 -p1 -b .x509 |
130 |
%patch13 -p1 -b .version-add-engines |
131 |
%patch15 -p1 -b .crt |
132 |
%patch16 -p1 -b .engines |
133 |
%patch17 -p1 -b .krb5 |
134 |
%patch18 -p1 -b .manfix |
135 |
%patch19 -p1 -b .hash-crash |
136 |
%patch20 -p1 -b .cve-2013-4353 |
137 |
|
138 |
%patch300 -p1 -b .mips |
139 |
%patch301 -p1 -b .arm |
140 |
|
141 |
perl -pi -e "s,^(OPENSSL_LIBNAME=).+$,\1%{_lib}," Makefile.org engines/Makefile |
142 |
|
143 |
cp %{SOURCE2} Makefile.certificate |
144 |
cp %{SOURCE3} make-dummy-cert |
145 |
cp %{SOURCE4} openssl-thread-test.c |
146 |
|
147 |
%build |
148 |
%serverbuild |
149 |
|
150 |
# Figure out which flags we want to use. |
151 |
# default |
152 |
sslarch=%{_os}-%{_arch} |
153 |
%ifarch %ix86 |
154 |
sslarch=linux-elf |
155 |
if ! echo %{_target} | grep -q i[56]86 ; then |
156 |
sslflags="no-asm" |
157 |
fi |
158 |
%endif |
159 |
%ifarch sparcv9 |
160 |
sslarch=linux-sparcv9 |
161 |
%endif |
162 |
%ifarch alpha |
163 |
sslarch=linux-alpha-gcc |
164 |
%endif |
165 |
%ifarch s390 |
166 |
sslarch="linux-generic32 -DB_ENDIAN -DNO_ASM" |
167 |
%endif |
168 |
%ifarch s390x |
169 |
sslarch="linux-generic64 -DB_ENDIAN -DNO_ASM" |
170 |
%endif |
171 |
|
172 |
# ia64, x86_64, ppc, ppc64 are OK by default |
173 |
# Configure the build tree. Override OpenSSL defaults with known-good defaults |
174 |
# usable on all platforms. The Configure script already knows to use -fPIC and |
175 |
# RPM_OPT_FLAGS, so we can skip specifiying them here. |
176 |
./Configure \ |
177 |
--prefix=%{_prefix} \ |
178 |
--openssldir=%{_sysconfdir}/pki/tls ${sslflags} \ |
179 |
--libdir=%{_lib}/ \ |
180 |
%if %with_krb5 |
181 |
--with-krb5-flavor=MIT --with-krb5-dir=%{_prefix} \ |
182 |
%endif |
183 |
--enginesdir=%{_libdir}/openssl/%{version}/engines \ |
184 |
zlib no-idea no-rc5 enable-camellia shared enable-tlsext ${sslarch} |
185 |
|
186 |
# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be |
187 |
# marked as not requiring an executable stack. |
188 |
RPM_OPT_FLAGS="%{optflags} -Wa,--noexecstack" |
189 |
make depend |
190 |
make all build-shared |
191 |
|
192 |
# Generate hashes for the included certs. |
193 |
make rehash build-shared |
194 |
|
195 |
%check |
196 |
# Verify that what was compiled actually works. |
197 |
export LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}} |
198 |
|
199 |
make -C test apps tests |
200 |
|
201 |
gcc -o openssl-thread-test \ |
202 |
%{?_with_krb5:`krb5-config --cflags`} \ |
203 |
-I./include \ |
204 |
%{optflags} \ |
205 |
openssl-thread-test.c \ |
206 |
-L. -lssl -lcrypto \ |
207 |
%{?_with_krb5:`krb5-config --libs`} \ |
208 |
-lpthread -lz -ldl |
209 |
|
210 |
./openssl-thread-test --threads %{thread_test_threads} |
211 |
|
212 |
%install |
213 |
rm -fr %{buildroot} |
214 |
|
215 |
%makeinstall \ |
216 |
INSTALL_PREFIX=%{buildroot} \ |
217 |
MANDIR=%{_mandir} \ |
218 |
build-shared |
219 |
|
220 |
install -d -m 755 %{buildroot}%{_libdir}/openssl/%{version} |
221 |
mv %{buildroot}%{_libdir}/engines %{buildroot}%{_libdir}/openssl/%{version} |
222 |
|
223 |
# make the rootcerts dir |
224 |
install -d %{buildroot}%{_sysconfdir}/pki/tls/rootcerts |
225 |
|
226 |
# Install a makefile for generating keys and self-signed certs, and a script |
227 |
# for generating them on the fly. |
228 |
install -d %{buildroot}%{_sysconfdir}/pki/tls/certs |
229 |
install -m0644 Makefile.certificate %{buildroot}%{_sysconfdir}/pki/tls/certs/Makefile |
230 |
install -m0755 make-dummy-cert %{buildroot}%{_sysconfdir}/pki/tls/certs/make-dummy-cert |
231 |
|
232 |
# Pick a CA script. |
233 |
mv %{buildroot}%{_sysconfdir}/pki/tls/misc/CA.sh %{buildroot}%{_sysconfdir}/pki/tls/misc/CA |
234 |
|
235 |
install -d %{buildroot}%{_sysconfdir}/pki/CA |
236 |
install -d %{buildroot}%{_sysconfdir}/pki/CA/private |
237 |
|
238 |
# openssl was named ssleay in "ancient" times. |
239 |
ln -snf openssl %{buildroot}%{_bindir}/ssleay |
240 |
|
241 |
# The man pages rand.3 and passwd.1 conflict with other packages |
242 |
# Rename them to ssl-* and also make a symlink from openssl-* to ssl-* |
243 |
mv %{buildroot}%{_mandir}/man1/passwd.1 %{buildroot}%{_mandir}/man1/ssl-passwd.1 |
244 |
ln -sf ssl-passwd.1%{_extension} %{buildroot}%{_mandir}/man1/openssl-passwd.1%{_extension} |
245 |
|
246 |
for i in rand err; do |
247 |
mv %{buildroot}%{_mandir}/man3/$i.3 %{buildroot}%{_mandir}/man3/ssl-$i.3 |
248 |
ln -snf ssl-$i.3%{_extension} %{buildroot}%{_mandir}/man3/openssl-$i.3%{_extension} |
249 |
done |
250 |
|
251 |
rm -rf {main,devel}-doc-info |
252 |
mkdir -p {main,devel}-doc-info |
253 |
cat > main-doc-info/README.mga <<EOF |
254 |
Warning: |
255 |
The man page of passwd, passwd.1, has been renamed to ssl-passwd.1 |
256 |
to avoid a conflict with passwd.1 man page from the package passwd. |
257 |
EOF |
258 |
|
259 |
cat > devel-doc-info/README.mga <<EOF |
260 |
Warning: |
261 |
The man page of rand, rand.3, has been renamed to ssl-rand.3 |
262 |
to avoid a conflict with rand.3 from the package man-pages |
263 |
The man page of err, err.3, has been renamed to ssl-err.3 |
264 |
to avoid a conflict with err.3 from the package man-pages |
265 |
EOF |
266 |
|
267 |
chmod 755 %{buildroot}%{_libdir}/pkgconfig |
268 |
|
269 |
%multiarch_includes %{buildroot}%{_includedir}/openssl/opensslconf.h |
270 |
|
271 |
# strip cannot touch these unless 755 |
272 |
chmod 755 %{buildroot}%{_libdir}/openssl/%{version}/engines/*.so* |
273 |
chmod 755 %{buildroot}%{_libdir}/*.so* |
274 |
chmod 755 %{buildroot}%{_bindir}/* |
275 |
|
276 |
# nuke a mistake |
277 |
rm -f %{buildroot}%{_mandir}/man3/.3 |
278 |
|
279 |
# nuke rpath |
280 |
chrpath -d %{buildroot}%{_bindir}/openssl |
281 |
|
282 |
# Fix libdir. |
283 |
pushd %{buildroot}%{_libdir}/pkgconfig |
284 |
for i in *.pc ; do |
285 |
sed 's,^libdir=${exec_prefix}/lib$,libdir=${exec_prefix}/%{_lib},g' \ |
286 |
$i >$i.tmp && \ |
287 |
cat $i.tmp >$i && \ |
288 |
rm -f $i.tmp |
289 |
done |
290 |
popd |
291 |
|
292 |
# adjust ssldir |
293 |
perl -pi -e "s|^CATOP=.*|CATOP=%{_sysconfdir}/pki/tls|g" %{buildroot}%{_sysconfdir}/pki/tls/misc/CA |
294 |
perl -pi -e "s|^\\\$CATOP\=\".*|\\\$CATOP\=\"%{_sysconfdir}/pki/tls\";|g" %{buildroot}%{_sysconfdir}/pki/tls/misc/CA.pl |
295 |
perl -pi -e "s|\./demoCA|%{_sysconfdir}/pki/tls|g" %{buildroot}%{_sysconfdir}/pki/tls/openssl.cnf |
296 |
|
297 |
%files |
298 |
%doc FAQ INSTALL LICENSE NEWS PROBLEMS main-doc-info/README* |
299 |
%doc README README.ASN1 README.ENGINE |
300 |
%dir %{_sysconfdir}/pki |
301 |
%dir %{_sysconfdir}/pki/CA |
302 |
%dir %{_sysconfdir}/pki/CA/private |
303 |
%dir %{_sysconfdir}/pki/tls |
304 |
%dir %{_sysconfdir}/pki/tls/certs |
305 |
%dir %{_sysconfdir}/pki/tls/misc |
306 |
%dir %{_sysconfdir}/pki/tls/private |
307 |
%dir %{_sysconfdir}/pki/tls/rootcerts |
308 |
%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf |
309 |
%{_sysconfdir}/pki/tls/certs/make-dummy-cert |
310 |
%{_sysconfdir}/pki/tls/certs/Makefile |
311 |
%{_sysconfdir}/pki/tls/misc/* |
312 |
%{_bindir}/* |
313 |
%{_mandir}/man[157]/* |
314 |
|
315 |
%files -n %{libname} |
316 |
%doc FAQ INSTALL LICENSE NEWS PROBLEMS README* |
317 |
%{_libdir}/lib*.so.%{maj} |
318 |
|
319 |
%files -n %{engines_name} |
320 |
%{_libdir}/openssl |
321 |
|
322 |
%files -n %{develname} |
323 |
%doc CHANGES doc/* devel-doc-info/README* |
324 |
%dir %{_includedir}/openssl |
325 |
%multiarch %{multiarch_includedir}/openssl/opensslconf.h |
326 |
%{_includedir}/openssl/* |
327 |
%{_libdir}/lib*.so |
328 |
%{_mandir}/man3/* |
329 |
%{_libdir}/pkgconfig/* |
330 |
|
331 |
%files -n %{staticname} |
332 |
%{_libdir}/lib*.a |