current/SPECS/openssl.spec

%define maj 1.0.0
%define engines_name %mklibname openssl-engines %{maj}
%define libname %mklibname openssl %{maj}
%define develname %mklibname openssl -d
%define staticname %mklibname openssl -s -d

%define conflict1 %mklibname openssl 0.9.7
%define conflict2 %mklibname openssl 0.9.8

# Number of threads to spawn when testing some threading fixes.
#define thread_test_threads %{?threads:%{threads}}%{!?threads:1}

# French policy is to not use ciphers stronger than 128 bits
%define french_policy 0

%define with_krb5 %{?_with_krb5:1}%{!?_with_krb5:0}

%define subrel 2

Summary:        Secure Sockets Layer communications libs & utils
Name:           openssl
Version:        %{maj}d
Release:        %mkrel 2
License:        BSD-like
Group:          System/Libraries
URL:            http://www.openssl.org/
Source0:        ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
Source1:        ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz.asc
Source2:        Makefile.certificate
Source3:        make-dummy-cert
Source4:        openssl-thread-test.c
Source5:        README.pkcs11
# (gb) 0.9.6b-5mdk: Limit available SSL ciphers to 128 bits
Patch0:         openssl-0.9.6b-mdkconfig.patch
# (gb) 0.9.7b-4mdk: Handle RPM_OPT_FLAGS in Configure
Patch2:         openssl-optflags.diff
# (oe) support Brazilian Government OTHERNAME X509v3 field (#14158)
# http://www.iti.gov.br/resolucoes/RESOLU__O_13_DE_26_04_2002.PDF
Patch6:         openssl-0.9.8-beta6-icpbrasil.diff
Patch7:         openssl-1.0.0-defaults.patch
Patch8:         openssl-0.9.8a-link-krb5.patch
Patch10:        openssl-0.9.7-beta6-ia64.patch
Patch12:        openssl-0.9.6-x509.patch
Patch13:        openssl-0.9.7-beta5-version-add-engines.patch
# http://qa.mandriva.com/show_bug.cgi?id=32621
Patch15:        openssl-0.9.8e-crt.patch
# http://blogs.sun.com/janp/
Patch16:        pkcs11_engine-1.0.0.diff
# MIPS and ARM support
Patch300:       openssl-1.0.0-mips.patch
Patch301:       openssl-1.0.0-arm.patch
Patch302:       openssl-1.0.0-enginesdir.patch
# CVE Patches
Patch400:       openssl-1.0.0d-CVE-2011-1945.diff
Patch401:       openssl-1.0.0d-CVE-2011-3207.diff
Patch402:       openssl-1.0.0d-CVE-2011-3210.diff
Patch403:       openssl-1.0.0d-CVE-2011-4108.diff
Patch404:       openssl-1.0.0a-CVE-2011-4576.diff
Patch405:       openssl-1.0.0a-CVE-2011-4619.diff
Patch406:       openssl-1.0.0a-CVE-2012-0027.diff
Patch407:       openssl-1.0.0d-CVE-2012-0050.diff
Requires:       %{libname} = %{version}-%{release}
Requires:       perl-base
Requires:       rootcerts
%{?_with_krb5:BuildRequires: krb5-devel}
BuildRequires:  multiarch-utils >= 1.0.3
BuildRequires:  chrpath
BuildRequires:  zlib-devel
# (tv) for test suite:
BuildRequires:  bc

%description
The openssl certificate management tool and the shared libraries that provide
various encryption and decription algorithms and protocols, including DES, RC4,
RSA and SSL.

%package -n     %{engines_name}
Summary:        Engines for openssl
Group:          System/Libraries
Obsoletes:      openssl-engines < 1.0.0a-5
Provides:       openssl-engines = %{version}-%{release}

%description -n %{engines_name}
This package provides engines for openssl.

%package -n     %{libname}
Summary:        Secure Sockets Layer communications libs
Group:          System/Libraries
Requires:       %{engines_name} >= %{version}-%{release}
Provides:       %{libname} = %{version}-%{release}

%description -n %{libname}
The libraries files are needed for various cryptographic algorithms
and protocols, including DES, RC4, RSA and SSL.

%package -n     %{develname}
Summary:        Secure Sockets Layer communications libs & headers & utils
Group:          Development/Other
Requires:       %{libname} = %{version}-%{release}
Provides:       libopenssl-devel
Provides:       openssl-devel = %{version}-%{release}
Obsoletes:      openssl-devel
# temporary opsolete, will be a conflict later. a compat package
# with openssl-0.9.7 devel libs will be provided soon
Obsoletes:      %{conflict1}-devel
Obsoletes:      %{conflict2}-devel
Obsoletes:      %{mklibname openssl 1.0.0}-devel
Provides:       %{name}-devel = %{version}-%{release}

%description -n %{develname}
The libraries and include files needed to compile apps with support
for various cryptographic algorithms and protocols, including DES, RC4, RSA
and SSL.

%package -n     %{staticname}
Summary:        Secure Sockets Layer communications static libs
Group:          Development/Other
Requires:       %{develname} = %{version}-%{release}
Provides:       libopenssl-static-devel
Provides:       openssl-static-devel = %{version}-%{release}
# temporary opsolete, will be a conflict later. a compat package
# with openssl-0.9.7 static-devel libs will be provided soon
Obsoletes:      %{conflict1}-static-devel
Obsoletes:      %{conflict2}-static-devel
Obsoletes:      %{mklibname openssl 1.0.0}-static-devel
Provides:       %{name}-static-devel = %{version}-%{release}

%description -n %{staticname}
The static libraries needed to compile apps with support for various
cryptographic algorithms and protocols, including DES, RC4, RSA and SSL.

%prep

%setup -q -n %{name}-%{version}
%if %{french_policy}
%patch0 -p1 -b .frenchpolicy
%endif
%patch2 -p1 -b .optflags
%patch6 -p0 -b .icpbrasil
%patch7 -p1 -b .defaults
%{?_with_krb5:%patch8 -p1 -b .krb5}
%patch10 -p0 -b .ia64
%patch12 -p1 -b .x509
%patch13 -p1 -b .version-add-engines
%patch15 -p1 -b .crt
%patch16 -p1 -b .pkcs11_engine

%patch300 -p1 -b .mips
%patch301 -p1 -b .arm
%patch302 -p1 -b .engines

%patch400 -p1 -b .CVE-2011-1945
%patch401 -p0 -b .CVE-2011-3207
%patch402 -p1 -b .CVE-2011-3210
%patch403 -p0 -b .CVE-2011-4108
%patch404 -p0 -b .CVE-2011-4576
%patch405 -p1 -b .CVE-2011-4619
%patch406 -p1 -b .CVE-2012-0027
%patch407 -p0 -b .CVE-2012-0050

perl -pi -e "s,^(OPENSSL_LIBNAME=).+$,\1%{_lib}," Makefile.org engines/Makefile

# fix perl path
perl util/perlpath.pl %{_bindir}/perl

cp %{SOURCE2} Makefile.certificate
cp %{SOURCE3} make-dummy-cert
cp %{SOURCE4} openssl-thread-test.c
cp %{SOURCE5} README.pkcs11

%build 
%serverbuild

# Figure out which flags we want to use.
# default
sslarch=%{_os}-%{_arch}
%ifarch %ix86
sslarch=linux-elf
if ! echo %{_target} | grep -q i[56]86 ; then
    sslflags="no-asm"
fi
%endif
%ifarch sparcv9
sslarch=linux-sparcv9
%endif
%ifarch alpha
sslarch=linux-alpha-gcc
%endif
%ifarch s390
sslarch="linux-generic32 -DB_ENDIAN -DNO_ASM"
%endif
%ifarch s390x
sslarch="linux-generic64 -DB_ENDIAN -DNO_ASM"
%endif

# ia64, x86_64, ppc, ppc64 are OK by default
# Configure the build tree.  Override OpenSSL defaults with known-good defaults
# usable on all platforms.  The Configure script already knows to use -fPIC and
# RPM_OPT_FLAGS, so we can skip specifiying them here.
./Configure \
    --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
    --enginesdir=%{_libdir}/openssl-%{version}/engines \
    --prefix=%{_prefix} --libdir=%{_lib}/ %{?_with_krb5:--with-krb5-flavor=MIT -I%{_prefix}/kerberos/include -L%{_prefix}/kerberos/%{_lib}} \
     no-idea no-rc5 enable-camellia shared enable-tlsext ${sslarch} --pk11-libname=%{_libdir}/pkcs11/PKCS11_API.so

#    zlib no-idea no-mdc2 no-rc5 no-ec no-ecdh no-ecdsa shared ${sslarch}

# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
# marked as not requiring an executable stack.
RPM_OPT_FLAGS="%{optflags} -Wa,--noexecstack"
make depend
make all build-shared

# Generate hashes for the included certs.
make rehash build-shared

%check
# Verify that what was compiled actually works.
export LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}

make -C test apps tests

gcc -o openssl-thread-test \
    %{?_with_krb5:`krb5-config --cflags`} \
    -I./include \
    %{optflags} \
    openssl-thread-test.c \
    -L. -lssl -lcrypto \
    %{?_with_krb5:`krb5-config --libs`} \
    -lpthread -lz -ldl

./openssl-thread-test --threads %{thread_test_threads}

%install
rm -fr %{buildroot}

%makeinstall \
    INSTALL_PREFIX=%{buildroot} \
    MANDIR=%{_mandir} \
    build-shared

# the makefiles is too borked...
install -d %{buildroot}%{_libdir}/openssl-%{version}
mv %{buildroot}%{_libdir}/engines %{buildroot}%{_libdir}/openssl-%{version}/engines

# make the rootcerts dir
install -d %{buildroot}%{_sysconfdir}/pki/tls/rootcerts

# Install a makefile for generating keys and self-signed certs, and a script
# for generating them on the fly.
install -d %{buildroot}%{_sysconfdir}/pki/tls/certs
install -m0644 Makefile.certificate %{buildroot}%{_sysconfdir}/pki/tls/certs/Makefile
install -m0755 make-dummy-cert %{buildroot}%{_sysconfdir}/pki/tls/certs/make-dummy-cert

# Pick a CA script.
mv %{buildroot}%{_sysconfdir}/pki/tls/misc/CA.sh %{buildroot}%{_sysconfdir}/pki/tls/misc/CA

install -d %{buildroot}%{_sysconfdir}/pki/CA
install -d %{buildroot}%{_sysconfdir}/pki/CA/private

# openssl was named ssleay in "ancient" times.
ln -snf openssl %{buildroot}%{_bindir}/ssleay

# The man pages rand.3 and passwd.1 conflict with other packages
# Rename them to ssl-* and also make a symlink from openssl-* to ssl-*
mv %{buildroot}%{_mandir}/man1/passwd.1 %{buildroot}%{_mandir}/man1/ssl-passwd.1
ln -sf ssl-passwd.1.bz2 %{buildroot}%{_mandir}/man1/openssl-passwd.1.bz2

for i in rand err; do
    mv %{buildroot}%{_mandir}/man3/$i.3 %{buildroot}%{_mandir}/man3/ssl-$i.3
    ln -snf ssl-$i.3.bz2 %{buildroot}%{_mandir}/man3/openssl-$i.3.bz2
done

rm -rf {main,devel}-doc-info
mkdir -p {main,devel}-doc-info
cat - << EOF > main-doc-info/README.%{distribution}-manpage
Warning:
The man page of passwd, passwd.1, has been renamed to ssl-passwd.1
to avoid a conflict with passwd.1 man page from the package passwd.
EOF

cat - << EOF > devel-doc-info/README.%{distribution}-manpage
Warning:
The man page of rand, rand.3, has been renamed to ssl-rand.3
to avoid a conflict with rand.3 from the package man-pages
The man page of err, err.3, has been renamed to ssl-err.3
to avoid a conflict with err.3 from the package man-pages
EOF

chmod 755 %{buildroot}%{_libdir}/pkgconfig

%multiarch_includes %{buildroot}%{_includedir}/openssl/opensslconf.h

# strip cannot touch these unless 755
chmod 755 %{buildroot}%{_libdir}/openssl-%{version}/engines/*.so*
chmod 755 %{buildroot}%{_libdir}/*.so*
chmod 755 %{buildroot}%{_bindir}/*

# nuke a mistake
rm -f %{buildroot}%{_mandir}/man3/.3

# nuke rpath
chrpath -d %{buildroot}%{_bindir}/openssl

# Fix libdir.
pushd %{buildroot}%{_libdir}/pkgconfig
    for i in *.pc ; do
        sed 's,^libdir=${exec_prefix}/lib$,libdir=${exec_prefix}/%{_lib},g' \
            $i >$i.tmp && \
            cat $i.tmp >$i && \
            rm -f $i.tmp
    done
popd

# adjust ssldir
perl -pi -e "s|^CATOP=.*|CATOP=%{_sysconfdir}/pki/tls|g" %{buildroot}%{_sysconfdir}/pki/tls/misc/CA
perl -pi -e "s|^\\\$CATOP\=\".*|\\\$CATOP\=\"%{_sysconfdir}/pki/tls\";|g" %{buildroot}%{_sysconfdir}/pki/tls/misc/CA.pl
perl -pi -e "s|\./demoCA|%{_sysconfdir}/pki/tls|g" %{buildroot}%{_sysconfdir}/pki/tls/openssl.cnf

%clean
rm -fr %{buildroot}

%files 
%defattr(-,root,root)
%doc FAQ INSTALL LICENSE NEWS PROBLEMS main-doc-info/README*
%doc README README.ASN1 README.ENGINE README.pkcs11
%dir %{_sysconfdir}/pki
%dir %{_sysconfdir}/pki/CA
%dir %{_sysconfdir}/pki/CA/private
%dir %{_sysconfdir}/pki/tls
%dir %{_sysconfdir}/pki/tls/certs
%dir %{_sysconfdir}/pki/tls/misc
%dir %{_sysconfdir}/pki/tls/private
%dir %{_sysconfdir}/pki/tls/rootcerts
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
%attr(0755,root,root) %{_sysconfdir}/pki/tls/certs/make-dummy-cert
%attr(0644,root,root) %{_sysconfdir}/pki/tls/certs/Makefile
%attr(0755,root,root) %{_sysconfdir}/pki/tls/misc/*
%attr(0755,root,root) %{_bindir}/*
%attr(0644,root,root) %{_mandir}/man[157]/*

%files -n %{libname}
%defattr(-,root,root)
%doc FAQ INSTALL LICENSE NEWS PROBLEMS README*
%attr(0755,root,root) %{_libdir}/lib*.so.*

%files -n %{engines_name}
%defattr(-,root,root)
%attr(0755,root,root) %dir %{_libdir}/openssl-%{version}/engines
%attr(0755,root,root) %{_libdir}/openssl-%{version}/engines/*.so

%files -n %{develname}
%defattr(-,root,root)
%doc CHANGES doc/* devel-doc-info/README*
%attr(0755,root,root) %dir %{_includedir}/openssl
%multiarch %{multiarch_includedir}/openssl/opensslconf.h
%attr(0644,root,root) %{_includedir}/openssl/*
%attr(0755,root,root) %{_libdir}/lib*.so
%attr(0644,root,root) %{_mandir}/man3/*
%attr(0644,root,root) %{_libdir}/pkgconfig/*

%files -n %{staticname}
%defattr(-,root,root)
%attr(0644,root,root) %{_libdir}/lib*.a


1	%define maj 1.0.0
2	%define engines_name %mklibname openssl-engines %{maj}
3	%define libname %mklibname openssl %{maj}
4	%define develname %mklibname openssl -d
5	%define staticname %mklibname openssl -s -d
6
7	%define conflict1 %mklibname openssl 0.9.7
8	%define conflict2 %mklibname openssl 0.9.8
9
10	# Number of threads to spawn when testing some threading fixes.
11	#define thread_test_threads %{?threads:%{threads}}%{!?threads:1}
12
13	# French policy is to not use ciphers stronger than 128 bits
14	%define french_policy 0
15
16	%define with_krb5 %{?_with_krb5:1}%{!?_with_krb5:0}
17
18	%define subrel 2
19
20	Summary: Secure Sockets Layer communications libs & utils
21	Name: openssl
22	Version: %{maj}d
23	Release: %mkrel 2
24	License: BSD-like
25	Group: System/Libraries
26	URL: http://www.openssl.org/
27	Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
28	Source1: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz.asc
29	Source2: Makefile.certificate
30	Source3: make-dummy-cert
31	Source4: openssl-thread-test.c
32	Source5: README.pkcs11
33	# (gb) 0.9.6b-5mdk: Limit available SSL ciphers to 128 bits
34	Patch0: openssl-0.9.6b-mdkconfig.patch
35	# (gb) 0.9.7b-4mdk: Handle RPM_OPT_FLAGS in Configure
36	Patch2: openssl-optflags.diff
37	# (oe) support Brazilian Government OTHERNAME X509v3 field (#14158)
38	# http://www.iti.gov.br/resolucoes/RESOLU__O_13_DE_26_04_2002.PDF
39	Patch6: openssl-0.9.8-beta6-icpbrasil.diff
40	Patch7: openssl-1.0.0-defaults.patch
41	Patch8: openssl-0.9.8a-link-krb5.patch
42	Patch10: openssl-0.9.7-beta6-ia64.patch
43	Patch12: openssl-0.9.6-x509.patch
44	Patch13: openssl-0.9.7-beta5-version-add-engines.patch
45	# http://qa.mandriva.com/show_bug.cgi?id=32621
46	Patch15: openssl-0.9.8e-crt.patch
47	# http://blogs.sun.com/janp/
48	Patch16: pkcs11_engine-1.0.0.diff
49	# MIPS and ARM support
50	Patch300: openssl-1.0.0-mips.patch
51	Patch301: openssl-1.0.0-arm.patch
52	Patch302: openssl-1.0.0-enginesdir.patch
53	# CVE Patches
54	Patch400: openssl-1.0.0d-CVE-2011-1945.diff
55	Patch401: openssl-1.0.0d-CVE-2011-3207.diff
56	Patch402: openssl-1.0.0d-CVE-2011-3210.diff
57	Patch403: openssl-1.0.0d-CVE-2011-4108.diff
58	Patch404: openssl-1.0.0a-CVE-2011-4576.diff
59	Patch405: openssl-1.0.0a-CVE-2011-4619.diff
60	Patch406: openssl-1.0.0a-CVE-2012-0027.diff
61	Patch407: openssl-1.0.0d-CVE-2012-0050.diff
62	Requires: %{libname} = %{version}-%{release}
63	Requires: perl-base
64	Requires: rootcerts
65	%{?_with_krb5:BuildRequires: krb5-devel}
66	BuildRequires: multiarch-utils >= 1.0.3
67	BuildRequires: chrpath
68	BuildRequires: zlib-devel
69	# (tv) for test suite:
70	BuildRequires: bc
71
72	%description
73	The openssl certificate management tool and the shared libraries that provide
74	various encryption and decription algorithms and protocols, including DES, RC4,
75	RSA and SSL.
76
77	%package -n %{engines_name}
78	Summary: Engines for openssl
79	Group: System/Libraries
80	Obsoletes: openssl-engines < 1.0.0a-5
81	Provides: openssl-engines = %{version}-%{release}
82
83	%description -n %{engines_name}
84	This package provides engines for openssl.
85
86	%package -n %{libname}
87	Summary: Secure Sockets Layer communications libs
88	Group: System/Libraries
89	Requires: %{engines_name} >= %{version}-%{release}
90	Provides: %{libname} = %{version}-%{release}
91
92	%description -n %{libname}
93	The libraries files are needed for various cryptographic algorithms
94	and protocols, including DES, RC4, RSA and SSL.
95
96	%package -n %{develname}
97	Summary: Secure Sockets Layer communications libs & headers & utils
98	Group: Development/Other
99	Requires: %{libname} = %{version}-%{release}
100	Provides: libopenssl-devel
101	Provides: openssl-devel = %{version}-%{release}
102	Obsoletes: openssl-devel
103	# temporary opsolete, will be a conflict later. a compat package
104	# with openssl-0.9.7 devel libs will be provided soon
105	Obsoletes: %{conflict1}-devel
106	Obsoletes: %{conflict2}-devel
107	Obsoletes: %{mklibname openssl 1.0.0}-devel
108	Provides: %{name}-devel = %{version}-%{release}
109
110	%description -n %{develname}
111	The libraries and include files needed to compile apps with support
112	for various cryptographic algorithms and protocols, including DES, RC4, RSA
113	and SSL.
114
115	%package -n %{staticname}
116	Summary: Secure Sockets Layer communications static libs
117	Group: Development/Other
118	Requires: %{develname} = %{version}-%{release}
119	Provides: libopenssl-static-devel
120	Provides: openssl-static-devel = %{version}-%{release}
121	# temporary opsolete, will be a conflict later. a compat package
122	# with openssl-0.9.7 static-devel libs will be provided soon
123	Obsoletes: %{conflict1}-static-devel
124	Obsoletes: %{conflict2}-static-devel
125	Obsoletes: %{mklibname openssl 1.0.0}-static-devel
126	Provides: %{name}-static-devel = %{version}-%{release}
127
128	%description -n %{staticname}
129	The static libraries needed to compile apps with support for various
130	cryptographic algorithms and protocols, including DES, RC4, RSA and SSL.
131
132	%prep
133
134	%setup -q -n %{name}-%{version}
135	%if %{french_policy}
136	%patch0 -p1 -b .frenchpolicy
137	%endif
138	%patch2 -p1 -b .optflags
139	%patch6 -p0 -b .icpbrasil
140	%patch7 -p1 -b .defaults
141	%{?_with_krb5:%patch8 -p1 -b .krb5}
142	%patch10 -p0 -b .ia64
143	%patch12 -p1 -b .x509
144	%patch13 -p1 -b .version-add-engines
145	%patch15 -p1 -b .crt
146	%patch16 -p1 -b .pkcs11_engine
147
148	%patch300 -p1 -b .mips
149	%patch301 -p1 -b .arm
150	%patch302 -p1 -b .engines
151
152	%patch400 -p1 -b .CVE-2011-1945
153	%patch401 -p0 -b .CVE-2011-3207
154	%patch402 -p1 -b .CVE-2011-3210
155	%patch403 -p0 -b .CVE-2011-4108
156	%patch404 -p0 -b .CVE-2011-4576
157	%patch405 -p1 -b .CVE-2011-4619
158	%patch406 -p1 -b .CVE-2012-0027
159	%patch407 -p0 -b .CVE-2012-0050
160
161	perl -pi -e "s,^(OPENSSL_LIBNAME=).+$,\1%{_lib}," Makefile.org engines/Makefile
162
163	# fix perl path
164	perl util/perlpath.pl %{_bindir}/perl
165
166	cp %{SOURCE2} Makefile.certificate
167	cp %{SOURCE3} make-dummy-cert
168	cp %{SOURCE4} openssl-thread-test.c
169	cp %{SOURCE5} README.pkcs11
170
171	%build
172	%serverbuild
173
174	# Figure out which flags we want to use.
175	# default
176	sslarch=%{_os}-%{_arch}
177	%ifarch %ix86
178	sslarch=linux-elf
179	if ! echo %{_target} \| grep -q i[56]86 ; then
180	sslflags="no-asm"
181	fi
182	%endif
183	%ifarch sparcv9
184	sslarch=linux-sparcv9
185	%endif
186	%ifarch alpha
187	sslarch=linux-alpha-gcc
188	%endif
189	%ifarch s390
190	sslarch="linux-generic32 -DB_ENDIAN -DNO_ASM"
191	%endif
192	%ifarch s390x
193	sslarch="linux-generic64 -DB_ENDIAN -DNO_ASM"
194	%endif
195
196	# ia64, x86_64, ppc, ppc64 are OK by default
197	# Configure the build tree. Override OpenSSL defaults with known-good defaults
198	# usable on all platforms. The Configure script already knows to use -fPIC and
199	# RPM_OPT_FLAGS, so we can skip specifiying them here.
200	./Configure \
201	--openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
202	--enginesdir=%{_libdir}/openssl-%{version}/engines \
203	--prefix=%{_prefix} --libdir=%{_lib}/ %{?_with_krb5:--with-krb5-flavor=MIT -I%{_prefix}/kerberos/include -L%{_prefix}/kerberos/%{_lib}} \
204	no-idea no-rc5 enable-camellia shared enable-tlsext ${sslarch} --pk11-libname=%{_libdir}/pkcs11/PKCS11_API.so
205
206	# zlib no-idea no-mdc2 no-rc5 no-ec no-ecdh no-ecdsa shared ${sslarch}
207
208	# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
209	# marked as not requiring an executable stack.
210	RPM_OPT_FLAGS="%{optflags} -Wa,--noexecstack"
211	make depend
212	make all build-shared
213
214	# Generate hashes for the included certs.
215	make rehash build-shared
216
217	%check
218	# Verify that what was compiled actually works.
219	export LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
220
221	make -C test apps tests
222
223	gcc -o openssl-thread-test \
224	%{?_with_krb5:`krb5-config --cflags`} \
225	-I./include \
226	%{optflags} \
227	openssl-thread-test.c \
228	-L. -lssl -lcrypto \
229	%{?_with_krb5:`krb5-config --libs`} \
230	-lpthread -lz -ldl
231
232	./openssl-thread-test --threads %{thread_test_threads}
233
234	%install
235	rm -fr %{buildroot}
236
237	%makeinstall \
238	INSTALL_PREFIX=%{buildroot} \
239	MANDIR=%{_mandir} \
240	build-shared
241
242	# the makefiles is too borked...
243	install -d %{buildroot}%{_libdir}/openssl-%{version}
244	mv %{buildroot}%{_libdir}/engines %{buildroot}%{_libdir}/openssl-%{version}/engines
245
246	# make the rootcerts dir
247	install -d %{buildroot}%{_sysconfdir}/pki/tls/rootcerts
248
249	# Install a makefile for generating keys and self-signed certs, and a script
250	# for generating them on the fly.
251	install -d %{buildroot}%{_sysconfdir}/pki/tls/certs
252	install -m0644 Makefile.certificate %{buildroot}%{_sysconfdir}/pki/tls/certs/Makefile
253	install -m0755 make-dummy-cert %{buildroot}%{_sysconfdir}/pki/tls/certs/make-dummy-cert
254
255	# Pick a CA script.
256	mv %{buildroot}%{_sysconfdir}/pki/tls/misc/CA.sh %{buildroot}%{_sysconfdir}/pki/tls/misc/CA
257
258	install -d %{buildroot}%{_sysconfdir}/pki/CA
259	install -d %{buildroot}%{_sysconfdir}/pki/CA/private
260
261	# openssl was named ssleay in "ancient" times.
262	ln -snf openssl %{buildroot}%{_bindir}/ssleay
263
264	# The man pages rand.3 and passwd.1 conflict with other packages
265	# Rename them to ssl-* and also make a symlink from openssl-* to ssl-*
266	mv %{buildroot}%{_mandir}/man1/passwd.1 %{buildroot}%{_mandir}/man1/ssl-passwd.1
267	ln -sf ssl-passwd.1.bz2 %{buildroot}%{_mandir}/man1/openssl-passwd.1.bz2
268
269	for i in rand err; do
270	mv %{buildroot}%{_mandir}/man3/$i.3 %{buildroot}%{_mandir}/man3/ssl-$i.3
271	ln -snf ssl-$i.3.bz2 %{buildroot}%{_mandir}/man3/openssl-$i.3.bz2
272	done
273
274	rm -rf {main,devel}-doc-info
275	mkdir -p {main,devel}-doc-info
276	cat - << EOF > main-doc-info/README.%{distribution}-manpage
277	Warning:
278	The man page of passwd, passwd.1, has been renamed to ssl-passwd.1
279	to avoid a conflict with passwd.1 man page from the package passwd.
280	EOF
281
282	cat - << EOF > devel-doc-info/README.%{distribution}-manpage
283	Warning:
284	The man page of rand, rand.3, has been renamed to ssl-rand.3
285	to avoid a conflict with rand.3 from the package man-pages
286	The man page of err, err.3, has been renamed to ssl-err.3
287	to avoid a conflict with err.3 from the package man-pages
288	EOF
289
290	chmod 755 %{buildroot}%{_libdir}/pkgconfig
291
292	%multiarch_includes %{buildroot}%{_includedir}/openssl/opensslconf.h
293
294	# strip cannot touch these unless 755
295	chmod 755 %{buildroot}%{_libdir}/openssl-%{version}/engines/.so
296	chmod 755 %{buildroot}%{_libdir}/.so
297	chmod 755 %{buildroot}%{_bindir}/*
298
299	# nuke a mistake
300	rm -f %{buildroot}%{_mandir}/man3/.3
301
302	# nuke rpath
303	chrpath -d %{buildroot}%{_bindir}/openssl
304
305	# Fix libdir.
306	pushd %{buildroot}%{_libdir}/pkgconfig
307	for i in *.pc ; do
308	sed 's,^libdir=${exec_prefix}/lib$,libdir=${exec_prefix}/%{_lib},g' \
309	$i >$i.tmp && \
310	cat $i.tmp >$i && \
311	rm -f $i.tmp
312	done
313	popd
314
315	# adjust ssldir
316	perl -pi -e "s\|^CATOP=.*\|CATOP=%{_sysconfdir}/pki/tls\|g" %{buildroot}%{_sysconfdir}/pki/tls/misc/CA
317	perl -pi -e "s\|^\\\$CATOP\=\".*\|\\\$CATOP\=\"%{_sysconfdir}/pki/tls\";\|g" %{buildroot}%{_sysconfdir}/pki/tls/misc/CA.pl
318	perl -pi -e "s\|\./demoCA\|%{_sysconfdir}/pki/tls\|g" %{buildroot}%{_sysconfdir}/pki/tls/openssl.cnf
319
320	%clean
321	rm -fr %{buildroot}
322
323	%files
324	%defattr(-,root,root)
325	%doc FAQ INSTALL LICENSE NEWS PROBLEMS main-doc-info/README*
326	%doc README README.ASN1 README.ENGINE README.pkcs11
327	%dir %{_sysconfdir}/pki
328	%dir %{_sysconfdir}/pki/CA
329	%dir %{_sysconfdir}/pki/CA/private
330	%dir %{_sysconfdir}/pki/tls
331	%dir %{_sysconfdir}/pki/tls/certs
332	%dir %{_sysconfdir}/pki/tls/misc
333	%dir %{_sysconfdir}/pki/tls/private
334	%dir %{_sysconfdir}/pki/tls/rootcerts
335	%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
336	%attr(0755,root,root) %{_sysconfdir}/pki/tls/certs/make-dummy-cert
337	%attr(0644,root,root) %{_sysconfdir}/pki/tls/certs/Makefile
338	%attr(0755,root,root) %{_sysconfdir}/pki/tls/misc/*
339	%attr(0755,root,root) %{_bindir}/*
340	%attr(0644,root,root) %{_mandir}/man[157]/*
341
342	%files -n %{libname}
343	%defattr(-,root,root)
344	%doc FAQ INSTALL LICENSE NEWS PROBLEMS README*
345	%attr(0755,root,root) %{_libdir}/lib.so.
346
347	%files -n %{engines_name}
348	%defattr(-,root,root)
349	%attr(0755,root,root) %dir %{_libdir}/openssl-%{version}/engines
350	%attr(0755,root,root) %{_libdir}/openssl-%{version}/engines/*.so
351
352	%files -n %{develname}
353	%defattr(-,root,root)
354	%doc CHANGES doc/* devel-doc-info/README*
355	%attr(0755,root,root) %dir %{_includedir}/openssl
356	%multiarch %{multiarch_includedir}/openssl/opensslconf.h
357	%attr(0644,root,root) %{_includedir}/openssl/*
358	%attr(0755,root,root) %{_libdir}/lib*.so
359	%attr(0644,root,root) %{_mandir}/man3/*
360	%attr(0644,root,root) %{_libdir}/pkgconfig/*
361
362	%files -n %{staticname}
363	%defattr(-,root,root)
364	%attr(0644,root,root) %{_libdir}/lib*.a
365
366