openssl1.1/openssl1.1.spec

%define major 1.1
%define engines_name %mklibname openssl-engines %{major}
%define libcrypto %mklibname crypto %{major}
%define libssl %mklibname ssl %{major}

%define openssl_engines_dir %{_libdir}/engines-%{major}

%define _docs %{expand:
%doc AUTHORS \
%doc CHANGES \
%doc LICENSE \
%doc FAQ \
%doc NEWS \
%doc README \
%doc README.ENGINE
}

Summary:	OpenSSL 1.1 for platforms with OpenSSL 1.0 as the main version of OpenSSL
Name:		openssl1.1
Version:	1.1.1g
Release:	1
License:	OpenSSL
Group:		System/Libraries
Url:		https://www.openssl.org
Source0:	ftp://ftp.openssl.org/source/openssl-%{version}.tar.gz
Source1:	%{name}.rpmlintrc
Source4:	openssl-thread-test.c
Patch1:		openssl-alt-e2k-makecontext.patch
BuildRequires:	bc
BuildRequires:	sctp-devel
# Take %%_openssldir from here
BuildRequires:	pkgconfig(openssl)
BuildRequires:	pkgconfig(zlib)
# for %%check, ./test/run_tests.pl
BuildRequires:	perl-devel
BuildRequires:	perl-Module-Load-Conditional
BuildRequires:	perl(File::Spec::Functions)
BuildRequires:	perl(File::Basename)
BuildRequires:	perl(FindBin)
BuildRequires:	perl(Test::Harness)
BuildRequires:	perl(Test::More)
%if %{mdvver} <= 201610
BuildRequires:	perl
%else
BuildRequires:	/usr/bin/pod2html
BuildRequires:	/usr/bin/pod2man
%endif
Requires:	%{engines_name} = %{EVRD}
Requires:	perl-base
Requires:	rootcerts
# using /etc/pki/tls from the main openssl package (openssl 1.0)
Requires:	openssl
Provides:	openssl%{major} = %{EVRD}

%description
The openssl certificate management tool and the shared libraries that provide
various encryption and decription algorithms and protocols, including DES, RC4,
RSA and SSL.
This is OpenSSL 1.1 for platforms with OpenSSL 1.0 as the main version of OpenSSL.

%files
%_docs
%attr(0755,root,root) %{_bindir}/%{name}
%{_mandir}/man[157]/%{name}_*
%{_mandir}/man1/%{name}.1*
%{_defaultdocdir}/openssl/html/man[157]

#----------------------------------------------------------------------------

%package -n %{engines_name}
Summary:	Engines for %{name}
Group:		System/Libraries
Provides:	%{name}-engines = %{EVRD}

%description -n %{engines_name}
This package provides engines for openssl.

%files -n %{engines_name}
%_docs
%attr(0755,root,root) %dir %{openssl_engines_dir}/
%attr(0755,root,root) %{openssl_engines_dir}/*.so

#----------------------------------------------------------------------------

%package -n %{libcrypto}
Summary:	Secure Sockets Layer communications libs
Group:		System/Libraries
Requires:	%{libssl} = %{EVRD}

%description -n %{libcrypto}
The libraries files are needed for various cryptographic algorithms
and protocols, including DES, RC4, RSA and SSL.

%files -n %{libcrypto}
%_docs
%{_libdir}/libcrypto.so.%{major}*

#----------------------------------------------------------------------------

%package -n %{libssl}
Summary:	Secure Sockets Layer communications libs
Group:		System/Libraries

%description -n %{libssl}
The libraries files are needed for various cryptographic algorithms
and protocols, including DES, RC4, RSA and SSL.

%files -n %{libssl}
%_docs
%{_libdir}/libssl.so.%{major}*

#----------------------------------------------------------------------------

%prep
%autosetup -p1 -n openssl-%{version}

cp %{SOURCE4} openssl-thread-test.c

%build

# In rosa2016.1: /usr/bin/ld: crypto/bio/bio_cb.o: relocation R_X86_64_PC32 against undefined symbol
# `stderr@@GLIBC_2.2.5' can not be used when making a shared object; recompile with -fPIC
%if %{mdvver} <= 201610
%setup_compile_flags
# (From openssl rosa2016.1)
# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
# marked as not requiring an executable stack.
export CFLAGS="$CFLAGS -Wa,--noexecstack"
%else
%serverbuild
%endif

# Figure out which flags we want to use.
# default
sslarch=%{_os}-%{_arch}
%ifarch %{ix86}
sslarch=linux-elf
if ! echo %{_target} | grep -q i[56]86 ; then
	sslflags="no-asm"
fi
%endif
%ifarch %{arm}
sslarch=linux-generic32
%endif
# from ALT
%ifarch riscv64 %{e2k}
sslarch=linux-generic64
%endif

# ia64, x86_64, ppc, ppc64 are OK by default
# Configure the build tree.  Override OpenSSL defaults with known-good defaults
# usable on all platforms.  The Configure script already knows to use -fPIC and
# RPM_OPT_FLAGS, so we can skip specifiying them here.
./Configure \
	--prefix=%{_prefix} \
	--libdir=%{_libdir} \
	--openssldir=%{_openssldir} \
	${sslflags} \
	enable-camellia \
	enable-cms \
	enable-md2 \
	enable-rc5 \
	enable-rfc3779 \
	enable-sctp \
	enable-seed \
	enable-ssl3 \
	enable-ssl3-method \
	no-ec2m \
	no-mdc2 \
	no-srp \
	zlib-dynamic \
	shared \
	${sslarch}

%make all

%check
# Verify that what was compiled actually works.
export LD_LIBRARY_PATH=%{buildroot}%{_libdir}
# from OMV and ALT
OPENSSL_ENABLE_MD5_VERIFY=
export OPENSSL_ENABLE_MD5_VERIFY
OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file
export OPENSSL_SYSTEM_CIPHERS_OVERRIDE
# (mikhailnov) TODO: they fail, fix them?!
rm -f test/recipes/10-test_bn.t
rm -f test/recipes/80-test_ssl_new.t   
make test

%__cc -o openssl-thread-test \
	-I./include \
	%{optflags} \
	openssl-thread-test.c \
	-L. -lssl -lcrypto \
	-lpthread -lz -ldl

./openssl-thread-test --threads 4

%install

%makeinstall_std
( cd %{buildroot}%{_bindir}
  mv openssl openssl%{major}
)

# Based on libressl, rename mans xxx.N to openssl1.1_xxx.N
for i in $(seq 1 8)
do
  man_dir="%{buildroot}%{_mandir}/man${i}"
  if [ ! -d "$man_dir" ]; then continue; fi
  ( cd "$man_dir"
    grep -Irl '/etc/ssl' . | xargs sed -i 's,/etc/ssl,%{_openssldir},g' || :
    if find . -name '%{name}_*' | grep -q '.' ; then
      echo 'Rewrite spec because upstream %{name}_* manpages appeared!'
      exit 1
    fi
    # Make all man pages with potentially the same names as in OpenSSL
    # be avaialble in standard man directories, but prevent conflicts with OpenSSL
    for openssl_manpage in $(ls -1v | grep -vE '^OPENSSL_|^openssl\.') ; do
      openssl_LibreSSL_manpage="%{name}_${openssl_manpage}"
      mv -v "$openssl_manpage" "$openssl_LibreSSL_manpage"
    done
    for openssl_manpage in $(ls -1v | grep '^openssl\.') ; do
      openssl_LibreSSL_manpage="$(echo "$openssl_manpage" | sed -e 's,openssl,%{name},g')"
      mv -v "$openssl_manpage" "$openssl_LibreSSL_manpage"
    done

    # relink symlinks
    error=0
    for i in *
    do
	  if [ ! -L "$i" ]; then continue; fi
      realpath="$(realpath "$i")"
      if [ ! -e "$realpath"; then
	    if echo "$realpath" | grep -q '/openssl_'
	      then new_dest="$(echo "$realpath" | sed -e 's,/openssl_,/%{name}_,g')"
	      else new_dest="%{name}_$(echo "$realpath" | awk -F '/' '{print $NF}')"
	    fi
	    if [ ! -e "$new_dest" ]; then
		  list_not_e="${list_not_e}\n${new_dest}"
		  error=1
		fi
		rm -fv "$i"
		ln -s "$new_dest" "$i"
	  fi
	done
	if [ "$error" != 0 ]; then
	  echo "Not existing destinations: ${list_not_e}"
	  exit 1
	fi
  )
done

# strip cannot touch these unless 755
chmod 755 %{buildroot}%{openssl_engines_dir}/*.so*
chmod 755 %{buildroot}%{_libdir}/*.so*
chmod 755 %{buildroot}%{_bindir}/*

# Remove devel parts (openssl 1.0 is devel)
( cd %{buildroot}
  rm -fvr \
	./%{_bindir}/c_rehash \
	./%{_libdir}/*.so \
	./%{_libdir}/*.a \
	./%{_includedir} \
	./%{_openssldir} \
	./%{_libdir}/pkgconfig \
	./%{_mandir}/man3 \
	./%{_defaultdocdir}/openssl/html/man3
)