%define openssl_ver 1.0.2 %define major 1.0.0 %define engines_name %mklibname openssl-engines %{major} %define libcrypto %mklibname crypto %{major} %define libssl %mklibname ssl %{major} %define devname %mklibname openssl -d %define staticname %mklibname openssl -s -d # patchelf 0.9 is buggy so compat libraries are experimental for now %bcond_without compat %define major_compat 10 %define libcrypto_compat %mklibname crypto %{major_compat} %define libssl_compat %mklibname ssl %{major_compat} %define conflict2 %mklibname openssl 0.9.8 # Number of threads to spawn when testing some threading fixes. #define thread_test_threads %%{?threads:%%{threads}}%%{!?threads:1} %define with_krb5 %{?_with_krb5:1}%{!?_with_krb5:0} # This directory is defined in /usr/bin/openssl-config and /etc/rpm/macros.d/openssl.macros # during the build. # The purpose is a system-wide definition of this directory # to guarantee consistency across the whole repository. %define _openssldir %{_sysconfdir}/pki/tls Summary: Secure Sockets Layer communications libs & utils Name: openssl Version: %{openssl_ver}t Release: 5 License: BSD-like Group: System/Libraries Url: https://www.openssl.org Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz Source1: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz.asc Source2: Makefile.certificate Source3: make-dummy-cert Source4: openssl-thread-test.c Source5: openssl-config Source6: openssl.macros # Based on https://github.com/gost-engine/engine # Never remove gost-engine patches Patch0: openssl-1.0.2l-gost-engine.patch # Backport GOST 2015 identificators and GOST OIDs for Edwards parameter sets Patch1: openssl-1.0.2-Backport-GOST-2015-identificators-and-GOST-OIDs-for-.patch # Handle RPM_OPT_FLAGS in Configure Patch2: openssl-1.0.2e-optflags.patch Patch3: openssl-1.0.1c-fix-perlpath.pl # (oe) support Brazilian Government OTHERNAME X509v3 field (#14158) # http://www.iti.gov.br/resolucoes/RESOLU__O_13_DE_26_04_2002.PDF Patch6: openssl-1.0.2l-icpbrasil.patch Patch7: openssl-1.0.2-defaults.patch Patch12: openssl-1.0.2-x509.patch Patch13: openssl-1.0.2-add-engines.patch Patch302: openssl-1.0.2-enginesdir.patch Patch303: openssl-0.9.8a-no-rpath.patch Patch304: openssl-1.0.2-test-use-localhost.patch BuildRequires: bc %if %{with compat} # readelf is used to produce libcrypto.so.10 and libssl.so.10 # needed for compatibility with Fedora/RHEL (Viber etc) BuildRequires: patchelf >= 0.10-0.20170615.2 %endif %{?_with_krb5:BuildRequires: krb5-devel} BuildRequires: sctp-devel BuildRequires: pkgconfig(zlib) Requires: %{engines_name} = %{EVRD} Requires: perl-base Requires: rootcerts Provides: /usr/bin/openssl Provides: openssl-config %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. %files %doc FAQ LICENSE NEWS PROBLEMS main-doc-info/README* %doc README README.ASN1 README.ENGINE %dir %{_sysconfdir}/pki %dir %{_sysconfdir}/pki/CA %dir %{_sysconfdir}/pki/CA/private %dir %{_openssldir} %dir %{_openssldir}/certs %dir %{_openssldir}/misc %dir %{_openssldir}/private %dir %{_openssldir}/rootcerts %attr(0644,root,root) %config(noreplace) %{_openssldir}/openssl.cnf %attr(0755,root,root) %{_openssldir}/certs/make-dummy-cert %attr(0644,root,root) %{_openssldir}/certs/Makefile %attr(0755,root,root) %{_openssldir}/misc/* %attr(0755,root,root) %{_bindir}/* %attr(0644,root,root) %{_mandir}/man[157]/* #---------------------------------------------------------------------------- %package -n %{engines_name} Summary: Engines for openssl Group: System/Libraries Provides: openssl-engines = %{EVRD} # libgost.so was moved to openssl-gost-engine Requires: %{_lib}openssl-gost-engine%{major} %description -n %{engines_name} This package provides engines for openssl. %files -n %{engines_name} %doc FAQ LICENSE NEWS PROBLEMS main-doc-info/README* %doc README README.ASN1 README.ENGINE %attr(0755,root,root) %dir %{_libdir}/openssl-%{major}/engines %attr(0755,root,root) %{_libdir}/openssl-%{major}/engines/*.so #---------------------------------------------------------------------------- %package -n %{libcrypto} Summary: Secure Sockets Layer communications libs Group: System/Libraries Requires: %{libssl} = %{EVRD} %description -n %{libcrypto} The libraries files are needed for various cryptographic algorithms and protocols, including DES, RC4, RSA and SSL. %files -n %{libcrypto} %doc FAQ LICENSE NEWS PROBLEMS README* %{_libdir}/libcrypto.so.%{major}* #---------------------------------------------------------------------------- %package -n %{libssl} Summary: Secure Sockets Layer communications libs Group: System/Libraries Conflicts: %{_lib}openssl1.0.0 < 1.0.1n Obsoletes: %{_lib}openssl1.0.0 < 1.0.1n # needed to avoid undefined symbols in rpm (rpm depends on neon library) Conflicts: %{_lib}neon0.27 < 0.30.1 # needed to avoid undefined symbols in curl and wget as they block update Conflicts: curl < 1:7.47.1 Conflicts: wget < 1.17.1 %description -n %{libssl} The libraries files are needed for various cryptographic algorithms and protocols, including DES, RC4, RSA and SSL. %files -n %{libssl} %doc FAQ LICENSE NEWS PROBLEMS README* %{_libdir}/libssl.so.%{major}* #---------------------------------------------------------------------------- %package -n %{devname} Summary: Secure Sockets Layer communications libs & headers & utils Group: Development/Other Requires: %{libssl} = %{EVRD} Requires: %{libcrypto} = %{EVRD} Provides: libopenssl-devel Provides: %{name}-devel = %{EVRD} %description -n %{devname} The libraries and include files needed to compile apps with support for various cryptographic algorithms and protocols, including DES, RC4, RSA and SSL. %files -n %{devname} %doc CHANGES doc/* devel-doc-info/README* %dir %{_includedir}/openssl %{multiarch_includedir}/openssl/opensslconf.h %{_includedir}/openssl/* %{_libdir}/libcrypto.so %{_libdir}/libssl.so %{_mandir}/man3/* %{_libdir}/pkgconfig/* %{_sys_macros_dir}/openssl.macros #---------------------------------------------------------------------------- %package -n %{staticname} Summary: Secure Sockets Layer communications static libs Group: Development/Other Requires: %{devname} = %{EVRD} Provides: libopenssl-static-devel Provides: %{name}-static-devel = %{EVRD} %description -n %{staticname} The static libraries needed to compile apps with support for various cryptographic algorithms and protocols, including DES, RC4, RSA and SSL. %files -n %{staticname} %doc FAQ LICENSE NEWS PROBLEMS main-doc-info/README* %doc README README.ASN1 README.ENGINE %attr(0644,root,root) %{_libdir}/lib*.a #---------------------------------------------------------------------------- %if %{with compat} %package -n %{libcrypto_compat} Summary: Secure Sockets Layer communications libs (Fedora compatibility only) Group: System/Libraries %description -n %{libcrypto_compat} The libraries files are needed for various cryptographic algorithms and protocols, including DES, RC4, RSA and SSL. %files -n %{libcrypto_compat} %doc FAQ LICENSE NEWS PROBLEMS README* %{_libdir}/libcrypto.so.%{major_compat}* %endif #---------------------------------------------------------------------------- %if %{with compat} %package -n %{libssl_compat} Summary: Secure Sockets Layer communications libs (Fedora compatibility only) Group: System/Libraries %description -n %{libssl_compat} The libraries files are needed for various cryptographic algorithms and protocols, including DES, RC4, RSA and SSL. %files -n %{libssl_compat} %doc FAQ LICENSE NEWS PROBLEMS README* %{_libdir}/libssl.so.%{major_compat}* %endif #---------------------------------------------------------------------------- %prep %setup -q %patch0 -p1 -b .gost %patch1 -p1 %patch2 -p1 -b .optflags %patch3 -p1 -b .perl %patch6 -p1 -b .icpbrasil %patch7 -p1 -b .defaults %{?_with_krb5:%patch8 -p1 -b .krb5} %patch12 -p1 -b .x509 %patch13 -p1 -b .version-add-engines %patch302 -p1 -b .engines %patch303 -p1 -b .no-rpath %patch304 -p1 -b .test-use-localhost perl -pi -e "s,^(OPENSSL_LIBNAME=).+$,\1%{_lib}," Makefile.org engines/Makefile # fix perl path perl util/perlpath.pl %{_bindir}/perl cp %{SOURCE2} Makefile.certificate cp %{SOURCE3} make-dummy-cert cp %{SOURCE4} openssl-thread-test.c %build %serverbuild # Figure out which flags we want to use. # default sslarch=%{_os}-%{_arch} %ifarch %{ix86} sslarch=linux-elf if ! echo %{_target} | grep -q i[56]86 ; then sslflags="no-asm" fi %endif %ifarch %{arm} sslarch=linux-generic32 %endif # ia64, x86_64, ppc, ppc64 are OK by default # Configure the build tree. Override OpenSSL defaults with known-good defaults # usable on all platforms. The Configure script already knows to use -fPIC and # RPM_OPT_FLAGS, so we can skip specifiying them here. ./Configure \ --openssldir=%{_openssldir} ${sslflags} \ --enginesdir=%{_libdir}/openssl-%{major}/engines \ --prefix=%{_prefix} --libdir=%{_lib}/ %{?_with_krb5:--with-krb5-flavor=MIT -I%{_prefix}/kerberos/include -L%{_prefix}/kerberos/%{_lib}} \ zlib no-idea no-rc5 enable-camellia enable-seed enable-tlsext enable-rfc3779 enable-cms enable-md2 sctp shared ${sslarch} # Add -Wa,--noexecstack here so that libcrypto's assembler modules will be # marked as not requiring an executable stack. RPM_OPT_FLAGS="%{optflags} -Wa,--noexecstack" make depend make all build-shared # Generate hashes for the included certs. make rehash build-shared %check # Verify that what was compiled actually works. export LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}} make -C test apps tests gcc -o openssl-thread-test \ %{?_with_krb5:`krb5-config --cflags`} \ -I./include \ %{optflags} \ openssl-thread-test.c \ -L. -lssl -lcrypto \ %{?_with_krb5:`krb5-config --libs`} \ -lpthread -lz -ldl ./openssl-thread-test --threads %{thread_test_threads} %install %makeinstall \ INSTALL_PREFIX=%{buildroot} \ MANDIR=%{_mandir} \ build-shared # the makefiles is too borked... install -d %{buildroot}%{_libdir}/openssl-%{major} mv %{buildroot}%{_libdir}/engines %{buildroot}%{_libdir}/openssl-%{major}/engines # make the rootcerts dir install -d %{buildroot}%{_openssldir}/rootcerts # Install a makefile for generating keys and self-signed certs, and a script # for generating them on the fly. install -d %{buildroot}%{_openssldir}/certs install -m0644 Makefile.certificate %{buildroot}%{_openssldir}/certs/Makefile install -m0755 make-dummy-cert %{buildroot}%{_openssldir}/certs/make-dummy-cert # Pick a CA script. mv %{buildroot}%{_openssldir}/misc/CA.sh %{buildroot}%{_openssldir}/misc/CA install -d %{buildroot}%{_sysconfdir}/pki/CA install -d %{buildroot}%{_sysconfdir}/pki/CA/private # openssl was named ssleay in "ancient" times. ln -snf openssl %{buildroot}%{_bindir}/ssleay # The man pages rand.3 and passwd.1 conflict with other packages # Rename them to ssl-* and also make a symlink from openssl-* to ssl-* mv %{buildroot}%{_mandir}/man1/passwd.1 %{buildroot}%{_mandir}/man1/ssl-passwd.1 ln -sf ssl-passwd.1%{_extension} %{buildroot}%{_mandir}/man1/openssl-passwd.1%{_extension} for i in rand err; do mv %{buildroot}%{_mandir}/man3/$i.3 %{buildroot}%{_mandir}/man3/ssl-$i.3 ln -snf ssl-$i.3%{_extension} %{buildroot}%{_mandir}/man3/openssl-$i.3%{_extension} done rm -rf {main,devel}-doc-info mkdir -p {main,devel}-doc-info cat - << EOF > main-doc-info/README.Mandriva-manpage Warning: The man page of passwd, passwd.1, has been renamed to ssl-passwd.1 to avoid a conflict with passwd.1 man page from the package passwd. EOF cat - << EOF > devel-doc-info/README.Mandriva-manpage Warning: The man page of rand, rand.3, has been renamed to ssl-rand.3 to avoid a conflict with rand.3 from the package man-pages The man page of err, err.3, has been renamed to ssl-err.3 to avoid a conflict with err.3 from the package man-pages EOF chmod 755 %{buildroot}%{_libdir}/pkgconfig %multiarch_includes %{buildroot}%{_includedir}/openssl/opensslconf.h # strip cannot touch these unless 755 chmod 755 %{buildroot}%{_libdir}/openssl-%{major}/engines/*.so* chmod 755 %{buildroot}%{_libdir}/*.so* chmod 755 %{buildroot}%{_bindir}/* %if %{with compat} # RHEL/Fedora compatibility libraries cp %{buildroot}%{_libdir}/libcrypto.so.%{major} %{buildroot}%{_libdir}/libcrypto.so.%{major_compat} cp %{buildroot}%{_libdir}/libssl.so.%{major} %{buildroot}%{_libdir}/libssl.so.%{major_compat} patchelf --set-soname libcrypto.so.%{major_compat} %{buildroot}%{_libdir}/libcrypto.so.%{major_compat} patchelf --set-soname libssl.so.%{major_compat} %{buildroot}%{_libdir}/libssl.so.%{major_compat} %endif # nuke a mistake rm -f %{buildroot}%{_mandir}/man3/.3 # Fix libdir. pushd %{buildroot}%{_libdir}/pkgconfig for i in *.pc ; do sed 's,^libdir=${exec_prefix}/lib$,libdir=${exec_prefix}/%{_lib},g' \ $i >$i.tmp && \ cat $i.tmp >$i && \ rm -f $i.tmp done popd # adjust ssldir perl -pi -e "s|^CATOP=.*|CATOP=%{_openssldir}|g" %{buildroot}%{_openssldir}/misc/CA perl -pi -e "s|^\\\$CATOP\=\".*|\\\$CATOP\=\"%{_openssldir}\";|g" %{buildroot}%{_openssldir}/misc/CA.pl perl -pi -e "s|\./demoCA|%{_openssldir}|g" %{buildroot}%{_openssldir}/openssl.cnf # install openssl-config install -m0755 %{SOURCE5} %{buildroot}/%{_bindir}/ # define values in openssl-config sed -i %{buildroot}/%{_bindir}/openssl-config \ -e "s#@VERSION@#%{version}#g" \ -e "s#@OPENSSLDIR@#%{_openssldir}#g" \ -e "s#@CPPFLAGS@#${CPPFLAGS}#g" \ -e "s#@CFLAGS@#${RPM_OPT_FLAGS}#g" \ -e "s#@LDFLAGS@#%{ldflags}#g" # test openssl-config [ "$(%{buildroot}/%{_bindir}/openssl-config --openssldir)" = '%{_openssldir}' ] # make and install openssl.macros install -d -m0755 %{buildroot}/%{_sys_macros_dir} cat %{SOURCE6} | sed -e "s#@OPENSSLDIR@#%{_openssldir}#g" > %{buildroot}/%{_sys_macros_dir}/openssl.macros chmod 0644 %{buildroot}/%{_sys_macros_dir}/openssl.macros # verify openssl.macros grep -q '%{_openssldir}' %{buildroot}%{_sys_macros_dir}/openssl.macros # is now built in openssl-gost-engines rm -fv %{buildroot}%{_libdir}/openssl-%{major}/engines/libgost.so