#
# Conditional build:
-%bcond_without dane # libdane (DANE with DNSSEC certificate verification)
-%bcond_without tpm # TPM support in gnutls
-#
+%bcond_without dane # libdane (DANE with DNSSEC certificate verification)
+%bcond_without openssl # libgnutls-openssl compatibility library
+%bcond_without tpm # TPM support in gnutls
+%bcond_without tpm2 # TPM2 support in gnutls
+%bcond_without static_libs # static libraries
+%bcond_without doc # do not generate documentation
+%bcond_without guile # Guile binding
+%bcond_with af_alg # Linux kernel AF_ALG based acceleration
+%bcond_with ktls # Kernel TLS support
+
Summary: The GNU Transport Layer Security Library
Summary(pl.UTF-8): Biblioteka GNU TLS (Transport Layer Security)
Name: gnutls
-Version: 3.2.19
+Version: 3.7.8
Release: 1
License: LGPL v2.1+ (libgnutls), LGPL v3+ (libdane), GPL v3+ (openssl library and tools)
Group: Libraries
-Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/%{name}-%{version}.tar.lz
-# Source0-md5: dded6aa04f5978d0a98ce1ad6b470e41
+Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.7/%{name}-%{version}.tar.xz
+# Source0-md5: c7b749bae243c341e6be717baf7ffbad
Patch0: %{name}-info.patch
Patch1: %{name}-link.patch
-URL: http://www.gnutls.org/
-BuildRequires: autoconf >= 2.61
+Patch2: %{name}-pl.po-update.patch
+URL: https://www.gnutls.org/
+BuildRequires: autoconf >= 2.63
BuildRequires: automake >= 1:1.12.2
-BuildRequires: gettext-devel >= 0.18
-BuildRequires: gtk-doc >= 1.1
-BuildRequires: guile-devel >= 5:2.0
-BuildRequires: libcfg+-devel
-BuildRequires: libidn-devel
+BuildRequires: gcc >= 5:3.2
+BuildRequires: gettext-tools >= 0.19
+BuildRequires: gmp-devel
+%{?with_doc:BuildRequires: gtk-doc >= 1.14}
+%{?with_guile:BuildRequires: guile-devel >= 5:3.0}
+BuildRequires: libidn2-devel >= 2.0.0
+BuildRequires: libbrotli-devel >= 1.0.0
+%{?with_af_alg:BuildRequires: libkcapi-devel >= 1.3.0}
BuildRequires: libstdc++-devel
-BuildRequires: libtasn1-devel >= 2.14
-BuildRequires: libtool >= 2:1.5
-BuildRequires: lzip
-BuildRequires: nettle-devel >= 2.7
+BuildRequires: libtasn1-devel >= 4.11
+BuildRequires: libunistring-devel
+BuildRequires: libtool >= 2:2
+%{?with_ktls:BuildRequires: linux-libc-headers >= 7:4.13}
+BuildRequires: nettle-devel >= 3.6
# miniopencdk is included in sources and currently maintained
# as part of gnutls, not external package
#BuildRequires: opencdk-devel >= 0.6.6
-BuildRequires: p11-kit-devel >= 0.20.0
+BuildRequires: p11-kit-devel >= 0.23.1
BuildRequires: pkgconfig
BuildRequires: readline-devel
-BuildRequires: rpmbuild(macros) >= 1.383
+BuildRequires: rpmbuild(macros) >= 1.527
BuildRequires: sed >= 4.0
BuildRequires: tar >= 1:1.22
-BuildRequires: texinfo >= 4.8
+%{?with_doc:BuildRequires: texinfo >= 4.8}
+%{?with_tpm2:BuildRequires: tpm2-tss-devel}
%{?with_tpm:BuildRequires: trousers-devel >= 0.3.11}
%{?with_dane:BuildRequires: unbound-devel}
+BuildRequires: xz
BuildRequires: zlib-devel
+BuildRequires: zstd-devel >= 1.3.0
Requires: %{name}-libs = %{version}-%{release}
%{?with_dane:Requires: %{name}-dane = %{version}-%{release}}
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
+%define _noautostrip .*\.go
+
%description
GnuTLS is a project that aims to develop a library which provides a
secure layer, over a reliable transport layer (ie. TCP/IP). Currently
Summary: GnuTLS shared libraries
Summary(pl.UTF-8): Biblioteki współdzielone GnuTLS
Group: Libraries
-Requires: libtasn1 >= 2.14
-Requires: nettle >= 2.7
+Requires: libbrotli >= 1.0.0
+Requires: libidn2 >= 2.0.0
+%{?with_af_alg:Requires: libkcapi >= 1.3.0}
+Requires: libtasn1 >= 4.11
+Requires: nettle >= 3.6
#Requires: opencdk >= 0.6.6
-Requires: p11-kit >= 0.20.0
-%{?with_tpm:Requires: trousers-libs >= 0.3.11}
+Requires: p11-kit >= 0.23.1
+Requires: zstd >= 1.3.0
+# dlopened libtss2-*
+%{?with_tpm2:Suggests: tpm2-tss}
+# dlopened libtspi
+%{?with_tpm:Suggests: trousers-libs >= 0.3.11}
Conflicts: gnutls < 3.2.0
%description libs
License: LGPL v2.1+ (libgnutls), GPL v3+ (openssl library)
Group: Development/Libraries
Requires: %{name}-libs = %{version}-%{release}
-Requires: libtasn1-devel >= 2.14
-Requires: nettle-devel >= 2.7
+Requires: gmp-devel
+Requires: libbrotli-devel >= 1.0.0
+Requires: libidn2-devel
+Requires: libtasn1-devel >= 4.11
+Requires: libunistring-devel
+Requires: nettle-devel >= 3.6
#Requires: opencdk-devel >= 0.6.6
-Requires: p11-kit-devel >= 0.20.0
+Requires: p11-kit-devel >= 0.23.1
%{?with_tpm:Requires: trousers-devel >= 0.3.11}
Requires: zlib-devel
+Requires: zstd-devel >= 1.3.0
%description devel
Header files etc to develop gnutls applications.
%description dane-static -l pl.UTF-8
Statyczna biblioteka bezpieczeństwa DANE.
+%package openssl
+Summary: OpenSSL compatibility library for GnuTLS
+Summary(pl.UTF-8): Biblioteka zgodności z OpenSSL dla GnuTLS
+Group: Libraries
+Requires: %{name}-libs = %{version}-%{release}
+
+%description openssl
+OpenSSL compatibility library for GnuTLS.
+
+%description openssl -l pl.UTF-8
+Biblioteka zgodności z OpenSSL dla GnuTLS.
+
+%package openssl-devel
+Summary: Header file for gnutls-openssl library
+Summary(pl.UTF-8): Plik nagłówkowy biblioteki gnutls-openssl
+Group: Development/Libraries
+Requires: %{name}-devel = %{version}-%{release}
+Requires: %{name}-openssl = %{version}-%{release}
+
+%description openssl-devel
+Header file for gnutls-openssl library.
+
+%description openssl-devel -l pl.UTF-8
+Plik nagłówkowy biblioteki gnutls-openssl.
+
+%package openssl-static
+Summary: Static gnutls-openssl library
+Summary(pl.UTF-8): Statyczna biblioteka gnutls-openssl
+Group: Development/Libraries
+Requires: %{name}-openssl-devel = %{version}-%{release}
+
+%description openssl-static
+Static gnutls-openssl library.
+
+%description openssl-static -l pl.UTF-8
+Statyczna biblioteka gnutls-openssl.
+
%package -n guile-gnutls
Summary: Guile bindings for GnuTLS
Summary(pl.UTF-8): Wiązania Guile do GnuTLS
License: LGPL v2.1+
Group: Development/Languages
Requires: %{name}-libs = %{version}-%{release}
-Requires: guile >= 5:2.0
+Requires: guile >= 5:3.0
%description -n guile-gnutls
Guile bindings for GnuTLS.
%setup -q
%patch0 -p1
%patch1 -p1
+%patch2 -p1
%{__rm} po/stamp-po
%build
%{__libtoolize}
-%{__aclocal} -I m4 -I gl/m4 -I src/libopts/m4 -I src/gl/m4
+%{__aclocal} -I m4 -I src/gl/m4 -I lib/unistring/m4
%{__autoconf}
%{__autoheader}
%{__automake}
%configure \
+ %{?with_af_alg:--enable-afalg} \
+ %{!?with_doc:--disable-doc} \
+ %{!?with_guile:--disable-guile} \
+ %{__enable_disable ktls} \
+ %{?with_openssl:--enable-openssl-compatibility} \
--disable-silent-rules \
- --enable-heartbeat-support \
+ %{?with_static_libs:--enable-static} \
--with-default-trust-store-file=/etc/certs/ca-certificates.crt \
- %{!?with_tpm:--without-tpm}
+ %{!?with_tpm:--without-tpm} \
+ %{__with_without tpm2} \
+ --with-trousers-lib=%{_libdir}/libtspi.so.1
-# docs build is broken with -jN
-%{__make} -j1
+%{__make}
%install
rm -rf $RPM_BUILD_ROOT
# although libgnutls.la is obsoleted by pkg-config, there is
# .pc file missing for libgnutls-openssl, and it needs libgnutls.la
+%if %{with guile}
# guile module - dynamic only
-%{__rm} $RPM_BUILD_ROOT%{_libdir}/guile/2.0/guile-gnutls-*.{la,a}
+%{__rm} $RPM_BUILD_ROOT%{_libdir}/guile/3.*/extensions/guile-gnutls-*.la
+%if %{with static_libs}
+%{__rm} $RPM_BUILD_ROOT%{_libdir}/guile/3.*/extensions/guile-gnutls-*.a
+%endif
+%endif
+
+# images for (not installed) htmlized infos - already packaged with infos
+%if %{with doc}
+%{__rm} $RPM_BUILD_ROOT%{_docdir}/gnutls/*.png
+%endif
-rm -f $RPM_BUILD_ROOT%{_infodir}/dir
+%{__rm} -f $RPM_BUILD_ROOT%{_infodir}/dir
%find_lang %{name}
%post c++ -p /sbin/ldconfig
%postun c++ -p /sbin/ldconfig
+%post dane -p /sbin/ldconfig
+%postun dane -p /sbin/ldconfig
+
+%post openssl -p /sbin/ldconfig
+%postun openssl -p /sbin/ldconfig
+
%post -n guile-gnutls -p /sbin/ldconfig
%postun -n guile-gnutls -p /sbin/ldconfig
%files -f %{name}.lang
%defattr(644,root,root,755)
-%doc AUTHORS ChangeLog NEWS README THANKS
+%doc AUTHORS ChangeLog NEWS README.md THANKS
%attr(755,root,root) %{_bindir}/certtool
-%attr(755,root,root) %{_bindir}/crywrap
%attr(755,root,root) %{_bindir}/gnutls-*
%attr(755,root,root) %{_bindir}/ocsptool
%attr(755,root,root) %{_bindir}/p11tool
%attr(755,root,root) %{_bindir}/psktool
%attr(755,root,root) %{_bindir}/srptool
%{?with_tpm:%attr(755,root,root) %{_bindir}/tpmtool}
+%if %{with doc}
%{_mandir}/man1/certtool.1*
%{_mandir}/man1/gnutls-*.1*
%{_mandir}/man1/ocsptool.1*
%{_infodir}/gnutls.info*
%{_infodir}/gnutls-*.png
%{_infodir}/pkcs11-vision.png
+%endif
%files libs
%defattr(644,root,root,755)
%attr(755,root,root) %{_libdir}/libgnutls.so.*.*.*
-%attr(755,root,root) %ghost %{_libdir}/libgnutls.so.28
-%attr(755,root,root) %{_libdir}/libgnutls-openssl.so.*.*.*
-%attr(755,root,root) %ghost %{_libdir}/libgnutls-openssl.so.27
-%attr(755,root,root) %{_libdir}/libgnutls-xssl.so.*.*.*
-%attr(755,root,root) %ghost %{_libdir}/libgnutls-xssl.so.0
+%attr(755,root,root) %ghost %{_libdir}/libgnutls.so.30
%files devel
%defattr(644,root,root,755)
%attr(755,root,root) %{_libdir}/libgnutls.so
-%attr(755,root,root) %{_libdir}/libgnutls-openssl.so
-%attr(755,root,root) %{_libdir}/libgnutls-xssl.so
%{_libdir}/libgnutls.la
-%{_libdir}/libgnutls-openssl.la
-%{_libdir}/libgnutls-xssl.la
%{_includedir}/gnutls
%{?with_dane:%exclude %{_includedir}/gnutls/dane.h}
%exclude %{_includedir}/gnutls/gnutlsxx.h
+%{?with_openssl:%exclude %{_includedir}/gnutls/openssl.h}
%{_pkgconfigdir}/gnutls.pc
-%{_mandir}/man3/gnutls_*.3*
-%{_mandir}/man3/xssl_*.3*
+%{?with_doc:%{_mandir}/man3/gnutls_*.3*}
+%if %{with static_libs}
%files static
%defattr(644,root,root,755)
%{_libdir}/libgnutls.a
-%{_libdir}/libgnutls-openssl.a
-%{_libdir}/libgnutls-xssl.a
+%endif
%files c++
%defattr(644,root,root,755)
%attr(755,root,root) %{_libdir}/libgnutlsxx.so.*.*.*
-%attr(755,root,root) %ghost %{_libdir}/libgnutlsxx.so.28
+%attr(755,root,root) %ghost %{_libdir}/libgnutlsxx.so.30
%files c++-devel
%defattr(644,root,root,755)
%{_libdir}/libgnutlsxx.la
%{_includedir}/gnutls/gnutlsxx.h
+%if %{with static_libs}
%files c++-static
%defattr(644,root,root,755)
%{_libdir}/libgnutlsxx.a
+%endif
%if %{with dane}
%files dane
%attr(755,root,root) %{_bindir}/danetool
%attr(755,root,root) %{_libdir}/libgnutls-dane.so.*.*.*
%attr(755,root,root) %ghost %{_libdir}/libgnutls-dane.so.0
-%{_mandir}/man1/danetool.1*
+%{?with_doc:%{_mandir}/man1/danetool.1*}
%files dane-devel
%defattr(644,root,root,755)
%{_libdir}/libgnutls-dane.la
%{_includedir}/gnutls/dane.h
%{_pkgconfigdir}/gnutls-dane.pc
+%if %{with doc}
+%{_mandir}/man3/dane_*.3*
+%endif
+%if %{with static_libs}
%files dane-static
%defattr(644,root,root,755)
%{_libdir}/libgnutls-dane.a
%endif
+%endif
+
+%if %{with openssl}
+%files openssl
+%defattr(644,root,root,755)
+%attr(755,root,root) %{_libdir}/libgnutls-openssl.so.*.*.*
+%attr(755,root,root) %ghost %{_libdir}/libgnutls-openssl.so.27
+
+%files openssl-devel
+%defattr(644,root,root,755)
+%attr(755,root,root) %{_libdir}/libgnutls-openssl.so
+%{_libdir}/libgnutls-openssl.la
+%{_includedir}/gnutls/openssl.h
+
+%if %{with static_libs}
+%files openssl-static
+%defattr(644,root,root,755)
+%{_libdir}/libgnutls-openssl.a
+%endif
+%endif
+%if %{with guile}
%files -n guile-gnutls
%defattr(644,root,root,755)
-%attr(755,root,root) %{_libdir}/guile/2.0/guile-gnutls-v-2.so*
-%{_datadir}/guile/site/gnutls.scm
-%{_datadir}/guile/site/gnutls
+%attr(755,root,root) %{_libdir}/guile/3.*/extensions/guile-gnutls-v-2.so*
+%{_libdir}/guile/3.*/site-ccache/gnutls.go
+%{_libdir}/guile/3.*/site-ccache/gnutls
+%{_datadir}/guile/site/3.*/gnutls.scm
+%{_datadir}/guile/site/3.*/gnutls
+%if %{with doc}
%{_infodir}/gnutls-guile.info*
+%endif
+%endif