[packages/openssl.git] / openssl.spec

# TODO
# - consider dropping last optflags.patch hunk and return to SOMAJOR (.so.1) sonames
# - find a way to simplify (drop) openssl-optflags.patch, it's pain to update here in pld
#
# Conditional build:
%bcond_without	tests	# don't perform "make tests"
%bcond_without	zlib	# zlib: note - enables CVE-2012-4929 vulnerability
%bcond_without	sslv2	# SSLv2: note - many flaws http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_2.0
%bcond_without	sslv3	# SSLv3: note - enables  CVE-2014-3566 vulnerability
%bcond_with	purify	# Compile openssl with "-DPURIFY", useful when one wants to
			# use valgrind debugger against openssl-linked programs
%bcond_with	snap	# use GitHub snapshot to build branch release

%define		subver	pre6
%define		rel		0.1
%include	/usr/lib/rpm/macros.perl
Summary:	OpenSSL Toolkit libraries for the "Secure Sockets Layer" (SSL v2/v3)
Summary(de.UTF-8):	Secure Sockets Layer (SSL)-Kommunikationslibrary
Summary(es.UTF-8):	Biblioteca C que suministra algoritmos y protocolos criptográficos
Summary(fr.UTF-8):	Utilitaires de communication SSL (Secure Sockets Layer)
Summary(pl.UTF-8):	Biblioteki OpenSSL (SSL v2/v3)
Summary(pt_BR.UTF-8):	Uma biblioteca C que fornece vários algoritmos e protocolos criptográficos
Summary(ru.UTF-8):	Библиотеки и утилиты для соединений через Secure Sockets Layer
Summary(uk.UTF-8):	Бібліотеки та утиліти для з'єднань через Secure Sockets Layer
Name:		openssl
# 1.0.2 will be LTS release
# Version 1.0.2 will be supported until 2019-12-31.
# https://www.openssl.org/about/releasestrat.html
Version:	1.1.0
Release:	0.1
License:	Apache-like
Group:		Libraries
%if %{without snap}
#Source0:	ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
Source0:	https://www.openssl.org/source/%{name}-%{version}-%{subver}.tar.gz
# Source0-md5:	5073f45b5922992234396c7d8247196f
%else
Source1:	https://github.com/openssl/openssl/archive/OpenSSL_1_0_2-stable/%{name}-%{version}-dev.tar.gz
%endif
Source2:	%{name}.1.pl
Source3:	%{name}-ssl-certificate.sh
Source4:	%{name}-c_rehash.sh
Patch0:		%{name}-alpha-ccc.patch
Patch1:		%{name}-optflags.patch
Patch2:		%{name}-include.patch
Patch3:		%{name}-man-namespace.patch
Patch4:		%{name}-asflag.patch
Patch5:		%{name}-ca-certificates.patch
Patch6:		%{name}-ldflags.patch
Patch7:		%{name}-find.patch
Patch8:		pic.patch
Patch10:	%{name}_fix_for_x32.patch
Patch11:	engines-dir.patch
URL:		http://www.openssl.org/
BuildRequires:	bc
BuildRequires:	perl-devel >= 1:5.10.0
BuildRequires:	rpm-perlprov >= 4.1-13
BuildRequires:	rpmbuild(macros) >= 1.213
BuildRequires:	sed >= 4.0
BuildRequires:	zlib-devel
Requires:	ca-certificates >= 20120623-1.1
Requires:	rpm-whiteout >= 1.7
Obsoletes:	SSLeay
Obsoletes:	SSLeay-devel
Obsoletes:	SSLeay-perl
Obsoletes:	libopenssl0
%if "%{pld_release}" == "ac"
Conflicts:	neon < 0.26.3-3
Conflicts:	ntpd < 4.2.4p8-10
Conflicts:	openssh-clients < 2:5.8p1-9
Conflicts:	openssh-server < 2:5.8p1-9
%else
Conflicts:	neon < 0.29.6-8
Conflicts:	openssh-clients < 2:6.2p2-3
Conflicts:	openssh-server < 2:6.2p2-3
%endif
BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)

%description
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and Open Source toolkit implementing
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
v1) protocols with full-strength cryptography world-wide. The project
is managed by a worldwide community of volunteers that use the
Internet to communicate, plan, and develop the OpenSSL tookit and its
related documentation.

OpenSSL is based on the excellent SSLeay library developed by Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style licence, which basically means that you are free to get
and use it for commercial and non-commercial purposes subject to some
simple license conditions.

This package contains shared libraries only, install openssl-tools if
you want to use openssl cmdline tool.

%description -l de.UTF-8
Openssl enthält das OpenSSL Zertifikatsmanagementtool und shared
libraries, die verschiedene Verschlüsselungs- und
Entschlüsselungsalgorithmen und -protokolle, wie DES, RC4, RSA und SSL
zur Verfügung stellen.

%description -l es.UTF-8
Biblioteca C que suministra algoritmos y protocolos criptográficos.

%description -l fr.UTF-8
OpenSSL est un outiil de gestion des certificats et les librairies
partagees qui fournit plusieurs protocoles et algorithmes de
codage/decodage, incluant DES, RC4, RSA et SSL.

%description -l pl.UTF-8
Implementacja protokołów kryptograficznych Secure Socket Layer (SSL)
v2/v3 oraz Transport Layer Security (TLS v1).

%description -l pt_BR.UTF-8
Uma biblioteca C que fornece vários algoritmos e protocolos
criptográficos, incluindo DES, RC4, RSA e SSL. Inclui bibliotecas
compartilhadas e utilitários.

%description -l ru.UTF-8
Программа openssl для работы с сертификатами и разделяемые библиотеки,
которые реализуют множетсво криптографических алгоритмов, включая DES,
RC4, RSA и SSL.

%description -l uk.UTF-8
Програма openssl для роботи з сертифікатами та бібліотеки спільного
користування, що реалізують велику кількість криптографічних
алгоритмів, включаючи DES, RC4, RSA та SSL.

%package engines
Summary:	OpenSSL optional crypto engines
Summary(pl.UTF-8):	Opcjonalne silniki kryptograficzne dla OpenSSL-a
Group:		Libraries
Requires:	%{name} = %{version}-%{release}

%description engines
With OpenSSL 0.9.6, a new component was added to support alternative
cryptography implementations, most commonly for interfacing with
external crypto devices (eg. accelerator cards). This component is
called ENGINE.

There are currently built-in ENGINE implementations for the following
crypto devices:

- CryptoSwift
- Compaq Atalla
- nCipher CHIL
- Nuron
- Broadcom uBSec

In addition, dynamic binding to external ENGINE implementations is now
provided by a special ENGINE called "dynamic".

%description engines -l pl.UTF-8
Począwszy od OpenSSL-a 0.9.6 został dodany nowy komponent, mający
wspierać alternatywne implementacje kryptografii, przeważnie
współpracujące z zewnętrznymi urządzeniami kryptograficznymi (np.
kartami akceleratorów). Komponent ten jest nazywany SILNIKIEM (ang.
ENGINE).

Obecnie istnieją wbudowane implementacje silników dla następujących
urządzeń kryptograficznych:
- CryptoSwift
- Compaq Atalla
- nCipher CHIL
- Nuron
- Broadcom uBSec

Ponadto zapewnione jest dynamiczne wiązanie dla zewnętrznych
implementacji silników poprzez specjalny silnik o nazwie "dynamic".

%package tools
Summary:	OpenSSL command line tool and utilities
Summary(pl.UTF-8):	Zestaw narzędzi i skryptów
Group:		Applications/Communications
Requires:	%{name} = %{version}-%{release}
Requires:	which

%description tools
The OpenSSL Toolkit cmdline tool openssl and utility scripts.

%description tools -l pl.UTF-8
Zestaw narzędzi i skryptów wywoływanych z linii poleceń.

%package tools-perl
Summary:	OpenSSL utilities written in Perl
Summary(pl.UTF-8):	Narzędzia OpenSSL napisane w perlu
Group:		Applications/Communications
Requires:	%{name} = %{version}-%{release}

%description tools-perl
OpenSSL Toolkit tools written in Perl.

%description tools-perl -l pl.UTF-8
Narzędzia OpenSSL napisane w perlu.

%package devel
Summary:	Development part of OpenSSL Toolkit libraries
Summary(de.UTF-8):	Secure Sockets Layer Kommunikationslibrary: statische libraries+header
Summary(es.UTF-8):	Bibliotecas y archivos de inclusión para desarrollo OpenSSL
Summary(fr.UTF-8):	Librairies statiques, headers et utilitaires pour communication SSL
Summary(pl.UTF-8):	Część bibiloteki OpenSSL przeznaczona dla programistów
Summary(pt_BR.UTF-8):	Bibliotecas e arquivos de inclusão para desenvolvimento OpenSSL
Summary(ru.UTF-8):	Библиотеки, хедеры и утилиты для Secure Sockets Layer
Summary(uk.UTF-8):	Бібліотеки, хедери та утиліти для Secure Sockets Layer
Group:		Development/Libraries
Requires:	%{name} = %{version}-%{release}
Obsoletes:	libopenssl0-devel

%description devel
Development part of OpenSSL library.

%description devel -l es.UTF-8
Bibliotecas y archivos de inclusión para desarrollo OpenSSL

%description devel -l pl.UTF-8
Część biblioteki OpenSSL przeznaczona dla programistów.

%description devel -l pt_BR.UTF-8
Uma biblioteca C que fornece vários algoritmos e protocolos
criptográficos, incluindo DES, RC4, RSA e SSL. Inclui bibliotecas e
arquivos de inclusão para desenvolvimento.

%description devel -l ru.UTF-8
Программа openssl для работы с сертификатами и разделяемые библиотеки,
которые реализуют множетсво криптографических алгоритмов, включая DES,
RC4, RSA и SSL. Включает библиотеки и хедеры для разработки приложений
с использованием SSL.

%description devel -l uk.UTF-8
Програма openssl для роботи з сертифікатами та бібліотеки спільного
користування, що реалізують велику кількість криптографічних
алгоритмів, включаючи DES, RC4, RSA та SSL. Містить бібліотеки та
хедери для розробки програм з використанням SSL.

%package static
Summary:	Static OpenSSL libraries
Summary(pl.UTF-8):	Statyczne wersje bibliotek z OpenSSL
Summary(pt_BR.UTF-8):	Bibliotecas estáticas para desenvolvimento com openssl
Summary(ru.UTF-8):	Статические библиотеки разработчика для OpenSSL
Summary(uk.UTF-8):	Статичні бібліотеки програміста для OpenSSL
Group:		Development/Libraries
Requires:	%{name}-devel = %{version}-%{release}

%description static
Static OpenSSL Toolkit libraries.

%description static -l pl.UTF-8
Statyczne wersje bibliotek z OpenSSL.

%description static -l pt_BR.UTF-8
Bibliotecas estáticas para desenvolvimento com openssl.

%description static -l ru.UTF-8
Программа openssl для работы с сертификатами и разделяемые библиотеки,
которые реализуют множетсво криптографических алгоритмов, включая DES,
RC4, RSA и SSL. Включает статические библиотеки для разработки
приложений с использованием OpenSSL.

%description static -l uk.UTF-8
Програма openssl для роботи з сертифікатами та бібліотеки спільного
користування, що реалізують велику кількість криптографічних
алгоритмів, включаючи DES, RC4, RSA та SSL. Містить статичні
бібліотеки для розробки програм з використанням SSL.

%prep
%if %{with snap}
%setup -qcT -a1
mv %{name}-OpenSSL_1_0_2-stable/* .
%else
%setup -q %{?subver:-n %{name}-%{version}-%{subver}}
%endif
#%patch0 -p1 # alpha patch from year 2000 - drop it
#%patch1 -p1 # flags list has been nuked (thank god!)
#%patch2 -p1 # openssl include subdir. check this
#%patch3 -p1 # patched Makefile.org no longer exists
#%patch4 -p1 # patched Makefile.org no longer exists
#%patch5 -p1 # check
#%patch6 -p1 # patched Makefile.org no longer exists
%patch7 -p1
%patch8 -p1
%ifarch x32
%patch10 -p1
%endif
%patch11 -p1

%build
touch Makefile.*

# util/perlpath.pl no longer exists
#%{__perl} util/perlpath.pl %{__perl}

OPTFLAGS="%{rpmcflags} %{rpmcppflags} %{?with_purify:-DPURIFY}" \
PERL="%{__perl}" \
%{__perl} ./Configure \
	--prefix=%{_prefix} \
	--openssldir=%{_sysconfdir}/%{name} \
	--libdir=%{_lib} \
	shared \
	threads \
	%{?with_sslv2:enable-ssl2}%{!?with_sslv2:no-ssl2} \
	%{?with_sslv3:enable-ssl3}%{!?with_sslv3:no-ssl3} \
	%{!?with_zlib:no-}zlib \
	enable-cms \
	enable-idea \
	enable-md2 \
	enable-mdc2 \
	enable-rc5 \
	enable-rfc3779 \
	enable-seed \
%ifarch %{x8664}
	enable-ec_nistp_64_gcc_128 \
%endif
%ifarch %{ix86}
%ifarch i386
	386 linux-elf
# ^- allow running on 80386 (default code uses bswapl available on i486+)
%else
	linux-elf
%endif
%endif
%ifarch alpha
	linux-alpha+bwx-gcc
%endif
%ifarch %{x8664}
	linux-x86_64
%endif
%ifarch x32
	linux-x32
%endif
%ifarch ia64
	linux-ia64
%endif
%ifarch ppc
	linux-ppc
%endif
%ifarch ppc64
	linux-ppc64
%endif
%ifarch sparc
	linux-sparcv8
%endif
%ifarch sparcv9
	linux-sparcv9
%endif
%ifarch sparc64
	linux64-sparcv9
%endif
%ifarch armv4 armv5 armv5t armv5te armv5tel
	linux-armv4
%endif

v=$(awk -F= '/^VERSION/{print $2}' Makefile)
test "$v" = %{version}%{?subver:-%{subver}}%{?with_snap:-dev}

%{__make} -j1 all %{?with_tests:tests} \
	CC="%{__cc}" \
	ASFLAG='$(CFLAG) -Wa,--noexecstack' \
	INSTALLTOP=%{_prefix}

# Rename POD sources of man pages. "openssl_" prefix is added to each
# manpage to avoid potential conflicts with other packages.

for dir in doc/{apps,ssl,crypto}; do
	cd $dir || exit 1;
	%{__perl} -pi -e 's/(\W)((?<!openssl_)\w+)(\(\d\))/$1openssl_$2$3/g; s/openssl_openssl/openssl/g;' *.pod;

	for pod in !(openssl*).pod; do
		mv -f $pod openssl_$pod;
	done
	cd ../..
done

%install
rm -rf $RPM_BUILD_ROOT
install -d $RPM_BUILD_ROOT{%{_sysconfdir}/%{name},%{_libdir}/%{name}} \
	$RPM_BUILD_ROOT{%{_mandir}/{pl/man1,man{1,3,5,7}},%{_datadir}/ssl} \
	$RPM_BUILD_ROOT%{_pkgconfigdir}

%{__make} -j1 install \
	CC="%{__cc}" \
	ASFLAG='$(CFLAG) -Wa,--noexecstack' \
	DESTDIR=$RPM_BUILD_ROOT \

mv -f $RPM_BUILD_ROOT%{_libdir}/lib*.so.*.* $RPM_BUILD_ROOT/%{_lib}
ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libcrypto.*.*) $RPM_BUILD_ROOT%{_libdir}/libcrypto.so
ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libssl.*.*) $RPM_BUILD_ROOT%{_libdir}/libssl.so

mv -f $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc/* $RPM_BUILD_ROOT%{_libdir}/%{name}
rm -r $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc

# html version of man pages - not packaged
%{__rm} -r $RPM_BUILD_ROOT%{_docdir}/%{name}/html/man[1357]

# not installed as individual utilities (see openssl dgst instead)
%{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/{md4,md5,mdc2,ripemd160,sha,sha1,sha224,sha256,sha384,sha512}.1

cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_mandir}/pl/man1/openssl.1
install -p %{SOURCE3} $RPM_BUILD_ROOT%{_bindir}/ssl-certificate
install -p %{SOURCE4} $RPM_BUILD_ROOT%{_bindir}/c_rehash.sh

%clean
rm -rf $RPM_BUILD_ROOT

%post   -p /sbin/ldconfig
%postun -p /sbin/ldconfig

%triggerpostun -- %{name}-tools < 1.0.0-5
# the hashing format has changed in 1.0.0
[ ! -x %{_sbindir}/update-ca-certificates ] || %{_sbindir}/update-ca-certificates --fresh || :

%triggerpostun -- %{name} < 0.9.8i-2
# don't do anything on --downgrade
if [ $1 -le 1 ]; then
	exit 0
fi
if [ -d /var/lib/openssl/certs ] ; then
	mv /var/lib/openssl/certs/* %{_sysconfdir}/%{name}/certs 2>/dev/null || :
fi
if [ -d /var/lib/openssl/private ] ; then
	mv /var/lib/openssl/private/* %{_sysconfdir}/%{name}/private 2>/dev/null || :
fi
if [ -d /var/lib/openssl ] ; then
	for f in /var/lib/openssl/* ; do
		[ -f "$f" ] && mv "$f" %{_sysconfdir}/%{name} 2>/dev/null || :
	done
	rmdir /var/lib/openssl/* 2>/dev/null || :
	rmdir /var/lib/openssl 2>/dev/null || :
fi

%files
%defattr(644,root,root,755)
%doc CHANGES LICENSE NEWS README doc/*.txt
%attr(755,root,root) /%{_lib}/libcrypto.so.*.*
%attr(755,root,root) /%{_lib}/libssl.so.*.*
%dir %{_sysconfdir}/%{name}
%dir %{_sysconfdir}/%{name}/certs
%dir %attr(700,root,root) %{_sysconfdir}/%{name}/private
%dir %{_datadir}/ssl

%files engines
%defattr(644,root,root,755)
%dir /%{_lib}/engines-1.1
%attr(755,root,root) /%{_lib}/engines-1.1/*.so

%files tools
%defattr(644,root,root,755)
%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/openssl.cnf
%attr(755,root,root) %{_bindir}/c_rehash.sh
%attr(755,root,root) %{_bindir}/openssl
%attr(754,root,root) %{_bindir}/ssl-certificate

%dir %{_libdir}/%{name}
#%attr(755,root,root) %{_libdir}/%{name}/CA.sh
#%attr(755,root,root) %{_libdir}/%{name}/c_hash
#%attr(755,root,root) %{_libdir}/%{name}/c_info
#%attr(755,root,root) %{_libdir}/%{name}/c_issuer
#%attr(755,root,root) %{_libdir}/%{name}/c_name

%{_mandir}/man1/openssl.1*
%{_mandir}/man1/openssl_asn1parse.1*
%{_mandir}/man1/openssl_ca.1*
%{_mandir}/man1/openssl_ciphers.1*
%{_mandir}/man1/openssl_cms.1*
%{_mandir}/man1/openssl_crl.1*
%{_mandir}/man1/openssl_crl2pkcs7.1*
%{_mandir}/man1/openssl_dgst.1*
%{_mandir}/man1/openssl_dhparam.1*
%{_mandir}/man1/openssl_dsa.1*
%{_mandir}/man1/openssl_dsaparam.1*
%{_mandir}/man1/openssl_ec.1*
%{_mandir}/man1/openssl_ecparam.1*
%{_mandir}/man1/openssl_enc.1*
%{_mandir}/man1/openssl_errstr.1*
%{_mandir}/man1/openssl_gendsa.1*
%{_mandir}/man1/openssl_genpkey.1*
%{_mandir}/man1/openssl_genrsa.1*
%{_mandir}/man1/openssl_nseq.1*
%{_mandir}/man1/openssl_ocsp.1*
%{_mandir}/man1/openssl_passwd.1*
%{_mandir}/man1/openssl_pkcs12.1*
%{_mandir}/man1/openssl_pkcs7.1*
%{_mandir}/man1/openssl_pkcs8.1*
%{_mandir}/man1/openssl_pkey.1*
%{_mandir}/man1/openssl_pkeyparam.1*
%{_mandir}/man1/openssl_pkeyutl.1*
%{_mandir}/man1/openssl_rand.1*
%{_mandir}/man1/openssl_req.1*
%{_mandir}/man1/openssl_rsa.1*
%{_mandir}/man1/openssl_rsautl.1*
%{_mandir}/man1/openssl_s_client.1*
%{_mandir}/man1/openssl_s_server.1*
%{_mandir}/man1/openssl_s_time.1*
%{_mandir}/man1/openssl_sess_id.1*
%{_mandir}/man1/openssl_smime.1*
%{_mandir}/man1/openssl_speed.1*
%{_mandir}/man1/openssl_spkac.1*
%{_mandir}/man1/openssl_ts.1*
%{_mandir}/man1/openssl_tsget.1*
%{_mandir}/man1/openssl_verify.1*
%{_mandir}/man1/openssl_version.1*
%{_mandir}/man1/openssl_x509.1*
%{_mandir}/man5/openssl_config.5*
%{_mandir}/man5/openssl_x509v3_config.5*
%lang(pl) %{_mandir}/pl/man1/openssl.1*

%files tools-perl
%defattr(644,root,root,755)
%attr(755,root,root) %{_bindir}/c_rehash
%attr(755,root,root) %{_libdir}/%{name}/CA.pl
%attr(755,root,root) %{_libdir}/%{name}/tsget
%{_mandir}/man1/openssl_CA.pl.1*
#%{_mandir}/man1/openssl_c_rehash.1*

%files devel
%defattr(644,root,root,755)
%attr(755,root,root) %{_libdir}/libcrypto.so
%attr(755,root,root) %{_libdir}/libssl.so
%{_includedir}/%{name}
%{_pkgconfigdir}/libcrypto.pc
%{_pkgconfigdir}/libssl.pc
%{_pkgconfigdir}/openssl.pc
%if 1
%{_mandir}/man3/*.3*
%{_mandir}/man7/*.7*
%else
%{_mandir}/man3/openssl*.3*
%{_mandir}/man7/openssl_des_modes.7*
%endif

%files static
%defattr(644,root,root,755)
%{_libdir}/libcrypto.a
%{_libdir}/libssl.a
Commit	Line	Data
	1	# TODO
	2	# - consider dropping last optflags.patch hunk and return to SOMAJOR (.so.1) sonames
	3	# - find a way to simplify (drop) openssl-optflags.patch, it's pain to update here in pld
	4	#
	5	# Conditional build:
	6	%bcond_without tests # don't perform "make tests"
	7	%bcond_without zlib # zlib: note - enables CVE-2012-4929 vulnerability
	8	%bcond_without sslv2 # SSLv2: note - many flaws http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_2.0
	9	%bcond_without sslv3 # SSLv3: note - enables CVE-2014-3566 vulnerability
	10	%bcond_with purify # Compile openssl with "-DPURIFY", useful when one wants to
	11	# use valgrind debugger against openssl-linked programs
	12	%bcond_with snap # use GitHub snapshot to build branch release
	13
	14	%define subver pre6
	15	%define rel 0.1
	16	%include /usr/lib/rpm/macros.perl
	17	Summary: OpenSSL Toolkit libraries for the "Secure Sockets Layer" (SSL v2/v3)
	18	Summary(de.UTF-8): Secure Sockets Layer (SSL)-Kommunikationslibrary
	19	Summary(es.UTF-8): Biblioteca C que suministra algoritmos y protocolos criptográficos
	20	Summary(fr.UTF-8): Utilitaires de communication SSL (Secure Sockets Layer)
	21	Summary(pl.UTF-8): Biblioteki OpenSSL (SSL v2/v3)
	22	Summary(pt_BR.UTF-8): Uma biblioteca C que fornece vários algoritmos e protocolos criptográficos
	23	Summary(ru.UTF-8): Библиотеки и утилиты для соединений через Secure Sockets Layer
	24	Summary(uk.UTF-8): Бібліотеки та утиліти для з'єднань через Secure Sockets Layer
	25	Name: openssl
	26	# 1.0.2 will be LTS release
	27	# Version 1.0.2 will be supported until 2019-12-31.
	28	# https://www.openssl.org/about/releasestrat.html
	29	Version: 1.1.0
	30	Release: 0.1
	31	License: Apache-like
	32	Group: Libraries
	33	%if %{without snap}
	34	#Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
	35	Source0: https://www.openssl.org/source/%{name}-%{version}-%{subver}.tar.gz
	36	# Source0-md5: 5073f45b5922992234396c7d8247196f
	37	%else
	38	Source1: https://github.com/openssl/openssl/archive/OpenSSL_1_0_2-stable/%{name}-%{version}-dev.tar.gz
	39	%endif
	40	Source2: %{name}.1.pl
	41	Source3: %{name}-ssl-certificate.sh
	42	Source4: %{name}-c_rehash.sh
	43	Patch0: %{name}-alpha-ccc.patch
	44	Patch1: %{name}-optflags.patch
	45	Patch2: %{name}-include.patch
	46	Patch3: %{name}-man-namespace.patch
	47	Patch4: %{name}-asflag.patch
	48	Patch5: %{name}-ca-certificates.patch
	49	Patch6: %{name}-ldflags.patch
	50	Patch7: %{name}-find.patch
	51	Patch8: pic.patch
	52	Patch10: %{name}_fix_for_x32.patch
	53	Patch11: engines-dir.patch
	54	URL: http://www.openssl.org/
	55	BuildRequires: bc
	56	BuildRequires: perl-devel >= 1:5.10.0
	57	BuildRequires: rpm-perlprov >= 4.1-13
	58	BuildRequires: rpmbuild(macros) >= 1.213
	59	BuildRequires: sed >= 4.0
	60	BuildRequires: zlib-devel
	61	Requires: ca-certificates >= 20120623-1.1
	62	Requires: rpm-whiteout >= 1.7
	63	Obsoletes: SSLeay
	64	Obsoletes: SSLeay-devel
	65	Obsoletes: SSLeay-perl
	66	Obsoletes: libopenssl0
	67	%if "%{pld_release}" == "ac"
	68	Conflicts: neon < 0.26.3-3
	69	Conflicts: ntpd < 4.2.4p8-10
	70	Conflicts: openssh-clients < 2:5.8p1-9
	71	Conflicts: openssh-server < 2:5.8p1-9
	72	%else
	73	Conflicts: neon < 0.29.6-8
	74	Conflicts: openssh-clients < 2:6.2p2-3
	75	Conflicts: openssh-server < 2:6.2p2-3
	76	%endif
	77	BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
	78
	79	%description
	80	The OpenSSL Project is a collaborative effort to develop a robust,
	81	commercial-grade, full-featured, and Open Source toolkit implementing
	82	the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
	83	v1) protocols with full-strength cryptography world-wide. The project
	84	is managed by a worldwide community of volunteers that use the
	85	Internet to communicate, plan, and develop the OpenSSL tookit and its
	86	related documentation.
	87
	88	OpenSSL is based on the excellent SSLeay library developed by Eric A.
	89	Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
	90	Apache-style licence, which basically means that you are free to get
	91	and use it for commercial and non-commercial purposes subject to some
	92	simple license conditions.
	93
	94	This package contains shared libraries only, install openssl-tools if
	95	you want to use openssl cmdline tool.
	96
	97	%description -l de.UTF-8
	98	Openssl enthält das OpenSSL Zertifikatsmanagementtool und shared
	99	libraries, die verschiedene Verschlüsselungs- und
	100	Entschlüsselungsalgorithmen und -protokolle, wie DES, RC4, RSA und SSL
	101	zur Verfügung stellen.
	102
	103	%description -l es.UTF-8
	104	Biblioteca C que suministra algoritmos y protocolos criptográficos.
	105
	106	%description -l fr.UTF-8
	107	OpenSSL est un outiil de gestion des certificats et les librairies
	108	partagees qui fournit plusieurs protocoles et algorithmes de
	109	codage/decodage, incluant DES, RC4, RSA et SSL.
	110
	111	%description -l pl.UTF-8
	112	Implementacja protokołów kryptograficznych Secure Socket Layer (SSL)
	113	v2/v3 oraz Transport Layer Security (TLS v1).
	114
	115	%description -l pt_BR.UTF-8
	116	Uma biblioteca C que fornece vários algoritmos e protocolos
	117	criptográficos, incluindo DES, RC4, RSA e SSL. Inclui bibliotecas
	118	compartilhadas e utilitários.
	119
	120	%description -l ru.UTF-8
	121	Программа openssl для работы с сертификатами и разделяемые библиотеки,
	122	которые реализуют множетсво криптографических алгоритмов, включая DES,
	123	RC4, RSA и SSL.
	124
	125	%description -l uk.UTF-8
	126	Програма openssl для роботи з сертифікатами та бібліотеки спільного
	127	користування, що реалізують велику кількість криптографічних
	128	алгоритмів, включаючи DES, RC4, RSA та SSL.
	129
	130	%package engines
	131	Summary: OpenSSL optional crypto engines
	132	Summary(pl.UTF-8): Opcjonalne silniki kryptograficzne dla OpenSSL-a
	133	Group: Libraries
	134	Requires: %{name} = %{version}-%{release}
	135
	136	%description engines
	137	With OpenSSL 0.9.6, a new component was added to support alternative
	138	cryptography implementations, most commonly for interfacing with
	139	external crypto devices (eg. accelerator cards). This component is
	140	called ENGINE.
	141
	142	There are currently built-in ENGINE implementations for the following
	143	crypto devices:
	144
	145	- CryptoSwift
	146	- Compaq Atalla
	147	- nCipher CHIL
	148	- Nuron
	149	- Broadcom uBSec
	150
	151	In addition, dynamic binding to external ENGINE implementations is now
	152	provided by a special ENGINE called "dynamic".
	153
	154	%description engines -l pl.UTF-8
	155	Począwszy od OpenSSL-a 0.9.6 został dodany nowy komponent, mający
	156	wspierać alternatywne implementacje kryptografii, przeważnie
	157	współpracujące z zewnętrznymi urządzeniami kryptograficznymi (np.
	158	kartami akceleratorów). Komponent ten jest nazywany SILNIKIEM (ang.
	159	ENGINE).
	160
	161	Obecnie istnieją wbudowane implementacje silników dla następujących
	162	urządzeń kryptograficznych:
	163	- CryptoSwift
	164	- Compaq Atalla
	165	- nCipher CHIL
	166	- Nuron
	167	- Broadcom uBSec
	168
	169	Ponadto zapewnione jest dynamiczne wiązanie dla zewnętrznych
	170	implementacji silników poprzez specjalny silnik o nazwie "dynamic".
	171
	172	%package tools
	173	Summary: OpenSSL command line tool and utilities
	174	Summary(pl.UTF-8): Zestaw narzędzi i skryptów
	175	Group: Applications/Communications
	176	Requires: %{name} = %{version}-%{release}
	177	Requires: which
	178
	179	%description tools
	180	The OpenSSL Toolkit cmdline tool openssl and utility scripts.
	181
	182	%description tools -l pl.UTF-8
	183	Zestaw narzędzi i skryptów wywoływanych z linii poleceń.
	184
	185	%package tools-perl
	186	Summary: OpenSSL utilities written in Perl
	187	Summary(pl.UTF-8): Narzędzia OpenSSL napisane w perlu
	188	Group: Applications/Communications
	189	Requires: %{name} = %{version}-%{release}
	190
	191	%description tools-perl
	192	OpenSSL Toolkit tools written in Perl.
	193
	194	%description tools-perl -l pl.UTF-8
	195	Narzędzia OpenSSL napisane w perlu.
	196
	197	%package devel
	198	Summary: Development part of OpenSSL Toolkit libraries
	199	Summary(de.UTF-8): Secure Sockets Layer Kommunikationslibrary: statische libraries+header
	200	Summary(es.UTF-8): Bibliotecas y archivos de inclusión para desarrollo OpenSSL
	201	Summary(fr.UTF-8): Librairies statiques, headers et utilitaires pour communication SSL
	202	Summary(pl.UTF-8): Część bibiloteki OpenSSL przeznaczona dla programistów
	203	Summary(pt_BR.UTF-8): Bibliotecas e arquivos de inclusão para desenvolvimento OpenSSL
	204	Summary(ru.UTF-8): Библиотеки, хедеры и утилиты для Secure Sockets Layer
	205	Summary(uk.UTF-8): Бібліотеки, хедери та утиліти для Secure Sockets Layer
	206	Group: Development/Libraries
	207	Requires: %{name} = %{version}-%{release}
	208	Obsoletes: libopenssl0-devel
	209
	210	%description devel
	211	Development part of OpenSSL library.
	212
	213	%description devel -l es.UTF-8
	214	Bibliotecas y archivos de inclusión para desarrollo OpenSSL
	215
	216	%description devel -l pl.UTF-8
	217	Część biblioteki OpenSSL przeznaczona dla programistów.
	218
	219	%description devel -l pt_BR.UTF-8
	220	Uma biblioteca C que fornece vários algoritmos e protocolos
	221	criptográficos, incluindo DES, RC4, RSA e SSL. Inclui bibliotecas e
	222	arquivos de inclusão para desenvolvimento.
	223
	224	%description devel -l ru.UTF-8
	225	Программа openssl для работы с сертификатами и разделяемые библиотеки,
	226	которые реализуют множетсво криптографических алгоритмов, включая DES,
	227	RC4, RSA и SSL. Включает библиотеки и хедеры для разработки приложений
	228	с использованием SSL.
	229
	230	%description devel -l uk.UTF-8
	231	Програма openssl для роботи з сертифікатами та бібліотеки спільного
	232	користування, що реалізують велику кількість криптографічних
	233	алгоритмів, включаючи DES, RC4, RSA та SSL. Містить бібліотеки та
	234	хедери для розробки програм з використанням SSL.
	235
	236	%package static
	237	Summary: Static OpenSSL libraries
	238	Summary(pl.UTF-8): Statyczne wersje bibliotek z OpenSSL
	239	Summary(pt_BR.UTF-8): Bibliotecas estáticas para desenvolvimento com openssl
	240	Summary(ru.UTF-8): Статические библиотеки разработчика для OpenSSL
	241	Summary(uk.UTF-8): Статичні бібліотеки програміста для OpenSSL
	242	Group: Development/Libraries
	243	Requires: %{name}-devel = %{version}-%{release}
	244
	245	%description static
	246	Static OpenSSL Toolkit libraries.
	247
	248	%description static -l pl.UTF-8
	249	Statyczne wersje bibliotek z OpenSSL.
	250
	251	%description static -l pt_BR.UTF-8
	252	Bibliotecas estáticas para desenvolvimento com openssl.
	253
	254	%description static -l ru.UTF-8
	255	Программа openssl для работы с сертификатами и разделяемые библиотеки,
	256	которые реализуют множетсво криптографических алгоритмов, включая DES,
	257	RC4, RSA и SSL. Включает статические библиотеки для разработки
	258	приложений с использованием OpenSSL.
	259
	260	%description static -l uk.UTF-8
	261	Програма openssl для роботи з сертифікатами та бібліотеки спільного
	262	користування, що реалізують велику кількість криптографічних
	263	алгоритмів, включаючи DES, RC4, RSA та SSL. Містить статичні
	264	бібліотеки для розробки програм з використанням SSL.
	265
	266	%prep
	267	%if %{with snap}
	268	%setup -qcT -a1
	269	mv %{name}-OpenSSL_1_0_2-stable/* .
	270	%else
	271	%setup -q %{?subver:-n %{name}-%{version}-%{subver}}
	272	%endif
	273	#%patch0 -p1 # alpha patch from year 2000 - drop it
	274	#%patch1 -p1 # flags list has been nuked (thank god!)
	275	#%patch2 -p1 # openssl include subdir. check this
	276	#%patch3 -p1 # patched Makefile.org no longer exists
	277	#%patch4 -p1 # patched Makefile.org no longer exists
	278	#%patch5 -p1 # check
	279	#%patch6 -p1 # patched Makefile.org no longer exists
	280	%patch7 -p1
	281	%patch8 -p1
	282	%ifarch x32
	283	%patch10 -p1
	284	%endif
	285	%patch11 -p1
	286
	287	%build
	288	touch Makefile.*
	289
	290	# util/perlpath.pl no longer exists
	291	#%{__perl} util/perlpath.pl %{__perl}
	292
	293	OPTFLAGS="%{rpmcflags} %{rpmcppflags} %{?with_purify:-DPURIFY}" \
	294	PERL="%{__perl}" \
	295	%{__perl} ./Configure \
	296	--prefix=%{_prefix} \
	297	--openssldir=%{_sysconfdir}/%{name} \
	298	--libdir=%{_lib} \
	299	shared \
	300	threads \
	301	%{?with_sslv2:enable-ssl2}%{!?with_sslv2:no-ssl2} \
	302	%{?with_sslv3:enable-ssl3}%{!?with_sslv3:no-ssl3} \
	303	%{!?with_zlib:no-}zlib \
	304	enable-cms \
	305	enable-idea \
	306	enable-md2 \
	307	enable-mdc2 \
	308	enable-rc5 \
	309	enable-rfc3779 \
	310	enable-seed \
	311	%ifarch %{x8664}
	312	enable-ec_nistp_64_gcc_128 \
	313	%endif
	314	%ifarch %{ix86}
	315	%ifarch i386
	316	386 linux-elf
	317	# ^- allow running on 80386 (default code uses bswapl available on i486+)
	318	%else
	319	linux-elf
	320	%endif
	321	%endif
	322	%ifarch alpha
	323	linux-alpha+bwx-gcc
	324	%endif
	325	%ifarch %{x8664}
	326	linux-x86_64
	327	%endif
	328	%ifarch x32
	329	linux-x32
	330	%endif
	331	%ifarch ia64
	332	linux-ia64
	333	%endif
	334	%ifarch ppc
	335	linux-ppc
	336	%endif
	337	%ifarch ppc64
	338	linux-ppc64
	339	%endif
	340	%ifarch sparc
	341	linux-sparcv8
	342	%endif
	343	%ifarch sparcv9
	344	linux-sparcv9
	345	%endif
	346	%ifarch sparc64
	347	linux64-sparcv9
	348	%endif
	349	%ifarch armv4 armv5 armv5t armv5te armv5tel
	350	linux-armv4
	351	%endif
	352
	353	v=$(awk -F= '/^VERSION/{print $2}' Makefile)
	354	test "$v" = %{version}%{?subver:-%{subver}}%{?with_snap:-dev}
	355
	356	%{__make} -j1 all %{?with_tests:tests} \
	357	CC="%{__cc}" \
	358	ASFLAG='$(CFLAG) -Wa,--noexecstack' \
	359	INSTALLTOP=%{_prefix}
	360
	361	# Rename POD sources of man pages. "openssl_" prefix is added to each
	362	# manpage to avoid potential conflicts with other packages.
	363
	364	for dir in doc/{apps,ssl,crypto}; do
	365	cd $dir \|\| exit 1;
	366	%{__perl} -pi -e 's/(\W)((?<!openssl_)\w+)(\(\d\))/$1openssl_$2$3/g; s/openssl_openssl/openssl/g;' *.pod;
	367
	368	for pod in !(openssl*).pod; do
	369	mv -f $pod openssl_$pod;
	370	done
	371	cd ../..
	372	done
	373
	374	%install
	375	rm -rf $RPM_BUILD_ROOT
	376	install -d $RPM_BUILD_ROOT{%{_sysconfdir}/%{name},%{_libdir}/%{name}} \
	377	$RPM_BUILD_ROOT{%{_mandir}/{pl/man1,man{1,3,5,7}},%{_datadir}/ssl} \
	378	$RPM_BUILD_ROOT%{_pkgconfigdir}
	379
	380	%{__make} -j1 install \
	381	CC="%{__cc}" \
	382	ASFLAG='$(CFLAG) -Wa,--noexecstack' \
	383	DESTDIR=$RPM_BUILD_ROOT \
	384
	385	mv -f $RPM_BUILD_ROOT%{_libdir}/lib.so..* $RPM_BUILD_ROOT/%{_lib}
	386	ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libcrypto..) $RPM_BUILD_ROOT%{_libdir}/libcrypto.so
	387	ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libssl..) $RPM_BUILD_ROOT%{_libdir}/libssl.so
	388
	389	mv -f $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc/* $RPM_BUILD_ROOT%{_libdir}/%{name}
	390	rm -r $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc
	391
	392	# html version of man pages - not packaged
	393	%{__rm} -r $RPM_BUILD_ROOT%{_docdir}/%{name}/html/man[1357]
	394
	395	# not installed as individual utilities (see openssl dgst instead)
	396	%{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/{md4,md5,mdc2,ripemd160,sha,sha1,sha224,sha256,sha384,sha512}.1
	397
	398	cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_mandir}/pl/man1/openssl.1
	399	install -p %{SOURCE3} $RPM_BUILD_ROOT%{_bindir}/ssl-certificate
	400	install -p %{SOURCE4} $RPM_BUILD_ROOT%{_bindir}/c_rehash.sh
	401
	402	%clean
	403	rm -rf $RPM_BUILD_ROOT
	404
	405	%post -p /sbin/ldconfig
	406	%postun -p /sbin/ldconfig
	407
	408	%triggerpostun -- %{name}-tools < 1.0.0-5
	409	# the hashing format has changed in 1.0.0
	410	[ ! -x %{_sbindir}/update-ca-certificates ] \|\| %{_sbindir}/update-ca-certificates --fresh \|\| :
	411
	412	%triggerpostun -- %{name} < 0.9.8i-2
	413	# don't do anything on --downgrade
	414	if [ $1 -le 1 ]; then
	415	exit 0
	416	fi
	417	if [ -d /var/lib/openssl/certs ] ; then
	418	mv /var/lib/openssl/certs/* %{_sysconfdir}/%{name}/certs 2>/dev/null \|\| :
	419	fi
	420	if [ -d /var/lib/openssl/private ] ; then
	421	mv /var/lib/openssl/private/* %{_sysconfdir}/%{name}/private 2>/dev/null \|\| :
	422	fi
	423	if [ -d /var/lib/openssl ] ; then
	424	for f in /var/lib/openssl/* ; do
	425	[ -f "$f" ] && mv "$f" %{_sysconfdir}/%{name} 2>/dev/null \|\| :
	426	done
	427	rmdir /var/lib/openssl/* 2>/dev/null \|\| :
	428	rmdir /var/lib/openssl 2>/dev/null \|\| :
	429	fi
	430
	431	%files
	432	%defattr(644,root,root,755)
	433	%doc CHANGES LICENSE NEWS README doc/*.txt
	434	%attr(755,root,root) /%{_lib}/libcrypto.so..
	435	%attr(755,root,root) /%{_lib}/libssl.so..
	436	%dir %{_sysconfdir}/%{name}
	437	%dir %{_sysconfdir}/%{name}/certs
	438	%dir %attr(700,root,root) %{_sysconfdir}/%{name}/private
	439	%dir %{_datadir}/ssl
	440
	441	%files engines
	442	%defattr(644,root,root,755)
	443	%dir /%{_lib}/engines-1.1
	444	%attr(755,root,root) /%{_lib}/engines-1.1/*.so
	445
	446	%files tools
	447	%defattr(644,root,root,755)
	448	%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/openssl.cnf
	449	%attr(755,root,root) %{_bindir}/c_rehash.sh
	450	%attr(755,root,root) %{_bindir}/openssl
	451	%attr(754,root,root) %{_bindir}/ssl-certificate
	452
	453	%dir %{_libdir}/%{name}
	454	#%attr(755,root,root) %{_libdir}/%{name}/CA.sh
	455	#%attr(755,root,root) %{_libdir}/%{name}/c_hash
	456	#%attr(755,root,root) %{_libdir}/%{name}/c_info
	457	#%attr(755,root,root) %{_libdir}/%{name}/c_issuer
	458	#%attr(755,root,root) %{_libdir}/%{name}/c_name
	459
	460	%{_mandir}/man1/openssl.1*
	461	%{_mandir}/man1/openssl_asn1parse.1*
	462	%{_mandir}/man1/openssl_ca.1*
	463	%{_mandir}/man1/openssl_ciphers.1*
	464	%{_mandir}/man1/openssl_cms.1*
	465	%{_mandir}/man1/openssl_crl.1*
	466	%{_mandir}/man1/openssl_crl2pkcs7.1*
	467	%{_mandir}/man1/openssl_dgst.1*
	468	%{_mandir}/man1/openssl_dhparam.1*
	469	%{_mandir}/man1/openssl_dsa.1*
	470	%{_mandir}/man1/openssl_dsaparam.1*
	471	%{_mandir}/man1/openssl_ec.1*
	472	%{_mandir}/man1/openssl_ecparam.1*
	473	%{_mandir}/man1/openssl_enc.1*
	474	%{_mandir}/man1/openssl_errstr.1*
	475	%{_mandir}/man1/openssl_gendsa.1*
	476	%{_mandir}/man1/openssl_genpkey.1*
	477	%{_mandir}/man1/openssl_genrsa.1*
	478	%{_mandir}/man1/openssl_nseq.1*
	479	%{_mandir}/man1/openssl_ocsp.1*
	480	%{_mandir}/man1/openssl_passwd.1*
	481	%{_mandir}/man1/openssl_pkcs12.1*
	482	%{_mandir}/man1/openssl_pkcs7.1*
	483	%{_mandir}/man1/openssl_pkcs8.1*
	484	%{_mandir}/man1/openssl_pkey.1*
	485	%{_mandir}/man1/openssl_pkeyparam.1*
	486	%{_mandir}/man1/openssl_pkeyutl.1*
	487	%{_mandir}/man1/openssl_rand.1*
	488	%{_mandir}/man1/openssl_req.1*
	489	%{_mandir}/man1/openssl_rsa.1*
	490	%{_mandir}/man1/openssl_rsautl.1*
	491	%{_mandir}/man1/openssl_s_client.1*
	492	%{_mandir}/man1/openssl_s_server.1*
	493	%{_mandir}/man1/openssl_s_time.1*
	494	%{_mandir}/man1/openssl_sess_id.1*
	495	%{_mandir}/man1/openssl_smime.1*
	496	%{_mandir}/man1/openssl_speed.1*
	497	%{_mandir}/man1/openssl_spkac.1*
	498	%{_mandir}/man1/openssl_ts.1*
	499	%{_mandir}/man1/openssl_tsget.1*
	500	%{_mandir}/man1/openssl_verify.1*
	501	%{_mandir}/man1/openssl_version.1*
	502	%{_mandir}/man1/openssl_x509.1*
	503	%{_mandir}/man5/openssl_config.5*
	504	%{_mandir}/man5/openssl_x509v3_config.5*
	505	%lang(pl) %{_mandir}/pl/man1/openssl.1*
	506
	507	%files tools-perl
	508	%defattr(644,root,root,755)
	509	%attr(755,root,root) %{_bindir}/c_rehash
	510	%attr(755,root,root) %{_libdir}/%{name}/CA.pl
	511	%attr(755,root,root) %{_libdir}/%{name}/tsget
	512	%{_mandir}/man1/openssl_CA.pl.1*
	513	#%{_mandir}/man1/openssl_c_rehash.1*
	514
	515	%files devel
	516	%defattr(644,root,root,755)
	517	%attr(755,root,root) %{_libdir}/libcrypto.so
	518	%attr(755,root,root) %{_libdir}/libssl.so
	519	%{_includedir}/%{name}
	520	%{_pkgconfigdir}/libcrypto.pc
	521	%{_pkgconfigdir}/libssl.pc
	522	%{_pkgconfigdir}/openssl.pc
	523	%if 1
	524	%{_mandir}/man3/.3
	525	%{_mandir}/man7/.7
	526	%else
	527	%{_mandir}/man3/openssl.3
	528	%{_mandir}/man7/openssl_des_modes.7*
	529	%endif
	530
	531	%files static
	532	%defattr(644,root,root,755)
	533	%{_libdir}/libcrypto.a
	534	%{_libdir}/libssl.a