saltbundle/saltbundle-openssl-sle12
SHA256
7
0
Fork 1
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
bundle
saltbundle-openssl-sle12/saltbundle-openssl.spec

640 lines
22 KiB
RPMSpec
Raw Permalink Blame History

#
# spec file for package saltbundle-openssl
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define cavs_dir %{_libexecdir}/openssl/cavs
Name: saltbundle-openssl
BuildRequires: bc
BuildRequires: ed
BuildRequires: pkg-config
BuildRequires: zlib-devel
%define ssletcdir %{_sysconfdir}/ssl
#%define num_version %(echo "%{version}" | sed -e "s+[a-zA-Z]++g; s+_.*++g")
%define num_version 1.0.0
# bug437293
%define _rname openssl
Version: 1.0.2p
Release: 0
Summary: Secure Sockets and Transport Layer Security
License: OpenSSL
Group: Productivity/Networking/Security
URL: https://www.openssl.org/
Source: https://www.openssl.org/source/openssl-%{version}.tar.gz
Source42: https://www.openssl.org/source/openssl-%{version}.tar.gz.asc
# https://www.openssl.org/about/
# http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xA2D29B7BF295C759#/%name.keyring
Source43: %name.keyring
# to get mtime of file:
Source1: saltbundle-openssl.changes
Source10: README.SUSE
Source11: README-FIPS.txt
Source99: showciphers.c
Patch0: merge_from_0.9.8k.patch
Patch1: openssl-1.0.0-c_rehash-compat.diff
Patch2: openssl-engines-path.patch
Patch4: openssl-1.0.2a-padlock64.patch
# PATCH-FIX-UPSTREAM http://rt.openssl.org/Ticket/Attachment/WithHeaders/20049
Patch5: openssl-fix-pod-syntax.diff
Patch6: openssl-truststore.patch
Patch7: compression_methods_switch.patch
Patch9: openssl-1.0.2a-default-paths.patch
Patch10: openssl-pkgconfig.patch
Patch13: openssl-1.0.2a-ipv6-apps.patch
# FIPS patches:
Patch15: openssl-1.0.2i-fips.patch
Patch16: openssl-1.0.2a-fips-ec.patch
Patch17: openssl-1.0.2a-fips-ctor.patch
Patch18: openssl-1.0.2i-new-fips-reqs.patch
Patch19: openssl-gcc-attributes.patch
Patch26: 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch
Patch33: openssl-no-egd.patch
Patch34: openssl-fips-hidden.patch
Patch35: openssl-1.0.1e-add-suse-default-cipher.patch
Patch37: openssl-1.0.1e-add-test-suse-default-cipher-suite.patch
Patch38: openssl-missing_FIPS_ec_group_new_by_curve_name.patch
# FIPS patches from SLE-12
Patch41: openssl-fips-dont_run_FIPS_module_installed.patch
Patch50: openssl-fips_disallow_x931_rand_method.patch
Patch51: openssl-fips_disallow_ENGINE_loading.patch
Patch53: openssl-rsakeygen-minimum-distance.patch
Patch54: openssl-urandom-reseeding.patch
Patch55: openssl-fips-rsagen-d-bits.patch
Patch56: openssl-fips-selftests_in_nonfips_mode.patch
Patch57: openssl-fips-fix-odd-rsakeybits.patch
Patch58: openssl-fips-clearerror.patch
Patch59: openssl-fips-dont-fall-back-to-default-digest.patch
Patch61: openssl-fipslocking.patch
Patch63: openssl-randfile_fread_interrupt.patch
Patch70: openssl-fips-xts_nonidentical_key_parts.patch
Patch71: openssl-fips_add_cavs_tests.patch
Patch73: openssl-fips-OPENSSL_s390xcap.patch
Patch74: openssl-fips_cavs_helpers_run_in_fips_mode.patch
Patch75: openssl-fips_cavs_pad_with_zeroes.patch
Patch76: openssl-fips_cavs_aes_keywrap.patch
Patch77: openssl-fips-run_selftests_only_when_module_is_complete.patch
Patch78: 0001-Set-FIPS-thread-id-callback.patch
Patch79: openssl-CVE-2018-0737-fips.patch
Patch80: openssl-One_and_Done.patch
Patch92: 0001-DSA-Check-for-sanity-of-input-parameters.patch
# OpenSSL Security Advisory [30 October 2018]
Patch95: openssl-CVE-2018-0734.patch
Patch96: 0001-Merge-to-1.0.2-DSA-mod-inverse-fix.patch
Patch97: 0001-Add-a-constant-time-flag-to-one-of-the-bignums-to-av.patch
Patch98: openssl-CVE-2018-5407-PortSmash.patch
Patch99: openssl-record_msg_callback.patch
# OpenSSL Security Advisory [26 February 2019]
Patch100: openssl-CVE-2019-1559.patch
# The 9 Lives of Bleichenbacher's CAT - vulnerability #7739
# https://github.com/openssl/openssl/pull/6942
Patch101: 0001-crypto-bn-add-more-fixed-top-routines.patch
Patch102: 0002-rsa-rsa_eay.c-implement-variant-of-Smooth-CRT-RSA.patch
Patch103: 0003-bn-bn_blind.c-use-Montgomery-multiplication-when-pos.patch
Patch104: 0004-bn-bn_lib.c-conceal-even-memmory-access-pattern-in-b.patch
# https://github.com/openssl/openssl/pull/7737
Patch105: 0005-err-err.c-add-err_clear_last_constant_time.patch
Patch106: 0006-rsa-rsa_eay.c-make-RSAerr-call-in-rsa_ossl_private_d.patch
Patch107: 0007-rsa-rsa_pk1.c-remove-memcpy-calls-from-RSA_padding_c.patch
Patch108: 0008-rsa-rsa_oaep.c-remove-memcpy-calls-from-RSA_padding_.patch
Patch109: 0009-rsa-rsa_ssl.c-make-RSA_padding_check_SSLv23-constant.patch
# OpenSSL Security Advisory [10 September 2019]
Patch110: openssl-CVE-2019-1547.patch
Patch111: openssl-CVE-2019-1563.patch
Patch113: 0001-RT-4242-reject-invalid-EC-point-coordinates.patch
# OpenSSL Security Advisory [6 December 2019] bsc#1158809 CVE-2019-1551
# PATCH-FIX-UPSTREAM Integer overflow in RSAZ modular exponentiation on x86_64
Patch114: openssl-1_1-CVE-2019-1551.patch
# OpenSSL Security Advisory [8 December 2020] bsc#1179491 CVE-2020-1971
Patch115: openssl-CVE-2020-1971.patch
# FIPS patches for SLE-12-SP5 certification
Patch120: openssl-fips_SHA2_in_RSA_pairwise_test.patch
Patch121: openssl-fips-drbg_derfunc.patch
Patch122: openssl-fips_fix_selftests_return_value.patch
Patch123: openssl-DH.patch
Patch124: openssl-fips-DH_selftest_shared_secret_KAT.patch
Patch125: openssl-kdf-tls-selftest.patch
# OpenSSL Security Advisory [16 February 2021] [bsc#1182333,CVE-2021-23840] [bsc#1182331,CVE-2021-23841]
Patch126: openssl-CVE-2021-23840.patch
Patch127: openssl-CVE-2021-23841.patch
Patch128: openssl-1.0.0-pic-pie.patch
Patch129: openssl-add_rfc3526_rfc7919.patch
# OpenSSL Security Advisory [17 August 2021] [bsc#1189521,CVE-2021-3712]
Patch130: CVE-2021-3712-Fix-read-buffer-overrun-in-X509_CERT_AUX_print.patch
Patch131: CVE-2021-3712-other-ASN1_STRING-issues.patch
#PATCH-FIX-UPSTREAM bsc#1196877 CVE-2022-0778 Infinite loop in BN_mod_sqrt() reachable when parsing certificates
Patch132: openssl-CVE-2022-0778.patch
Patch133: openssl-CVE-2022-1292.patch
Patch134: openssl-1_0_0-Fix-file-operations-in-c_rehash.patch
Patch135: openssl-1_0_0-paramgen-default_to_rfc7919.patch
# PATCH-FIX-UPSTREAM bsc#1201627 Update further expiring certificates that affect tests
Patch136: openssl-Update-further-expiring-certificates.patch
#PATCH-FIX-UPSTREAM bsc#1207534 CVE-2022-4304 Timing Oracle in RSA Decryption
Patch137: openssl-CVE-2022-4304.patch
#PATCH-FIX-UPSTREAM bsc#1207536 CVE-2023-0215 Use-after-free following BIO_new_NDEF()
Patch138: openssl-CVE-2023-0215-1of4.patch
Patch139: openssl-Groundwork-for-a-perl-based-testing-framework.patch
Patch140: openssl-Add-recipes-for-the-larger-protocols.patch
Patch141: openssl-CVE-2023-0215-2of4.patch
Patch142: openssl-CVE-2023-0215-3of4.patch
Patch143: openssl-CVE-2023-0215-4of4.patch
#PATCH-FIX-UPSTREAM bsc#1207533 CVE-2023-0286 Address type confusion related to X.400 address processing
Patch144: openssl-CVE-2023-0286.patch
# PATCH-FIX-SUSE bsc#1202062 FIPS: Fix DH key generation in FIPS mode
Patch145: openssl-fips_fix_DH_key_generation.patch
# PATCH-FIX-UPSTREAM: bsc#1209624, CVE-2023-0464 Excessive Resource Usage Verifying X.509 Policy Constraints
Patch146: openssl-CVE-2023-0464.patch
# Only build for SLE12
%if ! (0%{?suse_version} && 0%{?suse_version} == 1315)
ExclusiveArch: do_not_build
%endif
BuildRoot: %{_tmppath}/openssl-%{version}-build
%description
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and open source toolkit implementing
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
v1) protocols with full-strength cryptography. The project is managed
by a worldwide community of volunteers that use the Internet to
communicate, plan, and develop the OpenSSL toolkit and its related
documentation.
Derivation and License
OpenSSL is based on the excellent SSLeay library developed by Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style license, which basically means that you are free to get it
and to use it for commercial and noncommercial purposes.
%package -n saltbundle-libopenssl1_0_0
Summary: Secure Sockets and Transport Layer Security
License: OpenSSL
Group: Productivity/Networking/Security
Recommends: ca-certificates-mozilla
# install libopenssl and libopenssl-hmac close together (bsc#1090765)
Suggests: libopenssl1_0_0-hmac = %{version}-%{release}
%description -n saltbundle-libopenssl1_0_0
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and open source toolkit implementing
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
v1) protocols with full-strength cryptography. The project is managed
by a worldwide community of volunteers that use the Internet to
communicate, plan, and develop the OpenSSL toolkit and its related
documentation.
Derivation and License
OpenSSL is based on the excellent SSLeay library developed by Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style license, which basically means that you are free to get it
and to use it for commercial and noncommercial purposes.
%package -n saltbundle-libopenssl-devel
Summary: Include Files and Libraries mandatory for Development
License: OpenSSL
Group: Development/Libraries/C and C++
Requires: %name = %version
Requires: saltbundle-libopenssl1_0_0 = %{version}
Requires: zlib-devel
Provides: saltbundle-openssl-devel = %{version}
%description -n saltbundle-libopenssl-devel
This package contains all necessary include files and libraries needed
to develop applications that require these.
%package -n saltbundle-libopenssl1_0_0-hmac
Summary: HMAC files for FIPS-140-2 integrity checking of the openssl shared libraries
License: BSD-3-Clause
Group: Productivity/Networking/Security
Requires: saltbundle-libopenssl1_0_0 = %{version}-%{release}
%description -n saltbundle-libopenssl1_0_0-hmac
The FIPS compliant operation of the openssl shared libraries is NOT
possible without the HMAC hashes contained in this package!
%package doc
Summary: Additional Package Documentation
License: OpenSSL
Group: Productivity/Networking/Security
%if 0%{?suse_version} >= 1140
BuildArch: noarch
%endif
%description doc
This package contains optional documentation provided in addition to
this package's base documentation.
%package cavs
Summary: CAVS testing framework and utilities
License: OpenSSL
Group: Productivity/Networking/Security
Requires: saltbundle-libopenssl1_0_0 = %{version}-%{release}
%description cavs
Includes CAVS testing framework and utilities
%prep
%setup -q -n %{_rname}-%{version}
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch9 -p1
%patch10 -p1
%patch13 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch26 -p1
%patch33 -p1
%patch34 -p1
%patch35 -p1
%patch37 -p1
%patch38 -p1
%patch41 -p1
%patch50 -p1
%patch51 -p1
%patch53 -p1
%patch54 -p1
%patch55 -p1
%patch56 -p1
%patch57 -p1
%patch58 -p1
%patch59 -p1
%patch61 -p1
%patch63 -p1
%patch70 -p1
%patch71 -p1
%patch73 -p1
%patch74 -p1
%patch75 -p1
%patch76 -p1
%patch77 -p1
# we don't have FIPS_crypto_threadid_set_callback
%patch78 -R -p1
%patch79 -p1
%patch80 -p1
%patch92 -p1
%patch95 -p1
%patch96 -p1
%patch97 -p1
%patch98 -p1
%patch99 -p1
%patch100 -p1
%patch101 -p1
%patch102 -p1
%patch103 -p1
%patch104 -p1
%patch105 -p1
%patch106 -p1
%patch107 -p1
%patch108 -p1
%patch109 -p1
%patch110 -p1
%patch111 -p1
%patch113 -p1
%patch114 -p1
%patch115 -p1
%patch120 -p1
%patch121 -p1
%patch122 -p1
%patch123 -p1
%patch124 -p1
%patch125 -p1
%patch126 -p1
%patch127 -p1
%patch128 -p1
%patch129 -p1
%patch130 -p1
%patch131 -p1
%patch132 -p1
%patch133 -p1
%patch134 -p1
%patch135 -p1
%patch136 -p1
%patch137 -p1
%patch138 -p1
%patch139 -p1
%patch140 -p1
%patch141 -p1
%patch142 -p1
%patch143 -p1
%patch144 -p1
%patch145 -p1
%patch146 -p1
# clean up patching leftovers
find . -name '*.orig' -delete
cp -p %{S:10} .
cp -p %{S:11} .
echo "adding/overwriting some entries in the 'table' hash in Configure"
# $dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags
export DSO_SCHEME='dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::'
cat <<EOF_ED | ed -s Configure
/^);
-
i
#
# local configuration added from specfile
# ... MOST of those are now correct in openssl's Configure already,
# so only add them for new ports!
#
#config-string, $cc:$cflags:$unistd:$thread_cflag:$sys_id:$lflags:$bn_ops:$cpuid_obj:$bn_obj:$des_obj:$aes_obj:$bf_obj:$md5_obj:$sha1_obj:$cast_obj:$rc4_obj:$rmd160_obj:$rc5_obj:$wp_obj:$cmll_obj:$dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags:$multilib
#"linux-elf", "gcc:-DL_ENDIAN ::-D_REENTRANT::-ldl:BN_LLONG \${x86_gcc_des} \${x86_gcc_opts}:\${x86_elf_asm}:$DSO_SCHEME:",
#"linux-ia64", "gcc:-DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:\${ia64_asm}: $DSO_SCHEME:",
#"linux-ppc", "gcc:-DB_ENDIAN ::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:\${no_asm}: $DSO_SCHEME:",
#"linux-ppc64", "gcc:-DB_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL SIXTY_FOUR_BIT_LONG:\${no_asm}: $DSO_SCHEME:64",
"linux-elf-arm","gcc:-DL_ENDIAN ::-D_REENTRANT::-ldl:BN_LLONG:\${no_asm}: $DSO_SCHEME:",
"linux-mips", "gcc:-DB_ENDIAN ::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:\${no_asm}: $DSO_SCHEME:",
"linux-sparcv7","gcc:-DB_ENDIAN ::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:\${no_asm}: $DSO_SCHEME:",
#"linux-sparcv8","gcc:-DB_ENDIAN -DBN_DIV2W -mv8 ::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::asm/sparcv8.o::::::::::::: $DSO_SCHEME:",
#"linux-x86_64", "gcc:-DL_ENDIAN -DNO_ASM -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG:\${no_asm}: $DSO_SCHEME:64",
#"linux-s390", "gcc:-DB_ENDIAN ::(unknown): :-ldl:BN_LLONG:\${no_asm}: $DSO_SCHEME:",
#"linux-s390x", "gcc:-DB_ENDIAN -DNO_ASM -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG:\${no_asm}: $DSO_SCHEME:64",
"linux-parisc", "gcc:-DB_ENDIAN ::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR DES_PTR DES_UNROLL DES_RISC1:\${no_asm}: $DSO_SCHEME:",
.
wq
EOF_ED
# fix ENGINESDIR path
sed -i 's,/lib/engines,/%_lib/engines,' Configure
%build
%if 0%{suse_version} >= 1230
find -type f -name "*.c" -exec sed -i -e "s@getenv@secure_getenv@g" {} +
%endif
%ifarch armv5el armv5tel
export MACHINE=armv5el
%endif
%ifarch armv6l armv6hl
export MACHINE=armv6l
%endif
./config --test-sanity
#
config_flags="threads shared no-rc5 no-idea \
fips \
%ifarch x86_64
enable-ec_nistp_64_gcc_128 \
%endif
enable-camellia \
zlib \
no-ec2m \
--prefix=%{_prefix} \
--libdir=%{_lib} \
--openssldir=%{ssletcdir} \
$RPM_OPT_FLAGS -std=gnu99 \
-Wa,--noexecstack \
-fomit-frame-pointer \
-DTERMIO \
-DPURIFY \
-D_GNU_SOURCE \
$(getconf LFS_CFLAGS) \
-Wall "
%ifnarch hppa aarch64
config_flags="$config_flags -fstack-protector "
%endif
#
#%{!?do_profiling:%define do_profiling 0}
#%if %do_profiling
# # generate feedback
# ./config $config_flags
# make depend CC="gcc %cflags_profile_generate"
# make CC="gcc %cflags_profile_generate"
# LD_LIBRARY_PATH=`pwd` make rehash CC="gcc %cflags_profile_generate"
# LD_LIBRARY_PATH=`pwd` make test CC="gcc %cflags_profile_generate"
# LD_LIBRARY_PATH=`pwd` apps/openssl speed
# make clean
# # compile with feedback
# # but not if it makes a cipher slower:
# #find crypto/aes -name '*.da' | xargs -r rm
# ./config $config_flags %cflags_profile_feedback
# make depend
# make
# LD_LIBRARY_PATH=`pwd` make rehash
# LD_LIBRARY_PATH=`pwd` make test
#%else
# OpenSSL relies on uname -m (not good). Thus that little sparc line.
./config \
%ifarch sparc64
linux64-sparcv9 \
%endif
$config_flags
# Record mtime of changes file instead of build time to make build-compare work
make PERL=perl -C crypto buildinf.h
CHANGES=`stat --format="%y" %SOURCE1`
cat crypto/buildinf.h
sed -i -e "s|#define DATE .*|#define DATE \"built on: $CHANGES\"|" crypto/buildinf.h
cat crypto/buildinf.h
make depend
make
LD_LIBRARY_PATH=`pwd` make rehash
export MALLOC_CHECK_=3
export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
LD_LIBRARY_PATH=`pwd` make test FIPSCANLIB=""
%ifnarch armv4l
LD_LIBRARY_PATH=`pwd` make test
%endif
#%endif
# show settings
make TABLE
echo $RPM_OPT_FLAGS
eval $(egrep PLATFORM='[[:alnum:]]' Makefile)
grep -B1 -A22 "^\*\*\* $PLATFORM$" TABLE
## show cyphers
#gcc -o showciphers %{optflags} -I%{buildroot}%{_includedir} %{SOURCE99} -L%{buildroot}%{_libdir} -lssl -lcrypto
#LD_LIBRARY_PATH=%{buildroot}%{_libdir} ./showciphers
%install
rm -rf $RPM_BUILD_ROOT
make MANDIR=%{_mandir} INSTALL_PREFIX=$RPM_BUILD_ROOT install
# install hmac binary
install -m 0755 crypto/fips/fips_standalone_hmac %{buildroot}%{_bindir}/fips_standalone_hmac
ln -sf ./%{_rname} %{buildroot}/%{_includedir}/ssl
mkdir %{buildroot}/%{_datadir}/ssl
mv %{buildroot}/%{ssletcdir}/misc %{buildroot}/%{_datadir}/ssl/
# cavs tests
install -m 0755 -d %{buildroot}%{cavs_dir}
cp -a crypto/fips/fips_*{test,vs} %{buildroot}%{cavs_dir}
# avoid file conflicts with man pages from other packages
#
pushd $RPM_BUILD_ROOT/%{_mandir}
# some man pages now contain spaces. This makes several scripts go havoc, among them /usr/sbin/Check.
# replace spaces by underscores
#for i in man?/*\ *; do mv -v "$i" "${i// /_}"; done
which readlink &>/dev/null || function readlink { ( set +x; target=$(file $1 2>/dev/null); target=${target//* }; test -f $target && echo $target; ) }
for i in man?/*; do
if test -L $i ; then
LDEST=`readlink $i`
rm -f $i ${i}ssl
ln -sf ${LDEST}ssl ${i}ssl
else
mv $i ${i}ssl
fi
case "$i" in
*.1)
# these are the pages mentioned in openssl(1). They go into the main package.
echo %doc %{_mandir}/${i}ssl.gz >> $OLDPWD/filelist;;
*)
# the rest goes into the openssl-doc package.
echo %doc %{_mandir}/${i}ssl.gz >> $OLDPWD/filelist.doc;;
esac
done
popd
#
# check wether some shared library has been installed
#
ls -l $RPM_BUILD_ROOT%{_libdir}
test -f $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{num_version}
test -f $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{num_version}
test -L $RPM_BUILD_ROOT%{_libdir}/libssl.so
test -L $RPM_BUILD_ROOT%{_libdir}/libcrypto.so
#
# see what we've got
#
cat > showciphers.c <<EOF
#include <openssl/err.h>
#include <openssl/ssl.h>
int main(){
unsigned int i;
SSL_CTX *ctx;
SSL *ssl;
SSL_METHOD *meth;
meth = SSLv23_client_method();
SSLeay_add_ssl_algorithms();
ctx = SSL_CTX_new(meth);
if (ctx == NULL) return 0;
ssl = SSL_new(ctx);
if (!ssl) return 0;
for (i=0; ; i++) {
int j, k;
SSL_CIPHER *sc;
sc = (meth->get_cipher)(i);
if (!sc) break;
k = SSL_CIPHER_get_bits(sc, &j);
printf("%s\n", sc->name);
}
return 0;
};
EOF
gcc $RPM_OPT_FLAGS -I${RPM_BUILD_ROOT}%{_includedir} -c showciphers.c
gcc -o showciphers showciphers.o -L${RPM_BUILD_ROOT}%{_libdir} -lssl -lcrypto
LD_LIBRARY_PATH=${RPM_BUILD_ROOT}%{_libdir} ./showciphers > AVAILABLE_CIPHERS || true
cat AVAILABLE_CIPHERS
# Do not install demo scripts executable under /usr/share/doc
find demos -type f -perm /111 -exec chmod 644 {} \;
# the hmac hashes:
#
# this is a hack that re-defines the __os_install_post macro
# for a simple reason: the macro strips the binaries and thereby
# invalidates a HMAC that may have been created earlier.
# solution: create the hashes _after_ the macro runs.
#
# this shows up earlier because otherwise the %%expand of
# the macro is too late.
# remark: This is the same as running
# openssl dgst -sha256 -hmac 'ppaksykemnsecgtsttplmamstKMEs'
%{expand:%%global __os_install_post {%__os_install_post
%{buildroot}%{_bindir}/fips_standalone_hmac \
%{buildroot}%{_libdir}/libssl.so.%{num_version} > \
%{buildroot}%{_libdir}/.libssl.so.%{num_version}.hmac
%{buildroot}%{_bindir}/fips_standalone_hmac \
%{buildroot}%{_libdir}/libcrypto.so.%{num_version} > \
%{buildroot}%{_libdir}/.libcrypto.so.%{num_version}.hmac
}}
for engine in 4758cca atalla nuron sureware ubsec cswift chil aep gmp capi; do
rm %{buildroot}/%{_libdir}/engines-1.0/lib$engine.so
done
%ifnarch %{ix86} x86_64
rm %{buildroot}/%{_libdir}/engines-1.0/libpadlock.so
%endif
%clean
if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi
%post -n saltbundle-libopenssl1_0_0 -p /sbin/ldconfig
%postun -n saltbundle-libopenssl1_0_0 -p /sbin/ldconfig
%files -n saltbundle-libopenssl1_0_0
%defattr(-, root, root)
%{_libdir}/libssl.so.%{num_version}
%{_libdir}/libcrypto.so.%{num_version}
%dir %{_libdir}/engines-1.0
%{_libdir}/engines-1.0
%files -n saltbundle-libopenssl1_0_0-hmac
%defattr(-, root, root)
%{_libdir}/.libssl.so.%{num_version}.hmac
%{_libdir}/.libcrypto.so.%{num_version}.hmac
%files -n saltbundle-libopenssl-devel
%defattr(-, root, root)
%{_includedir}/openssl/
%{_includedir}/ssl
%exclude %{_libdir}/libcrypto.a
%exclude %{_libdir}/libssl.a
%{_libdir}/libssl.so
%{_libdir}/libcrypto.so
%{_libdir}/pkgconfig/libcrypto.pc
%{_libdir}/pkgconfig/libssl.pc
%{_libdir}/pkgconfig/openssl.pc
%files doc -f filelist.doc
%defattr(-, root, root)
%doc doc/* demos
%doc showciphers.c
%files cavs
%defattr(-,root,root)
%{_libexecdir}/openssl
%files -f filelist
%license LICENSE
%defattr(-, root, root)
%doc CHANGE* INSTAL* AVAILABLE_CIPHERS
%doc NEWS README README.SUSE README-FIPS.txt
%dir %{ssletcdir}
%config (noreplace) %{ssletcdir}/openssl.cnf
%attr(700,root,root) %{ssletcdir}/private
%dir %{_datadir}/ssl
%{_datadir}/ssl/misc
%{_bindir}/c_rehash
%{_bindir}/fips_standalone_hmac
%{_bindir}/openssl
%changelog
Reference in New Issue View Git Blame Copy Permalink