+# NOTE: 3.3.x is previous-stable line
+# - for 3.5.x (current stable) see DEVEL branch (requires DEVEL p11-kit)
#
# Conditional build:
-%bcond_with gcrypt # use gcrypt crypto backend instead of nettle (broken or withdrawn?)
+%bcond_without dane # libdane (DANE with DNSSEC certificate verification)
+%bcond_without openssl # libgnutls-openssl compatibility library
+%bcond_without tpm # TPM support in gnutls
+%bcond_without static_libs # static libraries
+%bcond_without doc # do not generate documentation
#
Summary: The GNU Transport Layer Security Library
Summary(pl.UTF-8): Biblioteka GNU TLS (Transport Layer Security)
Name: gnutls
-Version: 3.0.14
-Release: 2
-License: LGPL v3+ (libgnutls), GPL v3+ (openssl library and tools)
+Version: 3.4.6
+Release: 1
+License: LGPL v2.1+ (libgnutls), LGPL v3+ (libdane), GPL v3+ (openssl library and tools)
Group: Libraries
-Source0: ftp://ftp.gnutls.org/pub/gnutls/%{name}-%{version}.tar.xz
-# Source0-md5: 0d613985c867846ccb5cbaba8fa576ef
+Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.4/%{name}-%{version}.tar.lz
+# Source0-md5: bbb3eb5232d392cf96fd4b4b3ee39e58
Patch0: %{name}-info.patch
Patch1: %{name}-link.patch
-Patch2: %{name}-pl.po-update.patch
-URL: http://www.gnu.org/software/gnutls/
+URL: http://www.gnutls.org/
BuildRequires: autoconf >= 2.61
-BuildRequires: autogen >= 5.14
-BuildRequires: autogen-devel >= 5.14
-BuildRequires: automake >= 1:1.11
-BuildRequires: gettext-devel >= 0.18
-BuildRequires: gtk-doc >= 1.1
+BuildRequires: autogen
+BuildRequires: autogen-devel
+BuildRequires: automake >= 1:1.12.2
+BuildRequires: gettext-tools >= 0.18
+BuildRequires: gmp-devel
+%{?with_doc:BuildRequires: gtk-doc >= 1.1}
BuildRequires: guile-devel >= 5:2.0
BuildRequires: libcfg+-devel
-%{?with_gcrypt:BuildRequires: libgcrypt-devel >= 1.4.0}
-BuildRequires: libidn-devel
+BuildRequires: libidn-devel >= 0.5.6
BuildRequires: libstdc++-devel
-BuildRequires: libtasn1-devel >= 2.10
-BuildRequires: libtool >= 2:1.5
-%{!?with_gcrypt:BuildRequires: nettle-devel >= 2.4}
+BuildRequires: libtasn1-devel >= 4.3
+BuildRequires: libtool >= 2:2
+BuildRequires: lzip
+BuildRequires: nettle-devel >= 3.1
# miniopencdk is included in sources and currently maintained
# as part of gnutls, not external package
#BuildRequires: opencdk-devel >= 0.6.6
-BuildRequires: p11-kit-devel >= 0.11
+BuildRequires: p11-kit-devel >= 0.23.1
BuildRequires: pkgconfig
BuildRequires: readline-devel
BuildRequires: rpmbuild(macros) >= 1.383
+BuildRequires: sed >= 4.0
BuildRequires: tar >= 1:1.22
-BuildRequires: texinfo >= 4.8
-BuildRequires: xz
+%{?with_doc:BuildRequires: texinfo >= 4.8}
+%{?with_tpm:BuildRequires: trousers-devel >= 0.3.11}
+%{?with_dane:BuildRequires: unbound-devel}
BuildRequires: zlib-devel
-Requires(post,postun): /sbin/ldconfig
-%{?with_gcrypt:Requires: libgcrypt >= 1.4.0}
-Requires: libtasn1 >= 2.10
-%{!?with_gcrypt:Requires: nettle >= 2.4}
-#Requires: opencdk >= 0.6.6
-Requires: p11-kit >= 0.11
+Requires: %{name}-libs = %{version}-%{release}
+%{?with_dane:Requires: %{name}-dane = %{version}-%{release}}
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
%description
Aktualnie biblioteka gnuTLS implementuje standardy proponowane przez
grupę roboczą IETF TLS.
+%package libs
+Summary: GnuTLS shared libraries
+Summary(pl.UTF-8): Biblioteki współdzielone GnuTLS
+Group: Libraries
+Requires: libidn >= 0.5.6
+Requires: libtasn1 >= 4.3
+Requires: nettle >= 3.1
+#Requires: opencdk >= 0.6.6
+Requires: p11-kit >= 0.23.1
+%{?with_tpm:Requires: trousers-libs >= 0.3.11}
+Conflicts: gnutls < 3.2.0
+
+%description libs
+GnuTLS shared libraries.
+
+%description libs -l pl.UTF-8
+Biblioteki współdzielone GnuTLS.
+
%package devel
Summary: Header files etc to develop gnutls applications
Summary(pl.UTF-8): Pliki nagłówkowe i inne do gnutls
License: LGPL v2.1+ (libgnutls), GPL v3+ (openssl library)
Group: Development/Libraries
-Requires: %{name} = %{version}-%{release}
-%{?with_gcrypt:Requires: libgcrypt-devel >= 1.4.0}
-Requires: libtasn1-devel >= 2.10
-%{!?with_gcrypt:Requires: nettle-devel >= 2.4}
+Requires: %{name}-libs = %{version}-%{release}
+Requires: libidn-devel >= 0.5.6
+Requires: libtasn1-devel >= 4.3
+Requires: nettle-devel >= 3.1
#Requires: opencdk-devel >= 0.6.6
-Requires: p11-kit-devel >= 0.11
+Requires: p11-kit-devel >= 0.23.1
+%{?with_tpm:Requires: trousers-devel >= 0.3.11}
Requires: zlib-devel
%description devel
Summary(pl.UTF-8): libgnutlsxx - interfejs C++ do biblioteki gnutls
License: LGPL v2.1+
Group: Libraries
-Requires: %{name} = %{version}-%{release}
+Requires: %{name}-libs = %{version}-%{release}
%description c++
libgnutlsxx - C++ interface to gnutls library.
%description c++-static -l pl.UTF-8
Statyczna wersja libgnutlsxx - interfejsu C++ do biblioteki gnutls.
+%package dane
+Summary: DANE security library
+Summary(pl.UTF-8): Biblioteka bezpieczeństwa DANE
+Group: Libraries
+Requires: %{name}-libs = %{version}-%{release}
+
+%description dane
+DANE security library.
+
+%description dane -l pl.UTF-8
+Biblioteka bezpieczeństwa DANE.
+
+%package dane-devel
+Summary: Header file for DANE security library
+Summary(pl.UTF-8): Plik nagłówkowy biblioteki bezpieczeństwa DANE
+Group: Development/Libraries
+Requires: %{name}-dane = %{version}-%{release}
+Requires: %{name}-devel = %{version}-%{release}
+Requires: unbound-devel
+
+%description dane-devel
+Header file for DANE security library.
+
+%description dane-devel -l pl.UTF-8
+Plik nagłówkowy biblioteki bezpieczeństwa DANE.
+
+%package dane-static
+Summary: Static DANE security library
+Summary(pl.UTF-8): Statyczna biblioteka bezpieczeństwa DANE
+Group: Development/Libraries
+Requires: %{name}-dane-devel = %{version}-%{release}
+
+%description dane-static
+Static DANE security library.
+
+%description dane-static -l pl.UTF-8
+Statyczna biblioteka bezpieczeństwa DANE.
+
+%package openssl
+Summary: OpenSSL compatibility library for GnuTLS
+Summary(pl.UTF-8): Biblioteka zgodności z OpenSSL dla GnuTLS
+Group: Libraries
+Requires: %{name}-libs = %{version}-%{release}
+
+%description openssl
+OpenSSL compatibility library for GnuTLS.
+
+%description openssl -l pl.UTF-8
+Biblioteka zgodności z OpenSSL dla GnuTLS.
+
+%package openssl-devel
+Summary: Header file for gnutls-openssl library
+Summary(pl.UTF-8): Plik nagłówkowy biblioteki gnutls-openssl
+Group: Development/Libraries
+Requires: %{name}-devel = %{version}-%{release}
+Requires: %{name}-openssl = %{version}-%{release}
+
+%description openssl-devel
+Header file for gnutls-openssl library.
+
+%description openssl-devel -l pl.UTF-8
+Plik nagłówkowy biblioteki gnutls-openssl.
+
+%package openssl-static
+Summary: Static gnutls-openssl library
+Summary(pl.UTF-8): Statyczna biblioteka gnutls-openssl
+Group: Development/Libraries
+Requires: %{name}-openssl-devel = %{version}-%{release}
+
+%description openssl-static
+Static gnutls-openssl library.
+
+%description openssl-static -l pl.UTF-8
+Statyczna biblioteka gnutls-openssl.
+
%package -n guile-gnutls
Summary: Guile bindings for GnuTLS
Summary(pl.UTF-8): Wiązania Guile do GnuTLS
License: LGPL v2.1+
Group: Development/Languages
-Requires: %{name} = %{version}-%{release}
+Requires: %{name}-libs = %{version}-%{release}
Requires: guile >= 5:2.0
%description -n guile-gnutls
%setup -q
%patch0 -p1
%patch1 -p1
-%patch2 -p1
%{__rm} po/stamp-po
-# regenerate autogen stuff
-%{__rm} src/{ocsptool-args,p11tool-args,psk-args,cli-debug-args,cli-args,serv-args,srptool-args,certtool-args}.[ch]
%build
+%{__mv} build-aux/snippet{,.save}
%{__libtoolize}
-%{__aclocal} -I m4 -I gl/m4 -I src/libopts/m4
+%{__mv} build-aux/snippet{.save,}
+%{__aclocal} -I m4 -I gl/m4 -I src/libopts/m4 -I src/gl/m4
%{__autoconf}
%{__autoheader}
%{__automake}
%configure \
+ %{?with_openssl:--enable-openssl-compatibility} \
--disable-silent-rules \
- %{?with_gcrypt:--with-libgcrypt}
+ %{?with_static_libs:--enable-static} \
+ --with-default-trust-store-file=/etc/certs/ca-certificates.crt \
+ %{!?with_tpm:--without-tpm} \
+ --with-trousers-lib=%{_libdir}/libtspi.so.1 \
+ %{!?with_doc:--disable-doc}
# docs build is broken with -jN
%{__make} -j1
# .pc file missing for libgnutls-openssl, and it needs libgnutls.la
# guile module - dynamic only
-%{__rm} $RPM_BUILD_ROOT%{_libdir}/guile/2.0/guile-gnutls-*.{la,a}
+%{__rm} $RPM_BUILD_ROOT%{_libdir}/guile/2.0/guile-gnutls-*.la
+%if %{with static_libs}
+%{__rm} $RPM_BUILD_ROOT%{_libdir}/guile/2.0/guile-gnutls-*.a
+%endif
-rm -f $RPM_BUILD_ROOT%{_infodir}/dir
+%{__rm} -f $RPM_BUILD_ROOT%{_infodir}/dir
%find_lang %{name}
rm -rf $RPM_BUILD_ROOT
%post
-/sbin/ldconfig
[ ! -x /usr/sbin/fix-info-dir ] || /usr/sbin/fix-info-dir %{_infodir} >/dev/null 2>&1
%postun
-/sbin/ldconfig
[ ! -x /usr/sbin/fix-info-dir ] || /usr/sbin/fix-info-dir %{_infodir} >/dev/null 2>&1
+%post libs -p /sbin/ldconfig
+%postun libs -p /sbin/ldconfig
+
%post c++ -p /sbin/ldconfig
%postun c++ -p /sbin/ldconfig
+%post dane -p /sbin/ldconfig
+%postun dane -p /sbin/ldconfig
+
+%post openssl -p /sbin/ldconfig
+%postun openssl -p /sbin/ldconfig
+
%post -n guile-gnutls -p /sbin/ldconfig
%postun -n guile-gnutls -p /sbin/ldconfig
%attr(755,root,root) %{_bindir}/p11tool
%attr(755,root,root) %{_bindir}/psktool
%attr(755,root,root) %{_bindir}/srptool
-%attr(755,root,root) %{_libdir}/libgnutls.so.*.*.*
-%attr(755,root,root) %ghost %{_libdir}/libgnutls.so.28
-%attr(755,root,root) %{_libdir}/libgnutls-openssl.so.*.*.*
-%attr(755,root,root) %ghost %{_libdir}/libgnutls-openssl.so.27
+%{?with_tpm:%attr(755,root,root) %{_bindir}/tpmtool}
+%if %{with doc}
%{_mandir}/man1/certtool.1*
%{_mandir}/man1/gnutls-*.1*
%{_mandir}/man1/ocsptool.1*
%{_mandir}/man1/p11tool.1*
%{_mandir}/man1/psktool.1*
%{_mandir}/man1/srptool.1*
+%{_mandir}/man1/tpmtool.1*
%{_infodir}/gnutls.info*
%{_infodir}/gnutls-*.png
%{_infodir}/pkcs11-vision.png
+%endif
+
+%files libs
+%defattr(644,root,root,755)
+%attr(755,root,root) %{_libdir}/libgnutls.so.*.*.*
+%attr(755,root,root) %ghost %{_libdir}/libgnutls.so.30
%files devel
%defattr(644,root,root,755)
%attr(755,root,root) %{_libdir}/libgnutls.so
-%attr(755,root,root) %{_libdir}/libgnutls-openssl.so
%{_libdir}/libgnutls.la
-%{_libdir}/libgnutls-openssl.la
%{_includedir}/gnutls
+%{?with_dane:%exclude %{_includedir}/gnutls/dane.h}
%exclude %{_includedir}/gnutls/gnutlsxx.h
+%{?with_openssl:%exclude %{_includedir}/gnutls/openssl.h}
%{_pkgconfigdir}/gnutls.pc
-%{_mandir}/man3/gnutls_*.3*
+%{?with_doc:%{_mandir}/man3/gnutls_*.3*}
+%if %{with static_libs}
%files static
%defattr(644,root,root,755)
%{_libdir}/libgnutls.a
-%{_libdir}/libgnutls-openssl.a
+%endif
%files c++
%defattr(644,root,root,755)
%{_libdir}/libgnutlsxx.la
%{_includedir}/gnutls/gnutlsxx.h
+%if %{with static_libs}
%files c++-static
%defattr(644,root,root,755)
%{_libdir}/libgnutlsxx.a
+%endif
+
+%if %{with dane}
+%files dane
+%defattr(644,root,root,755)
+%attr(755,root,root) %{_bindir}/danetool
+%attr(755,root,root) %{_libdir}/libgnutls-dane.so.*.*.*
+%attr(755,root,root) %ghost %{_libdir}/libgnutls-dane.so.0
+%{?with_doc:%{_mandir}/man1/danetool.1*}
+
+%files dane-devel
+%defattr(644,root,root,755)
+%attr(755,root,root) %{_libdir}/libgnutls-dane.so
+%{_libdir}/libgnutls-dane.la
+%{_includedir}/gnutls/dane.h
+%{_pkgconfigdir}/gnutls-dane.pc
+
+%if %{with static_libs}
+%files dane-static
+%defattr(644,root,root,755)
+%{_libdir}/libgnutls-dane.a
+%endif
+%endif
+
+%if %{with openssl}
+%files openssl
+%defattr(644,root,root,755)
+%attr(755,root,root) %{_libdir}/libgnutls-openssl.so.*.*.*
+%attr(755,root,root) %ghost %{_libdir}/libgnutls-openssl.so.27
+
+%files openssl-devel
+%defattr(644,root,root,755)
+%attr(755,root,root) %{_libdir}/libgnutls-openssl.so
+%{_libdir}/libgnutls-openssl.la
+%{_includedir}/gnutls/openssl.h
+
+%files openssl-static
+%defattr(644,root,root,755)
+%{_libdir}/libgnutls-openssl.a
+%endif
%files -n guile-gnutls
%defattr(644,root,root,755)
%attr(755,root,root) %{_libdir}/guile/2.0/guile-gnutls-v-2.so*
%{_datadir}/guile/site/gnutls.scm
%{_datadir}/guile/site/gnutls
-%{_infodir}/gnutls-guile.info*
+%{?with_doc:%{_infodir}/gnutls-guile.info*}