1 |
%define maj 1.0.0 |
2 |
%define engines_name %mklibname openssl-engines %{maj} |
3 |
%define libname %mklibname openssl %{maj} |
4 |
%define develname %mklibname openssl -d |
5 |
%define staticname %mklibname openssl -s -d |
6 |
|
7 |
%define conflict1 %mklibname openssl 0.9.7 |
8 |
%define conflict2 %mklibname openssl 0.9.8 |
9 |
|
10 |
# Number of threads to spawn when testing some threading fixes. |
11 |
#define thread_test_threads %{?threads:%{threads}}%{!?threads:1} |
12 |
|
13 |
# French policy is to not use ciphers stronger than 128 bits |
14 |
%define french_policy 0 |
15 |
|
16 |
%define with_krb5 %{?_with_krb5:1}%{!?_with_krb5:0} |
17 |
|
18 |
%define subrel 2 |
19 |
|
20 |
Summary: Secure Sockets Layer communications libs & utils |
21 |
Name: openssl |
22 |
Version: %{maj}d |
23 |
Release: %mkrel 2 |
24 |
License: BSD-like |
25 |
Group: System/Libraries |
26 |
URL: http://www.openssl.org/ |
27 |
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz |
28 |
Source1: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz.asc |
29 |
Source2: Makefile.certificate |
30 |
Source3: make-dummy-cert |
31 |
Source4: openssl-thread-test.c |
32 |
Source5: README.pkcs11 |
33 |
# (gb) 0.9.6b-5mdk: Limit available SSL ciphers to 128 bits |
34 |
Patch0: openssl-0.9.6b-mdkconfig.patch |
35 |
# (gb) 0.9.7b-4mdk: Handle RPM_OPT_FLAGS in Configure |
36 |
Patch2: openssl-optflags.diff |
37 |
# (oe) support Brazilian Government OTHERNAME X509v3 field (#14158) |
38 |
# http://www.iti.gov.br/resolucoes/RESOLU__O_13_DE_26_04_2002.PDF |
39 |
Patch6: openssl-0.9.8-beta6-icpbrasil.diff |
40 |
Patch7: openssl-1.0.0-defaults.patch |
41 |
Patch8: openssl-0.9.8a-link-krb5.patch |
42 |
Patch10: openssl-0.9.7-beta6-ia64.patch |
43 |
Patch12: openssl-0.9.6-x509.patch |
44 |
Patch13: openssl-0.9.7-beta5-version-add-engines.patch |
45 |
# http://qa.mandriva.com/show_bug.cgi?id=32621 |
46 |
Patch15: openssl-0.9.8e-crt.patch |
47 |
# http://blogs.sun.com/janp/ |
48 |
Patch16: pkcs11_engine-1.0.0.diff |
49 |
# MIPS and ARM support |
50 |
Patch300: openssl-1.0.0-mips.patch |
51 |
Patch301: openssl-1.0.0-arm.patch |
52 |
Patch302: openssl-1.0.0-enginesdir.patch |
53 |
# CVE Patches |
54 |
Patch400: openssl-1.0.0d-CVE-2011-1945.diff |
55 |
Patch401: openssl-1.0.0d-CVE-2011-3207.diff |
56 |
Patch402: openssl-1.0.0d-CVE-2011-3210.diff |
57 |
Patch403: openssl-1.0.0d-CVE-2011-4108.diff |
58 |
Patch404: openssl-1.0.0a-CVE-2011-4576.diff |
59 |
Patch405: openssl-1.0.0a-CVE-2011-4619.diff |
60 |
Patch406: openssl-1.0.0a-CVE-2012-0027.diff |
61 |
Patch407: openssl-1.0.0d-CVE-2012-0050.diff |
62 |
Requires: %{libname} = %{version}-%{release} |
63 |
Requires: perl-base |
64 |
Requires: rootcerts |
65 |
%{?_with_krb5:BuildRequires: krb5-devel} |
66 |
BuildRequires: multiarch-utils >= 1.0.3 |
67 |
BuildRequires: chrpath |
68 |
BuildRequires: zlib-devel |
69 |
# (tv) for test suite: |
70 |
BuildRequires: bc |
71 |
|
72 |
%description |
73 |
The openssl certificate management tool and the shared libraries that provide |
74 |
various encryption and decription algorithms and protocols, including DES, RC4, |
75 |
RSA and SSL. |
76 |
|
77 |
%package -n %{engines_name} |
78 |
Summary: Engines for openssl |
79 |
Group: System/Libraries |
80 |
Obsoletes: openssl-engines < 1.0.0a-5 |
81 |
Provides: openssl-engines = %{version}-%{release} |
82 |
|
83 |
%description -n %{engines_name} |
84 |
This package provides engines for openssl. |
85 |
|
86 |
%package -n %{libname} |
87 |
Summary: Secure Sockets Layer communications libs |
88 |
Group: System/Libraries |
89 |
Requires: %{engines_name} >= %{version}-%{release} |
90 |
Provides: %{libname} = %{version}-%{release} |
91 |
|
92 |
%description -n %{libname} |
93 |
The libraries files are needed for various cryptographic algorithms |
94 |
and protocols, including DES, RC4, RSA and SSL. |
95 |
|
96 |
%package -n %{develname} |
97 |
Summary: Secure Sockets Layer communications libs & headers & utils |
98 |
Group: Development/Other |
99 |
Requires: %{libname} = %{version}-%{release} |
100 |
Provides: libopenssl-devel |
101 |
Provides: openssl-devel = %{version}-%{release} |
102 |
Obsoletes: openssl-devel |
103 |
# temporary opsolete, will be a conflict later. a compat package |
104 |
# with openssl-0.9.7 devel libs will be provided soon |
105 |
Obsoletes: %{conflict1}-devel |
106 |
Obsoletes: %{conflict2}-devel |
107 |
Obsoletes: %{mklibname openssl 1.0.0}-devel |
108 |
Provides: %{name}-devel = %{version}-%{release} |
109 |
|
110 |
%description -n %{develname} |
111 |
The libraries and include files needed to compile apps with support |
112 |
for various cryptographic algorithms and protocols, including DES, RC4, RSA |
113 |
and SSL. |
114 |
|
115 |
%package -n %{staticname} |
116 |
Summary: Secure Sockets Layer communications static libs |
117 |
Group: Development/Other |
118 |
Requires: %{develname} = %{version}-%{release} |
119 |
Provides: libopenssl-static-devel |
120 |
Provides: openssl-static-devel = %{version}-%{release} |
121 |
# temporary opsolete, will be a conflict later. a compat package |
122 |
# with openssl-0.9.7 static-devel libs will be provided soon |
123 |
Obsoletes: %{conflict1}-static-devel |
124 |
Obsoletes: %{conflict2}-static-devel |
125 |
Obsoletes: %{mklibname openssl 1.0.0}-static-devel |
126 |
Provides: %{name}-static-devel = %{version}-%{release} |
127 |
|
128 |
%description -n %{staticname} |
129 |
The static libraries needed to compile apps with support for various |
130 |
cryptographic algorithms and protocols, including DES, RC4, RSA and SSL. |
131 |
|
132 |
%prep |
133 |
|
134 |
%setup -q -n %{name}-%{version} |
135 |
%if %{french_policy} |
136 |
%patch0 -p1 -b .frenchpolicy |
137 |
%endif |
138 |
%patch2 -p1 -b .optflags |
139 |
%patch6 -p0 -b .icpbrasil |
140 |
%patch7 -p1 -b .defaults |
141 |
%{?_with_krb5:%patch8 -p1 -b .krb5} |
142 |
%patch10 -p0 -b .ia64 |
143 |
%patch12 -p1 -b .x509 |
144 |
%patch13 -p1 -b .version-add-engines |
145 |
%patch15 -p1 -b .crt |
146 |
%patch16 -p1 -b .pkcs11_engine |
147 |
|
148 |
%patch300 -p1 -b .mips |
149 |
%patch301 -p1 -b .arm |
150 |
%patch302 -p1 -b .engines |
151 |
|
152 |
%patch400 -p1 -b .CVE-2011-1945 |
153 |
%patch401 -p0 -b .CVE-2011-3207 |
154 |
%patch402 -p1 -b .CVE-2011-3210 |
155 |
%patch403 -p0 -b .CVE-2011-4108 |
156 |
%patch404 -p0 -b .CVE-2011-4576 |
157 |
%patch405 -p1 -b .CVE-2011-4619 |
158 |
%patch406 -p1 -b .CVE-2012-0027 |
159 |
%patch407 -p0 -b .CVE-2012-0050 |
160 |
|
161 |
perl -pi -e "s,^(OPENSSL_LIBNAME=).+$,\1%{_lib}," Makefile.org engines/Makefile |
162 |
|
163 |
# fix perl path |
164 |
perl util/perlpath.pl %{_bindir}/perl |
165 |
|
166 |
cp %{SOURCE2} Makefile.certificate |
167 |
cp %{SOURCE3} make-dummy-cert |
168 |
cp %{SOURCE4} openssl-thread-test.c |
169 |
cp %{SOURCE5} README.pkcs11 |
170 |
|
171 |
%build |
172 |
%serverbuild |
173 |
|
174 |
# Figure out which flags we want to use. |
175 |
# default |
176 |
sslarch=%{_os}-%{_arch} |
177 |
%ifarch %ix86 |
178 |
sslarch=linux-elf |
179 |
if ! echo %{_target} | grep -q i[56]86 ; then |
180 |
sslflags="no-asm" |
181 |
fi |
182 |
%endif |
183 |
%ifarch sparcv9 |
184 |
sslarch=linux-sparcv9 |
185 |
%endif |
186 |
%ifarch alpha |
187 |
sslarch=linux-alpha-gcc |
188 |
%endif |
189 |
%ifarch s390 |
190 |
sslarch="linux-generic32 -DB_ENDIAN -DNO_ASM" |
191 |
%endif |
192 |
%ifarch s390x |
193 |
sslarch="linux-generic64 -DB_ENDIAN -DNO_ASM" |
194 |
%endif |
195 |
|
196 |
# ia64, x86_64, ppc, ppc64 are OK by default |
197 |
# Configure the build tree. Override OpenSSL defaults with known-good defaults |
198 |
# usable on all platforms. The Configure script already knows to use -fPIC and |
199 |
# RPM_OPT_FLAGS, so we can skip specifiying them here. |
200 |
./Configure \ |
201 |
--openssldir=%{_sysconfdir}/pki/tls ${sslflags} \ |
202 |
--enginesdir=%{_libdir}/openssl-%{version}/engines \ |
203 |
--prefix=%{_prefix} --libdir=%{_lib}/ %{?_with_krb5:--with-krb5-flavor=MIT -I%{_prefix}/kerberos/include -L%{_prefix}/kerberos/%{_lib}} \ |
204 |
no-idea no-rc5 enable-camellia shared enable-tlsext ${sslarch} --pk11-libname=%{_libdir}/pkcs11/PKCS11_API.so |
205 |
|
206 |
# zlib no-idea no-mdc2 no-rc5 no-ec no-ecdh no-ecdsa shared ${sslarch} |
207 |
|
208 |
# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be |
209 |
# marked as not requiring an executable stack. |
210 |
RPM_OPT_FLAGS="%{optflags} -Wa,--noexecstack" |
211 |
make depend |
212 |
make all build-shared |
213 |
|
214 |
# Generate hashes for the included certs. |
215 |
make rehash build-shared |
216 |
|
217 |
%check |
218 |
# Verify that what was compiled actually works. |
219 |
export LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}} |
220 |
|
221 |
make -C test apps tests |
222 |
|
223 |
gcc -o openssl-thread-test \ |
224 |
%{?_with_krb5:`krb5-config --cflags`} \ |
225 |
-I./include \ |
226 |
%{optflags} \ |
227 |
openssl-thread-test.c \ |
228 |
-L. -lssl -lcrypto \ |
229 |
%{?_with_krb5:`krb5-config --libs`} \ |
230 |
-lpthread -lz -ldl |
231 |
|
232 |
./openssl-thread-test --threads %{thread_test_threads} |
233 |
|
234 |
%install |
235 |
rm -fr %{buildroot} |
236 |
|
237 |
%makeinstall \ |
238 |
INSTALL_PREFIX=%{buildroot} \ |
239 |
MANDIR=%{_mandir} \ |
240 |
build-shared |
241 |
|
242 |
# the makefiles is too borked... |
243 |
install -d %{buildroot}%{_libdir}/openssl-%{version} |
244 |
mv %{buildroot}%{_libdir}/engines %{buildroot}%{_libdir}/openssl-%{version}/engines |
245 |
|
246 |
# make the rootcerts dir |
247 |
install -d %{buildroot}%{_sysconfdir}/pki/tls/rootcerts |
248 |
|
249 |
# Install a makefile for generating keys and self-signed certs, and a script |
250 |
# for generating them on the fly. |
251 |
install -d %{buildroot}%{_sysconfdir}/pki/tls/certs |
252 |
install -m0644 Makefile.certificate %{buildroot}%{_sysconfdir}/pki/tls/certs/Makefile |
253 |
install -m0755 make-dummy-cert %{buildroot}%{_sysconfdir}/pki/tls/certs/make-dummy-cert |
254 |
|
255 |
# Pick a CA script. |
256 |
mv %{buildroot}%{_sysconfdir}/pki/tls/misc/CA.sh %{buildroot}%{_sysconfdir}/pki/tls/misc/CA |
257 |
|
258 |
install -d %{buildroot}%{_sysconfdir}/pki/CA |
259 |
install -d %{buildroot}%{_sysconfdir}/pki/CA/private |
260 |
|
261 |
# openssl was named ssleay in "ancient" times. |
262 |
ln -snf openssl %{buildroot}%{_bindir}/ssleay |
263 |
|
264 |
# The man pages rand.3 and passwd.1 conflict with other packages |
265 |
# Rename them to ssl-* and also make a symlink from openssl-* to ssl-* |
266 |
mv %{buildroot}%{_mandir}/man1/passwd.1 %{buildroot}%{_mandir}/man1/ssl-passwd.1 |
267 |
ln -sf ssl-passwd.1.bz2 %{buildroot}%{_mandir}/man1/openssl-passwd.1.bz2 |
268 |
|
269 |
for i in rand err; do |
270 |
mv %{buildroot}%{_mandir}/man3/$i.3 %{buildroot}%{_mandir}/man3/ssl-$i.3 |
271 |
ln -snf ssl-$i.3.bz2 %{buildroot}%{_mandir}/man3/openssl-$i.3.bz2 |
272 |
done |
273 |
|
274 |
rm -rf {main,devel}-doc-info |
275 |
mkdir -p {main,devel}-doc-info |
276 |
cat - << EOF > main-doc-info/README.%{distribution}-manpage |
277 |
Warning: |
278 |
The man page of passwd, passwd.1, has been renamed to ssl-passwd.1 |
279 |
to avoid a conflict with passwd.1 man page from the package passwd. |
280 |
EOF |
281 |
|
282 |
cat - << EOF > devel-doc-info/README.%{distribution}-manpage |
283 |
Warning: |
284 |
The man page of rand, rand.3, has been renamed to ssl-rand.3 |
285 |
to avoid a conflict with rand.3 from the package man-pages |
286 |
The man page of err, err.3, has been renamed to ssl-err.3 |
287 |
to avoid a conflict with err.3 from the package man-pages |
288 |
EOF |
289 |
|
290 |
chmod 755 %{buildroot}%{_libdir}/pkgconfig |
291 |
|
292 |
%multiarch_includes %{buildroot}%{_includedir}/openssl/opensslconf.h |
293 |
|
294 |
# strip cannot touch these unless 755 |
295 |
chmod 755 %{buildroot}%{_libdir}/openssl-%{version}/engines/*.so* |
296 |
chmod 755 %{buildroot}%{_libdir}/*.so* |
297 |
chmod 755 %{buildroot}%{_bindir}/* |
298 |
|
299 |
# nuke a mistake |
300 |
rm -f %{buildroot}%{_mandir}/man3/.3 |
301 |
|
302 |
# nuke rpath |
303 |
chrpath -d %{buildroot}%{_bindir}/openssl |
304 |
|
305 |
# Fix libdir. |
306 |
pushd %{buildroot}%{_libdir}/pkgconfig |
307 |
for i in *.pc ; do |
308 |
sed 's,^libdir=${exec_prefix}/lib$,libdir=${exec_prefix}/%{_lib},g' \ |
309 |
$i >$i.tmp && \ |
310 |
cat $i.tmp >$i && \ |
311 |
rm -f $i.tmp |
312 |
done |
313 |
popd |
314 |
|
315 |
# adjust ssldir |
316 |
perl -pi -e "s|^CATOP=.*|CATOP=%{_sysconfdir}/pki/tls|g" %{buildroot}%{_sysconfdir}/pki/tls/misc/CA |
317 |
perl -pi -e "s|^\\\$CATOP\=\".*|\\\$CATOP\=\"%{_sysconfdir}/pki/tls\";|g" %{buildroot}%{_sysconfdir}/pki/tls/misc/CA.pl |
318 |
perl -pi -e "s|\./demoCA|%{_sysconfdir}/pki/tls|g" %{buildroot}%{_sysconfdir}/pki/tls/openssl.cnf |
319 |
|
320 |
%clean |
321 |
rm -fr %{buildroot} |
322 |
|
323 |
%files |
324 |
%defattr(-,root,root) |
325 |
%doc FAQ INSTALL LICENSE NEWS PROBLEMS main-doc-info/README* |
326 |
%doc README README.ASN1 README.ENGINE README.pkcs11 |
327 |
%dir %{_sysconfdir}/pki |
328 |
%dir %{_sysconfdir}/pki/CA |
329 |
%dir %{_sysconfdir}/pki/CA/private |
330 |
%dir %{_sysconfdir}/pki/tls |
331 |
%dir %{_sysconfdir}/pki/tls/certs |
332 |
%dir %{_sysconfdir}/pki/tls/misc |
333 |
%dir %{_sysconfdir}/pki/tls/private |
334 |
%dir %{_sysconfdir}/pki/tls/rootcerts |
335 |
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf |
336 |
%attr(0755,root,root) %{_sysconfdir}/pki/tls/certs/make-dummy-cert |
337 |
%attr(0644,root,root) %{_sysconfdir}/pki/tls/certs/Makefile |
338 |
%attr(0755,root,root) %{_sysconfdir}/pki/tls/misc/* |
339 |
%attr(0755,root,root) %{_bindir}/* |
340 |
%attr(0644,root,root) %{_mandir}/man[157]/* |
341 |
|
342 |
%files -n %{libname} |
343 |
%defattr(-,root,root) |
344 |
%doc FAQ INSTALL LICENSE NEWS PROBLEMS README* |
345 |
%attr(0755,root,root) %{_libdir}/lib*.so.* |
346 |
|
347 |
%files -n %{engines_name} |
348 |
%defattr(-,root,root) |
349 |
%attr(0755,root,root) %dir %{_libdir}/openssl-%{version}/engines |
350 |
%attr(0755,root,root) %{_libdir}/openssl-%{version}/engines/*.so |
351 |
|
352 |
%files -n %{develname} |
353 |
%defattr(-,root,root) |
354 |
%doc CHANGES doc/* devel-doc-info/README* |
355 |
%attr(0755,root,root) %dir %{_includedir}/openssl |
356 |
%multiarch %{multiarch_includedir}/openssl/opensslconf.h |
357 |
%attr(0644,root,root) %{_includedir}/openssl/* |
358 |
%attr(0755,root,root) %{_libdir}/lib*.so |
359 |
%attr(0644,root,root) %{_mandir}/man3/* |
360 |
%attr(0644,root,root) %{_libdir}/pkgconfig/* |
361 |
|
362 |
%files -n %{staticname} |
363 |
%defattr(-,root,root) |
364 |
%attr(0644,root,root) %{_libdir}/lib*.a |
365 |
|
366 |
|