4 BuildRequires: pkg-config
5 BuildRequires: zlib-devel
6 %define ssletcdir %{_sysconfdir}/ssl
7 %define num_version 1.0.0
11 Summary: Secure Sockets and Transport Layer Security
13 Group: Security/Crypto Libraries
14 Url: http://www.openssl.org/
15 Source: http://www.%{name}.org/source/%{name}-%{version}.tar.gz
16 # to get mtime of file:
17 Source1: openssl.changes
18 Source2: baselibs.conf
21 The OpenSSL Project is a collaborative effort to develop a robust,
22 commercial-grade, full-featured, and open source toolkit implementing
23 the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
24 v1) protocols with full-strength cryptography. The project is managed
25 by a worldwide community of volunteers that use the Internet to
26 communicate, plan, and develop the OpenSSL toolkit and its related
29 Derivation and License
31 OpenSSL is based on the excellent SSLeay library developed by Eric A.
32 Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
33 Apache-style license, which basically means that you are free to get it
34 and to use it for commercial and noncommercial purposes.
36 %package -n libopenssl
37 Summary: Secure Sockets and Transport Layer Security
38 Group: Security/Crypto Libraries
40 %description -n libopenssl
41 The OpenSSL Project is a collaborative effort to develop a robust,
42 commercial-grade, full-featured, and open source toolkit implementing
43 the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
44 v1) protocols with full-strength cryptography. The project is managed
45 by a worldwide community of volunteers that use the Internet to
46 communicate, plan, and develop the OpenSSL toolkit and its related
49 Derivation and License
51 OpenSSL is based on the excellent SSLeay library developed by Eric A.
52 Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
53 Apache-style license, which basically means that you are free to get it
54 and to use it for commercial and noncommercial purposes.
57 %package -n libopenssl-devel
58 Summary: Include Files and Libraries mandatory for Development
59 Group: Development/Libraries
60 Obsoletes: openssl-devel < %{version}
61 Requires: %name = %version
62 Requires: libopenssl = %{version}
64 Provides: openssl-devel = %{version}
66 %description -n libopenssl-devel
67 This package contains all necessary include files and libraries needed
68 to develop applications that require these.
71 Summary: Additional Package Documentation
72 Group: Security/Crypto Libraries
76 This package contains optional documentation provided in addition to
77 this package's base documentation.
82 echo "adding/overwriting some entries in the 'table' hash in Configure"
83 # $dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags
84 export DSO_SCHEME='dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::'
85 cat <<EOF_ED | ed -s Configure
90 # local configuration added from specfile
91 # ... MOST of those are now correct in openssl's Configure already,
92 # so only add them for new ports!
94 #config-string, $cc:$cflags:$unistd:$thread_cflag:$sys_id:$lflags:$bn_ops:$cpuid_obj:$bn_obj:$des_obj:$aes_obj:$bf_obj:$md5_obj:$sha1_obj:$cast_obj:$rc4_obj:$rmd160_obj:$rc5_obj:$wp_obj:$cmll_obj:$dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags:$multilib
95 #"linux-elf", "gcc:-DL_ENDIAN ::-D_REENTRANT::-ldl:BN_LLONG \${x86_gcc_des} \${x86_gcc_opts}:\${x86_elf_asm}:$DSO_SCHEME:",
96 #"linux-ia64", "gcc:-DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:\${ia64_asm}: $DSO_SCHEME:",
97 #"linux-ppc", "gcc:-DB_ENDIAN ::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:\${no_asm}: $DSO_SCHEME:",
98 #"linux-ppc64", "gcc:-DB_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL SIXTY_FOUR_BIT_LONG:\${no_asm}: $DSO_SCHEME:64",
99 "linux-elf-arm","gcc:-DL_ENDIAN ::-D_REENTRANT::-ldl:BN_LLONG:\${no_asm}: $DSO_SCHEME:",
100 "linux-mips", "gcc:-DB_ENDIAN ::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:\${no_asm}: $DSO_SCHEME:",
101 "linux-sparcv7","gcc:-DB_ENDIAN ::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:\${no_asm}: $DSO_SCHEME:",
102 #"linux-sparcv8","gcc:-DB_ENDIAN -DBN_DIV2W -mv8 ::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::asm/sparcv8.o::::::::::::: $DSO_SCHEME:",
103 #"linux-x86_64", "gcc:-DL_ENDIAN -DNO_ASM -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG:\${no_asm}: $DSO_SCHEME:64",
104 #"linux-s390", "gcc:-DB_ENDIAN ::(unknown): :-ldl:BN_LLONG:\${no_asm}: $DSO_SCHEME:",
105 #"linux-s390x", "gcc:-DB_ENDIAN -DNO_ASM -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG:\${no_asm}: $DSO_SCHEME:64",
106 "linux-parisc", "gcc:-DB_ENDIAN ::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR DES_PTR DES_UNROLL DES_RISC1:\${no_asm}: $DSO_SCHEME:",
110 # fix ENGINESDIR path
111 sed -i 's,/lib/engines,/%_lib/engines,' Configure
112 # Record mtime of changes file instead of build time
113 CHANGES=`stat --format="%y" %SOURCE1`
114 sed -i -e "s|#define DATE \(.*\).LC_ALL.*date.|#define DATE \1$CHANGES|" crypto/Makefile
117 RPM_OPT_FLAGS=$(echo $RPM_OPT_FLAGS | sed -s "s/--param=ssp-buffer-size=32//g")
120 ./config --test-sanity
122 config_flags="threads shared no-rc5 no-idea \
123 enable-camellia enable-md2 \
125 --prefix=%{_prefix} \
127 --openssldir=%{ssletcdir} \
128 $RPM_OPT_FLAGS -std=gnu99 \
130 -fomit-frame-pointer \
135 $(getconf LFS_CFLAGS) \
139 #%{!?do_profiling:%define do_profiling 0}
141 # # generate feedback
142 # ./config $config_flags
143 # make depend CC="gcc %cflags_profile_generate"
144 # make CC="gcc %cflags_profile_generate"
145 # LD_LIBRARY_PATH=`pwd` make rehash CC="gcc %cflags_profile_generate"
146 # LD_LIBRARY_PATH=`pwd` make test CC="gcc %cflags_profile_generate"
147 # LD_LIBRARY_PATH=`pwd` apps/openssl speed
149 # # compile with feedback
150 # # but not if it makes a cipher slower:
151 # #find crypto/aes -name '*.da' | xargs -r rm
152 # ./config $config_flags %cflags_profile_feedback
155 # LD_LIBRARY_PATH=`pwd` make rehash
156 # LD_LIBRARY_PATH=`pwd` make test
158 # OpenSSL relies on uname -m (not good). Thus that little sparc line.
163 LD_LIBRARY_PATH=`pwd` make rehash
164 #LD_LIBRARY_PATH=`pwd` make test
169 eval $(egrep PLATFORM='[[:alnum:]]' Makefile)
170 grep -B1 -A22 "^\*\*\* $PLATFORM$" TABLE
173 rm -rf $RPM_BUILD_ROOT
174 make MANDIR=%{_mandir} INSTALL_PREFIX=$RPM_BUILD_ROOT install
175 install -d -m755 $RPM_BUILD_ROOT%{ssletcdir}/certs
176 ln -sf ./%{name} $RPM_BUILD_ROOT/%{_includedir}/ssl
177 mkdir $RPM_BUILD_ROOT/%{_datadir}/ssl
178 mv $RPM_BUILD_ROOT/%{ssletcdir}/misc $RPM_BUILD_ROOT/%{_datadir}/ssl/
179 # ln -s %{ssletcdir}/certs $RPM_BUILD_ROOT/%{_datadir}/ssl/certs
180 # ln -s %{ssletcdir}/private $RPM_BUILD_ROOT/%{_datadir}/ssl/private
181 # ln -s %{ssletcdir}/openssl.cnf $RPM_BUILD_ROOT/%{_datadir}/ssl/openssl.cnf
184 # avoid file conflicts with man pages from other packages
186 pushd $RPM_BUILD_ROOT/%{_mandir}
187 # some man pages now contain spaces. This makes several scripts go havoc, among them /usr/sbin/Check.
188 # replace spaces by underscores
189 #for i in man?/*\ *; do mv -v "$i" "${i// /_}"; done
190 which readlink &>/dev/null || function readlink { ( set +x; target=$(file $1 2>/dev/null); target=${target//* }; test -f $target && echo $target; ) }
195 ln -sf ${LDEST}ssl ${i}ssl
199 case `basename ${i%.*}` in
200 asn1parse|ca|config|crl|crl2pkcs7|crypto|dgst|dhparam|dsa|dsaparam|enc|gendsa|genrsa|nseq|openssl|passwd|pkcs12|pkcs7|pkcs8|rand|req|rsa|rsautl|s_client|s_server|smime|spkac|ssl|verify|version|x509)
201 # these are the pages mentioned in openssl(1). They go into the main package.
202 echo %doc %{_mandir}/${i}ssl.gz >> $OLDPWD/filelist;;
204 # the rest goes into the openssl-doc package.
205 echo %doc %{_mandir}/${i}ssl.gz >> $OLDPWD/filelist.doc;;
210 # check wether some shared library has been installed
212 ls -l $RPM_BUILD_ROOT%{_libdir}
213 test -f $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{num_version}
214 test -f $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{num_version}
215 test -L $RPM_BUILD_ROOT%{_libdir}/libssl.so
216 test -L $RPM_BUILD_ROOT%{_libdir}/libcrypto.so
220 cat > showciphers.c <<EOF
221 #include <openssl/err.h>
222 #include <openssl/ssl.h>
228 meth = SSLv23_client_method();
229 SSLeay_add_ssl_algorithms();
230 ctx = SSL_CTX_new(meth);
231 if (ctx == NULL) return 0;
237 sc = (meth->get_cipher)(i);
239 k = SSL_CIPHER_get_bits(sc, &j);
240 printf("%s\n", sc->name);
245 gcc $RPM_OPT_FLAGS -I${RPM_BUILD_ROOT}%{_includedir} -c showciphers.c
246 gcc -o showciphers showciphers.o -L${RPM_BUILD_ROOT}%{_libdir} -lssl -lcrypto
247 LD_LIBRARY_PATH=${RPM_BUILD_ROOT}%{_libdir} ./showciphers > AVAILABLE_CIPHERS || true
248 cat AVAILABLE_CIPHERS
249 # Do not install demo scripts executable under /usr/share/doc
250 find demos -type f -perm /111 -exec chmod 644 {} \;
253 mkdir $RPM_BUILD_ROOT/%{_lib}
254 mv $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{num_version} $RPM_BUILD_ROOT/%{_lib}/
255 mv $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{num_version} $RPM_BUILD_ROOT/%{_lib}/
256 mv $RPM_BUILD_ROOT%{_libdir}/engines $RPM_BUILD_ROOT/%{_lib}/
257 cd $RPM_BUILD_ROOT%{_libdir}/
258 ln -sf /%{_lib}/libssl.so.%{num_version} ./libssl.so
259 ln -sf /%{_lib}/libcrypto.so.%{num_version} ./libcrypto.so
264 %post -n libopenssl -p /sbin/ldconfig
266 %postun -n libopenssl -p /sbin/ldconfig
269 %defattr(-, root, root)
271 /%{_lib}/libssl.so.%{num_version}
272 /%{_lib}/libcrypto.so.%{num_version}
275 %files -n libopenssl-devel
276 %defattr(-, root, root)
277 %{_includedir}/%{name}/
279 %exclude %{_libdir}/libcrypto.a
280 %exclude %{_libdir}/libssl.a
282 %{_libdir}/libcrypto.so
283 %_libdir/pkgconfig/libcrypto.pc
284 %_libdir/pkgconfig/libssl.pc
285 %_libdir/pkgconfig/openssl.pc
287 %files doc -f filelist.doc
288 %defattr(-, root, root)
293 %defattr(-, root, root)
296 %dir %{ssletcdir}/certs
297 %config (noreplace) %{ssletcdir}/openssl.cnf
298 %attr(700,root,root) %{ssletcdir}/private