commit 4bd7bfc0b827b792db3378752e6b445ad94c3eac Author: overweight <5324761+overweight@user.noreply.gitee.com> Date: Mon Sep 30 11:10:53 2019 -0400 Package init diff --git a/Makefile.certificate b/Makefile.certificate new file mode 100644 index 0000000..cc88c52 --- /dev/null +++ b/Makefile.certificate @@ -0,0 +1,82 @@ +UTF8 := $(shell locale -c LC_CTYPE -k | grep -q charmap.*UTF-8 && echo -utf8) +DAYS=365 +KEYLEN=2048 +TYPE=rsa:$(KEYLEN) +EXTRA_FLAGS= +ifdef SERIAL + EXTRA_FLAGS+=-set_serial $(SERIAL) +endif + +.PHONY: usage +.SUFFIXES: .key .csr .crt .pem +.PRECIOUS: %.key %.csr %.crt %.pem + +usage: + @echo "This makefile allows you to create:" + @echo " o public/private key pairs" + @echo " o SSL certificate signing requests (CSRs)" + @echo " o self-signed SSL test certificates" + @echo + @echo "To create a key pair, run \"make SOMETHING.key\"." + @echo "To create a CSR, run \"make SOMETHING.csr\"." + @echo "To create a test certificate, run \"make SOMETHING.crt\"." + @echo "To create a key and a test certificate in one file, run \"make SOMETHING.pem\"." + @echo + @echo "To create a key for use with Apache, run \"make genkey\"." + @echo "To create a CSR for use with Apache, run \"make certreq\"." + @echo "To create a test certificate for use with Apache, run \"make testcert\"." + @echo + @echo "To create a test certificate with serial number other than random, add SERIAL=num" + @echo "You can also specify key length with KEYLEN=n and expiration in days with DAYS=n" + @echo "Any additional options can be passed to openssl req via EXTRA_FLAGS" + @echo + @echo Examples: + @echo " make server.key" + @echo " make server.csr" + @echo " make server.crt" + @echo " make stunnel.pem" + @echo " make genkey" + @echo " make certreq" + @echo " make testcert" + @echo " make server.crt SERIAL=1" + @echo " make stunnel.pem EXTRA_FLAGS=-sha384" + @echo " make testcert DAYS=600" + +%.pem: + umask 77 ; \ + PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \ + PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \ + /usr/bin/openssl req $(UTF8) -newkey $(TYPE) -keyout $$PEM1 -nodes -x509 -days $(DAYS) -out $$PEM2 $(EXTRA_FLAGS) ; \ + cat $$PEM1 > $@ ; \ + echo "" >> $@ ; \ + cat $$PEM2 >> $@ ; \ + $(RM) $$PEM1 $$PEM2 + +%.key: + umask 77 ; \ + /usr/bin/openssl genrsa -aes128 $(KEYLEN) > $@ + +%.csr: %.key + umask 77 ; \ + /usr/bin/openssl req $(UTF8) -new -key $^ -out $@ + +%.crt: %.key + umask 77 ; \ + /usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days $(DAYS) -out $@ $(EXTRA_FLAGS) + +TLSROOT=/etc/pki/tls +KEY=$(TLSROOT)/private/localhost.key +CSR=$(TLSROOT)/certs/localhost.csr +CRT=$(TLSROOT)/certs/localhost.crt + +genkey: $(KEY) +certreq: $(CSR) +testcert: $(CRT) + +$(CSR): $(KEY) + umask 77 ; \ + /usr/bin/openssl req $(UTF8) -new -key $(KEY) -out $(CSR) + +$(CRT): $(KEY) + umask 77 ; \ + /usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days $(DAYS) -out $(CRT) $(EXTRA_FLAGS) diff --git a/make-dummy-cert b/make-dummy-cert new file mode 100755 index 0000000..f5f0453 --- /dev/null +++ b/make-dummy-cert @@ -0,0 +1,28 @@ +#!/bin/sh +umask 077 + +answers() { + echo -- + echo SomeState + echo SomeCity + echo SomeOrganization + echo SomeOrganizationalUnit + echo localhost.localdomain + echo root@localhost.localdomain +} + +if [ $# -eq 0 ] ; then + echo $"Usage: `basename $0` filename [...]" + exit 0 +fi + +for target in $@ ; do + PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` + PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` + trap "rm -f $PEM1 $PEM2" SIGINT + answers | /usr/bin/openssl req -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 2> /dev/null + cat $PEM1 > ${target} + echo "" >> ${target} + cat $PEM2 >> ${target} + rm -f $PEM1 $PEM2 +done diff --git a/openssl-1.1.1-build.patch b/openssl-1.1.1-build.patch new file mode 100644 index 0000000..cfe20f6 --- /dev/null +++ b/openssl-1.1.1-build.patch @@ -0,0 +1,40 @@ +diff -up openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl.build openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl +--- openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl.build 2018-06-20 16:48:09.000000000 +0200 ++++ openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl 2018-07-16 17:15:38.108831031 +0200 +@@ -680,7 +680,7 @@ uninstall_runtime: + install_man_docs: + @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) + @$(ECHO) "*** Installing manpages" +- $(PERL) $(SRCDIR)/util/process_docs.pl \ ++ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \ + --destdir=$(DESTDIR)$(MANDIR) --type=man --suffix=$(MANSUFFIX) + + uninstall_man_docs: +@@ -692,7 +692,7 @@ uninstall_man_docs: + install_html_docs: + @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) + @$(ECHO) "*** Installing HTML manpages" +- $(PERL) $(SRCDIR)/util/process_docs.pl \ ++ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \ + --destdir=$(DESTDIR)$(HTMLDIR) --type=html + + uninstall_html_docs: +diff -up openssl-1.1.1-pre8/Configurations/10-main.conf.build openssl-1.1.1-pre8/Configurations/10-main.conf +--- openssl-1.1.1-pre8/Configurations/10-main.conf.build 2018-06-20 16:48:09.000000000 +0200 ++++ openssl-1.1.1-pre8/Configurations/10-main.conf 2018-07-16 17:17:10.312045203 +0200 +@@ -693,6 +693,7 @@ my %targets = ( + cxxflags => add("-m64"), + lib_cppflags => add("-DL_ENDIAN"), + perlasm_scheme => "linux64le", ++ multilib => "64", + }, + + "linux-armv4" => { +@@ -733,6 +734,7 @@ my %targets = ( + "linux-aarch64" => { + inherit_from => [ "linux-generic64", asm("aarch64_asm") ], + perlasm_scheme => "linux64", ++ multilib => "64", + }, + "linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32 + inherit_from => [ "linux-generic32", asm("aarch64_asm") ], diff --git a/openssl-1.1.1c.tar.gz b/openssl-1.1.1c.tar.gz new file mode 100644 index 0000000..874978a Binary files /dev/null and b/openssl-1.1.1c.tar.gz differ diff --git a/openssl.spec b/openssl.spec new file mode 100644 index 0000000..491cd2e --- /dev/null +++ b/openssl.spec @@ -0,0 +1,163 @@ +%define soversion 1.1 +Name: openssl +Epoch: 1 +Version: 1.1.1c +Release: 2 +Summary: Cryptography and SSL/TLS Toolkit +License: OpenSSL and SSLeay +URL: https://www.openssl.org/ +Source0: https://www.openssl.org/source/old/1.1.1/%{name}-%{version}.tar.gz +Source1: Makefile.certificate +Source2: make-dummy-cert +Source3: renew-dummy-cert +# Support lib64 +Patch1: openssl-1.1.1-build.patch + +BuildRequires: gcc make lksctp-tools-devel coreutils util-linux + +Requires: coreutils perl ca-certificates crypto-policies +Recommends: openssl-pkcs11%{?_isa} +Obsoletes: openssl-libs oopenssl-libs%{?_isa} penssl-perl penssl-perl%{?_isa} +Provides: openssl-libs = %{epoch}:%{version}-%{release} openssl-perl = %{epoch}:%{version}-%{release} +Provides: openssl-libs%{?_isa} = %{epoch}:%{version}-%{release} openssl-perl%{_isa} = %{epoch}:%{version}-%{release} + +%description +OpenSSL is a robust, commercial-grade, and full-featured toolkit for the +Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. + +%package devel +Summary: Development files for openssl +Requires: %{name} = %{epoch}:%{version}-%{release} +Requires: krb5-devel zlib-devel pkgconfig +Obsoletes: openssl-static openssl-static%{?_isa} +Provides: openssl-static openssl-static%{?_isa} + +%description devel +%{summary}. + +%package help +Summary: Man pages for openssl +BuildArch: noarch + +%description help +%{summary}. + +%prep +%autosetup -n %{name}-%{version} -p1 + +%build + +sslarch=%{_os}-%{_target_cpu} +%ifarch x86_64 aarch64 +sslflags=enable-ec_nistp_64_gcc_128 +%endif + +RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DPURIFY $RPM_LD_FLAGS" +./Configure \ + --prefix=%{_prefix} \ + --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \ + zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \ + enable-cms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method \ + enable-weak-ssl-ciphers \ + no-mdc2 no-ec2m no-sm2 no-sm4 \ + shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\""' + +%make_build all + +%install + +%make_install + +# rename so name with actual version +rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT%{_libdir}/*.so.%{soversion} +# create symbolic link +for lib in $RPM_BUILD_ROOT%{_libdir}/*.so.%{version} ; do + ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}` + ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`.%{soversion} +done + +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs +install -m644 %{SOURCE1} $RPM_BUILD_ROOT%{_pkgdocdir}/Makefile.certificate +install -m755 %{SOURCE2} $RPM_BUILD_ROOT%{_bindir}/make-dummy-cert +install -m755 %{SOURCE3} $RPM_BUILD_ROOT%{_bindir}/renew-dummy-cert + +mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc/*.pl $RPM_BUILD_ROOT%{_bindir} +mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc/tsget $RPM_BUILD_ROOT%{_bindir} + + +mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/{certs,crl,newcerts,private} +chmod 700 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/private + +touch -r %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/{openssl.cnf,ct_log_list.cnf} + + +# rename man pages avoid conflicting with other man pages in system +%define manpostfix _openssl +pushd $RPM_BUILD_ROOT%{_mandir} +ln -s -f config.5 man5/openssl.cnf.5 +for manpage in man*/* ; do + if [ -L ${manpage} ]; then + targetfile=`ls -l ${manpage} | awk '{print $NF}'` + ln -sf ${targetfile}%{manpostfix} ${manpage}%{manpostfix} + rm -f ${manpage} + else + mv ${manpage} ${manpage}%{manpostfix} + fi +done +popd + +rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/*.dist + +%check +make test || : + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + +%files +%defattr(-,root,root) +%license LICENSE +%doc AUTHORS CHANGES FAQ NEWS README +%{_pkgdocdir}/Makefile.certificate +%dir %{_sysconfdir}/pki/tls +%dir %{_sysconfdir}/pki/tls/certs +%dir %{_sysconfdir}/pki/tls/misc +%dir %{_sysconfdir}/pki/tls/private +%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf +%config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf +%dir %{_sysconfdir}/pki/CA +%dir %{_sysconfdir}/pki/CA/private +%dir %{_sysconfdir}/pki/CA/certs +%dir %{_sysconfdir}/pki/CA/crl +%dir %{_sysconfdir}/pki/CA/newcerts +%{_bindir}/* +%{_libdir}/libcrypto.so.%{version} +%{_libdir}/libcrypto.so.%{soversion} +%{_libdir}/libssl.so.%{version} +%{_libdir}/libssl.so.%{soversion} +%{_libdir}/engines-%{soversion} + +%files devel +%defattr(-,root,root) +%doc doc/dir-locals.example.el doc/openssl-c-indent.el +%{_prefix}/include/openssl +%{_libdir}/pkgconfig/*.pc +%{_libdir}/*.so +%{_libdir}/*.a + +%files help +%defattr(-,root,root) +%{_mandir}/man1/* +%{_mandir}/man3/* +%{_mandir}/man5/* +%{_mandir}/man7/* +%{_pkgdocdir}/html/ + + +%changelog +* Tue Sep 24 2019 openEuler Buildteam - 1:1.1.1c-2 +- Adjust requires + +* Mon Sep 16 2019 openEuler Buildteam - 1:1.1.1c-1 +- Package init diff --git a/renew-dummy-cert b/renew-dummy-cert new file mode 100755 index 0000000..92e271c --- /dev/null +++ b/renew-dummy-cert @@ -0,0 +1,39 @@ +#!/bin/bash + +if [ $# -eq 0 ]; then + echo $"Usage: `basename $0` filename" 1>&2 + exit 1 +fi + +PEM=$1 +REQ=`/bin/mktemp /tmp/openssl.XXXXXX` +KEY=`/bin/mktemp /tmp/openssl.XXXXXX` +CRT=`/bin/mktemp /tmp/openssl.XXXXXX` +NEW=${PEM}_ + +trap "rm -f $REQ $KEY $CRT $NEW" SIGINT + +if [ ! -f $PEM ]; then + echo "$PEM: file not found" 1>&2 + exit 1 +fi + +umask 077 + +OWNER=`ls -l $PEM | awk '{ printf "%s.%s", $3, $4; }'` + +openssl rsa -inform pem -in $PEM -out $KEY +openssl x509 -x509toreq -in $PEM -signkey $KEY -out $REQ +openssl x509 -req -in $REQ -signkey $KEY -days 365 \ + -extfile /etc/pki/tls/openssl.cnf -extensions v3_ca -out $CRT + +(cat $KEY ; echo "" ; cat $CRT) > $NEW + +chown $OWNER $NEW + +mv -f $NEW $PEM + +rm -f $REQ $KEY $CRT + +exit 0 +