pool/easy-rsa
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 498607 from network:vpn

Browse Source 
1

OBS-URL: https://build.opensuse.org/request/show/498607
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/easy-rsa?expand=0&rev=2
This commit is contained in:
Dominique Leuenberger 2017-05-31 10:18:07 +00:00 committed by Git OBS Bridge
commit 9fe9fc0ec3
9 changed files with 320 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
29d4dee.patch Normal file
View File

@ -0,0 +1,22 @@
From 29d4dee508706a34b50c20d338b3f2d452446716 Mon Sep 17 00:00:00 2001
From: Thomas Szteliga <ts@websafe.pl>
Date: Mon, 21 Mar 2016 17:25:58 +0100
Subject: [PATCH] Fixes #91 basename: invalid option -- 's'.
---
build/build-dist.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/build/build-dist.sh b/build/build-dist.sh
index 2f11fb2..dca4b9a 100755
--- a/build/build-dist.sh
+++ b/build/build-dist.sh
@@ -88,7 +88,7 @@ stage_win() {
for f in `ls $SRC_ROOT/doc/*.md`;
do
- fname=`basename -s .md $f`
+ fname=`basename $f .md`
python -m markdown $f > $DIST_ROOT/windows/$PV/doc/$fname.html
done

0
easy-rsa-3.0.1.tar.gz → 3.0.1.tar.gz
View File

102
b75faa4.patch Normal file
View File

@ -0,0 +1,102 @@
From b75faa475f22af55202d4b2be429cd30f16f15ac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Samuli=20Sepp=C3=A4nen?= <samuli@openvpn.net>
Date: Wed, 22 Jun 2016 18:51:48 +0300
Subject: [PATCH] Convert README and COPYING into markdown files
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
---
COPYING => COPYING.md | 5 +++--
README => README.md | 25 +++++++++++++------------
2 files changed, 16 insertions(+), 14 deletions(-)
rename COPYING => COPYING.md (91%)
rename README => README.md (68%)
diff --git a/COPYING b/COPYING.md
similarity index 91%
rename from COPYING
rename to COPYING.md
index 25b910e..39bce08 100644
--- a/COPYING
+++ b/COPYING.md
@@ -1,15 +1,16 @@
Easy-RSA -- A Shell-based CA Utility
+====================================
Copyright (C) 2013 by the Open-Source OpenVPN development community
-Easy-RSA 3 license: GPLv2:
+Easy-RSA 3 license: GPLv2
-------------------------
All the Easy-RSA code contained in this project falls under a GPLv2 license with
full text available in the Licensing/ directory. Additional components used by
this project fall under additional licenses:
-Additional licenses for external components:
+Additional licenses for external components
-------------------------------------------
The following components are under different licenses; while not part of the
diff --git a/README b/README.md
similarity index 68%
rename from README
rename to README.md
index 325e7e6..5a574e5 100644
--- a/README
+++ b/README.md
@@ -1,39 +1,40 @@
-OVERVIEW:
+# Overview
+
easy-rsa is a CLI utility to build and manage a PKI CA. In laymen's terms,
this means to create a root certificate authority, and request and sign
certificates, including sub-CAs and certificate revokation lists (CRL).
-DOWNLOADS:
+# Downloads
If you are looking for release downloads, please see the releases section on
GitHub. Releases are also available as source checkouts using named tags.
-DOCUMENTATION:
+# Documentation
-For 3.x project documentation and usage, see the README.quickstart.md file or
+For 3.x project documentation and usage, see the [README.quickstart.md](README.quickstart.md) file or
the more detailed docs under the doc/ directory. The .md files are in Markdown
format and can be converted to html files as desired for release packages, or
read as-is in plaintext.
-GETTING HELP USING EASY-RSA:
+# Getting help using easy-rsa
Currently, Easy-RSA development co-exists with OpenVPN even though they are
separate projects. The following resources are good places as of this writing to
seek help using Easy-RSA:
-The openvpn-users mailing list is a good place to post usage or help questions:
-https://lists.sourceforge.net/lists/listinfo/openvpn-users
+The [openvpn-users mailing list](https://lists.sourceforge.net/lists/listinfo/openvpn-users)
+is a good place to post usage or help questions.
You can also try IRC at Freenode/#openvpn
-BRANCH STRUCTURE:
+# Branch structure
The easy-rsa master branch is currently tracking development for the 3.x release
cycle. The prior 2.x and 1.x versions are available as release branches for
tracking and possible back-porting of relevant fixes. Branch layout is:
- master <- 3.x, at present
- release/2.x
- release/1.x
+ master <- 3.x, at present
+ release/2.x
+ release/1.x
-LICENSING info for 3.x is in the COPYING file
+LICENSING info for 3.x is in the [COPYING.md](COPYING.md) file

80
b93d0a1.patch Normal file
View File

@ -0,0 +1,80 @@
From b93d0a16759137d68f6ffbf9fd41e9de23eacb71 Mon Sep 17 00:00:00 2001
From: Drew Anderson <d.anderson@beovista.com.au>
Date: Mon, 9 May 2016 10:24:02 +1000
Subject: [PATCH] spelling fixes and setence structure improvements
---
doc/EasyRSA-Advanced.md | 2 +-
doc/EasyRSA-Readme.md | 6 +++---
doc/EasyRSA-Upgrade-Notes.md | 2 +-
doc/Intro-To-PKI.md | 2 +-
4 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/doc/EasyRSA-Advanced.md b/doc/EasyRSA-Advanced.md
index 6406946..64b29ae 100644
--- a/doc/EasyRSA-Advanced.md
+++ b/doc/EasyRSA-Advanced.md
@@ -108,7 +108,7 @@ possible terse description is shown below:
extensions
* `EASYRSA_REQ_CN` (CLI: `--req-cn`) - default CN, necessary to set in BATCH
mode
- * `EASYRSA_DIGEST` (CLI: `--digest`) - set a hash diget to use for req/cert
+ * `EASYRSA_DIGEST` (CLI: `--digest`) - set a hash digest to use for req/cert
signing
* `EASYRSA_BATCH` (CLI: `--batch`) - enable batch (no-prompt) mode; set
env-var to non-zero string to enable (CLI takes no options)
diff --git a/doc/EasyRSA-Readme.md b/doc/EasyRSA-Readme.md
index 568c3a6..bece589 100644
--- a/doc/EasyRSA-Readme.md
+++ b/doc/EasyRSA-Readme.md
@@ -74,7 +74,7 @@ Obtaining and Using Easy-RSA
General usage and command help can be shown with:
./easyrsa help [ command ]
-
+
When run without any command, general usage and a list of available commands
are shown; when a command is supplied, detailed help output for that command
is shown.
@@ -135,7 +135,7 @@ you need a more basic description of how a PKI works.
When building a CA, a number of new files are created by a combination of
Easy-RSA and (indirectly) openssl. The important CA files are:
-
+
* `ca.crt` - This is the CA certificate
* `index.txt` - This is the "master database" of all issued certs
* `serial` - Stores the next serial number (serial numbers increment)
@@ -224,7 +224,7 @@ Easy-RSA can generate a keypair and request with the following command:
./easyrsa gen-req nameOfRequest
You will then be given a chance to modify the Subject details of your request.
-By default Easy-RSA uses the short name supplied on the command-line, though you
+Easy-RSA uses the short name supplied on the command-line by default, though you
are free to change it if necessary. After providing a passphrase and Subject
details, the keypair and request files will be shown.
diff --git a/doc/EasyRSA-Upgrade-Notes.md b/doc/EasyRSA-Upgrade-Notes.md
index f5c1514..6cc6df2 100644
--- a/doc/EasyRSA-Upgrade-Notes.md
+++ b/doc/EasyRSA-Upgrade-Notes.md
@@ -54,5 +54,5 @@ Easy-RSA 3 has some new concepts compared to the prior v2 series.
generation as the requester doesn't need to know the CA's values in advance.
Previously in v2, the Country, State, and Org values all had to match or a
- request couldn't be signed. If you want the old behavior your can change the
+ request couldn't be signed. If you want the old behavior you can change the
OpenSSL config to require it or simply look over the DN at signing time.
diff --git a/doc/Intro-To-PKI.md b/doc/Intro-To-PKI.md
index cd8217b..ea56629 100644
--- a/doc/Intro-To-PKI.md
+++ b/doc/Intro-To-PKI.md
@@ -37,7 +37,7 @@ PKI mixed in with one used to generate end-entity certificates, such as clients
or servers (VPN or web servers.)
To start a new PKI, the CA is first created on the secure environment.
-Depending on security needs, this could managed under a locked down account,
+Depending on security needs, this could be managed under a locked down account,
dedicated system, or even a completely offline system or using removable media
to improve security (after all, you can't suffer an online break-in if your
system or PKI is not online.) The exact steps to create a CA are described in a

0
easyrsa.packaging.patch → easy-rsa-packaging.patch
View File

19
easy-rsa.changes
View File

@ -1,3 +1,22 @@
-------------------------------------------------------------------
Sat May 27 07:30:22 UTC 2017 - bruno@ioda-net.ch
- Add special %if for SLE11 as patch tool can't rename files.
- Include upstream patches
+ f174800.patch
Generate random serial number for all certificates
+ 29d4dee.patch
Fixes #91 basename: invalid option -- 's'
+ b93d0a1.patch
Spelling fixes and sentence structure improvements
+ fb4d8d8.patch
Fix comment indicating the end of the function verify_file()
+ b75faa4.patch
Convert README and COPYING into markdown files
- Rename openSUSE specific patch easyrsa.packaging.patch to
easy-rsa-packaging.patch
- spec-cleaner -m (Add also SUSE copyrights)
------------------------------------------------------------------- -------------------------------------------------------------------
Sat Jan 2 21:13:06 UTC 2016 - projects@localside.net Sat Jan 2 21:13:06 UTC 2016 - projects@localside.net

53
easy-rsa.spec
View File

@ -1,6 +1,7 @@
# #
# spec file for package easy-rsa # spec file for package easy-rsa
# #
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2015 Stefan Jakobs. # Copyright (c) 2015 Stefan Jakobs.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
@ -12,28 +13,59 @@
# license that conforms to the Open Source Definition (Version 1.9) # license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative. # published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: easy-rsa Name: easy-rsa
Version: 3.0.1 Version: 3.0.1
Release: 1 Release: 0
License: GPL-2.0
Summary: CLI utility to build and manage a PKI CA Summary: CLI utility to build and manage a PKI CA
Url: https://github.com/OpenVPN/easy-rsa License: GPL-2.0
Group: Productivity/Networking/Security Group: Productivity/Networking/Security
Source: %{name}-%{version}.tar.gz Url: https://github.com/OpenVPN/easy-rsa
Patch0: easyrsa.packaging.patch Source: https://github.com/OpenVPN/easy-rsa/archive/%{version}.tar.gz
# Fixed upstream issues
# Generate random serial number for all certificates
Patch0: https://github.com/OpenVPN/easy-rsa/commit/f174800.patch
# Fixes #91 basename: invalid option -- 's'.
Patch1: https://github.com/OpenVPN/easy-rsa/commit/29d4dee.patch
# spelling fixes and setence structure improvements
Patch2: https://github.com/OpenVPN/easy-rsa/commit/b93d0a1.patch
# Fix comment indicating the end of the function verify_file() comment.
Patch3: https://github.com/OpenVPN/easy-rsa/commit/fb4d8d8.patch
# Convert README and COPYING into markdown files
Patch4: https://github.com/OpenVPN/easy-rsa/commit/b75faa4.patch
# openSUSE specific
Patch100: easy-rsa-packaging.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch BuildArch: noarch
%description %description
easy-rsa is a CLI utility to build and manage a PKI CA. In laymen's terms, easy-rsa is a CLI utility to build and manage a PKI CA. In laymen's terms,
this means to create a root certificate authority, and request and sign this means to create a root certificate authority, and request and sign
certificates, including sub-CAs and certificate revokation lists (CRL). certificates, including sub-CAs and certificate revokation lists (CRL).
%prep %prep
%setup -q %setup -q
%patch0 -p0 %patch0 -p1
sed -i 's;#\(set_var EASYRSA \)"$PWD";\1"/etc/easy-rsa";' easyrsa3/vars.example %patch1 -p1
mv README.quickstart.md README.quickstart %patch2 -p1
%patch3 -p1
%patch4 -p1
%patch100 -p0
sed -i 's;#\(set_var EASYRSA \)"$PWD";\1"%{_sysconfdir}/easy-rsa";' easyrsa3/vars.example
# Add this for SLE11, patch tool can't rename file.
# Next release we should publish .md documentation.
%if 0%{?sles_version} > 0 && 0%{?sles_version} < 12
mv -v COPYING COPYING.md
mv -v README README.md
%endif
mv -v COPYING.md COPYING
mv -v README.md README
mv -v README.quickstart.md README.quickstart
for f in doc/*.md; do for f in doc/*.md; do
mv $f ${f%.md} mv $f ${f%.md}
done done
@ -48,11 +80,12 @@ install -Dm0644 easyrsa3/openssl-1.0.cnf %{buildroot}/%{_sysconfdir}/easy-rsa/op
install -Dm0644 easyrsa3/x509-types/* %{buildroot}/%{_sysconfdir}/easy-rsa/x509-types/ install -Dm0644 easyrsa3/x509-types/* %{buildroot}/%{_sysconfdir}/easy-rsa/x509-types/
install -Dm0755 easyrsa3/easyrsa %{buildroot}/%{_bindir}/easyrsa install -Dm0755 easyrsa3/easyrsa %{buildroot}/%{_bindir}/easyrsa
%files %files
%defattr(-,root,root) %defattr(-,root,root)
%doc KNOWN_ISSUES README README.quickstart COPYING %doc KNOWN_ISSUES README README.quickstart COPYING
%doc Licensing/*
%doc doc/* %doc doc/*
%{_bindir}/easyrsa %{_bindir}/easyrsa
%config(noreplace) %{_sysconfdir}/easy-rsa %config(noreplace) %{_sysconfdir}/easy-rsa
%changelog

31
f174800.patch Normal file
View File

@ -0,0 +1,31 @@
From d309c6aaa23f661ccd2563df6a184e1351293b61 Mon Sep 17 00:00:00 2001
From: ValdikSS <iam@valdikss.org.ru>
Date: Mon, 11 Jan 2016 01:53:32 +0300
Subject: [PATCH] Generate random serial number for all certificates
---
easyrsa3/easyrsa | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index 6fec288..bcb3aeb 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -652,6 +652,17 @@ Certificate created at: $crt_out
build_full() {
verify_ca_init
+ local i= serial= check_serial=
+ for i in 1 2 3 4 5; do
+ "$EASYRSA_OPENSSL" rand -hex 16 -out "$EASYRSA_PKI/serial"
+ serial="$(cat "$EASYRSA_PKI/serial")"
+ check_serial="$("$EASYRSA_OPENSSL" ca -config "$EASYRSA_SSL_CONF" -status "$serial" 2>&1)"
+ case "$check_serial" in
+ *"not present in db"*) break ;;
+ *) continue ;;
+ esac
+ done
+
# pull filename base:
[ -n "$2" ] || die "\
Error: didn't find a file base name as the first argument.

23
fb4d8d8.patch Normal file
View File

@ -0,0 +1,23 @@
From fb4d8d8e26dd83b0782a3e92fded1cd9ca3aa0cd Mon Sep 17 00:00:00 2001
From: Jiri Tyr <jtyr@users.noreply.github.com>
Date: Tue, 21 Jun 2016 14:16:45 +0100
Subject: [PATCH] Fix comment indicating the end of the function
This patch corrects the comment indicating the end of the `verify_file()` function.
---
easyrsa3/easyrsa | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index bcb3aeb..088faeb 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -928,7 +928,7 @@ verify_file() {
local format="$1" path="$2"
"$EASYRSA_OPENSSL" $format -in "$path" -noout 2>/dev/null || return 1
return 0
-} # => verify_x509()
+} # => verify_file()
# show-* command backend
# Prints req/cert details in a readable format