###############################################################################
name = openssl
-version = 1.0.1
+version = 1.1.0g
release = 1
maintainer = Michael Tremer <michael.tremer@ipfire.org>
build
requires
- bc
- gnutls-devel
+ ca-certificates
+ coreutils
perl
- util-linux
+ perl(Math::BigInt)
+ perl(Module::Load::Conditional)
+ perl(Test::Harness)
+ perl(Test::More)
+ sed
zlib-devel
end
- CFLAGS += -DPURIFY
+ export HASHBANGPERL = %{bindir}/perl
- prepare_cmds
- find crypto/ -name Makefile -exec \
- sed 's/^ASFLAGS=/&-Wa,--noexecstack /' -i {} \;
-
- # Modify the various perl scripts to reference perl in the right location.
- perl util/perlpath.pl /usr/bin
-
- # Generate a table with the compile settings for my perusal.
- touch Makefile
- make TABLE PERL=/usr/bin/perl
- end
+ CFLAGS += -DPURIFY -Wa,--noexecstack
# Set default ssl_arch.
ssl_arch = linux-%{DISTRO_ARCH}
+ if "%{DISTRO_ARCH}" == "x86_64"
+ ssl_arch += enable-ec_nistp_64_gcc_128
+ end
+
if "%{DISTRO_ARCH}" == "i686"
# 386 implies no-sse2
ssl_arch = linux-elf no-asm 386
end
+ if "%{DISTRO_ARCH}" == "aarch64"
+ ssl_arch += enable-ec_nistp_64_gcc_128
+ end
+
if "%{DISTRO_ARCH}" == "armv5tel"
- ssl_arch = linux-generic32
+ ssl_arch = linux-armv4
end
if "%{DISTRO_ARCH}" == "armv7hl"
- ssl_arch = linux-generic32
+ ssl_arch = linux-armv4
end
build
./Configure \
- --prefix=/usr \
- --openssldir=/etc/pki/tls \
- --enginesdir=%{libdir}/openssl/engines \
+ --prefix=%{prefix} \
+ --openssldir=%{sysconfdir}/pki/tls \
shared \
- zlib-dynamic \
+ zlib \
enable-camellia \
- enable-md2 \
enable-seed \
- enable-tlsext \
enable-rfc3779 \
- no-idea \
- no-mdc2 \
+ enable-ssl3 \
+ enable-ssl3-method \
+ no-rc4 \
no-rc5 \
- no-ec no-ecdh no-ecdsa \
- no-srp \
- -DSSL_FORBID_ENULL \
- %{ssl_arch} \
- fips
+ %{ssl_arch} \
+ ${CFLAGS} \
+ ${LDFLAGS}
- # Build.
- make depend all build-shared RPM_OPT_FLAGS="%{CFLAGS}" #%{PARALLELISMFLAGS}
+ util/mkdef.pl crypto update
+ make all
- # Generate hashes for the included certs.
- make rehash build-shared
+ # Clean up the .pc files
+ for i in libcrypto.pc libssl.pc openssl.pc; do
+ sed -i '/^Libs.private:/{s/-L[^ ]* //;s/-Wl[^ ]* //}' $i
+ done
end
test
# Revert ca-dir patch. Otherwise the tests will fail.
- patch -Np1 -R < %{DIR_PATCHES}/openssl-1.0.0-beta4-ca-dir.patch
+ patch -Np1 -R < %{DIR_PATCHES}/openssl-1.1.0-ca-dir.patch
make test
end
install
- make install build-shared INSTALL_PREFIX=%{BUILDROOT}
-
- # Install manpages do right place
- mkdir -pv %{BUILDROOT}/usr/share
- mv -v %{BUILDROOT}/etc/pki/tls/man %{BUILDROOT}/usr/share/
-
- mkdir -pv %{BUILDROOT}%{libdir}/openssl
- mv -v %{BUILDROOT}%{libdir}/engines %{BUILDROOT}%{libdir}/openssl
-
- mkdir -pv %{BUILDROOT}/etc/pki/CA/private
- chmod -v 700 -R %{BUILDROOT}/etc/pki/CA
-
- mkdir -pv %{BUILDROOT}/etc/pki/tls
- install -m 0644 %{DIR_SOURCE}/openssl.cnf %{BUILDROOT}/etc/pki/tls
- cp -v -r certs %{BUILDROOT}/etc/pki/tls
+ make install DESTDIR=%{BUILDROOT}
# Rename man pages so that they don't conflict with other system man pages.
- pushd ${BUILDROOT}/usr/share/man
+ pushd %{BUILDROOT}%{mandir}
+ ln -svf config.5 man5/openssl.cnf.5
for manpage in man*/*; do
- if [ -L ${manpage} ]; then
- TARGET=`ls -l ${manpage} | awk '{ print $NF }'`
- ln -snf ${TARGET}ssl ${manpage}ssl
- rm -f ${manpage}
+ if [ -L "${manpage}" ]; then
+ TARGET=$(ls -l "${manpage}" | awk '{ print $NF }')
+ ln -snf "${TARGET}ssl" "${manpage}ssl"
+ rm -f "${manpage}"
else
mv ${manpage} ${manpage}ssl
fi
done
-
- mv -v %{BUILDROOT}/usr/share/man/man1/{,ssl}passwd.1
- mv -v %{BUILDROOT}/usr/share/man/man1/{,ssl}rand.1
+ for conflict in passwd rand; do
+ rename ${conflict} ssl${conflict} man*/${conflict}*
+ ln -svf ssl${conflict}.1ssl %{BUILDROOT}%{mandir}/man1/openssl-${conflict}.1ssl
+ done
popd
+
+ # Remove dist config
+ rm -vf %{BUILDROOT}%{sysconfdir}/pki/tls/openssl.cnf.dist
+
+ # Move executable stuff to %{bindir}
+ mv -v %{BUILDROOT}%{sysconfdir}/pki/tls/misc/{CA.pl,tsget} %{BUILDROOT}%{bindir}
end
end
packages
package %{name}
+ requires += %{name}-libs = %{thisver}
+ end
package %{name}-libs
template LIBS
requires += ca-certificates
- provides += libcrypto.so.10(libcrypto.so.10)
- provides += libssl.so.10(libssl.so.10)
+ conflicts += %{name} < %{thisver}
+
+ files += %{libdir}/openssl %{libdir}/engines*
end
package %{name}-devel