commit df20d8b3931540be2c02595a82679aecdcea6dd61a05fcc48370591298b572ad Author: Richard Rahl Date: Sat Nov 30 03:08:14 2024 +0000 Accepting request 1227414 from home:rrahl0 - update to 3.2.1: * inline: Add decimal value for cert. serial * Always exit with error for unknown command options * ntegrate Easy-RSA TLS-Key for use with 'init-pki soft' * easyrsa-tools.lib, show-expire: Add CA certificate to report * inline: OpenVPN TLS Keys inlining for TLS-AUTH, TLS-CRYPT-V1 * easyrsa-tools.lib: OpenVPN TLS Key gen. TLS-AUTH, TLS-CRYPT-V1 * easyrsa-tools.lib: expire_status_v2() (show-expire version 2) * sign-req: Require 128bit serial number * Move command 'verify-cert' to Tools-lib; drop 'verify' shortcut * Windows secure_session(): Ensure $secured_session dir is created * Switch to '-f' for file existence * inline: Move auto-inline from build_full() to sign_req() * gen-crl: Create additional CRL in DER format * self-sign: Allow Edwards Curve based keys * Re-enable command 'renew' (version 2): Requires EasyRSA Tools * bug-fix: revoke: Pass the correct certificate location * vars.example: Add flags for auto-SAN and X509 critical attribute * Global option --eku-crit: Mark X509 extendedKeyUsage as critical * sign-req: Add critical and pathlen details to confirmation * export-p12: Automatically generate inline file * Introduce global option --auto-san, use commonName as SAN * Introduce global option --san-crit, mark SAN critical * Introduce new global options: --ku-crit and --bc-crit * gen-req: Always check for existing request file * revoke/revoke-expired/-renewed: Keep duplicate certificate * revoke-expired/-renewed: Keep req/key files for resigning * revoke: Add abbreviations for optional 'reason' * build-ca: Allow use of --req-cn without batch mode * gen-req: Re-enable use of --req-cn * write: Change syntax, target as file, not directory - update to 3.2.0: * Revert ca76697: Restore escape_hazard() * New X509 Type: 'selfsign' Internal only * New commands: self-sign-server and self-sign-client * build-ca: Command 'req', remove SSL option '-keyout' * Remove escape_hazard(), obsolete * Remove command and function display_cn(), unused * docs: Update EasyRSA-Renew-and-Revoke.md * Remove all 'renew' code; replaced by 'expire' code * Introduce commands: 'expire' and 'revoke-expired' * Keep request files [CSR] when revoking certificates * Restrict use of --req-cn to build-ca * Remove command 'display-san' (Code removed in 5a06f94) * Move Status Reports to 'easyrsa-tools.lib' * export-p12, OpenSSL v1.x: Upgrade PBE and MAC options * LibreSSL: Add fix for missing 'x509' option '-ext' * Variable heredoc expansion for SSL/Safe Config file * Always use here-doc version of openssl-easyrsa.cnf * export-p12: New command option 'legacy'. OpenSSL V3 Only * export-p12: Always set 'friendlyName' to file-name-base * As of Easy-RSA version 3.2.0-beta1, the configuration files vars.example, openssl-eayrsa.cnf and all files in x509-types directory are no longer required * Rename X509-type file code-signing to codeSigning * init-pki: Always write vars.example file to fresh PKI * New command 'write': Write 'legacy' files to stdout or files * Remove command 'make-safe-ssl': Replaced by command 'write safe-cnf' * New Command 'rand': Expose easyrsa_random() to the command line * Remove function 'set_pass_legacy()' * Remove command 'rewind-renew' * Remove command 'rebuild' * Remove command 'upgrade' * Remove EASYRSA_NO_VARS; Allow graceful use without a vars file * New diagnostic command 'display-cn' * Expand renewable certificate types to include code-signing - attach a source to keyring OBS-URL: https://build.opensuse.org/request/show/1227414 OBS-URL: https://build.opensuse.org/package/show/network:vpn/easy-rsa?expand=0&rev=46 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/EasyRSA-3.1.7.tgz b/EasyRSA-3.1.7.tgz new file mode 100644 index 0000000..7ff5c13 --- /dev/null +++ b/EasyRSA-3.1.7.tgz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:aaa48fadcbb77511b9c378554ef3eae09f8c7bc149d6f56ba209f1c9bab98c6e +size 81373 diff --git a/EasyRSA-3.1.7.tgz.sig b/EasyRSA-3.1.7.tgz.sig new file mode 100644 index 0000000..7791330 Binary files /dev/null and b/EasyRSA-3.1.7.tgz.sig differ diff --git a/EasyRSA-3.2.1.tgz b/EasyRSA-3.2.1.tgz new file mode 100644 index 0000000..ac54bb5 --- /dev/null +++ b/EasyRSA-3.2.1.tgz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ec0fdca46c07afef341e0e0eeb2bf0cfe74a11322b77163e5d764d28cb4eec89 +size 79917 diff --git a/EasyRSA-3.2.1.tgz.sig b/EasyRSA-3.2.1.tgz.sig new file mode 100644 index 0000000..552b758 Binary files /dev/null and b/EasyRSA-3.2.1.tgz.sig differ diff --git a/easy-rsa.changes b/easy-rsa.changes new file mode 100644 index 0000000..b4313ec --- /dev/null +++ b/easy-rsa.changes @@ -0,0 +1,381 @@ +------------------------------------------------------------------- +Sat Nov 30 02:54:52 UTC 2024 - Richard Rahl + +- update to 3.2.1: + * inline: Add decimal value for cert. serial + * Always exit with error for unknown command options + * ntegrate Easy-RSA TLS-Key for use with 'init-pki soft' + * easyrsa-tools.lib, show-expire: Add CA certificate to report + * inline: OpenVPN TLS Keys inlining for TLS-AUTH, TLS-CRYPT-V1 + * easyrsa-tools.lib: OpenVPN TLS Key gen. TLS-AUTH, TLS-CRYPT-V1 + * easyrsa-tools.lib: expire_status_v2() (show-expire version 2) + * sign-req: Require 128bit serial number + * Move command 'verify-cert' to Tools-lib; drop 'verify' shortcut + * Windows secure_session(): Ensure $secured_session dir is created + * Switch to '-f' for file existence + * inline: Move auto-inline from build_full() to sign_req() + * gen-crl: Create additional CRL in DER format + * self-sign: Allow Edwards Curve based keys + * Re-enable command 'renew' (version 2): Requires EasyRSA Tools + * bug-fix: revoke: Pass the correct certificate location + * vars.example: Add flags for auto-SAN and X509 critical attribute + * Global option --eku-crit: Mark X509 extendedKeyUsage as critical + * sign-req: Add critical and pathlen details to confirmation + * export-p12: Automatically generate inline file + * Introduce global option --auto-san, use commonName as SAN + * Introduce global option --san-crit, mark SAN critical + * Introduce new global options: --ku-crit and --bc-crit + * gen-req: Always check for existing request file + * revoke/revoke-expired/-renewed: Keep duplicate certificate + * revoke-expired/-renewed: Keep req/key files for resigning + * revoke: Add abbreviations for optional 'reason' + * build-ca: Allow use of --req-cn without batch mode + * gen-req: Re-enable use of --req-cn + * write: Change syntax, target as file, not directory +- update to 3.2.0: + * Revert ca76697: Restore escape_hazard() + * New X509 Type: 'selfsign' Internal only + * New commands: self-sign-server and self-sign-client + * build-ca: Command 'req', remove SSL option '-keyout' + * Remove escape_hazard(), obsolete + * Remove command and function display_cn(), unused + * docs: Update EasyRSA-Renew-and-Revoke.md + * Remove all 'renew' code; replaced by 'expire' code + * Introduce commands: 'expire' and 'revoke-expired' + * Keep request files [CSR] when revoking certificates + * Restrict use of --req-cn to build-ca + * Remove command 'display-san' (Code removed in 5a06f94) + * Move Status Reports to 'easyrsa-tools.lib' + * export-p12, OpenSSL v1.x: Upgrade PBE and MAC options + * LibreSSL: Add fix for missing 'x509' option '-ext' + * Variable heredoc expansion for SSL/Safe Config file + * Always use here-doc version of openssl-easyrsa.cnf + * export-p12: New command option 'legacy'. OpenSSL V3 Only + * export-p12: Always set 'friendlyName' to file-name-base + * As of Easy-RSA version 3.2.0-beta1, the configuration files + vars.example, openssl-eayrsa.cnf and all files in x509-types directory + are no longer required + * Rename X509-type file code-signing to codeSigning + * init-pki: Always write vars.example file to fresh PKI + * New command 'write': Write 'legacy' files to stdout or files + * Remove command 'make-safe-ssl': Replaced by command 'write safe-cnf' + * New Command 'rand': Expose easyrsa_random() to the command line + * Remove function 'set_pass_legacy()' + * Remove command 'rewind-renew' + * Remove command 'rebuild' + * Remove command 'upgrade' + * Remove EASYRSA_NO_VARS; Allow graceful use without a vars file + * New diagnostic command 'display-cn' + * Expand renewable certificate types to include code-signing +- attach a source to keyring + +------------------------------------------------------------------- +Tue Oct 17 06:35:16 UTC 2023 - Paolo Stivanin + +- Update to 3.1.7: + * Completely Remove Upgrade Functionality + * Expand help to include undocumented commands + * Forbid "default vars in the default PKI" for all commands + * show-expire: Calculate certificate expire seconds from Database date + * Expand help to include undocumented commands + * New command: make-vars - Print vars.example (here-doc) to stdout + * gen-crl: preserve existing crl.pem ownership+mode by @Tabiskabis in #1020 + * Improve vars auto load + * Replace santize_path() and ignore Windows "security" warning + * Improve select_vars() and source_vars() + * sign-req: Allow the CSR DN-field order to be preserved + * vars-file: Warn about EASYRSA_NO_VARS disabling vars-file use + * Expand default status to include vars-file and CA status + * verify_ssl_lib(): Minor style improvements + * cleanup: Rename $easyrsa_error_exit to $easyrsa_exit_with_error + +------------------------------------------------------------------- +Sun Aug 6 18:54:29 UTC 2023 - Matthias Eliasson + +- Update to 3.1.5: + * Build Update: script now supports signing and verifying + * Automate support-file creation (Free packaging) (#964) + * build-ca: New command option 'raw-ca', abbrevation: 'raw' (#963) + This 'raw' method, is the most reliable way to build a CA, + with a password, without writing the CA password to a temp-file. + + This option completely replaces both methods below: + + build-ca: New option --ca-via-stdin, use SSL -pass* argument 'stdin' (#959) + Option '--ca-via-stdin' offers no more security than standard method. + Easy-RSA version 3.1.4 ONLY. + + build-ca: Replace password temp-files with file-descriptors (#955) + Using file-descriptors does not work in Windows. + Easy-RSA version 3.1.3 ONLY. +- update and rebase suse-packaging.patch + +------------------------------------------------------------------- +Tue Jan 17 11:06:55 UTC 2023 - Paolo Stivanin + +- Update to 3.1.2: + * Command 'renew': Remove option 'nopass' + * find_x509_types_dir(): Remove excess checks + * Remove function find_x509_types_dir() + * For 'init-pki hard' only, always try to create a new pki/vars file + * Introduce global option '--notext|--no-text' + * Minor style change + * Introduce command 'set-pass' + * Fix shellcheck warning for command set-pass case statement + * cleanup(): Exit correctly for SIGINT + * Update help: Standardise output; Improve code; Reprioritise options + * vars.example: Add EASYRSA_NO_PASS and wrap long lines + * Use 'unset -v', consistently + * build-ca: Improve passphrase input mechanism + * Remove global options '--verbose' and '--quiet' as not required + * Remove all prerequisite code to build a safe SSL config file + * Rename temp files to reflect the purpose + * easyrsa_openssl(): Always set OPENSSL_CONF to EasyRSA safe SSL config + * Replace SSL calls for serial number with function ssl_cert_serial() + * Introduce OpenSSL only mode: No Safe SSL Config File + * ff_date_to_cert_date(): Correct the input format for busybox date + * Re-order easyrsa_openssl() temp-file assignment + * Stop EASYRSA_DEBUG interfering with SSL output from subshells + * Status reports: Recognise Expired certificates + * New function safe_set_var(): Safe wrapper for set_var() + * Windows, build-ca: Add input password to re-open private key + * Renewal: General code improvements + * cleanup(): General improvements - Create KNOWN error exit + * build-ca: Change FATAL error to warning for old openssl-easyrsa.cnf + * Allow --fix-offset to create post-dated certificates + * Default settings: Make default Edwards curve ED25519 + * cleanup(): Exit with numeric error-code only + * init-pki(): Introduce second warning before HARD removal + * build-full: Always enable inline file creation + * Global option '--passout' always take priority ONLY + * Status Reports: Set 'LC_TIME=C.UTF-8', only used for reports + * Option --fix-offset: Adjust off-by-one day +- Drop fix-747.patch + +------------------------------------------------------------------- +Tue Dec 13 23:09:09 UTC 2022 - Olav Reinert + +- fix for 3.1.1: + * add patch fix-747.patch from upstream + +------------------------------------------------------------------- +Sat Dec 3 19:41:33 UTC 2022 - Dirk Müller + +- update to 3.1.1: + * Remove command 'renewable' (#715) + * Expand 'show-renew', include 'renewed/certs_by_serial' (#700) + * Resolve long-standing issue with --subca-len=N (#691) + * ++ NOTICE: Add EasyRSA-Renew-and-Revoke.md (#690) + * Require 'openssl-easyrsa.cnf' is up to date (#695} + * Introduce 'renew' (version 3). Only renew cert (#688) + * Always ensure X509-types files exist (#581 #696) + * Expand alias '--days' to all suitable options with a period (#674) + * Introduce --keep-tmp, keep temp files for debugging (#667) + * Introduce Option -q|--quiet, disable information output (#703) + * Add serialNumber (OID 2.5.4.5) to DN 'org' mode (#606) + * Support ampersand and dollar-sign in vars file (#590) + * Introduce 'rewind-renew' (#579) + * Expand status reports to include checking a single cert (#577) + * Introduce 'revoke-renewed' (#547) + * update OpenSSL for Windows to 3.0.5 + +------------------------------------------------------------------- +Mon Sep 5 16:23:46 UTC 2022 - Florian "spirit" + +- Update to 3.1.0 (2022-05-18) + * Introduce basic support for OpenSSL version 3 (#492) + * Update regex in grep to be POSIX compliant (#556) + * Introduce status reporting tools (#555 & #557) + * Display certificates using UTF8 (#551) + * Allow certificates to be created with fixed date offset (#550) + * Add 'verify' to verify certificate against CA (#549) + * Add PKCS#12 alias 'friendlyName' (#544) + * Disallow use of '--vars=FILE init-pki' (#566) + * Support multiple IP-Addresses in SAN (#564) + * Add option '--renew-days=NN', custom renew grace period (#557) + * Add 'nopass' option to the 'export-pkcs' functions (#411) + * Add support for 'busybox' (#543) + * Add option '--tmp-dir=DIR' to declare Temp-dir (Commit f503a22) + +------------------------------------------------------------------- +Wed Jun 15 19:12:30 UTC 2022 - Olav Reinert + +- Update to 3.0.9 (2022-05-04) + + * Upgrade OpenSSL from 1.1.0j to 1.1.1o (#405, #407) + - We are buliding this ourselves now. + * Fix --version so it uses EASYRSA_OPENSSL (#416) + * Use openssl rand instead of non-POSIX mktemp (#478) + * Fix paths with spaces (#443) + * Correct OpenSSL version from Homebrew on macOs (#416) + * Fix revoking a renewed certificate (Original PR #394) + * Follow-up commit: ef22701 + * Introduce 'show-crl' (d199389) + * Support Windows-Git 'version of bash' (#533) + * Disallow use of single quote (') in vars file, Warning (#530) + * Creating a CA uses x509-types/ca and COMMON (#526) + * Prefer 'PKI/vars' over all other locations (#528) + * Introduce 'init-pki soft' option (#197) + * Warnings are no longer silenced by --batch (#523) + * Improve packaging options (#510) + +------------------------------------------------------------------- +Wed Nov 25 16:48:19 UTC 2020 - Olav Reinert + +- update to 3.0.8 (2020-09-09) + * Provide --version option (#372) + * Version information now within generated certificates like on *nix + * Fixed issue where gen-dh overwrote existing files without warning (#373) + * Fixed issue with ED/EC certificates were still signed by RSA (#374) + * Added support for export-p8 (#339) + * Clarified error message (#384) + * 2->3 upgrade now errors and prints message when vars isn't found (#377) + * Update OpenSSL Windows binaries to 1.1.1g + * Reverted OpenSSL back to 1.1.0j + +------------------------------------------------------------------- +Tue Feb 12 12:26:17 UTC 2019 - Tuukka Pasanen + +- update to 3.0.6 (2019-02-01) + * Certifcates that are revoked now move to a revoked subdirectory (#63) + * EasyRSA no longer clobbers non-EASYRSA environment variables (#277) + * More sane string checking, allowingn for commas in CN (#267) + * Support for reasonCode in CRL (#280) + * Better handling for capturing passphrases (#230, others) + * Improved LibreSSL/MacOS support + * Adds support to renew certificates up to 30 days before expiration (#286) + - This changes previous behavior allowing for certificate creation using + duplicate CNs. +- update and rebase suse-packaging.patch + +------------------------------------------------------------------- +Fri Nov 30 11:10:10 UTC 2018 - chris@computersalat.de + +- update to 3.0.5 + * Fix #17 & #58: use AES256 for CA key + * Also, don't use read -s, use stty -echo + * Fix broken "nopass" option + * Add -r to read to stop errors reported by shellcheck (and to behave) + * remove overzealous quotes around $pkcs_opts (more SC errors) +- update and rebase suse-packaging.patch + * fix: set_var EASYRSA in vars.example +- fix License + +------------------------------------------------------------------- +Sun Jan 28 19:05:46 UTC 2018 - seroton10@gmail.com + +- Upgrade to version 3.0.4 + * Remove use of egrep (#154) + * Finally(?) fix the subjectAltName issues (really fixes #168) +- Improve RPM description + +------------------------------------------------------------------- +Wed Oct 18 08:40:40 UTC 2017 - astieger@suse.com + +- update release tarball instead of git snapshot +- add upstream signing keyring and verify source signature + +------------------------------------------------------------------- +Mon Oct 16 06:38:49 UTC 2017 - seroton10@gmail.com + +- Update to version 3.0.3 +- Rename easy-rsa-packaging.patch to suse-packaging.patch +- Remove obsolete upstream patches: + * f174800.patch + * 29d4dee.patch + * b93d0a1.patch + * fb4d8d8.patch + * b75faa4.patch + * 6436eaf.patch + * e9e8e27.patch + * 534f673.patch + * d20d2b3.patch + * 4eac410.patch + * a138c0d.patch + * 83a1a21.patch + + +------------------------------------------------------------------- +Wed Aug 23 09:06:23 UTC 2017 - seroton10@gmail.com + +- Include upstream patches: + + 4eac410.patch + Fix string comprehension + + a138c0d.patch + Fix incorrect "openssl rand" usage + + 83a1a21.patch + Add --copy-ext option + + +------------------------------------------------------------------- +Fri Jul 28 21:27:09 UTC 2017 - seroton10@gmail.com + +- Include upstream patches: + + d20d2b3.patch + Update docs and examples to fit changes in 534f673 +- Adapted easy-rsa-packaging.patch to work with upstream patch + +------------------------------------------------------------------- +Mon Jul 24 23:04:34 UTC 2017 - seroton10@gmail.com + +- Include upstream patches: + + 534f673.patch + Make $PWD/pki the default PKI location +- Adapted easy-rsa-packaging.patch to work with upstream patch +- Treat /etc/easy-rsa as public default config, no default vars + +------------------------------------------------------------------- +Tue Jul 18 18:32:22 UTC 2017 - seroton10@gmail.com + +- Include upstream patches: + + 6436eaf.patch + Add CN as SAN (if none requested) on server certs by default + + e9e8e27.patch + Moved @ValdikSS's serial randomization to sign_req + +------------------------------------------------------------------- +Mon Jun 5 18:38:00 UTC 2017 - seroton10@gmail.com + +- Undo removal of .md suffix on markdown documentation + +------------------------------------------------------------------- +Sat May 27 07:30:22 UTC 2017 - bruno@ioda-net.ch + +- Add special %if for SLE11 as patch tool can't rename files. +- Include upstream patches + + f174800.patch + Generate random serial number for all certificates + + 29d4dee.patch + Fixes #91 basename: invalid option -- 's' + + b93d0a1.patch + Spelling fixes and sentence structure improvements + + fb4d8d8.patch + Fix comment indicating the end of the function verify_file() + + b75faa4.patch + Convert README and COPYING into markdown files +- Rename openSUSE specific patch easyrsa.packaging.patch to + easy-rsa-packaging.patch +- spec-cleaner -m (Add also SUSE copyrights) + +------------------------------------------------------------------- +Sat Jan 2 21:13:06 UTC 2016 - projects@localside.net + +- update to version 3.0.1 + * cab4a07 Fix typo: Hellman + (ljani: Github) + + * 171834d Fix typo: Default + (allo-: Github) + + * 8b42eea Make aes256 default, replacing 3des + (keros: Github) + + * f2f4ac8 Make -utf8 default + (roubert: Github) + + +------------------------------------------------------------------- +Sun Apr 5 19:48:24 UTC 2015 - projects@localside.net + +- initial upload: 3.0.0-rc2 (2014/07/27) + diff --git a/easy-rsa.keyring b/easy-rsa.keyring new file mode 100644 index 0000000..7109b55 --- /dev/null +++ b/easy-rsa.keyring @@ -0,0 +1,232 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Comment: Hostname: +Version: Hockeypuck 2.2 + +xsBNBE7iW4ABCACrFJSXjJIxJitv5iZ9LA8f3fp8shOVG+qTJY3+cViCcj+KG3CJ +qY3ihxTuN9XHO9rMg7biuICQXurzSDXMkXgxIBVtq002mzCrFr/3YQBkRKXJWLBL ++M6DOO/bamLAtzs6HBy1OjQVO2VAx0NqqLEWEjS7XW9XIbYswE03geDffbiXHHFc +/rnoCtm5JJC4g2D7UyVS7li1SckCFeQ5g0PH8JkhN3Z8BIA1ddhehobyZr3QlRXs +1EgE08MK3YZra/qVsYMAFSYX/KiP4JWYEQaDmbSc24kFyFEZD7AZej1PDl/uVBNa +RbGblHyVHfwhFXt4GjJOglEbpojgfCj2JnS/ABEBAAHNKkVyaWMgRiBDcmlzdCA8 +ZWNyaXN0QHNlY3VyZS1jb21wdXRpbmcubmV0PsLAmAQTAQgAQgIbLwYLCQgHAwIG +FQgCCQoLBBYCAwECHgECF4ACGQEWIQRvQFaCEVLwO2sk8vz4SJ+DnXNn8wUCZYRP +qwUJHB80KwAKCRD4SJ+DnXNn81TrB/9ovSFoN+TGx+++94r/DBU6MtkjAwi0Ze7+ +Jx8K8ydXAqQXtPhPEyQ2dAhI9yc8pz0V0SohdXOpTkrvg4pot+JiRSNCCNMYLDNk +tCWDT4iL3f7InUfpTvE/mPxMUM39oBdRZB33Dt89GAPTbmR2+c1htL5n7ybaZMNB +f51Dbwp8VYb3Chv5VIuxhIU34Om9qzaJ0zh32yatXigghzdGcXUJN9KNJhBQsmxh +yTsmIm/dMmJzz0zaP0hyg0pdi45Anv79gOcnrLW/4Vd/NVb3NoAolqdnFRKFbT6H +BvnX+eTlXONNeSqY/EdFF0oHGQjcYESNfBCIlz+3/vz1Mq/Hms6dwsCBBBMBAgAr +AhsvBQkRDRaABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUCTuJn/AIZAQAKCRD4 +SJ+DnXNn81PuCAClwsc+CDBoYlj3YCmjhZPwEkTBUL6wevFvFdsODZ+B8zSoYpv6 +To2v6rpkjUx7nhhB3gQPTgY/zr1YjKFolAlD6aaJpmdMwMdlsPwmRwJmqn9ukJ81 +kIr8i/5vgYjj3TfbKZBdW3rT5ljGnxVU7Nv+MVSPVI9+G/eWeZA7NSDV+W+ZLxrC +12j421NQCfOXga7f2mCvGCBlI54YC0JoFALBNm8OstbUYHx59FibfG+5pVhfDP+E +XSyoDqDPkGIquUsmG4xJ4FKvvQbzE275PxDychaHcbQJaV8so/sz58K+0LE6CNy3 +OW+YSZ1y7R9JUA5HeusoMeqjtYJpZqUWWZ2gwsCYBBMBAgArAhsvBQkRDRaABgsJ +CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUCTuJn/AIZAQAhCRD4SJ+DnXNn8xYhBG9A +VoIRUvA7ayTy/PhIn4Odc2fzU+4IAKXCxz4IMGhiWPdgKaOFk/ASRMFQvrB68W8V +2w4Nn4HzNKhim/pOja/qumSNTHueGEHeBA9OBj/OvViMoWiUCUPppommZ0zAx2Ww +/CZHAmaqf26QnzWQivyL/m+BiOPdN9spkF1betPmWMafFVTs2/4xVI9Uj34b95Z5 +kDs1INX5b5kvGsLXaPjbU1AJ85eBrt/aYK8YIGUjnhgLQmgUAsE2bw6y1tRgfHn0 +WJt8b7mlWF8M/4RdLKgOoM+QYiq5SyYbjEngUq+9BvMTbvk/EPJyFodxtAlpXyyj ++zPnwr7QsToI3Lc5b5hJnXLtH0lQDkd66ygx6qO1gmlmpRZZnaDCwH4EEwECACgF +Ak7iW4ACGy8FCRENFoAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEPhIn4Od +c2fze5oH/RFk09T/tTe4NjMzPKSveqd5WPyOD5lu24RliTggn92AEJi5k7ptICoU +P6Y1v3dQjmtWW2U/UD1KcqCiivW5RkFjYuqX67/Krq7AFmSzT8gzuoNgH3FRxzYI +txmhw7cISjrp4FzrDoxTolz5SHeuoBYtfGTNxJAaqaJUOKed5MqGrEBGUPgdL6Il +3IDj6xvMPExBcgrid8SpMw7kVjJdFsvJUlABRGPxKN9kjmMAdA7ZUdMhucPmy2cZ +dl3OEiedXLab0mrlcIa3n3iSFYZ78F2LeLFMpuu3TabMr3BzpVmiciq5EieHS9yq +xkZeKN4BgKCobX649qSJESlPIBHa9qPCRgQSEQIABgUCTuJeTwAKCRAMLXzowFF+ +ujQjAJ9isE1YeLT8lITW4+ewRmFNcsgTcQCeLMnoxBjjDPfViepItuHAEsBjet7C +RgQTEQIABgUCTvnAeAAKCRDCnZftGY0io/4HAKCGoTyQ7sTs8gJKmx8mGQzCCjok +0ACggMLUSOe/TPP+PtzaCsipTiDjswLCXgQQFggABgUCWl5xAwAKCRAbuJwGAjZ0 +Sb24AP9SmjtOJWoEA7HrPQggFWsfADkVWBS8zkXiXSsBq1eFSgEA6Nzx06yf7khT +aRYeiB0sXIL7howKkJpoSzo+kuKvlw/CwXMEEAEKAB0WIQR8be/qSPKMJatwobGX +AWp1Oz4BAwUCW1K6vwAKCRCXAWp1Oz4BA39xEADSyA9jEP2/3L0KSTsywqQTcFBG +jp3H7ptzLHakRi+qFYnEd2H5nwG7IG0cV4GlEICRnmx+lJzm5gM9HdprV6uknH4h +VdHJSKb+4OVdqN1jArqoaHxq2k+YPTprruDek6KVS+VKPEVGygooKgiqtbW+PisV +Zx+29CrXuDqpDBrLe+tALQBqrQbvglSfrrCYrUGLxhT31Vt2KCYCnRQmSkuGuCKC +xjN10sw4rx9J3h63qUYfP0WzV71kJ7AkvywvPB20RY8R8UmNjpG0QabhvwVaolWK +Y//OyuCc5y1EuikpM/2Qc4EO3BXfsDIQTnsdLhQBNDl7dM5aXTDkxSUprT+EKx+M +T86bgTH8S0u9AAhYUc5Ty7RPDUcThGkSBvbCqF4XlajlyFs/8xcvIpKAGFaxjevW +L4El10Cn+56VgbRWb4FkmM7adboHo3yZexzkYVcM9wPk3LA1JxAT5ONWR37O0fQ2 +qV1aYp6JrMaKdZouPEpvf1cI+hMUS3vGIdcJ4IF3dcTK+e3L8Rq1n5N/ADXiWXii +16/aLfZ05t0n/1edfbDVuzzy+HsNDxv2xzeYKK2wEQKESkeqyahcTYeoj4DTTATj +vvApcYWzOxZbDg4EO6E/K0BpxOIEwk5N7Kc7Duo5pPD9f3DrJVXACf50QTEkC8lM +7OOSm2tt1AL0SqvfbsLAcwQQAQoAHRYhBEuBeSrI1AQbbtY4UlGpC48a5uJ2BQJf +R7PgAAoJEFGpC48a5uJ2TH8H+gI/TSPQJkiyGk+tK86ak6OzfBuoriVf6MjPIyX/ +XT1n0hV/3GcJ7M/mN32BxsVoCY+lqdmMW8zUykJHTqtXd8No8s/eDYfqFAGY/vUG +TPBL+JTNYiOSYNTHiTLj6URQimLLUypzkpTLdGPsk+3/kKRidNnpLm5PTKyRxiTH +PJH8JHN3KBHZuMu19sgrLSErzLPKv1TNj9GHeG2mP0witsuJvAfRyIlPC0/sa5io +3/mm8jU8vIkH+hvKkklqZamOq1j/iY44Ut7jLuN1RwUrVuO3ls7kxi5FFuFG4tX7 +BZ2GvaxYlHEjDKQe7muqz8QoPWrv21WX5PdxSb1mxuOk++jNH0VyaWMgQ3Jpc3Qg +PGVjcmlzdEBvcGVudnBuLm5ldD7CwH8EEwEIACkFAliZHUcCGy8FCRENFoAHCwkI +BwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRD4SJ+DnXNn8wqBB/4ikOPoRWswncf2 +iDSlP/NiXQe0gZyLqpMB2Cgj7puFnI0rnIQs2+0ICRs1tBHLppKqywzp8ECF3HZW +FyCWVmMaQOiZL3UV9P6Ogy1iWdsDojrTkL7u2q4dd2yvo/BkyjWXdXdm+TucymFN +mcM7l9lktqE1IzPyBDyocsZL1wTXySkyYsj18qnH6e+pm6Z/27/VkvVoJGaqC+Up +bBQqdkvmZMM7peYJmV6yh1mExA1WtYTJXKp+mJfiRh+G5qPqUc/rgWad64dZ/SvC +vuYt+65x4MHqw8JtxfgPhKL+gupjwIfOdiMIb+LRyEbtc5Deu0K/AFozIE8KbqyF +E/xuK5b2wl4EEBYIAAYFAlpecQMACgkQG7icBgI2dEnBKwEA5ToHT79nr/6K0zJP +sgMWRGJGjVZuQU/pMsnhuX1BS00A/3WyDiYJVdMVvxTF5XX/9MlMpLjxav3Kz3nD +9+de9DYAwsFzBBABCgAdFiEEfG3v6kjyjCWrcKGxlwFqdTs+AQMFAltSusAACgkQ +lwFqdTs+AQN4fRAA0pFFBPOMu8kJaHoIe6U8PenZkGZVEHvhdQuNBPRpC3DxSqEU +vwYtTQnMhYKgyeuBLvwnrxYHa8ltm1NFocDYyvGkPcRhEXVctK9oYp4eEF+wjzzo +byItiUEq+lsIKB9qJnflHtITAxm3MAkIjRWOCerAKtTjCi85nQPGFyutvZOR3TVX +7KFSZujoK6AEWi6dG4Dn4qY0d5k3o9boYlt13UMR3gTYih1qlvLE4gKRXBqPTDFF +W0B1lD5vsTLiC1n1ELTQV1FCLCDPm8UmnUqh6J+guFk8kzoEz89QYafIEE4nP+fa +FIFgcuEppiRsJrPbstnjvnAqg/PNpt/XmktKPMI7pxWOGcEgPRLE59NLyqEr+ZJO +eYZkrWKn9Izs2A0XzZ0m+TW0BO5WEbJ+wNqb8kDN4W/Nsbw3IZuWBhPlA4cI1k1V +9n50cD1tlb+NnRuLWIvw5ftd0eOGNYEQVQhGx7zkICrCma9piJ4XwjCyM7JTEnfD +aqbFcTU/vOCaFeeFwtt3uIrXIVRWIHwZP7HscaJ1EqOhENH1AtiokQzHUkTsoIDq +QwGnKjCM4IllU0CUL6rBx2xhUnZJXMrddSphGC5Cx/uqU2Y6RVV4lxt6hW0rVZVQ +uaa0+ZGAT13YfKiV99Rh+osu8IPrEnbK8B+LuimpdD0gw255b+kf3USrI0LCwHME +EAEKAB0WIQRLgXkqyNQEG27WOFJRqQuPGubidgUCX0ez7gAKCRBRqQuPGubidpFh +B/40foOuzdPSefx/1sVfM6npAYIjxZ5b3rYB9rvzGsNRoYU6DL2YAmYhomwZiozd +GthPq/K6T/5kf9YUKMqlADOS41Jt7jnV2G6DXts0bVTFaYB+DHPon+sMdMZ5gwib +6khXJx4Z4oCuiQXxHgPolDHWNQIp1E7CcFuzWtCj7ZNTTYTVRxknX8N0ZaJ0GLVg +nmecmRde8giG1QDyBKqnSE/MoFK+y8Pv79pirxRIMj1OvfdUGOoql4xizacR00iI +i1NZpSgkBKv7RwbzaeszQvC/Q8HlDWDlwG9DjbJBe/mGliq5oAM2lFgknKjg+cwd +8xNHJ4LfSgiYqZdAxhPpXF1KzRtFcmljIENyaXN0IDxlY3Jpc3RAc2ptLmNvbT7C +wH8EEwEIACkFAlXnlEECGy8FCRENFoAHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIX +gAAKCRD4SJ+DnXNn8yVkB/4ySQ0uD+xxxAqa9S/tqeVpuu5Q+5Nz0QnREBG/arGd +v4/geY5/NiyDV6ETCrcLq211LhjAbs+eL/bpcyghzK5t4HZbo5sBfomsifxPrR03 +/ZjeflNGwgN8SB+Y9F7HdWQAaz7tcWko1yS5KeeYfGtRIroYDNuC1bDedC2rKqFX +OQvUBzTw93B3qrYEYysESKmcS5QdS4wHxdqRadBdIfXnBXezFIy+/Bsg4iOfSDga +P1TPUCCOXx80MvBLOv7yiZ8AiptVHDoHJTnujHTVIWbRldl2RgF17RLRKa5QXQUB +802pvepl8+0RuQksU7nDXmxMTgFK9phRASkgc8q6Phrywl4EEBYIAAYFAlpecQMA +CgkQG7icBgI2dEmSCAD+PvCNWjkESN/cl0HuRaTZWPkowwiztbl8oMQMc76yuPUB +AK6I19NRI1OyLCneIeMLZTXzMqIoVw/AJqXmFXNDtGgNwsFzBBABCgAdFiEEfG3v +6kjyjCWrcKGxlwFqdTs+AQMFAltSur8ACgkQlwFqdTs+AQM8XxAA5u/0ve8zZeVi +flOiNxap0TmjD0dKqd1d01qI3CU9A9ZogMlXRL3ai1CCr4tlXj+wdgx5qsXqfXzr +9hL8sH2pKBzaJvIHCL9ciTse5x0uy0AxYPHMup4LpY90TIySlxVz+6eaZcQVIw3s +hmnrwUyuu8OpC5LaJGVAQ2n48NBRfQsdVgluUY6zLyEz4MfAhFyaohz+yNXxXhVW +IcRczIWK87re0dxo5aHmiXk+Jsc1i7Qew6iKGhuUApx2qSrMV/i32iz1eB7A36eT +QBcKx1zRnDbrv8sRvnH5ok/otD8jvFSB6laANF2/mV/soEhtJBkY0pKP4sJcnb1i +R11ozYpsK4EijZ8PesSIzWUZzT7GzXp7xJ6GkhFf67U3LoZt8eZQ/HH/9UDWzBn3 +n06P8UFQ9Z5Sen3w6DBVvguzZfC1K7IiuFc/3B0DPDtjxY4p2OwsrNgvEU2J5lTc +PeOOgqIb736DsI9y/JXnNSk2cvgLbmgKXF7OxmSzJGO2zETmmITx6z4n+EPob+TU +tll2zE5hcyNlJBPwONeZjmQyzWZdyARwjpEXAKwrffuhJhfNM/4OQru7w4y+ip8R +ztpwg3oTCFxbfzNV9he5a6i1Dzp7zAILVHM7vyrA7mN5BgNjvHt9eMxaa1J7n9Hs +wLYqtHM8o0E97OqeNpav3sVsBDNBgQzCwHMEEAEKAB0WIQRLgXkqyNQEG27WOFJR +qQuPGubidgUCX0ez7gAKCRBRqQuPGubidjgcB/9befCAqHYs7QZ8BmJwmr4+a9MG +E0RzMZB2bN5saO5kVB9P6wgvvL4DRkFN4LL/x/ZhRX3hHVz8UgXYq6vgmi3fHt4H +Em4tK11uuc4/WlVBLn+NX6fL4nEZ4n8Kd1xMBed3xh6ZxIpZHEqO+z5UE+xFueVP +rAOf2v2V0Zt9xXclapZ+sg7PWG9jxwOgNS/ZuL93FHZKm8S638u2VKG/NlIdJF/c +twHKW0CZN0Bj7ynCZCSvI72T9isJDrcjUMaoeU3BUKW4ZTil2VKisdQcrN3PPv9z +tQg7frQsg7m+ty+VJn9FlYsgLBjW71xPNkn5oiKzzzAFZyLiHABpN8jvj13czSBF +cmljIENyaXN0IDxlcmljQG1uYW1iZXJydW4ub3JnPsLAfgQTAQIAKAUCUqT3bAIb +LwUJEQ0WgAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ+Eifg51zZ/MC4wf+ +OUQATu1rM3rCSyfUGc/RXyFXcpO2LKjYzqv+e+WlTTEI7xG7qHztWhwtJZxIGSTZ +xKsmA8SvzZ1EcBKRJY2vrS5ah+QUNh7rUS/sbOKlkB58XwE/PIuQZpcJmnrzgNRk +fmDJwblVYM9pWbH15MLmHOpt0Iop1YeFXUlPNe6AFsb7r1F43YsLNoer4pR73zZ1 ++d6l5m8wMk5iemKos7Om8Gh4N3Mv0dkVwDJKkF6z/gZ6JF+XENLfKpylOPZwgOR8 +tm6FMrm+nBVDuQpAJTg45SY4KKMJ6BMkKyDeVt64jR17XBhDrM9ymcd6QdHVed6n +Lff/mRTeAwLAlsRK0gc+xcJeBBAWCAAGBQJaXnEDAAoJEBu4nAYCNnRJ9GABAJeX +Rnd47U35exoHdWjW2QhGL5x78vnPPI8WSU4Omj3FAQD7UrapawUP3pQxu9vOQLoS +VTlwMFNOVWIpzI1oXrLnBMLBcwQQAQoAHRYhBHxt7+pI8owlq3ChsZcBanU7PgED +BQJbUrrAAAoJEJcBanU7PgEDPoUQAITAZQUKojxpxvgSc7tLAFNP03psYRN96dnB +jGridm2/lMwHulDMifQ9mQilN+acnVnomltSeGrmWPd4bjkGS5g8YwDBx00grk5l +SevCRVkmXlqe5xXMKPME4Ncgu0Oxz6VmXGjetmIPHKWz3tr1QHX3fcCFlhg1NxX4 +1OfCLDiQOKYWgm7xIwJSoCdJXWdJkZdYjE7bEFqtuZDJ7TbyUIkeCeneVGXwDAMl +HoL3g8JkR06JWsC7MVUkXomTEPMZr6y5Xgms4ISgR6O4BcQGELTIFgxsBFFQJzfH +49CdJn+3AhjHW5xfhN8r6kEBZIowdbgqajiVcNtw+mc/k+tHmIzudT0SlDJTiC9k +vddPMbf97Na+f7FJNnZfF/+n39o+DZYMNJOXn8Yf7w1myFB4PxS0IiPRtlSquUOm +Qm5YeWWu5cgnxunvERcR5RZlFeM0qKoPoiHolXBagFr1NIa/DLgEgeotp50dK2CO +oeGh3+8vGKsu616CTd9o+EiOn1iVJzdk6AXXn4E4UqgB/YX7swG4VPHwenZwrRwp +pqETgh36XP+uyhiTJ2Dg2gSRPvT9knE3WhaRBVrWvJhbWhWYTpxNF5B/TYt1jUdM +XSfKKP6PWDJGFAmaAm2a6X10yVO4YmjFgJG7cDr21ijaqGL9p4naL4e0qP0BesJU +QwtuOiUzwsBzBBABCgAdFiEES4F5KsjUBBtu1jhSUakLjxrm4nYFAl9Hs+8ACgkQ +UakLjxrm4naExAgAzazmYYBOwXnkIm86V2hwc8nPRpeB+CQFa5v+MQssa0wJX3Cr +LxiLmXeMtlhiXa7Klj8MKEGX9a5ijOQcspvW7ENo0hIfn42yXw+CoETgbS6j9+MV +IZCYcKk7PAaaqT6YwO58n9gm/AqayKmEQGCcdlLZ9cHSMcgOMUitexxMRzLatwmL +aLXJNIh8tn5QHZUkwEVAN+3bD5rztzSAn04UC3ZSGtbT8gbYSt65UNEduKMrtnMf +yEayE8i+aaUGSfrBx1TITLShoXygUqcGyXUKtfh1718am15QadEanNUgtr+DV06q +Zzf6kj/Feqx8XMrD4hlwTdT81YU9dKmAvx2C2c0hRXJpYyBGIENyaXN0IDxmb3J1 +bXNAb3BlbnZwbi5uZXQ+wsB+BBMBAgAoBQJO4mKTAhsvBQkRDRaABgsJCAcDAgYV +CAIJCgsEFgIDAQIeAQIXgAAKCRD4SJ+DnXNn8zFpB/97qkP3O2NwYpDJ1jYK3/vR +w+rq5aH30HjojxYS+jjJoRczZ2q3/vaf+p/CjWoVQ+drkTFNYX8eausPGrQJVYt2 +88rHKR4CPiu5nmUGdKHsUIPVBRYmDLaZlcV/aT6CVjrjmH+WNBQdElj+9yXpLgAY +Hj/ApGdHkLXkDYyR5xbnN172zOwolS6nKotEo38SplGBRssDPeHNXEEP3AqkFhVt +Au5ieQkjKSqVHZ0gJURmEo55fSf368ZF3i/McG2SwH8Cw3+PQZbdHePt5hcwcgLK +QiGXafVbx4+j+GjAQpQ9S7DDNZxFmmIxOAQLWSoi94cvtv2q3YOjm0JbmLXcEG9g +wkYEExECAAYFAk75wHgACgkQwp2X7RmNIqO+RgCgw07/20+3XdA/7oYdqKW3HHH7 +EgEAoJsE7fay3C6aKYKGTNwLdoM7KTxvwl4EEBYIAAYFAlpecQMACgkQG7icBgI2 +dElCagEAzxpt1jcxHYuqZuWYKTbFBksk4boC01HAyEPSXqZ+rmABAPxbc4Eu/80X +bhvqawzJ1C7w1U2zxGZivqjHaV4rk/wJwsFzBBABCgAdFiEEfG3v6kjyjCWrcKGx +lwFqdTs+AQMFAltSusAACgkQlwFqdTs+AQNBAQ//f6SdZwERwmRtuHCSw1p8UmK7 +RBS/KKLFuFe/ar70fmkT6xfao4cIsPESpccbYlKwePclZFq87nm1GUGk6KTSoZ6x +zAww9MPmpqYgDOpLDGj0pXAQTsm+oqpWUSSG3TrEvR7OzaSrHrKia5a0C0FNv7GH +tDjvBM70ZIPcwPZKozAq7HxjJkRlf/zY+DtDeCS0CWVTm5baYQyz84VfG2Z+jG7Q +wrP34JuRU0DMIDpfdSi8Zr0S/JIrw4VM7lpILC2gyWf0vIWtDHrkol2fQ5/VeM++ +iC1AjTpJiBm4zCK1daw2vvEAyrCARDz9fWXSySA7FYX0v2vbV48+OuK7qa9BIgZO +5KJBLvftNOx/lrgdan1/6oWxzcdi7rzQuXaV6HPyC2Tge8kgRA4nyCyQ9/SloNPB +RQf1fu+Z48Hu7nOp0P+onhb5KQGjZ/CRHLuWfz4s7d0QLM/SapgAIvMSq7Fzqa9K +hbiLr6fBglWSnbOV7rangTsgmZHAjT39gHejgF3ZZKofqPdBBRdZeSI28Pr2Cye1 +78ghSps/kRZVFuVgCN5AML8nbO8JRQsIJ4bOwkI00U/E3bh5HiG55jCaIhLbPiva +9smDItaIc77PFU4J2DZs95ZA0Ac3E8CqysL1vKbd+NIisRTjyzst+6NrWbjqjR6t +DoHb3tQeo4UQctX4Qf/NIUVyaWMgQ3Jpc3QgPGVjcmlzdEBjbGFpbWx5bnguY29t +PsLAXwQwAQgACQUCWJkdaQIdAAAKCRD4SJ+DnXNn830OB/9N1o09uyzTh5ax21Hc +6pzvolViVM2O95nYF0HuWnCwoRMH9JjvE6DpkzWNUSG9ru6jhO7x3r82TwdoTTuD +sJzqHBaQNVw8lkrDeICrdkITocUvckZDhWPnrzopyAG/bKpxL/0EkoHuion5B4Md +/+K+FjhKqFWNBLufqD/EojxLbPzVXtj38ipLSaNfJpUSHPtbEh/VBCIZJIBRo0aF +VmMj14D9Fn8A5+uyCch64/GeixIzow1qe9wjcMpOHbILSImHu+fQiO02wt/7v6B7 +u4f3/GHw61EESdMvekH1g6GJe/E/Z7nWWmjNtXWDTWyppIiUvZ7lIrwXjEnduVgC +qagRwsB+BBMBAgAoBQJO4mJvAhsvBQkRDRaABgsJCAcDAgYVCAIJCgsEFgIDAQIe +AQIXgAAKCRD4SJ+DnXNn8y4OCACQAsjX+cdlRbczGJ2NajsREENjM7KMaDxP1tHC +8NwLPK91lnnA3jU3eZ/tm0fMvmEplZ9FLhh2EkYBrtLYvlfDT7FXDdOu12MMvyIu +z4d1DVi4ghs232FV7MXu3ybo0VZD7fvkinvmSe27wwVFAbKcMFPEq33xddSFFmq9 +/WnGesRtrPcXnf4FXx4/HPVh9Z8K4mpEmlnz3McOLuw+m+BvqxHbuzCK7ZZczqq0 +354FJzS+tFvfjs1RS1hVf0Vzwnxx8DfsePgwRbA6t41cTyToZAbdBe/cx6R6mEGa +kPuaSEZ8hNBsaDgOsf3Bjk0RQAddU75u8PfmxK9l0qnAiximwkYEExECAAYFAk75 +wHgACgkQwp2X7RmNIqPP5ACg03Mb5DTngux7VcOPWGeSFsrMEUoAoKao3YS/SNil +MtxWW1pQZKjAoc+qzsBNBE7iW4ABCADRAQwbmbUXhlBbnbIVtphjvrRVeW1YHZMl +T3JDZWJVmcegfOxz2OXuo8s0oCPgsiFF+rZHIUcyoZTYLa7lUHsZugDZwatZL1il +boFyrMqODrbQ1Oq+G/ncdn4zNGKfLBYt/vZZ3OheC/pfS0ymWJEUGlfiP11Ql76R +3WCyjFjk3iSG67uxqbm+vtlkWNTSseR0rsw8h1S2epp4z4WCYtNQMO8+DxIsBEmV +M1vaHPUrZP+57h2Kjk4xSNOwtRG8dfGWmz4RiHk8emIo02jbQTDBZkd9q+y7ewM4 +853KqHDi6fQZ+6sYHfyoml4H1cy9B8FjMvjnHsuZ3F3XZrrh5kvhABEBAAHCwZsE +GAEIACYCGy4WIQRvQFaCEVLwO2sk8vz4SJ+DnXNn8wUCY3zBrAUJGFzNLAEpwF0g +BBkBAgAGBQJO4luAAAoJEHKWQhk5DQ0OTAgIAMF+pA3RAWmSUDOzug9+DS826B3o +YXDh1DwYBQtiotSVzxCSSc5+SeY7R6rN8hx1Tkqq/t2GhFt4RqIDf3IzQQCUKDGJ +e5AfIg8t516W/CD1zh9VJ9yoqn1sBwfpWzfxU2Frg16UcnQyaeO3/laUN6NQQuGu +nqRyEIoST9tDifdFNWyyzeMME7DxS/Gq0PGI755rL4/GfAM1Wy3UaoymG41AjHcA +6mgnHSmt/2D0dVX4ef1kHPGMHp2d8u2SxCrOAqLQmoAc1FR4+6bjS3T9CjSv25uW +qCJhUj+n7Z4Gt0wkhDf7tNVgM24L0n2EZ/uOXJXd3r8d1Sj7apTl/bQ0VvUJEPhI +n4Odc2fzlh4H/ibnPR/R4HolNzH/Wn3l8HqSfjNxF+T726YJ1zQDLj4fHzVAgk12 +P40xV9wq3brDEvM2PJ5pAM1O7ncFFUyApzU9Pv9qgYFHtZL007dgVeJx1m8XShng +2jI+a3MdYIKQUkP1Q5wwxZyl5M9IB44aIfADHasRE3BIfRnLkoK/ARlHUkYARowo +IiKRUTI+FDopoPBqTiKrbvd8tN7lcMYHwc1Dstg2fPe/wFuhqpBwVQuxBfMn7N8D +7Dnx69ztO2CXgSGGCuqzCJWgwTqHZrDn9FAYI/6BTjwaq0LUVGgZirJWDwbo1Cvo +3yP7zsj90p9DjDuAuKxKoZaIC6m3NesSv0vCwYQEGAECAA8FAk7iW4ACGy4FCREN +FoABKQkQ+Eifg51zZ/PAXSAEGQECAAYFAk7iW4AACgkQcpZCGTkNDQ5MCAgAwX6k +DdEBaZJQM7O6D34NLzboHehhcOHUPBgFC2Ki1JXPEJJJzn5J5jtHqs3yHHVOSqr+ +3YaEW3hGogN/cjNBAJQoMYl7kB8iDy3nXpb8IPXOH1Un3KiqfWwHB+lbN/FTYWuD +XpRydDJp47f+VpQ3o1BC4a6epHIQihJP20OJ90U1bLLN4wwTsPFL8arQ8Yjvnmsv +j8Z8AzVbLdRqjKYbjUCMdwDqaCcdKa3/YPR1Vfh5/WQc8YwenZ3y7ZLEKs4CotCa +gBzUVHj7puNLdP0KNK/bm5aoImFSP6ftnga3TCSEN/u01WAzbgvSfYRn+45cld3e +vx3VKPtqlOX9tDRW9SaJB/9eEs3TimOVqysiIqosHaoKaTFsi0qHQ3dVTydLIiqC +1m1+fUfmGhnBLquzslPBnDvbGoRjK0UZrgVcKQe1ZlgBSCMnwclNH7aA+f4pA9LG +vyTxjpwXSXM2Gu3ElpJ6DUHiX9b3yvRo50ztvswzEFFXzLBoDmlgKCBP+arsK6CA +isT2MXEPkRrBKCH2Zg8HcWbAEBJopHXvjQeVkjk60ECxa8mIQx6I6ZCrP8z+0oTH +KklNBhZcphEtRtWXtXrDlSFiwZzZmCOAgRLI+VlfDEvHnVEmSONk24W6Ufl+gA3s +BcmErtE3Qi0PhsVUrlDrI7NRMdsr+y7yq+vIKIGbdsJNzsFNBFiZI+8BEAC36SLj +X2GJ4VxOyqt2nP9MSAz5Gks4nLTbQ3drs9Wo6QZEomqm/3828AwIIr3xdrzrjVse +nMmS9ibLhq2vuVg93rvMTZwdea22NJW68msxGrJ/9DZ4ns2iD8cPytpsL7oM2djS +bXLwlSpicpSBdqk6WjfzY7VW3/1tAccvNSN2vPiMzLev6ZxOE71aSQAy/ZUiM5r8 +1kjneJg1M8dugnp6fKvmA4zh5rg7rdQBogvbmCB+XJ/W4xVEVcGVaiPd7I/KZn+H +CNf0AkoVmDNfkQoEjdJmH3oG5Y51IgxdjJmK8/k5za0dmwKRmK4ydBENjkI5XrTJ +jfI5wxx9ISQmxu/3FNAiTvNZW4BujeleIZrKlK7VV2lXE6Lx0nvbNwVXl4lORarx +OIJvaku5uVnVeAWOT3CenrMs0V6+tyX2JdPD8FrBXXqVbMBg59DB5h3RRdgF6whw +Y93W5tL64/yeUrQJXAkRNiNPbrGg+M16UXx449TmxyZQOhSniJnDD65FJrJDn0B+ +9QF2Bhs6hAYxBZMoL6ZBNULieFsi+UFcYPWnlNAX+/I6WJtNRcbLaZ7f5bX/gOZ4 +zEoAEu9yCd8/qDp3NlRaCAaybXOIzQYxyWZmWUac9uBhDsXM2t6yM153kD9h6kVW +6m2HL1uvphXeCeXqVnLis8Ia2osml4eNelxaRwARAQABwsBlBBgBCAAPBQJYmSPv +AhsMBQkSzqYAAAoJEPhIn4Odc2fz1rYH/367AH5QrQfO/WoIwDu8bZFMFN/kaNSX +wemolYf1MhDGE+/87rWISAECXYBzaFhGHEPrJhmVJbdnQPqKntd9CHcjUaK8oKjT +XMh/6ktCeJNky5+0C5XTQTyeYh0d+m9yXnU6SGdZTGogoYggZ7r2H3XbAPrkW0K0 +Di0bjbPXnoPYSUyzTd9z4SsMHu6R7wZXpxDJ9jKd3nO6VD+UmhWhT2VW9KZdNlca +IYGKsjAJFdVBiXHDlClI4YiF6qQ7Bc+nWK+BhdCqSYH8XRze+n2lahVcYmqHTuB0 +SW2Yx6WeY5QzAyWl651BLdfFk4iBDQy6yoGA5gutXuJCcjp6Y+1eeV4= +=//dg +-----END PGP PUBLIC KEY BLOCK----- diff --git a/easy-rsa.spec b/easy-rsa.spec new file mode 100644 index 0000000..e477865 --- /dev/null +++ b/easy-rsa.spec @@ -0,0 +1,58 @@ +# +# spec file for package easy-rsa +# +# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2015 Stefan Jakobs. +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define pname EasyRSA +Name: easy-rsa +Version: 3.2.1 +Release: 0 +Summary: CLI utility to build and manage a PKI CA +License: GPL-2.0-or-later +URL: https://github.com/OpenVPN/easy-rsa +Source: %{url}/releases/download/v%{version}/%{pname}-%{version}.tgz +Source1: %{url}/releases/download/v%{version}/%{pname}-%{version}.tgz.sig +Source2: https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x6f4056821152f03b6b24f2fcf8489f839d7367f3#/%{name}.keyring +Patch100: suse-packaging.patch +BuildArch: noarch + +%description +easy-rsa is a CLI utility to build and manage a Public Key Infrastructure +(PKI). Once the Certificate Authority (CA) is created, you can request and sign +certificates, including sub-CAs, and create Certificate Revokation Lists (CRL). + +%prep +%autosetup -p1 -n %{pname}-%{version} + +%build + +%install +install -dm0755 %{buildroot}/%{_sysconfdir}/%{name}/ +install -dm0755 %{buildroot}/%{_sysconfdir}/%{name}/x509-types +install -Dm0644 vars.example %{buildroot}/%{_sysconfdir}/%{name}/ +install -Dm0644 openssl-easyrsa.cnf %{buildroot}/%{_sysconfdir}/%{name}/ +install -Dm0644 x509-types/* %{buildroot}/%{_sysconfdir}/%{name}/x509-types/ +install -Dm0755 easyrsa %{buildroot}/%{_bindir}/easyrsa + +%files +%doc ChangeLog README.md README.quickstart.md +%doc doc/* +%license COPYING.md gpl-2.0.txt +%{_bindir}/easyrsa +%config(noreplace) %{_sysconfdir}/%{name} + +%changelog diff --git a/suse-packaging.patch b/suse-packaging.patch new file mode 100644 index 0000000..c1393d6 --- /dev/null +++ b/suse-packaging.patch @@ -0,0 +1,12 @@ +diff -rub EasyRSA-3.2.1/easyrsa EasyRSA-3.2.1-patched/easyrsa +--- EasyRSA-3.2.1/easyrsa 2024-09-13 20:04:18.000000000 +0200 ++++ EasyRSA-3.2.1-patched/easyrsa 2024-11-27 15:30:40.171687859 +0100 +@@ -1510,8 +1510,6 @@ + "$EASYRSA" \ + "$PWD" \ + "${0%/*}" \ +- '/usr/local/share/easy-rsa' \ +- '/usr/share/easy-rsa' \ + '/etc/easy-rsa' \ + # EOL + do