Hello,
I have tried to build openssl-0.9.8m, i got some errors while applying the patch. I found many .patch files in rpmbuild/SOURCES/ directory after installing openssl-0.8.8k-5. what are the suitable .patch files for openssl-0.9.8m? How to build penssl-0.9.8m binary and source rpm from openssl-0.8.8k-5 source rpm? or Is there any source rpm for penssl-0.9.8m?
Steps followed 1.Installed openssl-0.8.8k-5 source rpm
2.Changed rpmbuild/SOURCES/openssl-0.9.8k-usa.tar.bz2 with openssl-0.9.8m.tar.gz
3.necessary changes in openssl.spec file
$rpmbuild -ba openssl.spec
Errors i got:
+ /home/thirumalai/rpmbuild/SOURCES/hobble-openssl find: `crypto/idea/asm': No such file or directory find: `crypto/mdc2/asm': No such file or directory + echo 'Patch #0 (openssl-0.9.8j-redhat.patch):' Patch #0 (openssl-0.9.8j-redhat.patch): + /bin/cat /home/thirumalai/rpmbuild/SOURCES/openssl-0.9.8j-redhat.patch + /usr/bin/patch -s -p1 -b --suffix .redhat --fuzz=0 1 out of 2 hunks FAILED -- saving rejects to file Configure.rej error: Bad exit status from /var/tmp/rpm-tmp.IEA9i3 (%prep)
RPM build errors: Bad exit status from /var/tmp/rpm-tmp.IEA9i3 (%prep)
openssl.spec file:
# For the curious: # 0.9.5a soversion = 0 # 0.9.6 soversion = 1 # 0.9.6a soversion = 2 # 0.9.6c soversion = 3 # 0.9.7a soversion = 4 # 0.9.7ef soversion = 5 # 0.9.8ab soversion = 6 # 0.9.8g soversion = 7 # 0.9.8jk + EAP-FAST soversion = 8 %define soversion 8
# Number of threads to spawn when testing some threading fixes. %define thread_test_threads %{?threads:%{threads}}%{!?threads:1}
# Arches on which we need to prevent arch conflicts on opensslconf.h, must # also be handled in opensslconf-new.h. %define multilib_arches %{ix86} ia64 ppc ppc64 s390 s390x sparcv9 sparc64 x86_64
# Arches for which we don't build subpackages. %define optimize_arches i686
Summary: A general purpose cryptography library with TLS implementation Name: openssl Version: 0.9.8m Release: 5%{?dist} # We remove certain patented algorithms from the openssl source tarball # with the hobble-openssl script which is included below. Source: openssl-%{version}.tar.gz Source1: hobble-openssl Source2: Makefile.certificate Source6: make-dummy-cert Source8: openssl-thread-test.c Source9: opensslconf-new.h Source10: opensslconf-new-warning.h # Build changes Patch0: openssl-0.9.8j-redhat.patch Patch1: openssl-0.9.8a-defaults.patch Patch2: openssl-0.9.8a-link-krb5.patch Patch3: openssl-0.9.8j-soversion.patch Patch4: openssl-0.9.8j-enginesdir.patch Patch5: openssl-0.9.8a-no-rpath.patch Patch6: openssl-0.9.8b-test-use-localhost.patch Patch7: openssl-0.9.8k-shlib-version.patch # Bug fixes Patch21: openssl-0.9.8b-aliasing-bug.patch Patch22: openssl-0.9.8k-x509-name-cmp.patch Patch23: openssl-0.9.8g-default-paths.patch Patch24: openssl-0.9.8g-no-extssl.patch # Functionality changes Patch32: openssl-0.9.8g-ia64.patch Patch33: openssl-0.9.8j-ca-dir.patch Patch34: openssl-0.9.6-x509.patch Patch35: openssl-0.9.8j-version-add-engines.patch Patch38: openssl-0.9.8a-reuse-cipher-change.patch Patch39: openssl-0.9.8g-ipv6-apps.patch Patch40: openssl-0.9.8j-nocanister.patch Patch41: openssl-0.9.8k-use-fipscheck.patch Patch42: openssl-0.9.8k-fipscheck-hmac.patch Patch44: openssl-0.9.8k-kernel-fipsmode.patch Patch45: openssl-0.9.8j-env-nozlib.patch Patch46: openssl-0.9.8j-eap-fast.patch Patch47: openssl-0.9.8j-readme-warning.patch Patch48: openssl-0.9.8j-bad-mime.patch Patch49: openssl-0.9.8j-fips-no-pairwise.patch Patch50: openssl-0.9.8j-fips-rng-seed.patch Patch51: openssl-0.9.8k-multi-crl.patch Patch52: openssl-0.9.8k-dtls-compat.patch Patch53: openssl-0.9.8k-dtls-dos.patch # Backported fixes including security fixes
License: OpenSSL Group: System Environment/Libraries URL: http://www.openssl.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-root BuildRequires: mktemp, krb5-devel, perl, sed, zlib-devel, /usr/bin/cmp BuildRequires: /usr/bin/rename Requires: mktemp, ca-certificates >= 2008-5
%description The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.
%package devel Summary: Files for development of applications which will use OpenSSL Group: Development/Libraries Requires: %{name} = %{version}-%{release}, krb5-devel, zlib-devel Requires: pkgconfig
%description devel OpenSSL is a toolkit for supporting cryptography. The openssl-devel package contains include files needed to develop applications which support various cryptographic algorithms and protocols.
%package static Summary: Libraries for static linking of applications which will use OpenSSL Group: Development/Libraries Requires: %{name}-devel = %{version}-%{release}
%description static OpenSSL is a toolkit for supporting cryptography. The openssl-static package contains static libraries needed for static linking of applications which support various cryptographic algorithms and protocols.
%package perl Summary: Perl scripts provided with OpenSSL Group: Applications/Internet Requires: perl Requires: %{name} = %{version}-%{release}
%description perl OpenSSL is a toolkit for supporting cryptography. The openssl-perl package provides Perl scripts for converting certificates and keys from other formats to the formats used by the OpenSSL toolkit.
%prep %setup -q
%{SOURCE1} > /dev/null %patch0 -p1 -b .redhat %patch1 -p1 -b .defaults # Fix link line for libssl (bug #111154). %patch2 -p1 -b .krb5 %patch3 -p1 -b .soversion %patch4 -p1 -b .enginesdir %patch5 -p1 -b .no-rpath %patch6 -p1 -b .use-localhost %patch7 -p1 -b .shlib-version
%patch21 -p1 -b .aliasing-bug %patch22 -p1 -b .name-cmp %patch23 -p1 -b .default-paths %patch24 -p1 -b .no-extssl
%patch32 -p1 -b .ia64 %patch33 -p1 -b .ca-dir %patch34 -p1 -b .x509 %patch35 -p1 -b .version-add-engines %patch38 -p1 -b .cipher-change %patch39 -p1 -b .ipv6-apps %patch40 -p1 -b .nocanister %patch41 -p1 -b .use-fipscheck %patch42 -p1 -b .fipscheck-hmac %patch44 -p1 -b .fipsmode %patch45 -p1 -b .env-nozlib %patch46 -p1 -b .eap-fast %patch47 -p1 -b .warning %patch48 -p1 -b .bad-mime %patch49 -p1 -b .no-pairwise %patch50 -p1 -b .rng-seed %patch51 -p1 -b .multi-crl %patch52 -p1 -b .dtls-compat %patch53 -p1 -b .dtls-dos
# Modify the various perl scripts to reference perl in the right location. perl util/perlpath.pl `dirname %{__perl}`
# Generate a table with the compile settings for my perusal. touch Makefile make TABLE PERL=%{__perl}
%build # Figure out which flags we want to use. # default sslarch=%{_os}-%{_arch} %ifarch %ix86 sslarch=linux-elf if ! echo %{_target} | grep -q i686 ; then sslflags="no-asm 386" fi %endif %ifarch sparcv9 sslarch=linux-sparcv9 sslflags=no-asm %endif %ifarch sparc64 sslarch=linux64-sparcv9 sslflags=no-asm %endif %ifarch alpha alphaev56 alphaev6 alphaev67 sslarch=linux-alpha-gcc %endif %ifarch s390 sh3eb sh4eb sslarch="linux-generic32 -DB_ENDIAN" %endif %ifarch s390x sslarch="linux-generic64 -DB_ENDIAN" %endif %ifarch %{arm} sh3 sh4 sslarch=linux-generic32 %endif # ia64, x86_64, ppc, ppc64 are OK by default # Configure the build tree. Override OpenSSL defaults with known-good defaults # usable on all platforms. The Configure script already knows to use -fPIC and # RPM_OPT_FLAGS, so we can skip specifiying them here. ./Configure \ --prefix=/usr --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \ zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \ enable-cms no-idea no-mdc2 no-rc5 no-ec no-ecdh no-ecdsa shared \ --with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines \ --with-krb5-dir=/usr ${sslarch} fipscanisterbuild
# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be # marked as not requiring an executable stack. RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack" make depend make all
# Generate hashes for the included certs. make rehash
%check # Verify that what was compiled actually works.
# We must revert patch33 before tests otherwise they will fail patch -p1 -R < %{PATCH33}
LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}} export LD_LIBRARY_PATH make -C test apps tests %{__cc} -o openssl-thread-test \ `krb5-config --cflags` \ -I./include \ $RPM_OPT_FLAGS \ %{SOURCE8} \ -L. \ -lssl -lcrypto \ `krb5-config --libs` \ -lpthread -lz -ldl ./openssl-thread-test --threads %{thread_test_threads}
# Add generation of HMAC checksum of the final stripped library %define __spec_install_post \ %{?__debug_package:%{__debug_install_post}} \ %{__arch_install_post} \ %{__os_install_post} \ fips/fips_standalone_sha1 $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{version}
$RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{version}.hmac \
ln -sf .libcrypto.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{soversion}.hmac \ fips/fips_standalone_sha1 $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{version}
$RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{version}.hmac \
ln -sf .libssl.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{soversion}.hmac \ %{nil}
%install [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT # Install OpenSSL. install -d $RPM_BUILD_ROOT{%{_bindir},%{_includedir},%{_libdir},%{_mandir},%{_libdir}/openssl} make INSTALL_PREFIX=$RPM_BUILD_ROOT install make INSTALL_PREFIX=$RPM_BUILD_ROOT install_docs # OpenSSL install doesn't use correct _libdir on 64 bit archs [ "%{_libdir}" != /usr/lib ] && mv $RPM_BUILD_ROOT/usr/lib/lib*.so.%{soversion} $RPM_BUILD_ROOT%{_libdir}/ mv $RPM_BUILD_ROOT/usr/lib/engines $RPM_BUILD_ROOT%{_libdir}/openssl mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man/* $RPM_BUILD_ROOT%{_mandir}/ rmdir $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man mv $RPM_BUILD_ROOT/usr/lib/* $RPM_BUILD_ROOT%{_libdir}/ || : rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT%{_libdir}/*.so.%{soversion} for lib in $RPM_BUILD_ROOT%{_libdir}/*.so.%{version} ; do chmod 755 ${lib} ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}` ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`.%{soversion} done
# Install a makefile for generating keys and self-signed certs, and a script # for generating them on the fly. mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs install -m644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs/Makefile install -m755 %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs/make-dummy-cert
# Make sure we actually include the headers we built against. for header in $RPM_BUILD_ROOT%{_includedir}/openssl/* ; do if [ -f ${header} -a -f include/openssl/$(basename ${header}) ] ; then install -m644 include/openssl/`basename ${header}` ${header} fi done
# Rename man pages so that they don't conflict with other system man pages. pushd $RPM_BUILD_ROOT%{_mandir} for manpage in man*/* ; do if [ -L ${manpage} ]; then TARGET=`ls -l ${manpage} | awk '{ print $NF }'` ln -snf ${TARGET}ssl ${manpage}ssl rm -f ${manpage} else mv ${manpage} ${manpage}ssl fi done for conflict in passwd rand ; do rename ${conflict} ssl${conflict} man*/${conflict}* done popd
# Pick a CA script. pushd $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc mv CA.sh CA popd
mkdir -m700 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA mkdir -m700 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/private
# Ensure the openssl.cnf timestamp is identical across builds to avoid # mulitlib conflicts and unnecessary renames on upgrade touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf
# Fix libdir. pushd $RPM_BUILD_ROOT/%{_libdir}/pkgconfig for i in *.pc ; do sed 's,^libdir=${exec_prefix}/lib,libdir=${exec_prefix}/%{_lib},g' \ $i >$i.tmp && \ cat $i.tmp >$i && \ rm -f $i.tmp done popd
# Determine which arch opensslconf.h is going to try to #include. basearch=%{_arch} %ifarch %{ix86} basearch=i386 %endif %ifarch sparcv9 basearch=sparc %endif %ifarch sparc64 basearch=sparc64 %endif
%ifarch %{multilib_arches} # Do an opensslconf.h switcheroo to avoid file conflicts on systems where you # can have both a 32- and 64-bit version of the library, and they each need # their own correct-but-different versions of opensslconf.h to be usable. install -m644 %{SOURCE10} \ $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf-${basearch}.h cat $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf.h >> \ $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf-${basearch}.h install -m644 %{SOURCE9} \ $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf.h %endif
%ifarch %{optimize_arches} # Remove bits which belong in subpackages. rm -rf $RPM_BUILD_ROOT/%{_prefix}/include/openssl rm -rf $RPM_BUILD_ROOT/%{_libdir}/*.a rm -rf $RPM_BUILD_ROOT/%{_libdir}/*.so rm -rf $RPM_BUILD_ROOT/%{_libdir}/pkgconfig rm -rf $RPM_BUILD_ROOT/%{_mandir}/man3/*
rm -rf $RPM_BUILD_ROOT/%{_bindir}/c_rehash rm -rf $RPM_BUILD_ROOT/%{_mandir}/man1*/*.pl* rm -rf $RPM_BUILD_ROOT/%{_sysconfdir}/pki/tls/misc/*.pl %endif
# Remove unused files from upstream fips support rm -rf $RPM_BUILD_ROOT/%{_bindir}/openssl_fips_fingerprint rm -rf $RPM_BUILD_ROOT/%{_libdir}/fips_premain.* rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%clean [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
%files %defattr(-,root,root) %doc FAQ LICENSE CHANGES NEWS INSTALL README %doc doc/c-indentation.el doc/openssl.txt %doc doc/openssl_button.html doc/openssl_button.gif %doc doc/ssleay.txt %dir %{_sysconfdir}/pki/tls %dir %{_sysconfdir}/pki/tls/certs %{_sysconfdir}/pki/tls/certs/make-dummy-cert %{_sysconfdir}/pki/tls/certs/Makefile %dir %{_sysconfdir}/pki/tls/misc %{_sysconfdir}/pki/tls/misc/CA %dir %{_sysconfdir}/pki/CA %dir %{_sysconfdir}/pki/CA/private %{_sysconfdir}/pki/tls/misc/c_* %{_sysconfdir}/pki/tls/private
%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
%attr(0755,root,root) %{_bindir}/openssl %attr(0755,root,root) %{_libdir}/*.so.%{version} %attr(0755,root,root) %{_libdir}/*.so.%{soversion} %attr(0644,root,root) %{_libdir}/.libcrypto.so.*.hmac %attr(0644,root,root) %{_libdir}/.libssl.so.*.hmac %attr(0755,root,root) %{_libdir}/openssl %attr(0644,root,root) %{_mandir}/man1*/[ABD-Zabcd-z]* %attr(0644,root,root) %{_mandir}/man5*/* %attr(0644,root,root) %{_mandir}/man7*/*
%ifnarch %{optimize_arches} %files devel %defattr(-,root,root) %{_prefix}/include/openssl %attr(0755,root,root) %{_libdir}/*.so %attr(0644,root,root) %{_mandir}/man3*/* %attr(0644,root,root) %{_libdir}/pkgconfig/*.pc
%files static %defattr(-,root,root) %attr(0644,root,root) %{_libdir}/*.a
%files perl %defattr(-,root,root) %attr(0755,root,root) %{_bindir}/c_rehash %attr(0644,root,root) %{_mandir}/man1*/*.pl* %dir %{_sysconfdir}/pki/tls/misc %{_sysconfdir}/pki/tls/misc/*.pl %endif
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%changelog
Thanks and regards, Thirumalaisamy K K,
On 6 March 2010 15:50, thirumalai wrote:
Hello,
I have tried to build openssl-0.9.8m, i got some errors while applying the patch. I found many .patch files in rpmbuild/SOURCES/ directory after installing openssl-0.8.8k-5. what are the suitable .patch files for openssl-0.9.8m? How to build penssl-0.9.8m binary and source rpm from openssl-0.8.8k-5 source rpm? or Is there any source rpm for penssl-0.9.8m?
[..]
These queries are sort of irrelevant here, still I will throw my suggestions if they help:
* In case you want to check if any builds are still available check koji[1] * I could not find any builds available there for 0.9.8m * So, in case you really need(for whatever purpose) 0.9.8m (which is not latest available or was never build) you select of one previous release available srpm is ok (In case 0.9.8k is previous version). * You will need to adjust patches yourself based on 1) whether they are needed 2) Whether they are already included upstream 3) Any new patches for new needs specific to m version.
[1] http://koji.fedoraproject.org/koji/
Hope this helps.
Regards,
Its also important to note that any vulnerability in the upstream version packaged in Fedora may addressed via patches.
On 3/6/10, Rakesh Pandit rakesh.pandit@gmail.com wrote:
On 6 March 2010 15:50, thirumalai wrote:
Hello,
I have tried to build openssl-0.9.8m, i got some errors while applying the patch. I found many .patch files in rpmbuild/SOURCES/ directory after installing openssl-0.8.8k-5. what are the suitable .patch files for openssl-0.9.8m? How to build penssl-0.9.8m binary and source rpm from openssl-0.8.8k-5 source rpm? or Is there any source rpm for penssl-0.9.8m?
[..]
These queries are sort of irrelevant here, still I will throw my suggestions if they help:
- In case you want to check if any builds are still available check koji[1]
- I could not find any builds available there for 0.9.8m
- So, in case you really need(for whatever purpose) 0.9.8m (which is
not latest available or was never build) you select of one previous release available srpm is ok (In case 0.9.8k is previous version).
- You will need to adjust patches yourself based on 1) whether they
are needed 2) Whether they are already included upstream 3) Any new patches for new needs specific to m version.
[1] http://koji.fedoraproject.org/koji/
Hope this helps.
Regards,
-- Rakesh Pandit https://fedoraproject.org/wiki/User:Rakesh freedom, friends, features, first -- packaging mailing list packaging@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/packaging
Thanks for your reply. There is no description for each patches. Can you tell me what each patches in source rpm will resolve? Then only i can adjust patches myself for successful rpm build.
On 03/07/2010 09:14 AM, Jon Stanley wrote:
Its also important to note that any vulnerability in the upstream version packaged in Fedora may addressed via patches.
On 3/6/10, Rakesh Panditrakesh.pandit@gmail.com wrote:
On 6 March 2010 15:50, thirumalai wrote:
Hello,
I have tried to build openssl-0.9.8m, i got some errors while applying the patch. I found many .patch files in rpmbuild/SOURCES/ directory after installing openssl-0.8.8k-5. what are the suitable .patch files for openssl-0.9.8m? How to build penssl-0.9.8m binary and source rpm from openssl-0.8.8k-5 source rpm? or Is there any source rpm for penssl-0.9.8m?
[..]
These queries are sort of irrelevant here, still I will throw my suggestions if they help:
- In case you want to check if any builds are still available check koji[1]
- I could not find any builds available there for 0.9.8m
- So, in case you really need(for whatever purpose) 0.9.8m (which is
not latest available or was never build) you select of one previous release available srpm is ok (In case 0.9.8k is previous version).
- You will need to adjust patches yourself based on 1) whether they
are needed 2) Whether they are already included upstream 3) Any new patches for new needs specific to m version.
[1] http://koji.fedoraproject.org/koji/
Hope this helps.
Regards,
-- Rakesh Pandit https://fedoraproject.org/wiki/User:Rakesh freedom, friends, features, first -- packaging mailing list packaging@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/packaging
packaging@lists.fedoraproject.org