[packages/openssl.git] / openssl.spec

# TODO
# - consider dropping last optflags.patch hunk and return to SOMAJOR (.so.1) sonames
# - find a way to simplify (drop) openssl-optflags.patch, it's pain to update here in pld
# - pass our cflags (currently built with -O3)
#
# Conditional build:
%bcond_without	tests	# don't perform "make tests"
%bcond_without	zlib	# zlib: note - enables CVE-2012-4929 vulnerability
%bcond_without	sslv2	# SSLv2: note - many flaws http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_2.0
%bcond_without	sslv3	# SSLv3: note - enables  CVE-2014-3566 vulnerability
%bcond_with	purify	# Compile openssl with "-DPURIFY", useful when one wants to
			# use valgrind debugger against openssl-linked programs
%bcond_with	snap	# use GitHub snapshot to build branch release

%define		rel		0.1
%include	/usr/lib/rpm/macros.perl
Summary:	OpenSSL Toolkit libraries for the "Secure Sockets Layer" (SSL v2/v3)
Summary(de.UTF-8):	Secure Sockets Layer (SSL)-Kommunikationslibrary
Summary(es.UTF-8):	Biblioteca C que suministra algoritmos y protocolos criptográficos
Summary(fr.UTF-8):	Utilitaires de communication SSL (Secure Sockets Layer)
Summary(pl.UTF-8):	Biblioteki OpenSSL (SSL v2/v3)
Summary(pt_BR.UTF-8):	Uma biblioteca C que fornece vários algoritmos e protocolos criptográficos
Summary(ru.UTF-8):	Библиотеки и утилиты для соединений через Secure Sockets Layer
Summary(uk.UTF-8):	Бібліотеки та утиліти для з'єднань через Secure Sockets Layer
Name:		openssl
# Version 1.1.0 will be supported until 2018-08-31.
# https://www.openssl.org/about/releasestrat.html
Version:	1.1.0a
Release:	1
License:	Apache-like
Group:		Libraries
%if %{without snap}
Source0:	https://www.openssl.org/source/%{name}-%{version}.tar.gz
# Source0-md5:	38a0bf2883ab4951acb15b1886b7f5aa
%else
Source1:	https://github.com/openssl/openssl/archive/OpenSSL_1_1_0-stable/%{name}-%{version}-dev.tar.gz
%endif
Source2:	%{name}.1.pl
Source3:	%{name}-ssl-certificate.sh
Source4:	%{name}-c_rehash.sh
Patch0:		%{name}-alpha-ccc.patch
Patch1:		%{name}-optflags.patch
Patch2:		%{name}-include.patch
Patch3:		%{name}-man-namespace.patch
Patch4:		%{name}-asflag.patch
Patch5:		%{name}-ca-certificates.patch
Patch6:		%{name}-ldflags.patch
Patch7:		%{name}-find.patch
Patch8:		pic.patch
Patch10:	%{name}_fix_for_x32.patch
Patch11:	engines-dir.patch
URL:		http://www.openssl.org/
BuildRequires:	perl-devel >= 1:5.10.0
BuildRequires:	pkgconfig
BuildRequires:	rpm-perlprov >= 4.1-13
BuildRequires:	rpmbuild(macros) >= 1.213
BuildRequires:	sed >= 4.0
BuildRequires:	zlib-devel
Requires:	ca-certificates >= 20120623-1.1
Requires:	rpm-whiteout >= 1.7
Obsoletes:	SSLeay
Obsoletes:	SSLeay-devel
Obsoletes:	SSLeay-perl
Obsoletes:	libopenssl0
%if "%{pld_release}" == "ac"
Conflicts:	neon < 0.26.3-3
Conflicts:	ntpd < 4.2.4p8-10
Conflicts:	openssh-clients < 2:5.8p1-9
Conflicts:	openssh-server < 2:5.8p1-9
%else
Conflicts:	neon < 0.29.6-8
Conflicts:	openssh-clients < 2:6.2p2-3
Conflicts:	openssh-server < 2:6.2p2-3
%endif
BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)

%description
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and Open Source toolkit implementing
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
v1) protocols with full-strength cryptography world-wide. The project
is managed by a worldwide community of volunteers that use the
Internet to communicate, plan, and develop the OpenSSL tookit and its
related documentation.

OpenSSL is based on the excellent SSLeay library developed by Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style licence, which basically means that you are free to get
and use it for commercial and non-commercial purposes subject to some
simple license conditions.

This package contains shared libraries only, install openssl-tools if
you want to use openssl cmdline tool.

%description -l de.UTF-8
Openssl enthält das OpenSSL Zertifikatsmanagementtool und shared
libraries, die verschiedene Verschlüsselungs- und
Entschlüsselungsalgorithmen und -protokolle, wie DES, RC4, RSA und SSL
zur Verfügung stellen.

%description -l es.UTF-8
Biblioteca C que suministra algoritmos y protocolos criptográficos.

%description -l fr.UTF-8
OpenSSL est un outiil de gestion des certificats et les librairies
partagees qui fournit plusieurs protocoles et algorithmes de
codage/decodage, incluant DES, RC4, RSA et SSL.

%description -l pl.UTF-8
Implementacja protokołów kryptograficznych Secure Socket Layer (SSL)
v2/v3 oraz Transport Layer Security (TLS v1).

%description -l pt_BR.UTF-8
Uma biblioteca C que fornece vários algoritmos e protocolos
criptográficos, incluindo DES, RC4, RSA e SSL. Inclui bibliotecas
compartilhadas e utilitários.

%description -l ru.UTF-8
Программа openssl для работы с сертификатами и разделяемые библиотеки,
которые реализуют множетсво криптографических алгоритмов, включая DES,
RC4, RSA и SSL.

%description -l uk.UTF-8
Програма openssl для роботи з сертифікатами та бібліотеки спільного
користування, що реалізують велику кількість криптографічних
алгоритмів, включаючи DES, RC4, RSA та SSL.

%package engines
Summary:	OpenSSL optional crypto engines
Summary(pl.UTF-8):	Opcjonalne silniki kryptograficzne dla OpenSSL-a
Group:		Libraries
Requires:	%{name} = %{version}-%{release}

%description engines
With OpenSSL 0.9.6, a new component was added to support alternative
cryptography implementations, most commonly for interfacing with
external crypto devices (eg. accelerator cards). This component is
called ENGINE.

There are currently built-in ENGINE implementations for the following
crypto devices:

- CryptoSwift
- Compaq Atalla
- nCipher CHIL
- Nuron
- Broadcom uBSec

In addition, dynamic binding to external ENGINE implementations is now
provided by a special ENGINE called "dynamic".

%description engines -l pl.UTF-8
Począwszy od OpenSSL-a 0.9.6 został dodany nowy komponent, mający
wspierać alternatywne implementacje kryptografii, przeważnie
współpracujące z zewnętrznymi urządzeniami kryptograficznymi (np.
kartami akceleratorów). Komponent ten jest nazywany SILNIKIEM (ang.
ENGINE).

Obecnie istnieją wbudowane implementacje silników dla następujących
urządzeń kryptograficznych:
- CryptoSwift
- Compaq Atalla
- nCipher CHIL
- Nuron
- Broadcom uBSec

Ponadto zapewnione jest dynamiczne wiązanie dla zewnętrznych
implementacji silników poprzez specjalny silnik o nazwie "dynamic".

%package tools
Summary:	OpenSSL command line tool and utilities
Summary(pl.UTF-8):	Zestaw narzędzi i skryptów
Group:		Applications/Communications
Requires:	%{name} = %{version}-%{release}
Requires:	which

%description tools
The OpenSSL Toolkit cmdline tool openssl and utility scripts.

%description tools -l pl.UTF-8
Zestaw narzędzi i skryptów wywoływanych z linii poleceń.

%package tools-perl
Summary:	OpenSSL utilities written in Perl
Summary(pl.UTF-8):	Narzędzia OpenSSL napisane w perlu
Group:		Applications/Communications
Requires:	%{name} = %{version}-%{release}

%description tools-perl
OpenSSL Toolkit tools written in Perl.

%description tools-perl -l pl.UTF-8
Narzędzia OpenSSL napisane w perlu.

%package devel
Summary:	Development part of OpenSSL Toolkit libraries
Summary(de.UTF-8):	Secure Sockets Layer Kommunikationslibrary: statische libraries+header
Summary(es.UTF-8):	Bibliotecas y archivos de inclusión para desarrollo OpenSSL
Summary(fr.UTF-8):	Librairies statiques, headers et utilitaires pour communication SSL
Summary(pl.UTF-8):	Część bibiloteki OpenSSL przeznaczona dla programistów
Summary(pt_BR.UTF-8):	Bibliotecas e arquivos de inclusão para desenvolvimento OpenSSL
Summary(ru.UTF-8):	Библиотеки, хедеры и утилиты для Secure Sockets Layer
Summary(uk.UTF-8):	Бібліотеки, хедери та утиліти для Secure Sockets Layer
Group:		Development/Libraries
Requires:	%{name} = %{version}-%{release}
Obsoletes:	libopenssl0-devel

%description devel
Development part of OpenSSL library.

%description devel -l es.UTF-8
Bibliotecas y archivos de inclusión para desarrollo OpenSSL

%description devel -l pl.UTF-8
Część biblioteki OpenSSL przeznaczona dla programistów.

%description devel -l pt_BR.UTF-8
Uma biblioteca C que fornece vários algoritmos e protocolos
criptográficos, incluindo DES, RC4, RSA e SSL. Inclui bibliotecas e
arquivos de inclusão para desenvolvimento.

%description devel -l ru.UTF-8
Программа openssl для работы с сертификатами и разделяемые библиотеки,
которые реализуют множетсво криптографических алгоритмов, включая DES,
RC4, RSA и SSL. Включает библиотеки и хедеры для разработки приложений
с использованием SSL.

%description devel -l uk.UTF-8
Програма openssl для роботи з сертифікатами та бібліотеки спільного
користування, що реалізують велику кількість криптографічних
алгоритмів, включаючи DES, RC4, RSA та SSL. Містить бібліотеки та
хедери для розробки програм з використанням SSL.

%package static
Summary:	Static OpenSSL libraries
Summary(pl.UTF-8):	Statyczne wersje bibliotek z OpenSSL
Summary(pt_BR.UTF-8):	Bibliotecas estáticas para desenvolvimento com openssl
Summary(ru.UTF-8):	Статические библиотеки разработчика для OpenSSL
Summary(uk.UTF-8):	Статичні бібліотеки програміста для OpenSSL
Group:		Development/Libraries
Requires:	%{name}-devel = %{version}-%{release}

%description static
Static OpenSSL Toolkit libraries.

%description static -l pl.UTF-8
Statyczne wersje bibliotek z OpenSSL.

%description static -l pt_BR.UTF-8
Bibliotecas estáticas para desenvolvimento com openssl.

%description static -l ru.UTF-8
Программа openssl для работы с сертификатами и разделяемые библиотеки,
которые реализуют множетсво криптографических алгоритмов, включая DES,
RC4, RSA и SSL. Включает статические библиотеки для разработки
приложений с использованием OpenSSL.

%description static -l uk.UTF-8
Програма openssl для роботи з сертифікатами та бібліотеки спільного
користування, що реалізують велику кількість криптографічних
алгоритмів, включаючи DES, RC4, RSA та SSL. Містить статичні
бібліотеки для розробки програм з використанням SSL.

%prep
%if %{with snap}
%setup -qcT -a1
mv %{name}-OpenSSL_1_1_0-stable/* .
%else
%setup -q %{?subver:-n %{name}-%{version}-%{subver}}
%endif
#%patch0 -p1 # alpha patch from year 2000 - drop it
#%patch1 -p1 # flags list has been nuked (thank god!)
#%patch2 -p1 # openssl include subdir. check this
#%patch3 -p1 # patched Makefile.org no longer exists
#%patch4 -p1 # patched Makefile.org no longer exists
#%patch5 -p1 # check
#%patch6 -p1 # patched Makefile.org no longer exists
%patch7 -p1
%patch8 -p1
%ifarch x32
%patch10 -p1
%endif
%patch11 -p1

%build
touch Makefile.*

# util/perlpath.pl no longer exists
#%{__perl} util/perlpath.pl %{__perl}

OPTFLAGS="%{rpmcflags} %{rpmcppflags} %{?with_purify:-DPURIFY}" \
PERL="%{__perl}" \
%{__perl} ./Configure \
	--prefix=%{_prefix} \
	--openssldir=%{_sysconfdir}/%{name} \
	--libdir=%{_lib} \
	shared \
	threads \
	%{?with_sslv2:enable-ssl2}%{!?with_sslv2:no-ssl2} \
	%{?with_sslv3:enable-ssl3}%{!?with_sslv3:no-ssl3} \
	%{!?with_zlib:no-}zlib \
	enable-cms \
	enable-idea \
	enable-md2 \
	enable-mdc2 \
	enable-rc5 \
	enable-rfc3779 \
	enable-seed \
%ifarch %{x8664}
	enable-ec_nistp_64_gcc_128 \
%endif
%ifarch %{ix86}
%ifarch i386
	386 linux-elf
# ^- allow running on 80386 (default code uses bswapl available on i486+)
%else
	linux-elf
%endif
%endif
%ifarch alpha
	linux-alpha+bwx-gcc
%endif
%ifarch %{x8664}
	linux-x86_64
%endif
%ifarch x32
	linux-x32
%endif
%ifarch ia64
	linux-ia64
%endif
%ifarch ppc
	linux-ppc
%endif
%ifarch ppc64
	linux-ppc64
%endif
%ifarch sparc
	linux-sparcv8
%endif
%ifarch sparcv9
	linux-sparcv9
%endif
%ifarch sparc64
	linux64-sparcv9
%endif
%ifarch armv4 armv5 armv5t armv5te armv5tel
	linux-armv4
%endif

v=$(awk -F= '/^VERSION/{print $2}' Makefile)
test "$v" = %{version}%{?subver:-%{subver}}%{?with_snap:-dev}

%{__make} -j1 all %{?with_tests:tests} \
	CC="%{__cc}" \
	ASFLAG='$(CFLAG) -Wa,--noexecstack' \
	INSTALLTOP=%{_prefix}

# Rename POD sources of man pages. "openssl_" prefix is added to each
# manpage to avoid potential conflicts with other packages.

for dir in doc/{apps,ssl,crypto}; do
	cd $dir || exit 1;
	%{__perl} -pi -e 's/(\W)((?<!openssl_)\w+)(\(\d\))/$1openssl_$2$3/g; s/openssl_openssl/openssl/g;' *.pod;

	for pod in !(openssl*).pod; do
		mv -f $pod openssl_$pod;
	done
	cd ../..
done

%install
rm -rf $RPM_BUILD_ROOT
install -d $RPM_BUILD_ROOT{%{_sysconfdir}/%{name},%{_libdir}/%{name}} \
	$RPM_BUILD_ROOT{%{_mandir}/{pl/man1,man{1,3,5,7}},%{_datadir}/ssl} \
	$RPM_BUILD_ROOT%{_pkgconfigdir}

%{__make} -j1 install \
	CC="%{__cc}" \
	ASFLAG='$(CFLAG) -Wa,--noexecstack' \
	DESTDIR=$RPM_BUILD_ROOT \

mv -f $RPM_BUILD_ROOT%{_libdir}/lib*.so.*.* $RPM_BUILD_ROOT/%{_lib}
ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libcrypto.*.*) $RPM_BUILD_ROOT%{_libdir}/libcrypto.so
ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libssl.*.*) $RPM_BUILD_ROOT%{_libdir}/libssl.so

mv -f $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc/* $RPM_BUILD_ROOT%{_libdir}/%{name}
rm -r $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc

# html version of man pages - not packaged
%{__rm} -r $RPM_BUILD_ROOT%{_docdir}/%{name}/html/man[1357]

# not installed as individual utilities (see openssl dgst instead)
%{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/{md4,md5,mdc2,ripemd160,sha,sha1,sha224,sha256,sha384,sha512}.1

cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_mandir}/pl/man1/openssl.1
install -p %{SOURCE3} $RPM_BUILD_ROOT%{_bindir}/ssl-certificate
install -p %{SOURCE4} $RPM_BUILD_ROOT%{_bindir}/c_rehash.sh

%clean
rm -rf $RPM_BUILD_ROOT

%post   -p /sbin/ldconfig
%postun -p /sbin/ldconfig

%triggerpostun -- %{name}-tools < 1.0.0-5
# the hashing format has changed in 1.0.0
[ ! -x %{_sbindir}/update-ca-certificates ] || %{_sbindir}/update-ca-certificates --fresh || :

%triggerpostun -- %{name} < 0.9.8i-2
# don't do anything on --downgrade
if [ $1 -le 1 ]; then
	exit 0
fi
if [ -d /var/lib/openssl/certs ] ; then
	mv /var/lib/openssl/certs/* %{_sysconfdir}/%{name}/certs 2>/dev/null || :
fi
if [ -d /var/lib/openssl/private ] ; then
	mv /var/lib/openssl/private/* %{_sysconfdir}/%{name}/private 2>/dev/null || :
fi
if [ -d /var/lib/openssl ] ; then
	for f in /var/lib/openssl/* ; do
		[ -f "$f" ] && mv "$f" %{_sysconfdir}/%{name} 2>/dev/null || :
	done
	rmdir /var/lib/openssl/* 2>/dev/null || :
	rmdir /var/lib/openssl 2>/dev/null || :
fi

%files
%defattr(644,root,root,755)
%doc CHANGES LICENSE NEWS README doc/*.txt
%attr(755,root,root) /%{_lib}/libcrypto.so.*.*
%attr(755,root,root) /%{_lib}/libssl.so.*.*
%dir %{_sysconfdir}/%{name}
%dir %{_sysconfdir}/%{name}/certs
%dir %attr(700,root,root) %{_sysconfdir}/%{name}/private
%dir %{_datadir}/ssl

%files engines
%defattr(644,root,root,755)
%dir /%{_lib}/engines-1.1
%attr(755,root,root) /%{_lib}/engines-1.1/*.so

%files tools
%defattr(644,root,root,755)
%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/openssl.cnf
%attr(755,root,root) %{_bindir}/c_rehash.sh
%attr(755,root,root) %{_bindir}/openssl
%attr(754,root,root) %{_bindir}/ssl-certificate

%dir %{_libdir}/%{name}
#%attr(755,root,root) %{_libdir}/%{name}/CA.sh
#%attr(755,root,root) %{_libdir}/%{name}/c_hash
#%attr(755,root,root) %{_libdir}/%{name}/c_info
#%attr(755,root,root) %{_libdir}/%{name}/c_issuer
#%attr(755,root,root) %{_libdir}/%{name}/c_name

%{_mandir}/man1/openssl.1*
%{_mandir}/man1/openssl_asn1parse.1*
%{_mandir}/man1/openssl_ca.1*
%{_mandir}/man1/openssl_ciphers.1*
%{_mandir}/man1/openssl_cms.1*
%{_mandir}/man1/openssl_crl.1*
%{_mandir}/man1/openssl_crl2pkcs7.1*
%{_mandir}/man1/openssl_dgst.1*
%{_mandir}/man1/openssl_dhparam.1*
%{_mandir}/man1/openssl_dsa.1*
%{_mandir}/man1/openssl_dsaparam.1*
%{_mandir}/man1/openssl_ec.1*
%{_mandir}/man1/openssl_ecparam.1*
%{_mandir}/man1/openssl_enc.1*
%{_mandir}/man1/openssl_errstr.1*
%{_mandir}/man1/openssl_gendsa.1*
%{_mandir}/man1/openssl_genpkey.1*
%{_mandir}/man1/openssl_genrsa.1*
%{_mandir}/man1/openssl_nseq.1*
%{_mandir}/man1/openssl_ocsp.1*
%{_mandir}/man1/openssl_passwd.1*
%{_mandir}/man1/openssl_pkcs12.1*
%{_mandir}/man1/openssl_pkcs7.1*
%{_mandir}/man1/openssl_pkcs8.1*
%{_mandir}/man1/openssl_pkey.1*
%{_mandir}/man1/openssl_pkeyparam.1*
%{_mandir}/man1/openssl_pkeyutl.1*
%{_mandir}/man1/openssl_rand.1*
%{_mandir}/man1/openssl_req.1*
%{_mandir}/man1/openssl_rsa.1*
%{_mandir}/man1/openssl_rsautl.1*
%{_mandir}/man1/openssl_s_client.1*
%{_mandir}/man1/openssl_s_server.1*
%{_mandir}/man1/openssl_s_time.1*
%{_mandir}/man1/openssl_sess_id.1*
%{_mandir}/man1/openssl_smime.1*
%{_mandir}/man1/openssl_speed.1*
%{_mandir}/man1/openssl_spkac.1*
%{_mandir}/man1/openssl_ts.1*
%{_mandir}/man1/openssl_tsget.1*
%{_mandir}/man1/openssl_verify.1*
%{_mandir}/man1/openssl_version.1*
%{_mandir}/man1/openssl_x509.1*
%{_mandir}/man5/openssl_config.5*
%{_mandir}/man5/openssl_x509v3_config.5*
%lang(pl) %{_mandir}/pl/man1/openssl.1*

%files tools-perl
%defattr(644,root,root,755)
%attr(755,root,root) %{_bindir}/c_rehash
%attr(755,root,root) %{_libdir}/%{name}/CA.pl
%attr(755,root,root) %{_libdir}/%{name}/tsget
%{_mandir}/man1/openssl_CA.pl.1*
#%{_mandir}/man1/openssl_c_rehash.1*

%files devel
%defattr(644,root,root,755)
%attr(755,root,root) %{_libdir}/libcrypto.so
%attr(755,root,root) %{_libdir}/libssl.so
%{_includedir}/%{name}
%{_pkgconfigdir}/libcrypto.pc
%{_pkgconfigdir}/libssl.pc
%{_pkgconfigdir}/openssl.pc
%if 1
%{_mandir}/man3/*.3*
%{_mandir}/man7/*.7*
%else
%{_mandir}/man3/openssl*.3*
%{_mandir}/man7/openssl_des_modes.7*
%endif

%files static
%defattr(644,root,root,755)
%{_libdir}/libcrypto.a
%{_libdir}/libssl.a
Commit	Line	Data
	1	# TODO
	2	# - consider dropping last optflags.patch hunk and return to SOMAJOR (.so.1) sonames
	3	# - find a way to simplify (drop) openssl-optflags.patch, it's pain to update here in pld
	4	# - pass our cflags (currently built with -O3)
	5	#
	6	# Conditional build:
	7	%bcond_without tests # don't perform "make tests"
	8	%bcond_without zlib # zlib: note - enables CVE-2012-4929 vulnerability
	9	%bcond_without sslv2 # SSLv2: note - many flaws http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_2.0
	10	%bcond_without sslv3 # SSLv3: note - enables CVE-2014-3566 vulnerability
	11	%bcond_with purify # Compile openssl with "-DPURIFY", useful when one wants to
	12	# use valgrind debugger against openssl-linked programs
	13	%bcond_with snap # use GitHub snapshot to build branch release
	14
	15	%define rel 0.1
	16	%include /usr/lib/rpm/macros.perl
	17	Summary: OpenSSL Toolkit libraries for the "Secure Sockets Layer" (SSL v2/v3)
	18	Summary(de.UTF-8): Secure Sockets Layer (SSL)-Kommunikationslibrary
	19	Summary(es.UTF-8): Biblioteca C que suministra algoritmos y protocolos criptográficos
	20	Summary(fr.UTF-8): Utilitaires de communication SSL (Secure Sockets Layer)
	21	Summary(pl.UTF-8): Biblioteki OpenSSL (SSL v2/v3)
	22	Summary(pt_BR.UTF-8): Uma biblioteca C que fornece vários algoritmos e protocolos criptográficos
	23	Summary(ru.UTF-8): Библиотеки и утилиты для соединений через Secure Sockets Layer
	24	Summary(uk.UTF-8): Бібліотеки та утиліти для з'єднань через Secure Sockets Layer
	25	Name: openssl
	26	# Version 1.1.0 will be supported until 2018-08-31.
	27	# https://www.openssl.org/about/releasestrat.html
	28	Version: 1.1.0a
	29	Release: 1
	30	License: Apache-like
	31	Group: Libraries
	32	%if %{without snap}
	33	Source0: https://www.openssl.org/source/%{name}-%{version}.tar.gz
	34	# Source0-md5: 38a0bf2883ab4951acb15b1886b7f5aa
	35	%else
	36	Source1: https://github.com/openssl/openssl/archive/OpenSSL_1_1_0-stable/%{name}-%{version}-dev.tar.gz
	37	%endif
	38	Source2: %{name}.1.pl
	39	Source3: %{name}-ssl-certificate.sh
	40	Source4: %{name}-c_rehash.sh
	41	Patch0: %{name}-alpha-ccc.patch
	42	Patch1: %{name}-optflags.patch
	43	Patch2: %{name}-include.patch
	44	Patch3: %{name}-man-namespace.patch
	45	Patch4: %{name}-asflag.patch
	46	Patch5: %{name}-ca-certificates.patch
	47	Patch6: %{name}-ldflags.patch
	48	Patch7: %{name}-find.patch
	49	Patch8: pic.patch
	50	Patch10: %{name}_fix_for_x32.patch
	51	Patch11: engines-dir.patch
	52	URL: http://www.openssl.org/
	53	BuildRequires: perl-devel >= 1:5.10.0
	54	BuildRequires: pkgconfig
	55	BuildRequires: rpm-perlprov >= 4.1-13
	56	BuildRequires: rpmbuild(macros) >= 1.213
	57	BuildRequires: sed >= 4.0
	58	BuildRequires: zlib-devel
	59	Requires: ca-certificates >= 20120623-1.1
	60	Requires: rpm-whiteout >= 1.7
	61	Obsoletes: SSLeay
	62	Obsoletes: SSLeay-devel
	63	Obsoletes: SSLeay-perl
	64	Obsoletes: libopenssl0
	65	%if "%{pld_release}" == "ac"
	66	Conflicts: neon < 0.26.3-3
	67	Conflicts: ntpd < 4.2.4p8-10
	68	Conflicts: openssh-clients < 2:5.8p1-9
	69	Conflicts: openssh-server < 2:5.8p1-9
	70	%else
	71	Conflicts: neon < 0.29.6-8
	72	Conflicts: openssh-clients < 2:6.2p2-3
	73	Conflicts: openssh-server < 2:6.2p2-3
	74	%endif
	75	BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
	76
	77	%description
	78	The OpenSSL Project is a collaborative effort to develop a robust,
	79	commercial-grade, full-featured, and Open Source toolkit implementing
	80	the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
	81	v1) protocols with full-strength cryptography world-wide. The project
	82	is managed by a worldwide community of volunteers that use the
	83	Internet to communicate, plan, and develop the OpenSSL tookit and its
	84	related documentation.
	85
	86	OpenSSL is based on the excellent SSLeay library developed by Eric A.
	87	Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
	88	Apache-style licence, which basically means that you are free to get
	89	and use it for commercial and non-commercial purposes subject to some
	90	simple license conditions.
	91
	92	This package contains shared libraries only, install openssl-tools if
	93	you want to use openssl cmdline tool.
	94
	95	%description -l de.UTF-8
	96	Openssl enthält das OpenSSL Zertifikatsmanagementtool und shared
	97	libraries, die verschiedene Verschlüsselungs- und
	98	Entschlüsselungsalgorithmen und -protokolle, wie DES, RC4, RSA und SSL
	99	zur Verfügung stellen.
	100
	101	%description -l es.UTF-8
	102	Biblioteca C que suministra algoritmos y protocolos criptográficos.
	103
	104	%description -l fr.UTF-8
	105	OpenSSL est un outiil de gestion des certificats et les librairies
	106	partagees qui fournit plusieurs protocoles et algorithmes de
	107	codage/decodage, incluant DES, RC4, RSA et SSL.
	108
	109	%description -l pl.UTF-8
	110	Implementacja protokołów kryptograficznych Secure Socket Layer (SSL)
	111	v2/v3 oraz Transport Layer Security (TLS v1).
	112
	113	%description -l pt_BR.UTF-8
	114	Uma biblioteca C que fornece vários algoritmos e protocolos
	115	criptográficos, incluindo DES, RC4, RSA e SSL. Inclui bibliotecas
	116	compartilhadas e utilitários.
	117
	118	%description -l ru.UTF-8
	119	Программа openssl для работы с сертификатами и разделяемые библиотеки,
	120	которые реализуют множетсво криптографических алгоритмов, включая DES,
	121	RC4, RSA и SSL.
	122
	123	%description -l uk.UTF-8
	124	Програма openssl для роботи з сертифікатами та бібліотеки спільного
	125	користування, що реалізують велику кількість криптографічних
	126	алгоритмів, включаючи DES, RC4, RSA та SSL.
	127
	128	%package engines
	129	Summary: OpenSSL optional crypto engines
	130	Summary(pl.UTF-8): Opcjonalne silniki kryptograficzne dla OpenSSL-a
	131	Group: Libraries
	132	Requires: %{name} = %{version}-%{release}
	133
	134	%description engines
	135	With OpenSSL 0.9.6, a new component was added to support alternative
	136	cryptography implementations, most commonly for interfacing with
	137	external crypto devices (eg. accelerator cards). This component is
	138	called ENGINE.
	139
	140	There are currently built-in ENGINE implementations for the following
	141	crypto devices:
	142
	143	- CryptoSwift
	144	- Compaq Atalla
	145	- nCipher CHIL
	146	- Nuron
	147	- Broadcom uBSec
	148
	149	In addition, dynamic binding to external ENGINE implementations is now
	150	provided by a special ENGINE called "dynamic".
	151
	152	%description engines -l pl.UTF-8
	153	Począwszy od OpenSSL-a 0.9.6 został dodany nowy komponent, mający
	154	wspierać alternatywne implementacje kryptografii, przeważnie
	155	współpracujące z zewnętrznymi urządzeniami kryptograficznymi (np.
	156	kartami akceleratorów). Komponent ten jest nazywany SILNIKIEM (ang.
	157	ENGINE).
	158
	159	Obecnie istnieją wbudowane implementacje silników dla następujących
	160	urządzeń kryptograficznych:
	161	- CryptoSwift
	162	- Compaq Atalla
	163	- nCipher CHIL
	164	- Nuron
	165	- Broadcom uBSec
	166
	167	Ponadto zapewnione jest dynamiczne wiązanie dla zewnętrznych
	168	implementacji silników poprzez specjalny silnik o nazwie "dynamic".
	169
	170	%package tools
	171	Summary: OpenSSL command line tool and utilities
	172	Summary(pl.UTF-8): Zestaw narzędzi i skryptów
	173	Group: Applications/Communications
	174	Requires: %{name} = %{version}-%{release}
	175	Requires: which
	176
	177	%description tools
	178	The OpenSSL Toolkit cmdline tool openssl and utility scripts.
	179
	180	%description tools -l pl.UTF-8
	181	Zestaw narzędzi i skryptów wywoływanych z linii poleceń.
	182
	183	%package tools-perl
	184	Summary: OpenSSL utilities written in Perl
	185	Summary(pl.UTF-8): Narzędzia OpenSSL napisane w perlu
	186	Group: Applications/Communications
	187	Requires: %{name} = %{version}-%{release}
	188
	189	%description tools-perl
	190	OpenSSL Toolkit tools written in Perl.
	191
	192	%description tools-perl -l pl.UTF-8
	193	Narzędzia OpenSSL napisane w perlu.
	194
	195	%package devel
	196	Summary: Development part of OpenSSL Toolkit libraries
	197	Summary(de.UTF-8): Secure Sockets Layer Kommunikationslibrary: statische libraries+header
	198	Summary(es.UTF-8): Bibliotecas y archivos de inclusión para desarrollo OpenSSL
	199	Summary(fr.UTF-8): Librairies statiques, headers et utilitaires pour communication SSL
	200	Summary(pl.UTF-8): Część bibiloteki OpenSSL przeznaczona dla programistów
	201	Summary(pt_BR.UTF-8): Bibliotecas e arquivos de inclusão para desenvolvimento OpenSSL
	202	Summary(ru.UTF-8): Библиотеки, хедеры и утилиты для Secure Sockets Layer
	203	Summary(uk.UTF-8): Бібліотеки, хедери та утиліти для Secure Sockets Layer
	204	Group: Development/Libraries
	205	Requires: %{name} = %{version}-%{release}
	206	Obsoletes: libopenssl0-devel
	207
	208	%description devel
	209	Development part of OpenSSL library.
	210
	211	%description devel -l es.UTF-8
	212	Bibliotecas y archivos de inclusión para desarrollo OpenSSL
	213
	214	%description devel -l pl.UTF-8
	215	Część biblioteki OpenSSL przeznaczona dla programistów.
	216
	217	%description devel -l pt_BR.UTF-8
	218	Uma biblioteca C que fornece vários algoritmos e protocolos
	219	criptográficos, incluindo DES, RC4, RSA e SSL. Inclui bibliotecas e
	220	arquivos de inclusão para desenvolvimento.
	221
	222	%description devel -l ru.UTF-8
	223	Программа openssl для работы с сертификатами и разделяемые библиотеки,
	224	которые реализуют множетсво криптографических алгоритмов, включая DES,
	225	RC4, RSA и SSL. Включает библиотеки и хедеры для разработки приложений
	226	с использованием SSL.
	227
	228	%description devel -l uk.UTF-8
	229	Програма openssl для роботи з сертифікатами та бібліотеки спільного
	230	користування, що реалізують велику кількість криптографічних
	231	алгоритмів, включаючи DES, RC4, RSA та SSL. Містить бібліотеки та
	232	хедери для розробки програм з використанням SSL.
	233
	234	%package static
	235	Summary: Static OpenSSL libraries
	236	Summary(pl.UTF-8): Statyczne wersje bibliotek z OpenSSL
	237	Summary(pt_BR.UTF-8): Bibliotecas estáticas para desenvolvimento com openssl
	238	Summary(ru.UTF-8): Статические библиотеки разработчика для OpenSSL
	239	Summary(uk.UTF-8): Статичні бібліотеки програміста для OpenSSL
	240	Group: Development/Libraries
	241	Requires: %{name}-devel = %{version}-%{release}
	242
	243	%description static
	244	Static OpenSSL Toolkit libraries.
	245
	246	%description static -l pl.UTF-8
	247	Statyczne wersje bibliotek z OpenSSL.
	248
	249	%description static -l pt_BR.UTF-8
	250	Bibliotecas estáticas para desenvolvimento com openssl.
	251
	252	%description static -l ru.UTF-8
	253	Программа openssl для работы с сертификатами и разделяемые библиотеки,
	254	которые реализуют множетсво криптографических алгоритмов, включая DES,
	255	RC4, RSA и SSL. Включает статические библиотеки для разработки
	256	приложений с использованием OpenSSL.
	257
	258	%description static -l uk.UTF-8
	259	Програма openssl для роботи з сертифікатами та бібліотеки спільного
	260	користування, що реалізують велику кількість криптографічних
	261	алгоритмів, включаючи DES, RC4, RSA та SSL. Містить статичні
	262	бібліотеки для розробки програм з використанням SSL.
	263
	264	%prep
	265	%if %{with snap}
	266	%setup -qcT -a1
	267	mv %{name}-OpenSSL_1_1_0-stable/* .
	268	%else
	269	%setup -q %{?subver:-n %{name}-%{version}-%{subver}}
	270	%endif
	271	#%patch0 -p1 # alpha patch from year 2000 - drop it
	272	#%patch1 -p1 # flags list has been nuked (thank god!)
	273	#%patch2 -p1 # openssl include subdir. check this
	274	#%patch3 -p1 # patched Makefile.org no longer exists
	275	#%patch4 -p1 # patched Makefile.org no longer exists
	276	#%patch5 -p1 # check
	277	#%patch6 -p1 # patched Makefile.org no longer exists
	278	%patch7 -p1
	279	%patch8 -p1
	280	%ifarch x32
	281	%patch10 -p1
	282	%endif
	283	%patch11 -p1
	284
	285	%build
	286	touch Makefile.*
	287
	288	# util/perlpath.pl no longer exists
	289	#%{__perl} util/perlpath.pl %{__perl}
	290
	291	OPTFLAGS="%{rpmcflags} %{rpmcppflags} %{?with_purify:-DPURIFY}" \
	292	PERL="%{__perl}" \
	293	%{__perl} ./Configure \
	294	--prefix=%{_prefix} \
	295	--openssldir=%{_sysconfdir}/%{name} \
	296	--libdir=%{_lib} \
	297	shared \
	298	threads \
	299	%{?with_sslv2:enable-ssl2}%{!?with_sslv2:no-ssl2} \
	300	%{?with_sslv3:enable-ssl3}%{!?with_sslv3:no-ssl3} \
	301	%{!?with_zlib:no-}zlib \
	302	enable-cms \
	303	enable-idea \
	304	enable-md2 \
	305	enable-mdc2 \
	306	enable-rc5 \
	307	enable-rfc3779 \
	308	enable-seed \
	309	%ifarch %{x8664}
	310	enable-ec_nistp_64_gcc_128 \
	311	%endif
	312	%ifarch %{ix86}
	313	%ifarch i386
	314	386 linux-elf
	315	# ^- allow running on 80386 (default code uses bswapl available on i486+)
	316	%else
	317	linux-elf
	318	%endif
	319	%endif
	320	%ifarch alpha
	321	linux-alpha+bwx-gcc
	322	%endif
	323	%ifarch %{x8664}
	324	linux-x86_64
	325	%endif
	326	%ifarch x32
	327	linux-x32
	328	%endif
	329	%ifarch ia64
	330	linux-ia64
	331	%endif
	332	%ifarch ppc
	333	linux-ppc
	334	%endif
	335	%ifarch ppc64
	336	linux-ppc64
	337	%endif
	338	%ifarch sparc
	339	linux-sparcv8
	340	%endif
	341	%ifarch sparcv9
	342	linux-sparcv9
	343	%endif
	344	%ifarch sparc64
	345	linux64-sparcv9
	346	%endif
	347	%ifarch armv4 armv5 armv5t armv5te armv5tel
	348	linux-armv4
	349	%endif
	350
	351	v=$(awk -F= '/^VERSION/{print $2}' Makefile)
	352	test "$v" = %{version}%{?subver:-%{subver}}%{?with_snap:-dev}
	353
	354	%{__make} -j1 all %{?with_tests:tests} \
	355	CC="%{__cc}" \
	356	ASFLAG='$(CFLAG) -Wa,--noexecstack' \
	357	INSTALLTOP=%{_prefix}
	358
	359	# Rename POD sources of man pages. "openssl_" prefix is added to each
	360	# manpage to avoid potential conflicts with other packages.
	361
	362	for dir in doc/{apps,ssl,crypto}; do
	363	cd $dir \|\| exit 1;
	364	%{__perl} -pi -e 's/(\W)((?<!openssl_)\w+)(\(\d\))/$1openssl_$2$3/g; s/openssl_openssl/openssl/g;' *.pod;
	365
	366	for pod in !(openssl*).pod; do
	367	mv -f $pod openssl_$pod;
	368	done
	369	cd ../..
	370	done
	371
	372	%install
	373	rm -rf $RPM_BUILD_ROOT
	374	install -d $RPM_BUILD_ROOT{%{_sysconfdir}/%{name},%{_libdir}/%{name}} \
	375	$RPM_BUILD_ROOT{%{_mandir}/{pl/man1,man{1,3,5,7}},%{_datadir}/ssl} \
	376	$RPM_BUILD_ROOT%{_pkgconfigdir}
	377
	378	%{__make} -j1 install \
	379	CC="%{__cc}" \
	380	ASFLAG='$(CFLAG) -Wa,--noexecstack' \
	381	DESTDIR=$RPM_BUILD_ROOT \
	382
	383	mv -f $RPM_BUILD_ROOT%{_libdir}/lib.so..* $RPM_BUILD_ROOT/%{_lib}
	384	ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libcrypto..) $RPM_BUILD_ROOT%{_libdir}/libcrypto.so
	385	ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libssl..) $RPM_BUILD_ROOT%{_libdir}/libssl.so
	386
	387	mv -f $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc/* $RPM_BUILD_ROOT%{_libdir}/%{name}
	388	rm -r $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc
	389
	390	# html version of man pages - not packaged
	391	%{__rm} -r $RPM_BUILD_ROOT%{_docdir}/%{name}/html/man[1357]
	392
	393	# not installed as individual utilities (see openssl dgst instead)
	394	%{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/{md4,md5,mdc2,ripemd160,sha,sha1,sha224,sha256,sha384,sha512}.1
	395
	396	cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_mandir}/pl/man1/openssl.1
	397	install -p %{SOURCE3} $RPM_BUILD_ROOT%{_bindir}/ssl-certificate
	398	install -p %{SOURCE4} $RPM_BUILD_ROOT%{_bindir}/c_rehash.sh
	399
	400	%clean
	401	rm -rf $RPM_BUILD_ROOT
	402
	403	%post -p /sbin/ldconfig
	404	%postun -p /sbin/ldconfig
	405
	406	%triggerpostun -- %{name}-tools < 1.0.0-5
	407	# the hashing format has changed in 1.0.0
	408	[ ! -x %{_sbindir}/update-ca-certificates ] \|\| %{_sbindir}/update-ca-certificates --fresh \|\| :
	409
	410	%triggerpostun -- %{name} < 0.9.8i-2
	411	# don't do anything on --downgrade
	412	if [ $1 -le 1 ]; then
	413	exit 0
	414	fi
	415	if [ -d /var/lib/openssl/certs ] ; then
	416	mv /var/lib/openssl/certs/* %{_sysconfdir}/%{name}/certs 2>/dev/null \|\| :
	417	fi
	418	if [ -d /var/lib/openssl/private ] ; then
	419	mv /var/lib/openssl/private/* %{_sysconfdir}/%{name}/private 2>/dev/null \|\| :
	420	fi
	421	if [ -d /var/lib/openssl ] ; then
	422	for f in /var/lib/openssl/* ; do
	423	[ -f "$f" ] && mv "$f" %{_sysconfdir}/%{name} 2>/dev/null \|\| :
	424	done
	425	rmdir /var/lib/openssl/* 2>/dev/null \|\| :
	426	rmdir /var/lib/openssl 2>/dev/null \|\| :
	427	fi
	428
	429	%files
	430	%defattr(644,root,root,755)
	431	%doc CHANGES LICENSE NEWS README doc/*.txt
	432	%attr(755,root,root) /%{_lib}/libcrypto.so..
	433	%attr(755,root,root) /%{_lib}/libssl.so..
	434	%dir %{_sysconfdir}/%{name}
	435	%dir %{_sysconfdir}/%{name}/certs
	436	%dir %attr(700,root,root) %{_sysconfdir}/%{name}/private
	437	%dir %{_datadir}/ssl
	438
	439	%files engines
	440	%defattr(644,root,root,755)
	441	%dir /%{_lib}/engines-1.1
	442	%attr(755,root,root) /%{_lib}/engines-1.1/*.so
	443
	444	%files tools
	445	%defattr(644,root,root,755)
	446	%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/openssl.cnf
	447	%attr(755,root,root) %{_bindir}/c_rehash.sh
	448	%attr(755,root,root) %{_bindir}/openssl
	449	%attr(754,root,root) %{_bindir}/ssl-certificate
	450
	451	%dir %{_libdir}/%{name}
	452	#%attr(755,root,root) %{_libdir}/%{name}/CA.sh
	453	#%attr(755,root,root) %{_libdir}/%{name}/c_hash
	454	#%attr(755,root,root) %{_libdir}/%{name}/c_info
	455	#%attr(755,root,root) %{_libdir}/%{name}/c_issuer
	456	#%attr(755,root,root) %{_libdir}/%{name}/c_name
	457
	458	%{_mandir}/man1/openssl.1*
	459	%{_mandir}/man1/openssl_asn1parse.1*
	460	%{_mandir}/man1/openssl_ca.1*
	461	%{_mandir}/man1/openssl_ciphers.1*
	462	%{_mandir}/man1/openssl_cms.1*
	463	%{_mandir}/man1/openssl_crl.1*
	464	%{_mandir}/man1/openssl_crl2pkcs7.1*
	465	%{_mandir}/man1/openssl_dgst.1*
	466	%{_mandir}/man1/openssl_dhparam.1*
	467	%{_mandir}/man1/openssl_dsa.1*
	468	%{_mandir}/man1/openssl_dsaparam.1*
	469	%{_mandir}/man1/openssl_ec.1*
	470	%{_mandir}/man1/openssl_ecparam.1*
	471	%{_mandir}/man1/openssl_enc.1*
	472	%{_mandir}/man1/openssl_errstr.1*
	473	%{_mandir}/man1/openssl_gendsa.1*
	474	%{_mandir}/man1/openssl_genpkey.1*
	475	%{_mandir}/man1/openssl_genrsa.1*
	476	%{_mandir}/man1/openssl_nseq.1*
	477	%{_mandir}/man1/openssl_ocsp.1*
	478	%{_mandir}/man1/openssl_passwd.1*
	479	%{_mandir}/man1/openssl_pkcs12.1*
	480	%{_mandir}/man1/openssl_pkcs7.1*
	481	%{_mandir}/man1/openssl_pkcs8.1*
	482	%{_mandir}/man1/openssl_pkey.1*
	483	%{_mandir}/man1/openssl_pkeyparam.1*
	484	%{_mandir}/man1/openssl_pkeyutl.1*
	485	%{_mandir}/man1/openssl_rand.1*
	486	%{_mandir}/man1/openssl_req.1*
	487	%{_mandir}/man1/openssl_rsa.1*
	488	%{_mandir}/man1/openssl_rsautl.1*
	489	%{_mandir}/man1/openssl_s_client.1*
	490	%{_mandir}/man1/openssl_s_server.1*
	491	%{_mandir}/man1/openssl_s_time.1*
	492	%{_mandir}/man1/openssl_sess_id.1*
	493	%{_mandir}/man1/openssl_smime.1*
	494	%{_mandir}/man1/openssl_speed.1*
	495	%{_mandir}/man1/openssl_spkac.1*
	496	%{_mandir}/man1/openssl_ts.1*
	497	%{_mandir}/man1/openssl_tsget.1*
	498	%{_mandir}/man1/openssl_verify.1*
	499	%{_mandir}/man1/openssl_version.1*
	500	%{_mandir}/man1/openssl_x509.1*
	501	%{_mandir}/man5/openssl_config.5*
	502	%{_mandir}/man5/openssl_x509v3_config.5*
	503	%lang(pl) %{_mandir}/pl/man1/openssl.1*
	504
	505	%files tools-perl
	506	%defattr(644,root,root,755)
	507	%attr(755,root,root) %{_bindir}/c_rehash
	508	%attr(755,root,root) %{_libdir}/%{name}/CA.pl
	509	%attr(755,root,root) %{_libdir}/%{name}/tsget
	510	%{_mandir}/man1/openssl_CA.pl.1*
	511	#%{_mandir}/man1/openssl_c_rehash.1*
	512
	513	%files devel
	514	%defattr(644,root,root,755)
	515	%attr(755,root,root) %{_libdir}/libcrypto.so
	516	%attr(755,root,root) %{_libdir}/libssl.so
	517	%{_includedir}/%{name}
	518	%{_pkgconfigdir}/libcrypto.pc
	519	%{_pkgconfigdir}/libssl.pc
	520	%{_pkgconfigdir}/openssl.pc
	521	%if 1
	522	%{_mandir}/man3/.3
	523	%{_mandir}/man7/.7
	524	%else
	525	%{_mandir}/man3/openssl.3
	526	%{_mandir}/man7/openssl_des_modes.7*
	527	%endif
	528
	529	%files static
	530	%defattr(644,root,root,755)
	531	%{_libdir}/libcrypto.a
	532	%{_libdir}/libssl.a