Djam/openssl
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/openssl.git synced 2025-02-22 15:52:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
openssl/openssl.spec
Your Name 3d064595ff
All checks were successful
Run CI/CD... / main (push) Successful in 15m52s
Details
1.0.2u
2025-02-18 23:24:10 +00:00

423 lines
14 KiB
RPMSpec
Raw Permalink Blame History

%define major 1.0.0
%define engines_name %mklibname openssl-engines %{major}
%define libcrypto %mklibname crypto %{major}
%define libssl %mklibname ssl %{major}
%define devname %mklibname openssl -d
%define staticname %mklibname openssl -s -d
# patchelf 0.9 is buggy so compat libraries are experimental for now
%bcond_without compat
%define major_compat 10
%define libcrypto_compat %mklibname crypto %{major_compat}
%define libssl_compat %mklibname ssl %{major_compat}
%define conflict2 %mklibname openssl 0.9.8
# Number of threads to spawn when testing some threading fixes.
#define thread_test_threads %%{?threads:%%{threads}}%%{!?threads:1}
%define with_krb5 %{?_with_krb5:1}%{!?_with_krb5:0}
# This directory is defined in /usr/bin/openssl-config and %%_rpmmacrodir/*openssl*
# during the build.
# The purpose is a system-wide definition of this directory
# to guarantee consistency across the whole repository.
%define _openssldir %{_sysconfdir}/pki/tls
Summary: Secure Sockets Layer communications libs & utils
Name: openssl
Version: 1.0.2u
Release: 6
License: BSD-like
Group: System/Libraries
URL: https://www.openssl.org
#Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
#Source1: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz.asc
Source0: https://github.com/openssl/openssl/releases/download/OpenSSL_%(echo %{version} | sed 's|\.|_|g')/%{name}-%{version}.tar.gz
Source1: https://github.com/openssl/openssl/releases/download/OpenSSL_%(echo %{version} | sed 's|\.|_|g')/%{name}-%{version}.tar.gz.asc
Source2: Makefile.certificate
Source3: make-dummy-cert
Source4: openssl-thread-test.c
Source5: openssl-config
Source6: openssl.macros
# Based on https://github.com/gost-engine/engine
# Never remove gost-engine patches
Patch0: openssl-1.0.2l-gost-engine.patch
# Backport GOST 2015 identificators and GOST OIDs for Edwards parameter sets
Patch1: openssl-1.0.2-Backport-GOST-2015-identificators-and-GOST-OIDs-for-.patch
# Handle RPM_OPT_FLAGS in Configure
Patch2: openssl-1.0.2e-optflags.patch
Patch3: openssl-1.0.1c-fix-perlpath.pl
# (oe) support Brazilian Government OTHERNAME X509v3 field (#14158)
# http://www.iti.gov.br/resolucoes/RESOLU__O_13_DE_26_04_2002.PDF
Patch6: openssl-1.0.2l-icpbrasil.patch
Patch7: openssl-1.0.2-defaults.patch
Patch12: openssl-1.0.2-x509.patch
Patch13: openssl-1.0.2-add-engines.patch
Patch302: openssl-1.0.2-enginesdir.patch
Patch303: openssl-0.9.8a-no-rpath.patch
Patch304: openssl-1.0.2-test-use-localhost.patch
BuildRequires: bc
%if %{with compat}
# readelf is used to produce libcrypto.so.10 and libssl.so.10
# needed for compatibility with Fedora/RHEL (Viber etc)
BuildRequires: patchelf >= 0.10-0.20170615.2
%endif
%{?_with_krb5:BuildRequires: krb5-devel}
BuildRequires: sctp-devel
BuildRequires: pkgconfig(zlib)
BuildRequires: pkgconfig(openssl)
Requires: %{engines_name} = %{EVRD}
Requires: perl-base
Requires: rootcerts
Provides: /usr/bin/openssl
Provides: openssl-config
%description
The openssl certificate management tool and the shared libraries that provide
various encryption and decription algorithms and protocols, including DES, RC4,
RSA and SSL.
%files
%doc FAQ LICENSE NEWS PROBLEMS main-doc-info/README*
%doc README README.ASN1 README.ENGINE
%dir %{_sysconfdir}/pki
%dir %{_sysconfdir}/pki/CA
%dir %{_sysconfdir}/pki/CA/private
%dir %{_openssldir}
%dir %{_openssldir}/certs
%dir %{_openssldir}/misc
%dir %{_openssldir}/private
%dir %{_openssldir}/rootcerts
%attr(0644,root,root) %config(noreplace) %{_openssldir}/openssl.cnf
%attr(0755,root,root) %{_openssldir}/certs/make-dummy-cert
%attr(0644,root,root) %{_openssldir}/certs/Makefile
%attr(0755,root,root) %{_openssldir}/misc/*
%attr(0755,root,root) %{_bindir}/*
%attr(0644,root,root) %{_mandir}/man[157]/*
#----------------------------------------------------------------------------
%package -n %{engines_name}
Summary: Engines for openssl
Group: System/Libraries
Provides: openssl-engines = %{EVRD}
# libgost.so was moved to openssl-gost-engine
%if %rpm5
Requires: %{_lib}openssl-gost-engine%{major}
%else
# We must keep openssl-gost-engine preinstalled in rpm5 platforms.
# But dnf installs recommended deps in more cases then urpmi,
# So let's let users remove gost-engine if needed.
Recommends: %{_lib}openssl-gost-engine%{major}
%endif
%description -n %{engines_name}
This package provides engines for openssl.
%files -n %{engines_name}
%doc FAQ LICENSE NEWS PROBLEMS main-doc-info/README*
%doc README README.ASN1 README.ENGINE
%attr(0755,root,root) %dir %{_libdir}/openssl-%{major}/engines
%attr(0755,root,root) %{_libdir}/openssl-%{major}/engines/*.so
#----------------------------------------------------------------------------
%package -n %{libcrypto}
Summary: Secure Sockets Layer communications libs
Group: System/Libraries
Requires: %{libssl} = %{EVRD}
%description -n %{libcrypto}
The libraries files are needed for various cryptographic algorithms
and protocols, including DES, RC4, RSA and SSL.
%files -n %{libcrypto}
%doc FAQ LICENSE NEWS PROBLEMS README*
%{_libdir}/libcrypto.so.%{major}*
#----------------------------------------------------------------------------
%package -n %{libssl}
Summary: Secure Sockets Layer communications libs
Group: System/Libraries
Conflicts: %{_lib}openssl1.0.0 < 1.0.1n
Obsoletes: %{_lib}openssl1.0.0 < 1.0.1n
# needed to avoid undefined symbols in rpm (rpm depends on neon library)
Conflicts: %{_lib}neon0.27 < 0.30.1
# needed to avoid undefined symbols in curl and wget as they block update
Conflicts: curl < 1:7.47.1
Conflicts: wget < 1.17.1
%description -n %{libssl}
The libraries files are needed for various cryptographic algorithms
and protocols, including DES, RC4, RSA and SSL.
%files -n %{libssl}
%doc FAQ LICENSE NEWS PROBLEMS README*
%{_libdir}/libssl.so.%{major}*
#----------------------------------------------------------------------------
%package -n %{devname}
Summary: Secure Sockets Layer communications libs & headers & utils
Group: Development/Other
Requires: %{libssl} = %{EVRD}
Requires: %{libcrypto} = %{EVRD}
Provides: libopenssl-devel
Provides: %{name}-devel = %{EVRD}
%description -n %{devname}
The libraries and include files needed to compile apps with support
for various cryptographic algorithms and protocols, including DES, RC4, RSA
and SSL.
%files -n %{devname}
%doc CHANGES doc/* devel-doc-info/README*
%dir %{_includedir}/openssl
%{_includedir}/openssl/*
%{_libdir}/libcrypto.so
%{_libdir}/libssl.so
%{_mandir}/man3/*
%{_libdir}/pkgconfig/*
%{_rpmmacrodir}/*openssl*
#----------------------------------------------------------------------------
%package -n %{staticname}
Summary: Secure Sockets Layer communications static libs
Group: Development/Other
Requires: %{devname} = %{EVRD}
Provides: libopenssl-static-devel
Provides: %{name}-static-devel = %{EVRD}
%description -n %{staticname}
The static libraries needed to compile apps with support for various
cryptographic algorithms and protocols, including DES, RC4, RSA and SSL.
%files -n %{staticname}
%doc FAQ LICENSE NEWS PROBLEMS main-doc-info/README*
%doc README README.ASN1 README.ENGINE
%attr(0644,root,root) %{_libdir}/lib*.a
#----------------------------------------------------------------------------
%if %{with compat}
%package -n %{libcrypto_compat}
Summary: Secure Sockets Layer communications libs (Fedora compatibility only)
Group: System/Libraries
%description -n %{libcrypto_compat}
The libraries files are needed for various cryptographic algorithms
and protocols, including DES, RC4, RSA and SSL.
%files -n %{libcrypto_compat}
%doc FAQ LICENSE NEWS PROBLEMS README*
%{_libdir}/libcrypto.so.%{major_compat}*
%endif
#----------------------------------------------------------------------------
%if %{with compat}
%package -n %{libssl_compat}
Summary: Secure Sockets Layer communications libs (Fedora compatibility only)
Group: System/Libraries
%description -n %{libssl_compat}
The libraries files are needed for various cryptographic algorithms
and protocols, including DES, RC4, RSA and SSL.
%files -n %{libssl_compat}
%doc FAQ LICENSE NEWS PROBLEMS README*
%{_libdir}/libssl.so.%{major_compat}*
%endif
#----------------------------------------------------------------------------
%prep
%setup -q
%patch0 -p1 -b .gost
%patch1 -p1
%patch2 -p1 -b .optflags
%patch3 -p1 -b .perl
%patch6 -p1 -b .icpbrasil
%patch7 -p1 -b .defaults
%{?_with_krb5:%patch8 -p1 -b .krb5}
%patch12 -p1 -b .x509
%patch13 -p1 -b .version-add-engines
%patch302 -p1 -b .engines
%patch303 -p1 -b .no-rpath
%patch304 -p1 -b .test-use-localhost
perl -pi -e "s,^(OPENSSL_LIBNAME=).+$,\1%{_lib}," Makefile.org engines/Makefile
# fix perl path
perl util/perlpath.pl %{_bindir}/perl
cp %{SOURCE2} Makefile.certificate
cp %{SOURCE3} make-dummy-cert
cp %{SOURCE4} openssl-thread-test.c
%build
%serverbuild
# Figure out which flags we want to use.
# default
sslarch=%{_os}-%{_arch}
%ifarch %{ix86}
sslarch=linux-elf
if ! echo %{_target} | grep -q i[56]86 ; then
sslflags="no-asm"
fi
%endif
%ifarch %{arm}
sslarch=linux-generic32
%endif
# ia64, x86_64, ppc, ppc64 are OK by default
# Configure the build tree. Override OpenSSL defaults with known-good defaults
# usable on all platforms. The Configure script already knows to use -fPIC and
# RPM_OPT_FLAGS, so we can skip specifiying them here.
./Configure \
--openssldir=%{_openssldir} ${sslflags} \
--enginesdir=%{_libdir}/openssl-%{major}/engines \
--prefix=%{_prefix} --libdir=%{_lib}/ %{?_with_krb5:--with-krb5-flavor=MIT -I%{_prefix}/kerberos/include -L%{_prefix}/kerberos/%{_lib}} \
zlib no-idea no-rc5 enable-camellia enable-seed enable-tlsext enable-rfc3779 enable-cms enable-md2 sctp shared ${sslarch}
# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
# marked as not requiring an executable stack.
RPM_OPT_FLAGS="%{optflags} -Wa,--noexecstack"
make depend
make all build-shared
# Generate hashes for the included certs.
make rehash build-shared
%check
# Verify that what was compiled actually works.
export LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
#make -C test apps tests
#gcc -o openssl-thread-test \
# %{?_with_krb5:`krb5-config --cflags`} \
# -I./include \
# %{optflags} \
# openssl-thread-test.c \
# -L. -lssl -lcrypto \
# %{?_with_krb5:`krb5-config --libs`} \
# -lpthread -lz -ldl
#./openssl-thread-test --threads %{thread_test_threads}
%install
%makeinstall \
INSTALL_PREFIX=%{buildroot} \
MANDIR=%{_mandir} \
build-shared
# the makefiles is too borked...
install -d %{buildroot}%{_libdir}/openssl-%{major}
mv %{buildroot}%{_libdir}/engines %{buildroot}%{_libdir}/openssl-%{major}/engines
# make the rootcerts dir
install -d %{buildroot}%{_openssldir}/rootcerts
# Install a makefile for generating keys and self-signed certs, and a script
# for generating them on the fly.
install -d %{buildroot}%{_openssldir}/certs
install -m0644 Makefile.certificate %{buildroot}%{_openssldir}/certs/Makefile
install -m0755 make-dummy-cert %{buildroot}%{_openssldir}/certs/make-dummy-cert
# Pick a CA script.
mv %{buildroot}%{_openssldir}/misc/CA.sh %{buildroot}%{_openssldir}/misc/CA
install -d %{buildroot}%{_sysconfdir}/pki/CA
install -d %{buildroot}%{_sysconfdir}/pki/CA/private
# openssl was named ssleay in "ancient" times.
ln -snf openssl %{buildroot}%{_bindir}/ssleay
# The man pages rand.3 and passwd.1 conflict with other packages
# Rename them to ssl-* and also make a symlink from openssl-* to ssl-*
mv %{buildroot}%{_mandir}/man1/passwd.1 %{buildroot}%{_mandir}/man1/ssl-passwd.1
ln -sf ssl-passwd.1%{_extension} %{buildroot}%{_mandir}/man1/openssl-passwd.1%{_extension}
for i in rand err; do
mv %{buildroot}%{_mandir}/man3/$i.3 %{buildroot}%{_mandir}/man3/ssl-$i.3
ln -snf ssl-$i.3%{_extension} %{buildroot}%{_mandir}/man3/openssl-$i.3%{_extension}
done
rm -rf {main,devel}-doc-info
mkdir -p {main,devel}-doc-info
cat - << EOF > main-doc-info/README.Mandriva-manpage
Warning:
The man page of passwd, passwd.1, has been renamed to ssl-passwd.1
to avoid a conflict with passwd.1 man page from the package passwd.
EOF
cat - << EOF > devel-doc-info/README.Mandriva-manpage
Warning:
The man page of rand, rand.3, has been renamed to ssl-rand.3
to avoid a conflict with rand.3 from the package man-pages
The man page of err, err.3, has been renamed to ssl-err.3
to avoid a conflict with err.3 from the package man-pages
EOF
chmod 755 %{buildroot}%{_libdir}/pkgconfig
# strip cannot touch these unless 755
chmod 755 %{buildroot}%{_libdir}/openssl-%{major}/engines/*.so*
chmod 755 %{buildroot}%{_libdir}/*.so*
chmod 755 %{buildroot}%{_bindir}/*
%if %{with compat}
# RHEL/Fedora compatibility libraries
cp %{buildroot}%{_libdir}/libcrypto.so.%{major} %{buildroot}%{_libdir}/libcrypto.so.%{major_compat}
cp %{buildroot}%{_libdir}/libssl.so.%{major} %{buildroot}%{_libdir}/libssl.so.%{major_compat}
patchelf --set-soname libcrypto.so.%{major_compat} %{buildroot}%{_libdir}/libcrypto.so.%{major_compat}
patchelf --set-soname libssl.so.%{major_compat} %{buildroot}%{_libdir}/libssl.so.%{major_compat}
%endif
# nuke a mistake
rm -f %{buildroot}%{_mandir}/man3/.3
# Fix libdir.
pushd %{buildroot}%{_libdir}/pkgconfig
for i in *.pc ; do
sed 's,^libdir=${exec_prefix}/lib$,libdir=${exec_prefix}/%{_lib},g' \
$i >$i.tmp && \
cat $i.tmp >$i && \
rm -f $i.tmp
done
popd
# adjust ssldir
perl -pi -e "s|^CATOP=.*|CATOP=%{_openssldir}|g" %{buildroot}%{_openssldir}/misc/CA
perl -pi -e "s|^\\\$CATOP\=\".*|\\\$CATOP\=\"%{_openssldir}\";|g" %{buildroot}%{_openssldir}/misc/CA.pl
perl -pi -e "s|\./demoCA|%{_openssldir}|g" %{buildroot}%{_openssldir}/openssl.cnf
# install openssl-config
install -m0755 %{SOURCE5} %{buildroot}/%{_bindir}/
# define values in openssl-config
sed -i %{buildroot}/%{_bindir}/openssl-config \
-e "s#@VERSION@#%{version}#g" \
-e "s#@OPENSSLDIR@#%{_openssldir}#g" \
-e "s#@CPPFLAGS@#${CPPFLAGS}#g" \
-e "s#@CFLAGS@#${RPM_OPT_FLAGS}#g" \
-e "s#@LDFLAGS@#%{ldflags}#g"
# test openssl-config
[ "$(%{buildroot}/%{_bindir}/openssl-config --openssldir)" = '%{_openssldir}' ]
# make and install openssl.macros
cat %{SOURCE6} | sed -e "s#@OPENSSLDIR@#%{_openssldir}#g" > macros_file
%install_macro openssl macros_file
# verify openssl.macros
grep -q '%{_openssldir}' %{buildroot}%{_rpmmacrodir}/*openssl*
# is now built in openssl-gost-engines
rm -fv %{buildroot}%{_libdir}/openssl-%{major}/engines/libgost.so
Reference in a new issue View git blame Copy permalink