Use CentOS Stream spec

SOURCES/openssl-ibmca-2.3.1-engine-warning.patch

@@ -1,27 +0,0 @@
-From b72865d57bf129c058bdb4e7301b9cb7ce16938e Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
-Date: Fri, 13 Jan 2023 18:09:49 +0100
-Subject: [ibmca PATCH] warn the user when configuring the engine
-
-The engine feature is deprecated in OpenSSL 3.0 and will be removed.
-Thus warn the user and recommend using the provider instead.
----
- src/engine/ibmca-engine-opensslconfig.in | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/engine/ibmca-engine-opensslconfig.in b/src/engine/ibmca-engine-opensslconfig.in
-index e4b168b..ec7fbfc 100644
---- a/src/engine/ibmca-engine-opensslconfig.in
-+++ b/src/engine/ibmca-engine-opensslconfig.in
-@@ -140,4 +140,8 @@ this file.
- |;
- }
- 
-+print "WARNING: The OpenSSL engine feature is DEPRECATED since OpenSSL 3.0.\n";
-+print "WARNING: It will be removed in the future.\n";
-+print "WARNING: Please use the OpenSSL provider instead.\n";
-+
- generate();
--- 
-2.39.0
-

SPECS/openssl-ibmca.spec

@@ -1,38 +1,26 @@
 %global enginesdir %(pkg-config --variable=enginesdir libcrypto)
-%global modulesdir %(pkg-config --variable=modulesdir libcrypto)
 
-%if 0%{?fedora} >= 36 || 0%{?rhel} >= 9
-%global with_openssl3 1
-%endif
-
-
-Summary: OpenSSL engine and provider for IBMCA
+Summary: A dynamic OpenSSL engine for IBMCA
 Name: openssl-ibmca
 Version: 2.4.0
 Release: 2%{?dist}
 License: ASL 2.0
+Group: System Environment/Libraries
 URL: https://github.com/opencryptoki
 Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
-# post GA fixes
-#Patch0: %%{name}-%%{version}-fixes.patch
-# warn the user about engine being deprecated
-Patch1: %{name}-2.3.1-engine-warning.patch
-# https://bugzilla.redhat.com/show_bug.cgi?id=2221894
+# https://bugzilla.redhat.com/show_bug.cgi?id=2221891
 # https://github.com/opencryptoki/openssl-ibmca/commit/3ea8f4ed58e075e097856437c0732e11771931d0
-Patch2: %{name}-2.4.0-engine-defaults.patch
-Requires: libica >= 4.0.0
-BuildRequires: make
+Patch0: %{name}-2.4.0-engine-defaults.patch
+Requires: libica >= 3.8.0
 BuildRequires: gcc
-BuildRequires: libica-devel >= 4.0.0
+BuildRequires: libica-devel >= 3.8.0
 BuildRequires: automake libtool
-BuildRequires: openssl >= 3.0.5
-BuildRequires: perl(FindBin)
+BuildRequires: openssl
 ExclusiveArch: s390 s390x
 
 
 %description
-A dynamic OpenSSL engine and provider for IBMCA crypto hardware on IBM Z
-machines to accelerate cryptographic operations.
+A dynamic OpenSSL engine for IBMCA crypto hardware on IBM z Systems machines.
 
 
 %prep
@@ -42,22 +30,16 @@ machines to accelerate cryptographic operations.
 
 
 %build
-%configure --libdir=%{enginesdir} --with-libica-cex --with-libica-version=4
-%make_build
+%configure --libdir=%{enginesdir} --with-libica-version=3
+make %{?_smp_mflags}
 
 
 %install
 %make_install
-rm -f %{buildroot}%{enginesdir}/*.la
-
-%if 0%{?with_openssl3}
-# provider is built when openssl3 is available, fix its location
-mkdir -p %{buildroot}%{modulesdir}
-mv %{buildroot}%{enginesdir}/ibmca-provider.so %{buildroot}%{modulesdir}/ibmca-provider.so
-%endif
+rm -f $RPM_BUILD_ROOT%{enginesdir}/*.la
 
 pushd src/engine
-sed -i -e 's|/usr/local/lib|%{enginesdir}|' openssl.cnf.sample
+sed -e 's|/usr/local/lib|%{enginesdir}|' openssl.cnf.sample > openssl.cnf.sample.%{_arch}
 popd
 
 # remove generated sample configs
@@ -70,97 +52,56 @@ make check
 
 %files
 %license LICENSE
-%doc ChangeLog README.md src/engine/openssl.cnf.sample
-%doc src/engine/ibmca-engine-opensslconfig
-%doc src/provider/ibmca-provider-opensslconfig
+%doc ChangeLog README.md src/engine/openssl.cnf.sample.%{_arch}
 %{enginesdir}/ibmca.so
 %{_mandir}/man5/ibmca.5*
-%if 0%{?with_openssl3}
-%{modulesdir}/ibmca-provider.so
-%{_mandir}/man5/ibmca-provider.5*
-%endif
 
 
 %changelog
-* Tue Jul 11 2023 Dan Horák <dhorak@redhat.com> - 2.4.0-2
-- engine: Only register those algos specified with default_algorithms (#2221894)
-- Resolves: #2221894
+* Wed Jul 12 2023 Dan Horák <dhorak@redhat.com> - 2.4.0-2
+- engine: Only register those algos specified with default_algorithms (#2221891)
+- Resolves: #2221891
 
-* Thu Apr 06 2023 Dan Horák <dhorak@redhat.com> - 2.4.0-1
-- updated to 2.4.0 (#2160084)
-- Resolves: #2160084
+* Mon May 29 2023 Dan Horák <dhorak[at]redhat.com> - 2.4.0-1
+- updated to 2.4.0 (#2159722)
+- Resolves: #2159722
 
-* Fri Jan 13 2023 Dan Horák <dhorak@redhat.com> - 2.3.1-2
-- fix provider configuration script (#2140028)
-- Resolves: #2140028
+* Fri Jan 06 2023 Dan Horák <dhorak[at]redhat.com> - 2.3.1-1
+- updated to 2.3.1 (#2110379)
+- Resolves: #2110379
 
-* Thu Jan 12 2023 Dan Horák <dhorak@redhat.com> - 2.3.1-1
-- updated to 2.3.1 (#2110378)
-- Resolves: #2110378
+* Tue Mar 29 2022 Dan Horák <dhorak[at]redhat.com> - 2.3.0-1
+- updated to 2.3.0 (#2043842)
+- Resolves: #2043842
 
-* Thu May 19 2022 Dan Horák <dhorak@redhat.com> - 2.3.0-1
-- updated to 2.3.0 (#2044177)
-- add provider for openssl 3.x (#2044185)
-- Resolves: #2044177 #2044185
-
-* Wed Feb 02 2022 Dan Horák <dan@danny.cz> - 2.2.2-1
-- updated to 2.2.2 (#2016989)
-- Resolves: #2016989
-
-* Mon Oct 25 2021 Dan Horák <dan@danny.cz> - 2.2.1-1
-- updated to 2.2.1 (#2016989)
-
-* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.2.0-3
-- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
-  Related: rhbz#1991688
+* Wed Oct 06 2021 Dan Horák <dhorak[at]redhat.com> - 2.2.1-1
+- updated to 2.2.1 (#1984971)
+- Resolves: #1984971
 
 * Mon Aug 09 2021 Dan Horák <dhorak[at]redhat.com> - 2.2.0-2
-- fix DSA and DH registration (#1989380)
-- Resolves: #1989380
+- fix DSA and DH registration (#1989064)
+- Resolves: #1989064
 
-* Fri Jun 04 2021 Dan Horák <dan@danny.cz> - 2.2.0-1
-- updated to 2.2.0 (#1869531)
-- eliminate SW fallback functions (#1924117)
-- Resolves: #1869531 #1924117
+* Tue Jul 13 2021 Dan Horák <dhorak[at]redhat.com> - 2.2.0-1
+- updated to 2.2.0 (#1919222)
+- do not use libica software fallbacks (#1922204)
+- Resolves: #1919222 #1922204
 
-* Wed May 12 2021 Dan Horák <dan@danny.cz> - 2.1.2-1
-- updated to 2.1.2
+* Thu May 21 2020 Dan Horák <dhorak[at]redhat.com> - 2.1.1-1
+- updated to 2.1.1 (#1780306)
+- Resolves: #1780306
 
-* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.1.1-4
-- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+* Tue Nov 05 2019 Dan Horák <dhorak[at]redhat.com> - 2.1.0-1
+- updated to 2.1.0 (#1726242)
+- Resolves: #1726242, #1723854
 
-* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.1-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+* Mon Apr 29 2019 Dan Horák <dhorak[at]redhat.com> - 2.0.3-1
+- updated to 2.0.3 (#1666622)
+- Resolves: #1666622 #1659427 #1683099
 
-* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.1-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Tue May 12 2020 Dan Horák <dan@danny.cz> - 2.1.1-1
-- updated to 2.1.1
-
-* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.0-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Mon Sep 09 2019 Dan Horák <dan@danny.cz> - 2.1.0-1
-- updated to 2.1.0
-
-* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.3-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Wed Apr 24 2019 Dan Horák <dan@danny.cz> - 2.0.3-1
-- updated to 2.0.3
-
-* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.2-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Thu Dec 13 2018 Dan Horák <dan@danny.cz> - 2.0.2-1
-- updated to 2.0.2
-
-* Thu Aug 23 2018 Dan Horák <dan@danny.cz> - 2.0.0-3
-- run upstream test-suite during build
-
-* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.0-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+* Tue Dec 11 2018 Dan Horák <dhorak[at]redhat.com> - 2.0.0-2
+- Fix doing rsa-me, altough rsa-crt would be possible
+- Resolves: #1655654
 
 * Mon Jun 18 2018 Dan Horák <dan@danny.cz> - 2.0.0-1
 - updated to 2.0.0