%define major 4 %define libname %mklibname %{name} %{major} %define libname_libressl %mklibname %{name}-libressl %{major} %define devname %mklibname %{name} -d %define devname_libressl %mklibname %{name}-libressl -d %define ssh2 0 # Using libressl allows to support GOST TLS without pain # test: curl https://www.cryptopro.ru:4444/test/tls-cli.asp # Building a separate curl with libressl %bcond_without libressl # Important! We perform autoreconf, then change resulting 'configure' # script, this prevents if from regenerating after we have changed it. %define _disable_rebuild_configure 1 %if %{with libressl} %define ssl_list openssl libressl %else %define ssl_list openssl %endif %define shell_begin %{expand:for SSL in %%{ssl_list} ; \ do \ mkdir -p "$SSL" ;\ pushd "$SSL"} %define shell_end popd; done Summary: Gets a file from a FTP, GOPHER or HTTP server Name: curl Version: 7.68.0 Release: 8 Epoch: 1 License: BSD-like Group: Networking/Other Url: https://curl.haxx.se Source0: https://curl.haxx.se/download/%{name}-%{version}.tar.xz Patch0: %{name}-7.59.0-multilib.patch Patch2: %{name}-7.59.0-debug.patch Patch3: %{name}-libressl.patch BuildRequires: groff BuildRequires: stunnel BuildRequires: openldap-devel BuildRequires: pkgconfig(krb5) BuildRequires: pkgconfig(libcares) #BuildRequires: pkgconfig(libidn) BuildRequires: pkgconfig(libidn2) %if 0%{?ssh2} BuildRequires: pkgconfig(libssh2) %else BuildRequires: pkgconfig(libssh) %endif %if %{with libressl} BuildRequires: pkgconfig(libressl) %endif BuildRequires: pkgconfig(openssl) BuildRequires: pkgconfig(zlib) BuildRequires: pkgconfig(krb5-gssapi) # TODO: Package and enable libpsl support Requires: %{libname} = %{EVRD} Provides: webfetch = %{EVRD} %description curl is a client to get documents/files from servers, using any of the supported protocols. The command is designed to work without user interaction or any kind of interactivity. It offers a busload of useful tricks like proxy support, user authentication, ftp upload, HTTP post, file transfer resume and more. This version is compiled with SSL (https) support. %files %doc COPYING %{_bindir}/%{name} %{_mandir}/man1/%{name}.1* #---------------------------------------------------------------------------- %if %{with libressl} %package -n curl-libressl Summary: Gets a file from a FTP, GOPHER or HTTP server Group: Networking/Other Provides: curl-gost = %{EVRD} %description -n curl-libressl curl is a client to get documents/files from servers, using any of the supported protocols. The command is designed to work without user interaction or any kind of interactivity. It offers a busload of useful tricks like proxy support, user authentication, ftp upload, HTTP post, file transfer resume and more. This version is compiled with LibreSSL and is capable of GOST TLS. %files -n curl-libressl %{_bindir}/curl-libressl %{_bindir}/curl-gost %endif #---------------------------------------------------------------------------- %package -n %{libname} Summary: A library of functions for file transfer Group: Networking/Other Requires: rootcerts %description -n %{libname} libcurl is a library of functions for sending and receiving files through various protocols, including http and ftp. You should install this package if you plan to use any applications that use libcurl. %files -n %{libname} %doc COPYING %{_libdir}/libcurl.so.%{major}* #---------------------------------------------------------------------------- %if %{with libressl} %package -n %{libname_libressl} Summary: A library of functions for file transfer Group: Networking/Other Requires: rootcerts %description -n %{libname_libressl} libcurl is a library of functions for sending and receiving files through various protocols, including http and ftp. You should install this package if you plan to use any applications that use libcurl. libcurl-libressl is linked with LibreSSL and is capable of GOST TLS. %files -n %{libname_libressl} %doc COPYING %{_libdir}/libcurl-libressl.so.%{major}* %endif #---------------------------------------------------------------------------- %package -n %{devname} Summary: Header files and static libraries for libcurl Group: Development/C Requires: %{libname} = %{EVRD} Provides: %{name}-devel = %{EVRD} %description -n %{devname} libcurl is a library of functions for sending and receiving files through various protocols, including http and ftp. You should install this package if you wish to develop applications that use libcurl. %files -n %{devname} %doc docs/BUGS docs/KNOWN_BUGS docs/FAQ CHANGES %doc docs/FEATURES docs/RESOURCES docs/TODO docs/THANKS %{_bindir}/%{name}-config %{_libdir}/libcurl.so %{_includedir}/%{name} %exclude %{_includedir}/curl-libressl %{_libdir}/pkgconfig/libcurl.pc %{_datadir}/aclocal/*.m4 %{_mandir}/man1/%{name}-config.1* %{_mandir}/man3/* #---------------------------------------------------------------------------- %if %{with libressl} %package -n %{devname_libressl} Summary: Header files and devel libraries for libcurl with LibreSSL Group: Development/C Requires: %{libname_libressl} = %{EVRD} Provides: %{name}-libressl-devel = %{EVRD} Provides: %{name}-gost-devel = %{EVRD} %description -n %{devname_libressl} libcurl is a library of functions for sending and receiving files through various protocols, including http and ftp. You should install this package if you wish to develop applications that use libcurl linked with LibreSSL and capable of GOST. %files -n %{devname_libressl} %{_includedir}/curl-libressl %{_libdir}/pkgconfig/libcurl-libressl.pc %{_libdir}/libcurl-libressl.so %endif #---------------------------------------------------------------------------- %package examples Summary: Example files for %{name} development Group: Development/C Requires: %{name}-devel = %{EVRD} BuildArch: noarch %description examples Example files for %{name} development. %files examples %doc docs/examples #---------------------------------------------------------------------------- %prep %setup -q cp libcurl.pc.in libcurl.pc.in.0 %apply_patches # after Patch3 curl-libressl.patch # 0 - original (OpenSSL), 1 - patched (LibreSSL) cp libcurl.pc.in libcurl.pc.in.1 regexp="$(echo %{ssl_list} | sed -e 's, ,|,g')" for i in %{ssl_list}; do mkdir -p "$i" cp -r $(ls -1v | grep -vE "$regexp") "$i"/ done rm -fr $(ls -1v | grep -vE "${regexp}|docs|COPYING|CHANGES") %build %setup_compile_flags %shell_begin ADD_CONF_OPTS="" case "$SSL" in libressl ) cp libcurl.pc.in.1 libcurl.pc.in # validate that correct file is being used grep -q LIBRESSL_ libcurl.pc.in new_libname=libcurl-libressl sed -i configure.ac \ -e 's,openssl.pc,libressl.pc,g' \ -e 's,PKGCONFIG(openssl,PKGCONFIG(libressl,g' \ -e 's,$PREFIX_OPENSSL/lib$libsuff,$PREFIX_OPENSSL/lib,g' # $LIBS apply to libcurl.so only, so there will not be overlinking # even if to add -lxxx here export LIBS="$(pkg-config --cflags-only-I --libs-only-L libressl)" export CFLAGS="$LIBS" export PREFIX_OPENSSL=%{libressl_prefix} # It will be /usr/include/curl-libressl/curl # to allow '#include to work with -I/usr/include/curl-libressl # TLS-SRP: https://wiki.freebsd.org/LibreSSL ADD_CONF_OPTS="\ --includedir=%{_includedir}/curl-libressl \ --disable-tls-srp \ " ;; openssl ) cp libcurl.pc.in.0 libcurl.pc.in ! grep -q LIBRESSL_ libcurl.pc.in new_libname=libcurl export LIBS="$(pkg-config --cflags-only-I --libs-only-L openssl)" export CFLAGS="$LIBS" export PREFIX_OPENSSL=%{_prefix} ;; esac autoreconf -fiv sed -i configure \ -e "s,\$libname,${new_libname},g" \ -e "s,\${libname},${new_libname},g" %configure \ --disable-static \ --with-ssl=off \ --without-gnutls \ --without-bearssl \ --with-zlib \ --with-lber-lib=lber \ --with-libidn2 \ %if 0%{?ssh2} --with-ssh2 \ %else --with-libssh \ %endif --with-random \ --enable-hidden-symbols \ --enable-optimize \ --enable-nonblocking \ --enable-thread \ --enable-crypto-auth \ --enable-libgcc \ --enable-ldaps \ --enable-ipv6 \ --with-ca-bundle=%{_openssldir}/certs/ca-bundle.crt \ --with-gssapi=%{_prefix} \ --enable-ares \ --without-libpsl \ $ADD_CONF_OPTS -- %make # we don't want them in curl-examples: rm -r docs/examples/.deps ||: %shell_end %install %shell_begin case "$SSL" in openssl ) %makeinstall_std ;; libressl ) tmp="$(mktemp -d -p $(pwd))" mkdir -p "$tmp" make DESTDIR="${tmp}" install mv -v ${tmp}%{_bindir}/curl %{buildroot}%{_bindir}/curl-libressl mv -v ${tmp}%{_libdir}/libcurl-libressl* %{buildroot}%{_libdir} mv -v ${tmp}%{_includedir}/curl-libressl %{buildroot}%{_includedir}/ cat ${tmp}%{_libdir}/pkgconfig/libcurl.pc | \ sed -r \ -e 's,^Name:.+,Name: libcurl-libressl,g' \ -e 's,-lcurl,-lcurl-libressl,g' \ -e "s,@LIBRESSL_LIBS@,$(pkg-config --libs-only-L libressl),g" \ -e "s,@LIBRESSL_LIBS_PRIVATE@,,g" \ -e "s,@LIBRESSL_CFLAGS@,$(pkg-config --cflags-only-I libressl),g" \ > %{buildroot}%{_libdir}/pkgconfig/libcurl-libressl.pc #rm -fr "$tmp" ;; * ) echo 'Unknown $SSL' && exit 1 ;; esac # [july 2008] HACK. to be replaced by a real fix sed -i -e 's!-Wl,--as-needed!!' -e 's!-Wl,--no-undefined!!' %{buildroot}%{_bindir}/%{name}-config sed -i -e 's!-Wl,--as-needed!!' -e 's!-Wl,--no-undefined!!' %{buildroot}%{_libdir}/pkgconfig/*.pc # (tpg) use rootcerts's certificates #35917 find %{buildroot} -name ca-bundle.crt -exec rm -f '{}' \; # we don't package mk-ca-bundle so we don't need man for it rm -f %{buildroot}%{_mandir}/man1/mk-ca-bundle.1* %shell_end %if %{with libressl} ( cd %{buildroot}%{_bindir} ; ln -s curl-libressl curl-gost ) %endif %check export LD_LIBRARY_PATH=%{buildroot}%{_libdir} %if %{with libressl} readelf -a %{buildroot}%{_bindir}/curl-libressl | grep NEEDED | grep -q libcurl-libressl readelf -a %{buildroot}%{_libdir}/libcurl-libressl.so | grep SONAME | grep -q libcurl-libressl readelf -a %{buildroot}%{_libdir}/libcurl-libressl.so | grep NEEDED | grep -q 'libssl.so.%{libressl_libssl_sover}' readelf -a %{buildroot}%{_libdir}/libcurl-libressl.so | grep NEEDED | grep -q 'libcrypto.so.%{libressl_libcrypto_sover}' ! readelf -a %{buildroot}%{_libdir}/libcurl.so | grep SONAME | grep -q libcurl-libressl # Check that GSS-API has been enabled readelf -a %{buildroot}%{_libdir}/libcurl-libressl.so | grep NEEDED | grep -q libgssapi # This test will not fail if there is no connection with internet # --insecure to ignore missing SSL certificate if %{buildroot}%{_bindir}/curl-libressl --insecure \ "https://www.cryptopro.ru:4444/test/tls-cli.asp" 2>&1 | \ grep -q ':unsupported algorithm$' ; then echo "GOST is not supported" exit 1 fi %endif readelf -a %{buildroot}%{_libdir}/libcurl.so | grep NEEDED | grep -q libgssapi