source: spec/trunk/SPECS/openssl.spec@ 788

Last change on this file since 788 was 565, checked in by dmik, 11 years ago

spec: openssl: Release 1.0.0r-1.
File size: 11.9 KB
Line 
1# Note: this .spec is borrowed from openssl-1.0.0k-2.1.src.rpm
2
3# For the curious:
4# 0.9.5a soversion = 0
5# 0.9.6 soversion = 1
6# 0.9.6a soversion = 2
7# 0.9.6c soversion = 3
8# 0.9.7a soversion = 4
9# 0.9.7ef soversion = 5
10# 0.9.8ab soversion = 6
11# 0.9.8g soversion = 7
12# 0.9.8jk + EAP-FAST soversion = 8
13# 1.0.0 soversion = 10
14%define soversion 10
15
16# Number of threads to spawn when testing some threading fixes.
17%define thread_test_threads %{?threads:%{threads}}%{!?threads:1}
18
19# Arches on which we need to prevent arch conflicts on opensslconf.h, must
20# also be handled in opensslconf-new.h.
21%define multilib_arches %{ix86} ia64 ppc ppc64 s390 s390x sparcv9 sparc64 x86_64
22
23Summary: A general purpose cryptography library with TLS implementation
24Name: openssl
25Version: 1.0.0r
26Release: 1%{?dist}
27
28#Source: openssl-%{version}.tar.gz
29
30License: OpenSSL
31Group: System Environment/Libraries
32URL: http://www.openssl.org/
33BuildRoot: %{_tmppath}/%{name}-%{version}-root
34BuildRequires: coreutils, perl, sed, zlib-devel, diffutils
35# krb5-devel
36Requires: coreutils, ca-certificates
37
38%define svn_url http://svn.netlabs.org/repos/ports/openssl/branches/1.0.0
39%define svn_rev 1133
40
41Source: %{name}-%{version}-r%{svn_rev}.zip
42
43BuildRequires: gcc make subversion zip
44
45%description
46The OpenSSL toolkit provides support for secure communications between
47machines. OpenSSL includes a certificate management tool and shared
48libraries which provide various cryptographic algorithms and
49protocols.
50
51%package devel
52Summary: Files for development of applications which will use OpenSSL
53Group: Development/Libraries
54Requires: %{name} = %{version}-%{release}, zlib-devel
55Requires: pkgconfig
56
57%description devel
58OpenSSL is a toolkit for supporting cryptography. The openssl-devel
59package contains include files needed to develop applications which
60support various cryptographic algorithms and protocols.
61
62%package static
63Summary: Libraries for static linking of applications which will use OpenSSL
64Group: Development/Libraries
65Requires: %{name}-devel = %{version}-%{release}
66
67%description static
68OpenSSL is a toolkit for supporting cryptography. The openssl-static
69package contains static libraries needed for static linking of
70applications which support various cryptographic algorithms and
71protocols.
72
73%package perl
74Summary: Perl scripts provided with OpenSSL
75Group: Applications/Internet
76Requires: perl
77Requires: %{name} = %{version}-%{release}
78
79%description perl
80OpenSSL is a toolkit for supporting cryptography. The openssl-perl
81package provides Perl scripts for converting certificates and keys
82from other formats to the formats used by the OpenSSL toolkit.
83
84%prep
85%if %(sh -c 'if test -f "%{_sourcedir}/%{name}-%{version}-r%{svn_rev}.zip" ; then echo 1 ; else echo 0 ; fi')
86%setup -q
87%else
88%setup -n "%{name}-%{version}" -Tc
89# we can't use svn export since it fails on symlinks (OS/2 bug in at least SVN 1.6.16), emulate with checkout
90#svn export -r %{svn_rev} %{svn_url} . --force
91svn checkout -r %{svn_rev} %{svn_url} .
92find . -type d -path "*/.svn" -exec rm -rf "{}" +
93rm -f "%{_sourcedir}/%{name}-%{version}-r%{svn_rev}.zip"
94(cd .. && zip -SrX9 "%{_sourcedir}/%{name}-%{version}-r%{svn_rev}.zip" "%{name}-%{version}")
95%endif
96
97# Modify the various perl scripts to reference perl in the right location.
98%{__perl} util/perlpath.pl `dirname %{__perl}`
99
100# Generate a table with the compile settings for my perusal.
101touch Makefile
102make TABLE PERL=%{__perl}
103
104%build
105# Figure out which flags we want to use.
106# default
107sslarch=OS2-KNIX
108
109# Configure the build tree. Override OpenSSL defaults with known-good defaults
110# usable on all platforms. The Configure script already knows to use -fPIC and
111# RPM_OPT_FLAGS, so we can skip specifiying them here.
112
113export CFLAGS="${CFLAGS:-%optflags}"
114export PERL="%{__perl}"
115
116./Configure \
117 --prefix=%{_usr} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
118 zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
119 enable-cms enable-md2 experimental-jpake \
120 shared ${sslarch}
121
122# Original Fedora's openssl-1.0.0k-2.1 flags:
123# zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
124# enable-cms enable-md2 no-idea experimental-jpake \
125# --with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines \
126# --with-krb5-dir=/usr shared ${sslarch} %{?!nofips:fips}
127
128# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
129# marked as not requiring an executable stack.
130#RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack"
131make depend
132# YD smp build not supported
133make all
134
135# Generate hashes for the included certs.
136make rehash
137
138# Overwrite FIPS README
139#cp -f %{SOURCE11} .
140
141%check
142# Verify that what was compiled actually works.
143
144# We must revert patch33 before tests otherwise they will fail
145#patch -p1 -R < %{PATCH33}
146
147#LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
148#export LD_LIBRARY_PATH
149#make -C test apps tests
150#%{__cc} -o openssl-thread-test \
151# `krb5-config --cflags` \
152# -I./include \
153# $RPM_OPT_FLAGS \
154# %{SOURCE8} \
155# -L. \
156# -lssl -lcrypto \
157# `krb5-config --libs` \
158# -lpthread -lz -ldl
159#./openssl-thread-test --threads %{thread_test_threads}
160
161# Add generation of HMAC checksum of the final stripped library
162#%define __spec_install_post \
163# %{?__debug_package:%{__debug_install_post}} \
164# %{__arch_install_post} \
165# %{__os_install_post} \
166# crypto/fips/fips_standalone_sha1 $RPM_BUILD_ROOT/%{_lib}/libcrypto.so.%{version} >$RPM_BUILD_ROOT/%{_lib}/.libcrypto.so.%{version}.hmac \
167# ln -sf .libcrypto.so.%{version}.hmac $RPM_BUILD_ROOT/%{_lib}/.libcrypto.so.%{soversion}.hmac \
168# crypto/fips/fips_standalone_sha1 $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{version}.hmac \
169# ln -sf .libssl.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{soversion}.hmac \
170#%{nil}
171
172%install
173[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
174
175# Install OpenSSL.
176install -d $RPM_BUILD_ROOT%{_bindir}
177install -d $RPM_BUILD_ROOT%{_includedir}
178install -d $RPM_BUILD_ROOT%{_libdir}
179install -d $RPM_BUILD_ROOT%{_mandir}
180install -d $RPM_BUILD_ROOT%{_libdir}/openssl
181make INSTALL_PREFIX=$RPM_BUILD_ROOT install
182make INSTALL_PREFIX=$RPM_BUILD_ROOT install_docs
183
184cp ssl_s.a $RPM_BUILD_ROOT%{_libdir}
185cp ssl%{soversion}.dll $RPM_BUILD_ROOT%{_libdir}
186cp crypto_s.a $RPM_BUILD_ROOT%{_libdir}
187cp crypto%{soversion}.dll $RPM_BUILD_ROOT%{_libdir}
188
189# Remove duplicate DLLs with lib* prefix (todo: fix it in Makefiles)
190rm -f $RPM_BUILD_ROOT%{_libdir}/lib*%{soversion}.dll
191
192mv $RPM_BUILD_ROOT%{_libdir}/engines $RPM_BUILD_ROOT%{_libdir}/openssl
193mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man/* $RPM_BUILD_ROOT%{_mandir}/
194rmdir $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man
195
196#rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT%{_libdir}/*.so.%{soversion}
197#mkdir $RPM_BUILD_ROOT/%{_lib}
198#mv $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{version} $RPM_BUILD_ROOT/%{_lib}
199#for lib in $RPM_BUILD_ROOT%{_libdir}/*.so.%{version} ; do
200# chmod 755 ${lib}
201# ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`
202# ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`.%{soversion}
203#done
204#for lib in $RPM_BUILD_ROOT/%{_lib}/*.so.%{version} ; do
205# chmod 755 ${lib}
206# ln -s -f ../../%{_lib}/`basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`
207# ln -s -f `basename ${lib}` $RPM_BUILD_ROOT/%{_lib}/`basename ${lib} .%{version}`.%{soversion}
208#done
209
210# Install a makefile for generating keys and self-signed certs, and a script
211# for generating them on the fly.
212mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs
213#install -m644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs/Makefile
214#install -m755 %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs/make-dummy-cert
215
216# Make sure we actually include the headers we built against.
217for header in $RPM_BUILD_ROOT%{_includedir}/openssl/* ; do
218 if [ -f ${header} -a -f include/openssl/$(basename ${header}) ] ; then
219 install -m644 include/openssl/`basename ${header}` ${header}
220 fi
221done
222
223# Rename man pages so that they don't conflict with other system man pages.
224#pushd $RPM_BUILD_ROOT%{_mandir}
225for manpage in $RPM_BUILD_ROOT%{_mandir}/man*/* ; do
226 if [ -L ${manpage} ]; then
227 TARGET=`ls -l ${manpage} | awk '{ print $NF }'`
228 ln -snf ${TARGET}ssl ${manpage}ssl
229 rm -f ${manpage}
230 else
231 mv ${manpage} ${manpage}ssl
232 fi
233done
234#for conflict in passwd rand ; do
235# rename ${conflict} ssl${conflict} man*/${conflict}*
236#done
237#popd
238
239# Pick a CA script.
240#pushd $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc
241mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc/CA.sh $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc/CA
242#popd
243
244mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA
245mkdir -m700 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/private
246mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/certs
247mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/crl
248mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/newcerts
249
250# Ensure the openssl.cnf timestamp is identical across builds to avoid
251# mulitlib conflicts and unnecessary renames on upgrade
252#touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf
253
254# Determine which arch opensslconf.h is going to try to #include.
255#basearch=i386
256#%ifarch %{multilib_arches}
257# Do an opensslconf.h switcheroo to avoid file conflicts on systems where you
258# can have both a 32- and 64-bit version of the library, and they each need
259# their own correct-but-different versions of opensslconf.h to be usable.
260#install -m644 %{SOURCE10} \
261# $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf-${basearch}.h
262#cat $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf.h >> \
263# $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf-${basearch}.h
264#install -m644 %{SOURCE9} \
265# $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf.h
266#%endif
267
268# Remove unused files from upstream fips support
269rm -rf $RPM_BUILD_ROOT/%{_bindir}/openssl_fips_fingerprint
270rm -rf $RPM_BUILD_ROOT/%{_libdir}/fips_premain.*
271rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
272
273%clean
274[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
275
276%files
277%defattr(-,root,root)
278%doc FAQ LICENSE CHANGES NEWS INSTALL README
279%doc doc/c-indentation.el doc/openssl.txt
280%doc doc/openssl_button.html doc/openssl_button.gif
281%doc doc/ssleay.txt
282#%doc README.FIPS
283%dir %{_sysconfdir}/pki/tls
284%dir %{_sysconfdir}/pki/tls/certs
285#%{_sysconfdir}/pki/tls/certs/make-dummy-cert
286#%{_sysconfdir}/pki/tls/certs/Makefile
287%dir %{_sysconfdir}/pki/tls/misc
288%{_sysconfdir}/pki/tls/misc/CA
289%dir %{_sysconfdir}/pki/CA
290%dir %{_sysconfdir}/pki/CA/private
291%dir %{_sysconfdir}/pki/CA/certs
292%dir %{_sysconfdir}/pki/CA/crl
293%dir %{_sysconfdir}/pki/CA/newcerts
294%{_sysconfdir}/pki/tls/misc/c_*
295%{_sysconfdir}/pki/tls/private
296
297%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
298
299%attr(0755,root,root) %{_bindir}/openssl.exe
300%attr(0755,root,root) %{_libdir}/crypto%{soversion}.dll
301%attr(0755,root,root) %{_libdir}/ssl%{soversion}.dll
302#%attr(0644,root,root) /%{_lib}/.libcrypto.so.*.hmac
303#%attr(0644,root,root) %{_libdir}/.libssl.so.*.hmac
304%attr(0755,root,root) %{_libdir}/openssl
305%attr(0644,root,root) %{_mandir}/man1*/[ABD-Zabcd-z]*
306%attr(0644,root,root) %{_mandir}/man5*/*
307%attr(0644,root,root) %{_mandir}/man7*/*
308
309%files devel
310%defattr(-,root,root)
311%{_prefix}/include/openssl
312%attr(0755,root,root) %{_libdir}/lib*.a
313%attr(0644,root,root) %{_mandir}/man3*/*
314%attr(0644,root,root) %{_libdir}/pkgconfig/*.pc
315
316%files static
317%defattr(-,root,root)
318%attr(0644,root,root) %{_libdir}/*_s.a
319
320%files perl
321%defattr(-,root,root)
322%attr(0755,root,root) %{_bindir}/c_rehash
323%attr(0644,root,root) %{_mandir}/man1*/*.pl*
324%{_sysconfdir}/pki/tls/misc/*.pl
325%{_sysconfdir}/pki/tls/misc/tsget
326
327%changelog
328* Fri Apr 3 2015 Dmitriy Kuminov <coding@dmik.org> 1.0.0r-1
329- Update to version 1.0.0r.
330- Enable new algorithms: idea, md2, mdc2, ec, jpake.
331- Rebuild with kLIBC 0.6.6 and GCC 4.9.2.
332
333* Tue Sep 2 2014 Dmitriy Kuminov <coding@dmik.org> 1.0.0n-1
334- Update to version 1.0.0n.
335- Move find.pl to SVN repository.
336- Remove DLLs from devel package.
337
338* Wed Dec 05 2012 yd
339- ca-certificates are required for proper ssl checks.
340- added File::Find wrapper for find.pl.
341
342* Mon Jan 16 2012 yd
343- rebuild with libc 0.6.4 runtime.
Note: See TracBrowser for help on using the repository browser.