Accepting request 673666 from home:illuusio

- update to 3.0.6 (2019-02-01) * Certifcates that are revoked now move to a revoked subdirectory (#63) * EasyRSA no longer clobbers non-EASYRSA environment variables (#277) * More sane string checking, allowingn for commas in CN (#267) * Support for reasonCode in CRL (#280) * Better handling for capturing passphrases (#230, others) * Improved LibreSSL/MacOS support * Adds support to renew certificates up to 30 days before expiration (#286) - This changes previous behavior allowing for certificate creation using duplicate CNs. - update and rebase suse-packaging.patch OBS-URL: https://build.opensuse.org/request/show/673666 OBS-URL: https://build.opensuse.org/package/show/network:vpn/easy-rsa?expand=0&rev=27
2019-02-12 19:55:41 +00:00 · 2019-02-12 19:55:41 +00:00 · fef3269612
commit fef3269612
parent d9dcf74b8a
7 changed files with 55 additions and 36 deletions
--- a/EasyRSA-nix-3.0.5.tgz
+++ b/EasyRSA-nix-3.0.5.tgz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5ebfe7dfa20008aa15cecb136f2b308f6e23e29f17568969a3ba772aa50bbb37
-size 50270
--- a/EasyRSA-nix-3.0.5.tgz.sig
+++ b/EasyRSA-nix-3.0.5.tgz.sig
--- a/EasyRSA-unix-v3.0.6.tgz
+++ b/EasyRSA-unix-v3.0.6.tgz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:cb29aed2d27824e59dbaad547f11dcab380a53c9fe05681249e804af436f1396
+size 40840
--- a/EasyRSA-unix-v3.0.6.tgz.sig
+++ b/EasyRSA-unix-v3.0.6.tgz.sig
--- a/easy-rsa.changes
+++ b/easy-rsa.changes
@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Tue Feb 12 12:26:17 UTC 2019 - Tuukka Pasanen <tuukka.pasanen@ilmi.fi>
+
+- update to 3.0.6 (2019-02-01)
+  * Certifcates that are revoked now move to a revoked subdirectory (#63)
+  * EasyRSA no longer clobbers non-EASYRSA environment variables (#277)
+  * More sane string checking, allowingn for commas in CN (#267)
+  * Support for reasonCode in CRL (#280)
+  * Better handling for capturing passphrases (#230, others)
+  * Improved LibreSSL/MacOS support
+  * Adds support to renew certificates up to 30 days before expiration (#286)
+    - This changes previous behavior allowing for certificate creation using
+      duplicate CNs.
+- update and rebase suse-packaging.patch
+
 -------------------------------------------------------------------
 Fri Nov 30 11:10:10 UTC 2018 - chris@computersalat.de

--- a/easy-rsa.spec
+++ b/easy-rsa.spec
@ -1,7 +1,7 @@
 #
 # spec file for package easy-rsa
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 # Copyright (c) 2015 Stefan Jakobs.
 #
 # All modifications and additions to the file contributed by third parties
@ -13,21 +13,21 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.

-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #


-%define pname   EasyRSA-nix
+%define pname   EasyRSA-unix

 Name:           easy-rsa
-Version:        3.0.5
+Version:        3.0.6
 Release:        0
 Summary:        CLI utility to build and manage a PKI CA
 License:        GPL-2.0-or-later
 Group:          Productivity/Networking/Security
 Url:            https://github.com/OpenVPN/easy-rsa
-Source:         https://github.com/OpenVPN/%{name}/releases/download/v%{version}/%{pname}-%{version}.tgz
-Source1:        https://github.com/OpenVPN/%{name}/releases/download/v%{version}/%{pname}-%{version}.tgz.sig
+Source:         https://github.com/OpenVPN/%{name}/releases/download/v%{version}/%{pname}-v%{version}.tgz
+Source1:        https://github.com/OpenVPN/%{name}/releases/download/v%{version}/%{pname}-v%{version}.tgz.sig
 # https://github.com/OpenVPN/easy-rsa/tree/master/release-keys
 Source2:        %{name}.keyring
 Patch100:       suse-packaging.patch
@ -41,7 +41,7 @@ certificates, including sub-CAs, and create Certificate Revokation Lists (CRL).

 %prep
 #setup -q -n %{pname}-%{version}
-%setup -q -n EasyRSA-%{version}
+%setup -q -n EasyRSA-v%{version}
 %patch100

 %build
--- a/suse-packaging.patch
+++ b/suse-packaging.patch
@ -1,24 +1,26 @@
--- easyrsa.orig	2018-09-15 06:21:19.000000000 +0200
-+++ easyrsa	2018-12-03 23:38:04.420888219 +0100
-@@ -315,7 +315,7 @@
- EASYRSA_PKI env-var undefined"
+diff --git a/easyrsa b/easyrsa
+index e019982..635a2b9 100755
+--- easyrsa
+++ easyrsa
+@@ -376,7 +376,7 @@ $out"
 
+ verify_ssl_lib () {
 	# make safessl-easyrsa.cnf
 -	make_ssl_config
 +	[ "$1" == "no_safe_ssl_config" ] || make_ssl_config
 
 	# Verify EASYRSA_OPENSSL command gives expected output
 	if [ -z "$EASYRSA_SSL_OK" ]; then
-@@ -415,7 +415,7 @@
+@@ -403,7 +403,7 @@ verify_pki_init() {
+ 	help_note="Run easyrsa without commands for usage and command help."
 
- # init-pki backend:
- init_pki() {
+ 	# check that the pki dir exists
 -	vars_source_check
 +	vars_source_check no_safe_ssl_config
- 
- 	# If EASYRSA_PKI exists, confirm before we rm -rf (skiped with EASYRSA_BATCH)
- 	if [ -e "$EASYRSA_PKI" ]; then
-@@ -1124,7 +1124,7 @@
+ 	[ -d "$EASYRSA_PKI" ] || die "\
+ EASYRSA_PKI does not exist (perhaps you need to run init-pki)?
+ Expected to find the EASYRSA_PKI at: $EASYRSA_PKI
+@@ -1452,7 +1452,7 @@ vars_setup() {
 	vars=
 
 	# set up program path
@ -27,7 +29,7 @@
 	# set up PKI path
 	pki_vars="${EASYRSA_PKI:-$PWD/pki}/vars"
 
-@@ -1154,7 +1154,7 @@
+@@ -1482,7 +1482,7 @@ Note: using Easy-RSA configuration from: $vars"
 	fi
 	
 	# Set defaults, preferring existing env-vars if present
@ -36,22 +38,24 @@
 	set_var EASYRSA_OPENSSL	openssl
 	set_var EASYRSA_PKI	"$PWD/pki"
 	set_var EASYRSA_DN	cn_only
-@@ -1185,7 +1185,11 @@
- 		set_var EASYRSA_SSL_CONF	"$EASYRSA_PKI/openssl-easyrsa.cnf"
- 		set_var EASYRSA_SAFE_CONF	"$EASYRSA_PKI/safessl-easyrsa.cnf"
- 	else	set_var EASYRSA_SSL_CONF	"$EASYRSA/openssl-easyrsa.cnf"
-		set_var EASYRSA_SAFE_CONF	"$EASYRSA/safessl-easyrsa.cnf"
-+		if touch "$EASYRSA/safessl-easyrsa.cnf" &>/dev/null; then
-+			set_var EASYRSA_SAFE_CONF	"$EASYRSA/safessl-easyrsa.cnf"
-+		else
-+			set_var EASYRSA_SAFE_CONF	"$EASYRSA_PKI/safessl-easyrsa.cnf"
-+		fi
- 	fi
+@@ -1510,7 +1510,11 @@ Note: using Easy-RSA configuration from: $vars"
+ 	set_var EASYRSA_DIGEST		sha256
+ 
+ 	set_var EASYRSA_SSL_CONF	"$EASYRSA_PKI/openssl-easyrsa.cnf"
+-	set_var EASYRSA_SAFE_CONF	"$EASYRSA_PKI/safessl-easyrsa.cnf"
+        if touch "$EASYRSA/safessl-easyrsa.cnf" &>/dev/null; then
+                set_var EASYRSA_SAFE_CONF       "$EASYRSA/safessl-easyrsa.cnf"
+        else
+                set_var EASYRSA_SAFE_CONF       "$EASYRSA_PKI/safessl-easyrsa.cnf"
+        fi
 
 	# Same as above for the x509-types extensions dir
--- vars.example.orig	2018-12-03 23:06:35.863084842 +0100
-+++ vars.example	2018-12-03 23:07:12.538808022 +0100
-@@ -47,7 +47,7 @@
+ 	if [ -d "$EASYRSA_PKI/x509-types" ]; then
+diff --git a/vars.example b/vars.example
+index f03ea6e..2e1d781 100644
+--- vars.example
+++ vars.example
+@@ -47,7 +47,7 @@ fi
 # itself, which is also where the configuration files are located in the
 # easy-rsa tree.