diff --git a/.cvsignore b/.cvsignore index e69de29..e0e6e06 100644 --- a/.cvsignore +++ b/.cvsignore @@ -0,0 +1,3 @@ +m2crypto-0.05-snap3.zip +openssl-0.9.5a-usa.tar.bz2 +swig1.1p5.tar.gz diff --git a/Makefile.certificate b/Makefile.certificate new file mode 100644 index 0000000..7bb61e7 --- /dev/null +++ b/Makefile.certificate @@ -0,0 +1,65 @@ +.PHONY: usage +.SUFFIXES: .key .csr .crt .pem +.PRECIOUS: %.key %.csr %.crt %.pem + +usage: + @echo "This makefile allows you to create:" + @echo " o public/private key pairs" + @echo " o SSL certificate signing requests (CSRs)" + @echo " o self-signed SSL test certificates" + @echo + @echo "To create a key pair, run \"make SOMETHING.key\"." + @echo "To create a CSR, run \"make SOMETHING.csr\"." + @echo "To create a test certificate, run \"make SOMETHING.crt\"." + @echo "To create a key and a test certificate in one file, run \"make SOMETHING.pem\"." + @echo + @echo "To create a key for use with Apache, run \"make genkey\"." + @echo "To create a CSR for use with Apache, run \"make certreq\"." + @echo "To create a test certificate for use with Apache, run \"make testcert\"." + @echo + @echo Examples: + @echo " make server.key" + @echo " make server.csr" + @echo " make server.crt" + @echo " make stunnel.pem" + @echo " make genkey" + @echo " make certreq" + @echo " make testcert" + +%.pem: + umask 77 ; \ + PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \ + PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \ + /usr/bin/openssl req -newkey rsa:1024 -keyout $$PEM1 -nodes -x509 -days 365 -out $$PEM2 ; \ + cat $$PEM1 > $@ ; \ + echo "" >> $@ ; \ + cat $$PEM2 >> $@ ; \ + $(RM) $$PEM1 $$PEM2 + +%.key: + umask 77 ; \ + /usr/bin/openssl genrsa -des3 1024 > $@ + +%.csr: %.key + umask 77 ; \ + /usr/bin/openssl req -new -key $^ -out $@ + +%.crt: %.key + umask 77 ; \ + /usr/bin/openssl req -new -key $^ -x509 -days 365 -out $@ + +KEY=/etc/httpd/conf/ssl.key/server.key +CSR=/etc/httpd/conf/ssl.csr/server.csr +CRT=/etc/httpd/conf/ssl.crt/server.crt + +genkey: $(KEY) +certreq: $(CSR) +testcert: $(CRT) + +$(CSR): $(KEY) + umask 77 ; \ + /usr/bin/openssl req -new -key $(KEY) -out $(CSR) + +$(CRT): $(KEY) + umask 77 ; \ + /usr/bin/openssl req -new -key $(KEY) -x509 -days 365 -out $(CRT) diff --git a/hobble-openssl b/hobble-openssl new file mode 100755 index 0000000..b9febca --- /dev/null +++ b/hobble-openssl @@ -0,0 +1,52 @@ +#!/bin/sh + +# Clean out patent-protected code. +# RSA: 4,405,829 20/09/2000 +# MDC-2: 4,908,861 13/03/2007 +# IDEA: 5,214,703 25/05/2010 +# RC5: 5,724,428 03/03/2015 + +# RSA's patented parts. +function nullify_rsa() { + echo Removing patented parts from crypto/rsa/rsa_eay.c + cat crypto/rsa/rsa_eay.c | \ + awk 'BEGIN {ech=1;} \ + /#if/ {if(ech < 1) ech--;} \ + /#ifndef.*RSA_NULL/ {ech--;} \ + {if(ech>0) {;print $0};} \ + /#endif/ {if(ech < 1) ech++;}' > crypto/rsa/nullrsa_eay.c && \ + mv crypto/rsa/nullrsa_eay.c crypto/rsa/rsa_eay.c + rm -fr crypto/rsa/asm +} + +if [ `date +%Y%m%d` -lt 20000921 ] ; then + nullify_rsa +fi + +# Bah. Assembler is hard to port. +(find crypto/{idea,mdc2,rc5,md2}/asm -type f | xargs -r rm -fv) + +# IDEA, MDC2 and RC5. +for c in `find crypto/{idea,mdc2,rc5,md2} -name "*.c" -a \! -name "*test*" -type f` ; do + echo Destroying $c + cat /dev/null > $c +done +for c in `find crypto/evp -name "*_r5.c" -o -name "*_i.c" -o -name "*_mdc2.c" -o -name "*_md2.c"`; do + echo Destroying $c + cat /dev/null > $c +done +for h in `find include crypto ssl apps test -name "*.h"` ; do + echo Removing IDEA, MDC2, MD2 and RC5 references from $h + cat $h | \ + awk 'BEGIN {ech=1;} \ + /#[ \t]*if/ {if(ech < 1) ech--;} \ + /#[ \t]*ifndef.*NO_IDEA/ {ech--;} \ + /#[ \t]*ifndef.*NO_MDC2/ {ech--;} \ + /#[ \t]*ifndef.*NO_MD2/ {ech--;} \ + /#[ \t]*ifndef.*NO_RC5/ {ech--;} \ + {if(ech>0) {;print $0};} \ + /#endif/ {if(ech < 1) ech++;}' > $h.hobbled && \ + mv $h.hobbled $h +done +# Make the makefiles happy. +touch crypto/rc5/asm/rc5-586.pl diff --git a/openssl.spec b/openssl.spec new file mode 100644 index 0000000..b9ba350 --- /dev/null +++ b/openssl.spec @@ -0,0 +1,273 @@ +%define m2crypto_version 0.05-snap3 +%define swig_version 1.1p5 + +Summary: Secure Sockets Layer Toolkit +Name: openssl +Version: 0.9.5a +Release: 14 +Source: openssl-%{version}-usa.tar.bz2 +Source1: hobble-openssl +Source2: Makefile.certificate +Source3: http://download.sourceforge.net/swig/swig%{swig_version}.tar.gz +Source4: http://mars.post1.com/home/ngps/m2/m2crypto-%{m2crypto_version}.zip +Patch0: openssl-0.9.5-redhat.patch +Patch1: openssl-0.9.5-rsanull.patch +Patch2: openssl-0.9.5a-64.patch +Patch3: openssl-0.9.5a-defaults.patch +Copyright: BSDish +Group: System Environment/Libraries +URL: http://www.openssl.org/ +BuildRoot: %{_tmppath}/%{name}-%{version}-root +BuildPreReq: perl, python-devel + +%description +The OpenSSL certificate management tool and the shared libraries that +provide various cryptographic algorithms and protocols. + +%package devel +Summary: OpenSSL libraries and development headers. +Group: Development/Libraries + +%description devel +The static libraries and include files needed to compile apps +with support for various cryptographic algorithms and protocols. + +Patches for many networking apps can be found at: +ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps/ + +%package perl +Summary: OpenSSL scripts which require Perl. +Group: Applications/Internet +Requires: perl + +%description perl +Perl scripts provided with OpenSSL for converting certificates and keys +from other formats to those used by OpenSSL. + +%package python +Summary: Support for using OpenSSL in python scripts. +Group: Applications/Internet +Requires: python + +%description python +This package allows you to call OpenSSL functions from python scripts. + +%prep +%setup -q +#%{SOURCE1} +%patch0 -p1 -b .redhat +%patch1 -p1 -b .rsanull +%ifarch alpha +%patch2 -p1 +%endif +%ifarch ia64 +%patch2 -p1 +%endif +%patch3 -p1 + +# Extract what we need for building extensions. +gzip -dc %{SOURCE3} | tar xf - +unzip -q %{SOURCE4} +pushd m2crypto-%{m2crypto_version} + for file in demo/evp_ciph_test.py demo/bio_ciph_test.py swig/_evp.i ; do + grep -v idea_ ${file} > ${file}.tmp + grep -v rc5_ ${file}.tmp > ${file} + done +popd + +chmod 644 FAQ LICENSE CHANGES NEWS INSTALL README +chmod 644 doc/README doc/c-indentation.el doc/openssl.txt +chmod 644 doc/openssl_button.html doc/openssl_button.gif +chmod 644 doc/ssleay.txt + +%build +PATH=${PATH}:${PWD}/bin +TOPDIR=${PWD} + +# Figure out which flags we want to use. Assembly is broken on some platforms, +# required on others. +perl util/perlpath.pl `dirname %{__perl}` +%ifarch %ix86 +sslarch=linux-elf +%endif +%ifarch sparc +sslarch=linux-sparcv9 +%endif +%ifarch ia64 +sslarch=linux-ia64 +sslflags=no-asm +%endif +%ifarch alpha +sslarch=alpha-gcc +sslflags=no-asm +%endif +# Configure the build tree. Override OpenSSL defaults with known-good defaults +# usable on all platforms. +CFLAGS="-fPIC -ggdb"; export CFLAGS +#./Configure --prefix=%{_prefix} --openssldir=%{_datadir}/ssl ${sslarch} +./config --prefix=%{_prefix} --openssldir=%{_datadir}/ssl ${sslflags} $CFLAGS no-idea no-mdc2 no-rc5 no-md2 +make all + +# Build the Perl bindings. +#pushd perl +#perl Makefile.PL +#make +#popd + +# Verify that what was compiled actually works. +make -C test apps tests + +# Build shared libraries. +majorver=`echo %{version} | cut -f1 -d.` +for shlib in crypto ssl ; do + pushd $shlib + objs=`ar t ../lib${shlib}.a | xargs -n 1 find . -name` + %{__cc} -shared -o ../lib${shlib}.so.%{version} \ + -Wl,-soname=lib${shlib}.so.${majorver} $objs && \ + ln -sf lib${shlib}.so.%{version} ../lib${shlib}.so + popd +done + +# Build a copy of swig with which to build the extensions. +pushd SWIG%{swig_version} +autoconf +CFLAGS="%{optflags}" \ +CCFLAGS="%{optflags}" \ +FFLAGS="%{optflags}" \ +./configure --prefix=${TOPDIR} +make all install +popd + +# Build the python extensions. +pushd m2crypto-%{m2crypto_version}/swig +make \ + INCLUDE=-I. -I../../include \ + LIBS="-L${TOPDIR} -lssl -lcrypto -lc" \ + PYINCLUDE="-DHAVE_CONFIG_H -I/usr/include/python1.5 -I/usr/lib/python1.5/config" + PYLIB=/usr/lib/python1.5/config +cd ../doc +sh -x go +popd + +%install +[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT +# Install OpenSSL. +install -d $RPM_BUILD_ROOT{%{_bindir},%{_includedir},%{_libdir},%{_mandir}} +make INSTALL_PREFIX=$RPM_BUILD_ROOT install +mv $RPM_BUILD_ROOT%{_datadir}/ssl/man/* $RPM_BUILD_ROOT%{_mandir} +rmdir $RPM_BUILD_ROOT%{_datadir}/ssl/man +install -m 755 *.so.* $RPM_BUILD_ROOT%{_libdir} +for lib in $RPM_BUILD_ROOT%{_libdir}/*.so.%{version} ; do + ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}` +done + +mkdir -p $RPM_BUILD_ROOT%{_datadir}/ssl/certs +install -m644 $RPM_SOURCE_DIR/Makefile.certificate $RPM_BUILD_ROOT%{_datadir}/ssl/certs/Makefile + +strip $RPM_BUILD_ROOT%{_bindir}/* ||: +strip -g $RPM_BUILD_ROOT%{_libdir}/lib* ||: + +# Fudge this. +mv $RPM_BUILD_ROOT%{_mandir}/man1/passwd.1 $RPM_BUILD_ROOT%{_mandir}/man1/sslpasswd.1 +mv $RPM_BUILD_ROOT%{_mandir}/man3/rand.3 $RPM_BUILD_ROOT%{_mandir}/man3/sslrand.3 + +# Pick a CA script. +pushd $RPM_BUILD_ROOT%{_datadir}/ssl/misc +mv CA.sh CA +mv der_chop der_chop.pl +popd + +# Install the python extensions. +pushd m2crypto-%{m2crypto_version}/M2Crypto +mkdir -p $RPM_BUILD_ROOT/usr/lib/python1.5/site-packages/M2Crypto/{PGP,SSL} +find -name "*.py" | xargs -i install -m644 '{}' $RPM_BUILD_ROOT/usr/lib/python1.5/site-packages/M2Crypto/'{}' +find -name "*.so" | xargs -i install -m755 '{}' $RPM_BUILD_ROOT/usr/lib/python1.5/site-packages/M2Crypto/'{}' +python -c "import compileall; compileall.compile_dir('"$RPM_BUILD_ROOT/usr/lib/python1.5/site-packages/M2Crypto"', 3, '/usr/lib/python1.5/site-packages/M2Crypto')" +popd + +%clean +[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT + +%files +%defattr(-,root,root) +%doc FAQ LICENSE CHANGES NEWS INSTALL README +%doc doc/README doc/c-indentation.el doc/openssl.txt +%doc doc/openssl_button.html doc/openssl_button.gif +%doc doc/ssleay.txt +%dir %{_datadir}/ssl +%{_datadir}/ssl/certs +%{_datadir}/ssl/lib +%{_datadir}/ssl/misc/c_* +%{_datadir}/ssl/private + +%config %{_datadir}/ssl/openssl.cnf + +%attr(0755,root,root) %{_bindir}/* +%attr(0755,root,root) %{_libdir}/*.so.* +%attr(0644,root,root) %{_mandir}/man1/* +%attr(0644,root,root) %{_mandir}/man5/* +%attr(0644,root,root) %{_mandir}/man7/* + +%files devel +%defattr(-,root,root) +%{_prefix}/include/openssl +%attr(0644,root,root) %{_libdir}/*.a +%attr(0755,root,root) %{_libdir}/*.so +%attr(0644,root,root) %{_mandir}/man3/* + +%files perl +%defattr(-,root,root) +%{_datadir}/ssl/misc/*.pl + +%files python +%defattr(-,root,root) +%doc m2crypto-%{m2crypto_version}/{BUGS,CHANGES,LIC*,README,TODO} +%doc m2crypto-%{m2crypto_version}/doc/{README,*.html} +%{_libdir}/python1.5/site-packages/M2Crypto + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + +%changelog +* Thu Sep 21 2000 Nalin Dahyabhai +- tweak the makefile some more +- disable MD2 support +- disable MDC2 support +- tweak the makefile +- rework certificate makefile to have the right parts for Apache +- strip binaries and libraries +- enable actual RSA support +- use %{__perl} instead of /usr/bin/perl +- move the passwd.1 man page out of the passwd package's way +- update to 0.9.5a, modified for U.S. +- add perl as a build-time requirement +- disable RC5, IDEA support +- break out python extensions +- byte-compile python extensions without the build-root +- adjust the makefile to not remove temporary files (like .key files when + building .csr files) +- fix the building of python modules without openssl-devel already installed + +* Wed Mar 1 2000 Florian La Roche +- Bero told me to move the Makefile into this package + +* Wed Mar 1 2000 Florian La Roche +- add lib*.so symlinks to link dynamically against shared libs + +* Tue Feb 29 2000 Florian La Roche +- update to 0.9.5 +- run ldconfig directly in post/postun +- add FAQ + +* Sat Dec 18 1999 Bernhard Rosenkränzer +- Fix build on non-x86 platforms + +* Fri Nov 12 1999 Bernhard Rosenkränzer +- move /usr/share/ssl/* from -devel to main package + +* Tue Oct 26 1999 Bernhard Rosenkränzer +- inital packaging +- changes from base: + - Move /usr/local/ssl to /usr/share/ssl for FHS compliance + - handle RPM_OPT_FLAGS diff --git a/sources b/sources index e69de29..261eda2 100644 --- a/sources +++ b/sources @@ -0,0 +1,3 @@ +8ad48b6514d8d9508eab7834ee1351a7 m2crypto-0.05-snap3.zip +b62a11ac0304b115a783a5c1144ce5da openssl-0.9.5a-usa.tar.bz2 +097bd08998590c400472995cbf282622 swig1.1p5.tar.gz