Accepting request 673666 from home:illuusio

- update to 3.0.6 (2019-02-01)
  * Certifcates that are revoked now move to a revoked subdirectory (#63)
  * EasyRSA no longer clobbers non-EASYRSA environment variables (#277)
  * More sane string checking, allowingn for commas in CN (#267)
  * Support for reasonCode in CRL (#280)
  * Better handling for capturing passphrases (#230, others)
  * Improved LibreSSL/MacOS support
  * Adds support to renew certificates up to 30 days before expiration (#286)
    - This changes previous behavior allowing for certificate creation using
      duplicate CNs.
- update and rebase suse-packaging.patch

OBS-URL: https://build.opensuse.org/request/show/673666
OBS-URL: https://build.opensuse.org/package/show/network:vpn/easy-rsa?expand=0&rev=27

EasyRSA-nix-3.0.5.tgz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5ebfe7dfa20008aa15cecb136f2b308f6e23e29f17568969a3ba772aa50bbb37
-size 50270

EasyRSA-unix-v3.0.6.tgz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:cb29aed2d27824e59dbaad547f11dcab380a53c9fe05681249e804af436f1396
+size 40840

easy-rsa.changes

@@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Tue Feb 12 12:26:17 UTC 2019 - Tuukka Pasanen <tuukka.pasanen@ilmi.fi>
+
+- update to 3.0.6 (2019-02-01)
+  * Certifcates that are revoked now move to a revoked subdirectory (#63)
+  * EasyRSA no longer clobbers non-EASYRSA environment variables (#277)
+  * More sane string checking, allowingn for commas in CN (#267)
+  * Support for reasonCode in CRL (#280)
+  * Better handling for capturing passphrases (#230, others)
+  * Improved LibreSSL/MacOS support
+  * Adds support to renew certificates up to 30 days before expiration (#286)
+    - This changes previous behavior allowing for certificate creation using
+      duplicate CNs.
+- update and rebase suse-packaging.patch
+
 -------------------------------------------------------------------
 Fri Nov 30 11:10:10 UTC 2018 - chris@computersalat.de
 

easy-rsa.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package easy-rsa
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 # Copyright (c) 2015 Stefan Jakobs.
 #
 # All modifications and additions to the file contributed by third parties
@@ -13,21 +13,21 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
-%define pname   EasyRSA-nix
+%define pname   EasyRSA-unix
 
 Name:           easy-rsa
-Version:        3.0.5
+Version:        3.0.6
 Release:        0
 Summary:        CLI utility to build and manage a PKI CA
 License:        GPL-2.0-or-later
 Group:          Productivity/Networking/Security
 Url:            https://github.com/OpenVPN/easy-rsa
-Source:         https://github.com/OpenVPN/%{name}/releases/download/v%{version}/%{pname}-%{version}.tgz
+Source:         https://github.com/OpenVPN/%{name}/releases/download/v%{version}/%{pname}-v%{version}.tgz
-Source1:        https://github.com/OpenVPN/%{name}/releases/download/v%{version}/%{pname}-%{version}.tgz.sig
+Source1:        https://github.com/OpenVPN/%{name}/releases/download/v%{version}/%{pname}-v%{version}.tgz.sig
 # https://github.com/OpenVPN/easy-rsa/tree/master/release-keys
 Source2:        %{name}.keyring
 Patch100:       suse-packaging.patch
@@ -41,7 +41,7 @@ certificates, including sub-CAs, and create Certificate Revokation Lists (CRL).
 
 %prep
 #setup -q -n %{pname}-%{version}
-%setup -q -n EasyRSA-%{version}
+%setup -q -n EasyRSA-v%{version}
 %patch100
 
 %build

suse-packaging.patch

@@ -1,24 +1,26 @@
---- easyrsa.orig	2018-09-15 06:21:19.000000000 +0200
+diff --git a/easyrsa b/easyrsa
-+++ easyrsa	2018-12-03 23:38:04.420888219 +0100
+index e019982..635a2b9 100755
-@@ -315,7 +315,7 @@
+--- easyrsa
- EASYRSA_PKI env-var undefined"
++++ easyrsa
+@@ -376,7 +376,7 @@ $out"
  
+ verify_ssl_lib () {
  	# make safessl-easyrsa.cnf
 -	make_ssl_config
 +	[ "$1" == "no_safe_ssl_config" ] || make_ssl_config
  
  	# Verify EASYRSA_OPENSSL command gives expected output
  	if [ -z "$EASYRSA_SSL_OK" ]; then
-@@ -415,7 +415,7 @@
+@@ -403,7 +403,7 @@ verify_pki_init() {
+ 	help_note="Run easyrsa without commands for usage and command help."
  
- # init-pki backend:
+ 	# check that the pki dir exists
- init_pki() {
 -	vars_source_check
 +	vars_source_check no_safe_ssl_config
- 
+ 	[ -d "$EASYRSA_PKI" ] || die "\
- 	# If EASYRSA_PKI exists, confirm before we rm -rf (skiped with EASYRSA_BATCH)
+ EASYRSA_PKI does not exist (perhaps you need to run init-pki)?
- 	if [ -e "$EASYRSA_PKI" ]; then
+ Expected to find the EASYRSA_PKI at: $EASYRSA_PKI
-@@ -1124,7 +1124,7 @@
+@@ -1452,7 +1452,7 @@ vars_setup() {
  	vars=
  
  	# set up program path
@@ -27,7 +29,7 @@
  	# set up PKI path
  	pki_vars="${EASYRSA_PKI:-$PWD/pki}/vars"
  
-@@ -1154,7 +1154,7 @@
+@@ -1482,7 +1482,7 @@ Note: using Easy-RSA configuration from: $vars"
  	fi
  	
  	# Set defaults, preferring existing env-vars if present
@@ -36,22 +38,24 @@
  	set_var EASYRSA_OPENSSL	openssl
  	set_var EASYRSA_PKI	"$PWD/pki"
  	set_var EASYRSA_DN	cn_only
-@@ -1185,7 +1185,11 @@
+@@ -1510,7 +1510,11 @@ Note: using Easy-RSA configuration from: $vars"
- 		set_var EASYRSA_SSL_CONF	"$EASYRSA_PKI/openssl-easyrsa.cnf"
+ 	set_var EASYRSA_DIGEST		sha256
- 		set_var EASYRSA_SAFE_CONF	"$EASYRSA_PKI/safessl-easyrsa.cnf"
+ 
- 	else	set_var EASYRSA_SSL_CONF	"$EASYRSA/openssl-easyrsa.cnf"
+ 	set_var EASYRSA_SSL_CONF	"$EASYRSA_PKI/openssl-easyrsa.cnf"
--		set_var EASYRSA_SAFE_CONF	"$EASYRSA/safessl-easyrsa.cnf"
+-	set_var EASYRSA_SAFE_CONF	"$EASYRSA_PKI/safessl-easyrsa.cnf"
-+		if touch "$EASYRSA/safessl-easyrsa.cnf" &>/dev/null; then
++        if touch "$EASYRSA/safessl-easyrsa.cnf" &>/dev/null; then
-+			set_var EASYRSA_SAFE_CONF	"$EASYRSA/safessl-easyrsa.cnf"
++                set_var EASYRSA_SAFE_CONF       "$EASYRSA/safessl-easyrsa.cnf"
-+		else
++        else
-+			set_var EASYRSA_SAFE_CONF	"$EASYRSA_PKI/safessl-easyrsa.cnf"
++                set_var EASYRSA_SAFE_CONF       "$EASYRSA_PKI/safessl-easyrsa.cnf"
-+		fi
++        fi
- 	fi
  
  	# Same as above for the x509-types extensions dir
---- vars.example.orig	2018-12-03 23:06:35.863084842 +0100
+ 	if [ -d "$EASYRSA_PKI/x509-types" ]; then
-+++ vars.example	2018-12-03 23:07:12.538808022 +0100
+diff --git a/vars.example b/vars.example
-@@ -47,7 +47,7 @@
+index f03ea6e..2e1d781 100644
+--- vars.example
++++ vars.example
+@@ -47,7 +47,7 @@ fi
  # itself, which is also where the configuration files are located in the
  # easy-rsa tree.