Fix a couple of loops.

[fedora-mingw.git] / openssl / mingw32-openssl.spec

%define __strip %{_mingw32_strip}
%define __objdump %{_mingw32_objdump}
%define _use_internal_dependency_generator 0
%define __find_requires %{_mingw32_findrequires}
%define __find_provides %{_mingw32_findprovides}

# For the curious:
# 0.9.5a soversion = 0
# 0.9.6  soversion = 1
# 0.9.6a soversion = 2
# 0.9.6c soversion = 3
# 0.9.7a soversion = 4
# 0.9.7ef soversion = 5
# 0.9.8ab soversion = 6
# 0.9.8g soversion = 7
# 0.9.8j + EAP-FAST soversion = 8
%define soversion 8

# Enable the tests.
# These only work some of the time, but fail randomly at other times
# (although I have had them complete a few times, so I don't think
# there is any actual problem with the binaries).
%define run_tests 0

# Number of threads to spawn when testing some threading fixes.
%define thread_test_threads %{?threads:%{threads}}%{!?threads:1}

Name:           mingw32-openssl
Version:        0.9.8j
Release:        2%{?dist}
Summary:        MinGW port of the OpenSSL toolkit

License:        OpenSSL
Group:          Development/Libraries
URL:            http://www.openssl.org/

# Use the hobble-openssl script to create the source file.
Source0:        openssl-%{version}-usa.tar.bz2

Source1:        hobble-openssl
Source2:        Makefile.certificate
Source6:        make-dummy-cert
Source8:        openssl-thread-test.c
Source9:        opensslconf-new.h
Source10:       opensslconf-new-warning.h

# Patches from Fedora native package.
# Build changes
Patch0:         openssl-0.9.8j-redhat.patch
Patch1:         openssl-0.9.8a-defaults.patch
Patch2:         openssl-0.9.8a-link-krb5.patch
Patch3:         openssl-0.9.8j-soversion.patch
Patch4:         openssl-0.9.8j-enginesdir.patch
Patch5:         openssl-0.9.8a-no-rpath.patch
Patch6:         openssl-0.9.8b-test-use-localhost.patch
Patch7:         openssl-0.9.8j-shlib-version.patch
# Bug fixes
Patch21:        openssl-0.9.8b-aliasing-bug.patch
Patch22:        openssl-0.9.8b-x509-name-cmp.patch
Patch23:        openssl-0.9.8g-default-paths.patch
Patch24:        openssl-0.9.8g-no-extssl.patch
# Functionality changes
Patch32:        openssl-0.9.8g-ia64.patch
Patch33:        openssl-0.9.8j-ca-dir.patch
Patch34:        openssl-0.9.6-x509.patch
Patch35:        openssl-0.9.8j-version-add-engines.patch
Patch38:        openssl-0.9.8a-reuse-cipher-change.patch
# Disabled this because it uses getaddrinfo which is lacking on Windows.
#Patch39:        openssl-0.9.8g-ipv6-apps.patch
Patch40:        openssl-0.9.8j-nocanister.patch
Patch41:        openssl-0.9.8j-use-fipscheck.patch
Patch42:        openssl-0.9.8j-fipscheck-hmac.patch
Patch43:        openssl-0.9.8j-evp-nonfips.patch
Patch44:        openssl-0.9.8j-kernel-fipsmode.patch
Patch45:        openssl-0.9.8j-env-nozlib.patch
Patch46:        openssl-0.9.8j-eap-fast.patch
Patch47:        openssl-0.9.8j-readme-warning.patch
Patch48:        openssl-0.9.8j-bad-mime.patch
Patch49:        openssl-0.9.8j-fips-no-pairwise.patch
# Backported fixes including security fixes

# MinGW-specific patches.
Patch100:       mingw32-openssl-0.9.8j-header-files.patch
Patch101:       mingw32-openssl-0.9.8j-configure.patch
Patch102:       mingw32-openssl-0.9.8j-shared.patch
Patch103:       mingw32-openssl-0.9.8g-global.patch
Patch104:       mingw32-openssl-0.9.8g-sfx.patch

BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

BuildArch:      noarch

BuildRequires:  mingw32-filesystem >= 40
BuildRequires:  mingw32-gcc
BuildRequires:  mingw32-binutils

BuildRequires:  mingw32-zlib
BuildRequires:  mingw32-pthreads

BuildRequires:  mktemp
#BuildRequires:  krb5-devel
BuildRequires:  perl
BuildRequires:  sed
BuildRequires:  /usr/bin/cmp
BuildRequires:  /usr/bin/rename

# XXX Not really sure about this one.  The build script uses
# /usr/bin/makedepend which comes from imake.
BuildRequires:  imake

%if %{run_tests}
# Required both to build, and to run the tests.
# XXX This needs to be fixed - cross-compilation should not
# require running executables.
BuildRequires:  wine

# Required to run the tests.
BuildRequires:  xorg-x11-server-Xvfb
%endif

#Requires:       ca-certificates >= 2008-5
Requires:       pkgconfig


%description
The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
protocols.

This package contains Windows (MinGW) libraries and development tools.


%prep
%setup -q -n openssl-%{version}

%{SOURCE1} > /dev/null
%patch0 -p1 -b .redhat
%patch1 -p1 -b .defaults
# Fix link line for libssl (bug #111154).
%patch2 -p1 -b .krb5
%patch3 -p1 -b .soversion
%patch4 -p1 -b .enginesdir
%patch5 -p1 -b .no-rpath
%patch6 -p1 -b .use-localhost
%patch7 -p1 -b .shlib-version

%patch21 -p1 -b .aliasing-bug
%patch22 -p1 -b .name-cmp
%patch23 -p1 -b .default-paths
%patch24 -p1 -b .no-extssl

%patch32 -p1 -b .ia64
#patch33 is applied after make test
%patch34 -p1 -b .x509
%patch35 -p1 -b .version-add-engines
%patch38 -p1 -b .cipher-change
#%patch39 -p1 -b .ipv6-apps
%patch40 -p1 -b .nocanister
%patch41 -p1 -b .use-fipscheck
%patch42 -p1 -b .fipscheck-hmac
%patch43 -p1 -b .evp-nonfips
%patch44 -p1 -b .fipsmode
%patch45 -p1 -b .env-nozlib
%patch46 -p1 -b .eap-fast
%patch47 -p1 -b .warning
%patch48 -p1 -b .bad-mime
%patch49 -p1 -b .no-pairwise

%patch100 -p1 -b .mingw-header-files
%patch101 -p1 -b .mingw-configure
%patch102 -p1 -b .mingw-shared
%patch103 -p1 -b .mingw-global
%patch104 -p1 -b .mingw-sfx

# Modify the various perl scripts to reference perl in the right location.
perl util/perlpath.pl `dirname %{__perl}`

# Generate a table with the compile settings for my perusal.
touch Makefile
make TABLE PERL=%{__perl}

%build
# NB: 'no-hw' is vital.  MinGW cannot build the hardware drivers
# and if you don't have this you'll get an obscure link error.
%{_mingw32_env}; \
sed -i -e "s/MINGW32_CC/%{_mingw32_cc}/" -e "s/MINGW32_CFLAGS/%{_mingw32_cflags}/" -e "s/MINGW32_RANLIB/%{_mingw32_ranlib}/" Configure; \
./Configure \
  --prefix=%{_mingw32_prefix} \
  --openssldir=%{_mingw32_sysconfdir}/pki/tls \
  zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
  no-idea no-mdc2 no-rc5 no-ec no-ecdh no-ecdsa no-hw shared \
  --enginesdir=%{_mingw32_libdir}/openssl/engines \
  mingw
#  --with-krb5-flavor=MIT
#  -I%{_mingw32_prefix}/kerberos/include -L%{_mingw32_prefix}/kerberos/%{_lib}
%{_mingw32_make} depend
%{_mingw32_make} all build-shared

# Generate hashes for the included certs.
%{_mingw32_make} rehash build-shared

%if %{run_tests}
#----------------------------------------------------------------------
# Run some tests.  I don't know why this isn't in a %-check section
# but this is how it is in the native RPM.

# This is a bit of a hack, but the test scripts look for 'openssl'
# by name.
pushd apps
ln -s openssl.exe openssl
popd

# This is useful for diagnosing Wine problems.
WINEDEBUG=+loaddll
export WINEDEBUG

# Make sure we can find the installed DLLs.
WINEDLLPATH=%{_mingw32_bindir}
export WINEDLLPATH

# The tests run Wine and require an X server (but don't really use
# it).  Therefore we create a virtual framebuffer for the duration of
# the tests.
# XXX There is no good way to choose a random, unused display.
# XXX Setting depth to 24 bits avoids bug 458219.
unset DISPLAY
display=:21
Xvfb $display -screen 0 1024x768x24 -ac -noreset & xpid=$!
trap "kill -TERM $xpid ||:" EXIT
sleep 3
DISPLAY=$display
export DISPLAY

%{_mingw32_make} LDCMD=%{_mingw32_cc} -C test apps tests

# Disable this thread test, because we don't have pthread on Windows.
%{_mingw32_cc} -o openssl-thread-test \
  -I./include \
  %-{_mingw32_cflags} \
  %-{SOURCE8} \
  -L. \
  -lssl -lcrypto \
  -lpthread -lz -ldl

## `krb5-config --cflags`
## `krb5-config --libs`
#
./openssl-thread-test --threads %{thread_test_threads}

#----------------------------------------------------------------------
%endif

# Patch33 must be patched after tests otherwise they will fail
patch -p1 -b -z .ca-dir < %{PATCH33}

# Add generation of HMAC checksum of the final stripped library
#%define __spec_install_post \
#    %{?__debug_package:%{__debug_install_post}} \
#    %{__arch_install_post} \
#    %{__os_install_post} \
#    fips/fips_standalone_sha1 $RPM_BUILD_ROOT/%{_lib}/libcrypto.so.%{version} >$RPM_BUILD_ROOT/%{_lib}/.libcrypto.so.%{version}.hmac \
#    ln -sf .libcrypto.so.%{version}.hmac $RPM_BUILD_ROOT/%{_lib}/.libcrypto.so.%{soversion}.hmac \
#%{nil}

if ! iconv -f UTF-8 -t ASCII//TRANSLIT CHANGES >/dev/null 2>&1 ; then
  iconv -f ISO-8859-1 -t UTF-8 -o CHANGES.utf8 CHANGES && \
    mv -f CHANGES.utf8 CHANGES
fi


%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT%{_mingw32_libdir}
mkdir -p $RPM_BUILD_ROOT%{_mingw32_libdir}/openssl
mkdir -p $RPM_BUILD_ROOT%{_mingw32_bindir}
mkdir -p $RPM_BUILD_ROOT%{_mingw32_includedir}
mkdir -p $RPM_BUILD_ROOT%{_mingw32_mandir}
make INSTALL_PREFIX=$RPM_BUILD_ROOT install build-shared

# Install the actual DLLs.
install libcrypto-%{soversion}.dll $RPM_BUILD_ROOT%{_mingw32_bindir}
install libssl-%{soversion}.dll $RPM_BUILD_ROOT%{_mingw32_bindir}

# Remove static libraries but DON'T remove *.dll.a files.
rm $RPM_BUILD_ROOT%{_mingw32_libdir}/libcrypto.a
rm $RPM_BUILD_ROOT%{_mingw32_libdir}/libssl.a

# I have no idea why it installs the manpages in /etc, but
# we remove them anyway.
rm -r $RPM_BUILD_ROOT%{_mingw32_sysconfdir}/pki/tls/man

# Set permissions on lib*.dll.a so that strip works.
chmod 0755 $RPM_BUILD_ROOT%{_mingw32_libdir}/libcrypto.dll.a
chmod 0755 $RPM_BUILD_ROOT%{_mingw32_libdir}/libssl.dll.a

# Install a makefile for generating keys and self-signed certs, and a script
# for generating them on the fly.
mkdir -p $RPM_BUILD_ROOT%{_mingw32_sysconfdir}/pki/tls/certs
install -m644 %{SOURCE2} $RPM_BUILD_ROOT%{_mingw32_sysconfdir}/pki/tls/certs/Makefile
install -m755 %{SOURCE6} $RPM_BUILD_ROOT%{_mingw32_sysconfdir}/pki/tls/certs/make-dummy-cert

# Pick a CA script.
pushd  $RPM_BUILD_ROOT%{_mingw32_sysconfdir}/pki/tls/misc
mv CA.sh CA
popd

mkdir -m700 $RPM_BUILD_ROOT%{_mingw32_sysconfdir}/pki/CA
mkdir -m700 $RPM_BUILD_ROOT%{_mingw32_sysconfdir}/pki/CA/private

%clean
rm -rf $RPM_BUILD_ROOT


%files
%defattr(-,root,root)
%doc LICENSE
%{_mingw32_bindir}/openssl.exe
%{_mingw32_bindir}/c_rehash
%{_mingw32_bindir}/libcrypto-%{soversion}.dll
%{_mingw32_bindir}/libssl-%{soversion}.dll
#{_mingw32_bindir}/.libcrypto*.hmac
%{_mingw32_libdir}/libcrypto.dll.a
%{_mingw32_libdir}/libssl.dll.a
%{_mingw32_libdir}/engines
%{_mingw32_libdir}/pkgconfig/*.pc
%{_mingw32_includedir}/openssl
%config(noreplace) %{_mingw32_sysconfdir}/pki


%changelog
* Mon Feb  2 2009 Levente Farkas <lfarkas@lfarkas.org> - 0.9.8j-2
- Various build fixes.

* Wed Jan 28 2009 Levente Farkas <lfarkas@lfarkas.org> - 0.9.8j-1
- update to new upstream version.

* Mon Dec 29 2008 Levente Farkas <lfarkas@lfarkas.org> - 0.9.8g-2
- minor cleanup.

* Tue Sep 30 2008 Richard W.M. Jones <rjones@redhat.com> - 0.9.8g-1
- Initial RPM release.