###############################################################################
# IPFire.org    - An Open Source Firewall Solution                            #
# Copyright (C) - IPFire Development Team <info@ipfire.org>                   #
###############################################################################

name       = openssl
version    = 1.0.1e
release    = 2

maintainer = Michael Tremer <michael.tremer@ipfire.org>
groups     = System/Libraries
url        = http://www.openssl.org/
license    = OpenSSL
summary    = A general purpose cryptography library with TLS implementation.

description
	The OpenSSL toolkit provides support for secure communications between
	machines. OpenSSL includes a certificate management tool and shared
	libraries which provide various cryptographic algorithms and protocols.
end

source_dl  = http://openssl.org/source/

build
	requires
		bc
		gnutls-devel
		perl
		util-linux
		zlib-devel
	end

	CFLAGS += -DPURIFY
	export RPM_OPT_FLAGS = %{CFLAGS}

	prepare_cmds
		sed -e 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' \
			-i crypto/opensslv.h

		find crypto/ -name Makefile -exec \
			sed 's/^ASFLAGS=/&-Wa,--noexecstack /' -i {} \;

		# Modify the various perl scripts to reference perl in the right location.
		perl util/perlpath.pl /usr/bin

		# Generate a table with the compile settings for my perusal.
		touch Makefile
		make TABLE PERL=/usr/bin/perl
	end

	# Set default ssl_arch.
	ssl_arch = linux-%{DISTRO_ARCH}

	if "%{DISTRO_ARCH}" == "i686"
		# 386 implies no-sse2
		ssl_arch = linux-elf no-asm 386
	end

	if "%{DISTRO_ARCH}" == "armv5tel"
		ssl_arch = linux-generic32
	end

	if "%{DISTRO_ARCH}" == "armv7hl"
		ssl_arch = linux-generic32
	end

	build
		./Configure \
			--prefix=/usr \
			--openssldir=/etc/pki/tls \
			--enginesdir=%{libdir}/openssl/engines \
			shared \
			zlib-dynamic \
			enable-camellia \
			enable-md2 \
			enable-seed \
			enable-tlsext \
			enable-rfc3779 \
			no-idea \
			no-mdc2 \
			no-rc5 \
			no-ec no-ec2m no-ecdh no-ecdsa \
			no-srp \
			-DSSL_FORBID_ENULL \
			 %{ssl_arch} \
			fips

		# Build.
		make depend
		make all

		# Generate hashes for the included certs.
		make rehash
	end

	test
		# Revert ca-dir patch. Otherwise the tests will fail.
		patch -Np1 -R < %{DIR_PATCHES}/openssl-1.0.0-beta4-ca-dir.patch

		make test
	end

	install
		make install build-shared INSTALL_PREFIX=%{BUILDROOT}

		# Install manpages do right place
		mkdir -pv %{BUILDROOT}/usr/share
		mv -v %{BUILDROOT}/etc/pki/tls/man %{BUILDROOT}/usr/share/

		mkdir -pv %{BUILDROOT}%{libdir}/openssl
		mv -v %{BUILDROOT}%{libdir}/engines %{BUILDROOT}%{libdir}/openssl

		mkdir -pv %{BUILDROOT}/etc/pki/CA/private
		chmod -v 700 -R %{BUILDROOT}/etc/pki/CA

		mkdir -pv %{BUILDROOT}/etc/pki/tls
		install -m 0644 %{DIR_SOURCE}/openssl.cnf %{BUILDROOT}/etc/pki/tls
		cp -v -r certs %{BUILDROOT}/etc/pki/tls

		# Rename man pages so that they don't conflict with other system man pages.
		pushd %{BUILDROOT}%{mandir}
		for manpage in man*/*; do
			if [ -L ${manpage} ]; then
				TARGET=`ls -l ${manpage} | awk '{ print $NF }'`
				ln -snf ${TARGET}ssl ${manpage}ssl
				rm -f ${manpage}
			else
				mv ${manpage} ${manpage}ssl
			fi
		done
		popd
	end
end

packages
	package %{name}

	package %{name}-libs
		template LIBS

		requires += ca-certificates

		files += %{libdir}/openssl
	end

	package %{name}-devel
		template DEVEL
	end

	package %{name}-debuginfo
		template DEBUGINFO
	end
end