forked from rpms/openssl
- move certificates to _sysconfdir/pki/tls (#143392)
- move CA directories to _sysconfdir/pki/CA - patch the CA script and the default config so it points to the CA directories
This commit is contained in:
parent
1d982a09cd
commit
79f559a35a
33
openssl-0.9.7f-ca-dir.patch
Normal file
33
openssl-0.9.7f-ca-dir.patch
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
--- openssl-0.9.7f/apps/CA.sh.ca-dir 2005-02-02 00:45:38.000000000 +0100
|
||||||
|
+++ openssl-0.9.7f/apps/CA.sh 2005-04-21 21:08:09.270233699 +0200
|
||||||
|
@@ -38,7 +38,7 @@
|
||||||
|
VERIFY="$OPENSSL verify"
|
||||||
|
X509="$OPENSSL x509"
|
||||||
|
|
||||||
|
-CATOP=./demoCA
|
||||||
|
+CATOP=../../CA
|
||||||
|
CAKEY=./cakey.pem
|
||||||
|
CACERT=./cacert.pem
|
||||||
|
|
||||||
|
--- openssl-0.9.7f/apps/CA.pl.ca-dir 2005-02-02 00:45:38.000000000 +0100
|
||||||
|
+++ openssl-0.9.7f/apps/CA.pl 2005-04-21 21:07:52.307995284 +0200
|
||||||
|
@@ -52,7 +52,7 @@
|
||||||
|
$X509="$openssl x509";
|
||||||
|
$PKCS12="$openssl pkcs12";
|
||||||
|
|
||||||
|
-$CATOP="./demoCA";
|
||||||
|
+$CATOP="../../CA";
|
||||||
|
$CAKEY="cakey.pem";
|
||||||
|
$CACERT="cacert.pem";
|
||||||
|
|
||||||
|
--- openssl-0.9.7f/apps/openssl.cnf.ca-dir 2005-03-30 12:20:17.000000000 +0200
|
||||||
|
+++ openssl-0.9.7f/apps/openssl.cnf 2005-04-21 21:08:29.581927172 +0200
|
||||||
|
@@ -34,7 +34,7 @@
|
||||||
|
####################################################################
|
||||||
|
[ CA_default ]
|
||||||
|
|
||||||
|
-dir = ./demoCA # Where everything is kept
|
||||||
|
+dir = ../../CA # Where everything is kept
|
||||||
|
certs = $dir/certs # Where the issued certs are kept
|
||||||
|
crl_dir = $dir/crl # Where the issued crl are kept
|
||||||
|
database = $dir/index.txt # database index file.
|
64
openssl.spec
64
openssl.spec
@ -22,7 +22,7 @@
|
|||||||
Summary: The OpenSSL toolkit.
|
Summary: The OpenSSL toolkit.
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 0.9.7f
|
Version: 0.9.7f
|
||||||
Release: 3
|
Release: 4
|
||||||
Source: openssl-%{version}-usa.tar.bz2
|
Source: openssl-%{version}-usa.tar.bz2
|
||||||
Source1: hobble-openssl
|
Source1: hobble-openssl
|
||||||
Source2: Makefile.certificate
|
Source2: Makefile.certificate
|
||||||
@ -48,6 +48,7 @@ Patch18: openssl-0.9.7a-krb5-1.3.patch
|
|||||||
Patch40: libica-1.3.4-urandom.patch
|
Patch40: libica-1.3.4-urandom.patch
|
||||||
Patch42: openssl-0.9.7e-krb5.patch
|
Patch42: openssl-0.9.7e-krb5.patch
|
||||||
Patch43: openssl-0.9.7f-bn-asm-uninitialized.patch
|
Patch43: openssl-0.9.7f-bn-asm-uninitialized.patch
|
||||||
|
Patch44: openssl-0.9.7f-ca-dir.patch
|
||||||
License: BSDish
|
License: BSDish
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
URL: http://www.openssl.org/
|
URL: http://www.openssl.org/
|
||||||
@ -126,6 +127,8 @@ popd
|
|||||||
# Additional fixes
|
# Additional fixes
|
||||||
%patch43 -p1 -b .uninitialized
|
%patch43 -p1 -b .uninitialized
|
||||||
|
|
||||||
|
#patch44 is patched after make test
|
||||||
|
|
||||||
# Modify the various perl scripts to reference perl in the right location.
|
# Modify the various perl scripts to reference perl in the right location.
|
||||||
perl util/perlpath.pl `dirname %{__perl}`
|
perl util/perlpath.pl `dirname %{__perl}`
|
||||||
|
|
||||||
@ -182,7 +185,7 @@ sslarch=linux-ppc64
|
|||||||
# usable on all platforms. The Configure script already knows to use -fPIC and
|
# usable on all platforms. The Configure script already knows to use -fPIC and
|
||||||
# RPM_OPT_FLAGS, so we can skip specifiying them here.
|
# RPM_OPT_FLAGS, so we can skip specifiying them here.
|
||||||
./Configure \
|
./Configure \
|
||||||
--prefix=%{_prefix} --openssldir=%{_datadir}/ssl ${sslflags} \
|
--prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
|
||||||
zlib no-idea no-mdc2 no-rc5 no-ec shared \
|
zlib no-idea no-mdc2 no-rc5 no-ec shared \
|
||||||
--with-krb5-flavor=MIT \
|
--with-krb5-flavor=MIT \
|
||||||
-I%{_prefix}/kerberos/include -L%{_prefix}/kerberos/%{_lib} \
|
-I%{_prefix}/kerberos/include -L%{_prefix}/kerberos/%{_lib} \
|
||||||
@ -211,14 +214,17 @@ make -C test apps tests
|
|||||||
-lpthread -lz -ldl
|
-lpthread -lz -ldl
|
||||||
#./openssl-thread-test --threads %{thread_test_threads}
|
#./openssl-thread-test --threads %{thread_test_threads}
|
||||||
|
|
||||||
|
# Patch44 must be patched after tests otherwise they will fail
|
||||||
|
patch -p1 -b -z .ca-dir < %{PATCH44}
|
||||||
|
|
||||||
%install
|
%install
|
||||||
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
|
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
|
||||||
# Install OpenSSL.
|
# Install OpenSSL.
|
||||||
install -d $RPM_BUILD_ROOT/{%{_lib},%{_bindir},%{_includedir},%{_libdir},%{_mandir}}
|
install -d $RPM_BUILD_ROOT/{%{_lib},%{_bindir},%{_includedir},%{_libdir},%{_mandir}}
|
||||||
make INSTALL_PREFIX=$RPM_BUILD_ROOT install build-shared
|
make INSTALL_PREFIX=$RPM_BUILD_ROOT install build-shared
|
||||||
mv $RPM_BUILD_ROOT/usr/lib/lib*.so.%{solibbase} $RPM_BUILD_ROOT/%{_lib}/
|
mv $RPM_BUILD_ROOT/usr/lib/lib*.so.%{solibbase} $RPM_BUILD_ROOT/%{_lib}/
|
||||||
mv $RPM_BUILD_ROOT%{_datadir}/ssl/man/* $RPM_BUILD_ROOT%{_mandir}/
|
mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man/* $RPM_BUILD_ROOT%{_mandir}/
|
||||||
rmdir $RPM_BUILD_ROOT%{_datadir}/ssl/man
|
rmdir $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man
|
||||||
mv $RPM_BUILD_ROOT/usr/lib/* $RPM_BUILD_ROOT%{_libdir}/ || :
|
mv $RPM_BUILD_ROOT/usr/lib/* $RPM_BUILD_ROOT%{_libdir}/ || :
|
||||||
rename so.%{solibbase} so.%{version} $RPM_BUILD_ROOT/%{_lib}/*.so.%{solibbase}
|
rename so.%{solibbase} so.%{version} $RPM_BUILD_ROOT/%{_lib}/*.so.%{solibbase}
|
||||||
for lib in $RPM_BUILD_ROOT/%{_lib}/*.so.%{version} ; do
|
for lib in $RPM_BUILD_ROOT/%{_lib}/*.so.%{version} ; do
|
||||||
@ -229,9 +235,9 @@ done
|
|||||||
|
|
||||||
# Install a makefile for generating keys and self-signed certs, and a script
|
# Install a makefile for generating keys and self-signed certs, and a script
|
||||||
# for generating them on the fly.
|
# for generating them on the fly.
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_datadir}/ssl/certs
|
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs
|
||||||
install -m644 $RPM_SOURCE_DIR/Makefile.certificate $RPM_BUILD_ROOT%{_datadir}/ssl/certs/Makefile
|
install -m644 $RPM_SOURCE_DIR/Makefile.certificate $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs/Makefile
|
||||||
install -m644 $RPM_SOURCE_DIR/make-dummy-cert $RPM_BUILD_ROOT%{_datadir}/ssl/certs/make-dummy-cert
|
install -m644 $RPM_SOURCE_DIR/make-dummy-cert $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs/make-dummy-cert
|
||||||
|
|
||||||
# Make sure we actually include the headers we built against.
|
# Make sure we actually include the headers we built against.
|
||||||
for header in $RPM_BUILD_ROOT%{_includedir}/openssl/* ; do
|
for header in $RPM_BUILD_ROOT%{_includedir}/openssl/* ; do
|
||||||
@ -255,12 +261,12 @@ for conflict in passwd rand ; do
|
|||||||
done
|
done
|
||||||
|
|
||||||
# Pick a CA script.
|
# Pick a CA script.
|
||||||
pushd $RPM_BUILD_ROOT%{_datadir}/ssl/misc
|
pushd $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc
|
||||||
mv CA.sh CA
|
mv CA.sh CA
|
||||||
popd
|
popd
|
||||||
|
|
||||||
mkdir -m700 $RPM_BUILD_ROOT%{_datadir}/ssl/CA
|
mkdir -m700 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA
|
||||||
mkdir -m700 $RPM_BUILD_ROOT%{_datadir}/ssl/CA/private
|
mkdir -m700 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/private
|
||||||
|
|
||||||
# Install root CA stuffs.
|
# Install root CA stuffs.
|
||||||
cat << EOF > RHNS-blurb.txt
|
cat << EOF > RHNS-blurb.txt
|
||||||
@ -269,8 +275,8 @@ cat << EOF > RHNS-blurb.txt
|
|||||||
#
|
#
|
||||||
EOF
|
EOF
|
||||||
cat %{SOURCE3} RHNS-blurb.txt %{SOURCE4} > ca-bundle.crt
|
cat %{SOURCE3} RHNS-blurb.txt %{SOURCE4} > ca-bundle.crt
|
||||||
install -m644 ca-bundle.crt $RPM_BUILD_ROOT%{_datadir}/ssl/certs/
|
install -m644 ca-bundle.crt $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs/
|
||||||
ln -s certs/ca-bundle.crt $RPM_BUILD_ROOT%{_datadir}/ssl/cert.pem
|
ln -s certs/ca-bundle.crt $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/cert.pem
|
||||||
|
|
||||||
# Fix libdir.
|
# Fix libdir.
|
||||||
sed 's,^libdir=${exec_prefix}/lib,libdir=${exec_prefix}/%{_lib},g' \
|
sed 's,^libdir=${exec_prefix}/lib,libdir=${exec_prefix}/%{_lib},g' \
|
||||||
@ -308,7 +314,7 @@ rm -rf $RPM_BUILD_ROOT/%{_mandir}/man3/*
|
|||||||
|
|
||||||
rm -rf $RPM_BUILD_ROOT/%{_bindir}/c_rehash
|
rm -rf $RPM_BUILD_ROOT/%{_bindir}/c_rehash
|
||||||
rm -rf $RPM_BUILD_ROOT/%{_mandir}/man1*/*.pl*
|
rm -rf $RPM_BUILD_ROOT/%{_mandir}/man1*/*.pl*
|
||||||
rm -rf $RPM_BUILD_ROOT/%{_datadir}/ssl/misc/*.pl
|
rm -rf $RPM_BUILD_ROOT/%{_sysconfdir}/pki/tls/misc/*.pl
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
# Remove fips fingerprint script
|
# Remove fips fingerprint script
|
||||||
@ -336,18 +342,18 @@ popd
|
|||||||
%doc doc/README doc/c-indentation.el doc/openssl.txt
|
%doc doc/README doc/c-indentation.el doc/openssl.txt
|
||||||
%doc doc/openssl_button.html doc/openssl_button.gif
|
%doc doc/openssl_button.html doc/openssl_button.gif
|
||||||
%doc doc/ssleay.txt
|
%doc doc/ssleay.txt
|
||||||
%dir %{_datadir}/ssl
|
%dir %{_sysconfdir}/pki/tls
|
||||||
%{_datadir}/ssl/certs
|
%{_sysconfdir}/pki/tls/certs
|
||||||
%{_datadir}/ssl/cert.pem
|
%{_sysconfdir}/pki/tls/cert.pem
|
||||||
%dir %{_datadir}/ssl/misc
|
%dir %{_sysconfdir}/pki/tls/misc
|
||||||
%{_datadir}/ssl/misc/CA
|
%{_sysconfdir}/pki/tls/misc/CA
|
||||||
%dir %{_datadir}/ssl/CA
|
%dir %{_sysconfdir}/pki/CA
|
||||||
%dir %{_datadir}/ssl/CA/private
|
%dir %{_sysconfdir}/pki/CA/private
|
||||||
%{_datadir}/ssl/misc/c_*
|
%{_sysconfdir}/pki/tls/misc/c_*
|
||||||
%{_datadir}/ssl/private
|
%{_sysconfdir}/pki/tls/private
|
||||||
|
|
||||||
%config(noreplace) %{_datadir}/ssl/openssl.cnf
|
%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
|
||||||
%config %{_datadir}/ssl/certs/ca-bundle.crt
|
%config %{_sysconfdir}/pki/tls/certs/ca-bundle.crt
|
||||||
|
|
||||||
%attr(0755,root,root) %{_bindir}/openssl
|
%attr(0755,root,root) %{_bindir}/openssl
|
||||||
%attr(0755,root,root) /%{_lib}/*.so.%{version}
|
%attr(0755,root,root) /%{_lib}/*.so.%{version}
|
||||||
@ -374,8 +380,8 @@ popd
|
|||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
%attr(0755,root,root) %{_bindir}/c_rehash
|
%attr(0755,root,root) %{_bindir}/c_rehash
|
||||||
%attr(0644,root,root) %{_mandir}/man1*/*.pl*
|
%attr(0644,root,root) %{_mandir}/man1*/*.pl*
|
||||||
%dir %{_datadir}/ssl/misc
|
%dir %{_sysconfdir}/pki/tls/misc
|
||||||
%{_datadir}/ssl/misc/*.pl
|
%{_sysconfdir}/pki/tls/misc/*.pl
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%post -p /sbin/ldconfig
|
%post -p /sbin/ldconfig
|
||||||
@ -383,6 +389,12 @@ popd
|
|||||||
%postun -p /sbin/ldconfig
|
%postun -p /sbin/ldconfig
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Apr 21 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7f-4
|
||||||
|
- move certificates to _sysconfdir/pki/tls (#143392)
|
||||||
|
- move CA directories to _sysconfdir/pki/CA
|
||||||
|
- patch the CA script and the default config so it points to the
|
||||||
|
CA directories
|
||||||
|
|
||||||
* Fri Apr 1 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7f-3
|
* Fri Apr 1 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7f-3
|
||||||
- uninitialized variable mustn't be used as input in inline
|
- uninitialized variable mustn't be used as input in inline
|
||||||
assembly
|
assembly
|
||||||
|
Loading…
Reference in New Issue
Block a user