[packages/openssl.git] / openssl.spec

# TODO
# - consider dropping last optflags.patch hunk and return to SOMAJOR (.so.1) sonames
# - find a way to simplify (drop) openssl-optflags.patch, it's pain to update here in pld
#
# Conditional build:
%bcond_without	tests	# don't perform "make tests"
%bcond_without	zlib	# zlib: note - enables CVE-2012-4929 vulnerability
%bcond_without	sslv2	# SSLv2: note - many flaws http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_2.0
%bcond_without	sslv3	# SSLv3: note - enables  CVE-2014-3566 vulnerability
%bcond_with	purify	# Compile openssl with "-DPURIFY", useful when one wants to
			# use valgrind debugger against openssl-linked programs
%bcond_with	snap	# use GitHub snapshot to build branch release

%include	/usr/lib/rpm/macros.perl
Summary:	OpenSSL Toolkit libraries for the "Secure Sockets Layer" (SSL v2/v3)
Summary(de.UTF-8):	Secure Sockets Layer (SSL)-Kommunikationslibrary
Summary(es.UTF-8):	Biblioteca C que suministra algoritmos y protocolos criptográficos
Summary(fr.UTF-8):	Utilitaires de communication SSL (Secure Sockets Layer)
Summary(pl.UTF-8):	Biblioteki OpenSSL (SSL v2/v3)
Summary(pt_BR.UTF-8):	Uma biblioteca C que fornece vários algoritmos e protocolos criptográficos
Summary(ru.UTF-8):	Библиотеки и утилиты для соединений через Secure Sockets Layer
Summary(uk.UTF-8):	Бібліотеки та утиліти для з'єднань через Secure Sockets Layer
Name:		openssl
# 1.0.2 will be LTS release
# Version 1.0.2 will be supported until 2019-12-31.
# https://www.openssl.org/about/releasestrat.html
Version:	1.0.2g
Release:	5
License:	Apache-like
Group:		Libraries
%if %{without snap}
Source0:	ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
# Source0-md5:	f3c710c045cdee5fd114feb69feba7aa
%else
Source1:	https://github.com/openssl/openssl/archive/OpenSSL_1_0_2-stable/%{name}-%{version}-dev.tar.gz
%endif
Source2:	%{name}.1.pl
Source3:	%{name}-ssl-certificate.sh
Source4:	%{name}-c_rehash.sh
Patch0:		%{name}-alpha-ccc.patch
Patch1:		%{name}-optflags.patch
Patch2:		%{name}-include.patch
Patch3:		%{name}-man-namespace.patch
Patch4:		%{name}-asflag.patch
Patch5:		%{name}-ca-certificates.patch
Patch6:		%{name}-ldflags.patch
Patch7:		%{name}-find.patch
Patch8:		pic.patch
Patch10:	%{name}_fix_for_x32.patch
URL:		http://www.openssl.org/
BuildRequires:	bc
BuildRequires:	perl-devel >= 1:5.6.1
BuildRequires:	rpm-perlprov >= 4.1-13
BuildRequires:	rpmbuild(macros) >= 1.213
BuildRequires:	sed >= 4.0
Requires:	ca-certificates >= 20120623-1.1
Requires:	rpm-whiteout >= 1.7
Obsoletes:	SSLeay
Obsoletes:	SSLeay-devel
Obsoletes:	SSLeay-perl
Obsoletes:	libopenssl0
%if "%{pld_release}" == "ac"
Conflicts:	neon < 0.26.3-3
Conflicts:	ntpd < 4.2.4p8-10
Conflicts:	openssh-clients < 2:5.8p1-9
Conflicts:	openssh-server < 2:5.8p1-9
%else
Conflicts:	apache-mod_ssl < 1:2.2.31-4
Conflicts:	curl-libs < 7.47.1-2
Conflicts:	neon < 0.29.6-8
Conflicts:	openssh-clients < 2:6.2p2-3
Conflicts:	openssh-server < 2:6.2p2-3
Conflicts:	php52-common < 4:5.2.17-20130717.17
Conflicts:	php53-common < 4:5.3.29-27
Conflicts:	php54-common < 4:5.4.45-5
Conflicts:	php55-common < 4:5.5.32-2
Conflicts:	php56-common < 4:5.6.18-3
Conflicts:	ruby-modules < 1:2.0.0.648-2
%endif
BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)

%description
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and Open Source toolkit implementing
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
v1) protocols with full-strength cryptography world-wide. The project
is managed by a worldwide community of volunteers that use the
Internet to communicate, plan, and develop the OpenSSL tookit and its
related documentation.

OpenSSL is based on the excellent SSLeay library developed by Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style licence, which basically means that you are free to get
and use it for commercial and non-commercial purposes subject to some
simple license conditions.

This package contains shared libraries only, install openssl-tools if
you want to use openssl cmdline tool.

%description -l de.UTF-8
Openssl enthält das OpenSSL Zertifikatsmanagementtool und shared
libraries, die verschiedene Verschlüsselungs- und
Entschlüsselungsalgorithmen und -protokolle, wie DES, RC4, RSA und SSL
zur Verfügung stellen.

%description -l es.UTF-8
Biblioteca C que suministra algoritmos y protocolos criptográficos.

%description -l fr.UTF-8
OpenSSL est un outiil de gestion des certificats et les librairies
partagees qui fournit plusieurs protocoles et algorithmes de
codage/decodage, incluant DES, RC4, RSA et SSL.

%description -l pl.UTF-8
Implementacja protokołów kryptograficznych Secure Socket Layer (SSL)
v2/v3 oraz Transport Layer Security (TLS v1).

%description -l pt_BR.UTF-8
Uma biblioteca C que fornece vários algoritmos e protocolos
criptográficos, incluindo DES, RC4, RSA e SSL. Inclui bibliotecas
compartilhadas e utilitários.

%description -l ru.UTF-8
Программа openssl для работы с сертификатами и разделяемые библиотеки,
которые реализуют множетсво криптографических алгоритмов, включая DES,
RC4, RSA и SSL.

%description -l uk.UTF-8
Програма openssl для роботи з сертифікатами та бібліотеки спільного
користування, що реалізують велику кількість криптографічних
алгоритмів, включаючи DES, RC4, RSA та SSL.

%package engines
Summary:	OpenSSL optional crypto engines
Summary(pl.UTF-8):	Opcjonalne silniki kryptograficzne dla OpenSSL-a
Group:		Libraries
Requires:	%{name} = %{version}-%{release}

%description engines
With OpenSSL 0.9.6, a new component was added to support alternative
cryptography implementations, most commonly for interfacing with
external crypto devices (eg. accelerator cards). This component is
called ENGINE.

There are currently built-in ENGINE implementations for the following
crypto devices:

- CryptoSwift
- Compaq Atalla
- nCipher CHIL
- Nuron
- Broadcom uBSec

In addition, dynamic binding to external ENGINE implementations is now
provided by a special ENGINE called "dynamic".

%description engines -l pl.UTF-8
Począwszy od OpenSSL-a 0.9.6 został dodany nowy komponent, mający
wspierać alternatywne implementacje kryptografii, przeważnie
współpracujące z zewnętrznymi urządzeniami kryptograficznymi (np.
kartami akceleratorów). Komponent ten jest nazywany SILNIKIEM (ang.
ENGINE).

Obecnie istnieją wbudowane implementacje silników dla następujących
urządzeń kryptograficznych:
- CryptoSwift
- Compaq Atalla
- nCipher CHIL
- Nuron
- Broadcom uBSec

Ponadto zapewnione jest dynamiczne wiązanie dla zewnętrznych
implementacji silników poprzez specjalny silnik o nazwie "dynamic".

%package tools
Summary:	OpenSSL command line tool and utilities
Summary(pl.UTF-8):	Zestaw narzędzi i skryptów
Group:		Applications/Communications
Requires:	%{name} = %{version}-%{release}
Requires:	which

%description tools
The OpenSSL Toolkit cmdline tool openssl and utility scripts.

%description tools -l pl.UTF-8
Zestaw narzędzi i skryptów wywoływanych z linii poleceń.

%package tools-perl
Summary:	OpenSSL utilities written in Perl
Summary(pl.UTF-8):	Narzędzia OpenSSL napisane w perlu
Group:		Applications/Communications
Requires:	%{name} = %{version}-%{release}

%description tools-perl
OpenSSL Toolkit tools written in Perl.

%description tools-perl -l pl.UTF-8
Narzędzia OpenSSL napisane w perlu.

%package devel
Summary:	Development part of OpenSSL Toolkit libraries
Summary(de.UTF-8):	Secure Sockets Layer Kommunikationslibrary: statische libraries+header
Summary(es.UTF-8):	Bibliotecas y archivos de inclusión para desarrollo OpenSSL
Summary(fr.UTF-8):	Librairies statiques, headers et utilitaires pour communication SSL
Summary(pl.UTF-8):	Część bibiloteki OpenSSL przeznaczona dla programistów
Summary(pt_BR.UTF-8):	Bibliotecas e arquivos de inclusão para desenvolvimento OpenSSL
Summary(ru.UTF-8):	Библиотеки, хедеры и утилиты для Secure Sockets Layer
Summary(uk.UTF-8):	Бібліотеки, хедери та утиліти для Secure Sockets Layer
Group:		Development/Libraries
Requires:	%{name} = %{version}-%{release}
Obsoletes:	libopenssl0-devel

%description devel
Development part of OpenSSL library.

%description devel -l es.UTF-8
Bibliotecas y archivos de inclusión para desarrollo OpenSSL

%description devel -l pl.UTF-8
Część biblioteki OpenSSL przeznaczona dla programistów.

%description devel -l pt_BR.UTF-8
Uma biblioteca C que fornece vários algoritmos e protocolos
criptográficos, incluindo DES, RC4, RSA e SSL. Inclui bibliotecas e
arquivos de inclusão para desenvolvimento.

%description devel -l ru.UTF-8
Программа openssl для работы с сертификатами и разделяемые библиотеки,
которые реализуют множетсво криптографических алгоритмов, включая DES,
RC4, RSA и SSL. Включает библиотеки и хедеры для разработки приложений
с использованием SSL.

%description devel -l uk.UTF-8
Програма openssl для роботи з сертифікатами та бібліотеки спільного
користування, що реалізують велику кількість криптографічних
алгоритмів, включаючи DES, RC4, RSA та SSL. Містить бібліотеки та
хедери для розробки програм з використанням SSL.

%package static
Summary:	Static OpenSSL libraries
Summary(pl.UTF-8):	Statyczne wersje bibliotek z OpenSSL
Summary(pt_BR.UTF-8):	Bibliotecas estáticas para desenvolvimento com openssl
Summary(ru.UTF-8):	Статические библиотеки разработчика для OpenSSL
Summary(uk.UTF-8):	Статичні бібліотеки програміста для OpenSSL
Group:		Development/Libraries
Requires:	%{name}-devel = %{version}-%{release}

%description static
Static OpenSSL Toolkit libraries.

%description static -l pl.UTF-8
Statyczne wersje bibliotek z OpenSSL.

%description static -l pt_BR.UTF-8
Bibliotecas estáticas para desenvolvimento com openssl.

%description static -l ru.UTF-8
Программа openssl для работы с сертификатами и разделяемые библиотеки,
которые реализуют множетсво криптографических алгоритмов, включая DES,
RC4, RSA и SSL. Включает статические библиотеки для разработки
приложений с использованием OpenSSL.

%description static -l uk.UTF-8
Програма openssl для роботи з сертифікатами та бібліотеки спільного
користування, що реалізують велику кількість криптографічних
алгоритмів, включаючи DES, RC4, RSA та SSL. Містить статичні
бібліотеки для розробки програм з використанням SSL.

%prep
%if %{with snap}
%setup -qcT -a1
mv %{name}-OpenSSL_1_0_2-stable/* .
%else
%setup -q
%endif
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%ifarch x32
%patch10 -p1
%endif

sed -i -e 's|\$prefix/\$libdir/engines|/%{_lib}/engines|g' Configure

%build
touch Makefile.*

%{__perl} util/perlpath.pl %{__perl}

OPTFLAGS="%{rpmcflags} %{rpmcppflags} %{?with_purify:-DPURIFY}" \
PERL="%{__perl}" \
%{__perl} ./Configure \
	--openssldir=%{_sysconfdir}/%{name} \
	--libdir=%{_lib} \
	shared \
	threads \
	%{!?with_sslv2:no-ssl2} \
	%{!?with_sslv3:no-ssl3} \
	%{!?with_zlib:no-}zlib \
	enable-camelia \
	enable-cms \
	enable-idea \
	enable-md2 \
	enable-mdc2 \
	enable-rc5 \
	enable-rfc3779 \
	enable-seed \
	enable-tlsext \
%ifarch %{x8664}
	enable-ec_nistp_64_gcc_128 \
%endif
%ifarch %{ix86}
%ifarch i386
	386 linux-elf
# ^- allow running on 80386 (default code uses bswapl available on i486+)
%else
	linux-elf
%endif
%endif
%ifarch alpha
	linux-alpha+bwx-gcc
%endif
%ifarch %{x8664}
	linux-x86_64
%endif
%ifarch x32
	linux-x32
%endif
%ifarch ia64
	linux-ia64
%endif
%ifarch ppc
	linux-ppc
%endif
%ifarch ppc64
	linux-ppc64
%endif
%ifarch sparc
	linux-sparcv8
%endif
%ifarch sparcv9
	linux-sparcv9
%endif
%ifarch sparc64
	linux64-sparcv9
%endif
%ifarch armv4 armv5 armv5t armv5te armv5tel
	linux-armv4
%endif

v=$(awk -F= '/^VERSION/{print $2}' Makefile)
test "$v" = %{version}%{?with_snap:-dev}

%{__make} -j1 all rehash %{?with_tests:tests} \
	CC="%{__cc}" \
	ASFLAG='$(CFLAG) -Wa,--noexecstack' \
	INSTALLTOP=%{_prefix}

# Rename POD sources of man pages. "openssl_" prefix is added to each
# manpage to avoid potential conflicts with other packages.

for dir in doc/{apps,ssl,crypto}; do
	cd $dir || exit 1;
	%{__perl} -pi -e 's/(\W)((?<!openssl_)\w+)(\(\d\))/$1openssl_$2$3/g; s/openssl_openssl/openssl/g;' *.pod;

	for pod in !(openssl*).pod; do
		mv -f $pod openssl_$pod;
	done
	cd ../..
done

%install
rm -rf $RPM_BUILD_ROOT
install -d $RPM_BUILD_ROOT{%{_sysconfdir}/%{name},%{_libdir}/%{name}} \
	$RPM_BUILD_ROOT{%{_mandir}/{pl/man1,man{1,3,5,7}},%{_datadir}/ssl} \
	$RPM_BUILD_ROOT/%{_lib}/engines \
	$RPM_BUILD_ROOT%{_pkgconfigdir}

%{__make} -j1 install \
	INSTALLTOP=%{_prefix} \
	INSTALL_PREFIX=$RPM_BUILD_ROOT \
	MANDIR=%{_mandir}

mv -f $RPM_BUILD_ROOT%{_libdir}/engines/* $RPM_BUILD_ROOT/%{_lib}/engines
mv -f $RPM_BUILD_ROOT%{_libdir}/lib*.so.*.* $RPM_BUILD_ROOT/%{_lib}
ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libcrypto.*.*) $RPM_BUILD_ROOT%{_libdir}/libcrypto.so
ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libssl.*.*) $RPM_BUILD_ROOT%{_libdir}/libssl.so

mv -f $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc/* $RPM_BUILD_ROOT%{_libdir}/%{name}
rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc

# not installed as individual utilities (see openssl dgst instead)
%{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/{dss1,md2,md4,md5,mdc2,ripemd160,sha,sha1,sha224,sha256,sha384,sha512}.1

cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_mandir}/pl/man1/openssl.1
install -p %{SOURCE3} $RPM_BUILD_ROOT%{_bindir}/ssl-certificate
install -p %{SOURCE4} $RPM_BUILD_ROOT%{_bindir}/c_rehash.sh

%clean
rm -rf $RPM_BUILD_ROOT

%post   -p /sbin/ldconfig
%postun -p /sbin/ldconfig

%triggerpostun -- %{name}-tools < 1.0.0-5
# the hashing format has changed in 1.0.0
[ ! -x %{_sbindir}/update-ca-certificates ] || %{_sbindir}/update-ca-certificates --fresh || :

%triggerpostun -- %{name} < 0.9.8i-2
# don't do anything on --downgrade
if [ $1 -le 1 ]; then
	exit 0
fi
if [ -d /var/lib/openssl/certs ] ; then
	mv /var/lib/openssl/certs/* %{_sysconfdir}/%{name}/certs 2>/dev/null || :
fi
if [ -d /var/lib/openssl/private ] ; then
	mv /var/lib/openssl/private/* %{_sysconfdir}/%{name}/private 2>/dev/null || :
fi
if [ -d /var/lib/openssl ] ; then
	for f in /var/lib/openssl/* ; do
		[ -f "$f" ] && mv "$f" %{_sysconfdir}/%{name} 2>/dev/null || :
	done
	rmdir /var/lib/openssl/* 2>/dev/null || :
	rmdir /var/lib/openssl 2>/dev/null || :
fi

%files
%defattr(644,root,root,755)
%doc CHANGES CHANGES.SSLeay LICENSE NEWS README doc/*.txt
%attr(755,root,root) /%{_lib}/libcrypto.so.*.*.*
%attr(755,root,root) /%{_lib}/libssl.so.*.*.*
%dir %{_sysconfdir}/%{name}
%dir %{_sysconfdir}/%{name}/certs
%dir %attr(700,root,root) %{_sysconfdir}/%{name}/private
%dir %{_datadir}/ssl

%files engines
%defattr(644,root,root,755)
%dir /%{_lib}/engines
%attr(755,root,root) /%{_lib}/engines/*.so

%files tools
%defattr(644,root,root,755)
%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/openssl.cnf
%attr(755,root,root) %{_bindir}/c_rehash.sh
%attr(755,root,root) %{_bindir}/openssl
%attr(754,root,root) %{_bindir}/ssl-certificate

%dir %{_libdir}/%{name}
%attr(755,root,root) %{_libdir}/%{name}/CA.sh
%attr(755,root,root) %{_libdir}/%{name}/c_hash
%attr(755,root,root) %{_libdir}/%{name}/c_info
%attr(755,root,root) %{_libdir}/%{name}/c_issuer
%attr(755,root,root) %{_libdir}/%{name}/c_name

%{_mandir}/man1/openssl.1*
%{_mandir}/man1/openssl_asn1parse.1*
%{_mandir}/man1/openssl_ca.1*
%{_mandir}/man1/openssl_ciphers.1*
%{_mandir}/man1/openssl_cms.1*
%{_mandir}/man1/openssl_crl.1*
%{_mandir}/man1/openssl_crl2pkcs7.1*
%{_mandir}/man1/openssl_dgst.1*
%{_mandir}/man1/openssl_dhparam.1*
%{_mandir}/man1/openssl_dsa.1*
%{_mandir}/man1/openssl_dsaparam.1*
%{_mandir}/man1/openssl_ec.1*
%{_mandir}/man1/openssl_ecparam.1*
%{_mandir}/man1/openssl_enc.1*
%{_mandir}/man1/openssl_errstr.1*
%{_mandir}/man1/openssl_gendsa.1*
%{_mandir}/man1/openssl_genpkey.1*
%{_mandir}/man1/openssl_genrsa.1*
%{_mandir}/man1/openssl_nseq.1*
%{_mandir}/man1/openssl_ocsp.1*
%{_mandir}/man1/openssl_passwd.1*
%{_mandir}/man1/openssl_pkcs12.1*
%{_mandir}/man1/openssl_pkcs7.1*
%{_mandir}/man1/openssl_pkcs8.1*
%{_mandir}/man1/openssl_pkey.1*
%{_mandir}/man1/openssl_pkeyparam.1*
%{_mandir}/man1/openssl_pkeyutl.1*
%{_mandir}/man1/openssl_rand.1*
%{_mandir}/man1/openssl_req.1*
%{_mandir}/man1/openssl_rsa.1*
%{_mandir}/man1/openssl_rsautl.1*
%{_mandir}/man1/openssl_s_client.1*
%{_mandir}/man1/openssl_s_server.1*
%{_mandir}/man1/openssl_s_time.1*
%{_mandir}/man1/openssl_sess_id.1*
%{_mandir}/man1/openssl_smime.1*
%{_mandir}/man1/openssl_speed.1*
%{_mandir}/man1/openssl_spkac.1*
%{_mandir}/man1/openssl_ts.1*
%{_mandir}/man1/openssl_tsget.1*
%{_mandir}/man1/openssl_verify.1*
%{_mandir}/man1/openssl_version.1*
%{_mandir}/man1/openssl_x509.1*
%{_mandir}/man5/openssl_config.5*
%{_mandir}/man5/openssl_x509v3_config.5*
%lang(pl) %{_mandir}/pl/man1/openssl.1*

%files tools-perl
%defattr(644,root,root,755)
%attr(755,root,root) %{_bindir}/c_rehash
%attr(755,root,root) %{_libdir}/%{name}/CA.pl
%attr(755,root,root) %{_libdir}/%{name}/tsget
%{_mandir}/man1/openssl_CA.pl.1*
%{_mandir}/man1/openssl_c_rehash.1*

%files devel
%defattr(644,root,root,755)
%attr(755,root,root) %{_libdir}/libcrypto.so
%attr(755,root,root) %{_libdir}/libssl.so
%{_includedir}/%{name}
%{_pkgconfigdir}/libcrypto.pc
%{_pkgconfigdir}/libssl.pc
%{_pkgconfigdir}/openssl.pc
%{_mandir}/man3/openssl*.3*
%{_mandir}/man7/openssl_des_modes.7*

%files static
%defattr(644,root,root,755)
%{_libdir}/libcrypto.a
%{_libdir}/libssl.a
Commit	Line	Data
	1	# TODO
	2	# - consider dropping last optflags.patch hunk and return to SOMAJOR (.so.1) sonames
	3	# - find a way to simplify (drop) openssl-optflags.patch, it's pain to update here in pld
	4	#
	5	# Conditional build:
	6	%bcond_without tests # don't perform "make tests"
	7	%bcond_without zlib # zlib: note - enables CVE-2012-4929 vulnerability
	8	%bcond_without sslv2 # SSLv2: note - many flaws http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_2.0
	9	%bcond_without sslv3 # SSLv3: note - enables CVE-2014-3566 vulnerability
	10	%bcond_with purify # Compile openssl with "-DPURIFY", useful when one wants to
	11	# use valgrind debugger against openssl-linked programs
	12	%bcond_with snap # use GitHub snapshot to build branch release
	13
	14	%include /usr/lib/rpm/macros.perl
	15	Summary: OpenSSL Toolkit libraries for the "Secure Sockets Layer" (SSL v2/v3)
	16	Summary(de.UTF-8): Secure Sockets Layer (SSL)-Kommunikationslibrary
	17	Summary(es.UTF-8): Biblioteca C que suministra algoritmos y protocolos criptográficos
	18	Summary(fr.UTF-8): Utilitaires de communication SSL (Secure Sockets Layer)
	19	Summary(pl.UTF-8): Biblioteki OpenSSL (SSL v2/v3)
	20	Summary(pt_BR.UTF-8): Uma biblioteca C que fornece vários algoritmos e protocolos criptográficos
	21	Summary(ru.UTF-8): Библиотеки и утилиты для соединений через Secure Sockets Layer
	22	Summary(uk.UTF-8): Бібліотеки та утиліти для з'єднань через Secure Sockets Layer
	23	Name: openssl
	24	# 1.0.2 will be LTS release
	25	# Version 1.0.2 will be supported until 2019-12-31.
	26	# https://www.openssl.org/about/releasestrat.html
	27	Version: 1.0.2g
	28	Release: 5
	29	License: Apache-like
	30	Group: Libraries
	31	%if %{without snap}
	32	Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
	33	# Source0-md5: f3c710c045cdee5fd114feb69feba7aa
	34	%else
	35	Source1: https://github.com/openssl/openssl/archive/OpenSSL_1_0_2-stable/%{name}-%{version}-dev.tar.gz
	36	%endif
	37	Source2: %{name}.1.pl
	38	Source3: %{name}-ssl-certificate.sh
	39	Source4: %{name}-c_rehash.sh
	40	Patch0: %{name}-alpha-ccc.patch
	41	Patch1: %{name}-optflags.patch
	42	Patch2: %{name}-include.patch
	43	Patch3: %{name}-man-namespace.patch
	44	Patch4: %{name}-asflag.patch
	45	Patch5: %{name}-ca-certificates.patch
	46	Patch6: %{name}-ldflags.patch
	47	Patch7: %{name}-find.patch
	48	Patch8: pic.patch
	49	Patch10: %{name}_fix_for_x32.patch
	50	URL: http://www.openssl.org/
	51	BuildRequires: bc
	52	BuildRequires: perl-devel >= 1:5.6.1
	53	BuildRequires: rpm-perlprov >= 4.1-13
	54	BuildRequires: rpmbuild(macros) >= 1.213
	55	BuildRequires: sed >= 4.0
	56	Requires: ca-certificates >= 20120623-1.1
	57	Requires: rpm-whiteout >= 1.7
	58	Obsoletes: SSLeay
	59	Obsoletes: SSLeay-devel
	60	Obsoletes: SSLeay-perl
	61	Obsoletes: libopenssl0
	62	%if "%{pld_release}" == "ac"
	63	Conflicts: neon < 0.26.3-3
	64	Conflicts: ntpd < 4.2.4p8-10
	65	Conflicts: openssh-clients < 2:5.8p1-9
	66	Conflicts: openssh-server < 2:5.8p1-9
	67	%else
	68	Conflicts: apache-mod_ssl < 1:2.2.31-4
	69	Conflicts: curl-libs < 7.47.1-2
	70	Conflicts: neon < 0.29.6-8
	71	Conflicts: openssh-clients < 2:6.2p2-3
	72	Conflicts: openssh-server < 2:6.2p2-3
	73	Conflicts: php52-common < 4:5.2.17-20130717.17
	74	Conflicts: php53-common < 4:5.3.29-27
	75	Conflicts: php54-common < 4:5.4.45-5
	76	Conflicts: php55-common < 4:5.5.32-2
	77	Conflicts: php56-common < 4:5.6.18-3
	78	Conflicts: ruby-modules < 1:2.0.0.648-2
	79	%endif
	80	BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
	81
	82	%description
	83	The OpenSSL Project is a collaborative effort to develop a robust,
	84	commercial-grade, full-featured, and Open Source toolkit implementing
	85	the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
	86	v1) protocols with full-strength cryptography world-wide. The project
	87	is managed by a worldwide community of volunteers that use the
	88	Internet to communicate, plan, and develop the OpenSSL tookit and its
	89	related documentation.
	90
	91	OpenSSL is based on the excellent SSLeay library developed by Eric A.
	92	Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
	93	Apache-style licence, which basically means that you are free to get
	94	and use it for commercial and non-commercial purposes subject to some
	95	simple license conditions.
	96
	97	This package contains shared libraries only, install openssl-tools if
	98	you want to use openssl cmdline tool.
	99
	100	%description -l de.UTF-8
	101	Openssl enthält das OpenSSL Zertifikatsmanagementtool und shared
	102	libraries, die verschiedene Verschlüsselungs- und
	103	Entschlüsselungsalgorithmen und -protokolle, wie DES, RC4, RSA und SSL
	104	zur Verfügung stellen.
	105
	106	%description -l es.UTF-8
	107	Biblioteca C que suministra algoritmos y protocolos criptográficos.
	108
	109	%description -l fr.UTF-8
	110	OpenSSL est un outiil de gestion des certificats et les librairies
	111	partagees qui fournit plusieurs protocoles et algorithmes de
	112	codage/decodage, incluant DES, RC4, RSA et SSL.
	113
	114	%description -l pl.UTF-8
	115	Implementacja protokołów kryptograficznych Secure Socket Layer (SSL)
	116	v2/v3 oraz Transport Layer Security (TLS v1).
	117
	118	%description -l pt_BR.UTF-8
	119	Uma biblioteca C que fornece vários algoritmos e protocolos
	120	criptográficos, incluindo DES, RC4, RSA e SSL. Inclui bibliotecas
	121	compartilhadas e utilitários.
	122
	123	%description -l ru.UTF-8
	124	Программа openssl для работы с сертификатами и разделяемые библиотеки,
	125	которые реализуют множетсво криптографических алгоритмов, включая DES,
	126	RC4, RSA и SSL.
	127
	128	%description -l uk.UTF-8
	129	Програма openssl для роботи з сертифікатами та бібліотеки спільного
	130	користування, що реалізують велику кількість криптографічних
	131	алгоритмів, включаючи DES, RC4, RSA та SSL.
	132
	133	%package engines
	134	Summary: OpenSSL optional crypto engines
	135	Summary(pl.UTF-8): Opcjonalne silniki kryptograficzne dla OpenSSL-a
	136	Group: Libraries
	137	Requires: %{name} = %{version}-%{release}
	138
	139	%description engines
	140	With OpenSSL 0.9.6, a new component was added to support alternative
	141	cryptography implementations, most commonly for interfacing with
	142	external crypto devices (eg. accelerator cards). This component is
	143	called ENGINE.
	144
	145	There are currently built-in ENGINE implementations for the following
	146	crypto devices:
	147
	148	- CryptoSwift
	149	- Compaq Atalla
	150	- nCipher CHIL
	151	- Nuron
	152	- Broadcom uBSec
	153
	154	In addition, dynamic binding to external ENGINE implementations is now
	155	provided by a special ENGINE called "dynamic".
	156
	157	%description engines -l pl.UTF-8
	158	Począwszy od OpenSSL-a 0.9.6 został dodany nowy komponent, mający
	159	wspierać alternatywne implementacje kryptografii, przeważnie
	160	współpracujące z zewnętrznymi urządzeniami kryptograficznymi (np.
	161	kartami akceleratorów). Komponent ten jest nazywany SILNIKIEM (ang.
	162	ENGINE).
	163
	164	Obecnie istnieją wbudowane implementacje silników dla następujących
	165	urządzeń kryptograficznych:
	166	- CryptoSwift
	167	- Compaq Atalla
	168	- nCipher CHIL
	169	- Nuron
	170	- Broadcom uBSec
	171
	172	Ponadto zapewnione jest dynamiczne wiązanie dla zewnętrznych
	173	implementacji silników poprzez specjalny silnik o nazwie "dynamic".
	174
	175	%package tools
	176	Summary: OpenSSL command line tool and utilities
	177	Summary(pl.UTF-8): Zestaw narzędzi i skryptów
	178	Group: Applications/Communications
	179	Requires: %{name} = %{version}-%{release}
	180	Requires: which
	181
	182	%description tools
	183	The OpenSSL Toolkit cmdline tool openssl and utility scripts.
	184
	185	%description tools -l pl.UTF-8
	186	Zestaw narzędzi i skryptów wywoływanych z linii poleceń.
	187
	188	%package tools-perl
	189	Summary: OpenSSL utilities written in Perl
	190	Summary(pl.UTF-8): Narzędzia OpenSSL napisane w perlu
	191	Group: Applications/Communications
	192	Requires: %{name} = %{version}-%{release}
	193
	194	%description tools-perl
	195	OpenSSL Toolkit tools written in Perl.
	196
	197	%description tools-perl -l pl.UTF-8
	198	Narzędzia OpenSSL napisane w perlu.
	199
	200	%package devel
	201	Summary: Development part of OpenSSL Toolkit libraries
	202	Summary(de.UTF-8): Secure Sockets Layer Kommunikationslibrary: statische libraries+header
	203	Summary(es.UTF-8): Bibliotecas y archivos de inclusión para desarrollo OpenSSL
	204	Summary(fr.UTF-8): Librairies statiques, headers et utilitaires pour communication SSL
	205	Summary(pl.UTF-8): Część bibiloteki OpenSSL przeznaczona dla programistów
	206	Summary(pt_BR.UTF-8): Bibliotecas e arquivos de inclusão para desenvolvimento OpenSSL
	207	Summary(ru.UTF-8): Библиотеки, хедеры и утилиты для Secure Sockets Layer
	208	Summary(uk.UTF-8): Бібліотеки, хедери та утиліти для Secure Sockets Layer
	209	Group: Development/Libraries
	210	Requires: %{name} = %{version}-%{release}
	211	Obsoletes: libopenssl0-devel
	212
	213	%description devel
	214	Development part of OpenSSL library.
	215
	216	%description devel -l es.UTF-8
	217	Bibliotecas y archivos de inclusión para desarrollo OpenSSL
	218
	219	%description devel -l pl.UTF-8
	220	Część biblioteki OpenSSL przeznaczona dla programistów.
	221
	222	%description devel -l pt_BR.UTF-8
	223	Uma biblioteca C que fornece vários algoritmos e protocolos
	224	criptográficos, incluindo DES, RC4, RSA e SSL. Inclui bibliotecas e
	225	arquivos de inclusão para desenvolvimento.
	226
	227	%description devel -l ru.UTF-8
	228	Программа openssl для работы с сертификатами и разделяемые библиотеки,
	229	которые реализуют множетсво криптографических алгоритмов, включая DES,
	230	RC4, RSA и SSL. Включает библиотеки и хедеры для разработки приложений
	231	с использованием SSL.
	232
	233	%description devel -l uk.UTF-8
	234	Програма openssl для роботи з сертифікатами та бібліотеки спільного
	235	користування, що реалізують велику кількість криптографічних
	236	алгоритмів, включаючи DES, RC4, RSA та SSL. Містить бібліотеки та
	237	хедери для розробки програм з використанням SSL.
	238
	239	%package static
	240	Summary: Static OpenSSL libraries
	241	Summary(pl.UTF-8): Statyczne wersje bibliotek z OpenSSL
	242	Summary(pt_BR.UTF-8): Bibliotecas estáticas para desenvolvimento com openssl
	243	Summary(ru.UTF-8): Статические библиотеки разработчика для OpenSSL
	244	Summary(uk.UTF-8): Статичні бібліотеки програміста для OpenSSL
	245	Group: Development/Libraries
	246	Requires: %{name}-devel = %{version}-%{release}
	247
	248	%description static
	249	Static OpenSSL Toolkit libraries.
	250
	251	%description static -l pl.UTF-8
	252	Statyczne wersje bibliotek z OpenSSL.
	253
	254	%description static -l pt_BR.UTF-8
	255	Bibliotecas estáticas para desenvolvimento com openssl.
	256
	257	%description static -l ru.UTF-8
	258	Программа openssl для работы с сертификатами и разделяемые библиотеки,
	259	которые реализуют множетсво криптографических алгоритмов, включая DES,
	260	RC4, RSA и SSL. Включает статические библиотеки для разработки
	261	приложений с использованием OpenSSL.
	262
	263	%description static -l uk.UTF-8
	264	Програма openssl для роботи з сертифікатами та бібліотеки спільного
	265	користування, що реалізують велику кількість криптографічних
	266	алгоритмів, включаючи DES, RC4, RSA та SSL. Містить статичні
	267	бібліотеки для розробки програм з використанням SSL.
	268
	269	%prep
	270	%if %{with snap}
	271	%setup -qcT -a1
	272	mv %{name}-OpenSSL_1_0_2-stable/* .
	273	%else
	274	%setup -q
	275	%endif
	276	%patch0 -p1
	277	%patch1 -p1
	278	%patch2 -p1
	279	%patch3 -p1
	280	%patch4 -p1
	281	%patch5 -p1
	282	%patch6 -p1
	283	%patch7 -p1
	284	%patch8 -p1
	285	%ifarch x32
	286	%patch10 -p1
	287	%endif
	288
	289	sed -i -e 's\|\$prefix/\$libdir/engines\|/%{_lib}/engines\|g' Configure
	290
	291	%build
	292	touch Makefile.*
	293
	294	%{__perl} util/perlpath.pl %{__perl}
	295
	296	OPTFLAGS="%{rpmcflags} %{rpmcppflags} %{?with_purify:-DPURIFY}" \
	297	PERL="%{__perl}" \
	298	%{__perl} ./Configure \
	299	--openssldir=%{_sysconfdir}/%{name} \
	300	--libdir=%{_lib} \
	301	shared \
	302	threads \
	303	%{!?with_sslv2:no-ssl2} \
	304	%{!?with_sslv3:no-ssl3} \
	305	%{!?with_zlib:no-}zlib \
	306	enable-camelia \
	307	enable-cms \
	308	enable-idea \
	309	enable-md2 \
	310	enable-mdc2 \
	311	enable-rc5 \
	312	enable-rfc3779 \
	313	enable-seed \
	314	enable-tlsext \
	315	%ifarch %{x8664}
	316	enable-ec_nistp_64_gcc_128 \
	317	%endif
	318	%ifarch %{ix86}
	319	%ifarch i386
	320	386 linux-elf
	321	# ^- allow running on 80386 (default code uses bswapl available on i486+)
	322	%else
	323	linux-elf
	324	%endif
	325	%endif
	326	%ifarch alpha
	327	linux-alpha+bwx-gcc
	328	%endif
	329	%ifarch %{x8664}
	330	linux-x86_64
	331	%endif
	332	%ifarch x32
	333	linux-x32
	334	%endif
	335	%ifarch ia64
	336	linux-ia64
	337	%endif
	338	%ifarch ppc
	339	linux-ppc
	340	%endif
	341	%ifarch ppc64
	342	linux-ppc64
	343	%endif
	344	%ifarch sparc
	345	linux-sparcv8
	346	%endif
	347	%ifarch sparcv9
	348	linux-sparcv9
	349	%endif
	350	%ifarch sparc64
	351	linux64-sparcv9
	352	%endif
	353	%ifarch armv4 armv5 armv5t armv5te armv5tel
	354	linux-armv4
	355	%endif
	356
	357	v=$(awk -F= '/^VERSION/{print $2}' Makefile)
	358	test "$v" = %{version}%{?with_snap:-dev}
	359
	360	%{__make} -j1 all rehash %{?with_tests:tests} \
	361	CC="%{__cc}" \
	362	ASFLAG='$(CFLAG) -Wa,--noexecstack' \
	363	INSTALLTOP=%{_prefix}
	364
	365	# Rename POD sources of man pages. "openssl_" prefix is added to each
	366	# manpage to avoid potential conflicts with other packages.
	367
	368	for dir in doc/{apps,ssl,crypto}; do
	369	cd $dir \|\| exit 1;
	370	%{__perl} -pi -e 's/(\W)((?<!openssl_)\w+)(\(\d\))/$1openssl_$2$3/g; s/openssl_openssl/openssl/g;' *.pod;
	371
	372	for pod in !(openssl*).pod; do
	373	mv -f $pod openssl_$pod;
	374	done
	375	cd ../..
	376	done
	377
	378	%install
	379	rm -rf $RPM_BUILD_ROOT
	380	install -d $RPM_BUILD_ROOT{%{_sysconfdir}/%{name},%{_libdir}/%{name}} \
	381	$RPM_BUILD_ROOT{%{_mandir}/{pl/man1,man{1,3,5,7}},%{_datadir}/ssl} \
	382	$RPM_BUILD_ROOT/%{_lib}/engines \
	383	$RPM_BUILD_ROOT%{_pkgconfigdir}
	384
	385	%{__make} -j1 install \
	386	INSTALLTOP=%{_prefix} \
	387	INSTALL_PREFIX=$RPM_BUILD_ROOT \
	388	MANDIR=%{_mandir}
	389
	390	mv -f $RPM_BUILD_ROOT%{_libdir}/engines/* $RPM_BUILD_ROOT/%{_lib}/engines
	391	mv -f $RPM_BUILD_ROOT%{_libdir}/lib.so..* $RPM_BUILD_ROOT/%{_lib}
	392	ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libcrypto..) $RPM_BUILD_ROOT%{_libdir}/libcrypto.so
	393	ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libssl..) $RPM_BUILD_ROOT%{_libdir}/libssl.so
	394
	395	mv -f $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc/* $RPM_BUILD_ROOT%{_libdir}/%{name}
	396	rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc
	397
	398	# not installed as individual utilities (see openssl dgst instead)
	399	%{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/{dss1,md2,md4,md5,mdc2,ripemd160,sha,sha1,sha224,sha256,sha384,sha512}.1
	400
	401	cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_mandir}/pl/man1/openssl.1
	402	install -p %{SOURCE3} $RPM_BUILD_ROOT%{_bindir}/ssl-certificate
	403	install -p %{SOURCE4} $RPM_BUILD_ROOT%{_bindir}/c_rehash.sh
	404
	405	%clean
	406	rm -rf $RPM_BUILD_ROOT
	407
	408	%post -p /sbin/ldconfig
	409	%postun -p /sbin/ldconfig
	410
	411	%triggerpostun -- %{name}-tools < 1.0.0-5
	412	# the hashing format has changed in 1.0.0
	413	[ ! -x %{_sbindir}/update-ca-certificates ] \|\| %{_sbindir}/update-ca-certificates --fresh \|\| :
	414
	415	%triggerpostun -- %{name} < 0.9.8i-2
	416	# don't do anything on --downgrade
	417	if [ $1 -le 1 ]; then
	418	exit 0
	419	fi
	420	if [ -d /var/lib/openssl/certs ] ; then
	421	mv /var/lib/openssl/certs/* %{_sysconfdir}/%{name}/certs 2>/dev/null \|\| :
	422	fi
	423	if [ -d /var/lib/openssl/private ] ; then
	424	mv /var/lib/openssl/private/* %{_sysconfdir}/%{name}/private 2>/dev/null \|\| :
	425	fi
	426	if [ -d /var/lib/openssl ] ; then
	427	for f in /var/lib/openssl/* ; do
	428	[ -f "$f" ] && mv "$f" %{_sysconfdir}/%{name} 2>/dev/null \|\| :
	429	done
	430	rmdir /var/lib/openssl/* 2>/dev/null \|\| :
	431	rmdir /var/lib/openssl 2>/dev/null \|\| :
	432	fi
	433
	434	%files
	435	%defattr(644,root,root,755)
	436	%doc CHANGES CHANGES.SSLeay LICENSE NEWS README doc/*.txt
	437	%attr(755,root,root) /%{_lib}/libcrypto.so...*
	438	%attr(755,root,root) /%{_lib}/libssl.so...*
	439	%dir %{_sysconfdir}/%{name}
	440	%dir %{_sysconfdir}/%{name}/certs
	441	%dir %attr(700,root,root) %{_sysconfdir}/%{name}/private
	442	%dir %{_datadir}/ssl
	443
	444	%files engines
	445	%defattr(644,root,root,755)
	446	%dir /%{_lib}/engines
	447	%attr(755,root,root) /%{_lib}/engines/*.so
	448
	449	%files tools
	450	%defattr(644,root,root,755)
	451	%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/openssl.cnf
	452	%attr(755,root,root) %{_bindir}/c_rehash.sh
	453	%attr(755,root,root) %{_bindir}/openssl
	454	%attr(754,root,root) %{_bindir}/ssl-certificate
	455
	456	%dir %{_libdir}/%{name}
	457	%attr(755,root,root) %{_libdir}/%{name}/CA.sh
	458	%attr(755,root,root) %{_libdir}/%{name}/c_hash
	459	%attr(755,root,root) %{_libdir}/%{name}/c_info
	460	%attr(755,root,root) %{_libdir}/%{name}/c_issuer
	461	%attr(755,root,root) %{_libdir}/%{name}/c_name
	462
	463	%{_mandir}/man1/openssl.1*
	464	%{_mandir}/man1/openssl_asn1parse.1*
	465	%{_mandir}/man1/openssl_ca.1*
	466	%{_mandir}/man1/openssl_ciphers.1*
	467	%{_mandir}/man1/openssl_cms.1*
	468	%{_mandir}/man1/openssl_crl.1*
	469	%{_mandir}/man1/openssl_crl2pkcs7.1*
	470	%{_mandir}/man1/openssl_dgst.1*
	471	%{_mandir}/man1/openssl_dhparam.1*
	472	%{_mandir}/man1/openssl_dsa.1*
	473	%{_mandir}/man1/openssl_dsaparam.1*
	474	%{_mandir}/man1/openssl_ec.1*
	475	%{_mandir}/man1/openssl_ecparam.1*
	476	%{_mandir}/man1/openssl_enc.1*
	477	%{_mandir}/man1/openssl_errstr.1*
	478	%{_mandir}/man1/openssl_gendsa.1*
	479	%{_mandir}/man1/openssl_genpkey.1*
	480	%{_mandir}/man1/openssl_genrsa.1*
	481	%{_mandir}/man1/openssl_nseq.1*
	482	%{_mandir}/man1/openssl_ocsp.1*
	483	%{_mandir}/man1/openssl_passwd.1*
	484	%{_mandir}/man1/openssl_pkcs12.1*
	485	%{_mandir}/man1/openssl_pkcs7.1*
	486	%{_mandir}/man1/openssl_pkcs8.1*
	487	%{_mandir}/man1/openssl_pkey.1*
	488	%{_mandir}/man1/openssl_pkeyparam.1*
	489	%{_mandir}/man1/openssl_pkeyutl.1*
	490	%{_mandir}/man1/openssl_rand.1*
	491	%{_mandir}/man1/openssl_req.1*
	492	%{_mandir}/man1/openssl_rsa.1*
	493	%{_mandir}/man1/openssl_rsautl.1*
	494	%{_mandir}/man1/openssl_s_client.1*
	495	%{_mandir}/man1/openssl_s_server.1*
	496	%{_mandir}/man1/openssl_s_time.1*
	497	%{_mandir}/man1/openssl_sess_id.1*
	498	%{_mandir}/man1/openssl_smime.1*
	499	%{_mandir}/man1/openssl_speed.1*
	500	%{_mandir}/man1/openssl_spkac.1*
	501	%{_mandir}/man1/openssl_ts.1*
	502	%{_mandir}/man1/openssl_tsget.1*
	503	%{_mandir}/man1/openssl_verify.1*
	504	%{_mandir}/man1/openssl_version.1*
	505	%{_mandir}/man1/openssl_x509.1*
	506	%{_mandir}/man5/openssl_config.5*
	507	%{_mandir}/man5/openssl_x509v3_config.5*
	508	%lang(pl) %{_mandir}/pl/man1/openssl.1*
	509
	510	%files tools-perl
	511	%defattr(644,root,root,755)
	512	%attr(755,root,root) %{_bindir}/c_rehash
	513	%attr(755,root,root) %{_libdir}/%{name}/CA.pl
	514	%attr(755,root,root) %{_libdir}/%{name}/tsget
	515	%{_mandir}/man1/openssl_CA.pl.1*
	516	%{_mandir}/man1/openssl_c_rehash.1*
	517
	518	%files devel
	519	%defattr(644,root,root,755)
	520	%attr(755,root,root) %{_libdir}/libcrypto.so
	521	%attr(755,root,root) %{_libdir}/libssl.so
	522	%{_includedir}/%{name}
	523	%{_pkgconfigdir}/libcrypto.pc
	524	%{_pkgconfigdir}/libssl.pc
	525	%{_pkgconfigdir}/openssl.pc
	526	%{_mandir}/man3/openssl.3
	527	%{_mandir}/man7/openssl_des_modes.7*
	528
	529	%files static
	530	%defattr(644,root,root,755)
	531	%{_libdir}/libcrypto.a
	532	%{_libdir}/libssl.a