commit easy-rsa for openSUSE:Factory
Hello community, here is the log from the commit of package easy-rsa for openSUSE:Factory checked in at 2017-05-31 12:18:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/easy-rsa (Old) and /work/SRC/openSUSE:Factory/.easy-rsa.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "easy-rsa" Wed May 31 12:18:07 2017 rev:2 rq:498607 version:3.0.1 Changes: -------- --- /work/SRC/openSUSE:Factory/easy-rsa/easy-rsa.changes 2017-02-03 17:36:11.445527613 +0100 +++ /work/SRC/openSUSE:Factory/.easy-rsa.new/easy-rsa.changes 2017-05-31 12:19:18.308102231 +0200 @@ -1,0 +2,19 @@ +Sat May 27 07:30:22 UTC 2017 - bruno@ioda-net.ch + +- Add special %if for SLE11 as patch tool can't rename files. +- Include upstream patches + + f174800.patch + Generate random serial number for all certificates + + 29d4dee.patch + Fixes #91 basename: invalid option -- 's' + + b93d0a1.patch + Spelling fixes and sentence structure improvements + + fb4d8d8.patch + Fix comment indicating the end of the function verify_file() + + b75faa4.patch + Convert README and COPYING into markdown files +- Rename openSUSE specific patch easyrsa.packaging.patch to + easy-rsa-packaging.patch +- spec-cleaner -m (Add also SUSE copyrights) + +------------------------------------------------------------------- Old: ---- easy-rsa-3.0.1.tar.gz easyrsa.packaging.patch New: ---- 29d4dee.patch 3.0.1.tar.gz b75faa4.patch b93d0a1.patch easy-rsa-packaging.patch f174800.patch fb4d8d8.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ easy-rsa.spec ++++++ --- /var/tmp/diff_new_pack.uNphnX/_old 2017-05-31 12:19:19.079993268 +0200 +++ /var/tmp/diff_new_pack.uNphnX/_new 2017-05-31 12:19:19.083992704 +0200 @@ -1,6 +1,7 @@ # # spec file for package easy-rsa # +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2015 Stefan Jakobs. # # All modifications and additions to the file contributed by third parties @@ -12,15 +13,31 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + + Name: easy-rsa Version: 3.0.1 -Release: 1 -License: GPL-2.0 +Release: 0 Summary: CLI utility to build and manage a PKI CA -Url: https://github.com/OpenVPN/easy-rsa +License: GPL-2.0 Group: Productivity/Networking/Security -Source: %{name}-%{version}.tar.gz -Patch0: easyrsa.packaging.patch +Url: https://github.com/OpenVPN/easy-rsa +Source: https://github.com/OpenVPN/easy-rsa/archive/%{version}.tar.gz +# Fixed upstream issues +# Generate random serial number for all certificates +Patch0: https://github.com/OpenVPN/easy-rsa/commit/f174800.patch +# Fixes #91 basename: invalid option -- 's'. +Patch1: https://github.com/OpenVPN/easy-rsa/commit/29d4dee.patch +# spelling fixes and setence structure improvements +Patch2: https://github.com/OpenVPN/easy-rsa/commit/b93d0a1.patch +# Fix comment indicating the end of the function verify_file() comment. +Patch3: https://github.com/OpenVPN/easy-rsa/commit/fb4d8d8.patch +# Convert README and COPYING into markdown files +Patch4: https://github.com/OpenVPN/easy-rsa/commit/b75faa4.patch +# openSUSE specific +Patch100: easy-rsa-packaging.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch @@ -31,9 +48,24 @@ %prep %setup -q -%patch0 -p0 -sed -i 's;#\(set_var EASYRSA \)"$PWD";\1"/etc/easy-rsa";' easyrsa3/vars.example -mv README.quickstart.md README.quickstart +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch100 -p0 +sed -i 's;#\(set_var EASYRSA \)"$PWD";\1"%{_sysconfdir}/easy-rsa";' easyrsa3/vars.example + +# Add this for SLE11, patch tool can't rename file. +# Next release we should publish .md documentation. +%if 0%{?sles_version} > 0 && 0%{?sles_version} < 12 +mv -v COPYING COPYING.md +mv -v README README.md +%endif + +mv -v COPYING.md COPYING +mv -v README.md README +mv -v README.quickstart.md README.quickstart for f in doc/*.md; do mv $f ${f%.md} done @@ -48,11 +80,12 @@ install -Dm0644 easyrsa3/x509-types/* %{buildroot}/%{_sysconfdir}/easy-rsa/x509-types/ install -Dm0755 easyrsa3/easyrsa %{buildroot}/%{_bindir}/easyrsa - %files %defattr(-,root,root) %doc KNOWN_ISSUES README README.quickstart COPYING +%doc Licensing/* %doc doc/* %{_bindir}/easyrsa %config(noreplace) %{_sysconfdir}/easy-rsa +%changelog ++++++ 29d4dee.patch ++++++
From 29d4dee508706a34b50c20d338b3f2d452446716 Mon Sep 17 00:00:00 2001 From: Thomas Szteliga
Date: Mon, 21 Mar 2016 17:25:58 +0100 Subject: [PATCH] Fixes #91 basename: invalid option -- 's'.
--- build/build-dist.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/build-dist.sh b/build/build-dist.sh index 2f11fb2..dca4b9a 100755 --- a/build/build-dist.sh +++ b/build/build-dist.sh @@ -88,7 +88,7 @@ stage_win() { for f in `ls $SRC_ROOT/doc/*.md`; do - fname=`basename -s .md $f` + fname=`basename $f .md` python -m markdown $f > $DIST_ROOT/windows/$PV/doc/$fname.html done ++++++ easy-rsa-3.0.1.tar.gz -> 3.0.1.tar.gz ++++++ ++++ no output (probably identical) ++++++ b75faa4.patch ++++++
From b75faa475f22af55202d4b2be429cd30f16f15ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Samuli=20Sepp=C3=A4nen?=
Date: Wed, 22 Jun 2016 18:51:48 +0300 Subject: [PATCH] Convert README and COPYING into markdown files MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit
Signed-off-by: Samuli Seppänen
From b93d0a16759137d68f6ffbf9fd41e9de23eacb71 Mon Sep 17 00:00:00 2001 From: Drew Anderson
Date: Mon, 9 May 2016 10:24:02 +1000 Subject: [PATCH] spelling fixes and setence structure improvements
--- doc/EasyRSA-Advanced.md | 2 +- doc/EasyRSA-Readme.md | 6 +++--- doc/EasyRSA-Upgrade-Notes.md | 2 +- doc/Intro-To-PKI.md | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/doc/EasyRSA-Advanced.md b/doc/EasyRSA-Advanced.md index 6406946..64b29ae 100644 --- a/doc/EasyRSA-Advanced.md +++ b/doc/EasyRSA-Advanced.md @@ -108,7 +108,7 @@ possible terse description is shown below: extensions * `EASYRSA_REQ_CN` (CLI: `--req-cn`) - default CN, necessary to set in BATCH mode - * `EASYRSA_DIGEST` (CLI: `--digest`) - set a hash diget to use for req/cert + * `EASYRSA_DIGEST` (CLI: `--digest`) - set a hash digest to use for req/cert signing * `EASYRSA_BATCH` (CLI: `--batch`) - enable batch (no-prompt) mode; set env-var to non-zero string to enable (CLI takes no options) diff --git a/doc/EasyRSA-Readme.md b/doc/EasyRSA-Readme.md index 568c3a6..bece589 100644 --- a/doc/EasyRSA-Readme.md +++ b/doc/EasyRSA-Readme.md @@ -74,7 +74,7 @@ Obtaining and Using Easy-RSA General usage and command help can be shown with: ./easyrsa help [ command ] - + When run without any command, general usage and a list of available commands are shown; when a command is supplied, detailed help output for that command is shown. @@ -135,7 +135,7 @@ you need a more basic description of how a PKI works. When building a CA, a number of new files are created by a combination of Easy-RSA and (indirectly) openssl. The important CA files are: - + * `ca.crt` - This is the CA certificate * `index.txt` - This is the "master database" of all issued certs * `serial` - Stores the next serial number (serial numbers increment) @@ -224,7 +224,7 @@ Easy-RSA can generate a keypair and request with the following command: ./easyrsa gen-req nameOfRequest You will then be given a chance to modify the Subject details of your request. -By default Easy-RSA uses the short name supplied on the command-line, though you +Easy-RSA uses the short name supplied on the command-line by default, though you are free to change it if necessary. After providing a passphrase and Subject details, the keypair and request files will be shown. diff --git a/doc/EasyRSA-Upgrade-Notes.md b/doc/EasyRSA-Upgrade-Notes.md index f5c1514..6cc6df2 100644 --- a/doc/EasyRSA-Upgrade-Notes.md +++ b/doc/EasyRSA-Upgrade-Notes.md @@ -54,5 +54,5 @@ Easy-RSA 3 has some new concepts compared to the prior v2 series. generation as the requester doesn't need to know the CA's values in advance. Previously in v2, the Country, State, and Org values all had to match or a - request couldn't be signed. If you want the old behavior your can change the + request couldn't be signed. If you want the old behavior you can change the OpenSSL config to require it or simply look over the DN at signing time. diff --git a/doc/Intro-To-PKI.md b/doc/Intro-To-PKI.md index cd8217b..ea56629 100644 --- a/doc/Intro-To-PKI.md +++ b/doc/Intro-To-PKI.md @@ -37,7 +37,7 @@ PKI mixed in with one used to generate end-entity certificates, such as clients or servers (VPN or web servers.) To start a new PKI, the CA is first created on the secure environment. -Depending on security needs, this could managed under a locked down account, +Depending on security needs, this could be managed under a locked down account, dedicated system, or even a completely offline system or using removable media to improve security (after all, you can't suffer an online break-in if your system or PKI is not online.) The exact steps to create a CA are described in a ++++++ easy-rsa-packaging.patch ++++++ --- easyrsa3/easyrsa.orig 2015-04-05 21:42:25.422949081 +0200 +++ easyrsa3/easyrsa 2015-04-05 21:43:55.493395425 +0200 @@ -972,6 +972,9 @@ # command-line path: if [ -f "$EASYRSA_VARS_FILE" ]; then vars="$EASYRSA_VARS_FILE" + # packaging defaults + elif [ -f "/etc/easy-rsa/vars" ]; then + vars="/etc/easy-rsa/vars" # EASYRSA_PKI, if defined: elif [ -n "$EASYRSA_PKI" ] && [ -f "$EASYRSA_PKI/vars" ]; then vars="$EASYRSA_PKI/vars" ++++++ f174800.patch ++++++
From d309c6aaa23f661ccd2563df6a184e1351293b61 Mon Sep 17 00:00:00 2001 From: ValdikSS
Date: Mon, 11 Jan 2016 01:53:32 +0300 Subject: [PATCH] Generate random serial number for all certificates
--- easyrsa3/easyrsa | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index 6fec288..bcb3aeb 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -652,6 +652,17 @@ Certificate created at: $crt_out build_full() { verify_ca_init + local i= serial= check_serial= + for i in 1 2 3 4 5; do + "$EASYRSA_OPENSSL" rand -hex 16 -out "$EASYRSA_PKI/serial" + serial="$(cat "$EASYRSA_PKI/serial")" + check_serial="$("$EASYRSA_OPENSSL" ca -config "$EASYRSA_SSL_CONF" -status "$serial" 2>&1)" + case "$check_serial" in + *"not present in db"*) break ;; + *) continue ;; + esac + done + # pull filename base: [ -n "$2" ] || die "\ Error: didn't find a file base name as the first argument. ++++++ fb4d8d8.patch ++++++
From fb4d8d8e26dd83b0782a3e92fded1cd9ca3aa0cd Mon Sep 17 00:00:00 2001 From: Jiri Tyr
Date: Tue, 21 Jun 2016 14:16:45 +0100 Subject: [PATCH] Fix comment indicating the end of the function
This patch corrects the comment indicating the end of the `verify_file()` function. --- easyrsa3/easyrsa | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index bcb3aeb..088faeb 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -928,7 +928,7 @@ verify_file() { local format="$1" path="$2" "$EASYRSA_OPENSSL" $format -in "$path" -noout 2>/dev/null || return 1 return 0 -} # => verify_x509() +} # => verify_file() # show-* command backend # Prints req/cert details in a readable format
participants (1)
-
root@hilbert.suse.de