openssl1.1/openssl.spec

%define major 1.1
%define engines_name %mklibname openssl-engines %{major}
%define libcrypto %mklibname crypto %{major}
%define libssl %mklibname ssl %{major}
%define devname %mklibname openssl -d
%define staticname %mklibname openssl -s -d

# This directory is defined in /usr/bin/openssl-config and %%_rpmmacrodir/*openssl*
# during the build.
# The purpose is a system-wide definition of this directory
# to guarantee consistency across the whole repository.
%define _openssldir %{_sysconfdir}/pki/tls
%define openssl_engines_dir %{_libdir}/engines-%{major}

%define _docs %{expand:
%doc AUTHORS \
%doc CHANGES \
%doc LICENSE \
%doc FAQ \
%doc NEWS \
%doc README \
%doc README.ENGINE
}

Summary:	Secure Sockets Layer communications libs & utils
Name:		openssl
Version:	1.1.1g
Release:	2
License:	OpenSSL
Group:		System/Libraries
Url:		https://www.openssl.org
Source0:	ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
Source2:	Makefile.certificate
Source3:	make-dummy-cert
Source4:	openssl-thread-test.c
Source5:	openssl-config
Patch1:		openssl-alt-e2k-makecontext.patch
BuildRequires:	bc
BuildRequires:	sctp-devel
BuildRequires:	pkgconfig(zlib)
# for %%check, ./test/run_tests.pl
BuildRequires:	perl-devel
BuildRequires:	perl-Module-Load-Conditional
BuildRequires:	perl(File::Spec::Functions)
BuildRequires:	perl(File::Basename)
BuildRequires:	perl(FindBin)
BuildRequires:	perl(Test::Harness)
BuildRequires:	perl(Test::More)
Requires:	%{engines_name} = %{EVRD}
Requires:	perl-base
Requires:	rootcerts
Provides:	openssl%{major} = %{EVRD}
Provides:	openssl-config = %{EVRD}

%description
The openssl certificate management tool and the shared libraries that provide
various encryption and decription algorithms and protocols, including DES, RC4,
RSA and SSL.

%files
%_docs
%dir %{_sysconfdir}/pki
%dir %{_sysconfdir}/pki/CA
%dir %{_sysconfdir}/pki/CA/private
%dir %{_openssldir}
%dir %{_openssldir}/certs
%dir %{_openssldir}/misc
%dir %{_openssldir}/private
%dir %{_openssldir}/rootcerts
%attr(0644,root,root) %config(noreplace) %{_openssldir}/openssl.cnf
%attr(0644,root,root) %config(noreplace) %{_openssldir}/ct_log_list.cnf
%attr(0755,root,root) %{_openssldir}/certs/make-dummy-cert
%attr(0644,root,root) %{_openssldir}/certs/Makefile
%attr(0755,root,root) %{_openssldir}/misc/*
%attr(0755,root,root) %{_bindir}/*
%attr(0644,root,root) %{_mandir}/man[157]/*
%{_defaultdocdir}/openssl/html/man[157]

#----------------------------------------------------------------------------

%package -n %{engines_name}
Summary:	Engines for openssl
Group:		System/Libraries
Provides:	openssl-engines = %{EVRD}

%description -n %{engines_name}
This package provides engines for openssl.

%files -n %{engines_name}
%_docs
%attr(0755,root,root) %dir %{openssl_engines_dir}/
%attr(0755,root,root) %{openssl_engines_dir}/*.so

#----------------------------------------------------------------------------

%package -n %{libcrypto}
Summary:	Secure Sockets Layer communications libs
Group:		System/Libraries
Requires:	%{libssl} = %{EVRD}

%description -n %{libcrypto}
The libraries files are needed for various cryptographic algorithms
and protocols, including DES, RC4, RSA and SSL.

%files -n %{libcrypto}
%_docs
%{_libdir}/libcrypto.so.%{major}*

#----------------------------------------------------------------------------

%package -n %{libssl}
Summary:	Secure Sockets Layer communications libs
Group:		System/Libraries

%description -n %{libssl}
The libraries files are needed for various cryptographic algorithms
and protocols, including DES, RC4, RSA and SSL.

%files -n %{libssl}
%_docs
%{_libdir}/libssl.so.%{major}*

#----------------------------------------------------------------------------

%package -n %{devname}
Summary:	Secure Sockets Layer communications libs & headers & utils
Group:		Development/Other
Requires:	%{libssl} = %{EVRD}
Requires:	%{libcrypto} = %{EVRD}
Provides:	libopenssl-devel = %{EVRD}
Provides:	%{name}-devel = %{EVRD}

%description -n %{devname}
The libraries and include files needed to compile apps with support
for various cryptographic algorithms and protocols, including DES, RC4, RSA
and SSL.

%files -n %{devname}
%_docs
%dir %{_includedir}/openssl
%{_includedir}/openssl/*
%{_libdir}/libcrypto.so
%{_libdir}/libssl.so
%{_mandir}/man3/*
%{_defaultdocdir}/openssl/html/man3
%{_libdir}/pkgconfig/*
%{_rpmmacrodir}/*openssl*

#----------------------------------------------------------------------------

%package -n %{staticname}
Summary:	Secure Sockets Layer communications static libs
Group:		Development/Other
Requires:	%{devname} = %{EVRD}
Provides:	libopenssl-static-devel = %{EVRD}
Provides:	%{name}-static-devel = %{EVRD}

%description -n %{staticname}
The static libraries needed to compile apps with support for various
cryptographic algorithms and protocols, including DES, RC4, RSA and SSL.

%files -n %{staticname}
%_docs
%attr(0644,root,root) %{_libdir}/lib*.a

#----------------------------------------------------------------------------

%prep
%autosetup -p1

cp %{SOURCE2} Makefile.certificate
cp %{SOURCE3} make-dummy-cert
cp %{SOURCE4} openssl-thread-test.c

%build
%serverbuild

# Figure out which flags we want to use.
# default
sslarch=%{_os}-%{_arch}
%ifarch %{ix86}
sslarch=linux-elf
if ! echo %{_target} | grep -q i[56]86 ; then
	sslflags="no-asm"
fi
%endif
%ifarch %{arm}
sslarch=linux-generic32
%endif
# from ALT
%ifarch riscv64 %{e2k}
sslarch=linux-generic64
%endif

# ia64, x86_64, ppc, ppc64 are OK by default
# Configure the build tree.  Override OpenSSL defaults with known-good defaults
# usable on all platforms.  The Configure script already knows to use -fPIC and
# RPM_OPT_FLAGS, so we can skip specifiying them here.
./Configure \
	--prefix=%{_prefix} \
	--libdir=%{_libdir} \
	--openssldir=%{_openssldir} \
	${sslflags} \
	enable-camellia \
	enable-cms \
	enable-md2 \
	enable-rc5 \
	enable-rfc3779 \
	enable-sctp \
	enable-seed \
	enable-ssl3 \
	enable-ssl3-method \
	no-ec2m \
	no-mdc2 \
	no-srp \
	zlib-dynamic \
	shared \
	${sslarch}

%make all

%check
# Verify that what was compiled actually works.
export LD_LIBRARY_PATH=%{buildroot}%{_libdir}
# from OMV and ALT
OPENSSL_ENABLE_MD5_VERIFY=
export OPENSSL_ENABLE_MD5_VERIFY
OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file
export OPENSSL_SYSTEM_CIPHERS_OVERRIDE
# (mikhailnov) TODO: they fail, fix them?!
rm -f test/recipes/10-test_bn.t
rm -f test/recipes/80-test_ssl_new.t   
make test

%__cc -o openssl-thread-test \
	-I./include \
	%{optflags} \
	openssl-thread-test.c \
	-L. -lssl -lcrypto \
	-lpthread -lz -ldl

./openssl-thread-test --threads 4

%install

%makeinstall_std

# make the rootcerts dir
install -d %{buildroot}%{_openssldir}/rootcerts

# Install a makefile for generating keys and self-signed certs, and a script
# for generating them on the fly.
install -d %{buildroot}%{_openssldir}/certs
install -m0644 Makefile.certificate %{buildroot}%{_openssldir}/certs/Makefile
install -m0755 make-dummy-cert %{buildroot}%{_openssldir}/certs/make-dummy-cert

# Pick a CA script.
mv %{buildroot}%{_openssldir}/misc/CA.pl %{buildroot}%{_openssldir}/misc/CA

install -d %{buildroot}%{_sysconfdir}/pki/CA
install -d %{buildroot}%{_sysconfdir}/pki/CA/private

# openssl was named ssleay in "ancient" times.
ln -snf openssl %{buildroot}%{_bindir}/ssleay

ln -snf openssl %{buildroot}%{_bindir}/openssl%{major}

# From ALT Linux
# Rename some man pages, fix references.
for f in passwd.1 config.5; do
name="${f%%.*}"
sect="${f##*.}"
NAME=`printf %%s "$name" |tr '[:lower:]' '[:upper:]'`
sed -i "s/\\<$NAME $sect\\>/SSL&/" %{buildroot}%{_mandir}/man"$sect/$f"
mv -v %{buildroot}%{_mandir}/man"$sect"/{,ssl}"$f"
find %{buildroot}%{_mandir} -type f -print0 |
xargs -r0 grep -FZl "\\fI$name\\fR\\|($sect)" -- |
xargs -r0 subst -p "s/\\\\fI$name\\\\fR\\\\|($sect)/\\\\fIssl$name\\\\fR\\\\|($sect)/" --
find %{buildroot}%{_mandir} -type l |while read link; do
[ "$(readlink -n "$link")" = "$f" ] || continue
ln -sfv "ssl$f" "$link"
done
done

chmod 755 %{buildroot}%{_libdir}/pkgconfig

# strip cannot touch these unless 755
chmod 755 %{buildroot}%{openssl_engines_dir}/*.so*
chmod 755 %{buildroot}%{_libdir}/*.so*
chmod 755 %{buildroot}%{_bindir}/*

# Fix libdir.
pushd %{buildroot}%{_libdir}/pkgconfig
	for i in *.pc ; do
		sed 's,^libdir=${exec_prefix}/lib$,libdir=${exec_prefix}/%{_libdir},g' \
			$i >$i.tmp && \
			cat $i.tmp >$i && \
			rm -f $i.tmp
	done
popd

# adjust ssldir
perl -pi -e "s|^CATOP=.*|CATOP=%{_openssldir}|g" %{buildroot}%{_openssldir}/misc/CA
perl -pi -e "s|^\\\$CATOP\=\".*|\\\$CATOP\=\"%{_openssldir}\";|g" %{buildroot}%{_openssldir}/misc/CA.pl
perl -pi -e "s|\./demoCA|%{_openssldir}|g" %{buildroot}%{_openssldir}/openssl.cnf

# remove example configs
rm -fv %{buildroot}%{_openssldir}/*.dist

# install openssl-config
install -m0755 %{SOURCE5} %{buildroot}/%{_bindir}/
# define values in openssl-config
sed -i %{buildroot}/%{_bindir}/openssl-config \
	-e "s#@VERSION@#%{version}#g" \
	-e "s#@OPENSSLDIR@#%{_openssldir}#g" \
	-e "s#@CPPFLAGS@#${CPPFLAGS}#g" \
	-e "s#@CFLAGS@#${RPM_OPT_FLAGS}#g" \
	-e "s#@LDFLAGS@#%{ldflags}#g"
# test openssl-config
[ "$(%{buildroot}/%{_bindir}/openssl-config --openssldir)" = '%{_openssldir}' ]

# Having sovers as macros may be useful to check that binaries are linked against OpenSSL
# Alike LibreSSL package
cat << EOF > macros.file
%%_openssldir %{_openssldir}
%%openssl_version %{version}
%%openssl_major %{major}
%%openssl_libcrypto_sover %{major}
%%openssl_libssl_sover %{major}
%%openssl_prefix %{_prefix}
%%openssl_engines_dir %{openssl_engines_dir}
EOF
%install_macro openssl macros.file