From d21ed100368b413e41d293f2463c5dfc2f7db34df00cc2d3f5603ae187aee8d7 Mon Sep 17 00:00:00 2001 From: Olav Reinert Date: Mon, 16 Oct 2017 06:44:30 +0000 Subject: [PATCH] Update to version 3.0.3 OBS-URL: https://build.opensuse.org/package/show/network:vpn/easy-rsa?expand=0&rev=14 --- 29d4dee.patch | 22 ---- 3.0.1.tar.gz | 3 - 4eac410.patch | 34 ------ 534f673.patch | 72 ------------- 6436eaf.patch | 52 --------- 83a1a21.patch | 52 --------- a138c0d.patch | 22 ---- b75faa4.patch | 102 ------------------ b93d0a1.patch | 80 -------------- d20d2b3.patch | 85 --------------- e9e8e27.patch | 50 --------- easy-rsa.changes | 5 + easy-rsa.spec | 51 +-------- f174800.patch | 31 ------ fb4d8d8.patch | 23 ---- ...sa-packaging.patch => suse-packaging.patch | 0 v3.0.3.tar.gz | 3 + 17 files changed, 11 insertions(+), 676 deletions(-) delete mode 100644 29d4dee.patch delete mode 100644 3.0.1.tar.gz delete mode 100644 4eac410.patch delete mode 100644 534f673.patch delete mode 100644 6436eaf.patch delete mode 100644 83a1a21.patch delete mode 100644 a138c0d.patch delete mode 100644 b75faa4.patch delete mode 100644 b93d0a1.patch delete mode 100644 d20d2b3.patch delete mode 100644 e9e8e27.patch delete mode 100644 f174800.patch delete mode 100644 fb4d8d8.patch rename easy-rsa-packaging.patch => suse-packaging.patch (100%) create mode 100644 v3.0.3.tar.gz diff --git a/29d4dee.patch b/29d4dee.patch deleted file mode 100644 index e78c62e..0000000 --- a/29d4dee.patch +++ /dev/null @@ -1,22 +0,0 @@ -From 29d4dee508706a34b50c20d338b3f2d452446716 Mon Sep 17 00:00:00 2001 -From: Thomas Szteliga -Date: Mon, 21 Mar 2016 17:25:58 +0100 -Subject: [PATCH] Fixes #91 basename: invalid option -- 's'. - ---- - build/build-dist.sh | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/build/build-dist.sh b/build/build-dist.sh -index 2f11fb2..dca4b9a 100755 ---- a/build/build-dist.sh -+++ b/build/build-dist.sh -@@ -88,7 +88,7 @@ stage_win() { - - for f in `ls $SRC_ROOT/doc/*.md`; - do -- fname=`basename -s .md $f` -+ fname=`basename $f .md` - python -m markdown $f > $DIST_ROOT/windows/$PV/doc/$fname.html - done - diff --git a/3.0.1.tar.gz b/3.0.1.tar.gz deleted file mode 100644 index fa28f63..0000000 --- a/3.0.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a1fff75a27ea7da3f37fbfed715633f55b9ca25f5b14cac38e525c5c995e68ae -size 44242 diff --git a/4eac410.patch b/4eac410.patch deleted file mode 100644 index 2f55e70..0000000 --- a/4eac410.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 4eac410bce13a4730aa160ba48e6fa0aef7edd7c Mon Sep 17 00:00:00 2001 -From: azvyagintsev -Date: Tue, 4 Jul 2017 20:14:57 +0300 -Subject: [PATCH] Fix string comprehension - - - "[[" syntax work only in "Bash" ---- - easyrsa3/easyrsa | 6 ++---- - 1 file changed, 2 insertions(+), 4 deletions(-) - -diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa -index e004e2b..901a52f 100755 ---- a/easyrsa3/easyrsa -+++ b/easyrsa3/easyrsa -@@ -641,8 +641,7 @@ $(display_dn req "$req_in") - - # If type is server and no subjectAltName was requested, - # add one to the extensions file -- if [[ "$crt_type" == 'server' ]] -- then -+ if [ "$crt_type" = 'server' ]; then - echo "$EASYRSA_EXTRA_EXTS" | - grep -q subjectAltName || - print $(default_server_san "$req_in") -@@ -941,8 +940,7 @@ default_server_san() { - awk -F'=' '/^ *CN=/{print $2}' - ) - echo "$cn" | egrep -q '^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$' -- if [[ $? -eq 0 ]] -- then -+ if [ $? -eq 0 ]; then - print "subjectAltName = IP:$cn" - else - print "subjectAltName = DNS:$cn" diff --git a/534f673.patch b/534f673.patch deleted file mode 100644 index 0cac058..0000000 --- a/534f673.patch +++ /dev/null @@ -1,72 +0,0 @@ -From 534f67345997603e3b1fbf6b673bbaa65937019e Mon Sep 17 00:00:00 2001 -From: Olav Reinert -Date: Mon, 5 Jun 2017 23:30:57 +0200 -Subject: [PATCH] Make $PWD/pki the default PKI location - ---- - doc/EasyRSA-Advanced.md | 3 ++- - easyrsa3/easyrsa | 14 ++++++++------ - 2 files changed, 10 insertions(+), 7 deletions(-) - -diff --git a/doc/EasyRSA-Advanced.md b/doc/EasyRSA-Advanced.md -index 64b29ae..1bd8c29 100644 ---- a/doc/EasyRSA-Advanced.md -+++ b/doc/EasyRSA-Advanced.md -@@ -34,6 +34,7 @@ Configuration Reference - 1. File referenced by the --vars CLI option - 2. The file referenced by the env-var named `EASYRSA_VARS_FILE` - 3. The `EASYRSA_PKI` directory -+ 4. The default PKI directory at $PWD/pki (usually will be the same as above) - 4. The `EASYRSA` directory - 5. The location of the easyrsa program (usually will be the same as above) - -@@ -80,7 +81,7 @@ possible terse description is shown below: - * `EASYRSA` - should point to the Easy-RSA top-level dir, normally $PWD - * `EASYRSA_OPENSSL` - command to invoke openssl - * `EASYRSA_SSL_CONF` - the openssl config file to use -- * `EASYRSA_PKI` (CLI: `--pki-dir`) - dir to use to hold all PKI-specific files -+ * `EASYRSA_PKI` (CLI: `--pki-dir`) - dir to use to hold all PKI-specific files, normally $PWD/pki. - * `EASYRSA_DN` (CLI: `--dn-mode`) - set to the string `cn_only` or `org` to - alter the fields to include in the req DN - * `EASYRSA_REQ_COUNTRY` (CLI: `--req-c`) - set the DN country with org mode -diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa -index 088faeb..8adc8fc 100755 ---- a/easyrsa3/easyrsa -+++ b/easyrsa3/easyrsa -@@ -989,13 +989,15 @@ vars_setup() { - - # set up program path - local prog_vars="${0%/*}/vars" -+ # set up PKI path -+ local pki_vars="${EASYRSA_PKI:-$PWD/pki}/vars" - - # command-line path: - if [ -f "$EASYRSA_VARS_FILE" ]; then - vars="$EASYRSA_VARS_FILE" -- # EASYRSA_PKI, if defined: -- elif [ -n "$EASYRSA_PKI" ] && [ -f "$EASYRSA_PKI/vars" ]; then -- vars="$EASYRSA_PKI/vars" -+ # PKI location, if present: -+ elif [ -f "$pki_vars" ]; then -+ vars="$pki_vars" - # EASYRSA, if defined: - elif [ -n "$EASYRSA" ] && [ -f "$EASYRSA/vars" ]; then - vars="$EASYRSA/vars" -@@ -1013,9 +1015,9 @@ Note: using Easy-RSA configuration from: $vars" - fi - - # Set defaults, preferring existing env-vars if present -- set_var EASYRSA "$PWD" -+ set_var EASYRSA "${0%/*}" - set_var EASYRSA_OPENSSL openssl -- set_var EASYRSA_PKI "$EASYRSA/pki" -+ set_var EASYRSA_PKI "$PWD/pki" - set_var EASYRSA_DN cn_only - set_var EASYRSA_REQ_COUNTRY "US" - set_var EASYRSA_REQ_PROVINCE "California" -@@ -1225,4 +1227,4 @@ case "$cmd" in - ;; - esac - --# vim: ft=sh nu ai sw=8 ts=8 -+# vim: ft=sh nu ai sw=8 ts=8 noet diff --git a/6436eaf.patch b/6436eaf.patch deleted file mode 100644 index eaac82c..0000000 --- a/6436eaf.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 6436eaf8c1e5e3c44d23c1c7a0a5fef14f19d375 Mon Sep 17 00:00:00 2001 -From: Martin Schmitt -Date: Fri, 30 Jun 2017 16:12:13 +0200 -Subject: [PATCH] Add CN as SAN (if none requested) on server certs by default - ---- - easyrsa3/easyrsa | 25 +++++++++++++++++++++++++ - 1 file changed, 25 insertions(+) - -diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa -index 088faeb..f5ec797 100755 ---- a/easyrsa3/easyrsa -+++ b/easyrsa3/easyrsa -@@ -627,6 +627,15 @@ $(display_dn req "$req_in") - esac - fi - -+ # If type is server and no subjectAltName was requested, -+ # add one to the extensions file -+ if [[ "$crt_type" == 'server' ]] -+ then -+ echo "$EASYRSA_EXTRA_EXTS" | -+ grep -q subjectAltName || -+ print $(default_server_san "$req_in") -+ fi -+ - # Add any advanced extensions supplied by env-var: - [ -n "$EASYRSA_EXTRA_EXTS" ] && print "$EASYRSA_EXTRA_EXTS" - -@@ -923,6 +932,22 @@ display_dn() { - print "$("$EASYRSA_OPENSSL" $format -in "$path" -noout -subject -nameopt multiline)" - } # => display_dn() - -+# generate default SAN from req/X509, passed by full pathname -+default_server_san() { -+ local path="$1" -+ local cn=$( -+ "$EASYRSA_OPENSSL" req -in "$path" -noout -subject -nameopt sep_multiline | -+ awk -F'=' '/^ *CN=/{print $2}' -+ ) -+ echo "$cn" | egrep -q '^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$' -+ if [[ $? -eq 0 ]] -+ then -+ print "subjectAltName = IP:$cn" -+ else -+ print "subjectAltName = DNS:$cn" -+ fi -+} # => default_server_san() -+ - # verify a file seems to be a valid req/X509 - verify_file() { - local format="$1" path="$2" diff --git a/83a1a21.patch b/83a1a21.patch deleted file mode 100644 index 9e0fe6b..0000000 --- a/83a1a21.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 83a1a21e7a90e8666498dec2fa35ee5b8f67920c Mon Sep 17 00:00:00 2001 -From: Eric F Crist -Date: Tue, 22 Aug 2017 20:52:26 -0500 -Subject: [PATCH] Add --copy-ext option - -Adding the --copy-ext option to copy request extension data. This will -resolve #60 and other Subject Alternative Name "issues" that have been -created. - -Signed-off-by: Eric F Crist ---- - easyrsa3/easyrsa | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa -index 81618d3..55de809 100755 ---- a/easyrsa3/easyrsa -+++ b/easyrsa3/easyrsa -@@ -199,6 +199,7 @@ Certificate & Request options: (these impact cert/req field values) - ./easyrsa help altname - --use-algo=ALG : crypto alg to use: choose rsa (default) or ec - --curve=NAME : for elliptic curve, sets the named curve to use -+--copy-ext : Copy included request X509 extensions (namely subjAltName - - Organizational DN options: (only used with the 'org' DN mode) - (values may be blank for org DN options) -@@ -623,6 +624,8 @@ $(display_dn req "$req_in") - # Append first any COMMON file (if present) then the cert-type extensions - cat "$EASYRSA_EXT_DIR/COMMON" - cat "$EASYRSA_EXT_DIR/$crt_type" -+ # copy req extensions -+ [ $EASYRSA_CP_EXT ] && print "copy_extensions = copy" - - # Support a dynamic CA path length when present: - [ "$crt_type" = "ca" ] && [ -n "$EASYRSA_SUBCA_LEN" ] && \ -@@ -1063,6 +1066,7 @@ Note: using Easy-RSA configuration from: $vars" - set_var EASYRSA_TEMP_FILE_3 "" - set_var EASYRSA_REQ_CN ChangeMe - set_var EASYRSA_DIGEST sha256 -+ set_var EASYRSA_CP_EXT 0 - - # Detect openssl config, preferring EASYRSA_PKI over EASYRSA - if [ -f "$EASYRSA_PKI/openssl-1.0.cnf" ]; then -@@ -1165,6 +1169,8 @@ while :; do - export EASYRSA_SUBCA_LEN="$val" ;; - --vars) - export EASYRSA_VARS_FILE="$val" ;; -+ --copy-ext) -+ export EASYRSA_CP_EXT=1 ;; - --subject-alt-name) - export EASYRSA_EXTRA_EXTS="\ - $EASYRSA_EXTRA_EXTS diff --git a/a138c0d.patch b/a138c0d.patch deleted file mode 100644 index 8771a46..0000000 --- a/a138c0d.patch +++ /dev/null @@ -1,22 +0,0 @@ -From a138c0d83b0ff1feed385c5d2d7a1c25422fe04d Mon Sep 17 00:00:00 2001 -From: Uwe Hermann -Date: Sat, 19 Aug 2017 18:17:43 +0200 -Subject: [PATCH] Fix incorrect "openssl rand" usage (#138). - ---- - easyrsa3/easyrsa | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa -index e004e2b..f73b375 100755 ---- a/easyrsa3/easyrsa -+++ b/easyrsa3/easyrsa -@@ -572,7 +572,7 @@ sign_req() { - # Randomize Serial number - local i= serial= check_serial= - for i in 1 2 3 4 5; do -- "$EASYRSA_OPENSSL" rand -hex 16 -out "$EASYRSA_PKI/serial" -+ "$EASYRSA_OPENSSL" rand -hex -out "$EASYRSA_PKI/serial 16" - serial="$(cat "$EASYRSA_PKI/serial")" - check_serial="$("$EASYRSA_OPENSSL" ca -config "$EASYRSA_SSL_CONF" -status "$serial" 2>&1)" - case "$check_serial" in diff --git a/b75faa4.patch b/b75faa4.patch deleted file mode 100644 index db63ef0..0000000 --- a/b75faa4.patch +++ /dev/null @@ -1,102 +0,0 @@ -From b75faa475f22af55202d4b2be429cd30f16f15ac Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Samuli=20Sepp=C3=A4nen?= -Date: Wed, 22 Jun 2016 18:51:48 +0300 -Subject: [PATCH] Convert README and COPYING into markdown files -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Samuli Seppänen ---- - COPYING => COPYING.md | 5 +++-- - README => README.md | 25 +++++++++++++------------ - 2 files changed, 16 insertions(+), 14 deletions(-) - rename COPYING => COPYING.md (91%) - rename README => README.md (68%) - -diff --git a/COPYING b/COPYING.md -similarity index 91% -rename from COPYING -rename to COPYING.md -index 25b910e..39bce08 100644 ---- a/COPYING -+++ b/COPYING.md -@@ -1,15 +1,16 @@ - Easy-RSA -- A Shell-based CA Utility -+==================================== - - Copyright (C) 2013 by the Open-Source OpenVPN development community - --Easy-RSA 3 license: GPLv2: -+Easy-RSA 3 license: GPLv2 - ------------------------- - - All the Easy-RSA code contained in this project falls under a GPLv2 license with - full text available in the Licensing/ directory. Additional components used by - this project fall under additional licenses: - --Additional licenses for external components: -+Additional licenses for external components - ------------------------------------------- - - The following components are under different licenses; while not part of the -diff --git a/README b/README.md -similarity index 68% -rename from README -rename to README.md -index 325e7e6..5a574e5 100644 ---- a/README -+++ b/README.md -@@ -1,39 +1,40 @@ --OVERVIEW: -+# Overview -+ - easy-rsa is a CLI utility to build and manage a PKI CA. In laymen's terms, - this means to create a root certificate authority, and request and sign - certificates, including sub-CAs and certificate revokation lists (CRL). - --DOWNLOADS: -+# Downloads - - If you are looking for release downloads, please see the releases section on - GitHub. Releases are also available as source checkouts using named tags. - --DOCUMENTATION: -+# Documentation - --For 3.x project documentation and usage, see the README.quickstart.md file or -+For 3.x project documentation and usage, see the [README.quickstart.md](README.quickstart.md) file or - the more detailed docs under the doc/ directory. The .md files are in Markdown - format and can be converted to html files as desired for release packages, or - read as-is in plaintext. - --GETTING HELP USING EASY-RSA: -+# Getting help using easy-rsa - - Currently, Easy-RSA development co-exists with OpenVPN even though they are - separate projects. The following resources are good places as of this writing to - seek help using Easy-RSA: - --The openvpn-users mailing list is a good place to post usage or help questions: --https://lists.sourceforge.net/lists/listinfo/openvpn-users -+The [openvpn-users mailing list](https://lists.sourceforge.net/lists/listinfo/openvpn-users) -+is a good place to post usage or help questions. - - You can also try IRC at Freenode/#openvpn - --BRANCH STRUCTURE: -+# Branch structure - - The easy-rsa master branch is currently tracking development for the 3.x release - cycle. The prior 2.x and 1.x versions are available as release branches for - tracking and possible back-porting of relevant fixes. Branch layout is: - -- master <- 3.x, at present -- release/2.x -- release/1.x -+ master <- 3.x, at present -+ release/2.x -+ release/1.x - --LICENSING info for 3.x is in the COPYING file -+LICENSING info for 3.x is in the [COPYING.md](COPYING.md) file diff --git a/b93d0a1.patch b/b93d0a1.patch deleted file mode 100644 index dca40a2..0000000 --- a/b93d0a1.patch +++ /dev/null @@ -1,80 +0,0 @@ -From b93d0a16759137d68f6ffbf9fd41e9de23eacb71 Mon Sep 17 00:00:00 2001 -From: Drew Anderson -Date: Mon, 9 May 2016 10:24:02 +1000 -Subject: [PATCH] spelling fixes and setence structure improvements - ---- - doc/EasyRSA-Advanced.md | 2 +- - doc/EasyRSA-Readme.md | 6 +++--- - doc/EasyRSA-Upgrade-Notes.md | 2 +- - doc/Intro-To-PKI.md | 2 +- - 4 files changed, 6 insertions(+), 6 deletions(-) - -diff --git a/doc/EasyRSA-Advanced.md b/doc/EasyRSA-Advanced.md -index 6406946..64b29ae 100644 ---- a/doc/EasyRSA-Advanced.md -+++ b/doc/EasyRSA-Advanced.md -@@ -108,7 +108,7 @@ possible terse description is shown below: - extensions - * `EASYRSA_REQ_CN` (CLI: `--req-cn`) - default CN, necessary to set in BATCH - mode -- * `EASYRSA_DIGEST` (CLI: `--digest`) - set a hash diget to use for req/cert -+ * `EASYRSA_DIGEST` (CLI: `--digest`) - set a hash digest to use for req/cert - signing - * `EASYRSA_BATCH` (CLI: `--batch`) - enable batch (no-prompt) mode; set - env-var to non-zero string to enable (CLI takes no options) -diff --git a/doc/EasyRSA-Readme.md b/doc/EasyRSA-Readme.md -index 568c3a6..bece589 100644 ---- a/doc/EasyRSA-Readme.md -+++ b/doc/EasyRSA-Readme.md -@@ -74,7 +74,7 @@ Obtaining and Using Easy-RSA - General usage and command help can be shown with: - - ./easyrsa help [ command ] -- -+ - When run without any command, general usage and a list of available commands - are shown; when a command is supplied, detailed help output for that command - is shown. -@@ -135,7 +135,7 @@ you need a more basic description of how a PKI works. - - When building a CA, a number of new files are created by a combination of - Easy-RSA and (indirectly) openssl. The important CA files are: -- -+ - * `ca.crt` - This is the CA certificate - * `index.txt` - This is the "master database" of all issued certs - * `serial` - Stores the next serial number (serial numbers increment) -@@ -224,7 +224,7 @@ Easy-RSA can generate a keypair and request with the following command: - ./easyrsa gen-req nameOfRequest - - You will then be given a chance to modify the Subject details of your request. --By default Easy-RSA uses the short name supplied on the command-line, though you -+Easy-RSA uses the short name supplied on the command-line by default, though you - are free to change it if necessary. After providing a passphrase and Subject - details, the keypair and request files will be shown. - -diff --git a/doc/EasyRSA-Upgrade-Notes.md b/doc/EasyRSA-Upgrade-Notes.md -index f5c1514..6cc6df2 100644 ---- a/doc/EasyRSA-Upgrade-Notes.md -+++ b/doc/EasyRSA-Upgrade-Notes.md -@@ -54,5 +54,5 @@ Easy-RSA 3 has some new concepts compared to the prior v2 series. - generation as the requester doesn't need to know the CA's values in advance. - - Previously in v2, the Country, State, and Org values all had to match or a -- request couldn't be signed. If you want the old behavior your can change the -+ request couldn't be signed. If you want the old behavior you can change the - OpenSSL config to require it or simply look over the DN at signing time. -diff --git a/doc/Intro-To-PKI.md b/doc/Intro-To-PKI.md -index cd8217b..ea56629 100644 ---- a/doc/Intro-To-PKI.md -+++ b/doc/Intro-To-PKI.md -@@ -37,7 +37,7 @@ PKI mixed in with one used to generate end-entity certificates, such as clients - or servers (VPN or web servers.) - - To start a new PKI, the CA is first created on the secure environment. --Depending on security needs, this could managed under a locked down account, -+Depending on security needs, this could be managed under a locked down account, - dedicated system, or even a completely offline system or using removable media - to improve security (after all, you can't suffer an online break-in if your - system or PKI is not online.) The exact steps to create a CA are described in a diff --git a/d20d2b3.patch b/d20d2b3.patch deleted file mode 100644 index 9e38943..0000000 --- a/d20d2b3.patch +++ /dev/null @@ -1,85 +0,0 @@ -From d20d2b3c06baed2fc4e098b12331fd203e723f91 Mon Sep 17 00:00:00 2001 -From: Olav Reinert -Date: Thu, 27 Jul 2017 08:27:27 +0200 -Subject: [PATCH] Update docs and examples to fit changes in 534f673 - ---- - doc/EasyRSA-Advanced.md | 14 +++++++------- - easyrsa3/vars.example | 17 ++++++++++++----- - 2 files changed, 19 insertions(+), 12 deletions(-) - -diff --git a/doc/EasyRSA-Advanced.md b/doc/EasyRSA-Advanced.md -index 1bd8c29..5bcd526 100644 ---- a/doc/EasyRSA-Advanced.md -+++ b/doc/EasyRSA-Advanced.md -@@ -31,12 +31,12 @@ Configuration Reference - The following locations are checked, in this order, for a vars file. Only the - first one found is used: - -- 1. File referenced by the --vars CLI option -+ 1. The file referenced by the --vars CLI option - 2. The file referenced by the env-var named `EASYRSA_VARS_FILE` -- 3. The `EASYRSA_PKI` directory -- 4. The default PKI directory at $PWD/pki (usually will be the same as above) -- 4. The `EASYRSA` directory -- 5. The location of the easyrsa program (usually will be the same as above) -+ 3. The directory referenced by the `EASYRSA_PKI` env-var -+ 4. The default PKI directory at $PWD/pki -+ 4. The directory referenced by the `EASYRSA` env-var -+ 5. The directory containing the easyrsa program - - Defining the env-var `EASYRSA_NO_VARS` will override the sourcing of the vars - file in all cases, including defining it subsequently as a global option. -@@ -78,10 +78,10 @@ Environmental Variables Reference - A list of env-vars, any matching global option (CLI) to set/override it, and a - possible terse description is shown below: - -- * `EASYRSA` - should point to the Easy-RSA top-level dir, normally $PWD -+ * `EASYRSA` - should point to the Easy-RSA top-level dir, where the easyrsa script is located. - * `EASYRSA_OPENSSL` - command to invoke openssl - * `EASYRSA_SSL_CONF` - the openssl config file to use -- * `EASYRSA_PKI` (CLI: `--pki-dir`) - dir to use to hold all PKI-specific files, normally $PWD/pki. -+ * `EASYRSA_PKI` (CLI: `--pki-dir`) - dir to use to hold all PKI-specific files, defaults to $PWD/pki. - * `EASYRSA_DN` (CLI: `--dn-mode`) - set to the string `cn_only` or `org` to - alter the fields to include in the req DN - * `EASYRSA_REQ_COUNTRY` (CLI: `--req-c`) - set the DN country with org mode -diff --git a/easyrsa3/vars.example b/easyrsa3/vars.example -index 2c444d8..c439cba 100644 ---- a/easyrsa3/vars.example -+++ b/easyrsa3/vars.example -@@ -39,10 +39,15 @@ fi - - # DO YOUR EDITS BELOW THIS POINT - --# This variable should point to the top level of the easy-rsa tree. By default, --# this is taken to be the directory you are currently in. -+# This variable is used as the base location of configuration files needed by -+# easyrsa. More specific variables for specific files (e.g., EASYRSA_SSL_CONF) -+# may override this default. -+# -+# The default value of this variable is the location of the easyrsa script -+# itself, which is also where the configuration files are located in the -+# easy-rsa tree. - --#set_var EASYRSA "$PWD" -+#set_var EASYRSA "${0%/*}" - - # If your OpenSSL command is not in the system PATH, you will need to define the - # path to it here. Normally this means a full path to the executable, otherwise -@@ -57,12 +62,14 @@ fi - # This sample is in Windows syntax -- edit it for your path if not using PATH: - #set_var EASYRSA_OPENSSL "C:/Program Files/OpenSSL-Win32/bin/openssl.exe" - --# Edit this variable to point to your soon-to-be-created key directory. -+# Edit this variable to point to your soon-to-be-created key directory. By -+# default, this will be "$PWD/pki" (i.e. the "pki" subdirectory of the -+# directory you are currently in). - # - # WARNING: init-pki will do a rm -rf on this directory so make sure you define - # it correctly! (Interactive mode will prompt before acting.) - --#set_var EASYRSA_PKI "$EASYRSA/pki" -+#set_var EASYRSA_PKI "$PWD/pki" - - # Define X509 DN mode. - # This is used to adjust what elements are included in the Subject field as the DN diff --git a/e9e8e27.patch b/e9e8e27.patch deleted file mode 100644 index e2f518a..0000000 --- a/e9e8e27.patch +++ /dev/null @@ -1,50 +0,0 @@ -From e9e8e272e0eb5225ecfb0d8a0953a5b480c5e85d Mon Sep 17 00:00:00 2001 -From: Martin Schmitt -Date: Fri, 30 Jun 2017 17:04:31 +0200 -Subject: [PATCH] Moved @ValdikSS's serial randomization to sign_req - ---- - easyrsa3/easyrsa | 23 ++++++++++++----------- - 1 file changed, 12 insertions(+), 11 deletions(-) - -diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa -index f5ec797..cff63f2 100755 ---- a/easyrsa3/easyrsa -+++ b/easyrsa3/easyrsa -@@ -569,6 +569,18 @@ sign_req() { - local req_in="$EASYRSA_PKI/reqs/$2.req" - local crt_out="$EASYRSA_PKI/issued/$2.crt" - -+ # Randomize Serial number -+ local i= serial= check_serial= -+ for i in 1 2 3 4 5; do -+ "$EASYRSA_OPENSSL" rand -hex 16 -out "$EASYRSA_PKI/serial" -+ serial="$(cat "$EASYRSA_PKI/serial")" -+ check_serial="$("$EASYRSA_OPENSSL" ca -config "$EASYRSA_SSL_CONF" -status "$serial" 2>&1)" -+ case "$check_serial" in -+ *"not present in db"*) break ;; -+ *) continue ;; -+ esac -+ done -+ - # Support batch by internal caller: - [ "$3" = "batch" ] && local EASYRSA_BATCH=1 - -@@ -661,17 +673,6 @@ Certificate created at: $crt_out - build_full() { - verify_ca_init - -- local i= serial= check_serial= -- for i in 1 2 3 4 5; do -- "$EASYRSA_OPENSSL" rand -hex 16 -out "$EASYRSA_PKI/serial" -- serial="$(cat "$EASYRSA_PKI/serial")" -- check_serial="$("$EASYRSA_OPENSSL" ca -config "$EASYRSA_SSL_CONF" -status "$serial" 2>&1)" -- case "$check_serial" in -- *"not present in db"*) break ;; -- *) continue ;; -- esac -- done -- - # pull filename base: - [ -n "$2" ] || die "\ - Error: didn't find a file base name as the first argument. diff --git a/easy-rsa.changes b/easy-rsa.changes index 7c6fca1..e69b03b 100644 --- a/easy-rsa.changes +++ b/easy-rsa.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Oct 16 06:38:49 UTC 2017 - seroton10@gmail.com + +- Update to version 3.0.3 + ------------------------------------------------------------------- Wed Aug 23 09:06:23 UTC 2017 - seroton10@gmail.com diff --git a/easy-rsa.spec b/easy-rsa.spec index 0e67f88..afb5136 100644 --- a/easy-rsa.spec +++ b/easy-rsa.spec @@ -18,40 +18,14 @@ Name: easy-rsa -Version: 3.0.1 +Version: 3.0.3 Release: 0 Summary: CLI utility to build and manage a PKI CA License: GPL-2.0 Group: Productivity/Networking/Security Url: https://github.com/OpenVPN/easy-rsa -Source: https://github.com/OpenVPN/easy-rsa/archive/%{version}.tar.gz -# Fixed upstream issues -# Generate random serial number for all certificates -Patch0: https://github.com/OpenVPN/easy-rsa/commit/f174800.patch -# Fixes #91 basename: invalid option -- 's'. -Patch1: https://github.com/OpenVPN/easy-rsa/commit/29d4dee.patch -# spelling fixes and setence structure improvements -Patch2: https://github.com/OpenVPN/easy-rsa/commit/b93d0a1.patch -# Fix comment indicating the end of the function verify_file() comment. -Patch3: https://github.com/OpenVPN/easy-rsa/commit/fb4d8d8.patch -# Convert README and COPYING into markdown files -Patch4: https://github.com/OpenVPN/easy-rsa/commit/b75faa4.patch -# Add CN as SAN (if none requested) on server certs by default -Patch5: https://github.com/OpenVPN/easy-rsa/commit/6436eaf.patch -# Moved @ValdikSS's serial randomization to sign_req -Patch6: https://github.com/OpenVPN/easy-rsa/commit/e9e8e27.patch -# Make $PWD/pki the default PKI location -Patch7: https://github.com/OpenVPN/easy-rsa/commit/534f673.patch -# Update docs and examples to fit changes in 534f673 -Patch8: https://github.com/OpenVPN/easy-rsa/commit/d20d2b3.patch -# Fix string comprehension -Patch9: https://github.com/OpenVPN/easy-rsa/commit/4eac410.patch -# Fix incorrect "openssl rand" usage -Patch10: https://github.com/OpenVPN/easy-rsa/commit/a138c0d.patch -# Add --copy-ext option -Patch11: https://github.com/OpenVPN/easy-rsa/commit/83a1a21.patch -# openSUSE specific -Patch100: easy-rsa-packaging.patch +Source: https://github.com/OpenVPN/easy-rsa/archive/v%{version}.tar.gz +Patch100: suse-packaging.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch @@ -62,27 +36,8 @@ certificates, including sub-CAs and certificate revokation lists (CRL). %prep %setup -q -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 %patch100 -p0 -# Add this for SLE11, patch tool can't rename file. -# Next release we should publish .md documentation. -%if 0%{?sles_version} > 0 && 0%{?sles_version} < 12 -mv -v COPYING COPYING.md -mv -v README README.md -%endif - %build %install diff --git a/f174800.patch b/f174800.patch deleted file mode 100644 index c748573..0000000 --- a/f174800.patch +++ /dev/null @@ -1,31 +0,0 @@ -From d309c6aaa23f661ccd2563df6a184e1351293b61 Mon Sep 17 00:00:00 2001 -From: ValdikSS -Date: Mon, 11 Jan 2016 01:53:32 +0300 -Subject: [PATCH] Generate random serial number for all certificates - ---- - easyrsa3/easyrsa | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa -index 6fec288..bcb3aeb 100755 ---- a/easyrsa3/easyrsa -+++ b/easyrsa3/easyrsa -@@ -652,6 +652,17 @@ Certificate created at: $crt_out - build_full() { - verify_ca_init - -+ local i= serial= check_serial= -+ for i in 1 2 3 4 5; do -+ "$EASYRSA_OPENSSL" rand -hex 16 -out "$EASYRSA_PKI/serial" -+ serial="$(cat "$EASYRSA_PKI/serial")" -+ check_serial="$("$EASYRSA_OPENSSL" ca -config "$EASYRSA_SSL_CONF" -status "$serial" 2>&1)" -+ case "$check_serial" in -+ *"not present in db"*) break ;; -+ *) continue ;; -+ esac -+ done -+ - # pull filename base: - [ -n "$2" ] || die "\ - Error: didn't find a file base name as the first argument. diff --git a/fb4d8d8.patch b/fb4d8d8.patch deleted file mode 100644 index 509fb3a..0000000 --- a/fb4d8d8.patch +++ /dev/null @@ -1,23 +0,0 @@ -From fb4d8d8e26dd83b0782a3e92fded1cd9ca3aa0cd Mon Sep 17 00:00:00 2001 -From: Jiri Tyr -Date: Tue, 21 Jun 2016 14:16:45 +0100 -Subject: [PATCH] Fix comment indicating the end of the function - -This patch corrects the comment indicating the end of the `verify_file()` function. ---- - easyrsa3/easyrsa | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa -index bcb3aeb..088faeb 100755 ---- a/easyrsa3/easyrsa -+++ b/easyrsa3/easyrsa -@@ -928,7 +928,7 @@ verify_file() { - local format="$1" path="$2" - "$EASYRSA_OPENSSL" $format -in "$path" -noout 2>/dev/null || return 1 - return 0 --} # => verify_x509() -+} # => verify_file() - - # show-* command backend - # Prints req/cert details in a readable format diff --git a/easy-rsa-packaging.patch b/suse-packaging.patch similarity index 100% rename from easy-rsa-packaging.patch rename to suse-packaging.patch diff --git a/v3.0.3.tar.gz b/v3.0.3.tar.gz new file mode 100644 index 0000000..f866f32 --- /dev/null +++ b/v3.0.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3e41c0dfebe04332cdc07f13bf48a69e25dfc31d059e94071a9cfb9f3bba6f9a +size 636592