[packages/openssl.git] / openssl.spec

# TODO
# - consider dropping last optflags.patch hunk and return to SOMAJOR (.so.1) sonames
# - find a way to simplify (drop) openssl-optflags.patch, it's pain to update here in pld
#
# Conditional build:
%bcond_without	tests	# don't perform "make tests"
%bcond_without	zlib	# zlib: note - enables CVE-2012-4929 vulnerability
%bcond_without	sslv2	# SSLv2: note - many flaws http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_2.0
%bcond_without	sslv3	# SSLv3: note - enables  CVE-2014-3566 vulnerability
%bcond_with	purify	# Compile openssl with "-DPURIFY", useful when one wants to
			# use valgrind debugger against openssl-linked programs

%include	/usr/lib/rpm/macros.perl
Summary:	OpenSSL Toolkit libraries for the "Secure Sockets Layer" (SSL v2/v3)
Summary(de.UTF-8):	Secure Sockets Layer (SSL)-Kommunikationslibrary
Summary(es.UTF-8):	Biblioteca C que suministra algoritmos y protocolos criptográficos
Summary(fr.UTF-8):	Utilitaires de communication SSL (Secure Sockets Layer)
Summary(pl.UTF-8):	Biblioteki OpenSSL (SSL v2/v3)
Summary(pt_BR.UTF-8):	Uma biblioteca C que fornece vários algoritmos e protocolos criptográficos
Summary(ru.UTF-8):	Библиотеки и утилиты для соединений через Secure Sockets Layer
Summary(uk.UTF-8):	Бібліотеки та утиліти для з'єднань через Secure Sockets Layer
Name:		openssl
# 1.0.2 will be LTS release
# Version 1.0.2 will be supported until 2019-12-31.
# https://www.openssl.org/about/releasestrat.html
Version:	1.0.2e
Release:	1
License:	Apache-like
Group:		Libraries
Source0:	ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
# Source0-md5:	2218c1a6f807f7206c11eb3ee3a5ec80
Source1:	https://raw.githubusercontent.com/openssl/openssl/OpenSSL_1_0_2-stable/util/pod2mantest
# Source1-md5:	0811d285202cebe91003771475802b4f
Source11:	https://raw.githubusercontent.com/openssl/openssl/OpenSSL_1_0_2-stable/test/bctest
# Source11-md5:	ca85ae891de94faa821c2c6f4dba7f5a
Source2:	%{name}.1.pl
Source3:	%{name}-ssl-certificate.sh
Source4:	%{name}-c_rehash.sh
Patch0:		%{name}-alpha-ccc.patch
Patch1:		%{name}-optflags.patch
Patch2:		%{name}-include.patch
Patch3:		%{name}-man-namespace.patch
Patch4:		%{name}-asflag.patch
Patch5:		%{name}-ca-certificates.patch
Patch6:		%{name}-ldflags.patch
Patch7:		%{name}-find.patch
Patch8:		pic.patch
Patch10:	%{name}_fix_for_x32.patch
URL:		http://www.openssl.org/
BuildRequires:	bc
BuildRequires:	perl-devel >= 1:5.6.1
BuildRequires:	rpm-perlprov >= 4.1-13
BuildRequires:	rpmbuild(macros) >= 1.213
BuildRequires:	sed >= 4.0
Requires:	ca-certificates >= 20080809-4
Requires:	rpm-whiteout >= 1.7
Obsoletes:	SSLeay
Obsoletes:	SSLeay-devel
Obsoletes:	SSLeay-perl
Obsoletes:	libopenssl0
%if "%{pld_release}" == "ac"
Conflicts:	neon < 0.26.3-3
Conflicts:	ntpd < 4.2.4p8-10
Conflicts:	openssh-clients < 2:5.8p1-9
Conflicts:	openssh-server < 2:5.8p1-9
%else
Conflicts:	neon < 0.29.6-8
Conflicts:	openssh-clients < 2:6.2p2-3
Conflicts:	openssh-server < 2:6.2p2-3
%endif
BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)

%description
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and Open Source toolkit implementing
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
v1) protocols with full-strength cryptography world-wide. The project
is managed by a worldwide community of volunteers that use the
Internet to communicate, plan, and develop the OpenSSL tookit and its
related documentation.

OpenSSL is based on the excellent SSLeay library developed by Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style licence, which basically means that you are free to get
and use it for commercial and non-commercial purposes subject to some
simple license conditions.

This package contains shared libraries only, install openssl-tools if
you want to use openssl cmdline tool.

%description -l de.UTF-8
Openssl enthält das OpenSSL Zertifikatsmanagementtool und shared
libraries, die verschiedene Verschlüsselungs- und
Entschlüsselungsalgorithmen und -protokolle, wie DES, RC4, RSA und SSL
zur Verfügung stellen.

%description -l es.UTF-8
Biblioteca C que suministra algoritmos y protocolos criptográficos.

%description -l fr.UTF-8
OpenSSL est un outiil de gestion des certificats et les librairies
partagees qui fournit plusieurs protocoles et algorithmes de
codage/decodage, incluant DES, RC4, RSA et SSL.

%description -l pl.UTF-8
Implementacja protokołów kryptograficznych Secure Socket Layer (SSL)
v2/v3 oraz Transport Layer Security (TLS v1).

%description -l pt_BR.UTF-8
Uma biblioteca C que fornece vários algoritmos e protocolos
criptográficos, incluindo DES, RC4, RSA e SSL. Inclui bibliotecas
compartilhadas e utilitários.

%description -l ru.UTF-8
Программа openssl для работы с сертификатами и разделяемые библиотеки,
которые реализуют множетсво криптографических алгоритмов, включая DES,
RC4, RSA и SSL.

%description -l uk.UTF-8
Програма openssl для роботи з сертифікатами та бібліотеки спільного
користування, що реалізують велику кількість криптографічних
алгоритмів, включаючи DES, RC4, RSA та SSL.

%package engines
Summary:	OpenSSL optional crypto engines
Summary(pl.UTF-8):	Opcjonalne silniki kryptograficzne dla OpenSSL-a
Group:		Libraries
Requires:	%{name} = %{version}-%{release}

%description engines
With OpenSSL 0.9.6, a new component was added to support alternative
cryptography implementations, most commonly for interfacing with
external crypto devices (eg. accelerator cards). This component is
called ENGINE.

There are currently built-in ENGINE implementations for the following
crypto devices:

- CryptoSwift
- Compaq Atalla
- nCipher CHIL
- Nuron
- Broadcom uBSec

In addition, dynamic binding to external ENGINE implementations is now
provided by a special ENGINE called "dynamic".

%description engines -l pl.UTF-8
Począwszy od OpenSSL-a 0.9.6 został dodany nowy komponent, mający
wspierać alternatywne implementacje kryptografii, przeważnie
współpracujące z zewnętrznymi urządzeniami kryptograficznymi (np.
kartami akceleratorów). Komponent ten jest nazywany SILNIKIEM (ang.
ENGINE).

Obecnie istnieją wbudowane implementacje silników dla następujących
urządzeń kryptograficznych:
- CryptoSwift
- Compaq Atalla
- nCipher CHIL
- Nuron
- Broadcom uBSec

Ponadto zapewnione jest dynamiczne wiązanie dla zewnętrznych
implementacji silników poprzez specjalny silnik o nazwie "dynamic".

%package tools
Summary:	OpenSSL command line tool and utilities
Summary(pl.UTF-8):	Zestaw narzędzi i skryptów
Group:		Applications/Communications
Requires:	%{name} = %{version}-%{release}
Requires:	which

%description tools
The OpenSSL Toolkit cmdline tool openssl and utility scripts.

%description tools -l pl.UTF-8
Zestaw narzędzi i skryptów wywoływanych z linii poleceń.

%package tools-perl
Summary:	OpenSSL utilities written in Perl
Summary(pl.UTF-8):	Narzędzia OpenSSL napisane w perlu
Group:		Applications/Communications
Requires:	%{name} = %{version}-%{release}

%description tools-perl
OpenSSL Toolkit tools written in Perl.

%description tools-perl -l pl.UTF-8
Narzędzia OpenSSL napisane w perlu.

%package devel
Summary:	Development part of OpenSSL Toolkit libraries
Summary(de.UTF-8):	Secure Sockets Layer Kommunikationslibrary: statische libraries+header
Summary(es.UTF-8):	Bibliotecas y archivos de inclusión para desarrollo OpenSSL
Summary(fr.UTF-8):	Librairies statiques, headers et utilitaires pour communication SSL
Summary(pl.UTF-8):	Część bibiloteki OpenSSL przeznaczona dla programistów
Summary(pt_BR.UTF-8):	Bibliotecas e arquivos de inclusão para desenvolvimento OpenSSL
Summary(ru.UTF-8):	Библиотеки, хедеры и утилиты для Secure Sockets Layer
Summary(uk.UTF-8):	Бібліотеки, хедери та утиліти для Secure Sockets Layer
Group:		Development/Libraries
Requires:	%{name} = %{version}-%{release}
Obsoletes:	libopenssl0-devel

%description devel
Development part of OpenSSL library.

%description devel -l es.UTF-8
Bibliotecas y archivos de inclusión para desarrollo OpenSSL

%description devel -l pl.UTF-8
Część biblioteki OpenSSL przeznaczona dla programistów.

%description devel -l pt_BR.UTF-8
Uma biblioteca C que fornece vários algoritmos e protocolos
criptográficos, incluindo DES, RC4, RSA e SSL. Inclui bibliotecas e
arquivos de inclusão para desenvolvimento.

%description devel -l ru.UTF-8
Программа openssl для работы с сертификатами и разделяемые библиотеки,
которые реализуют множетсво криптографических алгоритмов, включая DES,
RC4, RSA и SSL. Включает библиотеки и хедеры для разработки приложений
с использованием SSL.

%description devel -l uk.UTF-8
Програма openssl для роботи з сертифікатами та бібліотеки спільного
користування, що реалізують велику кількість криптографічних
алгоритмів, включаючи DES, RC4, RSA та SSL. Містить бібліотеки та
хедери для розробки програм з використанням SSL.

%package static
Summary:	Static OpenSSL libraries
Summary(pl.UTF-8):	Statyczne wersje bibliotek z OpenSSL
Summary(pt_BR.UTF-8):	Bibliotecas estáticas para desenvolvimento com openssl
Summary(ru.UTF-8):	Статические библиотеки разработчика для OpenSSL
Summary(uk.UTF-8):	Статичні бібліотеки програміста для OpenSSL
Group:		Development/Libraries
Requires:	%{name}-devel = %{version}-%{release}

%description static
Static OpenSSL Toolkit libraries.

%description static -l pl.UTF-8
Statyczne wersje bibliotek z OpenSSL.

%description static -l pt_BR.UTF-8
Bibliotecas estáticas para desenvolvimento com openssl.

%description static -l ru.UTF-8
Программа openssl для работы с сертификатами и разделяемые библиотеки,
которые реализуют множетсво криптографических алгоритмов, включая DES,
RC4, RSA и SSL. Включает статические библиотеки для разработки
приложений с использованием OpenSSL.

%description static -l uk.UTF-8
Програма openssl для роботи з сертифікатами та бібліотеки спільного
користування, що реалізують велику кількість криптографічних
алгоритмів, включаючи DES, RC4, RSA та SSL. Містить статичні
бібліотеки для розробки програм з використанням SSL.

%prep
%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch10 -p1

sed -i -e 's|\$prefix/\$libdir/engines|/%{_lib}/engines|g' Configure

# fix packaging error
# https://github.com/openssl/openssl/issues/491
ln -s . test/openssl-1.0.2e

# also pod2man missing
# https://github.com/openssl/openssl/issues/490
install -p %{SOURCE1} util

# https://github.com/openssl/openssl/issues/493
install -p %{SOURCE11} test

%build
touch Makefile.*

%{__perl} util/perlpath.pl %{__perl}

OPTFLAGS="%{rpmcflags} %{rpmcppflags} %{?with_purify:-DPURIFY}" \
PERL="%{__perl}" \
%{__perl} ./Configure \
	--openssldir=%{_sysconfdir}/%{name} \
	--libdir=%{_lib} \
	shared \
	threads \
	%{!?with_sslv2:no-ssl2} \
	%{!?with_sslv3:no-ssl3} \
	%{!?with_zlib:no-}zlib \
	enable-camelia \
	enable-cms \
	enable-idea \
	enable-md2 \
	enable-mdc2 \
	enable-rc5 \
	enable-rfc3779 \
	enable-seed \
	enable-tlsext \
%ifarch %{x8664}
	enable-ec_nistp_64_gcc_128 \
%endif
%ifarch %{ix86}
%ifarch i386
	386 linux-elf
# ^- allow running on 80386 (default code uses bswapl available on i486+)
%else
	linux-elf
%endif
%endif
%ifarch alpha
	linux-alpha+bwx-gcc
%endif
%ifarch %{x8664}
	linux-x86_64
%endif
%ifarch x32
	linux-x32
%endif
%ifarch ia64
	linux-ia64
%endif
%ifarch ppc
	linux-ppc
%endif
%ifarch ppc64
	linux-ppc64
%endif
%ifarch sparc
	linux-sparcv8
%endif
%ifarch sparcv9
	linux-sparcv9
%endif
%ifarch sparc64
	linux64-sparcv9
%endif
%ifarch armv4 armv5 armv5t armv5te armv5tel
	linux-armv4
%endif

%{__make} -j1 all rehash %{?with_tests:tests} \
	CC="%{__cc}" \
	ASFLAG='$(CFLAG) -Wa,--noexecstack' \
	INSTALLTOP=%{_prefix}

# Rename POD sources of man pages. "openssl_" prefix is added to each
# manpage to avoid potential conflicts with other packages.

for dir in doc/{apps,ssl,crypto}; do
	cd $dir || exit 1;
	%{__perl} -pi -e 's/(\W)((?<!openssl_)\w+)(\(\d\))/$1openssl_$2$3/g; s/openssl_openssl/openssl/g;' *.pod;

	for pod in !(openssl*).pod; do
		mv -f $pod openssl_$pod;
	done
	cd ../..
done

%install
rm -rf $RPM_BUILD_ROOT
install -d $RPM_BUILD_ROOT{%{_sysconfdir}/%{name},%{_libdir}/%{name}} \
	$RPM_BUILD_ROOT{%{_mandir}/{pl/man1,man{1,3,5,7}},%{_datadir}/ssl} \
	$RPM_BUILD_ROOT/%{_lib}/engines \
	$RPM_BUILD_ROOT%{_pkgconfigdir}

%{__make} -j1 install \
	INSTALLTOP=%{_prefix} \
	INSTALL_PREFIX=$RPM_BUILD_ROOT \
	MANDIR=%{_mandir}

mv -f $RPM_BUILD_ROOT%{_libdir}/engines/* $RPM_BUILD_ROOT/%{_lib}/engines
mv -f $RPM_BUILD_ROOT%{_libdir}/lib*.so.*.* $RPM_BUILD_ROOT/%{_lib}
ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libcrypto.*.*) $RPM_BUILD_ROOT%{_libdir}/libcrypto.so
ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libssl.*.*) $RPM_BUILD_ROOT%{_libdir}/libssl.so

mv -f $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc/* $RPM_BUILD_ROOT%{_libdir}/%{name}
rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc

# not installed as individual utilities (see openssl dgst instead)
%{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/{dss1,md2,md4,md5,mdc2,ripemd160,sha,sha1,sha224,sha256,sha384,sha512}.1

cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_mandir}/pl/man1/openssl.1
install -p %{SOURCE3} $RPM_BUILD_ROOT%{_bindir}/ssl-certificate
install -p %{SOURCE4} $RPM_BUILD_ROOT%{_bindir}/c_rehash.sh

%clean
rm -rf $RPM_BUILD_ROOT

%post   -p /sbin/ldconfig
%postun -p /sbin/ldconfig

%triggerpostun -- %{name}-tools < 1.0.0-5
# the hashing format has changed in 1.0.0
[ ! -x %{_sbindir}/update-ca-certificates ] || %{_sbindir}/update-ca-certificates --fresh || :

%triggerpostun -- %{name} < 0.9.8i-2
# don't do anything on --downgrade
if [ $1 -le 1 ]; then
	exit 0
fi
if [ -d /var/lib/openssl/certs ] ; then
	mv /var/lib/openssl/certs/* %{_sysconfdir}/%{name}/certs 2>/dev/null || :
fi
if [ -d /var/lib/openssl/private ] ; then
	mv /var/lib/openssl/private/* %{_sysconfdir}/%{name}/private 2>/dev/null || :
fi
if [ -d /var/lib/openssl ] ; then
	for f in /var/lib/openssl/* ; do
		[ -f "$f" ] && mv "$f" %{_sysconfdir}/%{name} 2>/dev/null || :
	done
	rmdir /var/lib/openssl/* 2>/dev/null || :
	rmdir /var/lib/openssl 2>/dev/null || :
fi

%files
%defattr(644,root,root,755)
%doc CHANGES CHANGES.SSLeay LICENSE NEWS README doc/*.txt
#%doc doc/openssl_button.gif doc/openssl_button.html
%attr(755,root,root) /%{_lib}/libcrypto.so.*.*.*
%attr(755,root,root) /%{_lib}/libssl.so.*.*.*
%dir %{_sysconfdir}/%{name}
%dir %{_sysconfdir}/%{name}/certs
%dir %{_sysconfdir}/%{name}/private
%dir %{_datadir}/ssl

%files engines
%defattr(644,root,root,755)
%dir /%{_lib}/engines
%attr(755,root,root) /%{_lib}/engines/*.so

%files tools
%defattr(644,root,root,755)
%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/openssl.cnf
%attr(755,root,root) %{_bindir}/c_rehash.sh
%attr(755,root,root) %{_bindir}/openssl
%attr(754,root,root) %{_bindir}/ssl-certificate

%dir %{_libdir}/%{name}
%attr(755,root,root) %{_libdir}/%{name}/CA.sh
%attr(755,root,root) %{_libdir}/%{name}/c_hash
%attr(755,root,root) %{_libdir}/%{name}/c_info
%attr(755,root,root) %{_libdir}/%{name}/c_issuer
%attr(755,root,root) %{_libdir}/%{name}/c_name

%{_mandir}/man1/openssl.1*
%{_mandir}/man1/openssl_asn1parse.1*
%{_mandir}/man1/openssl_ca.1*
%{_mandir}/man1/openssl_ciphers.1*
%{_mandir}/man1/openssl_cms.1*
%{_mandir}/man1/openssl_crl.1*
%{_mandir}/man1/openssl_crl2pkcs7.1*
%{_mandir}/man1/openssl_dgst.1*
%{_mandir}/man1/openssl_dhparam.1*
%{_mandir}/man1/openssl_dsa.1*
%{_mandir}/man1/openssl_dsaparam.1*
%{_mandir}/man1/openssl_ec.1*
%{_mandir}/man1/openssl_ecparam.1*
%{_mandir}/man1/openssl_enc.1*
%{_mandir}/man1/openssl_errstr.1*
%{_mandir}/man1/openssl_gendsa.1*
%{_mandir}/man1/openssl_genpkey.1*
%{_mandir}/man1/openssl_genrsa.1*
%{_mandir}/man1/openssl_nseq.1*
%{_mandir}/man1/openssl_ocsp.1*
%{_mandir}/man1/openssl_passwd.1*
%{_mandir}/man1/openssl_pkcs12.1*
%{_mandir}/man1/openssl_pkcs7.1*
%{_mandir}/man1/openssl_pkcs8.1*
%{_mandir}/man1/openssl_pkey.1*
%{_mandir}/man1/openssl_pkeyparam.1*
%{_mandir}/man1/openssl_pkeyutl.1*
%{_mandir}/man1/openssl_rand.1*
%{_mandir}/man1/openssl_req.1*
%{_mandir}/man1/openssl_rsa.1*
%{_mandir}/man1/openssl_rsautl.1*
%{_mandir}/man1/openssl_s_client.1*
%{_mandir}/man1/openssl_s_server.1*
%{_mandir}/man1/openssl_s_time.1*
%{_mandir}/man1/openssl_sess_id.1*
%{_mandir}/man1/openssl_smime.1*
%{_mandir}/man1/openssl_speed.1*
%{_mandir}/man1/openssl_spkac.1*
%{_mandir}/man1/openssl_ts.1*
%{_mandir}/man1/openssl_tsget.1*
%{_mandir}/man1/openssl_verify.1*
%{_mandir}/man1/openssl_version.1*
%{_mandir}/man1/openssl_x509.1*
%{_mandir}/man5/openssl_config.5*
%{_mandir}/man5/openssl_x509v3_config.5*
%lang(pl) %{_mandir}/pl/man1/openssl.1*

%files tools-perl
%defattr(644,root,root,755)
%attr(755,root,root) %{_bindir}/c_rehash
%attr(755,root,root) %{_libdir}/%{name}/CA.pl
%attr(755,root,root) %{_libdir}/%{name}/tsget
%{_mandir}/man1/openssl_CA.pl.1*
%{_mandir}/man1/openssl_c_rehash.1*

%files devel
%defattr(644,root,root,755)
%attr(755,root,root) %{_libdir}/libcrypto.so
%attr(755,root,root) %{_libdir}/libssl.so
%{_includedir}/%{name}
%{_pkgconfigdir}/libcrypto.pc
%{_pkgconfigdir}/libssl.pc
%{_pkgconfigdir}/openssl.pc
%{_mandir}/man3/openssl*.3*
%{_mandir}/man7/openssl_des_modes.7*

%files static
%defattr(644,root,root,755)
%{_libdir}/libcrypto.a
%{_libdir}/libssl.a
Commit	Line	Data
	1	# TODO
	2	# - consider dropping last optflags.patch hunk and return to SOMAJOR (.so.1) sonames
	3	# - find a way to simplify (drop) openssl-optflags.patch, it's pain to update here in pld
	4	#
	5	# Conditional build:
	6	%bcond_without tests # don't perform "make tests"
	7	%bcond_without zlib # zlib: note - enables CVE-2012-4929 vulnerability
	8	%bcond_without sslv2 # SSLv2: note - many flaws http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_2.0
	9	%bcond_without sslv3 # SSLv3: note - enables CVE-2014-3566 vulnerability
	10	%bcond_with purify # Compile openssl with "-DPURIFY", useful when one wants to
	11	# use valgrind debugger against openssl-linked programs
	12
	13	%include /usr/lib/rpm/macros.perl
	14	Summary: OpenSSL Toolkit libraries for the "Secure Sockets Layer" (SSL v2/v3)
	15	Summary(de.UTF-8): Secure Sockets Layer (SSL)-Kommunikationslibrary
	16	Summary(es.UTF-8): Biblioteca C que suministra algoritmos y protocolos criptográficos
	17	Summary(fr.UTF-8): Utilitaires de communication SSL (Secure Sockets Layer)
	18	Summary(pl.UTF-8): Biblioteki OpenSSL (SSL v2/v3)
	19	Summary(pt_BR.UTF-8): Uma biblioteca C que fornece vários algoritmos e protocolos criptográficos
	20	Summary(ru.UTF-8): Библиотеки и утилиты для соединений через Secure Sockets Layer
	21	Summary(uk.UTF-8): Бібліотеки та утиліти для з'єднань через Secure Sockets Layer
	22	Name: openssl
	23	# 1.0.2 will be LTS release
	24	# Version 1.0.2 will be supported until 2019-12-31.
	25	# https://www.openssl.org/about/releasestrat.html
	26	Version: 1.0.2e
	27	Release: 1
	28	License: Apache-like
	29	Group: Libraries
	30	Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
	31	# Source0-md5: 2218c1a6f807f7206c11eb3ee3a5ec80
	32	Source1: https://raw.githubusercontent.com/openssl/openssl/OpenSSL_1_0_2-stable/util/pod2mantest
	33	# Source1-md5: 0811d285202cebe91003771475802b4f
	34	Source11: https://raw.githubusercontent.com/openssl/openssl/OpenSSL_1_0_2-stable/test/bctest
	35	# Source11-md5: ca85ae891de94faa821c2c6f4dba7f5a
	36	Source2: %{name}.1.pl
	37	Source3: %{name}-ssl-certificate.sh
	38	Source4: %{name}-c_rehash.sh
	39	Patch0: %{name}-alpha-ccc.patch
	40	Patch1: %{name}-optflags.patch
	41	Patch2: %{name}-include.patch
	42	Patch3: %{name}-man-namespace.patch
	43	Patch4: %{name}-asflag.patch
	44	Patch5: %{name}-ca-certificates.patch
	45	Patch6: %{name}-ldflags.patch
	46	Patch7: %{name}-find.patch
	47	Patch8: pic.patch
	48	Patch10: %{name}_fix_for_x32.patch
	49	URL: http://www.openssl.org/
	50	BuildRequires: bc
	51	BuildRequires: perl-devel >= 1:5.6.1
	52	BuildRequires: rpm-perlprov >= 4.1-13
	53	BuildRequires: rpmbuild(macros) >= 1.213
	54	BuildRequires: sed >= 4.0
	55	Requires: ca-certificates >= 20080809-4
	56	Requires: rpm-whiteout >= 1.7
	57	Obsoletes: SSLeay
	58	Obsoletes: SSLeay-devel
	59	Obsoletes: SSLeay-perl
	60	Obsoletes: libopenssl0
	61	%if "%{pld_release}" == "ac"
	62	Conflicts: neon < 0.26.3-3
	63	Conflicts: ntpd < 4.2.4p8-10
	64	Conflicts: openssh-clients < 2:5.8p1-9
	65	Conflicts: openssh-server < 2:5.8p1-9
	66	%else
	67	Conflicts: neon < 0.29.6-8
	68	Conflicts: openssh-clients < 2:6.2p2-3
	69	Conflicts: openssh-server < 2:6.2p2-3
	70	%endif
	71	BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
	72
	73	%description
	74	The OpenSSL Project is a collaborative effort to develop a robust,
	75	commercial-grade, full-featured, and Open Source toolkit implementing
	76	the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
	77	v1) protocols with full-strength cryptography world-wide. The project
	78	is managed by a worldwide community of volunteers that use the
	79	Internet to communicate, plan, and develop the OpenSSL tookit and its
	80	related documentation.
	81
	82	OpenSSL is based on the excellent SSLeay library developed by Eric A.
	83	Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
	84	Apache-style licence, which basically means that you are free to get
	85	and use it for commercial and non-commercial purposes subject to some
	86	simple license conditions.
	87
	88	This package contains shared libraries only, install openssl-tools if
	89	you want to use openssl cmdline tool.
	90
	91	%description -l de.UTF-8
	92	Openssl enthält das OpenSSL Zertifikatsmanagementtool und shared
	93	libraries, die verschiedene Verschlüsselungs- und
	94	Entschlüsselungsalgorithmen und -protokolle, wie DES, RC4, RSA und SSL
	95	zur Verfügung stellen.
	96
	97	%description -l es.UTF-8
	98	Biblioteca C que suministra algoritmos y protocolos criptográficos.
	99
	100	%description -l fr.UTF-8
	101	OpenSSL est un outiil de gestion des certificats et les librairies
	102	partagees qui fournit plusieurs protocoles et algorithmes de
	103	codage/decodage, incluant DES, RC4, RSA et SSL.
	104
	105	%description -l pl.UTF-8
	106	Implementacja protokołów kryptograficznych Secure Socket Layer (SSL)
	107	v2/v3 oraz Transport Layer Security (TLS v1).
	108
	109	%description -l pt_BR.UTF-8
	110	Uma biblioteca C que fornece vários algoritmos e protocolos
	111	criptográficos, incluindo DES, RC4, RSA e SSL. Inclui bibliotecas
	112	compartilhadas e utilitários.
	113
	114	%description -l ru.UTF-8
	115	Программа openssl для работы с сертификатами и разделяемые библиотеки,
	116	которые реализуют множетсво криптографических алгоритмов, включая DES,
	117	RC4, RSA и SSL.
	118
	119	%description -l uk.UTF-8
	120	Програма openssl для роботи з сертифікатами та бібліотеки спільного
	121	користування, що реалізують велику кількість криптографічних
	122	алгоритмів, включаючи DES, RC4, RSA та SSL.
	123
	124	%package engines
	125	Summary: OpenSSL optional crypto engines
	126	Summary(pl.UTF-8): Opcjonalne silniki kryptograficzne dla OpenSSL-a
	127	Group: Libraries
	128	Requires: %{name} = %{version}-%{release}
	129
	130	%description engines
	131	With OpenSSL 0.9.6, a new component was added to support alternative
	132	cryptography implementations, most commonly for interfacing with
	133	external crypto devices (eg. accelerator cards). This component is
	134	called ENGINE.
	135
	136	There are currently built-in ENGINE implementations for the following
	137	crypto devices:
	138
	139	- CryptoSwift
	140	- Compaq Atalla
	141	- nCipher CHIL
	142	- Nuron
	143	- Broadcom uBSec
	144
	145	In addition, dynamic binding to external ENGINE implementations is now
	146	provided by a special ENGINE called "dynamic".
	147
	148	%description engines -l pl.UTF-8
	149	Począwszy od OpenSSL-a 0.9.6 został dodany nowy komponent, mający
	150	wspierać alternatywne implementacje kryptografii, przeważnie
	151	współpracujące z zewnętrznymi urządzeniami kryptograficznymi (np.
	152	kartami akceleratorów). Komponent ten jest nazywany SILNIKIEM (ang.
	153	ENGINE).
	154
	155	Obecnie istnieją wbudowane implementacje silników dla następujących
	156	urządzeń kryptograficznych:
	157	- CryptoSwift
	158	- Compaq Atalla
	159	- nCipher CHIL
	160	- Nuron
	161	- Broadcom uBSec
	162
	163	Ponadto zapewnione jest dynamiczne wiązanie dla zewnętrznych
	164	implementacji silników poprzez specjalny silnik o nazwie "dynamic".
	165
	166	%package tools
	167	Summary: OpenSSL command line tool and utilities
	168	Summary(pl.UTF-8): Zestaw narzędzi i skryptów
	169	Group: Applications/Communications
	170	Requires: %{name} = %{version}-%{release}
	171	Requires: which
	172
	173	%description tools
	174	The OpenSSL Toolkit cmdline tool openssl and utility scripts.
	175
	176	%description tools -l pl.UTF-8
	177	Zestaw narzędzi i skryptów wywoływanych z linii poleceń.
	178
	179	%package tools-perl
	180	Summary: OpenSSL utilities written in Perl
	181	Summary(pl.UTF-8): Narzędzia OpenSSL napisane w perlu
	182	Group: Applications/Communications
	183	Requires: %{name} = %{version}-%{release}
	184
	185	%description tools-perl
	186	OpenSSL Toolkit tools written in Perl.
	187
	188	%description tools-perl -l pl.UTF-8
	189	Narzędzia OpenSSL napisane w perlu.
	190
	191	%package devel
	192	Summary: Development part of OpenSSL Toolkit libraries
	193	Summary(de.UTF-8): Secure Sockets Layer Kommunikationslibrary: statische libraries+header
	194	Summary(es.UTF-8): Bibliotecas y archivos de inclusión para desarrollo OpenSSL
	195	Summary(fr.UTF-8): Librairies statiques, headers et utilitaires pour communication SSL
	196	Summary(pl.UTF-8): Część bibiloteki OpenSSL przeznaczona dla programistów
	197	Summary(pt_BR.UTF-8): Bibliotecas e arquivos de inclusão para desenvolvimento OpenSSL
	198	Summary(ru.UTF-8): Библиотеки, хедеры и утилиты для Secure Sockets Layer
	199	Summary(uk.UTF-8): Бібліотеки, хедери та утиліти для Secure Sockets Layer
	200	Group: Development/Libraries
	201	Requires: %{name} = %{version}-%{release}
	202	Obsoletes: libopenssl0-devel
	203
	204	%description devel
	205	Development part of OpenSSL library.
	206
	207	%description devel -l es.UTF-8
	208	Bibliotecas y archivos de inclusión para desarrollo OpenSSL
	209
	210	%description devel -l pl.UTF-8
	211	Część biblioteki OpenSSL przeznaczona dla programistów.
	212
	213	%description devel -l pt_BR.UTF-8
	214	Uma biblioteca C que fornece vários algoritmos e protocolos
	215	criptográficos, incluindo DES, RC4, RSA e SSL. Inclui bibliotecas e
	216	arquivos de inclusão para desenvolvimento.
	217
	218	%description devel -l ru.UTF-8
	219	Программа openssl для работы с сертификатами и разделяемые библиотеки,
	220	которые реализуют множетсво криптографических алгоритмов, включая DES,
	221	RC4, RSA и SSL. Включает библиотеки и хедеры для разработки приложений
	222	с использованием SSL.
	223
	224	%description devel -l uk.UTF-8
	225	Програма openssl для роботи з сертифікатами та бібліотеки спільного
	226	користування, що реалізують велику кількість криптографічних
	227	алгоритмів, включаючи DES, RC4, RSA та SSL. Містить бібліотеки та
	228	хедери для розробки програм з використанням SSL.
	229
	230	%package static
	231	Summary: Static OpenSSL libraries
	232	Summary(pl.UTF-8): Statyczne wersje bibliotek z OpenSSL
	233	Summary(pt_BR.UTF-8): Bibliotecas estáticas para desenvolvimento com openssl
	234	Summary(ru.UTF-8): Статические библиотеки разработчика для OpenSSL
	235	Summary(uk.UTF-8): Статичні бібліотеки програміста для OpenSSL
	236	Group: Development/Libraries
	237	Requires: %{name}-devel = %{version}-%{release}
	238
	239	%description static
	240	Static OpenSSL Toolkit libraries.
	241
	242	%description static -l pl.UTF-8
	243	Statyczne wersje bibliotek z OpenSSL.
	244
	245	%description static -l pt_BR.UTF-8
	246	Bibliotecas estáticas para desenvolvimento com openssl.
	247
	248	%description static -l ru.UTF-8
	249	Программа openssl для работы с сертификатами и разделяемые библиотеки,
	250	которые реализуют множетсво криптографических алгоритмов, включая DES,
	251	RC4, RSA и SSL. Включает статические библиотеки для разработки
	252	приложений с использованием OpenSSL.
	253
	254	%description static -l uk.UTF-8
	255	Програма openssl для роботи з сертифікатами та бібліотеки спільного
	256	користування, що реалізують велику кількість криптографічних
	257	алгоритмів, включаючи DES, RC4, RSA та SSL. Містить статичні
	258	бібліотеки для розробки програм з використанням SSL.
	259
	260	%prep
	261	%setup -q
	262	%patch0 -p1
	263	%patch1 -p1
	264	%patch2 -p1
	265	%patch3 -p1
	266	%patch4 -p1
	267	%patch5 -p1
	268	%patch6 -p1
	269	%patch7 -p1
	270	%patch8 -p1
	271	%patch10 -p1
	272
	273	sed -i -e 's\|\$prefix/\$libdir/engines\|/%{_lib}/engines\|g' Configure
	274
	275	# fix packaging error
	276	# https://github.com/openssl/openssl/issues/491
	277	ln -s . test/openssl-1.0.2e
	278
	279	# also pod2man missing
	280	# https://github.com/openssl/openssl/issues/490
	281	install -p %{SOURCE1} util
	282
	283	# https://github.com/openssl/openssl/issues/493
	284	install -p %{SOURCE11} test
	285
	286	%build
	287	touch Makefile.*
	288
	289	%{__perl} util/perlpath.pl %{__perl}
	290
	291	OPTFLAGS="%{rpmcflags} %{rpmcppflags} %{?with_purify:-DPURIFY}" \
	292	PERL="%{__perl}" \
	293	%{__perl} ./Configure \
	294	--openssldir=%{_sysconfdir}/%{name} \
	295	--libdir=%{_lib} \
	296	shared \
	297	threads \
	298	%{!?with_sslv2:no-ssl2} \
	299	%{!?with_sslv3:no-ssl3} \
	300	%{!?with_zlib:no-}zlib \
	301	enable-camelia \
	302	enable-cms \
	303	enable-idea \
	304	enable-md2 \
	305	enable-mdc2 \
	306	enable-rc5 \
	307	enable-rfc3779 \
	308	enable-seed \
	309	enable-tlsext \
	310	%ifarch %{x8664}
	311	enable-ec_nistp_64_gcc_128 \
	312	%endif
	313	%ifarch %{ix86}
	314	%ifarch i386
	315	386 linux-elf
	316	# ^- allow running on 80386 (default code uses bswapl available on i486+)
	317	%else
	318	linux-elf
	319	%endif
	320	%endif
	321	%ifarch alpha
	322	linux-alpha+bwx-gcc
	323	%endif
	324	%ifarch %{x8664}
	325	linux-x86_64
	326	%endif
	327	%ifarch x32
	328	linux-x32
	329	%endif
	330	%ifarch ia64
	331	linux-ia64
	332	%endif
	333	%ifarch ppc
	334	linux-ppc
	335	%endif
	336	%ifarch ppc64
	337	linux-ppc64
	338	%endif
	339	%ifarch sparc
	340	linux-sparcv8
	341	%endif
	342	%ifarch sparcv9
	343	linux-sparcv9
	344	%endif
	345	%ifarch sparc64
	346	linux64-sparcv9
	347	%endif
	348	%ifarch armv4 armv5 armv5t armv5te armv5tel
	349	linux-armv4
	350	%endif
	351
	352	%{__make} -j1 all rehash %{?with_tests:tests} \
	353	CC="%{__cc}" \
	354	ASFLAG='$(CFLAG) -Wa,--noexecstack' \
	355	INSTALLTOP=%{_prefix}
	356
	357	# Rename POD sources of man pages. "openssl_" prefix is added to each
	358	# manpage to avoid potential conflicts with other packages.
	359
	360	for dir in doc/{apps,ssl,crypto}; do
	361	cd $dir \|\| exit 1;
	362	%{__perl} -pi -e 's/(\W)((?<!openssl_)\w+)(\(\d\))/$1openssl_$2$3/g; s/openssl_openssl/openssl/g;' *.pod;
	363
	364	for pod in !(openssl*).pod; do
	365	mv -f $pod openssl_$pod;
	366	done
	367	cd ../..
	368	done
	369
	370	%install
	371	rm -rf $RPM_BUILD_ROOT
	372	install -d $RPM_BUILD_ROOT{%{_sysconfdir}/%{name},%{_libdir}/%{name}} \
	373	$RPM_BUILD_ROOT{%{_mandir}/{pl/man1,man{1,3,5,7}},%{_datadir}/ssl} \
	374	$RPM_BUILD_ROOT/%{_lib}/engines \
	375	$RPM_BUILD_ROOT%{_pkgconfigdir}
	376
	377	%{__make} -j1 install \
	378	INSTALLTOP=%{_prefix} \
	379	INSTALL_PREFIX=$RPM_BUILD_ROOT \
	380	MANDIR=%{_mandir}
	381
	382	mv -f $RPM_BUILD_ROOT%{_libdir}/engines/* $RPM_BUILD_ROOT/%{_lib}/engines
	383	mv -f $RPM_BUILD_ROOT%{_libdir}/lib.so..* $RPM_BUILD_ROOT/%{_lib}
	384	ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libcrypto..) $RPM_BUILD_ROOT%{_libdir}/libcrypto.so
	385	ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libssl..) $RPM_BUILD_ROOT%{_libdir}/libssl.so
	386
	387	mv -f $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc/* $RPM_BUILD_ROOT%{_libdir}/%{name}
	388	rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc
	389
	390	# not installed as individual utilities (see openssl dgst instead)
	391	%{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/{dss1,md2,md4,md5,mdc2,ripemd160,sha,sha1,sha224,sha256,sha384,sha512}.1
	392
	393	cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_mandir}/pl/man1/openssl.1
	394	install -p %{SOURCE3} $RPM_BUILD_ROOT%{_bindir}/ssl-certificate
	395	install -p %{SOURCE4} $RPM_BUILD_ROOT%{_bindir}/c_rehash.sh
	396
	397	%clean
	398	rm -rf $RPM_BUILD_ROOT
	399
	400	%post -p /sbin/ldconfig
	401	%postun -p /sbin/ldconfig
	402
	403	%triggerpostun -- %{name}-tools < 1.0.0-5
	404	# the hashing format has changed in 1.0.0
	405	[ ! -x %{_sbindir}/update-ca-certificates ] \|\| %{_sbindir}/update-ca-certificates --fresh \|\| :
	406
	407	%triggerpostun -- %{name} < 0.9.8i-2
	408	# don't do anything on --downgrade
	409	if [ $1 -le 1 ]; then
	410	exit 0
	411	fi
	412	if [ -d /var/lib/openssl/certs ] ; then
	413	mv /var/lib/openssl/certs/* %{_sysconfdir}/%{name}/certs 2>/dev/null \|\| :
	414	fi
	415	if [ -d /var/lib/openssl/private ] ; then
	416	mv /var/lib/openssl/private/* %{_sysconfdir}/%{name}/private 2>/dev/null \|\| :
	417	fi
	418	if [ -d /var/lib/openssl ] ; then
	419	for f in /var/lib/openssl/* ; do
	420	[ -f "$f" ] && mv "$f" %{_sysconfdir}/%{name} 2>/dev/null \|\| :
	421	done
	422	rmdir /var/lib/openssl/* 2>/dev/null \|\| :
	423	rmdir /var/lib/openssl 2>/dev/null \|\| :
	424	fi
	425
	426	%files
	427	%defattr(644,root,root,755)
	428	%doc CHANGES CHANGES.SSLeay LICENSE NEWS README doc/*.txt
	429	#%doc doc/openssl_button.gif doc/openssl_button.html
	430	%attr(755,root,root) /%{_lib}/libcrypto.so...*
	431	%attr(755,root,root) /%{_lib}/libssl.so...*
	432	%dir %{_sysconfdir}/%{name}
	433	%dir %{_sysconfdir}/%{name}/certs
	434	%dir %{_sysconfdir}/%{name}/private
	435	%dir %{_datadir}/ssl
	436
	437	%files engines
	438	%defattr(644,root,root,755)
	439	%dir /%{_lib}/engines
	440	%attr(755,root,root) /%{_lib}/engines/*.so
	441
	442	%files tools
	443	%defattr(644,root,root,755)
	444	%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/openssl.cnf
	445	%attr(755,root,root) %{_bindir}/c_rehash.sh
	446	%attr(755,root,root) %{_bindir}/openssl
	447	%attr(754,root,root) %{_bindir}/ssl-certificate
	448
	449	%dir %{_libdir}/%{name}
	450	%attr(755,root,root) %{_libdir}/%{name}/CA.sh
	451	%attr(755,root,root) %{_libdir}/%{name}/c_hash
	452	%attr(755,root,root) %{_libdir}/%{name}/c_info
	453	%attr(755,root,root) %{_libdir}/%{name}/c_issuer
	454	%attr(755,root,root) %{_libdir}/%{name}/c_name
	455
	456	%{_mandir}/man1/openssl.1*
	457	%{_mandir}/man1/openssl_asn1parse.1*
	458	%{_mandir}/man1/openssl_ca.1*
	459	%{_mandir}/man1/openssl_ciphers.1*
	460	%{_mandir}/man1/openssl_cms.1*
	461	%{_mandir}/man1/openssl_crl.1*
	462	%{_mandir}/man1/openssl_crl2pkcs7.1*
	463	%{_mandir}/man1/openssl_dgst.1*
	464	%{_mandir}/man1/openssl_dhparam.1*
	465	%{_mandir}/man1/openssl_dsa.1*
	466	%{_mandir}/man1/openssl_dsaparam.1*
	467	%{_mandir}/man1/openssl_ec.1*
	468	%{_mandir}/man1/openssl_ecparam.1*
	469	%{_mandir}/man1/openssl_enc.1*
	470	%{_mandir}/man1/openssl_errstr.1*
	471	%{_mandir}/man1/openssl_gendsa.1*
	472	%{_mandir}/man1/openssl_genpkey.1*
	473	%{_mandir}/man1/openssl_genrsa.1*
	474	%{_mandir}/man1/openssl_nseq.1*
	475	%{_mandir}/man1/openssl_ocsp.1*
	476	%{_mandir}/man1/openssl_passwd.1*
	477	%{_mandir}/man1/openssl_pkcs12.1*
	478	%{_mandir}/man1/openssl_pkcs7.1*
	479	%{_mandir}/man1/openssl_pkcs8.1*
	480	%{_mandir}/man1/openssl_pkey.1*
	481	%{_mandir}/man1/openssl_pkeyparam.1*
	482	%{_mandir}/man1/openssl_pkeyutl.1*
	483	%{_mandir}/man1/openssl_rand.1*
	484	%{_mandir}/man1/openssl_req.1*
	485	%{_mandir}/man1/openssl_rsa.1*
	486	%{_mandir}/man1/openssl_rsautl.1*
	487	%{_mandir}/man1/openssl_s_client.1*
	488	%{_mandir}/man1/openssl_s_server.1*
	489	%{_mandir}/man1/openssl_s_time.1*
	490	%{_mandir}/man1/openssl_sess_id.1*
	491	%{_mandir}/man1/openssl_smime.1*
	492	%{_mandir}/man1/openssl_speed.1*
	493	%{_mandir}/man1/openssl_spkac.1*
	494	%{_mandir}/man1/openssl_ts.1*
	495	%{_mandir}/man1/openssl_tsget.1*
	496	%{_mandir}/man1/openssl_verify.1*
	497	%{_mandir}/man1/openssl_version.1*
	498	%{_mandir}/man1/openssl_x509.1*
	499	%{_mandir}/man5/openssl_config.5*
	500	%{_mandir}/man5/openssl_x509v3_config.5*
	501	%lang(pl) %{_mandir}/pl/man1/openssl.1*
	502
	503	%files tools-perl
	504	%defattr(644,root,root,755)
	505	%attr(755,root,root) %{_bindir}/c_rehash
	506	%attr(755,root,root) %{_libdir}/%{name}/CA.pl
	507	%attr(755,root,root) %{_libdir}/%{name}/tsget
	508	%{_mandir}/man1/openssl_CA.pl.1*
	509	%{_mandir}/man1/openssl_c_rehash.1*
	510
	511	%files devel
	512	%defattr(644,root,root,755)
	513	%attr(755,root,root) %{_libdir}/libcrypto.so
	514	%attr(755,root,root) %{_libdir}/libssl.so
	515	%{_includedir}/%{name}
	516	%{_pkgconfigdir}/libcrypto.pc
	517	%{_pkgconfigdir}/libssl.pc
	518	%{_pkgconfigdir}/openssl.pc
	519	%{_mandir}/man3/openssl.3
	520	%{_mandir}/man7/openssl_des_modes.7*
	521
	522	%files static
	523	%defattr(644,root,root,755)
	524	%{_libdir}/libcrypto.a
	525	%{_libdir}/libssl.a