###############################################################################
# IPFire.org    - An Open Source Firewall Solution                            #
# Copyright (C) - IPFire Development Team <info@ipfire.org>                   #
###############################################################################

name       = openssl
version    = 1.0.0e
release    = 3

maintainer = Michael Tremer <michael.tremer@ipfire.org>
groups     = System/Libraries
url        = http://www.openssl.org/
license    = OpenSSL
summary    = A general purpose cryptography library with TLS implementation.

description
	The OpenSSL toolkit provides support for secure communications between
	machines. OpenSSL includes a certificate management tool and shared
	libraries which provide various cryptographic algorithms and protocols.
end

source_dl  = http://openssl.org/source/

build
	requires
		bc
		gnutls-devel
		perl
		util-linux
		zlib-devel
	end

	prepare_cmds
		find crypto/ -name Makefile -exec \
			sed 's/^ASFLAGS=/&-Wa,--noexecstack /' -i {} \;

		# # Modify the various perl scripts to reference perl in the right location.
		perl util/perlpath.pl /usr/bin

		# Generate a table with the compile settings for my perusal.
		touch Makefile
		make TABLE PERL=/usr/bin/perl
	end

	if "%{DISTRO_ARCH}" == "i686"
		# 386 implies no-sse2
		ssl_arch = linux-elf no-asm 386
	end

	if "%{DISTRO_ARCH}" == "armv5tel"
		ssl_arch = linux-generic32
	end

	build
		./Configure \
			--prefix=/usr \
			--openssldir=/etc/pki/tls \
			--enginesdir=/usr/lib/openssl/engines \
			shared \
			zlib-dynamic \
			enable-camellia \
			enable-md2 \
			enable-seed \
			enable-tlsext \
			enable-rfc3779 \
			no-idea \
			no-mdc2 \
			no-rc5 \
			no-ec no-ecdh no-ecdsa \
			-DSSL_FORBID_ENULL \
			 %{ssl_arch}

		# Build.
		make depend all build-shared RPM_OPT_FLAGS="%{CFLAGS}" #%{PARALLELISMFLAGS}

		# Generate hashes for the included certs.
		make rehash build-shared
	end

	test
		make test
	end

	install
		make install build-shared INSTALL_PREFIX=%{BUILDROOT}

		mkdir -pv %{BUILDROOT}/lib
		mv -vf %{BUILDROOT}/usr/lib/lib{crypto,ssl}.so.* %{BUILDROOT}/lib
		ln -svf ../../lib/libcrypto.so.10 %{BUILDROOT}/usr/lib/libcrypto.so
		ln -svf ../../lib/libssl.so.10 %{BUILDROOT}/usr/lib/libssl.so

		# Install manpages do right place
		mkdir -pv %{BUILDROOT}/usr/share
		mv -v %{BUILDROOT}/etc/pki/tls/man %{BUILDROOT}/usr/share/

		mkdir -pv %{BUILDROOT}/usr/lib/openssl
		mv -v %{BUILDROOT}/usr/lib/engines %{BUILDROOT}/usr/lib/openssl

		mkdir -pv %{BUILDROOT}/etc/pki/CA/private
		chmod -v 700 -R %{BUILDROOT}/etc/pki/CA

		mkdir -pv %{BUILDROOT}/etc/pki/tls
		install -m 0644 %{DIR_SOURCE}/openssl.cnf %{BUILDROOT}/etc/pki/tls
		cp -v -r certs %{BUILDROOT}/etc/pki/tls

		# Rename man pages so that they don't conflict with other system man pages.
		pushd ${BUILDROOT}/usr/share/man
		for manpage in man*/*; do
			if [ -L ${manpage} ]; then
				TARGET=`ls -l ${manpage} | awk '{ print $NF }'`
				ln -snf ${TARGET}ssl ${manpage}ssl
				rm -f ${manpage}
			else
				mv ${manpage} ${manpage}ssl
			fi
		done

		mv -v %{BUILDROOT}/usr/share/man/man1/{,ssl}passwd.1
		mv -v %{BUILDROOT}/usr/share/man/man1/{,ssl}rand.1
		popd
	end
end

packages
	package %{name}

	package %{name}-devel
		template DEVEL
	end

	package %{name}-debuginfo
		template DEBUGINFO
	end
end