summaryrefslogtreecommitdiff
path: root/packaging/openssl.spec
blob: 4311db9dfe353976d09ab29b1de82d4db9067945 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
Name:           openssl
BuildRequires:  bc
BuildRequires:  ed
BuildRequires:  pkg-config
BuildRequires:  zlib-devel
%define ssletcdir %{_sysconfdir}/ssl
%define num_version 1.0.0
Provides:       ssl
Version:        1.0.2e
Release:        0
Summary:        Secure Sockets and Transport Layer Security
License:        OpenSSL and BSD-2.0 and Apache-2.0
Group:          Security/Crypto Libraries
Url:            http://www.openssl.org/
Source:         http://www.%{name}.org/source/%{name}-%{version}.tar.gz
# to get mtime of file:
Source1:        openssl.changes
Source2:        baselibs.conf
Source1001: 	openssl.manifest

%description
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and open source toolkit implementing
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
v1) protocols with full-strength cryptography. The project is managed
by a worldwide community of volunteers that use the Internet to
communicate, plan, and develop the OpenSSL toolkit and its related
documentation.

Derivation and License

OpenSSL is based on the excellent SSLeay library developed by Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style license, which basically means that you are free to get it
and to use it for commercial and noncommercial purposes.

%package -n libopenssl
Summary:        Secure Sockets and Transport Layer Security
Group:          Security/Crypto Libraries

%description -n libopenssl
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and open source toolkit implementing
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
v1) protocols with full-strength cryptography. The project is managed
by a worldwide community of volunteers that use the Internet to
communicate, plan, and develop the OpenSSL toolkit and its related
documentation.

Derivation and License

OpenSSL is based on the excellent SSLeay library developed by Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style license, which basically means that you are free to get it
and to use it for commercial and noncommercial purposes.


%package -n libopenssl-devel
Summary:        Include Files and Libraries mandatory for Development
Group:          Development/Libraries
Obsoletes:      openssl-devel < %{version}
Requires:       %name = %version
Requires:       libopenssl = %{version}
Requires:       zlib-devel
Provides:       openssl-devel = %{version}

%description -n libopenssl-devel
This package contains all necessary include files and libraries needed
to develop applications that require these.

%package misc
Summary:        Additional data files and scripts for %{name}
Group:          Security/Crypto Libraries

%description misc
Additional data files and scripts for %{name}.

%package doc
Summary:        Additional Package Documentation
Group:          Security/Crypto Libraries
BuildArch:      noarch

%description doc
This package contains optional documentation provided in addition to
this package's base documentation.

%prep
%setup -q
cp %{SOURCE1001} .

echo "adding/overwriting some entries in the 'table' hash in Configure"
# $dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags
export DSO_SCHEME='dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::'
cat <<EOF_ED | ed -s Configure
/^);
-
i
#
# local configuration added from specfile
# ... MOST of those are now correct in openssl's Configure already,
# so only add them for new ports!
#
#config-string,  $cc:$cflags:$unistd:$thread_cflag:$sys_id:$lflags:$bn_ops:$cpuid_obj:$bn_obj:$des_obj:$aes_obj:$bf_obj:$md5_obj:$sha1_obj:$cast_obj:$rc4_obj:$rmd160_obj:$rc5_obj:$wp_obj:$cmll_obj:$dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags:$multilib
#"linux-elf",    "gcc:-DL_ENDIAN			::-D_REENTRANT::-ldl:BN_LLONG \${x86_gcc_des} \${x86_gcc_opts}:\${x86_elf_asm}:$DSO_SCHEME:",
#"linux-ia64",   "gcc:-DL_ENDIAN	-DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:\${ia64_asm}:		$DSO_SCHEME:",
#"linux-ppc",    "gcc:-DB_ENDIAN			::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:\${no_asm}:		$DSO_SCHEME:",
#"linux-ppc64",  "gcc:-DB_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL SIXTY_FOUR_BIT_LONG:\${no_asm}:	$DSO_SCHEME:64",
"linux-elf-arm","gcc:-DL_ENDIAN			::-D_REENTRANT::-ldl:BN_LLONG:\${no_asm}:							$DSO_SCHEME:",
"linux-mips",   "gcc:-DB_ENDIAN			::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:\${no_asm}:		$DSO_SCHEME:",
"linux-sparcv7","gcc:-DB_ENDIAN			::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:\${no_asm}:			$DSO_SCHEME:",
#"linux-sparcv8","gcc:-DB_ENDIAN -DBN_DIV2W -mv8	::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::asm/sparcv8.o:::::::::::::	$DSO_SCHEME:",
#"linux-x86_64", "gcc:-DL_ENDIAN -DNO_ASM -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG:\${no_asm}:						$DSO_SCHEME:64",
#"linux-s390",   "gcc:-DB_ENDIAN			::(unknown):   :-ldl:BN_LLONG:\${no_asm}:							$DSO_SCHEME:",
#"linux-s390x",  "gcc:-DB_ENDIAN -DNO_ASM -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG:\${no_asm}:					$DSO_SCHEME:64",
"linux-parisc",	"gcc:-DB_ENDIAN 		::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR DES_PTR DES_UNROLL DES_RISC1:\${no_asm}:			$DSO_SCHEME:",
.
wq
EOF_ED
# fix ENGINESDIR path
sed -i 's,/lib/engines,/%_lib/engines,' Configure
# Record mtime of changes file instead of build time
CHANGES=`stat --format="%y" %SOURCE1`
sed -i -e "s|#define DATE \(.*\).LC_ALL.*date.|#define DATE \1$CHANGES|" crypto/Makefile

%build
RPM_OPT_FLAGS=$(echo $RPM_OPT_FLAGS | sed -s "s/--param=ssp-buffer-size=32//g")
export RPM_OPT_FLAGS

./config --test-sanity
#
config_flags="threads shared no-rc5 no-idea no-asm \
enable-camellia enable-md2 \
zlib \
--prefix=%{_prefix} \
--libdir=%{_lib} \
--openssldir=%{ssletcdir} \
$RPM_OPT_FLAGS -std=gnu99 \
-Wa,--noexecstack \
-fomit-frame-pointer \
-DTERMIO \
-DPURIFY \
-DSSL_FORBID_ENULL \
-D_GNU_SOURCE \
$(getconf LFS_CFLAGS) \
-Wall \
-fstack-protector "
#
#%{!?do_profiling:%define do_profiling 0}
#%if %do_profiling
#	# generate feedback
#	./config $config_flags
#	make depend CC="gcc %cflags_profile_generate"
#	make CC="gcc %cflags_profile_generate"
#	LD_LIBRARY_PATH=`pwd` make rehash CC="gcc %cflags_profile_generate"
#	LD_LIBRARY_PATH=`pwd` make test CC="gcc %cflags_profile_generate"
#	LD_LIBRARY_PATH=`pwd` apps/openssl speed
#	make clean
#	# compile with feedback
#	# but not if it makes a cipher slower:
#	#find crypto/aes -name '*.da' | xargs -r rm
#	./config $config_flags %cflags_profile_feedback
#	make depend
#	make
#	LD_LIBRARY_PATH=`pwd` make rehash
#	LD_LIBRARY_PATH=`pwd` make test
#%else
# OpenSSL relies on uname -m (not good). Thus that little sparc line.
	./config \
		$config_flags
	make depend
	make
	LD_LIBRARY_PATH=`pwd` make rehash
	#LD_LIBRARY_PATH=`pwd` make test
#%endif
# show settings
make TABLE
echo $RPM_OPT_FLAGS
eval $(egrep PLATFORM='[[:alnum:]]' Makefile)
grep -B1 -A22 "^\*\*\* $PLATFORM$" TABLE

%install
rm -rf $RPM_BUILD_ROOT
make MANDIR=%{_mandir} INSTALL_PREFIX=$RPM_BUILD_ROOT install
ln -sf ./%{name} $RPM_BUILD_ROOT/%{_includedir}/ssl
mkdir $RPM_BUILD_ROOT/%{_datadir}/ssl
mv $RPM_BUILD_ROOT/%{ssletcdir}/misc $RPM_BUILD_ROOT/%{_datadir}/ssl/
# ln -s %{ssletcdir}/certs 	$RPM_BUILD_ROOT/%{_datadir}/ssl/certs
# ln -s %{ssletcdir}/private 	$RPM_BUILD_ROOT/%{_datadir}/ssl/private
# ln -s %{ssletcdir}/openssl.cnf 	$RPM_BUILD_ROOT/%{_datadir}/ssl/openssl.cnf
#

# avoid file conflicts with man pages from other packages
#
pushd $RPM_BUILD_ROOT/%{_mandir}
# some man pages now contain spaces. This makes several scripts go havoc, among them /usr/sbin/Check.
# replace spaces by underscores
#for i in man?/*\ *; do mv -v "$i" "${i// /_}"; done
which readlink &>/dev/null || function readlink { ( set +x; target=$(file $1 2>/dev/null); target=${target//* }; test -f $target && echo $target; ) }
for i in man?/*; do
	if test -L $i ; then
	    LDEST=`readlink $i`
	    rm -f $i ${i}ssl
	    ln -sf ${LDEST}ssl ${i}ssl
	else
	    mv $i ${i}ssl
        fi
	case `basename ${i%.*}` in
	    asn1parse|ca|config|crl|crl2pkcs7|crypto|dgst|dhparam|dsa|dsaparam|enc|gendsa|genrsa|nseq|openssl|passwd|pkcs12|pkcs7|pkcs8|rand|req|rsa|rsautl|s_client|s_server|smime|spkac|ssl|verify|version|x509)
		# these are the pages mentioned in openssl(1). They go into the main package.
		echo %doc %{_mandir}/${i}ssl.gz >> $OLDPWD/filelist.doc;;
	    *)
		# the rest goes into the openssl-doc package.
		echo %doc %{_mandir}/${i}ssl.gz >> $OLDPWD/filelist.doc;;
	esac
done
popd
#
# check wether some shared library has been installed
#
ls -l $RPM_BUILD_ROOT%{_libdir}
test -f $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{num_version}
test -f $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{num_version}
test -L $RPM_BUILD_ROOT%{_libdir}/libssl.so
test -L $RPM_BUILD_ROOT%{_libdir}/libcrypto.so
#
# see what we've got
#
cat > showciphers.c <<EOF
#include <openssl/err.h>
#include <openssl/ssl.h>
int main(){
unsigned int i;
SSL_CTX *ctx;
SSL *ssl;
SSL_METHOD *meth;
  meth = SSLv23_client_method();
  SSLeay_add_ssl_algorithms();
  ctx = SSL_CTX_new(meth);
  if (ctx == NULL) return 0;
  ssl = SSL_new(ctx);
  if (!ssl) return 0;
  for (i=0; ; i++) {
    int j, k;
    SSL_CIPHER *sc;
    sc = (meth->get_cipher)(i);
    if (!sc) break;
    k = SSL_CIPHER_get_bits(sc, &j);
    printf("%s\n", sc->name);
  }
  return 0;
};
EOF
gcc $RPM_OPT_FLAGS -I${RPM_BUILD_ROOT}%{_includedir} -c showciphers.c
gcc -o showciphers showciphers.o -L${RPM_BUILD_ROOT}%{_libdir} -lssl -lcrypto
LD_LIBRARY_PATH=${RPM_BUILD_ROOT}%{_libdir} ./showciphers > AVAILABLE_CIPHERS || true
cat AVAILABLE_CIPHERS
# Do not install demo scripts executable under /usr/share/doc
find demos -type f -perm /111 -exec chmod 644 {} \;

%post -n libopenssl -p /sbin/ldconfig

%postun -n libopenssl -p /sbin/ldconfig

%files -n libopenssl
%manifest %{name}.manifest
%defattr(-, root, root)
%license LICENSE
%{_libdir}/libssl.so.%{num_version}
%{_libdir}/libcrypto.so.%{num_version}
%{_libdir}/engines

%files -n libopenssl-devel
%manifest %{name}.manifest
%defattr(-, root, root)
%{_includedir}/%{name}/
%{_includedir}/ssl
%exclude %{_libdir}/libcrypto.a
%exclude %{_libdir}/libssl.a
%{_libdir}/libssl.so
%{_libdir}/libcrypto.so
%_libdir/pkgconfig/libcrypto.pc
%_libdir/pkgconfig/libssl.pc
%_libdir/pkgconfig/openssl.pc

%files doc -f filelist.doc
%manifest %{name}.manifest
%defattr(-, root, root)
%doc doc/* demos
%doc showciphers.c

%files
%manifest %{name}.manifest
%defattr(-, root, root)
%license LICENSE
%dir %{ssletcdir}
%config (noreplace) %{ssletcdir}/openssl.cnf
%attr(700,root,root) %{ssletcdir}/private
%dir %{_datadir}/ssl
%{_bindir}/%{name}

%files misc
%manifest %{name}.manifest
%{_datadir}/ssl/misc
%{_bindir}/c_rehash


%changelog