[packages/openssl.git] / openssl.spec

# TODO
# - consider dropping last optflags.patch hunk and return to SOMAJOR (.so.1) sonames
# - find a way to simplify (drop) openssl-optflags.patch, it's pain to update here in pld
#
# Conditional build:
%bcond_without	tests	# don't perform "make tests"
%bcond_without	zlib	# zlib: note - enables CVE-2012-4929 vulnerability
%bcond_without	sslv2	# SSLv2: note - many flaws http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_2.0
%bcond_without	sslv3	# SSLv3: note - enables  CVE-2014-3566 vulnerability
%bcond_with	purify	# Compile openssl with "-DPURIFY", useful when one wants to
			# use valgrind debugger against openssl-linked programs
%bcond_with	snap	# use GitHub snapshot to build branch release

%include	/usr/lib/rpm/macros.perl
Summary:	OpenSSL Toolkit libraries for the "Secure Sockets Layer" (SSL v2/v3)
Summary(de.UTF-8):	Secure Sockets Layer (SSL)-Kommunikationslibrary
Summary(es.UTF-8):	Biblioteca C que suministra algoritmos y protocolos criptográficos
Summary(fr.UTF-8):	Utilitaires de communication SSL (Secure Sockets Layer)
Summary(pl.UTF-8):	Biblioteki OpenSSL (SSL v2/v3)
Summary(pt_BR.UTF-8):	Uma biblioteca C que fornece vários algoritmos e protocolos criptográficos
Summary(ru.UTF-8):	Библиотеки и утилиты для соединений через Secure Sockets Layer
Summary(uk.UTF-8):	Бібліотеки та утиліти для з'єднань через Secure Sockets Layer
Name:		openssl
# 1.0.2 will be LTS release
# Version 1.0.2 will be supported until 2019-12-31.
# https://www.openssl.org/about/releasestrat.html
Version:	1.0.2i
Release:	1
License:	Apache-like
Group:		Libraries
%if %{without snap}
Source0:	https://www.openssl.org/source/%{name}-%{version}.tar.gz
# Source0-md5:	678374e63f8df456a697d3e5e5a931fb
%else
Source1:	https://github.com/openssl/openssl/archive/OpenSSL_1_0_2-stable/%{name}-%{version}-dev.tar.gz
%endif
Source2:	%{name}.1.pl
Source3:	%{name}-ssl-certificate.sh
Source4:	%{name}-c_rehash.sh
Patch0:		%{name}-alpha-ccc.patch
Patch1:		%{name}-optflags.patch
Patch2:		%{name}-include.patch
Patch3:		%{name}-man-namespace.patch
Patch4:		%{name}-asflag.patch
Patch5:		%{name}-ca-certificates.patch
Patch6:		%{name}-ldflags.patch
Patch7:		%{name}-find.patch
Patch8:		pic.patch
Patch10:	%{name}_fix_for_x32.patch
URL:		http://www.openssl.org/
BuildRequires:	bc
BuildRequires:	perl-devel >= 1:5.6.1
BuildRequires:	pkgconfig
BuildRequires:	rpm-perlprov >= 4.1-13
BuildRequires:	rpmbuild(macros) >= 1.213
BuildRequires:	sed >= 4.0
BuildRequires:	zlib-devel
Requires:	ca-certificates >= 20120623-1.1
Requires:	rpm-whiteout >= 1.7
Obsoletes:	SSLeay
Obsoletes:	SSLeay-devel
Obsoletes:	SSLeay-perl
Obsoletes:	libopenssl0
%if "%{pld_release}" == "ac"
Conflicts:	neon < 0.26.3-3
Conflicts:	ntpd < 4.2.4p8-10
Conflicts:	openssh-clients < 2:5.8p1-9
Conflicts:	openssh-server < 2:5.8p1-9
%else
Conflicts:	neon < 0.29.6-8
Conflicts:	openssh-clients < 2:6.2p2-3
Conflicts:	openssh-server < 2:6.2p2-3
%endif
BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)

%description
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and Open Source toolkit implementing
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
v1) protocols with full-strength cryptography world-wide. The project
is managed by a worldwide community of volunteers that use the
Internet to communicate, plan, and develop the OpenSSL tookit and its
related documentation.

OpenSSL is based on the excellent SSLeay library developed by Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style licence, which basically means that you are free to get
and use it for commercial and non-commercial purposes subject to some
simple license conditions.

This package contains shared libraries only, install openssl-tools if
you want to use openssl cmdline tool.

%description -l de.UTF-8
Openssl enthält das OpenSSL Zertifikatsmanagementtool und shared
libraries, die verschiedene Verschlüsselungs- und
Entschlüsselungsalgorithmen und -protokolle, wie DES, RC4, RSA und SSL
zur Verfügung stellen.

%description -l es.UTF-8
Biblioteca C que suministra algoritmos y protocolos criptográficos.

%description -l fr.UTF-8
OpenSSL est un outiil de gestion des certificats et les librairies
partagees qui fournit plusieurs protocoles et algorithmes de
codage/decodage, incluant DES, RC4, RSA et SSL.

%description -l pl.UTF-8
Implementacja protokołów kryptograficznych Secure Socket Layer (SSL)
v2/v3 oraz Transport Layer Security (TLS v1).

%description -l pt_BR.UTF-8
Uma biblioteca C que fornece vários algoritmos e protocolos
criptográficos, incluindo DES, RC4, RSA e SSL. Inclui bibliotecas
compartilhadas e utilitários.

%description -l ru.UTF-8
Программа openssl для работы с сертификатами и разделяемые библиотеки,
которые реализуют множетсво криптографических алгоритмов, включая DES,
RC4, RSA и SSL.

%description -l uk.UTF-8
Програма openssl для роботи з сертифікатами та бібліотеки спільного
користування, що реалізують велику кількість криптографічних
алгоритмів, включаючи DES, RC4, RSA та SSL.

%package engines
Summary:	OpenSSL optional crypto engines
Summary(pl.UTF-8):	Opcjonalne silniki kryptograficzne dla OpenSSL-a
Group:		Libraries
Requires:	%{name} = %{version}-%{release}

%description engines
With OpenSSL 0.9.6, a new component was added to support alternative
cryptography implementations, most commonly for interfacing with
external crypto devices (eg. accelerator cards). This component is
called ENGINE.

There are currently built-in ENGINE implementations for the following
crypto devices:

- CryptoSwift
- Compaq Atalla
- nCipher CHIL
- Nuron
- Broadcom uBSec

In addition, dynamic binding to external ENGINE implementations is now
provided by a special ENGINE called "dynamic".

%description engines -l pl.UTF-8
Począwszy od OpenSSL-a 0.9.6 został dodany nowy komponent, mający
wspierać alternatywne implementacje kryptografii, przeważnie
współpracujące z zewnętrznymi urządzeniami kryptograficznymi (np.
kartami akceleratorów). Komponent ten jest nazywany SILNIKIEM (ang.
ENGINE).

Obecnie istnieją wbudowane implementacje silników dla następujących
urządzeń kryptograficznych:
- CryptoSwift
- Compaq Atalla
- nCipher CHIL
- Nuron
- Broadcom uBSec

Ponadto zapewnione jest dynamiczne wiązanie dla zewnętrznych
implementacji silników poprzez specjalny silnik o nazwie "dynamic".

%package tools
Summary:	OpenSSL command line tool and utilities
Summary(pl.UTF-8):	Zestaw narzędzi i skryptów
Group:		Applications/Communications
Requires:	%{name} = %{version}-%{release}
Requires:	which

%description tools
The OpenSSL Toolkit cmdline tool openssl and utility scripts.

%description tools -l pl.UTF-8
Zestaw narzędzi i skryptów wywoływanych z linii poleceń.

%package tools-perl
Summary:	OpenSSL utilities written in Perl
Summary(pl.UTF-8):	Narzędzia OpenSSL napisane w perlu
Group:		Applications/Communications
Requires:	%{name} = %{version}-%{release}

%description tools-perl
OpenSSL Toolkit tools written in Perl.

%description tools-perl -l pl.UTF-8
Narzędzia OpenSSL napisane w perlu.

%package devel
Summary:	Development part of OpenSSL Toolkit libraries
Summary(de.UTF-8):	Secure Sockets Layer Kommunikationslibrary: statische libraries+header
Summary(es.UTF-8):	Bibliotecas y archivos de inclusión para desarrollo OpenSSL
Summary(fr.UTF-8):	Librairies statiques, headers et utilitaires pour communication SSL
Summary(pl.UTF-8):	Część bibiloteki OpenSSL przeznaczona dla programistów
Summary(pt_BR.UTF-8):	Bibliotecas e arquivos de inclusão para desenvolvimento OpenSSL
Summary(ru.UTF-8):	Библиотеки, хедеры и утилиты для Secure Sockets Layer
Summary(uk.UTF-8):	Бібліотеки, хедери та утиліти для Secure Sockets Layer
Group:		Development/Libraries
Requires:	%{name} = %{version}-%{release}
Obsoletes:	libopenssl0-devel

%description devel
Development part of OpenSSL library.

%description devel -l es.UTF-8
Bibliotecas y archivos de inclusión para desarrollo OpenSSL

%description devel -l pl.UTF-8
Część biblioteki OpenSSL przeznaczona dla programistów.

%description devel -l pt_BR.UTF-8
Uma biblioteca C que fornece vários algoritmos e protocolos
criptográficos, incluindo DES, RC4, RSA e SSL. Inclui bibliotecas e
arquivos de inclusão para desenvolvimento.

%description devel -l ru.UTF-8
Программа openssl для работы с сертификатами и разделяемые библиотеки,
которые реализуют множетсво криптографических алгоритмов, включая DES,
RC4, RSA и SSL. Включает библиотеки и хедеры для разработки приложений
с использованием SSL.

%description devel -l uk.UTF-8
Програма openssl для роботи з сертифікатами та бібліотеки спільного
користування, що реалізують велику кількість криптографічних
алгоритмів, включаючи DES, RC4, RSA та SSL. Містить бібліотеки та
хедери для розробки програм з використанням SSL.

%package static
Summary:	Static OpenSSL libraries
Summary(pl.UTF-8):	Statyczne wersje bibliotek z OpenSSL
Summary(pt_BR.UTF-8):	Bibliotecas estáticas para desenvolvimento com openssl
Summary(ru.UTF-8):	Статические библиотеки разработчика для OpenSSL
Summary(uk.UTF-8):	Статичні бібліотеки програміста для OpenSSL
Group:		Development/Libraries
Requires:	%{name}-devel = %{version}-%{release}

%description static
Static OpenSSL Toolkit libraries.

%description static -l pl.UTF-8
Statyczne wersje bibliotek z OpenSSL.

%description static -l pt_BR.UTF-8
Bibliotecas estáticas para desenvolvimento com openssl.

%description static -l ru.UTF-8
Программа openssl для работы с сертификатами и разделяемые библиотеки,
которые реализуют множетсво криптографических алгоритмов, включая DES,
RC4, RSA и SSL. Включает статические библиотеки для разработки
приложений с использованием OpenSSL.

%description static -l uk.UTF-8
Програма openssl для роботи з сертифікатами та бібліотеки спільного
користування, що реалізують велику кількість криптографічних
алгоритмів, включаючи DES, RC4, RSA та SSL. Містить статичні
бібліотеки для розробки програм з використанням SSL.

%prep
%if %{with snap}
%setup -qcT -a1
mv %{name}-OpenSSL_1_0_2-stable/* .
%else
%setup -q
%endif
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%ifarch x32
%patch10 -p1
%endif

sed -i -e 's|\$prefix/\$libdir/engines|/%{_lib}/engines|g' Configure

%build
touch Makefile.*

%{__perl} util/perlpath.pl %{__perl}

OPTFLAGS="%{rpmcflags} %{rpmcppflags} %{?with_purify:-DPURIFY}" \
PERL="%{__perl}" \
%{__perl} ./Configure \
	--openssldir=%{_sysconfdir}/%{name} \
	--libdir=%{_lib} \
	shared \
	threads \
	%{?with_sslv2:enable-ssl2}%{!?with_sslv2:no-ssl2} \
	%{?with_sslv3:enable-ssl3}%{!?with_sslv3:no-ssl3} \
	%{!?with_zlib:no-}zlib \
	enable-camelia \
	enable-cms \
	enable-idea \
	enable-md2 \
	enable-mdc2 \
	enable-rc5 \
	enable-rfc3779 \
	enable-seed \
	enable-tlsext \
%ifarch %{x8664}
	enable-ec_nistp_64_gcc_128 \
%endif
%ifarch %{ix86}
%ifarch i386
	386 linux-elf
# ^- allow running on 80386 (default code uses bswapl available on i486+)
%else
	linux-elf
%endif
%endif
%ifarch alpha
	linux-alpha+bwx-gcc
%endif
%ifarch %{x8664}
	linux-x86_64
%endif
%ifarch x32
	linux-x32
%endif
%ifarch ia64
	linux-ia64
%endif
%ifarch ppc
	linux-ppc
%endif
%ifarch ppc64
	linux-ppc64
%endif
%ifarch sparc
	linux-sparcv8
%endif
%ifarch sparcv9
	linux-sparcv9
%endif
%ifarch sparc64
	linux64-sparcv9
%endif
%ifarch armv4 armv5 armv5t armv5te armv5tel
	linux-armv4
%endif

v=$(awk -F= '/^VERSION/{print $2}' Makefile)
test "$v" = %{version}%{?with_snap:-dev}

%{__make} -j1 all rehash %{?with_tests:tests} \
	CC="%{__cc}" \
	ASFLAG='$(CFLAG) -Wa,--noexecstack' \
	INSTALLTOP=%{_prefix}

# Rename POD sources of man pages. "openssl_" prefix is added to each
# manpage to avoid potential conflicts with other packages.

for dir in doc/{apps,ssl,crypto}; do
	cd $dir || exit 1;
	%{__perl} -pi -e 's/(\W)((?<!openssl_)\w+)(\(\d\))/$1openssl_$2$3/g; s/openssl_openssl/openssl/g;' *.pod;

	for pod in !(openssl*).pod; do
		mv -f $pod openssl_$pod;
	done
	cd ../..
done

%install
rm -rf $RPM_BUILD_ROOT
install -d $RPM_BUILD_ROOT{%{_sysconfdir}/%{name},%{_libdir}/%{name}} \
	$RPM_BUILD_ROOT{%{_mandir}/{pl/man1,man{1,3,5,7}},%{_datadir}/ssl} \
	$RPM_BUILD_ROOT/%{_lib}/engines \
	$RPM_BUILD_ROOT%{_pkgconfigdir}

%{__make} -j1 install \
	INSTALLTOP=%{_prefix} \
	INSTALL_PREFIX=$RPM_BUILD_ROOT \
	MANDIR=%{_mandir}

mv -f $RPM_BUILD_ROOT%{_libdir}/engines/* $RPM_BUILD_ROOT/%{_lib}/engines
mv -f $RPM_BUILD_ROOT%{_libdir}/lib*.so.*.* $RPM_BUILD_ROOT/%{_lib}
ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libcrypto.*.*) $RPM_BUILD_ROOT%{_libdir}/libcrypto.so
ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libssl.*.*) $RPM_BUILD_ROOT%{_libdir}/libssl.so

mv -f $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc/* $RPM_BUILD_ROOT%{_libdir}/%{name}
rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc

# not installed as individual utilities (see openssl dgst instead)
%{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/{dss1,md2,md4,md5,mdc2,ripemd160,sha,sha1,sha224,sha256,sha384,sha512}.1

cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_mandir}/pl/man1/openssl.1
install -p %{SOURCE3} $RPM_BUILD_ROOT%{_bindir}/ssl-certificate
install -p %{SOURCE4} $RPM_BUILD_ROOT%{_bindir}/c_rehash.sh

%clean
rm -rf $RPM_BUILD_ROOT

%post   -p /sbin/ldconfig
%postun -p /sbin/ldconfig

%triggerpostun -- %{name}-tools < 1.0.0-5
# the hashing format has changed in 1.0.0
[ ! -x %{_sbindir}/update-ca-certificates ] || %{_sbindir}/update-ca-certificates --fresh || :

%triggerpostun -- %{name} < 0.9.8i-2
# don't do anything on --downgrade
if [ $1 -le 1 ]; then
	exit 0
fi
if [ -d /var/lib/openssl/certs ] ; then
	mv /var/lib/openssl/certs/* %{_sysconfdir}/%{name}/certs 2>/dev/null || :
fi
if [ -d /var/lib/openssl/private ] ; then
	mv /var/lib/openssl/private/* %{_sysconfdir}/%{name}/private 2>/dev/null || :
fi
if [ -d /var/lib/openssl ] ; then
	for f in /var/lib/openssl/* ; do
		[ -f "$f" ] && mv "$f" %{_sysconfdir}/%{name} 2>/dev/null || :
	done
	rmdir /var/lib/openssl/* 2>/dev/null || :
	rmdir /var/lib/openssl 2>/dev/null || :
fi

%files
%defattr(644,root,root,755)
%doc CHANGES CHANGES.SSLeay LICENSE NEWS README doc/*.txt
%attr(755,root,root) /%{_lib}/libcrypto.so.*.*.*
%attr(755,root,root) /%{_lib}/libssl.so.*.*.*
%dir %{_sysconfdir}/%{name}
%dir %{_sysconfdir}/%{name}/certs
%dir %attr(700,root,root) %{_sysconfdir}/%{name}/private
%dir %{_datadir}/ssl

%files engines
%defattr(644,root,root,755)
%dir /%{_lib}/engines
%attr(755,root,root) /%{_lib}/engines/*.so

%files tools
%defattr(644,root,root,755)
%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/openssl.cnf
%attr(755,root,root) %{_bindir}/c_rehash.sh
%attr(755,root,root) %{_bindir}/openssl
%attr(754,root,root) %{_bindir}/ssl-certificate

%dir %{_libdir}/%{name}
%attr(755,root,root) %{_libdir}/%{name}/CA.sh
%attr(755,root,root) %{_libdir}/%{name}/c_hash
%attr(755,root,root) %{_libdir}/%{name}/c_info
%attr(755,root,root) %{_libdir}/%{name}/c_issuer
%attr(755,root,root) %{_libdir}/%{name}/c_name

%{_mandir}/man1/openssl.1*
%{_mandir}/man1/openssl_asn1parse.1*
%{_mandir}/man1/openssl_ca.1*
%{_mandir}/man1/openssl_ciphers.1*
%{_mandir}/man1/openssl_cms.1*
%{_mandir}/man1/openssl_crl.1*
%{_mandir}/man1/openssl_crl2pkcs7.1*
%{_mandir}/man1/openssl_dgst.1*
%{_mandir}/man1/openssl_dhparam.1*
%{_mandir}/man1/openssl_dsa.1*
%{_mandir}/man1/openssl_dsaparam.1*
%{_mandir}/man1/openssl_ec.1*
%{_mandir}/man1/openssl_ecparam.1*
%{_mandir}/man1/openssl_enc.1*
%{_mandir}/man1/openssl_errstr.1*
%{_mandir}/man1/openssl_gendsa.1*
%{_mandir}/man1/openssl_genpkey.1*
%{_mandir}/man1/openssl_genrsa.1*
%{_mandir}/man1/openssl_nseq.1*
%{_mandir}/man1/openssl_ocsp.1*
%{_mandir}/man1/openssl_passwd.1*
%{_mandir}/man1/openssl_pkcs12.1*
%{_mandir}/man1/openssl_pkcs7.1*
%{_mandir}/man1/openssl_pkcs8.1*
%{_mandir}/man1/openssl_pkey.1*
%{_mandir}/man1/openssl_pkeyparam.1*
%{_mandir}/man1/openssl_pkeyutl.1*
%{_mandir}/man1/openssl_rand.1*
%{_mandir}/man1/openssl_req.1*
%{_mandir}/man1/openssl_rsa.1*
%{_mandir}/man1/openssl_rsautl.1*
%{_mandir}/man1/openssl_s_client.1*
%{_mandir}/man1/openssl_s_server.1*
%{_mandir}/man1/openssl_s_time.1*
%{_mandir}/man1/openssl_sess_id.1*
%{_mandir}/man1/openssl_smime.1*
%{_mandir}/man1/openssl_speed.1*
%{_mandir}/man1/openssl_spkac.1*
%{_mandir}/man1/openssl_ts.1*
%{_mandir}/man1/openssl_tsget.1*
%{_mandir}/man1/openssl_verify.1*
%{_mandir}/man1/openssl_version.1*
%{_mandir}/man1/openssl_x509.1*
%{_mandir}/man5/openssl_config.5*
%{_mandir}/man5/openssl_x509v3_config.5*
%lang(pl) %{_mandir}/pl/man1/openssl.1*

%files tools-perl
%defattr(644,root,root,755)
%attr(755,root,root) %{_bindir}/c_rehash
%attr(755,root,root) %{_libdir}/%{name}/CA.pl
%attr(755,root,root) %{_libdir}/%{name}/tsget
%{_mandir}/man1/openssl_CA.pl.1*
%{_mandir}/man1/openssl_c_rehash.1*

%files devel
%defattr(644,root,root,755)
%attr(755,root,root) %{_libdir}/libcrypto.so
%attr(755,root,root) %{_libdir}/libssl.so
%{_includedir}/%{name}
%{_pkgconfigdir}/libcrypto.pc
%{_pkgconfigdir}/libssl.pc
%{_pkgconfigdir}/openssl.pc
%{_mandir}/man3/openssl*.3*
%{_mandir}/man7/openssl_des_modes.7*

%files static
%defattr(644,root,root,755)
%{_libdir}/libcrypto.a
%{_libdir}/libssl.a
Commit	Line	Data
	1	# TODO
	2	# - consider dropping last optflags.patch hunk and return to SOMAJOR (.so.1) sonames
	3	# - find a way to simplify (drop) openssl-optflags.patch, it's pain to update here in pld
	4	#
	5	# Conditional build:
	6	%bcond_without tests # don't perform "make tests"
	7	%bcond_without zlib # zlib: note - enables CVE-2012-4929 vulnerability
	8	%bcond_without sslv2 # SSLv2: note - many flaws http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_2.0
	9	%bcond_without sslv3 # SSLv3: note - enables CVE-2014-3566 vulnerability
	10	%bcond_with purify # Compile openssl with "-DPURIFY", useful when one wants to
	11	# use valgrind debugger against openssl-linked programs
	12	%bcond_with snap # use GitHub snapshot to build branch release
	13
	14	%include /usr/lib/rpm/macros.perl
	15	Summary: OpenSSL Toolkit libraries for the "Secure Sockets Layer" (SSL v2/v3)
	16	Summary(de.UTF-8): Secure Sockets Layer (SSL)-Kommunikationslibrary
	17	Summary(es.UTF-8): Biblioteca C que suministra algoritmos y protocolos criptográficos
	18	Summary(fr.UTF-8): Utilitaires de communication SSL (Secure Sockets Layer)
	19	Summary(pl.UTF-8): Biblioteki OpenSSL (SSL v2/v3)
	20	Summary(pt_BR.UTF-8): Uma biblioteca C que fornece vários algoritmos e protocolos criptográficos
	21	Summary(ru.UTF-8): Библиотеки и утилиты для соединений через Secure Sockets Layer
	22	Summary(uk.UTF-8): Бібліотеки та утиліти для з'єднань через Secure Sockets Layer
	23	Name: openssl
	24	# 1.0.2 will be LTS release
	25	# Version 1.0.2 will be supported until 2019-12-31.
	26	# https://www.openssl.org/about/releasestrat.html
	27	Version: 1.0.2i
	28	Release: 1
	29	License: Apache-like
	30	Group: Libraries
	31	%if %{without snap}
	32	Source0: https://www.openssl.org/source/%{name}-%{version}.tar.gz
	33	# Source0-md5: 678374e63f8df456a697d3e5e5a931fb
	34	%else
	35	Source1: https://github.com/openssl/openssl/archive/OpenSSL_1_0_2-stable/%{name}-%{version}-dev.tar.gz
	36	%endif
	37	Source2: %{name}.1.pl
	38	Source3: %{name}-ssl-certificate.sh
	39	Source4: %{name}-c_rehash.sh
	40	Patch0: %{name}-alpha-ccc.patch
	41	Patch1: %{name}-optflags.patch
	42	Patch2: %{name}-include.patch
	43	Patch3: %{name}-man-namespace.patch
	44	Patch4: %{name}-asflag.patch
	45	Patch5: %{name}-ca-certificates.patch
	46	Patch6: %{name}-ldflags.patch
	47	Patch7: %{name}-find.patch
	48	Patch8: pic.patch
	49	Patch10: %{name}_fix_for_x32.patch
	50	URL: http://www.openssl.org/
	51	BuildRequires: bc
	52	BuildRequires: perl-devel >= 1:5.6.1
	53	BuildRequires: pkgconfig
	54	BuildRequires: rpm-perlprov >= 4.1-13
	55	BuildRequires: rpmbuild(macros) >= 1.213
	56	BuildRequires: sed >= 4.0
	57	BuildRequires: zlib-devel
	58	Requires: ca-certificates >= 20120623-1.1
	59	Requires: rpm-whiteout >= 1.7
	60	Obsoletes: SSLeay
	61	Obsoletes: SSLeay-devel
	62	Obsoletes: SSLeay-perl
	63	Obsoletes: libopenssl0
	64	%if "%{pld_release}" == "ac"
	65	Conflicts: neon < 0.26.3-3
	66	Conflicts: ntpd < 4.2.4p8-10
	67	Conflicts: openssh-clients < 2:5.8p1-9
	68	Conflicts: openssh-server < 2:5.8p1-9
	69	%else
	70	Conflicts: neon < 0.29.6-8
	71	Conflicts: openssh-clients < 2:6.2p2-3
	72	Conflicts: openssh-server < 2:6.2p2-3
	73	%endif
	74	BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
	75
	76	%description
	77	The OpenSSL Project is a collaborative effort to develop a robust,
	78	commercial-grade, full-featured, and Open Source toolkit implementing
	79	the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
	80	v1) protocols with full-strength cryptography world-wide. The project
	81	is managed by a worldwide community of volunteers that use the
	82	Internet to communicate, plan, and develop the OpenSSL tookit and its
	83	related documentation.
	84
	85	OpenSSL is based on the excellent SSLeay library developed by Eric A.
	86	Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
	87	Apache-style licence, which basically means that you are free to get
	88	and use it for commercial and non-commercial purposes subject to some
	89	simple license conditions.
	90
	91	This package contains shared libraries only, install openssl-tools if
	92	you want to use openssl cmdline tool.
	93
	94	%description -l de.UTF-8
	95	Openssl enthält das OpenSSL Zertifikatsmanagementtool und shared
	96	libraries, die verschiedene Verschlüsselungs- und
	97	Entschlüsselungsalgorithmen und -protokolle, wie DES, RC4, RSA und SSL
	98	zur Verfügung stellen.
	99
	100	%description -l es.UTF-8
	101	Biblioteca C que suministra algoritmos y protocolos criptográficos.
	102
	103	%description -l fr.UTF-8
	104	OpenSSL est un outiil de gestion des certificats et les librairies
	105	partagees qui fournit plusieurs protocoles et algorithmes de
	106	codage/decodage, incluant DES, RC4, RSA et SSL.
	107
	108	%description -l pl.UTF-8
	109	Implementacja protokołów kryptograficznych Secure Socket Layer (SSL)
	110	v2/v3 oraz Transport Layer Security (TLS v1).
	111
	112	%description -l pt_BR.UTF-8
	113	Uma biblioteca C que fornece vários algoritmos e protocolos
	114	criptográficos, incluindo DES, RC4, RSA e SSL. Inclui bibliotecas
	115	compartilhadas e utilitários.
	116
	117	%description -l ru.UTF-8
	118	Программа openssl для работы с сертификатами и разделяемые библиотеки,
	119	которые реализуют множетсво криптографических алгоритмов, включая DES,
	120	RC4, RSA и SSL.
	121
	122	%description -l uk.UTF-8
	123	Програма openssl для роботи з сертифікатами та бібліотеки спільного
	124	користування, що реалізують велику кількість криптографічних
	125	алгоритмів, включаючи DES, RC4, RSA та SSL.
	126
	127	%package engines
	128	Summary: OpenSSL optional crypto engines
	129	Summary(pl.UTF-8): Opcjonalne silniki kryptograficzne dla OpenSSL-a
	130	Group: Libraries
	131	Requires: %{name} = %{version}-%{release}
	132
	133	%description engines
	134	With OpenSSL 0.9.6, a new component was added to support alternative
	135	cryptography implementations, most commonly for interfacing with
	136	external crypto devices (eg. accelerator cards). This component is
	137	called ENGINE.
	138
	139	There are currently built-in ENGINE implementations for the following
	140	crypto devices:
	141
	142	- CryptoSwift
	143	- Compaq Atalla
	144	- nCipher CHIL
	145	- Nuron
	146	- Broadcom uBSec
	147
	148	In addition, dynamic binding to external ENGINE implementations is now
	149	provided by a special ENGINE called "dynamic".
	150
	151	%description engines -l pl.UTF-8
	152	Począwszy od OpenSSL-a 0.9.6 został dodany nowy komponent, mający
	153	wspierać alternatywne implementacje kryptografii, przeważnie
	154	współpracujące z zewnętrznymi urządzeniami kryptograficznymi (np.
	155	kartami akceleratorów). Komponent ten jest nazywany SILNIKIEM (ang.
	156	ENGINE).
	157
	158	Obecnie istnieją wbudowane implementacje silników dla następujących
	159	urządzeń kryptograficznych:
	160	- CryptoSwift
	161	- Compaq Atalla
	162	- nCipher CHIL
	163	- Nuron
	164	- Broadcom uBSec
	165
	166	Ponadto zapewnione jest dynamiczne wiązanie dla zewnętrznych
	167	implementacji silników poprzez specjalny silnik o nazwie "dynamic".
	168
	169	%package tools
	170	Summary: OpenSSL command line tool and utilities
	171	Summary(pl.UTF-8): Zestaw narzędzi i skryptów
	172	Group: Applications/Communications
	173	Requires: %{name} = %{version}-%{release}
	174	Requires: which
	175
	176	%description tools
	177	The OpenSSL Toolkit cmdline tool openssl and utility scripts.
	178
	179	%description tools -l pl.UTF-8
	180	Zestaw narzędzi i skryptów wywoływanych z linii poleceń.
	181
	182	%package tools-perl
	183	Summary: OpenSSL utilities written in Perl
	184	Summary(pl.UTF-8): Narzędzia OpenSSL napisane w perlu
	185	Group: Applications/Communications
	186	Requires: %{name} = %{version}-%{release}
	187
	188	%description tools-perl
	189	OpenSSL Toolkit tools written in Perl.
	190
	191	%description tools-perl -l pl.UTF-8
	192	Narzędzia OpenSSL napisane w perlu.
	193
	194	%package devel
	195	Summary: Development part of OpenSSL Toolkit libraries
	196	Summary(de.UTF-8): Secure Sockets Layer Kommunikationslibrary: statische libraries+header
	197	Summary(es.UTF-8): Bibliotecas y archivos de inclusión para desarrollo OpenSSL
	198	Summary(fr.UTF-8): Librairies statiques, headers et utilitaires pour communication SSL
	199	Summary(pl.UTF-8): Część bibiloteki OpenSSL przeznaczona dla programistów
	200	Summary(pt_BR.UTF-8): Bibliotecas e arquivos de inclusão para desenvolvimento OpenSSL
	201	Summary(ru.UTF-8): Библиотеки, хедеры и утилиты для Secure Sockets Layer
	202	Summary(uk.UTF-8): Бібліотеки, хедери та утиліти для Secure Sockets Layer
	203	Group: Development/Libraries
	204	Requires: %{name} = %{version}-%{release}
	205	Obsoletes: libopenssl0-devel
	206
	207	%description devel
	208	Development part of OpenSSL library.
	209
	210	%description devel -l es.UTF-8
	211	Bibliotecas y archivos de inclusión para desarrollo OpenSSL
	212
	213	%description devel -l pl.UTF-8
	214	Część biblioteki OpenSSL przeznaczona dla programistów.
	215
	216	%description devel -l pt_BR.UTF-8
	217	Uma biblioteca C que fornece vários algoritmos e protocolos
	218	criptográficos, incluindo DES, RC4, RSA e SSL. Inclui bibliotecas e
	219	arquivos de inclusão para desenvolvimento.
	220
	221	%description devel -l ru.UTF-8
	222	Программа openssl для работы с сертификатами и разделяемые библиотеки,
	223	которые реализуют множетсво криптографических алгоритмов, включая DES,
	224	RC4, RSA и SSL. Включает библиотеки и хедеры для разработки приложений
	225	с использованием SSL.
	226
	227	%description devel -l uk.UTF-8
	228	Програма openssl для роботи з сертифікатами та бібліотеки спільного
	229	користування, що реалізують велику кількість криптографічних
	230	алгоритмів, включаючи DES, RC4, RSA та SSL. Містить бібліотеки та
	231	хедери для розробки програм з використанням SSL.
	232
	233	%package static
	234	Summary: Static OpenSSL libraries
	235	Summary(pl.UTF-8): Statyczne wersje bibliotek z OpenSSL
	236	Summary(pt_BR.UTF-8): Bibliotecas estáticas para desenvolvimento com openssl
	237	Summary(ru.UTF-8): Статические библиотеки разработчика для OpenSSL
	238	Summary(uk.UTF-8): Статичні бібліотеки програміста для OpenSSL
	239	Group: Development/Libraries
	240	Requires: %{name}-devel = %{version}-%{release}
	241
	242	%description static
	243	Static OpenSSL Toolkit libraries.
	244
	245	%description static -l pl.UTF-8
	246	Statyczne wersje bibliotek z OpenSSL.
	247
	248	%description static -l pt_BR.UTF-8
	249	Bibliotecas estáticas para desenvolvimento com openssl.
	250
	251	%description static -l ru.UTF-8
	252	Программа openssl для работы с сертификатами и разделяемые библиотеки,
	253	которые реализуют множетсво криптографических алгоритмов, включая DES,
	254	RC4, RSA и SSL. Включает статические библиотеки для разработки
	255	приложений с использованием OpenSSL.
	256
	257	%description static -l uk.UTF-8
	258	Програма openssl для роботи з сертифікатами та бібліотеки спільного
	259	користування, що реалізують велику кількість криптографічних
	260	алгоритмів, включаючи DES, RC4, RSA та SSL. Містить статичні
	261	бібліотеки для розробки програм з використанням SSL.
	262
	263	%prep
	264	%if %{with snap}
	265	%setup -qcT -a1
	266	mv %{name}-OpenSSL_1_0_2-stable/* .
	267	%else
	268	%setup -q
	269	%endif
	270	%patch0 -p1
	271	%patch1 -p1
	272	%patch2 -p1
	273	%patch3 -p1
	274	%patch4 -p1
	275	%patch5 -p1
	276	%patch6 -p1
	277	%patch7 -p1
	278	%patch8 -p1
	279	%ifarch x32
	280	%patch10 -p1
	281	%endif
	282
	283	sed -i -e 's\|\$prefix/\$libdir/engines\|/%{_lib}/engines\|g' Configure
	284
	285	%build
	286	touch Makefile.*
	287
	288	%{__perl} util/perlpath.pl %{__perl}
	289
	290	OPTFLAGS="%{rpmcflags} %{rpmcppflags} %{?with_purify:-DPURIFY}" \
	291	PERL="%{__perl}" \
	292	%{__perl} ./Configure \
	293	--openssldir=%{_sysconfdir}/%{name} \
	294	--libdir=%{_lib} \
	295	shared \
	296	threads \
	297	%{?with_sslv2:enable-ssl2}%{!?with_sslv2:no-ssl2} \
	298	%{?with_sslv3:enable-ssl3}%{!?with_sslv3:no-ssl3} \
	299	%{!?with_zlib:no-}zlib \
	300	enable-camelia \
	301	enable-cms \
	302	enable-idea \
	303	enable-md2 \
	304	enable-mdc2 \
	305	enable-rc5 \
	306	enable-rfc3779 \
	307	enable-seed \
	308	enable-tlsext \
	309	%ifarch %{x8664}
	310	enable-ec_nistp_64_gcc_128 \
	311	%endif
	312	%ifarch %{ix86}
	313	%ifarch i386
	314	386 linux-elf
	315	# ^- allow running on 80386 (default code uses bswapl available on i486+)
	316	%else
	317	linux-elf
	318	%endif
	319	%endif
	320	%ifarch alpha
	321	linux-alpha+bwx-gcc
	322	%endif
	323	%ifarch %{x8664}
	324	linux-x86_64
	325	%endif
	326	%ifarch x32
	327	linux-x32
	328	%endif
	329	%ifarch ia64
	330	linux-ia64
	331	%endif
	332	%ifarch ppc
	333	linux-ppc
	334	%endif
	335	%ifarch ppc64
	336	linux-ppc64
	337	%endif
	338	%ifarch sparc
	339	linux-sparcv8
	340	%endif
	341	%ifarch sparcv9
	342	linux-sparcv9
	343	%endif
	344	%ifarch sparc64
	345	linux64-sparcv9
	346	%endif
	347	%ifarch armv4 armv5 armv5t armv5te armv5tel
	348	linux-armv4
	349	%endif
	350
	351	v=$(awk -F= '/^VERSION/{print $2}' Makefile)
	352	test "$v" = %{version}%{?with_snap:-dev}
	353
	354	%{__make} -j1 all rehash %{?with_tests:tests} \
	355	CC="%{__cc}" \
	356	ASFLAG='$(CFLAG) -Wa,--noexecstack' \
	357	INSTALLTOP=%{_prefix}
	358
	359	# Rename POD sources of man pages. "openssl_" prefix is added to each
	360	# manpage to avoid potential conflicts with other packages.
	361
	362	for dir in doc/{apps,ssl,crypto}; do
	363	cd $dir \|\| exit 1;
	364	%{__perl} -pi -e 's/(\W)((?<!openssl_)\w+)(\(\d\))/$1openssl_$2$3/g; s/openssl_openssl/openssl/g;' *.pod;
	365
	366	for pod in !(openssl*).pod; do
	367	mv -f $pod openssl_$pod;
	368	done
	369	cd ../..
	370	done
	371
	372	%install
	373	rm -rf $RPM_BUILD_ROOT
	374	install -d $RPM_BUILD_ROOT{%{_sysconfdir}/%{name},%{_libdir}/%{name}} \
	375	$RPM_BUILD_ROOT{%{_mandir}/{pl/man1,man{1,3,5,7}},%{_datadir}/ssl} \
	376	$RPM_BUILD_ROOT/%{_lib}/engines \
	377	$RPM_BUILD_ROOT%{_pkgconfigdir}
	378
	379	%{__make} -j1 install \
	380	INSTALLTOP=%{_prefix} \
	381	INSTALL_PREFIX=$RPM_BUILD_ROOT \
	382	MANDIR=%{_mandir}
	383
	384	mv -f $RPM_BUILD_ROOT%{_libdir}/engines/* $RPM_BUILD_ROOT/%{_lib}/engines
	385	mv -f $RPM_BUILD_ROOT%{_libdir}/lib.so..* $RPM_BUILD_ROOT/%{_lib}
	386	ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libcrypto..) $RPM_BUILD_ROOT%{_libdir}/libcrypto.so
	387	ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libssl..) $RPM_BUILD_ROOT%{_libdir}/libssl.so
	388
	389	mv -f $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc/* $RPM_BUILD_ROOT%{_libdir}/%{name}
	390	rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc
	391
	392	# not installed as individual utilities (see openssl dgst instead)
	393	%{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/{dss1,md2,md4,md5,mdc2,ripemd160,sha,sha1,sha224,sha256,sha384,sha512}.1
	394
	395	cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_mandir}/pl/man1/openssl.1
	396	install -p %{SOURCE3} $RPM_BUILD_ROOT%{_bindir}/ssl-certificate
	397	install -p %{SOURCE4} $RPM_BUILD_ROOT%{_bindir}/c_rehash.sh
	398
	399	%clean
	400	rm -rf $RPM_BUILD_ROOT
	401
	402	%post -p /sbin/ldconfig
	403	%postun -p /sbin/ldconfig
	404
	405	%triggerpostun -- %{name}-tools < 1.0.0-5
	406	# the hashing format has changed in 1.0.0
	407	[ ! -x %{_sbindir}/update-ca-certificates ] \|\| %{_sbindir}/update-ca-certificates --fresh \|\| :
	408
	409	%triggerpostun -- %{name} < 0.9.8i-2
	410	# don't do anything on --downgrade
	411	if [ $1 -le 1 ]; then
	412	exit 0
	413	fi
	414	if [ -d /var/lib/openssl/certs ] ; then
	415	mv /var/lib/openssl/certs/* %{_sysconfdir}/%{name}/certs 2>/dev/null \|\| :
	416	fi
	417	if [ -d /var/lib/openssl/private ] ; then
	418	mv /var/lib/openssl/private/* %{_sysconfdir}/%{name}/private 2>/dev/null \|\| :
	419	fi
	420	if [ -d /var/lib/openssl ] ; then
	421	for f in /var/lib/openssl/* ; do
	422	[ -f "$f" ] && mv "$f" %{_sysconfdir}/%{name} 2>/dev/null \|\| :
	423	done
	424	rmdir /var/lib/openssl/* 2>/dev/null \|\| :
	425	rmdir /var/lib/openssl 2>/dev/null \|\| :
	426	fi
	427
	428	%files
	429	%defattr(644,root,root,755)
	430	%doc CHANGES CHANGES.SSLeay LICENSE NEWS README doc/*.txt
	431	%attr(755,root,root) /%{_lib}/libcrypto.so...*
	432	%attr(755,root,root) /%{_lib}/libssl.so...*
	433	%dir %{_sysconfdir}/%{name}
	434	%dir %{_sysconfdir}/%{name}/certs
	435	%dir %attr(700,root,root) %{_sysconfdir}/%{name}/private
	436	%dir %{_datadir}/ssl
	437
	438	%files engines
	439	%defattr(644,root,root,755)
	440	%dir /%{_lib}/engines
	441	%attr(755,root,root) /%{_lib}/engines/*.so
	442
	443	%files tools
	444	%defattr(644,root,root,755)
	445	%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/openssl.cnf
	446	%attr(755,root,root) %{_bindir}/c_rehash.sh
	447	%attr(755,root,root) %{_bindir}/openssl
	448	%attr(754,root,root) %{_bindir}/ssl-certificate
	449
	450	%dir %{_libdir}/%{name}
	451	%attr(755,root,root) %{_libdir}/%{name}/CA.sh
	452	%attr(755,root,root) %{_libdir}/%{name}/c_hash
	453	%attr(755,root,root) %{_libdir}/%{name}/c_info
	454	%attr(755,root,root) %{_libdir}/%{name}/c_issuer
	455	%attr(755,root,root) %{_libdir}/%{name}/c_name
	456
	457	%{_mandir}/man1/openssl.1*
	458	%{_mandir}/man1/openssl_asn1parse.1*
	459	%{_mandir}/man1/openssl_ca.1*
	460	%{_mandir}/man1/openssl_ciphers.1*
	461	%{_mandir}/man1/openssl_cms.1*
	462	%{_mandir}/man1/openssl_crl.1*
	463	%{_mandir}/man1/openssl_crl2pkcs7.1*
	464	%{_mandir}/man1/openssl_dgst.1*
	465	%{_mandir}/man1/openssl_dhparam.1*
	466	%{_mandir}/man1/openssl_dsa.1*
	467	%{_mandir}/man1/openssl_dsaparam.1*
	468	%{_mandir}/man1/openssl_ec.1*
	469	%{_mandir}/man1/openssl_ecparam.1*
	470	%{_mandir}/man1/openssl_enc.1*
	471	%{_mandir}/man1/openssl_errstr.1*
	472	%{_mandir}/man1/openssl_gendsa.1*
	473	%{_mandir}/man1/openssl_genpkey.1*
	474	%{_mandir}/man1/openssl_genrsa.1*
	475	%{_mandir}/man1/openssl_nseq.1*
	476	%{_mandir}/man1/openssl_ocsp.1*
	477	%{_mandir}/man1/openssl_passwd.1*
	478	%{_mandir}/man1/openssl_pkcs12.1*
	479	%{_mandir}/man1/openssl_pkcs7.1*
	480	%{_mandir}/man1/openssl_pkcs8.1*
	481	%{_mandir}/man1/openssl_pkey.1*
	482	%{_mandir}/man1/openssl_pkeyparam.1*
	483	%{_mandir}/man1/openssl_pkeyutl.1*
	484	%{_mandir}/man1/openssl_rand.1*
	485	%{_mandir}/man1/openssl_req.1*
	486	%{_mandir}/man1/openssl_rsa.1*
	487	%{_mandir}/man1/openssl_rsautl.1*
	488	%{_mandir}/man1/openssl_s_client.1*
	489	%{_mandir}/man1/openssl_s_server.1*
	490	%{_mandir}/man1/openssl_s_time.1*
	491	%{_mandir}/man1/openssl_sess_id.1*
	492	%{_mandir}/man1/openssl_smime.1*
	493	%{_mandir}/man1/openssl_speed.1*
	494	%{_mandir}/man1/openssl_spkac.1*
	495	%{_mandir}/man1/openssl_ts.1*
	496	%{_mandir}/man1/openssl_tsget.1*
	497	%{_mandir}/man1/openssl_verify.1*
	498	%{_mandir}/man1/openssl_version.1*
	499	%{_mandir}/man1/openssl_x509.1*
	500	%{_mandir}/man5/openssl_config.5*
	501	%{_mandir}/man5/openssl_x509v3_config.5*
	502	%lang(pl) %{_mandir}/pl/man1/openssl.1*
	503
	504	%files tools-perl
	505	%defattr(644,root,root,755)
	506	%attr(755,root,root) %{_bindir}/c_rehash
	507	%attr(755,root,root) %{_libdir}/%{name}/CA.pl
	508	%attr(755,root,root) %{_libdir}/%{name}/tsget
	509	%{_mandir}/man1/openssl_CA.pl.1*
	510	%{_mandir}/man1/openssl_c_rehash.1*
	511
	512	%files devel
	513	%defattr(644,root,root,755)
	514	%attr(755,root,root) %{_libdir}/libcrypto.so
	515	%attr(755,root,root) %{_libdir}/libssl.so
	516	%{_includedir}/%{name}
	517	%{_pkgconfigdir}/libcrypto.pc
	518	%{_pkgconfigdir}/libssl.pc
	519	%{_pkgconfigdir}/openssl.pc
	520	%{_mandir}/man3/openssl.3
	521	%{_mandir}/man7/openssl_des_modes.7*
	522
	523	%files static
	524	%defattr(644,root,root,755)
	525	%{_libdir}/libcrypto.a
	526	%{_libdir}/libssl.a