Accepting request 673666 from home:illuusio

- update to 3.0.6 (2019-02-01)
  * Certifcates that are revoked now move to a revoked subdirectory (#63)
  * EasyRSA no longer clobbers non-EASYRSA environment variables (#277)
  * More sane string checking, allowingn for commas in CN (#267)
  * Support for reasonCode in CRL (#280)
  * Better handling for capturing passphrases (#230, others)
  * Improved LibreSSL/MacOS support
  * Adds support to renew certificates up to 30 days before expiration (#286)
    - This changes previous behavior allowing for certificate creation using
      duplicate CNs.
- update and rebase suse-packaging.patch

OBS-URL: https://build.opensuse.org/request/show/673666
OBS-URL: https://build.opensuse.org/package/show/network:vpn/easy-rsa?expand=0&rev=27
This commit is contained in:
Olav Reinert 2019-02-12 19:55:41 +00:00 committed by Git OBS Bridge
parent d9dcf74b8a
commit fef3269612
7 changed files with 55 additions and 36 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5ebfe7dfa20008aa15cecb136f2b308f6e23e29f17568969a3ba772aa50bbb37
size 50270

Binary file not shown.

3
EasyRSA-unix-v3.0.6.tgz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:cb29aed2d27824e59dbaad547f11dcab380a53c9fe05681249e804af436f1396
size 40840

BIN
EasyRSA-unix-v3.0.6.tgz.sig Normal file

Binary file not shown.

View File

@ -1,3 +1,18 @@
-------------------------------------------------------------------
Tue Feb 12 12:26:17 UTC 2019 - Tuukka Pasanen <tuukka.pasanen@ilmi.fi>
- update to 3.0.6 (2019-02-01)
* Certifcates that are revoked now move to a revoked subdirectory (#63)
* EasyRSA no longer clobbers non-EASYRSA environment variables (#277)
* More sane string checking, allowingn for commas in CN (#267)
* Support for reasonCode in CRL (#280)
* Better handling for capturing passphrases (#230, others)
* Improved LibreSSL/MacOS support
* Adds support to renew certificates up to 30 days before expiration (#286)
- This changes previous behavior allowing for certificate creation using
duplicate CNs.
- update and rebase suse-packaging.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Nov 30 11:10:10 UTC 2018 - chris@computersalat.de Fri Nov 30 11:10:10 UTC 2018 - chris@computersalat.de

View File

@ -1,7 +1,7 @@
# #
# spec file for package easy-rsa # spec file for package easy-rsa
# #
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2015 Stefan Jakobs. # Copyright (c) 2015 Stefan Jakobs.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
@ -13,21 +13,21 @@
# license that conforms to the Open Source Definition (Version 1.9) # license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative. # published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/ # Please submit bugfixes or comments via https://bugs.opensuse.org/
# #
%define pname EasyRSA-nix %define pname EasyRSA-unix
Name: easy-rsa Name: easy-rsa
Version: 3.0.5 Version: 3.0.6
Release: 0 Release: 0
Summary: CLI utility to build and manage a PKI CA Summary: CLI utility to build and manage a PKI CA
License: GPL-2.0-or-later License: GPL-2.0-or-later
Group: Productivity/Networking/Security Group: Productivity/Networking/Security
Url: https://github.com/OpenVPN/easy-rsa Url: https://github.com/OpenVPN/easy-rsa
Source: https://github.com/OpenVPN/%{name}/releases/download/v%{version}/%{pname}-%{version}.tgz Source: https://github.com/OpenVPN/%{name}/releases/download/v%{version}/%{pname}-v%{version}.tgz
Source1: https://github.com/OpenVPN/%{name}/releases/download/v%{version}/%{pname}-%{version}.tgz.sig Source1: https://github.com/OpenVPN/%{name}/releases/download/v%{version}/%{pname}-v%{version}.tgz.sig
# https://github.com/OpenVPN/easy-rsa/tree/master/release-keys # https://github.com/OpenVPN/easy-rsa/tree/master/release-keys
Source2: %{name}.keyring Source2: %{name}.keyring
Patch100: suse-packaging.patch Patch100: suse-packaging.patch
@ -41,7 +41,7 @@ certificates, including sub-CAs, and create Certificate Revokation Lists (CRL).
%prep %prep
#setup -q -n %{pname}-%{version} #setup -q -n %{pname}-%{version}
%setup -q -n EasyRSA-%{version} %setup -q -n EasyRSA-v%{version}
%patch100 %patch100
%build %build

View File

@ -1,24 +1,26 @@
--- easyrsa.orig 2018-09-15 06:21:19.000000000 +0200 diff --git a/easyrsa b/easyrsa
+++ easyrsa 2018-12-03 23:38:04.420888219 +0100 index e019982..635a2b9 100755
@@ -315,7 +315,7 @@ --- easyrsa
EASYRSA_PKI env-var undefined" +++ easyrsa
@@ -376,7 +376,7 @@ $out"
verify_ssl_lib () {
# make safessl-easyrsa.cnf # make safessl-easyrsa.cnf
- make_ssl_config - make_ssl_config
+ [ "$1" == "no_safe_ssl_config" ] || make_ssl_config + [ "$1" == "no_safe_ssl_config" ] || make_ssl_config
# Verify EASYRSA_OPENSSL command gives expected output # Verify EASYRSA_OPENSSL command gives expected output
if [ -z "$EASYRSA_SSL_OK" ]; then if [ -z "$EASYRSA_SSL_OK" ]; then
@@ -415,7 +415,7 @@ @@ -403,7 +403,7 @@ verify_pki_init() {
help_note="Run easyrsa without commands for usage and command help."
# init-pki backend: # check that the pki dir exists
init_pki() {
- vars_source_check - vars_source_check
+ vars_source_check no_safe_ssl_config + vars_source_check no_safe_ssl_config
[ -d "$EASYRSA_PKI" ] || die "\
# If EASYRSA_PKI exists, confirm before we rm -rf (skiped with EASYRSA_BATCH) EASYRSA_PKI does not exist (perhaps you need to run init-pki)?
if [ -e "$EASYRSA_PKI" ]; then Expected to find the EASYRSA_PKI at: $EASYRSA_PKI
@@ -1124,7 +1124,7 @@ @@ -1452,7 +1452,7 @@ vars_setup() {
vars= vars=
# set up program path # set up program path
@ -27,7 +29,7 @@
# set up PKI path # set up PKI path
pki_vars="${EASYRSA_PKI:-$PWD/pki}/vars" pki_vars="${EASYRSA_PKI:-$PWD/pki}/vars"
@@ -1154,7 +1154,7 @@ @@ -1482,7 +1482,7 @@ Note: using Easy-RSA configuration from: $vars"
fi fi
# Set defaults, preferring existing env-vars if present # Set defaults, preferring existing env-vars if present
@ -36,22 +38,24 @@
set_var EASYRSA_OPENSSL openssl set_var EASYRSA_OPENSSL openssl
set_var EASYRSA_PKI "$PWD/pki" set_var EASYRSA_PKI "$PWD/pki"
set_var EASYRSA_DN cn_only set_var EASYRSA_DN cn_only
@@ -1185,7 +1185,11 @@ @@ -1510,7 +1510,11 @@ Note: using Easy-RSA configuration from: $vars"
set_var EASYRSA_DIGEST sha256
set_var EASYRSA_SSL_CONF "$EASYRSA_PKI/openssl-easyrsa.cnf" set_var EASYRSA_SSL_CONF "$EASYRSA_PKI/openssl-easyrsa.cnf"
set_var EASYRSA_SAFE_CONF "$EASYRSA_PKI/safessl-easyrsa.cnf" - set_var EASYRSA_SAFE_CONF "$EASYRSA_PKI/safessl-easyrsa.cnf"
else set_var EASYRSA_SSL_CONF "$EASYRSA/openssl-easyrsa.cnf"
- set_var EASYRSA_SAFE_CONF "$EASYRSA/safessl-easyrsa.cnf"
+ if touch "$EASYRSA/safessl-easyrsa.cnf" &>/dev/null; then + if touch "$EASYRSA/safessl-easyrsa.cnf" &>/dev/null; then
+ set_var EASYRSA_SAFE_CONF "$EASYRSA/safessl-easyrsa.cnf" + set_var EASYRSA_SAFE_CONF "$EASYRSA/safessl-easyrsa.cnf"
+ else + else
+ set_var EASYRSA_SAFE_CONF "$EASYRSA_PKI/safessl-easyrsa.cnf" + set_var EASYRSA_SAFE_CONF "$EASYRSA_PKI/safessl-easyrsa.cnf"
+ fi + fi
fi
# Same as above for the x509-types extensions dir # Same as above for the x509-types extensions dir
--- vars.example.orig 2018-12-03 23:06:35.863084842 +0100 if [ -d "$EASYRSA_PKI/x509-types" ]; then
+++ vars.example 2018-12-03 23:07:12.538808022 +0100 diff --git a/vars.example b/vars.example
@@ -47,7 +47,7 @@ index f03ea6e..2e1d781 100644
--- vars.example
+++ vars.example
@@ -47,7 +47,7 @@ fi
# itself, which is also where the configuration files are located in the # itself, which is also where the configuration files are located in the
# easy-rsa tree. # easy-rsa tree.