[Fedora-packaging] openssl-0.9.8m rpm build errors

Sat Mar 6 10:20:34 UTC 2010

Hello,

I have tried to build openssl-0.9.8m, i got some errors while applying 
the patch. I found many .patch files in rpmbuild/SOURCES/ directory 
after installing openssl-0.8.8k-5. what are the suitable .patch files 
for openssl-0.9.8m? How to build penssl-0.9.8m binary and source rpm from
openssl-0.8.8k-5 source rpm? or Is there any source rpm for penssl-0.9.8m?

Steps followed
1.Installed openssl-0.8.8k-5 source rpm

2.Changed rpmbuild/SOURCES/openssl-0.9.8k-usa.tar.bz2 with 
openssl-0.9.8m.tar.gz

3.necessary changes in openssl.spec file

$rpmbuild -ba openssl.spec

Errors i got:

+ /home/thirumalai/rpmbuild/SOURCES/hobble-openssl
find: `crypto/idea/asm': No such file or directory
find: `crypto/mdc2/asm': No such file or directory
+ echo 'Patch #0 (openssl-0.9.8j-redhat.patch):'
Patch #0 (openssl-0.9.8j-redhat.patch):
+ /bin/cat /home/thirumalai/rpmbuild/SOURCES/openssl-0.9.8j-redhat.patch
+ /usr/bin/patch -s -p1 -b --suffix .redhat --fuzz=0
1 out of 2 hunks FAILED -- saving rejects to file Configure.rej
error: Bad exit status from /var/tmp/rpm-tmp.IEA9i3 (%prep)

RPM build errors:
     Bad exit status from /var/tmp/rpm-tmp.IEA9i3 (%prep)

openssl.spec file:

# For the curious:
# 0.9.5a soversion = 0
# 0.9.6  soversion = 1
# 0.9.6a soversion = 2
# 0.9.6c soversion = 3
# 0.9.7a soversion = 4
# 0.9.7ef soversion = 5
# 0.9.8ab soversion = 6
# 0.9.8g soversion = 7
# 0.9.8jk + EAP-FAST soversion = 8
%define soversion 8

# Number of threads to spawn when testing some threading fixes.
%define thread_test_threads %{?threads:%{threads}}%{!?threads:1}

# Arches on which we need to prevent arch conflicts on opensslconf.h, must
# also be handled in opensslconf-new.h.
%define multilib_arches %{ix86} ia64 ppc ppc64 s390 s390x sparcv9 
sparc64 x86_64

# Arches for which we don't build subpackages.
%define optimize_arches i686

Summary: A general purpose cryptography library with TLS implementation
Name: openssl
Version: 0.9.8m
Release: 5%{?dist}
# We remove certain patented algorithms from the openssl source tarball
# with the hobble-openssl script which is included below.
Source: openssl-%{version}.tar.gz
Source1: hobble-openssl
Source2: Makefile.certificate
Source6: make-dummy-cert
Source8: openssl-thread-test.c
Source9: opensslconf-new.h
Source10: opensslconf-new-warning.h
# Build changes
Patch0: openssl-0.9.8j-redhat.patch
Patch1: openssl-0.9.8a-defaults.patch
Patch2: openssl-0.9.8a-link-krb5.patch
Patch3: openssl-0.9.8j-soversion.patch
Patch4: openssl-0.9.8j-enginesdir.patch
Patch5: openssl-0.9.8a-no-rpath.patch
Patch6: openssl-0.9.8b-test-use-localhost.patch
Patch7: openssl-0.9.8k-shlib-version.patch
# Bug fixes
Patch21: openssl-0.9.8b-aliasing-bug.patch
Patch22: openssl-0.9.8k-x509-name-cmp.patch
Patch23: openssl-0.9.8g-default-paths.patch
Patch24: openssl-0.9.8g-no-extssl.patch
# Functionality changes
Patch32: openssl-0.9.8g-ia64.patch
Patch33: openssl-0.9.8j-ca-dir.patch
Patch34: openssl-0.9.6-x509.patch
Patch35: openssl-0.9.8j-version-add-engines.patch
Patch38: openssl-0.9.8a-reuse-cipher-change.patch
Patch39: openssl-0.9.8g-ipv6-apps.patch
Patch40: openssl-0.9.8j-nocanister.patch
Patch41: openssl-0.9.8k-use-fipscheck.patch
Patch42: openssl-0.9.8k-fipscheck-hmac.patch
Patch44: openssl-0.9.8k-kernel-fipsmode.patch
Patch45: openssl-0.9.8j-env-nozlib.patch
Patch46: openssl-0.9.8j-eap-fast.patch
Patch47: openssl-0.9.8j-readme-warning.patch
Patch48: openssl-0.9.8j-bad-mime.patch
Patch49: openssl-0.9.8j-fips-no-pairwise.patch
Patch50: openssl-0.9.8j-fips-rng-seed.patch
Patch51: openssl-0.9.8k-multi-crl.patch
Patch52: openssl-0.9.8k-dtls-compat.patch
Patch53: openssl-0.9.8k-dtls-dos.patch
# Backported fixes including security fixes

License: OpenSSL
Group: System Environment/Libraries
URL: http://www.openssl.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-root
BuildRequires: mktemp, krb5-devel, perl, sed, zlib-devel, /usr/bin/cmp
BuildRequires: /usr/bin/rename
Requires: mktemp, ca-certificates >= 2008-5

%description
The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
protocols.

%package devel
Summary: Files for development of applications which will use OpenSSL
Group: Development/Libraries
Requires: %{name} = %{version}-%{release}, krb5-devel, zlib-devel
Requires: pkgconfig

%description devel
OpenSSL is a toolkit for supporting cryptography. The openssl-devel
package contains include files needed to develop applications which
support various cryptographic algorithms and protocols.

%package static
Summary:  Libraries for static linking of applications which will use 
OpenSSL
Group: Development/Libraries
Requires: %{name}-devel = %{version}-%{release}

%description static
OpenSSL is a toolkit for supporting cryptography. The openssl-static
package contains static libraries needed for static linking of
applications which support various cryptographic algorithms and
protocols.

%package perl
Summary: Perl scripts provided with OpenSSL
Group: Applications/Internet
Requires: perl
Requires: %{name} = %{version}-%{release}

%description perl
OpenSSL is a toolkit for supporting cryptography. The openssl-perl
package provides Perl scripts for converting certificates and keys
from other formats to the formats used by the OpenSSL toolkit.

%prep
%setup -q

%{SOURCE1} > /dev/null
%patch0 -p1 -b .redhat
%patch1 -p1 -b .defaults
# Fix link line for libssl (bug #111154).
%patch2 -p1 -b .krb5
%patch3 -p1 -b .soversion
%patch4 -p1 -b .enginesdir
%patch5 -p1 -b .no-rpath
%patch6 -p1 -b .use-localhost
%patch7 -p1 -b .shlib-version

%patch21 -p1 -b .aliasing-bug
%patch22 -p1 -b .name-cmp
%patch23 -p1 -b .default-paths
%patch24 -p1 -b .no-extssl

%patch32 -p1 -b .ia64
%patch33 -p1 -b .ca-dir
%patch34 -p1 -b .x509
%patch35 -p1 -b .version-add-engines
%patch38 -p1 -b .cipher-change
%patch39 -p1 -b .ipv6-apps
%patch40 -p1 -b .nocanister
%patch41 -p1 -b .use-fipscheck
%patch42 -p1 -b .fipscheck-hmac
%patch44 -p1 -b .fipsmode
%patch45 -p1 -b .env-nozlib
%patch46 -p1 -b .eap-fast
%patch47 -p1 -b .warning
%patch48 -p1 -b .bad-mime
%patch49 -p1 -b .no-pairwise
%patch50 -p1 -b .rng-seed
%patch51 -p1 -b .multi-crl
%patch52 -p1 -b .dtls-compat
%patch53 -p1 -b .dtls-dos

# Modify the various perl scripts to reference perl in the right location.
perl util/perlpath.pl `dirname %{__perl}`

# Generate a table with the compile settings for my perusal.
touch Makefile
make TABLE PERL=%{__perl}

%build
# Figure out which flags we want to use.
# default
sslarch=%{_os}-%{_arch}
%ifarch %ix86
sslarch=linux-elf
if ! echo %{_target} | grep -q i686 ; then
     sslflags="no-asm 386"
fi
%endif
%ifarch sparcv9
sslarch=linux-sparcv9
sslflags=no-asm
%endif
%ifarch sparc64
sslarch=linux64-sparcv9
sslflags=no-asm
%endif
%ifarch alpha alphaev56 alphaev6 alphaev67
sslarch=linux-alpha-gcc
%endif
%ifarch s390 sh3eb sh4eb
sslarch="linux-generic32 -DB_ENDIAN"
%endif
%ifarch s390x
sslarch="linux-generic64 -DB_ENDIAN"
%endif
%ifarch %{arm} sh3 sh4
sslarch=linux-generic32
%endif
# ia64, x86_64, ppc, ppc64 are OK by default
# Configure the build tree.  Override OpenSSL defaults with known-good 
defaults
# usable on all platforms.  The Configure script already knows to use 
-fPIC and
# RPM_OPT_FLAGS, so we can skip specifiying them here.
./Configure \
     --prefix=/usr --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
     zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
     enable-cms no-idea no-mdc2 no-rc5 no-ec no-ecdh no-ecdsa shared \
     --with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines \
     --with-krb5-dir=/usr ${sslarch} fipscanisterbuild

# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
# marked as not requiring an executable stack.
RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack"
make depend
make all

# Generate hashes for the included certs.
make rehash

%check
# Verify that what was compiled actually works.

# We must revert patch33 before tests otherwise they will fail
patch -p1 -R < %{PATCH33}

LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
export LD_LIBRARY_PATH
make -C test apps tests
%{__cc} -o openssl-thread-test \
     `krb5-config --cflags` \
     -I./include \
     $RPM_OPT_FLAGS \
     %{SOURCE8} \
     -L. \
     -lssl -lcrypto \
     `krb5-config --libs` \
     -lpthread -lz -ldl
./openssl-thread-test --threads %{thread_test_threads}

# Add generation of HMAC checksum of the final stripped library
%define __spec_install_post \
     %{?__debug_package:%{__debug_install_post}} \
     %{__arch_install_post} \
     %{__os_install_post} \
     fips/fips_standalone_sha1 
$RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{version} 
 >$RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{version}.hmac \
     ln -sf .libcrypto.so.%{version}.hmac 
$RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{soversion}.hmac \
     fips/fips_standalone_sha1 
$RPM_BUILD_ROOT%{_libdir}/libssl.so.%{version} 
 >$RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{version}.hmac \
     ln -sf .libssl.so.%{version}.hmac 
$RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{soversion}.hmac \
%{nil}

%install
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
# Install OpenSSL.
install -d 
$RPM_BUILD_ROOT{%{_bindir},%{_includedir},%{_libdir},%{_mandir},%{_libdir}/openssl}
make INSTALL_PREFIX=$RPM_BUILD_ROOT install
make INSTALL_PREFIX=$RPM_BUILD_ROOT install_docs
# OpenSSL install doesn't use correct _libdir on 64 bit archs
[ "%{_libdir}" != /usr/lib ] && mv 
$RPM_BUILD_ROOT/usr/lib/lib*.so.%{soversion} $RPM_BUILD_ROOT%{_libdir}/
mv $RPM_BUILD_ROOT/usr/lib/engines $RPM_BUILD_ROOT%{_libdir}/openssl
mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man/* $RPM_BUILD_ROOT%{_mandir}/
rmdir $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man
mv $RPM_BUILD_ROOT/usr/lib/* $RPM_BUILD_ROOT%{_libdir}/ || :
rename so.%{soversion} so.%{version} 
$RPM_BUILD_ROOT%{_libdir}/*.so.%{soversion}
for lib in $RPM_BUILD_ROOT%{_libdir}/*.so.%{version} ; do
     chmod 755 ${lib}
     ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename 
${lib} .%{version}`
     ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename 
${lib} .%{version}`.%{soversion}
done

# Install a makefile for generating keys and self-signed certs, and a script
# for generating them on the fly.
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs
install -m644 %{SOURCE2} 
$RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs/Makefile
install -m755 %{SOURCE6} 
$RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs/make-dummy-cert

# Make sure we actually include the headers we built against.
for header in $RPM_BUILD_ROOT%{_includedir}/openssl/* ; do
     if [ -f ${header} -a -f include/openssl/$(basename ${header}) ] ; then
         install -m644 include/openssl/`basename ${header}` ${header}
     fi
done

# Rename man pages so that they don't conflict with other system man pages.
pushd $RPM_BUILD_ROOT%{_mandir}
for manpage in man*/* ; do
     if [ -L ${manpage} ]; then
         TARGET=`ls -l ${manpage} | awk '{ print $NF }'`
         ln -snf ${TARGET}ssl ${manpage}ssl
         rm -f ${manpage}
     else
         mv ${manpage} ${manpage}ssl
     fi
done
for conflict in passwd rand ; do
     rename ${conflict} ssl${conflict} man*/${conflict}*
done
popd

# Pick a CA script.
pushd  $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc
mv CA.sh CA
popd

mkdir -m700 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA
mkdir -m700 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/private

# Ensure the openssl.cnf timestamp is identical across builds to avoid
# mulitlib conflicts and unnecessary renames on upgrade
touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf

# Fix libdir.
pushd $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
for i in *.pc ; do
     sed 's,^libdir=${exec_prefix}/lib,libdir=${exec_prefix}/%{_lib},g' \
         $i >$i.tmp && \
     cat $i.tmp >$i && \
     rm -f $i.tmp
done
popd

# Determine which arch opensslconf.h is going to try to #include.
basearch=%{_arch}
%ifarch %{ix86}
basearch=i386
%endif
%ifarch sparcv9
basearch=sparc
%endif
%ifarch sparc64
basearch=sparc64
%endif

%ifarch %{multilib_arches}
# Do an opensslconf.h switcheroo to avoid file conflicts on systems 
where you
# can have both a 32- and 64-bit version of the library, and they each need
# their own correct-but-different versions of opensslconf.h to be usable.
install -m644 %{SOURCE10} \
     $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf-${basearch}.h
cat $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf.h >> \
     $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf-${basearch}.h
install -m644 %{SOURCE9} \
     $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf.h
%endif

%ifarch %{optimize_arches}
# Remove bits which belong in subpackages.
rm -rf $RPM_BUILD_ROOT/%{_prefix}/include/openssl
rm -rf $RPM_BUILD_ROOT/%{_libdir}/*.a
rm -rf $RPM_BUILD_ROOT/%{_libdir}/*.so
rm -rf $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
rm -rf $RPM_BUILD_ROOT/%{_mandir}/man3/*

rm -rf $RPM_BUILD_ROOT/%{_bindir}/c_rehash
rm -rf $RPM_BUILD_ROOT/%{_mandir}/man1*/*.pl*
rm -rf $RPM_BUILD_ROOT/%{_sysconfdir}/pki/tls/misc/*.pl
%endif

# Remove unused files from upstream fips support
rm -rf $RPM_BUILD_ROOT/%{_bindir}/openssl_fips_fingerprint
rm -rf $RPM_BUILD_ROOT/%{_libdir}/fips_premain.*
rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*

%clean
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT

%files
%defattr(-,root,root)
%doc FAQ LICENSE CHANGES NEWS INSTALL README
%doc doc/c-indentation.el doc/openssl.txt
%doc doc/openssl_button.html doc/openssl_button.gif
%doc doc/ssleay.txt
%dir %{_sysconfdir}/pki/tls
%dir %{_sysconfdir}/pki/tls/certs
%{_sysconfdir}/pki/tls/certs/make-dummy-cert
%{_sysconfdir}/pki/tls/certs/Makefile
%dir %{_sysconfdir}/pki/tls/misc
%{_sysconfdir}/pki/tls/misc/CA
%dir %{_sysconfdir}/pki/CA
%dir %{_sysconfdir}/pki/CA/private
%{_sysconfdir}/pki/tls/misc/c_*
%{_sysconfdir}/pki/tls/private

%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf

%attr(0755,root,root) %{_bindir}/openssl
%attr(0755,root,root) %{_libdir}/*.so.%{version}
%attr(0755,root,root) %{_libdir}/*.so.%{soversion}
%attr(0644,root,root) %{_libdir}/.libcrypto.so.*.hmac
%attr(0644,root,root) %{_libdir}/.libssl.so.*.hmac
%attr(0755,root,root) %{_libdir}/openssl
%attr(0644,root,root) %{_mandir}/man1*/[ABD-Zabcd-z]*
%attr(0644,root,root) %{_mandir}/man5*/*
%attr(0644,root,root) %{_mandir}/man7*/*

%ifnarch %{optimize_arches}
%files devel
%defattr(-,root,root)
%{_prefix}/include/openssl
%attr(0755,root,root) %{_libdir}/*.so
%attr(0644,root,root) %{_mandir}/man3*/*
%attr(0644,root,root) %{_libdir}/pkgconfig/*.pc

%files static
%defattr(-,root,root)
%attr(0644,root,root) %{_libdir}/*.a

%files perl
%defattr(-,root,root)
%attr(0755,root,root) %{_bindir}/c_rehash
%attr(0644,root,root) %{_mandir}/man1*/*.pl*
%dir %{_sysconfdir}/pki/tls/misc
%{_sysconfdir}/pki/tls/misc/*.pl
%endif

%post -p /sbin/ldconfig

%postun -p /sbin/ldconfig

%changelog

Thanks and regards,
Thirumalaisamy K K,