[packages/openssl.git] / openssl.spec

# TODO
# - consider dropping last optflags.patch hunk and return to SOMAJOR (.so.1) sonames
# - find a way to simplify (drop) openssl-optflags.patch, it's pain to update here in pld
#
# Conditional build:
%bcond_without	tests	# don't perform "make tests"
%bcond_without	zlib	# zlib: note - enables CVE-2012-4929 vulnerability
%bcond_without	sslv2	# SSLv2: note - many flaws http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_2.0
%bcond_without	sslv3	# SSLv3: note - enables  CVE-2014-3566 vulnerability
%bcond_with	purify	# Compile openssl with "-DPURIFY", useful when one wants to
			# use valgrind debugger against openssl-linked programs
%bcond_with	snap	# use GitHub snapshot to build branch release

%include	/usr/lib/rpm/macros.perl
Summary:	OpenSSL Toolkit libraries for the "Secure Sockets Layer" (SSL v2/v3)
Summary(de.UTF-8):	Secure Sockets Layer (SSL)-Kommunikationslibrary
Summary(es.UTF-8):	Biblioteca C que suministra algoritmos y protocolos criptográficos
Summary(fr.UTF-8):	Utilitaires de communication SSL (Secure Sockets Layer)
Summary(pl.UTF-8):	Biblioteki OpenSSL (SSL v2/v3)
Summary(pt_BR.UTF-8):	Uma biblioteca C que fornece vários algoritmos e protocolos criptográficos
Summary(ru.UTF-8):	Библиотеки и утилиты для соединений через Secure Sockets Layer
Summary(uk.UTF-8):	Бібліотеки та утиліти для з'єднань через Secure Sockets Layer
Name:		openssl
# 1.0.2 will be LTS release
# Version 1.0.2 will be supported until 2019-12-31.
# https://www.openssl.org/about/releasestrat.html
Version:	1.0.2g
Release:	5
License:	Apache-like
Group:		Libraries
%if %{without snap}
Source0:	ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
# Source0-md5:	f3c710c045cdee5fd114feb69feba7aa
%else
Source1:	https://github.com/openssl/openssl/archive/OpenSSL_1_0_2-stable/%{name}-%{version}-dev.tar.gz
%endif
Source2:	%{name}.1.pl
Source3:	%{name}-ssl-certificate.sh
Source4:	%{name}-c_rehash.sh
Patch0:		%{name}-alpha-ccc.patch
Patch1:		%{name}-optflags.patch
Patch2:		%{name}-include.patch
Patch3:		%{name}-man-namespace.patch
Patch4:		%{name}-asflag.patch
Patch5:		%{name}-ca-certificates.patch
Patch6:		%{name}-ldflags.patch
Patch7:		%{name}-find.patch
Patch8:		pic.patch
Patch10:	%{name}_fix_for_x32.patch
URL:		http://www.openssl.org/
BuildRequires:	bc
BuildRequires:	perl-devel >= 1:5.6.1
BuildRequires:	rpm-perlprov >= 4.1-13
BuildRequires:	rpmbuild(macros) >= 1.213
BuildRequires:	sed >= 4.0
Requires:	ca-certificates >= 20120623-1.1
Requires:	rpm-whiteout >= 1.7
Obsoletes:	SSLeay
Obsoletes:	SSLeay-devel
Obsoletes:	SSLeay-perl
Obsoletes:	libopenssl0
%if "%{pld_release}" == "ac"
Conflicts:	neon < 0.26.3-3
Conflicts:	ntpd < 4.2.4p8-10
Conflicts:	openssh-clients < 2:5.8p1-9
Conflicts:	openssh-server < 2:5.8p1-9
%else
Conflicts:	apache-mod_ssl < 1:2.2.31-4
Conflicts:	curl-libs < 7.47.1-2
Conflicts:	neon < 0.29.6-8
Conflicts:	openssh-clients < 2:6.2p2-3
Conflicts:	openssh-server < 2:6.2p2-3
Conflicts:	php52-common < 4:5.2.17-20130717.17
Conflicts:	php53-common < 4:5.3.29-27
Conflicts:	php54-common < 4:5.4.45-5
Conflicts:	php55-common < 4:5.5.32-2
Conflicts:	php56-common < 4:5.6.18-3
Conflicts:	python-modules < 1:2.7.10-8
Conflicts:	ruby-modules < 1:2.0.0.648-2
%endif
BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)

%description
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and Open Source toolkit implementing
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
v1) protocols with full-strength cryptography world-wide. The project
is managed by a worldwide community of volunteers that use the
Internet to communicate, plan, and develop the OpenSSL tookit and its
related documentation.

OpenSSL is based on the excellent SSLeay library developed by Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style licence, which basically means that you are free to get
and use it for commercial and non-commercial purposes subject to some
simple license conditions.

This package contains shared libraries only, install openssl-tools if
you want to use openssl cmdline tool.

%description -l de.UTF-8
Openssl enthält das OpenSSL Zertifikatsmanagementtool und shared
libraries, die verschiedene Verschlüsselungs- und
Entschlüsselungsalgorithmen und -protokolle, wie DES, RC4, RSA und SSL
zur Verfügung stellen.

%description -l es.UTF-8
Biblioteca C que suministra algoritmos y protocolos criptográficos.

%description -l fr.UTF-8
OpenSSL est un outiil de gestion des certificats et les librairies
partagees qui fournit plusieurs protocoles et algorithmes de
codage/decodage, incluant DES, RC4, RSA et SSL.

%description -l pl.UTF-8
Implementacja protokołów kryptograficznych Secure Socket Layer (SSL)
v2/v3 oraz Transport Layer Security (TLS v1).

%description -l pt_BR.UTF-8
Uma biblioteca C que fornece vários algoritmos e protocolos
criptográficos, incluindo DES, RC4, RSA e SSL. Inclui bibliotecas
compartilhadas e utilitários.

%description -l ru.UTF-8
Программа openssl для работы с сертификатами и разделяемые библиотеки,
которые реализуют множетсво криптографических алгоритмов, включая DES,
RC4, RSA и SSL.

%description -l uk.UTF-8
Програма openssl для роботи з сертифікатами та бібліотеки спільного
користування, що реалізують велику кількість криптографічних
алгоритмів, включаючи DES, RC4, RSA та SSL.

%package engines
Summary:	OpenSSL optional crypto engines
Summary(pl.UTF-8):	Opcjonalne silniki kryptograficzne dla OpenSSL-a
Group:		Libraries
Requires:	%{name} = %{version}-%{release}

%description engines
With OpenSSL 0.9.6, a new component was added to support alternative
cryptography implementations, most commonly for interfacing with
external crypto devices (eg. accelerator cards). This component is
called ENGINE.

There are currently built-in ENGINE implementations for the following
crypto devices:

- CryptoSwift
- Compaq Atalla
- nCipher CHIL
- Nuron
- Broadcom uBSec

In addition, dynamic binding to external ENGINE implementations is now
provided by a special ENGINE called "dynamic".

%description engines -l pl.UTF-8
Począwszy od OpenSSL-a 0.9.6 został dodany nowy komponent, mający
wspierać alternatywne implementacje kryptografii, przeważnie
współpracujące z zewnętrznymi urządzeniami kryptograficznymi (np.
kartami akceleratorów). Komponent ten jest nazywany SILNIKIEM (ang.
ENGINE).

Obecnie istnieją wbudowane implementacje silników dla następujących
urządzeń kryptograficznych:
- CryptoSwift
- Compaq Atalla
- nCipher CHIL
- Nuron
- Broadcom uBSec

Ponadto zapewnione jest dynamiczne wiązanie dla zewnętrznych
implementacji silników poprzez specjalny silnik o nazwie "dynamic".

%package tools
Summary:	OpenSSL command line tool and utilities
Summary(pl.UTF-8):	Zestaw narzędzi i skryptów
Group:		Applications/Communications
Requires:	%{name} = %{version}-%{release}
Requires:	which

%description tools
The OpenSSL Toolkit cmdline tool openssl and utility scripts.

%description tools -l pl.UTF-8
Zestaw narzędzi i skryptów wywoływanych z linii poleceń.

%package tools-perl
Summary:	OpenSSL utilities written in Perl
Summary(pl.UTF-8):	Narzędzia OpenSSL napisane w perlu
Group:		Applications/Communications
Requires:	%{name} = %{version}-%{release}

%description tools-perl
OpenSSL Toolkit tools written in Perl.

%description tools-perl -l pl.UTF-8
Narzędzia OpenSSL napisane w perlu.

%package devel
Summary:	Development part of OpenSSL Toolkit libraries
Summary(de.UTF-8):	Secure Sockets Layer Kommunikationslibrary: statische libraries+header
Summary(es.UTF-8):	Bibliotecas y archivos de inclusión para desarrollo OpenSSL
Summary(fr.UTF-8):	Librairies statiques, headers et utilitaires pour communication SSL
Summary(pl.UTF-8):	Część bibiloteki OpenSSL przeznaczona dla programistów
Summary(pt_BR.UTF-8):	Bibliotecas e arquivos de inclusão para desenvolvimento OpenSSL
Summary(ru.UTF-8):	Библиотеки, хедеры и утилиты для Secure Sockets Layer
Summary(uk.UTF-8):	Бібліотеки, хедери та утиліти для Secure Sockets Layer
Group:		Development/Libraries
Requires:	%{name} = %{version}-%{release}
Obsoletes:	libopenssl0-devel

%description devel
Development part of OpenSSL library.

%description devel -l es.UTF-8
Bibliotecas y archivos de inclusión para desarrollo OpenSSL

%description devel -l pl.UTF-8
Część biblioteki OpenSSL przeznaczona dla programistów.

%description devel -l pt_BR.UTF-8
Uma biblioteca C que fornece vários algoritmos e protocolos
criptográficos, incluindo DES, RC4, RSA e SSL. Inclui bibliotecas e
arquivos de inclusão para desenvolvimento.

%description devel -l ru.UTF-8
Программа openssl для работы с сертификатами и разделяемые библиотеки,
которые реализуют множетсво криптографических алгоритмов, включая DES,
RC4, RSA и SSL. Включает библиотеки и хедеры для разработки приложений
с использованием SSL.

%description devel -l uk.UTF-8
Програма openssl для роботи з сертифікатами та бібліотеки спільного
користування, що реалізують велику кількість криптографічних
алгоритмів, включаючи DES, RC4, RSA та SSL. Містить бібліотеки та
хедери для розробки програм з використанням SSL.

%package static
Summary:	Static OpenSSL libraries
Summary(pl.UTF-8):	Statyczne wersje bibliotek z OpenSSL
Summary(pt_BR.UTF-8):	Bibliotecas estáticas para desenvolvimento com openssl
Summary(ru.UTF-8):	Статические библиотеки разработчика для OpenSSL
Summary(uk.UTF-8):	Статичні бібліотеки програміста для OpenSSL
Group:		Development/Libraries
Requires:	%{name}-devel = %{version}-%{release}

%description static
Static OpenSSL Toolkit libraries.

%description static -l pl.UTF-8
Statyczne wersje bibliotek z OpenSSL.

%description static -l pt_BR.UTF-8
Bibliotecas estáticas para desenvolvimento com openssl.

%description static -l ru.UTF-8
Программа openssl для работы с сертификатами и разделяемые библиотеки,
которые реализуют множетсво криптографических алгоритмов, включая DES,
RC4, RSA и SSL. Включает статические библиотеки для разработки
приложений с использованием OpenSSL.

%description static -l uk.UTF-8
Програма openssl для роботи з сертифікатами та бібліотеки спільного
користування, що реалізують велику кількість криптографічних
алгоритмів, включаючи DES, RC4, RSA та SSL. Містить статичні
бібліотеки для розробки програм з використанням SSL.

%prep
%if %{with snap}
%setup -qcT -a1
mv %{name}-OpenSSL_1_0_2-stable/* .
%else
%setup -q
%endif
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%ifarch x32
%patch10 -p1
%endif

sed -i -e 's|\$prefix/\$libdir/engines|/%{_lib}/engines|g' Configure

%build
touch Makefile.*

%{__perl} util/perlpath.pl %{__perl}

OPTFLAGS="%{rpmcflags} %{rpmcppflags} %{?with_purify:-DPURIFY}" \
PERL="%{__perl}" \
%{__perl} ./Configure \
	--openssldir=%{_sysconfdir}/%{name} \
	--libdir=%{_lib} \
	shared \
	threads \
	%{!?with_sslv2:no-ssl2} \
	%{!?with_sslv3:no-ssl3} \
	%{!?with_zlib:no-}zlib \
	enable-camelia \
	enable-cms \
	enable-idea \
	enable-md2 \
	enable-mdc2 \
	enable-rc5 \
	enable-rfc3779 \
	enable-seed \
	enable-tlsext \
%ifarch %{x8664}
	enable-ec_nistp_64_gcc_128 \
%endif
%ifarch %{ix86}
%ifarch i386
	386 linux-elf
# ^- allow running on 80386 (default code uses bswapl available on i486+)
%else
	linux-elf
%endif
%endif
%ifarch alpha
	linux-alpha+bwx-gcc
%endif
%ifarch %{x8664}
	linux-x86_64
%endif
%ifarch x32
	linux-x32
%endif
%ifarch ia64
	linux-ia64
%endif
%ifarch ppc
	linux-ppc
%endif
%ifarch ppc64
	linux-ppc64
%endif
%ifarch sparc
	linux-sparcv8
%endif
%ifarch sparcv9
	linux-sparcv9
%endif
%ifarch sparc64
	linux64-sparcv9
%endif
%ifarch armv4 armv5 armv5t armv5te armv5tel
	linux-armv4
%endif

v=$(awk -F= '/^VERSION/{print $2}' Makefile)
test "$v" = %{version}%{?with_snap:-dev}

%{__make} -j1 all rehash %{?with_tests:tests} \
	CC="%{__cc}" \
	ASFLAG='$(CFLAG) -Wa,--noexecstack' \
	INSTALLTOP=%{_prefix}

# Rename POD sources of man pages. "openssl_" prefix is added to each
# manpage to avoid potential conflicts with other packages.

for dir in doc/{apps,ssl,crypto}; do
	cd $dir || exit 1;
	%{__perl} -pi -e 's/(\W)((?<!openssl_)\w+)(\(\d\))/$1openssl_$2$3/g; s/openssl_openssl/openssl/g;' *.pod;

	for pod in !(openssl*).pod; do
		mv -f $pod openssl_$pod;
	done
	cd ../..
done

%install
rm -rf $RPM_BUILD_ROOT
install -d $RPM_BUILD_ROOT{%{_sysconfdir}/%{name},%{_libdir}/%{name}} \
	$RPM_BUILD_ROOT{%{_mandir}/{pl/man1,man{1,3,5,7}},%{_datadir}/ssl} \
	$RPM_BUILD_ROOT/%{_lib}/engines \
	$RPM_BUILD_ROOT%{_pkgconfigdir}

%{__make} -j1 install \
	INSTALLTOP=%{_prefix} \
	INSTALL_PREFIX=$RPM_BUILD_ROOT \
	MANDIR=%{_mandir}

mv -f $RPM_BUILD_ROOT%{_libdir}/engines/* $RPM_BUILD_ROOT/%{_lib}/engines
mv -f $RPM_BUILD_ROOT%{_libdir}/lib*.so.*.* $RPM_BUILD_ROOT/%{_lib}
ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libcrypto.*.*) $RPM_BUILD_ROOT%{_libdir}/libcrypto.so
ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libssl.*.*) $RPM_BUILD_ROOT%{_libdir}/libssl.so

mv -f $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc/* $RPM_BUILD_ROOT%{_libdir}/%{name}
rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc

# not installed as individual utilities (see openssl dgst instead)
%{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/{dss1,md2,md4,md5,mdc2,ripemd160,sha,sha1,sha224,sha256,sha384,sha512}.1

cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_mandir}/pl/man1/openssl.1
install -p %{SOURCE3} $RPM_BUILD_ROOT%{_bindir}/ssl-certificate
install -p %{SOURCE4} $RPM_BUILD_ROOT%{_bindir}/c_rehash.sh

%clean
rm -rf $RPM_BUILD_ROOT

%post   -p /sbin/ldconfig
%postun -p /sbin/ldconfig

%triggerpostun -- %{name}-tools < 1.0.0-5
# the hashing format has changed in 1.0.0
[ ! -x %{_sbindir}/update-ca-certificates ] || %{_sbindir}/update-ca-certificates --fresh || :

%triggerpostun -- %{name} < 0.9.8i-2
# don't do anything on --downgrade
if [ $1 -le 1 ]; then
	exit 0
fi
if [ -d /var/lib/openssl/certs ] ; then
	mv /var/lib/openssl/certs/* %{_sysconfdir}/%{name}/certs 2>/dev/null || :
fi
if [ -d /var/lib/openssl/private ] ; then
	mv /var/lib/openssl/private/* %{_sysconfdir}/%{name}/private 2>/dev/null || :
fi
if [ -d /var/lib/openssl ] ; then
	for f in /var/lib/openssl/* ; do
		[ -f "$f" ] && mv "$f" %{_sysconfdir}/%{name} 2>/dev/null || :
	done
	rmdir /var/lib/openssl/* 2>/dev/null || :
	rmdir /var/lib/openssl 2>/dev/null || :
fi

%files
%defattr(644,root,root,755)
%doc CHANGES CHANGES.SSLeay LICENSE NEWS README doc/*.txt
%attr(755,root,root) /%{_lib}/libcrypto.so.*.*.*
%attr(755,root,root) /%{_lib}/libssl.so.*.*.*
%dir %{_sysconfdir}/%{name}
%dir %{_sysconfdir}/%{name}/certs
%dir %attr(700,root,root) %{_sysconfdir}/%{name}/private
%dir %{_datadir}/ssl

%files engines
%defattr(644,root,root,755)
%dir /%{_lib}/engines
%attr(755,root,root) /%{_lib}/engines/*.so

%files tools
%defattr(644,root,root,755)
%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/openssl.cnf
%attr(755,root,root) %{_bindir}/c_rehash.sh
%attr(755,root,root) %{_bindir}/openssl
%attr(754,root,root) %{_bindir}/ssl-certificate

%dir %{_libdir}/%{name}
%attr(755,root,root) %{_libdir}/%{name}/CA.sh
%attr(755,root,root) %{_libdir}/%{name}/c_hash
%attr(755,root,root) %{_libdir}/%{name}/c_info
%attr(755,root,root) %{_libdir}/%{name}/c_issuer
%attr(755,root,root) %{_libdir}/%{name}/c_name

%{_mandir}/man1/openssl.1*
%{_mandir}/man1/openssl_asn1parse.1*
%{_mandir}/man1/openssl_ca.1*
%{_mandir}/man1/openssl_ciphers.1*
%{_mandir}/man1/openssl_cms.1*
%{_mandir}/man1/openssl_crl.1*
%{_mandir}/man1/openssl_crl2pkcs7.1*
%{_mandir}/man1/openssl_dgst.1*
%{_mandir}/man1/openssl_dhparam.1*
%{_mandir}/man1/openssl_dsa.1*
%{_mandir}/man1/openssl_dsaparam.1*
%{_mandir}/man1/openssl_ec.1*
%{_mandir}/man1/openssl_ecparam.1*
%{_mandir}/man1/openssl_enc.1*
%{_mandir}/man1/openssl_errstr.1*
%{_mandir}/man1/openssl_gendsa.1*
%{_mandir}/man1/openssl_genpkey.1*
%{_mandir}/man1/openssl_genrsa.1*
%{_mandir}/man1/openssl_nseq.1*
%{_mandir}/man1/openssl_ocsp.1*
%{_mandir}/man1/openssl_passwd.1*
%{_mandir}/man1/openssl_pkcs12.1*
%{_mandir}/man1/openssl_pkcs7.1*
%{_mandir}/man1/openssl_pkcs8.1*
%{_mandir}/man1/openssl_pkey.1*
%{_mandir}/man1/openssl_pkeyparam.1*
%{_mandir}/man1/openssl_pkeyutl.1*
%{_mandir}/man1/openssl_rand.1*
%{_mandir}/man1/openssl_req.1*
%{_mandir}/man1/openssl_rsa.1*
%{_mandir}/man1/openssl_rsautl.1*
%{_mandir}/man1/openssl_s_client.1*
%{_mandir}/man1/openssl_s_server.1*
%{_mandir}/man1/openssl_s_time.1*
%{_mandir}/man1/openssl_sess_id.1*
%{_mandir}/man1/openssl_smime.1*
%{_mandir}/man1/openssl_speed.1*
%{_mandir}/man1/openssl_spkac.1*
%{_mandir}/man1/openssl_ts.1*
%{_mandir}/man1/openssl_tsget.1*
%{_mandir}/man1/openssl_verify.1*
%{_mandir}/man1/openssl_version.1*
%{_mandir}/man1/openssl_x509.1*
%{_mandir}/man5/openssl_config.5*
%{_mandir}/man5/openssl_x509v3_config.5*
%lang(pl) %{_mandir}/pl/man1/openssl.1*

%files tools-perl
%defattr(644,root,root,755)
%attr(755,root,root) %{_bindir}/c_rehash
%attr(755,root,root) %{_libdir}/%{name}/CA.pl
%attr(755,root,root) %{_libdir}/%{name}/tsget
%{_mandir}/man1/openssl_CA.pl.1*
%{_mandir}/man1/openssl_c_rehash.1*

%files devel
%defattr(644,root,root,755)
%attr(755,root,root) %{_libdir}/libcrypto.so
%attr(755,root,root) %{_libdir}/libssl.so
%{_includedir}/%{name}
%{_pkgconfigdir}/libcrypto.pc
%{_pkgconfigdir}/libssl.pc
%{_pkgconfigdir}/openssl.pc
%{_mandir}/man3/openssl*.3*
%{_mandir}/man7/openssl_des_modes.7*

%files static
%defattr(644,root,root,755)
%{_libdir}/libcrypto.a
%{_libdir}/libssl.a
Commit	Line	Data
	1	# TODO
	2	# - consider dropping last optflags.patch hunk and return to SOMAJOR (.so.1) sonames
	3	# - find a way to simplify (drop) openssl-optflags.patch, it's pain to update here in pld
	4	#
	5	# Conditional build:
	6	%bcond_without tests # don't perform "make tests"
	7	%bcond_without zlib # zlib: note - enables CVE-2012-4929 vulnerability
	8	%bcond_without sslv2 # SSLv2: note - many flaws http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_2.0
	9	%bcond_without sslv3 # SSLv3: note - enables CVE-2014-3566 vulnerability
	10	%bcond_with purify # Compile openssl with "-DPURIFY", useful when one wants to
	11	# use valgrind debugger against openssl-linked programs
	12	%bcond_with snap # use GitHub snapshot to build branch release
	13
	14	%include /usr/lib/rpm/macros.perl
	15	Summary: OpenSSL Toolkit libraries for the "Secure Sockets Layer" (SSL v2/v3)
	16	Summary(de.UTF-8): Secure Sockets Layer (SSL)-Kommunikationslibrary
	17	Summary(es.UTF-8): Biblioteca C que suministra algoritmos y protocolos criptográficos
	18	Summary(fr.UTF-8): Utilitaires de communication SSL (Secure Sockets Layer)
	19	Summary(pl.UTF-8): Biblioteki OpenSSL (SSL v2/v3)
	20	Summary(pt_BR.UTF-8): Uma biblioteca C que fornece vários algoritmos e protocolos criptográficos
	21	Summary(ru.UTF-8): Библиотеки и утилиты для соединений через Secure Sockets Layer
	22	Summary(uk.UTF-8): Бібліотеки та утиліти для з'єднань через Secure Sockets Layer
	23	Name: openssl
	24	# 1.0.2 will be LTS release
	25	# Version 1.0.2 will be supported until 2019-12-31.
	26	# https://www.openssl.org/about/releasestrat.html
	27	Version: 1.0.2g
	28	Release: 5
	29	License: Apache-like
	30	Group: Libraries
	31	%if %{without snap}
	32	Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
	33	# Source0-md5: f3c710c045cdee5fd114feb69feba7aa
	34	%else
	35	Source1: https://github.com/openssl/openssl/archive/OpenSSL_1_0_2-stable/%{name}-%{version}-dev.tar.gz
	36	%endif
	37	Source2: %{name}.1.pl
	38	Source3: %{name}-ssl-certificate.sh
	39	Source4: %{name}-c_rehash.sh
	40	Patch0: %{name}-alpha-ccc.patch
	41	Patch1: %{name}-optflags.patch
	42	Patch2: %{name}-include.patch
	43	Patch3: %{name}-man-namespace.patch
	44	Patch4: %{name}-asflag.patch
	45	Patch5: %{name}-ca-certificates.patch
	46	Patch6: %{name}-ldflags.patch
	47	Patch7: %{name}-find.patch
	48	Patch8: pic.patch
	49	Patch10: %{name}_fix_for_x32.patch
	50	URL: http://www.openssl.org/
	51	BuildRequires: bc
	52	BuildRequires: perl-devel >= 1:5.6.1
	53	BuildRequires: rpm-perlprov >= 4.1-13
	54	BuildRequires: rpmbuild(macros) >= 1.213
	55	BuildRequires: sed >= 4.0
	56	Requires: ca-certificates >= 20120623-1.1
	57	Requires: rpm-whiteout >= 1.7
	58	Obsoletes: SSLeay
	59	Obsoletes: SSLeay-devel
	60	Obsoletes: SSLeay-perl
	61	Obsoletes: libopenssl0
	62	%if "%{pld_release}" == "ac"
	63	Conflicts: neon < 0.26.3-3
	64	Conflicts: ntpd < 4.2.4p8-10
	65	Conflicts: openssh-clients < 2:5.8p1-9
	66	Conflicts: openssh-server < 2:5.8p1-9
	67	%else
	68	Conflicts: apache-mod_ssl < 1:2.2.31-4
	69	Conflicts: curl-libs < 7.47.1-2
	70	Conflicts: neon < 0.29.6-8
	71	Conflicts: openssh-clients < 2:6.2p2-3
	72	Conflicts: openssh-server < 2:6.2p2-3
	73	Conflicts: php52-common < 4:5.2.17-20130717.17
	74	Conflicts: php53-common < 4:5.3.29-27
	75	Conflicts: php54-common < 4:5.4.45-5
	76	Conflicts: php55-common < 4:5.5.32-2
	77	Conflicts: php56-common < 4:5.6.18-3
	78	Conflicts: python-modules < 1:2.7.10-8
	79	Conflicts: ruby-modules < 1:2.0.0.648-2
	80	%endif
	81	BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
	82
	83	%description
	84	The OpenSSL Project is a collaborative effort to develop a robust,
	85	commercial-grade, full-featured, and Open Source toolkit implementing
	86	the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
	87	v1) protocols with full-strength cryptography world-wide. The project
	88	is managed by a worldwide community of volunteers that use the
	89	Internet to communicate, plan, and develop the OpenSSL tookit and its
	90	related documentation.
	91
	92	OpenSSL is based on the excellent SSLeay library developed by Eric A.
	93	Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
	94	Apache-style licence, which basically means that you are free to get
	95	and use it for commercial and non-commercial purposes subject to some
	96	simple license conditions.
	97
	98	This package contains shared libraries only, install openssl-tools if
	99	you want to use openssl cmdline tool.
	100
	101	%description -l de.UTF-8
	102	Openssl enthält das OpenSSL Zertifikatsmanagementtool und shared
	103	libraries, die verschiedene Verschlüsselungs- und
	104	Entschlüsselungsalgorithmen und -protokolle, wie DES, RC4, RSA und SSL
	105	zur Verfügung stellen.
	106
	107	%description -l es.UTF-8
	108	Biblioteca C que suministra algoritmos y protocolos criptográficos.
	109
	110	%description -l fr.UTF-8
	111	OpenSSL est un outiil de gestion des certificats et les librairies
	112	partagees qui fournit plusieurs protocoles et algorithmes de
	113	codage/decodage, incluant DES, RC4, RSA et SSL.
	114
	115	%description -l pl.UTF-8
	116	Implementacja protokołów kryptograficznych Secure Socket Layer (SSL)
	117	v2/v3 oraz Transport Layer Security (TLS v1).
	118
	119	%description -l pt_BR.UTF-8
	120	Uma biblioteca C que fornece vários algoritmos e protocolos
	121	criptográficos, incluindo DES, RC4, RSA e SSL. Inclui bibliotecas
	122	compartilhadas e utilitários.
	123
	124	%description -l ru.UTF-8
	125	Программа openssl для работы с сертификатами и разделяемые библиотеки,
	126	которые реализуют множетсво криптографических алгоритмов, включая DES,
	127	RC4, RSA и SSL.
	128
	129	%description -l uk.UTF-8
	130	Програма openssl для роботи з сертифікатами та бібліотеки спільного
	131	користування, що реалізують велику кількість криптографічних
	132	алгоритмів, включаючи DES, RC4, RSA та SSL.
	133
	134	%package engines
	135	Summary: OpenSSL optional crypto engines
	136	Summary(pl.UTF-8): Opcjonalne silniki kryptograficzne dla OpenSSL-a
	137	Group: Libraries
	138	Requires: %{name} = %{version}-%{release}
	139
	140	%description engines
	141	With OpenSSL 0.9.6, a new component was added to support alternative
	142	cryptography implementations, most commonly for interfacing with
	143	external crypto devices (eg. accelerator cards). This component is
	144	called ENGINE.
	145
	146	There are currently built-in ENGINE implementations for the following
	147	crypto devices:
	148
	149	- CryptoSwift
	150	- Compaq Atalla
	151	- nCipher CHIL
	152	- Nuron
	153	- Broadcom uBSec
	154
	155	In addition, dynamic binding to external ENGINE implementations is now
	156	provided by a special ENGINE called "dynamic".
	157
	158	%description engines -l pl.UTF-8
	159	Począwszy od OpenSSL-a 0.9.6 został dodany nowy komponent, mający
	160	wspierać alternatywne implementacje kryptografii, przeważnie
	161	współpracujące z zewnętrznymi urządzeniami kryptograficznymi (np.
	162	kartami akceleratorów). Komponent ten jest nazywany SILNIKIEM (ang.
	163	ENGINE).
	164
	165	Obecnie istnieją wbudowane implementacje silników dla następujących
	166	urządzeń kryptograficznych:
	167	- CryptoSwift
	168	- Compaq Atalla
	169	- nCipher CHIL
	170	- Nuron
	171	- Broadcom uBSec
	172
	173	Ponadto zapewnione jest dynamiczne wiązanie dla zewnętrznych
	174	implementacji silników poprzez specjalny silnik o nazwie "dynamic".
	175
	176	%package tools
	177	Summary: OpenSSL command line tool and utilities
	178	Summary(pl.UTF-8): Zestaw narzędzi i skryptów
	179	Group: Applications/Communications
	180	Requires: %{name} = %{version}-%{release}
	181	Requires: which
	182
	183	%description tools
	184	The OpenSSL Toolkit cmdline tool openssl and utility scripts.
	185
	186	%description tools -l pl.UTF-8
	187	Zestaw narzędzi i skryptów wywoływanych z linii poleceń.
	188
	189	%package tools-perl
	190	Summary: OpenSSL utilities written in Perl
	191	Summary(pl.UTF-8): Narzędzia OpenSSL napisane w perlu
	192	Group: Applications/Communications
	193	Requires: %{name} = %{version}-%{release}
	194
	195	%description tools-perl
	196	OpenSSL Toolkit tools written in Perl.
	197
	198	%description tools-perl -l pl.UTF-8
	199	Narzędzia OpenSSL napisane w perlu.
	200
	201	%package devel
	202	Summary: Development part of OpenSSL Toolkit libraries
	203	Summary(de.UTF-8): Secure Sockets Layer Kommunikationslibrary: statische libraries+header
	204	Summary(es.UTF-8): Bibliotecas y archivos de inclusión para desarrollo OpenSSL
	205	Summary(fr.UTF-8): Librairies statiques, headers et utilitaires pour communication SSL
	206	Summary(pl.UTF-8): Część bibiloteki OpenSSL przeznaczona dla programistów
	207	Summary(pt_BR.UTF-8): Bibliotecas e arquivos de inclusão para desenvolvimento OpenSSL
	208	Summary(ru.UTF-8): Библиотеки, хедеры и утилиты для Secure Sockets Layer
	209	Summary(uk.UTF-8): Бібліотеки, хедери та утиліти для Secure Sockets Layer
	210	Group: Development/Libraries
	211	Requires: %{name} = %{version}-%{release}
	212	Obsoletes: libopenssl0-devel
	213
	214	%description devel
	215	Development part of OpenSSL library.
	216
	217	%description devel -l es.UTF-8
	218	Bibliotecas y archivos de inclusión para desarrollo OpenSSL
	219
	220	%description devel -l pl.UTF-8
	221	Część biblioteki OpenSSL przeznaczona dla programistów.
	222
	223	%description devel -l pt_BR.UTF-8
	224	Uma biblioteca C que fornece vários algoritmos e protocolos
	225	criptográficos, incluindo DES, RC4, RSA e SSL. Inclui bibliotecas e
	226	arquivos de inclusão para desenvolvimento.
	227
	228	%description devel -l ru.UTF-8
	229	Программа openssl для работы с сертификатами и разделяемые библиотеки,
	230	которые реализуют множетсво криптографических алгоритмов, включая DES,
	231	RC4, RSA и SSL. Включает библиотеки и хедеры для разработки приложений
	232	с использованием SSL.
	233
	234	%description devel -l uk.UTF-8
	235	Програма openssl для роботи з сертифікатами та бібліотеки спільного
	236	користування, що реалізують велику кількість криптографічних
	237	алгоритмів, включаючи DES, RC4, RSA та SSL. Містить бібліотеки та
	238	хедери для розробки програм з використанням SSL.
	239
	240	%package static
	241	Summary: Static OpenSSL libraries
	242	Summary(pl.UTF-8): Statyczne wersje bibliotek z OpenSSL
	243	Summary(pt_BR.UTF-8): Bibliotecas estáticas para desenvolvimento com openssl
	244	Summary(ru.UTF-8): Статические библиотеки разработчика для OpenSSL
	245	Summary(uk.UTF-8): Статичні бібліотеки програміста для OpenSSL
	246	Group: Development/Libraries
	247	Requires: %{name}-devel = %{version}-%{release}
	248
	249	%description static
	250	Static OpenSSL Toolkit libraries.
	251
	252	%description static -l pl.UTF-8
	253	Statyczne wersje bibliotek z OpenSSL.
	254
	255	%description static -l pt_BR.UTF-8
	256	Bibliotecas estáticas para desenvolvimento com openssl.
	257
	258	%description static -l ru.UTF-8
	259	Программа openssl для работы с сертификатами и разделяемые библиотеки,
	260	которые реализуют множетсво криптографических алгоритмов, включая DES,
	261	RC4, RSA и SSL. Включает статические библиотеки для разработки
	262	приложений с использованием OpenSSL.
	263
	264	%description static -l uk.UTF-8
	265	Програма openssl для роботи з сертифікатами та бібліотеки спільного
	266	користування, що реалізують велику кількість криптографічних
	267	алгоритмів, включаючи DES, RC4, RSA та SSL. Містить статичні
	268	бібліотеки для розробки програм з використанням SSL.
	269
	270	%prep
	271	%if %{with snap}
	272	%setup -qcT -a1
	273	mv %{name}-OpenSSL_1_0_2-stable/* .
	274	%else
	275	%setup -q
	276	%endif
	277	%patch0 -p1
	278	%patch1 -p1
	279	%patch2 -p1
	280	%patch3 -p1
	281	%patch4 -p1
	282	%patch5 -p1
	283	%patch6 -p1
	284	%patch7 -p1
	285	%patch8 -p1
	286	%ifarch x32
	287	%patch10 -p1
	288	%endif
	289
	290	sed -i -e 's\|\$prefix/\$libdir/engines\|/%{_lib}/engines\|g' Configure
	291
	292	%build
	293	touch Makefile.*
	294
	295	%{__perl} util/perlpath.pl %{__perl}
	296
	297	OPTFLAGS="%{rpmcflags} %{rpmcppflags} %{?with_purify:-DPURIFY}" \
	298	PERL="%{__perl}" \
	299	%{__perl} ./Configure \
	300	--openssldir=%{_sysconfdir}/%{name} \
	301	--libdir=%{_lib} \
	302	shared \
	303	threads \
	304	%{!?with_sslv2:no-ssl2} \
	305	%{!?with_sslv3:no-ssl3} \
	306	%{!?with_zlib:no-}zlib \
	307	enable-camelia \
	308	enable-cms \
	309	enable-idea \
	310	enable-md2 \
	311	enable-mdc2 \
	312	enable-rc5 \
	313	enable-rfc3779 \
	314	enable-seed \
	315	enable-tlsext \
	316	%ifarch %{x8664}
	317	enable-ec_nistp_64_gcc_128 \
	318	%endif
	319	%ifarch %{ix86}
	320	%ifarch i386
	321	386 linux-elf
	322	# ^- allow running on 80386 (default code uses bswapl available on i486+)
	323	%else
	324	linux-elf
	325	%endif
	326	%endif
	327	%ifarch alpha
	328	linux-alpha+bwx-gcc
	329	%endif
	330	%ifarch %{x8664}
	331	linux-x86_64
	332	%endif
	333	%ifarch x32
	334	linux-x32
	335	%endif
	336	%ifarch ia64
	337	linux-ia64
	338	%endif
	339	%ifarch ppc
	340	linux-ppc
	341	%endif
	342	%ifarch ppc64
	343	linux-ppc64
	344	%endif
	345	%ifarch sparc
	346	linux-sparcv8
	347	%endif
	348	%ifarch sparcv9
	349	linux-sparcv9
	350	%endif
	351	%ifarch sparc64
	352	linux64-sparcv9
	353	%endif
	354	%ifarch armv4 armv5 armv5t armv5te armv5tel
	355	linux-armv4
	356	%endif
	357
	358	v=$(awk -F= '/^VERSION/{print $2}' Makefile)
	359	test "$v" = %{version}%{?with_snap:-dev}
	360
	361	%{__make} -j1 all rehash %{?with_tests:tests} \
	362	CC="%{__cc}" \
	363	ASFLAG='$(CFLAG) -Wa,--noexecstack' \
	364	INSTALLTOP=%{_prefix}
	365
	366	# Rename POD sources of man pages. "openssl_" prefix is added to each
	367	# manpage to avoid potential conflicts with other packages.
	368
	369	for dir in doc/{apps,ssl,crypto}; do
	370	cd $dir \|\| exit 1;
	371	%{__perl} -pi -e 's/(\W)((?<!openssl_)\w+)(\(\d\))/$1openssl_$2$3/g; s/openssl_openssl/openssl/g;' *.pod;
	372
	373	for pod in !(openssl*).pod; do
	374	mv -f $pod openssl_$pod;
	375	done
	376	cd ../..
	377	done
	378
	379	%install
	380	rm -rf $RPM_BUILD_ROOT
	381	install -d $RPM_BUILD_ROOT{%{_sysconfdir}/%{name},%{_libdir}/%{name}} \
	382	$RPM_BUILD_ROOT{%{_mandir}/{pl/man1,man{1,3,5,7}},%{_datadir}/ssl} \
	383	$RPM_BUILD_ROOT/%{_lib}/engines \
	384	$RPM_BUILD_ROOT%{_pkgconfigdir}
	385
	386	%{__make} -j1 install \
	387	INSTALLTOP=%{_prefix} \
	388	INSTALL_PREFIX=$RPM_BUILD_ROOT \
	389	MANDIR=%{_mandir}
	390
	391	mv -f $RPM_BUILD_ROOT%{_libdir}/engines/* $RPM_BUILD_ROOT/%{_lib}/engines
	392	mv -f $RPM_BUILD_ROOT%{_libdir}/lib.so..* $RPM_BUILD_ROOT/%{_lib}
	393	ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libcrypto..) $RPM_BUILD_ROOT%{_libdir}/libcrypto.so
	394	ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libssl..) $RPM_BUILD_ROOT%{_libdir}/libssl.so
	395
	396	mv -f $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc/* $RPM_BUILD_ROOT%{_libdir}/%{name}
	397	rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc
	398
	399	# not installed as individual utilities (see openssl dgst instead)
	400	%{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/{dss1,md2,md4,md5,mdc2,ripemd160,sha,sha1,sha224,sha256,sha384,sha512}.1
	401
	402	cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_mandir}/pl/man1/openssl.1
	403	install -p %{SOURCE3} $RPM_BUILD_ROOT%{_bindir}/ssl-certificate
	404	install -p %{SOURCE4} $RPM_BUILD_ROOT%{_bindir}/c_rehash.sh
	405
	406	%clean
	407	rm -rf $RPM_BUILD_ROOT
	408
	409	%post -p /sbin/ldconfig
	410	%postun -p /sbin/ldconfig
	411
	412	%triggerpostun -- %{name}-tools < 1.0.0-5
	413	# the hashing format has changed in 1.0.0
	414	[ ! -x %{_sbindir}/update-ca-certificates ] \|\| %{_sbindir}/update-ca-certificates --fresh \|\| :
	415
	416	%triggerpostun -- %{name} < 0.9.8i-2
	417	# don't do anything on --downgrade
	418	if [ $1 -le 1 ]; then
	419	exit 0
	420	fi
	421	if [ -d /var/lib/openssl/certs ] ; then
	422	mv /var/lib/openssl/certs/* %{_sysconfdir}/%{name}/certs 2>/dev/null \|\| :
	423	fi
	424	if [ -d /var/lib/openssl/private ] ; then
	425	mv /var/lib/openssl/private/* %{_sysconfdir}/%{name}/private 2>/dev/null \|\| :
	426	fi
	427	if [ -d /var/lib/openssl ] ; then
	428	for f in /var/lib/openssl/* ; do
	429	[ -f "$f" ] && mv "$f" %{_sysconfdir}/%{name} 2>/dev/null \|\| :
	430	done
	431	rmdir /var/lib/openssl/* 2>/dev/null \|\| :
	432	rmdir /var/lib/openssl 2>/dev/null \|\| :
	433	fi
	434
	435	%files
	436	%defattr(644,root,root,755)
	437	%doc CHANGES CHANGES.SSLeay LICENSE NEWS README doc/*.txt
	438	%attr(755,root,root) /%{_lib}/libcrypto.so...*
	439	%attr(755,root,root) /%{_lib}/libssl.so...*
	440	%dir %{_sysconfdir}/%{name}
	441	%dir %{_sysconfdir}/%{name}/certs
	442	%dir %attr(700,root,root) %{_sysconfdir}/%{name}/private
	443	%dir %{_datadir}/ssl
	444
	445	%files engines
	446	%defattr(644,root,root,755)
	447	%dir /%{_lib}/engines
	448	%attr(755,root,root) /%{_lib}/engines/*.so
	449
	450	%files tools
	451	%defattr(644,root,root,755)
	452	%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/openssl.cnf
	453	%attr(755,root,root) %{_bindir}/c_rehash.sh
	454	%attr(755,root,root) %{_bindir}/openssl
	455	%attr(754,root,root) %{_bindir}/ssl-certificate
	456
	457	%dir %{_libdir}/%{name}
	458	%attr(755,root,root) %{_libdir}/%{name}/CA.sh
	459	%attr(755,root,root) %{_libdir}/%{name}/c_hash
	460	%attr(755,root,root) %{_libdir}/%{name}/c_info
	461	%attr(755,root,root) %{_libdir}/%{name}/c_issuer
	462	%attr(755,root,root) %{_libdir}/%{name}/c_name
	463
	464	%{_mandir}/man1/openssl.1*
	465	%{_mandir}/man1/openssl_asn1parse.1*
	466	%{_mandir}/man1/openssl_ca.1*
	467	%{_mandir}/man1/openssl_ciphers.1*
	468	%{_mandir}/man1/openssl_cms.1*
	469	%{_mandir}/man1/openssl_crl.1*
	470	%{_mandir}/man1/openssl_crl2pkcs7.1*
	471	%{_mandir}/man1/openssl_dgst.1*
	472	%{_mandir}/man1/openssl_dhparam.1*
	473	%{_mandir}/man1/openssl_dsa.1*
	474	%{_mandir}/man1/openssl_dsaparam.1*
	475	%{_mandir}/man1/openssl_ec.1*
	476	%{_mandir}/man1/openssl_ecparam.1*
	477	%{_mandir}/man1/openssl_enc.1*
	478	%{_mandir}/man1/openssl_errstr.1*
	479	%{_mandir}/man1/openssl_gendsa.1*
	480	%{_mandir}/man1/openssl_genpkey.1*
	481	%{_mandir}/man1/openssl_genrsa.1*
	482	%{_mandir}/man1/openssl_nseq.1*
	483	%{_mandir}/man1/openssl_ocsp.1*
	484	%{_mandir}/man1/openssl_passwd.1*
	485	%{_mandir}/man1/openssl_pkcs12.1*
	486	%{_mandir}/man1/openssl_pkcs7.1*
	487	%{_mandir}/man1/openssl_pkcs8.1*
	488	%{_mandir}/man1/openssl_pkey.1*
	489	%{_mandir}/man1/openssl_pkeyparam.1*
	490	%{_mandir}/man1/openssl_pkeyutl.1*
	491	%{_mandir}/man1/openssl_rand.1*
	492	%{_mandir}/man1/openssl_req.1*
	493	%{_mandir}/man1/openssl_rsa.1*
	494	%{_mandir}/man1/openssl_rsautl.1*
	495	%{_mandir}/man1/openssl_s_client.1*
	496	%{_mandir}/man1/openssl_s_server.1*
	497	%{_mandir}/man1/openssl_s_time.1*
	498	%{_mandir}/man1/openssl_sess_id.1*
	499	%{_mandir}/man1/openssl_smime.1*
	500	%{_mandir}/man1/openssl_speed.1*
	501	%{_mandir}/man1/openssl_spkac.1*
	502	%{_mandir}/man1/openssl_ts.1*
	503	%{_mandir}/man1/openssl_tsget.1*
	504	%{_mandir}/man1/openssl_verify.1*
	505	%{_mandir}/man1/openssl_version.1*
	506	%{_mandir}/man1/openssl_x509.1*
	507	%{_mandir}/man5/openssl_config.5*
	508	%{_mandir}/man5/openssl_x509v3_config.5*
	509	%lang(pl) %{_mandir}/pl/man1/openssl.1*
	510
	511	%files tools-perl
	512	%defattr(644,root,root,755)
	513	%attr(755,root,root) %{_bindir}/c_rehash
	514	%attr(755,root,root) %{_libdir}/%{name}/CA.pl
	515	%attr(755,root,root) %{_libdir}/%{name}/tsget
	516	%{_mandir}/man1/openssl_CA.pl.1*
	517	%{_mandir}/man1/openssl_c_rehash.1*
	518
	519	%files devel
	520	%defattr(644,root,root,755)
	521	%attr(755,root,root) %{_libdir}/libcrypto.so
	522	%attr(755,root,root) %{_libdir}/libssl.so
	523	%{_includedir}/%{name}
	524	%{_pkgconfigdir}/libcrypto.pc
	525	%{_pkgconfigdir}/libssl.pc
	526	%{_pkgconfigdir}/openssl.pc
	527	%{_mandir}/man3/openssl.3
	528	%{_mandir}/man7/openssl_des_modes.7*
	529
	530	%files static
	531	%defattr(644,root,root,755)
	532	%{_libdir}/libcrypto.a
	533	%{_libdir}/libssl.a