mirror of
https://abf.rosa.ru/djam/openssl.git
synced 2025-02-23 16:22:50 +00:00
324 lines
10 KiB
RPMSpec
324 lines
10 KiB
RPMSpec
%define major 1.0.0
|
|
%define engines_name %mklibname openssl-engines %{major}
|
|
%define libcrypto %mklibname crypto %{major}
|
|
%define libssl %mklibname ssl %{major}
|
|
%define devname %mklibname openssl -d
|
|
%define staticname %mklibname openssl -s -d
|
|
|
|
%define conflict2 %mklibname openssl 0.9.8
|
|
|
|
# Number of threads to spawn when testing some threading fixes.
|
|
#define thread_test_threads %{?threads:%{threads}}%{!?threads:1}
|
|
|
|
%define with_krb5 %{?_with_krb5:1}%{!?_with_krb5:0}
|
|
|
|
Summary: Secure Sockets Layer communications libs & utils
|
|
Name: openssl
|
|
Version: 1.0.2h
|
|
Release: 1
|
|
License: BSD-like
|
|
Group: System/Libraries
|
|
Url: https://www.openssl.org
|
|
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
|
|
Source1: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz.asc
|
|
Source2: Makefile.certificate
|
|
Source3: make-dummy-cert
|
|
Source4: openssl-thread-test.c
|
|
# Handle RPM_OPT_FLAGS in Configure
|
|
Patch2: openssl-1.0.2e-optflags.patch
|
|
Patch3: openssl-1.0.1c-fix-perlpath.pl
|
|
# (oe) support Brazilian Government OTHERNAME X509v3 field (#14158)
|
|
# http://www.iti.gov.br/resolucoes/RESOLU__O_13_DE_26_04_2002.PDF
|
|
Patch6: openssl-1.0.2-icpbrasil.patch
|
|
Patch7: openssl-1.0.2-defaults.patch
|
|
Patch8: openssl-0.9.8a-link-krb5.patch
|
|
Patch12: openssl-1.0.2-x509.patch
|
|
Patch13: openssl-1.0.2-add-engines.patch
|
|
Patch302: openssl-1.0.2-enginesdir.patch
|
|
Patch303: openssl-0.9.8a-no-rpath.patch
|
|
Patch304: openssl-1.0.2-test-use-localhost.patch
|
|
BuildRequires: bc
|
|
%{?_with_krb5:BuildRequires: krb5-devel}
|
|
BuildRequires: sctp-devel
|
|
BuildRequires: pkgconfig(zlib)
|
|
Requires: %{engines_name} = %{EVRD}
|
|
Requires: perl-base
|
|
Requires: rootcerts
|
|
Provides: /usr/bin/openssl
|
|
|
|
%description
|
|
The openssl certificate management tool and the shared libraries that provide
|
|
various encryption and decription algorithms and protocols, including DES, RC4,
|
|
RSA and SSL.
|
|
|
|
%files
|
|
%doc FAQ INSTALL LICENSE NEWS PROBLEMS main-doc-info/README*
|
|
%doc README README.ASN1 README.ENGINE
|
|
%dir %{_sysconfdir}/pki
|
|
%dir %{_sysconfdir}/pki/CA
|
|
%dir %{_sysconfdir}/pki/CA/private
|
|
%dir %{_sysconfdir}/pki/tls
|
|
%dir %{_sysconfdir}/pki/tls/certs
|
|
%dir %{_sysconfdir}/pki/tls/misc
|
|
%dir %{_sysconfdir}/pki/tls/private
|
|
%dir %{_sysconfdir}/pki/tls/rootcerts
|
|
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
|
|
%attr(0755,root,root) %{_sysconfdir}/pki/tls/certs/make-dummy-cert
|
|
%attr(0644,root,root) %{_sysconfdir}/pki/tls/certs/Makefile
|
|
%attr(0755,root,root) %{_sysconfdir}/pki/tls/misc/*
|
|
%attr(0755,root,root) %{_bindir}/*
|
|
%attr(0644,root,root) %{_mandir}/man[157]/*
|
|
|
|
#----------------------------------------------------------------------------
|
|
|
|
%package -n %{engines_name}
|
|
Summary: Engines for openssl
|
|
Group: System/Libraries
|
|
Provides: openssl-engines = %{EVRD}
|
|
|
|
%description -n %{engines_name}
|
|
This package provides engines for openssl.
|
|
|
|
%files -n %{engines_name}
|
|
%attr(0755,root,root) %dir %{_libdir}/openssl-%{version}/engines
|
|
%attr(0755,root,root) %{_libdir}/openssl-%{version}/engines/*.so
|
|
|
|
#----------------------------------------------------------------------------
|
|
|
|
%package -n %{libcrypto}
|
|
Summary: Secure Sockets Layer communications libs
|
|
Group: System/Libraries
|
|
Conflicts: %{_lib}openssl1.0.0 < 1.0.1n
|
|
|
|
%description -n %{libcrypto}
|
|
The libraries files are needed for various cryptographic algorithms
|
|
and protocols, including DES, RC4, RSA and SSL.
|
|
|
|
%files -n %{libcrypto}
|
|
%doc FAQ INSTALL LICENSE NEWS PROBLEMS README*
|
|
%{_libdir}/libcrypto.so.%{major}*
|
|
|
|
#----------------------------------------------------------------------------
|
|
|
|
%package -n %{libssl}
|
|
Summary: Secure Sockets Layer communications libs
|
|
Group: System/Libraries
|
|
Conflicts: %{_lib}openssl1.0.0 < 1.0.1n
|
|
Obsoletes: %{_lib}openssl1.0.0 < 1.0.1n
|
|
# needed to avoid undefined symbols in rpm (rpm depends on neon library)
|
|
Conflicts: %{_lib}neon0.27 < 0.30.1
|
|
# needed to avoid undefined symbols in curl and wget as they block update
|
|
Conflicts: curl < 1:7.47.1
|
|
Conflicts: wget < 1.17.1
|
|
|
|
%description -n %{libssl}
|
|
The libraries files are needed for various cryptographic algorithms
|
|
and protocols, including DES, RC4, RSA and SSL.
|
|
|
|
%files -n %{libssl}
|
|
%doc FAQ INSTALL LICENSE NEWS PROBLEMS README*
|
|
%{_libdir}/libssl.so.%{major}*
|
|
|
|
#----------------------------------------------------------------------------
|
|
|
|
%package -n %{devname}
|
|
Summary: Secure Sockets Layer communications libs & headers & utils
|
|
Group: Development/Other
|
|
Requires: %{libssl} = %{EVRD}
|
|
Requires: %{libcrypto} = %{EVRD}
|
|
Provides: libopenssl-devel
|
|
Provides: openssl-devel = %{EVRD}
|
|
Provides: %{name}-devel = %{EVRD}
|
|
|
|
%description -n %{devname}
|
|
The libraries and include files needed to compile apps with support
|
|
for various cryptographic algorithms and protocols, including DES, RC4, RSA
|
|
and SSL.
|
|
|
|
%files -n %{devname}
|
|
%doc CHANGES doc/* devel-doc-info/README*
|
|
%dir %{_includedir}/openssl
|
|
%{multiarch_includedir}/openssl/opensslconf.h
|
|
%{_includedir}/openssl/*
|
|
%{_libdir}/libcrypto.so
|
|
%{_libdir}/libssl.so
|
|
%{_mandir}/man3/*
|
|
%{_libdir}/pkgconfig/*
|
|
|
|
#----------------------------------------------------------------------------
|
|
|
|
%package -n %{staticname}
|
|
Summary: Secure Sockets Layer communications static libs
|
|
Group: Development/Other
|
|
Requires: %{devname} = %{EVRD}
|
|
Provides: libopenssl-static-devel
|
|
Provides: openssl-static-devel = %{EVRD}
|
|
Provides: %{name}-static-devel = %{EVRD}
|
|
|
|
%description -n %{staticname}
|
|
The static libraries needed to compile apps with support for various
|
|
cryptographic algorithms and protocols, including DES, RC4, RSA and SSL.
|
|
|
|
%files -n %{staticname}
|
|
%attr(0644,root,root) %{_libdir}/lib*.a
|
|
|
|
#----------------------------------------------------------------------------
|
|
|
|
%prep
|
|
%setup -q
|
|
%patch2 -p1 -b .optflags
|
|
%patch3 -p1 -b .perl
|
|
%patch6 -p1 -b .icpbrasil
|
|
%patch7 -p1 -b .defaults
|
|
%{?_with_krb5:%patch8 -p1 -b .krb5}
|
|
%patch12 -p1 -b .x509
|
|
%patch13 -p1 -b .version-add-engines
|
|
|
|
%patch302 -p1 -b .engines
|
|
%patch303 -p1 -b .no-rpath
|
|
%patch304 -p1 -b .test-use-localhost
|
|
|
|
perl -pi -e "s,^(OPENSSL_LIBNAME=).+$,\1%{_lib}," Makefile.org engines/Makefile
|
|
|
|
# fix perl path
|
|
perl util/perlpath.pl %{_bindir}/perl
|
|
|
|
cp %{SOURCE2} Makefile.certificate
|
|
cp %{SOURCE3} make-dummy-cert
|
|
cp %{SOURCE4} openssl-thread-test.c
|
|
|
|
%build
|
|
%serverbuild
|
|
|
|
# Figure out which flags we want to use.
|
|
# default
|
|
sslarch=%{_os}-%{_arch}
|
|
%ifarch %{ix86}
|
|
sslarch=linux-elf
|
|
if ! echo %{_target} | grep -q i[56]86 ; then
|
|
sslflags="no-asm"
|
|
fi
|
|
%endif
|
|
%ifarch %{arm}
|
|
sslarch=linux-generic32
|
|
%endif
|
|
|
|
|
|
# ia64, x86_64, ppc, ppc64 are OK by default
|
|
# Configure the build tree. Override OpenSSL defaults with known-good defaults
|
|
# usable on all platforms. The Configure script already knows to use -fPIC and
|
|
# RPM_OPT_FLAGS, so we can skip specifiying them here.
|
|
./Configure \
|
|
--openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
|
|
--enginesdir=%{_libdir}/openssl-%{version}/engines \
|
|
--prefix=%{_prefix} --libdir=%{_lib}/ %{?_with_krb5:--with-krb5-flavor=MIT -I%{_prefix}/kerberos/include -L%{_prefix}/kerberos/%{_lib}} \
|
|
zlib no-idea no-rc5 enable-camellia enable-seed enable-tlsext enable-rfc3779 enable-cms sctp shared ${sslarch}
|
|
|
|
# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
|
|
# marked as not requiring an executable stack.
|
|
RPM_OPT_FLAGS="%{optflags} -Wa,--noexecstack"
|
|
|
|
make depend
|
|
make all build-shared
|
|
|
|
# Generate hashes for the included certs.
|
|
make rehash build-shared
|
|
|
|
%check
|
|
# Verify that what was compiled actually works.
|
|
export LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
|
|
|
|
make -C test apps tests
|
|
|
|
gcc -o openssl-thread-test \
|
|
%{?_with_krb5:`krb5-config --cflags`} \
|
|
-I./include \
|
|
%{optflags} \
|
|
openssl-thread-test.c \
|
|
-L. -lssl -lcrypto \
|
|
%{?_with_krb5:`krb5-config --libs`} \
|
|
-lpthread -lz -ldl
|
|
|
|
./openssl-thread-test --threads %{thread_test_threads}
|
|
|
|
%install
|
|
|
|
%makeinstall \
|
|
INSTALL_PREFIX=%{buildroot} \
|
|
MANDIR=%{_mandir} \
|
|
build-shared
|
|
|
|
# the makefiles is too borked...
|
|
install -d %{buildroot}%{_libdir}/openssl-%{version}
|
|
mv %{buildroot}%{_libdir}/engines %{buildroot}%{_libdir}/openssl-%{version}/engines
|
|
|
|
# make the rootcerts dir
|
|
install -d %{buildroot}%{_sysconfdir}/pki/tls/rootcerts
|
|
|
|
# Install a makefile for generating keys and self-signed certs, and a script
|
|
# for generating them on the fly.
|
|
install -d %{buildroot}%{_sysconfdir}/pki/tls/certs
|
|
install -m0644 Makefile.certificate %{buildroot}%{_sysconfdir}/pki/tls/certs/Makefile
|
|
install -m0755 make-dummy-cert %{buildroot}%{_sysconfdir}/pki/tls/certs/make-dummy-cert
|
|
|
|
# Pick a CA script.
|
|
mv %{buildroot}%{_sysconfdir}/pki/tls/misc/CA.sh %{buildroot}%{_sysconfdir}/pki/tls/misc/CA
|
|
|
|
install -d %{buildroot}%{_sysconfdir}/pki/CA
|
|
install -d %{buildroot}%{_sysconfdir}/pki/CA/private
|
|
|
|
# openssl was named ssleay in "ancient" times.
|
|
ln -snf openssl %{buildroot}%{_bindir}/ssleay
|
|
|
|
# The man pages rand.3 and passwd.1 conflict with other packages
|
|
# Rename them to ssl-* and also make a symlink from openssl-* to ssl-*
|
|
mv %{buildroot}%{_mandir}/man1/passwd.1 %{buildroot}%{_mandir}/man1/ssl-passwd.1
|
|
ln -sf ssl-passwd.1%{_extension} %{buildroot}%{_mandir}/man1/openssl-passwd.1%{_extension}
|
|
|
|
for i in rand err; do
|
|
mv %{buildroot}%{_mandir}/man3/$i.3 %{buildroot}%{_mandir}/man3/ssl-$i.3
|
|
ln -snf ssl-$i.3%{_extension} %{buildroot}%{_mandir}/man3/openssl-$i.3%{_extension}
|
|
done
|
|
|
|
rm -rf {main,devel}-doc-info
|
|
mkdir -p {main,devel}-doc-info
|
|
cat - << EOF > main-doc-info/README.Mandriva-manpage
|
|
Warning:
|
|
The man page of passwd, passwd.1, has been renamed to ssl-passwd.1
|
|
to avoid a conflict with passwd.1 man page from the package passwd.
|
|
EOF
|
|
|
|
cat - << EOF > devel-doc-info/README.Mandriva-manpage
|
|
Warning:
|
|
The man page of rand, rand.3, has been renamed to ssl-rand.3
|
|
to avoid a conflict with rand.3 from the package man-pages
|
|
The man page of err, err.3, has been renamed to ssl-err.3
|
|
to avoid a conflict with err.3 from the package man-pages
|
|
EOF
|
|
|
|
chmod 755 %{buildroot}%{_libdir}/pkgconfig
|
|
|
|
%multiarch_includes %{buildroot}%{_includedir}/openssl/opensslconf.h
|
|
|
|
# strip cannot touch these unless 755
|
|
chmod 755 %{buildroot}%{_libdir}/openssl-%{version}/engines/*.so*
|
|
chmod 755 %{buildroot}%{_libdir}/*.so*
|
|
chmod 755 %{buildroot}%{_bindir}/*
|
|
|
|
# nuke a mistake
|
|
rm -f %{buildroot}%{_mandir}/man3/.3
|
|
|
|
# Fix libdir.
|
|
pushd %{buildroot}%{_libdir}/pkgconfig
|
|
for i in *.pc ; do
|
|
sed 's,^libdir=${exec_prefix}/lib$,libdir=${exec_prefix}/%{_lib},g' \
|
|
$i >$i.tmp && \
|
|
cat $i.tmp >$i && \
|
|
rm -f $i.tmp
|
|
done
|
|
popd
|
|
|
|
# adjust ssldir
|
|
perl -pi -e "s|^CATOP=.*|CATOP=%{_sysconfdir}/pki/tls|g" %{buildroot}%{_sysconfdir}/pki/tls/misc/CA
|
|
perl -pi -e "s|^\\\$CATOP\=\".*|\\\$CATOP\=\"%{_sysconfdir}/pki/tls\";|g" %{buildroot}%{_sysconfdir}/pki/tls/misc/CA.pl
|
|
perl -pi -e "s|\./demoCA|%{_sysconfdir}/pki/tls|g" %{buildroot}%{_sysconfdir}/pki/tls/openssl.cnf
|