File mingw64-openssl.spec of Package mingw64-openssl
#
# spec file for package mingw64-openssl
#
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
%global __requires_exclude /usr/local/bin/perl
%global _default_patch_fuzz 2
# For the curious:
# 0.9.5a soversion = 0
# 0.9.6 soversion = 1
# 0.9.6a soversion = 2
# 0.9.6c soversion = 3
# 0.9.7a soversion = 4
# 0.9.7ef soversion = 5
# 0.9.8ab soversion = 6
# 0.9.8g soversion = 7
# 0.9.8jk + EAP-FAST soversion = 8
# 1.0.0 soversion = 10
# LibreSSL starts at 27, so don't go too far. Better follow the openSUSE
# scheme of using libcrypto-1.0.0.dll [libcrypto.so.1.0.0]
%global soversion 10
Name: mingw64-openssl
Version: 1.0.2h
Release: 0
Summary: MinGW port of the OpenSSL toolkit
License: OpenSSL
Group: Development/Libraries/C and C++
Url: http://www.openssl.org/
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
# The original openssl upstream tarball cannot be shipped in the .src.rpm.
Source: openssl-%{version}-hobbled.tar.xz
Source1: hobble-openssl
Source2: Makefile.certificate
Source6: make-dummy-cert
Source7: renew-dummy-cert
Source8: openssl-thread-test.c
Source9: opensslconf-new.h
Source10: opensslconf-new-warning.h
Source11: README.FIPS
Source12: ec_curve.c
Source13: ectest.c
# probably worth fixing the wrong-script-interpreter issue
Source99: mingw64-openssl-rpmlintrc
# Build changes
Patch1: openssl-1.0.2e-rpmbuild.patch
Patch2: openssl-1.0.2a-defaults.patch
Patch4: openssl-1.0.2a-enginesdir.patch
Patch5: openssl-1.0.2a-no-rpath.patch
Patch6: openssl-1.0.2a-test-use-localhost.patch
Patch7: openssl-1.0.0-timezone.patch
Patch8: openssl-1.0.1c-perlfind.patch
Patch9: openssl-1.0.1c-aliasing.patch
# Bug fixes
Patch23: openssl-1.0.2c-default-paths.patch
Patch24: openssl-1.0.2a-issuer-hash.patch
# Functionality changes
Patch33: openssl-1.0.0-beta4-ca-dir.patch
Patch34: openssl-1.0.2a-x509.patch
Patch35: openssl-1.0.2a-version-add-engines.patch
Patch39: openssl-1.0.2a-ipv6-apps.patch
Patch40: openssl-1.0.2h-fips.patch
Patch45: openssl-1.0.2a-env-zlib.patch
Patch47: openssl-1.0.2a-readme-warning.patch
Patch49: openssl-1.0.1i-algo-doc.patch
Patch50: openssl-1.0.2a-dtls1-abi.patch
Patch51: openssl-1.0.2a-version.patch
Patch56: openssl-1.0.2a-rsa-x931.patch
Patch58: openssl-1.0.2a-fips-md5-allow.patch
Patch60: openssl-1.0.2a-apps-dgst.patch
Patch63: openssl-1.0.2a-xmpp-starttls.patch
Patch65: openssl-1.0.2a-chil-fixes.patch
Patch66: openssl-1.0.2a-pkgconfig-krb5.patch
Patch68: openssl-1.0.2a-secure-getenv.patch
Patch70: openssl-1.0.2a-fips-ec.patch
Patch71: openssl-1.0.2g-manfix.patch
Patch72: openssl-1.0.2a-fips-ctor.patch
Patch73: openssl-1.0.2c-ecc-suiteb.patch
Patch74: openssl-1.0.2a-no-md5-verify.patch
Patch75: openssl-1.0.2a-compat-symbols.patch
Patch76: openssl-1.0.2a-new-fips-reqs.patch
Patch77: openssl-1.0.2h-weak-ciphers.patch
Patch78: openssl-1.0.2a-cc-reqs.patch
Patch90: openssl-1.0.2a-enc-fail.patch
Patch92: openssl-1.0.2a-system-cipherlist.patch
Patch93: openssl-1.0.2g-disable-sslv2v3.patch
Patch94: openssl-1.0.2d-secp256k1.patch
Patch95: openssl-1.0.2e-remove-nistp224.patch
Patch96: openssl-1.0.2e-speed-doc.patch
# Backported fixes including security fixes
Patch80: openssl-1.0.2e-wrap-pad.patch
Patch81: openssl-1.0.2a-padlock64.patch
Patch82: openssl-1.0.2h-trusted-first-doc.patch
Patch83: openssl-1.0.2h-remove-ssl2.patch
# MinGW-specific patches.
# Rename *eay64.dll to lib*.dll
Patch101: mingw32-openssl-1.0.2g-libversion.patch
# Fix engines/ install target after lib rename
Patch102: mingw32-openssl-1.0.2a-sfx.patch
# Some .c file contains in #include <dlfcn.h> while it
# doesn't really use anything from that header
Patch103: mingw-openssl-drop-unneeded-reference-to-dlfcn-h.patch
# Mingw-w64 compatibility patch
Patch104: openssl_mingw64_install_fix.patch
# Prevent a build failure which occurs because we don't have FIPS enabled
Patch105: mingw-openssl-fix-fips-build-failure.patch
# The function secure_getenv is a GNU extension which isn't available on Windows
Patch106: openssl-mingw64-dont-use-secure-getenv.patch
# Don't include the old winsock.h as it will cause warnings/errors in packages
# using the openssl headers like: Please include winsock2.h before windows.h
Patch107: openssl-dont-include-winsock-h.patch
Patch108: 0001-Create-pkg-config-files-for-static-libraries.patch
BuildRequires: diffutils
BuildRequires: mingw64-cross-binutils
BuildRequires: mingw64-cross-gcc
BuildRequires: mingw64-cross-pkg-config
BuildRequires: mingw64-filesystem >= 95
BuildRequires: mingw64-zlib-devel
BuildRequires: mktemp
BuildRequires: perl
BuildRequires: util-linux
# XXX Not really sure about this one. The build script uses
# /usr/bin/makedepend which comes from imake.
#BuildRequires: imake
BuildRequires: xorg-x11-util-devel
%_mingw64_package_header_debug
BuildArch: noarch
%description
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and open source toolkit implementing
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
v1) protocols with full-strength cryptography. The project is managed
by a worldwide community of volunteers that use the Internet to
communicate, plan, and develop the OpenSSL toolkit and its related
documentation.
Derivation and License
OpenSSL is based on the excellent SSLeay library developed by Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style license, which basically means that you are free to get it
and to use it for commercial and noncommercial purposes.
%package -n mingw64-libopenssl
Summary: Secure Sockets and Transport Layer Security (library)
Group: System/Libraries
%description -n mingw64-libopenssl
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and open source toolkit implementing
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
v1) protocols with full-strength cryptography. The project is managed
by a worldwide community of volunteers that use the Internet to
communicate, plan, and develop the OpenSSL toolkit and its related
documentation.
Derivation and License
OpenSSL is based on the excellent SSLeay library developed by Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style license, which basically means that you are free to get it
and to use it for commercial and noncommercial purposes.
%package -n mingw64-libopenssl-devel
Summary: Secure Sockets and Transport Layer Security (development files)
Group: Development/Libraries/C and C++
# for static library
Requires: mingw64-zlib-devel
Requires: mingw64-libopenssl = %{version}
%description -n mingw64-libopenssl-devel
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and open source toolkit implementing
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
v1) protocols with full-strength cryptography. The project is managed
by a worldwide community of volunteers that use the Internet to
communicate, plan, and develop the OpenSSL toolkit and its related
documentation.
Derivation and License
OpenSSL is based on the excellent SSLeay library developed by Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style license, which basically means that you are free to get it
and to use it for commercial and noncommercial purposes.
%_mingw64_debug_package
%prep
%setup -q -n openssl-%{version}
# The hobble_openssl is called here redundantly, just to be sure.
# The tarball has already the sources removed.
sh %{SOURCE1} > /dev/null
cp %{SOURCE12} %{SOURCE13} crypto/ec/
%patch -P 1 -p1 -b .rpmbuild
%patch -P 2 -p1 -b .defaults
%patch -P 4 -p1 -b .enginesdir %{?_rawbuild}
%patch -P 5 -p1 -b .no-rpath
%patch -P 6 -p1 -b .use-localhost
%patch -P 7 -p1 -b .timezone
%patch -P 8 -p1 -b .perlfind %{?_rawbuild}
%patch -P 9 -p1 -b .aliasing
%patch -P 23 -p1 -b .default-paths
%patch -P 24 -p1 -b .issuer-hash
%patch -P 33 -p1 -b .ca-dir
%patch -P 34 -p1 -b .x509
%patch -P 35 -p1 -b .version-add-engines
#patch39 -p1 -b .ipv6-apps
%patch -P 40 -p1 -b .fips
%patch -P 45 -p1 -b .env-zlib
%patch -P 47 -p1 -b .warning
%patch -P 49 -p1 -b .algo-doc
%patch -P 50 -p1 -b .dtls1-abi
#patch51 -p1 -b .version
#patch56 -p1 -b .x931
%patch -P 58 -p1 -b .md5-allow
%patch -P 60 -p1 -b .dgst
#patch63 -p1 -b .starttls
%patch -P 65 -p1 -b .chil
%patch -P 66 -p1 -b .krb5
#patch68 -p1 -b .secure-getenv
#patch70 -p1 -b .fips-ec
%patch -P 71 -p1 -b .manfix
#patch72 -p1 -b .fips-ctor
%patch -P 73 -p1 -b .suiteb
#patch74 -p1 -b .no-md5-verify
%patch -P 75 -p1 -b .compat
#patch76 -p1 -b .fips-reqs
%patch -P 77 -p1 -b .weak-ciphers
%patch -P 78 -p1 -b .cc-reqs
%patch -P 90 -p1 -b .enc-fail
%patch -P 92 -p1 -b .system
%patch -P 93 -p1 -b .v2v3
%patch -P 94 -p1 -b .secp256k1
%patch -P 95 -p1 -b .nistp224
%patch -P 96 -p1 -b .speed-doc
%patch -P 80 -p1 -b .wrap
%patch -P 81 -p1 -b .padlock64
%patch -P 82 -p1 -b .trusted-first
%patch -P 83 -p1 -b .remove-ssl2
# MinGW specific patches
%patch -P 101 -p1 -b .mingw-libversion
%patch -P 102 -p1 -b .mingw-sfx
%patch -P 103 -p0 -b .dlfcn
%patch -P 104 -p0 -b .mingw64
%patch -P 105 -p1 -b .fips_mingw
%patch -P 106 -p1 -b .secure_getenv_mingw
%patch -P 107 -p0 -b .winsock
%patch -P 108 -p1
sed -i 's/SHLIB_VERSION_NUMBER "2.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h
# workaround freakish perl:
#/var/tmp/rpm-tmp.dEUR3i: ./Configure: ./perl: bad interpreter: Permission denied
#error: Bad exit status from /var/tmp/rpm-tmp.dEUR3i (%build)
#rmdir perl
#ln -s /usr/bin/perl perl
# Generate a table with the compile settings for my perusal.
touch Makefile
make TABLE PERL=perl
# Use mingw cflags instead of hardcoded ones
sed -i -e '/^"mingw"/ s/-fomit-frame-pointer -O3 -march=i486 -Wall/%{_mingw64_cflags}/' Configure
%build
ZLIB_LIBRARY=$(%_mingw64_env; pkg-config --libs zlib-static)
PERL=perl \
./Configure \
--prefix=%{_mingw64_prefix} \
--openssldir=%{_mingw64_sysconfdir}/pki/tls \
--with-zlib-lib=$ZLIB_LIBRARY \
zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
enable-cms enable-md2 no-mdc2 no-rc5 no-ec2m no-gost no-srp \
no-fips no-hw \
--cross-compile-prefix=%{_mingw64_target}- \
--enginesdir=%{_mingw64_libdir}/openssl/engines \
shared mingw64
# Regenerate def files as we disabled some algorithms above
perl util/mkdef.pl crypto ssl update
# Regenerate def files as we disabled some algorithms above
perl util/mkdef.pl crypto ssl update
make depend
make all build-shared
make rehash build-shared
if ! iconv -f UTF-8 -t ASCII//TRANSLIT CHANGES >/dev/null 2>&1 ; then
iconv -f ISO-8859-1 -t UTF-8 -o CHANGES.utf8 CHANGES && \
mv -f CHANGES.utf8 CHANGES
fi
%install
mkdir -p %{buildroot}%{_mingw64_libdir}/openssl
mkdir -p %{buildroot}%{_mingw64_bindir}
mkdir -p %{buildroot}%{_mingw64_includedir}
mkdir -p %{buildroot}%{_mingw64_mandir}
make INSTALL_PREFIX=%{buildroot} install build-shared
# Install the file applink.c (#499934)
install -m644 ms/applink.c %{buildroot}%{_mingw64_includedir}/openssl/applink.c
mv %{buildroot}%{_mingw64_sysconfdir}/pki/tls/man/* \
%{buildroot}%{_mingw64_mandir}
# Install a makefile for generating keys and self-signed certs, and a script
# for generating them on the fly.
mkdir -p %{buildroot}%{_mingw64_sysconfdir}/pki/tls/certs
install -m644 %{SOURCE2} %{buildroot}%{_mingw64_sysconfdir}/pki/tls/certs/Makefile
install -m755 %{SOURCE6} %{buildroot}%{_mingw64_sysconfdir}/pki/tls/certs/make-dummy-cert
install -m755 %{SOURCE7} %{buildroot}%{_mingw64_sysconfdir}/pki/tls/certs/renew-dummy-cert
# Pick a CA script.
pushd %{buildroot}%{_mingw64_sysconfdir}/pki/tls/misc
mv CA.sh CA
popd
mkdir -m700 %{buildroot}%{_mingw64_sysconfdir}/pki/CA
mkdir -m700 %{buildroot}%{_mingw64_sysconfdir}/pki/CA/private
%files
%defattr(-,root,root)
%{_mingw64_bindir}/openssl.exe
%{_mingw64_bindir}/c_rehash
%{_mingw64_mandir}/man1/*
%{_mingw64_mandir}/man5/*
%{_mingw64_mandir}/man7/*
%config(noreplace) %{_mingw64_sysconfdir}
%files -n mingw64-libopenssl
%defattr(-,root,root)
%{_mingw64_bindir}/libcrypto-%{soversion}.dll
%{_mingw64_bindir}/libssl-%{soversion}.dll
%dir %{_mingw64_libdir}/engines/
%{_mingw64_libdir}/engines/*.dll
%files -n mingw64-libopenssl-devel
%defattr(-,root,root)
%{_mingw64_libdir}/pkgconfig/*.pc
%{_mingw64_libdir}/libcrypto.dll.a
%{_mingw64_libdir}/libssl.dll.a
%{_mingw64_libdir}/libcrypto.a
%{_mingw64_libdir}/libssl.a
%{_mingw64_includedir}/openssl
%{_mingw64_mandir}/man3/*
%changelog
