diff --git a/libressl.spec b/libressl.spec index a5e8730..4a6faae 100644 --- a/libressl.spec +++ b/libressl.spec @@ -23,37 +23,24 @@ %{?!_compress:%define _compress /bin/true} %{?!_extension:%define _extension .xz} -# Fallback to the old external dependency generator -# http://lists.rosalab.ru/pipermail/rosa-devel/2013-April/004702.html -# http://lists.rosalab.ru/pipermail/rosa-devel/2013-April/004703.html -# because there is no way to filter by filepath in the internal one -# TODO: avoid using external dep. gen. -%define _use_internal_dependency_generator 0 -# Those libraries in /opt are not available without RPATH or ld.so.conf -%define _exclude_files_from_autoprov %{_libdir} # We rename e.g. libtls.pc to libressl-tls.pc, make sure that we do not # get odd provides and break the repository if forgot to rename something -#define __noautoprov '.*openssl.*|pkgconfig\\(lib.*' -%define _provides_exceptions '.*openssl.*|pkgconfig(lib.*' -# libressl-devel must not require devel(libxxx) -# because it has those devels inside himself -%define _requires_exceptions 'devel(lib.*' -# Ideas behind this dependency generation crap are the following: +%define __noautoprov '.*openssl.*|pkgconfig\((libtls|libcrypro|libssl)\)' +# Ideas behind this package are the following: # - libressl-devel must provide pkgconfig(libressl*) # - libressl-devel must not provide pkgconfig(openssl), # pkgconfig(libtls), pkgconfig(libcrypto), pkgconfig(libssl) # to prevent conflicts with OpenSSL -# - libressl must not depend from separate library packages with -# libtls.so.*, libcrypto.so.*, libssl.so.*, instead it has -# copies of those libraries in /opt/libressl/lib/ and has RPATH -# - packages netcat-openbsd and ocspcheck are intended to be -# installable without installing libressl package with a lot of -# odd stuff; so libtls.so.*, libcrypto.so.* and libssl.so.* are -# packaged into separate packages, RPATHs are removed and nc -# and ocspcheck must depend from separate libs packages and will -# use /usr/lib(64)/lib*.so.* instead of /opt/libressl/lib/*.so.* -# - there are no per-library devel packages, only one libressl-devel. -# // mikhailnov, 30.11.2019 +# - packages netcat-openbsd, ocspcheck, libressl are intended to +# comply with FHS, so libtls.so.*, libcrypto.so.* and libssl.so.* +# are packaged into separate packages, RPATHs are removed and +# /usr/bin/* must depend from separate libs packages and will +# use /usr/lib(64)/lib*.so.* +# - there are no per-library devel packages, only one libressl-devel +# with symlinks /opt/libressl/lib/*.so -> /usr/lib(64)/*.so.* +# - not FHS-compilant /opt is used only for devel package to allow +# coinstallability with OpenSSL devel packages +# // mikhailnov, 03.12.2019 %define libcrypto_sover 45 %define libssl_sover 47 @@ -92,11 +79,7 @@ BuildRequires: chrpath # This LibreSSL uses /etc/pki/tls from system OpenSSL # but most functions will work without its files Suggests: openssl -# Prevent dependencies from lib*_libressl* subpackages for the main package -# because it may freely use /opt/libressl/lib/*.so.* -# but put "Autoreq: 1" in other subpackages which may be installed without -# libressl main package being installed and will use /usr/lib(64)/.*so.* -Autoreq: 0 +Autoreq: 1 %description LibreSSL utils and libs coexisting with OpenSSL. @@ -162,13 +145,8 @@ Autoreq: 1 %description devel LibreSSL devel package. Devel libraries are in %{_libdir}, -but the same runtime libraries exist in -%{_libdir} -and -%{_olibdir}. -After linking, binaries will load libs from %{_olibdir}. -When using pkg-config, RPATH is set to %{_libdir}, -remove RPATH/RUNPATH manually if needed. +runtime librararies are in %{_olibdir}, +pkg-config sets -I%{_libdir} in CFLAGS. %files devel %doc ChangeLog COPYING @@ -245,9 +223,6 @@ patch -p1 < 1.patch # Use the same %%_openssl dir with OpenSSL, but separate the config # (note that we patch libressl, X509_CONF_FILE is not upstream) export CFLAGS="$CFLAGS -DX509_CONF_FILE='\"%{_openssldir}/libressl.cnf\"'" -# TODO: why by default without this runpath is not set on libcrypto.so*, -# but is set on libtls.so* and libssl.so*? -export LDFLAGS="$LDFLAGS -Wl,-rpath=%{_libdir}" autoreconf -if #patch2 # static libs are required for tests target in Makefile %configure2_5x \ @@ -318,16 +293,6 @@ mv -v %{buildroot}%{_obindir}/openssl %{buildroot}%{_obindir}/libressl # Remove static libs ( cd %{buildroot}%{_libdir} ; rm -fv *.la *.a ) -# Build scripts set RUNPATH, it is needed because /usr/bin/* are linked with -# /opt/libressl/lib/*.so.*, make sure that RUNPATH exists -for i in $(find %{buildroot}%{_bindir} %{buildroot}%{_libdir} -type f -executable) ; do - rpath="$(readelf -a "$i" | grep '(RUNPATH)' | head -n 1 | awk '{print $NF}' | tr -d '[]')" - if [ "$rpath" != '%{_libdir}' ]; then - echo "Empty or incorrect RPATH on ${i}!" - exit 1 - fi -done - mkdir -p %{buildroot}/%{_olibdir}/pkgconfig mv -v %{buildroot}/%{_libdir}/pkgconfig/*.pc %{buildroot}/%{_olibdir}/pkgconfig for i in share %{_lib} @@ -348,15 +313,6 @@ do -e 's,^libdir=.+,libdir=${exec_prefix}/lib,' \ -e 's,^includedir=.+,includedir=${prefix}/include,' \ "$f" - # TODO: is rpath in *.pc really needed? - if ! grep '^Libs:' "$f" - then - echo 'Libs: -Wl,-rpath=${libdir}' >> "$f" - else - # https://unix.stackexchange.com/a/328656 - sed -i -e '/^Libs:/s/$/ -Wl,-rpath=${libdir}/' "$f" - grep '^Libs:' "$f" | grep -q rpath || exit 1 - fi mv -v "$f" "libressl-${f}" # Requires: libxx -> Requires: libressl-libxx sed -i \ @@ -377,7 +333,10 @@ mv -v %{buildroot}/%{_libdir}/{libcrypto,libtls,libssl}.so.* %{buildroot}/%{_oli for i in %{buildroot}/%{_olibdir}/{libcrypto,libtls,libssl}.so.* do filename="$(basename "$i")" - ln -s "%{_olibdir}/${filename}" "$filename" + # /opt/libressl/lib + # /usr/lib64/ + # Relative symlink is required to use *.so in tests... + ln -s ../../../"%{_olibdir}/${filename}" "$filename" done ) if [ "$(find %{buildroot}/%{_libdir}/ -iname '*.so.*' -type f | wc -l)" -gt 0 ]; then @@ -398,7 +357,6 @@ _pcf(){ nflags="$(echo "$oflags" | sed -e 's,%{_prefix},%{buildroot}%{_prefix},g')" } libressl="%{buildroot}/%{_obindir}/libressl" -rflags="-Wl,-rpath=%{buildroot}%{_libdir},-rpath=%{buildroot}%{_olibdir}" # These tests caught a lot of mistakes during first builds export PKG_CONFIG_PATH=%{buildroot}/%{_olibdir}/pkgconfig export LD_LIBRARY_PATH=%{buildroot}/%{_olibdir} @@ -407,33 +365,31 @@ $libressl version -d | awk '{print $NF}' | tr -d '""' | grep -q '^%{_openssldir} # (test 2) Check that path to config file is correct # and also check that pkg-config libressl points to libressl, not openssl _pcf pkg-config --libs --cflags libressl -%__cc -o test2 %{SOURCE22} $nflags $rflags +%__cc -o test2 %{SOURCE22} $nflags ldd ./test2 [ "$(./test2)" = "%{_openssldir}/libressl.cnf" ] || exit 1 # Check that our pkgconfig hacks somehow work # (test 3) There is no /opt/libressl/ at build time _pcf pkg-config --libs --cflags libressl-libcrypto -%__cc -o test3 %{SOURCE20} $nflags $rflags +%__cc -o test3 %{SOURCE20} $nflags ldd ./test3 -ldd ./test3 | grep -E '%{_prefix}.*/libcrypto\.so\.%{libcrypto_sover}' +ldd ./test3 | grep 'libcrypto\.so\.%{libcrypto_sover}' ./test3 | grep Hello # (test 4) Check that OpenSSL and LibreSSL devel parts coexist correctly # (build with libcrypto from OpenSSL) _pcf pkg-config --libs --cflags libcrypto -%__cc -o test4 %{SOURCE20} $nflags $rflags +%__cc -o test4 %{SOURCE20} $nflags ldd ./test4 -ldd ./test4 | grep -v 'libcrypto\.so\.%{libcrypto_sover}' -ldd ./test4 | grep -v '%{_prefix}' +ldd ./test4 | grep -v '/libcrypto\.so\.%{libcrypto_sover}' ./test4 | grep Hello # (test 5) Check that flags from all *.pc are valid # libtls is overlinking here, but check linking _pcf pkg-config --libs --cflags libressl libressl-libssl libressl-libtls libressl-libcrypto -echo "$nflags" | grep -q rpath -%__сс -o test5 %{SOURCE25} $nflags $rflags -lpthread -lz -ldl +%__сс -o test5 %{SOURCE25} $nflags -lpthread -lz -ldl ldd ./test5 -ldd ./test3 | grep -E '%{_prefix}.*/libcrypto\.so\.%{libcrypto_sover}' -ldd ./test3 | grep -E '%{_prefix}.*/libssl\.so\.%{libssl_sover}' -ldd ./test3 | grep -E '%{_prefix}.*/libtls\.so\.%{libtls_sover}' +ldd ./test3 | grep '/libcrypto\.so\.%{libcrypto_sover}' +ldd ./test3 | grep '/libssl\.so\.%{libssl_sover}' +ldd ./test3 | grep '/libtls\.so\.%{libtls_sover}' ./test5 --threads 2 # (test 6) Check that gost12sum (from OpenSSL gost-engine) and LibreSSL give the same result # This also simply checks that checksums by GOST do work