- enable FIPS provider and Kernel TLS support
[packages/openssl.git] / openssl.spec
CommitLineData
44d8c69e 1#
2403ba81 2# Conditional build:
d76d59fa 3%bcond_without tests # don't perform "make tests"
d343076c 4%bcond_without zlib # zlib: note - enables CVE-2012-4929 vulnerability
7c7b781c 5%bcond_with sslv3 # SSLv3: note - enables CVE-2014-3566 vulnerability
dece7a9c 6
ce2ff00e 7Summary: OpenSSL Toolkit libraries for the "Secure Sockets Layer" (SSL v2/v3)
e6bfca5b
ER
8Summary(de.UTF-8): Secure Sockets Layer (SSL)-Kommunikationslibrary
9Summary(es.UTF-8): Biblioteca C que suministra algoritmos y protocolos criptográficos
10Summary(fr.UTF-8): Utilitaires de communication SSL (Secure Sockets Layer)
11Summary(pl.UTF-8): Biblioteki OpenSSL (SSL v2/v3)
12Summary(pt_BR.UTF-8): Uma biblioteca C que fornece vários algoritmos e protocolos criptográficos
13Summary(ru.UTF-8): Библиотеки и утилиты для соединений через Secure Sockets Layer
14Summary(uk.UTF-8): Бібліотеки та утиліти для з'єднань через Secure Sockets Layer
56470945 15Name: openssl
3f69fe91 16Version: 3.0.0
efa15d69 17Release: 2
3f69fe91 18License: Apache v2.0
56470945 19Group: Libraries
f6b630b8 20Source0: https://www.openssl.org/source/%{name}-%{version}.tar.gz
3f69fe91 21# Source0-md5: 43c5ab628b7ab899d7cd4a4c7fe4067f
62382817 22Source2: %{name}.1.pl
ea55f735 23Source3: %{name}-ssl-certificate.sh
d231add3 24Source4: %{name}-c_rehash.sh
3f69fe91
JR
25Patch0: %{name}-optflags.patch
26Patch1: %{name}-ca-certificates.patch
27Patch2: %{name}-find.patch
28Patch3: pic.patch
29Patch4: engines-dir.patch
bd7f0ef1 30URL: http://www.openssl.org/
0283944f 31BuildRequires: libsctp-devel
af59ed59 32BuildRequires: perl-devel >= 1:5.10.0
77211fc0 33BuildRequires: pkgconfig
9edbb66f 34BuildRequires: rpm-perlprov >= 4.1-13
20bc1dd7 35BuildRequires: rpmbuild(macros) >= 1.213
31b28434 36BuildRequires: sed >= 4.0
77211fc0 37BuildRequires: zlib-devel
618e7076 38Requires: ca-certificates >= 20141019-3
efa15d69 39Requires: %{name}-tools = %{version}-%{release}
dece7a9c 40Requires: rpm-whiteout >= 1.7
04a5ad1f
AF
41Obsoletes: SSLeay
42Obsoletes: SSLeay-devel
43Obsoletes: SSLeay-perl
a280467c 44Obsoletes: libopenssl0
efa15d69 45Obsoletes: openssl-engines < 3.0.0-2
4ec787ae 46%if "%{pld_release}" == "ac"
7bb98c5d 47Conflicts: neon < 0.26.3-3
e21ec158 48Conflicts: ntpd < 4.2.4p8-10
f3136daa 49Conflicts: openssh-clients < 2:5.8p1-9
4ec787ae
ER
50Conflicts: openssh-server < 2:5.8p1-9
51%else
3a24c9cc
ER
52Conflicts: neon < 0.29.6-8
53Conflicts: openssh-clients < 2:6.2p2-3
54Conflicts: openssh-server < 2:6.2p2-3
c04ce0eb 55%endif
0f86ef4a 56BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
21ac4f86
AF
57
58%description
59The OpenSSL Project is a collaborative effort to develop a robust,
b39fed70 60commercial-grade, full-featured, and Open Source toolkit implementing
61the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
62v1) protocols with full-strength cryptography world-wide. The project
63is managed by a worldwide community of volunteers that use the
64Internet to communicate, plan, and develop the OpenSSL tookit and its
65related documentation.
56470945 66
b39fed70 67OpenSSL is based on the excellent SSLeay library developed by Eric A.
68Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
69Apache-style licence, which basically means that you are free to get
70and use it for commercial and non-commercial purposes subject to some
71simple license conditions.
21ac4f86 72
fc19f542 73This package contains shared libraries only, install openssl-tools if
74you want to use openssl cmdline tool.
ce2ff00e 75
30e72515
JR
76%description -l de.UTF-8
77Openssl enthält das OpenSSL Zertifikatsmanagementtool und shared
78libraries, die verschiedene Verschlüsselungs- und
79Entschlüsselungsalgorithmen und -protokolle, wie DES, RC4, RSA und SSL
80zur Verfügung stellen.
453a8bf3 81
30e72515
JR
82%description -l es.UTF-8
83Biblioteca C que suministra algoritmos y protocolos criptográficos.
2fad19b0 84
30e72515 85%description -l fr.UTF-8
56470945 86OpenSSL est un outiil de gestion des certificats et les librairies
87partagees qui fournit plusieurs protocoles et algorithmes de
88codage/decodage, incluant DES, RC4, RSA et SSL.
2fad19b0 89
30e72515
JR
90%description -l pl.UTF-8
91Implementacja protokołów kryptograficznych Secure Socket Layer (SSL)
78b5e413
TP
92v2/v3 oraz Transport Layer Security (TLS v1).
93
30e72515
JR
94%description -l pt_BR.UTF-8
95Uma biblioteca C que fornece vários algoritmos e protocolos
96criptográficos, incluindo DES, RC4, RSA e SSL. Inclui bibliotecas
97compartilhadas e utilitários.
453a8bf3 98
30e72515
JR
99%description -l ru.UTF-8
100Программа openssl для работы с сертификатами и разделяемые библиотеки,
101которые реализуют множетсво криптографических алгоритмов, включая DES,
102RC4, RSA и SSL.
453a8bf3 103
30e72515
JR
104%description -l uk.UTF-8
105Програма openssl для роботи з сертифікатами та бібліотеки спільного
106користування, що реалізують велику кількість криптографічних
107алгоритмів, включаючи DES, RC4, RSA та SSL.
453a8bf3 108
ce2ff00e 109%package tools
110Summary: OpenSSL command line tool and utilities
e6bfca5b 111Summary(pl.UTF-8): Zestaw narzędzi i skryptów
fc19f542 112Group: Applications/Communications
82859ae1 113Requires: %{name} = %{version}-%{release}
9583cd23 114Requires: which
ce2ff00e 115
116%description tools
117The OpenSSL Toolkit cmdline tool openssl and utility scripts.
118
30e72515
JR
119%description tools -l pl.UTF-8
120Zestaw narzędzi i skryptów wywoływanych z linii poleceń.
78b5e413 121
ce2ff00e 122%package tools-perl
123Summary: OpenSSL utilities written in Perl
e6bfca5b 124Summary(pl.UTF-8): Narzędzia OpenSSL napisane w perlu
fc19f542 125Group: Applications/Communications
82859ae1 126Requires: %{name} = %{version}-%{release}
2b2149ff 127
ce2ff00e 128%description tools-perl
d86c2c8b 129OpenSSL Toolkit tools written in Perl.
2b2149ff 130
30e72515
JR
131%description tools-perl -l pl.UTF-8
132Narzędzia OpenSSL napisane w perlu.
78b5e413 133
faddd309 134%package devel
ce2ff00e 135Summary: Development part of OpenSSL Toolkit libraries
e6bfca5b
ER
136Summary(de.UTF-8): Secure Sockets Layer Kommunikationslibrary: statische libraries+header
137Summary(es.UTF-8): Bibliotecas y archivos de inclusión para desarrollo OpenSSL
138Summary(fr.UTF-8): Librairies statiques, headers et utilitaires pour communication SSL
139Summary(pl.UTF-8): Część bibiloteki OpenSSL przeznaczona dla programistów
140Summary(pt_BR.UTF-8): Bibliotecas e arquivos de inclusão para desenvolvimento OpenSSL
141Summary(ru.UTF-8): Библиотеки, хедеры и утилиты для Secure Sockets Layer
142Summary(uk.UTF-8): Бібліотеки, хедери та утиліти для Secure Sockets Layer
9c05bcac 143Group: Development/Libraries
82859ae1 144Requires: %{name} = %{version}-%{release}
a280467c 145Obsoletes: libopenssl0-devel
faddd309
AF
146
147%description devel
148Development part of OpenSSL library.
149
30e72515
JR
150%description devel -l es.UTF-8
151Bibliotecas y archivos de inclusión para desarrollo OpenSSL
453a8bf3 152
30e72515
JR
153%description devel -l pl.UTF-8
154Część biblioteki OpenSSL przeznaczona dla programistów.
faddd309 155
30e72515
JR
156%description devel -l pt_BR.UTF-8
157Uma biblioteca C que fornece vários algoritmos e protocolos
158criptográficos, incluindo DES, RC4, RSA e SSL. Inclui bibliotecas e
159arquivos de inclusão para desenvolvimento.
453a8bf3 160
30e72515
JR
161%description devel -l ru.UTF-8
162Программа openssl для работы с сертификатами и разделяемые библиотеки,
163которые реализуют множетсво криптографических алгоритмов, включая DES,
164RC4, RSA и SSL. Включает библиотеки и хедеры для разработки приложений
165с использованием SSL.
453a8bf3 166
30e72515
JR
167%description devel -l uk.UTF-8
168Програма openssl для роботи з сертифікатами та бібліотеки спільного
169користування, що реалізують велику кількість криптографічних
170алгоритмів, включаючи DES, RC4, RSA та SSL. Містить бібліотеки та
171хедери для розробки програм з використанням SSL.
453a8bf3 172
faddd309 173%package static
ce2ff00e 174Summary: Static OpenSSL libraries
e6bfca5b
ER
175Summary(pl.UTF-8): Statyczne wersje bibliotek z OpenSSL
176Summary(pt_BR.UTF-8): Bibliotecas estáticas para desenvolvimento com openssl
177Summary(ru.UTF-8): Статические библиотеки разработчика для OpenSSL
178Summary(uk.UTF-8): Статичні бібліотеки програміста для OpenSSL
9c05bcac 179Group: Development/Libraries
82859ae1 180Requires: %{name}-devel = %{version}-%{release}
faddd309
AF
181
182%description static
ce2ff00e 183Static OpenSSL Toolkit libraries.
faddd309 184
30e72515 185%description static -l pl.UTF-8
ce2ff00e 186Statyczne wersje bibliotek z OpenSSL.
faddd309 187
30e72515
JR
188%description static -l pt_BR.UTF-8
189Bibliotecas estáticas para desenvolvimento com openssl.
453a8bf3 190
30e72515
JR
191%description static -l ru.UTF-8
192Программа openssl для работы с сертификатами и разделяемые библиотеки,
193которые реализуют множетсво криптографических алгоритмов, включая DES,
194RC4, RSA и SSL. Включает статические библиотеки для разработки
195приложений с использованием OpenSSL.
453a8bf3 196
30e72515
JR
197%description static -l uk.UTF-8
198Програма openssl для роботи з сертифікатами та бібліотеки спільного
199користування, що реалізують велику кількість криптографічних
200алгоритмів, включаючи DES, RC4, RSA та SSL. Містить статичні
201бібліотеки для розробки програм з використанням SSL.
453a8bf3 202
21ac4f86 203%prep
3f69fe91
JR
204%setup -q
205%patch0 -p1
44d8c69e 206%patch1 -p1
3f69fe91 207%patch2 -p1
d3102ab2 208%patch3 -p1
3f69fe91 209%patch4 -p1
84745a0c 210
3f69fe91
JR
211# fails with enable-sctp as of 1.1.1
212%{__rm} test/recipes/80-test_ssl_new.t
a9839ec4 213
d76d59fa 214%build
00466ad3 215touch Makefile.*
04a5ad1f 216
7250cee4
JB
217PERL="%{__perl}" \
218%{__perl} ./Configure \
2a83d92e 219 --prefix=%{_prefix} \
0fdaa4e3 220 --openssldir=%{_sysconfdir}/%{name} \
6e7b8079 221 --libdir=%{_lib} \
08291e9a 222 -Wa,--noexecstack \
e1798b93
AM
223 shared \
224 threads \
2a82d451 225 %{?with_sslv3:enable-ssl3}%{!?with_sslv3:no-ssl3} \
93a4f283 226 %{!?with_zlib:no-}zlib \
215c1d6f
AM
227 enable-cms \
228 enable-idea \
05889491 229 enable-md2 \
e02b6d37 230 enable-mdc2 \
215c1d6f 231 enable-rc5 \
e02b6d37 232 enable-rfc3779 \
715b407d 233 enable-sctp \
e02b6d37 234 enable-seed \
efa15d69
JR
235 enable-camellia \
236 enable-ktls \
237 enable-fips \
e02b6d37
AM
238%ifarch %{x8664}
239 enable-ec_nistp_64_gcc_128 \
240%endif
51e76169 241%ifarch %{ix86}
04a32771 242%ifarch i386
9fc51b3c 243 386 linux-elf
915551a7 244# ^- allow running on 80386 (default code uses bswapl available on i486+)
51e76169 245%else
9fc51b3c 246 linux-elf
75c27cbe 247%endif
51e76169 248%endif
dfc15f38 249%ifarch alpha
1c6e2c73 250 linux-alpha-gcc
dfc15f38 251%endif
20bc1dd7 252%ifarch %{x8664}
9fc51b3c 253 linux-x86_64
e08c1652 254%endif
6bd2fbde
JR
255%ifarch x32
256 linux-x32
257%endif
dfc15f38 258%ifarch ia64
9fc51b3c 259 linux-ia64
dfc15f38 260%endif
75c27cbe 261%ifarch ppc
9fc51b3c
JB
262 linux-ppc
263%endif
264%ifarch ppc64
265 linux-ppc64
75c27cbe 266%endif
05285465 267%ifarch sparc
9fc51b3c 268 linux-sparcv8
0384baf6 269%endif
36db42b5 270%ifarch sparcv9
9fc51b3c 271 linux-sparcv9
36db42b5
PS
272%endif
273%ifarch sparc64
9fc51b3c 274 linux64-sparcv9
36db42b5 275%endif
1c6e2c73 276%ifarch %{arm}
9f6d1eb0 277 linux-armv4
278%endif
1c6e2c73
JB
279%ifarch aarch64
280 linux-aarch64
281%endif
05285465 282
81e27b7e 283v=$(awk -F= '/^VERSION/{print $2}' Makefile)
3f69fe91 284test "$v" = %{version}
7c7b781c 285
4c5d5b48 286%{__make} -j1 all %{?with_tests:tests} \
b84cddc8 287 CC="%{__cc}" \
1c6e2c73 288 OPTFLAGS="%{rpmcflags} %{rpmcppflags}" \
b84cddc8 289 INSTALLTOP=%{_prefix}
ce2ff00e 290
21ac4f86 291%install
04a5ad1f 292rm -rf $RPM_BUILD_ROOT
ce2ff00e 293install -d $RPM_BUILD_ROOT{%{_sysconfdir}/%{name},%{_libdir}/%{name}} \
4b251642
JK
294 $RPM_BUILD_ROOT{%{_mandir}/{pl/man1,man{1,3,5,7}},%{_datadir}/ssl} \
295 $RPM_BUILD_ROOT%{_pkgconfigdir}
faddd309 296
29a78a60 297%{__make} -j1 install \
20c78826 298 CC="%{__cc}" \
08291e9a 299 DESTDIR=$RPM_BUILD_ROOT
04a5ad1f 300
3f69fe91
JR
301%{__mv} $RPM_BUILD_ROOT%{_libdir}/lib*.so.* $RPM_BUILD_ROOT/%{_lib}
302ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libcrypto.*) $RPM_BUILD_ROOT%{_libdir}/libcrypto.so
303ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libssl.*) $RPM_BUILD_ROOT%{_libdir}/libssl.so
04a5ad1f 304
3819301b
JB
305%{__mv} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc/* $RPM_BUILD_ROOT%{_libdir}/%{name}
306%{__rm} -r $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc
04a5ad1f 307
20c78826
ER
308# html version of man pages - not packaged
309%{__rm} -r $RPM_BUILD_ROOT%{_docdir}/%{name}/html/man[1357]
1c008d35 310
848e9cf2 311cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_mandir}/pl/man1/openssl.1
dece7a9c
ER
312install -p %{SOURCE3} $RPM_BUILD_ROOT%{_bindir}/ssl-certificate
313install -p %{SOURCE4} $RPM_BUILD_ROOT%{_bindir}/c_rehash.sh
9fc51b3c 314
57dc6058
JB
315%clean
316rm -rf $RPM_BUILD_ROOT
61a04a63 317
d86c2c8b 318%post -p /sbin/ldconfig
ce2ff00e 319%postun -p /sbin/ldconfig
04a5ad1f 320
c8f5291b
ER
321%triggerpostun -- %{name}-tools < 1.0.0-5
322# the hashing format has changed in 1.0.0
323[ ! -x %{_sbindir}/update-ca-certificates ] || %{_sbindir}/update-ca-certificates --fresh || :
324
0fdaa4e3 325%triggerpostun -- %{name} < 0.9.8i-2
62bcfa4e
ER
326# don't do anything on --downgrade
327if [ $1 -le 1 ]; then
328 exit 0
329fi
0fdaa4e3
JR
330if [ -d /var/lib/openssl/certs ] ; then
331 mv /var/lib/openssl/certs/* %{_sysconfdir}/%{name}/certs 2>/dev/null || :
332fi
333if [ -d /var/lib/openssl/private ] ; then
334 mv /var/lib/openssl/private/* %{_sysconfdir}/%{name}/private 2>/dev/null || :
335fi
336if [ -d /var/lib/openssl ] ; then
337 for f in /var/lib/openssl/* ; do
338 [ -f "$f" ] && mv "$f" %{_sysconfdir}/%{name} 2>/dev/null || :
339 done
62bcfa4e
ER
340 rmdir /var/lib/openssl/* 2>/dev/null || :
341 rmdir /var/lib/openssl 2>/dev/null || :
0fdaa4e3
JR
342fi
343
21ac4f86 344%files
04a5ad1f 345%defattr(644,root,root,755)
3f69fe91
JR
346%doc CHANGES.md NEWS.md README.md doc/*.txt
347%attr(755,root,root) /%{_lib}/libcrypto.so.*
348%attr(755,root,root) /%{_lib}/libssl.so.*
efa15d69
JR
349%dir /%{_lib}/engines-3
350%attr(755,root,root) /%{_lib}/engines-3/*.so
3f69fe91 351%dir /%{_lib}/ossl-modules
efa15d69 352%attr(755,root,root) /%{_lib}/ossl-modules/fips.so
3f69fe91 353%attr(755,root,root) /%{_lib}/ossl-modules/legacy.so
fa6b6d15 354%dir %{_sysconfdir}/%{name}
355%dir %{_sysconfdir}/%{name}/certs
b38449e1 356%dir %attr(700,root,root) %{_sysconfdir}/%{name}/private
b87437db 357%dir %{_datadir}/ssl
ce2ff00e 358
359%files tools
360%defattr(644,root,root,755)
c4c6d146 361%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/ct_log_list.cnf
efa15d69 362%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/fipsmodule.cnf
623d135e 363%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/openssl.cnf
d231add3 364%attr(755,root,root) %{_bindir}/c_rehash.sh
44d8c69e 365%attr(755,root,root) %{_bindir}/openssl
ea55f735 366%attr(754,root,root) %{_bindir}/ssl-certificate
3f69fe91
JR
367%{_mandir}/man1/asn1parse.1*
368%{_mandir}/man1/ca.1*
369%{_mandir}/man1/ciphers.1*
370%{_mandir}/man1/cms.1*
371%{_mandir}/man1/crl.1*
372%{_mandir}/man1/crl2pkcs7.1*
373%{_mandir}/man1/dgst.1*
374%{_mandir}/man1/dhparam.1*
375%{_mandir}/man1/dsa.1*
376%{_mandir}/man1/dsaparam.1*
377%{_mandir}/man1/ec.1*
378%{_mandir}/man1/ecparam.1*
379%{_mandir}/man1/enc.1*
380%{_mandir}/man1/engine.1*
381%{_mandir}/man1/errstr.1*
382%{_mandir}/man1/gendsa.1*
383%{_mandir}/man1/genpkey.1*
384%{_mandir}/man1/genrsa.1*
385%{_mandir}/man1/kdf.1*
386%{_mandir}/man1/mac.1*
387%{_mandir}/man1/nseq.1*
388%{_mandir}/man1/ocsp.1*
d86c2c8b 389%{_mandir}/man1/openssl.1*
3f69fe91
JR
390%{_mandir}/man1/openssl-*.1*
391%{_mandir}/man1/passwd.1*
392%{_mandir}/man1/pkcs12.1*
393%{_mandir}/man1/pkcs7.1*
394%{_mandir}/man1/pkcs8.1*
395%{_mandir}/man1/pkey.1*
396%{_mandir}/man1/pkeyparam.1*
397%{_mandir}/man1/pkeyutl.1*
398%{_mandir}/man1/prime.1*
399%{_mandir}/man1/rand.1*
400%{_mandir}/man1/rehash.1*
401%{_mandir}/man1/req.1*
402%{_mandir}/man1/rsa.1*
403%{_mandir}/man1/rsautl.1*
404%{_mandir}/man1/s_client.1*
405%{_mandir}/man1/sess_id.1*
406%{_mandir}/man1/smime.1*
407%{_mandir}/man1/speed.1*
408%{_mandir}/man1/spkac.1*
409%{_mandir}/man1/srp.1*
410%{_mandir}/man1/s_server.1*
411%{_mandir}/man1/s_time.1*
412%{_mandir}/man1/storeutl.1*
413%{_mandir}/man1/ts.1*
414%{_mandir}/man1/verify.1*
415%{_mandir}/man1/version.1*
416%{_mandir}/man1/x509.1*
417%{_mandir}/man5/*.5*
62382817 418%lang(pl) %{_mandir}/pl/man1/openssl.1*
ce2ff00e 419
420%files tools-perl
421%defattr(644,root,root,755)
62313b5e 422%attr(755,root,root) %{_bindir}/c_rehash
08291e9a 423%dir %{_libdir}/%{name}
ce2ff00e 424%attr(755,root,root) %{_libdir}/%{name}/CA.pl
848e9cf2 425%attr(755,root,root) %{_libdir}/%{name}/tsget
c4c6d146 426%attr(755,root,root) %{_libdir}/%{name}/tsget.pl
1c6e2c73
JB
427%{_mandir}/man1/CA.pl.1*
428%{_mandir}/man1/c_rehash.1*
3f69fe91 429%{_mandir}/man1/tsget.1*
faddd309
AF
430
431%files devel
432%defattr(644,root,root,755)
f4434df9
PS
433%attr(755,root,root) %{_libdir}/libcrypto.so
434%attr(755,root,root) %{_libdir}/libssl.so
ce2ff00e 435%{_includedir}/%{name}
9fc51b3c
JB
436%{_pkgconfigdir}/libcrypto.pc
437%{_pkgconfigdir}/libssl.pc
8c362d23 438%{_pkgconfigdir}/openssl.pc
3f69fe91
JR
439%{_mandir}/man3/*.3*
440%{_mandir}/man7/*.7*
faddd309
AF
441
442%files static
443%defattr(644,root,root,755)
7250cee4
JB
444%{_libdir}/libcrypto.a
445%{_libdir}/libssl.a
This page took 2.695608 seconds and 5 git commands to generate.