From 78b41e4951e7410ae641e5749516216996cf4492 Mon Sep 17 00:00:00 2001
From: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
Date: Sun, 23 Dec 2018 10:28:27 +0300
Subject: [PATCH] Adjust and install openssl-config

---
 openssl-config | 22 ++++++++++-----------
 openssl.spec   | 53 ++++++++++++++++++++++++++++++++------------------
 2 files changed, 45 insertions(+), 30 deletions(-)

diff --git a/openssl-config b/openssl-config
index f8407eb..d8e71d7 100644
--- a/openssl-config
+++ b/openssl-config
@@ -3,11 +3,11 @@
 # openssl-config
 # provides configuration info for openssl.
 
-version=%version
-openssldir=%openssldir
-cppflags=
-cflags=
-ldflags=
+version="@VERSION@"
+openssldir="@OPENSSLDIR@"
+cppflags="@CPPFLAGS@"
+cflags="@CFLAGS@"
+ldflags="@LDFLAGS@"
 libs="-lcrypto -lssl"
 
 usage()
@@ -36,22 +36,22 @@ fi
 while test $# -gt 0; do
     case "$1" in
     --openssldir)
-        echo ${openssldir}
+        echo "${openssldir}"
         ;;
     --cflags)
-        echo ${cflags}
+        echo "${cflags}"
         ;;
     --cppflags)
-        echo ${cppflags}
+        echo "${cppflags}"
         ;;
     --libs)
-        echo ${libs}
+        echo "${libs}"
         ;;
     --ldflags)
-        echo ${ldflags}
+        echo "${ldflags}"
         ;;
     --version)
-        echo ${version}
+        echo "${version}"
         exit 0
         ;;
     --help)
diff --git a/openssl.spec b/openssl.spec
index f33cbb9..2c54ea1 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -18,10 +18,12 @@
 
 %define with_krb5 %{?_with_krb5:1}%{!?_with_krb5:0}
 
+%define openssldir %{_sysconfdir}/pki/tls
+
 Summary:	Secure Sockets Layer communications libs & utils
 Name:		openssl
 Version:	1.0.2q
-Release:	1
+Release:	2
 License:	BSD-like
 Group:		System/Libraries
 Url:		https://www.openssl.org
@@ -30,6 +32,7 @@ Source1:	ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz.asc
 Source2:	Makefile.certificate
 Source3:	make-dummy-cert
 Source4:	openssl-thread-test.c
+Source5:	openssl-config
 # Based on https://github.com/gost-engine/engine
 # Never remove gost-engine patches
 Patch0:		openssl-1.0.2l-gost-engine.patch
@@ -73,15 +76,15 @@ RSA and SSL.
 %dir %{_sysconfdir}/pki
 %dir %{_sysconfdir}/pki/CA
 %dir %{_sysconfdir}/pki/CA/private
-%dir %{_sysconfdir}/pki/tls
-%dir %{_sysconfdir}/pki/tls/certs
-%dir %{_sysconfdir}/pki/tls/misc
-%dir %{_sysconfdir}/pki/tls/private
-%dir %{_sysconfdir}/pki/tls/rootcerts
-%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
-%attr(0755,root,root) %{_sysconfdir}/pki/tls/certs/make-dummy-cert
-%attr(0644,root,root) %{_sysconfdir}/pki/tls/certs/Makefile
-%attr(0755,root,root) %{_sysconfdir}/pki/tls/misc/*
+%dir %{openssldir}
+%dir %{openssldir}/certs
+%dir %{openssldir}/misc
+%dir %{openssldir}/private
+%dir %{openssldir}/rootcerts
+%attr(0644,root,root) %config(noreplace) %{openssldir}/openssl.cnf
+%attr(0755,root,root) %{openssldir}/certs/make-dummy-cert
+%attr(0644,root,root) %{openssldir}/certs/Makefile
+%attr(0755,root,root) %{openssldir}/misc/*
 %attr(0755,root,root) %{_bindir}/*
 %attr(0644,root,root) %{_mandir}/man[157]/*
 
@@ -259,7 +262,7 @@ sslarch=linux-generic32
 # usable on all platforms.  The Configure script already knows to use -fPIC and
 # RPM_OPT_FLAGS, so we can skip specifiying them here.
 ./Configure \
-	--openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
+	--openssldir=%{openssldir} ${sslflags} \
 	--enginesdir=%{_libdir}/openssl-%{major}/engines \
 	--prefix=%{_prefix} --libdir=%{_lib}/ %{?_with_krb5:--with-krb5-flavor=MIT -I%{_prefix}/kerberos/include -L%{_prefix}/kerberos/%{_lib}} \
 	zlib no-idea no-rc5 enable-camellia enable-seed enable-tlsext enable-rfc3779 enable-cms sctp shared ${sslarch}
@@ -303,16 +306,16 @@ install -d %{buildroot}%{_libdir}/openssl-%{major}
 mv %{buildroot}%{_libdir}/engines %{buildroot}%{_libdir}/openssl-%{major}/engines
 
 # make the rootcerts dir
-install -d %{buildroot}%{_sysconfdir}/pki/tls/rootcerts
+install -d %{buildroot}%{openssldir}/rootcerts
 
 # Install a makefile for generating keys and self-signed certs, and a script
 # for generating them on the fly.
-install -d %{buildroot}%{_sysconfdir}/pki/tls/certs
-install -m0644 Makefile.certificate %{buildroot}%{_sysconfdir}/pki/tls/certs/Makefile
-install -m0755 make-dummy-cert %{buildroot}%{_sysconfdir}/pki/tls/certs/make-dummy-cert
+install -d %{buildroot}%{openssldir}/certs
+install -m0644 Makefile.certificate %{buildroot}%{openssldir}/certs/Makefile
+install -m0755 make-dummy-cert %{buildroot}%{openssldir}/certs/make-dummy-cert
 
 # Pick a CA script.
-mv %{buildroot}%{_sysconfdir}/pki/tls/misc/CA.sh %{buildroot}%{_sysconfdir}/pki/tls/misc/CA
+mv %{buildroot}%{openssldir}/misc/CA.sh %{buildroot}%{openssldir}/misc/CA
 
 install -d %{buildroot}%{_sysconfdir}/pki/CA
 install -d %{buildroot}%{_sysconfdir}/pki/CA/private
@@ -377,6 +380,18 @@ pushd %{buildroot}%{_libdir}/pkgconfig
 popd
 
 # adjust ssldir
-perl -pi -e "s|^CATOP=.*|CATOP=%{_sysconfdir}/pki/tls|g" %{buildroot}%{_sysconfdir}/pki/tls/misc/CA
-perl -pi -e "s|^\\\$CATOP\=\".*|\\\$CATOP\=\"%{_sysconfdir}/pki/tls\";|g" %{buildroot}%{_sysconfdir}/pki/tls/misc/CA.pl
-perl -pi -e "s|\./demoCA|%{_sysconfdir}/pki/tls|g" %{buildroot}%{_sysconfdir}/pki/tls/openssl.cnf
+perl -pi -e "s|^CATOP=.*|CATOP=%{openssldir}|g" %{buildroot}%{openssldir}/misc/CA
+perl -pi -e "s|^\\\$CATOP\=\".*|\\\$CATOP\=\"%{openssldir}\";|g" %{buildroot}%{openssldir}/misc/CA.pl
+perl -pi -e "s|\./demoCA|%{openssldir}|g" %{buildroot}%{openssldir}/openssl.cnf
+
+# install openssl-config
+install -m0755 %{SOURCE5} %{buildroot}/%{_bindir}/
+# define values in openssl-config
+sed -i %{buildroot}/%{_bindir}/openssl-config \
+	-e "s#@VERSION@#%{version}#g" \
+	-e "s#@OPENSSLDIR@#%{openssldir}#g" \
+	-e "s#@CPPFLAGS@#${CPPFLAGS}#g" \
+	-e "s#@CFLAGS@#${RPM_OPT_FLAGS}#g" \
+	-e "s#@LDFLAGS@#%{ldflags}#g"
+# test openssl-config
+[ "$(%{buildroot}/%{_bindir}/openssl-config --openssldir)" = '%{openssldir}' ]