df20d8b393
- update to 3.2.1:
* inline: Add decimal value for cert. serial
* Always exit with error for unknown command options
* ntegrate Easy-RSA TLS-Key for use with 'init-pki soft'
* easyrsa-tools.lib, show-expire: Add CA certificate to report
* inline: OpenVPN TLS Keys inlining for TLS-AUTH, TLS-CRYPT-V1
* easyrsa-tools.lib: OpenVPN TLS Key gen. TLS-AUTH, TLS-CRYPT-V1
* easyrsa-tools.lib: expire_status_v2() (show-expire version 2)
* sign-req: Require 128bit serial number
* Move command 'verify-cert' to Tools-lib; drop 'verify' shortcut
* Windows secure_session(): Ensure $secured_session dir is created
* Switch to '-f' for file existence
* inline: Move auto-inline from build_full() to sign_req()
* gen-crl: Create additional CRL in DER format
* self-sign: Allow Edwards Curve based keys
* Re-enable command 'renew' (version 2): Requires EasyRSA Tools
* bug-fix: revoke: Pass the correct certificate location
* vars.example: Add flags for auto-SAN and X509 critical attribute
* Global option --eku-crit: Mark X509 extendedKeyUsage as critical
* sign-req: Add critical and pathlen details to confirmation
* export-p12: Automatically generate inline file
* Introduce global option --auto-san, use commonName as SAN
* Introduce global option --san-crit, mark SAN critical
* Introduce new global options: --ku-crit and --bc-crit
* gen-req: Always check for existing request file
* revoke/revoke-expired/-renewed: Keep duplicate certificate
* revoke-expired/-renewed: Keep req/key files for resigning
* revoke: Add abbreviations for optional 'reason'
* build-ca: Allow use of --req-cn without batch mode
* gen-req: Re-enable use of --req-cn
* write: Change syntax, target as file, not directory
- update to 3.2.0:
* Revert ca76697: Restore escape_hazard()
* New X509 Type: 'selfsign' Internal only
* New commands: self-sign-server and self-sign-client
* build-ca: Command 'req', remove SSL option '-keyout'
* Remove escape_hazard(), obsolete
* Remove command and function display_cn(), unused
* docs: Update EasyRSA-Renew-and-Revoke.md
* Remove all 'renew' code; replaced by 'expire' code
* Introduce commands: 'expire' and 'revoke-expired'
* Keep request files [CSR] when revoking certificates
* Restrict use of --req-cn to build-ca
* Remove command 'display-san' (Code removed in 5a06f94)
* Move Status Reports to 'easyrsa-tools.lib'
* export-p12, OpenSSL v1.x: Upgrade PBE and MAC options
* LibreSSL: Add fix for missing 'x509' option '-ext'
* Variable heredoc expansion for SSL/Safe Config file
* Always use here-doc version of openssl-easyrsa.cnf
* export-p12: New command option 'legacy'. OpenSSL V3 Only
* export-p12: Always set 'friendlyName' to file-name-base
* As of Easy-RSA version 3.2.0-beta1, the configuration files
vars.example, openssl-eayrsa.cnf and all files in x509-types directory
are no longer required
* Rename X509-type file code-signing to codeSigning
* init-pki: Always write vars.example file to fresh PKI
* New command 'write': Write 'legacy' files to stdout or files
* Remove command 'make-safe-ssl': Replaced by command 'write safe-cnf'
* New Command 'rand': Expose easyrsa_random() to the command line
* Remove function 'set_pass_legacy()'
* Remove command 'rewind-renew'
* Remove command 'rebuild'
* Remove command 'upgrade'
* Remove EASYRSA_NO_VARS; Allow graceful use without a vars file
* New diagnostic command 'display-cn'
* Expand renewable certificate types to include code-signing
- attach a source to keyring
OBS-URL: https://build.opensuse.org/request/show/1227414
OBS-URL: https://build.opensuse.org/package/show/network:vpn/easy-rsa?expand=0&rev=46
59 lines
2.1 KiB
RPMSpec
59 lines
2.1 KiB
RPMSpec
#
|
|
# spec file for package easy-rsa
|
|
#
|
|
# Copyright (c) 2024 SUSE LLC
|
|
# Copyright (c) 2015 Stefan Jakobs.
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
|
#
|
|
|
|
|
|
%define pname EasyRSA
|
|
Name: easy-rsa
|
|
Version: 3.2.1
|
|
Release: 0
|
|
Summary: CLI utility to build and manage a PKI CA
|
|
License: GPL-2.0-or-later
|
|
URL: https://github.com/OpenVPN/easy-rsa
|
|
Source: %{url}/releases/download/v%{version}/%{pname}-%{version}.tgz
|
|
Source1: %{url}/releases/download/v%{version}/%{pname}-%{version}.tgz.sig
|
|
Source2: https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x6f4056821152f03b6b24f2fcf8489f839d7367f3#/%{name}.keyring
|
|
Patch100: suse-packaging.patch
|
|
BuildArch: noarch
|
|
|
|
%description
|
|
easy-rsa is a CLI utility to build and manage a Public Key Infrastructure
|
|
(PKI). Once the Certificate Authority (CA) is created, you can request and sign
|
|
certificates, including sub-CAs, and create Certificate Revokation Lists (CRL).
|
|
|
|
%prep
|
|
%autosetup -p1 -n %{pname}-%{version}
|
|
|
|
%build
|
|
|
|
%install
|
|
install -dm0755 %{buildroot}/%{_sysconfdir}/%{name}/
|
|
install -dm0755 %{buildroot}/%{_sysconfdir}/%{name}/x509-types
|
|
install -Dm0644 vars.example %{buildroot}/%{_sysconfdir}/%{name}/
|
|
install -Dm0644 openssl-easyrsa.cnf %{buildroot}/%{_sysconfdir}/%{name}/
|
|
install -Dm0644 x509-types/* %{buildroot}/%{_sysconfdir}/%{name}/x509-types/
|
|
install -Dm0755 easyrsa %{buildroot}/%{_bindir}/easyrsa
|
|
|
|
%files
|
|
%doc ChangeLog README.md README.quickstart.md
|
|
%doc doc/*
|
|
%license COPYING.md gpl-2.0.txt
|
|
%{_bindir}/easyrsa
|
|
%config(noreplace) %{_sysconfdir}/%{name}
|
|
|
|
%changelog
|