diff --git a/29d4dee.patch b/29d4dee.patch new file mode 100644 index 0000000..e78c62e --- /dev/null +++ b/29d4dee.patch @@ -0,0 +1,22 @@ +From 29d4dee508706a34b50c20d338b3f2d452446716 Mon Sep 17 00:00:00 2001 +From: Thomas Szteliga +Date: Mon, 21 Mar 2016 17:25:58 +0100 +Subject: [PATCH] Fixes #91 basename: invalid option -- 's'. + +--- + build/build-dist.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/build/build-dist.sh b/build/build-dist.sh +index 2f11fb2..dca4b9a 100755 +--- a/build/build-dist.sh ++++ b/build/build-dist.sh +@@ -88,7 +88,7 @@ stage_win() { + + for f in `ls $SRC_ROOT/doc/*.md`; + do +- fname=`basename -s .md $f` ++ fname=`basename $f .md` + python -m markdown $f > $DIST_ROOT/windows/$PV/doc/$fname.html + done + diff --git a/easy-rsa-3.0.1.tar.gz b/3.0.1.tar.gz similarity index 100% rename from easy-rsa-3.0.1.tar.gz rename to 3.0.1.tar.gz diff --git a/b75faa4.patch b/b75faa4.patch new file mode 100644 index 0000000..db63ef0 --- /dev/null +++ b/b75faa4.patch @@ -0,0 +1,102 @@ +From b75faa475f22af55202d4b2be429cd30f16f15ac Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Samuli=20Sepp=C3=A4nen?= +Date: Wed, 22 Jun 2016 18:51:48 +0300 +Subject: [PATCH] Convert README and COPYING into markdown files +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Samuli Seppänen +--- + COPYING => COPYING.md | 5 +++-- + README => README.md | 25 +++++++++++++------------ + 2 files changed, 16 insertions(+), 14 deletions(-) + rename COPYING => COPYING.md (91%) + rename README => README.md (68%) + +diff --git a/COPYING b/COPYING.md +similarity index 91% +rename from COPYING +rename to COPYING.md +index 25b910e..39bce08 100644 +--- a/COPYING ++++ b/COPYING.md +@@ -1,15 +1,16 @@ + Easy-RSA -- A Shell-based CA Utility ++==================================== + + Copyright (C) 2013 by the Open-Source OpenVPN development community + +-Easy-RSA 3 license: GPLv2: ++Easy-RSA 3 license: GPLv2 + ------------------------- + + All the Easy-RSA code contained in this project falls under a GPLv2 license with + full text available in the Licensing/ directory. Additional components used by + this project fall under additional licenses: + +-Additional licenses for external components: ++Additional licenses for external components + ------------------------------------------- + + The following components are under different licenses; while not part of the +diff --git a/README b/README.md +similarity index 68% +rename from README +rename to README.md +index 325e7e6..5a574e5 100644 +--- a/README ++++ b/README.md +@@ -1,39 +1,40 @@ +-OVERVIEW: ++# Overview ++ + easy-rsa is a CLI utility to build and manage a PKI CA. In laymen's terms, + this means to create a root certificate authority, and request and sign + certificates, including sub-CAs and certificate revokation lists (CRL). + +-DOWNLOADS: ++# Downloads + + If you are looking for release downloads, please see the releases section on + GitHub. Releases are also available as source checkouts using named tags. + +-DOCUMENTATION: ++# Documentation + +-For 3.x project documentation and usage, see the README.quickstart.md file or ++For 3.x project documentation and usage, see the [README.quickstart.md](README.quickstart.md) file or + the more detailed docs under the doc/ directory. The .md files are in Markdown + format and can be converted to html files as desired for release packages, or + read as-is in plaintext. + +-GETTING HELP USING EASY-RSA: ++# Getting help using easy-rsa + + Currently, Easy-RSA development co-exists with OpenVPN even though they are + separate projects. The following resources are good places as of this writing to + seek help using Easy-RSA: + +-The openvpn-users mailing list is a good place to post usage or help questions: +-https://lists.sourceforge.net/lists/listinfo/openvpn-users ++The [openvpn-users mailing list](https://lists.sourceforge.net/lists/listinfo/openvpn-users) ++is a good place to post usage or help questions. + + You can also try IRC at Freenode/#openvpn + +-BRANCH STRUCTURE: ++# Branch structure + + The easy-rsa master branch is currently tracking development for the 3.x release + cycle. The prior 2.x and 1.x versions are available as release branches for + tracking and possible back-porting of relevant fixes. Branch layout is: + +- master <- 3.x, at present +- release/2.x +- release/1.x ++ master <- 3.x, at present ++ release/2.x ++ release/1.x + +-LICENSING info for 3.x is in the COPYING file ++LICENSING info for 3.x is in the [COPYING.md](COPYING.md) file diff --git a/b93d0a1.patch b/b93d0a1.patch new file mode 100644 index 0000000..dca40a2 --- /dev/null +++ b/b93d0a1.patch @@ -0,0 +1,80 @@ +From b93d0a16759137d68f6ffbf9fd41e9de23eacb71 Mon Sep 17 00:00:00 2001 +From: Drew Anderson +Date: Mon, 9 May 2016 10:24:02 +1000 +Subject: [PATCH] spelling fixes and setence structure improvements + +--- + doc/EasyRSA-Advanced.md | 2 +- + doc/EasyRSA-Readme.md | 6 +++--- + doc/EasyRSA-Upgrade-Notes.md | 2 +- + doc/Intro-To-PKI.md | 2 +- + 4 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/doc/EasyRSA-Advanced.md b/doc/EasyRSA-Advanced.md +index 6406946..64b29ae 100644 +--- a/doc/EasyRSA-Advanced.md ++++ b/doc/EasyRSA-Advanced.md +@@ -108,7 +108,7 @@ possible terse description is shown below: + extensions + * `EASYRSA_REQ_CN` (CLI: `--req-cn`) - default CN, necessary to set in BATCH + mode +- * `EASYRSA_DIGEST` (CLI: `--digest`) - set a hash diget to use for req/cert ++ * `EASYRSA_DIGEST` (CLI: `--digest`) - set a hash digest to use for req/cert + signing + * `EASYRSA_BATCH` (CLI: `--batch`) - enable batch (no-prompt) mode; set + env-var to non-zero string to enable (CLI takes no options) +diff --git a/doc/EasyRSA-Readme.md b/doc/EasyRSA-Readme.md +index 568c3a6..bece589 100644 +--- a/doc/EasyRSA-Readme.md ++++ b/doc/EasyRSA-Readme.md +@@ -74,7 +74,7 @@ Obtaining and Using Easy-RSA + General usage and command help can be shown with: + + ./easyrsa help [ command ] +- ++ + When run without any command, general usage and a list of available commands + are shown; when a command is supplied, detailed help output for that command + is shown. +@@ -135,7 +135,7 @@ you need a more basic description of how a PKI works. + + When building a CA, a number of new files are created by a combination of + Easy-RSA and (indirectly) openssl. The important CA files are: +- ++ + * `ca.crt` - This is the CA certificate + * `index.txt` - This is the "master database" of all issued certs + * `serial` - Stores the next serial number (serial numbers increment) +@@ -224,7 +224,7 @@ Easy-RSA can generate a keypair and request with the following command: + ./easyrsa gen-req nameOfRequest + + You will then be given a chance to modify the Subject details of your request. +-By default Easy-RSA uses the short name supplied on the command-line, though you ++Easy-RSA uses the short name supplied on the command-line by default, though you + are free to change it if necessary. After providing a passphrase and Subject + details, the keypair and request files will be shown. + +diff --git a/doc/EasyRSA-Upgrade-Notes.md b/doc/EasyRSA-Upgrade-Notes.md +index f5c1514..6cc6df2 100644 +--- a/doc/EasyRSA-Upgrade-Notes.md ++++ b/doc/EasyRSA-Upgrade-Notes.md +@@ -54,5 +54,5 @@ Easy-RSA 3 has some new concepts compared to the prior v2 series. + generation as the requester doesn't need to know the CA's values in advance. + + Previously in v2, the Country, State, and Org values all had to match or a +- request couldn't be signed. If you want the old behavior your can change the ++ request couldn't be signed. If you want the old behavior you can change the + OpenSSL config to require it or simply look over the DN at signing time. +diff --git a/doc/Intro-To-PKI.md b/doc/Intro-To-PKI.md +index cd8217b..ea56629 100644 +--- a/doc/Intro-To-PKI.md ++++ b/doc/Intro-To-PKI.md +@@ -37,7 +37,7 @@ PKI mixed in with one used to generate end-entity certificates, such as clients + or servers (VPN or web servers.) + + To start a new PKI, the CA is first created on the secure environment. +-Depending on security needs, this could managed under a locked down account, ++Depending on security needs, this could be managed under a locked down account, + dedicated system, or even a completely offline system or using removable media + to improve security (after all, you can't suffer an online break-in if your + system or PKI is not online.) The exact steps to create a CA are described in a diff --git a/easyrsa.packaging.patch b/easy-rsa-packaging.patch similarity index 100% rename from easyrsa.packaging.patch rename to easy-rsa-packaging.patch diff --git a/easy-rsa.changes b/easy-rsa.changes index ee38181..ff4acb3 100644 --- a/easy-rsa.changes +++ b/easy-rsa.changes @@ -1,3 +1,22 @@ +------------------------------------------------------------------- +Sat May 27 07:30:22 UTC 2017 - bruno@ioda-net.ch + +- Add special %if for SLE11 as patch tool can't rename files. +- Include upstream patches + + f174800.patch + Generate random serial number for all certificates + + 29d4dee.patch + Fixes #91 basename: invalid option -- 's' + + b93d0a1.patch + Spelling fixes and sentence structure improvements + + fb4d8d8.patch + Fix comment indicating the end of the function verify_file() + + b75faa4.patch + Convert README and COPYING into markdown files +- Rename openSUSE specific patch easyrsa.packaging.patch to + easy-rsa-packaging.patch +- spec-cleaner -m (Add also SUSE copyrights) + ------------------------------------------------------------------- Sat Jan 2 21:13:06 UTC 2016 - projects@localside.net diff --git a/easy-rsa.spec b/easy-rsa.spec index 54acd22..98d9462 100644 --- a/easy-rsa.spec +++ b/easy-rsa.spec @@ -1,6 +1,7 @@ # # spec file for package easy-rsa # +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2015 Stefan Jakobs. # # All modifications and additions to the file contributed by third parties @@ -12,28 +13,59 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + + Name: easy-rsa Version: 3.0.1 -Release: 1 -License: GPL-2.0 +Release: 0 Summary: CLI utility to build and manage a PKI CA -Url: https://github.com/OpenVPN/easy-rsa +License: GPL-2.0 Group: Productivity/Networking/Security -Source: %{name}-%{version}.tar.gz -Patch0: easyrsa.packaging.patch +Url: https://github.com/OpenVPN/easy-rsa +Source: https://github.com/OpenVPN/easy-rsa/archive/%{version}.tar.gz +# Fixed upstream issues +# Generate random serial number for all certificates +Patch0: https://github.com/OpenVPN/easy-rsa/commit/f174800.patch +# Fixes #91 basename: invalid option -- 's'. +Patch1: https://github.com/OpenVPN/easy-rsa/commit/29d4dee.patch +# spelling fixes and setence structure improvements +Patch2: https://github.com/OpenVPN/easy-rsa/commit/b93d0a1.patch +# Fix comment indicating the end of the function verify_file() comment. +Patch3: https://github.com/OpenVPN/easy-rsa/commit/fb4d8d8.patch +# Convert README and COPYING into markdown files +Patch4: https://github.com/OpenVPN/easy-rsa/commit/b75faa4.patch +# openSUSE specific +Patch100: easy-rsa-packaging.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch %description easy-rsa is a CLI utility to build and manage a PKI CA. In laymen's terms, -this means to create a root certificate authority, and request and sign +this means to create a root certificate authority, and request and sign certificates, including sub-CAs and certificate revokation lists (CRL). %prep %setup -q -%patch0 -p0 -sed -i 's;#\(set_var EASYRSA \)"$PWD";\1"/etc/easy-rsa";' easyrsa3/vars.example -mv README.quickstart.md README.quickstart +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch100 -p0 +sed -i 's;#\(set_var EASYRSA \)"$PWD";\1"%{_sysconfdir}/easy-rsa";' easyrsa3/vars.example + +# Add this for SLE11, patch tool can't rename file. +# Next release we should publish .md documentation. +%if 0%{?sles_version} > 0 && 0%{?sles_version} < 12 +mv -v COPYING COPYING.md +mv -v README README.md +%endif + +mv -v COPYING.md COPYING +mv -v README.md README +mv -v README.quickstart.md README.quickstart for f in doc/*.md; do mv $f ${f%.md} done @@ -48,11 +80,12 @@ install -Dm0644 easyrsa3/openssl-1.0.cnf %{buildroot}/%{_sysconfdir}/easy-rsa/op install -Dm0644 easyrsa3/x509-types/* %{buildroot}/%{_sysconfdir}/easy-rsa/x509-types/ install -Dm0755 easyrsa3/easyrsa %{buildroot}/%{_bindir}/easyrsa - %files %defattr(-,root,root) %doc KNOWN_ISSUES README README.quickstart COPYING +%doc Licensing/* %doc doc/* %{_bindir}/easyrsa %config(noreplace) %{_sysconfdir}/easy-rsa +%changelog diff --git a/f174800.patch b/f174800.patch new file mode 100644 index 0000000..c748573 --- /dev/null +++ b/f174800.patch @@ -0,0 +1,31 @@ +From d309c6aaa23f661ccd2563df6a184e1351293b61 Mon Sep 17 00:00:00 2001 +From: ValdikSS +Date: Mon, 11 Jan 2016 01:53:32 +0300 +Subject: [PATCH] Generate random serial number for all certificates + +--- + easyrsa3/easyrsa | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa +index 6fec288..bcb3aeb 100755 +--- a/easyrsa3/easyrsa ++++ b/easyrsa3/easyrsa +@@ -652,6 +652,17 @@ Certificate created at: $crt_out + build_full() { + verify_ca_init + ++ local i= serial= check_serial= ++ for i in 1 2 3 4 5; do ++ "$EASYRSA_OPENSSL" rand -hex 16 -out "$EASYRSA_PKI/serial" ++ serial="$(cat "$EASYRSA_PKI/serial")" ++ check_serial="$("$EASYRSA_OPENSSL" ca -config "$EASYRSA_SSL_CONF" -status "$serial" 2>&1)" ++ case "$check_serial" in ++ *"not present in db"*) break ;; ++ *) continue ;; ++ esac ++ done ++ + # pull filename base: + [ -n "$2" ] || die "\ + Error: didn't find a file base name as the first argument. diff --git a/fb4d8d8.patch b/fb4d8d8.patch new file mode 100644 index 0000000..509fb3a --- /dev/null +++ b/fb4d8d8.patch @@ -0,0 +1,23 @@ +From fb4d8d8e26dd83b0782a3e92fded1cd9ca3aa0cd Mon Sep 17 00:00:00 2001 +From: Jiri Tyr +Date: Tue, 21 Jun 2016 14:16:45 +0100 +Subject: [PATCH] Fix comment indicating the end of the function + +This patch corrects the comment indicating the end of the `verify_file()` function. +--- + easyrsa3/easyrsa | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa +index bcb3aeb..088faeb 100755 +--- a/easyrsa3/easyrsa ++++ b/easyrsa3/easyrsa +@@ -928,7 +928,7 @@ verify_file() { + local format="$1" path="$2" + "$EASYRSA_OPENSSL" $format -in "$path" -noout 2>/dev/null || return 1 + return 0 +-} # => verify_x509() ++} # => verify_file() + + # show-* command backend + # Prints req/cert details in a readable format