Accepting request 653612 from network:vpn

- update to 3.0.5 * Fix #17 & #58: use AES256 for CA key * Also, don't use read -s, use stty -echo * Fix broken "nopass" option * Add -r to read to stop errors reported by shellcheck (and to behave) * remove overzealous quotes around $pkcs_opts (more SC errors) - update and rebase suse-packaging.patch * fix: set_var EASYRSA in vars.example - fix License OBS-URL: https://build.opensuse.org/request/show/653612 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/easy-rsa?expand=0&rev=9
2018-12-04 19:55:45 +00:00 · 2018-12-04 19:55:45 +00:00 · 6ce1218c98
commit 6ce1218c98
parent f73635cbd8 d9dcf74b8a
7 changed files with 98 additions and 51 deletions
--- a/EasyRSA-3.0.4.tgz
+++ b/EasyRSA-3.0.4.tgz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:472167f976c6cb7c860cec6150a5616e163ae20365c81f179811d6ee0779ec5a
-size 37721
--- a/EasyRSA-3.0.4.tgz.sig
+++ b/EasyRSA-3.0.4.tgz.sig
--- a/EasyRSA-nix-3.0.5.tgz
+++ b/EasyRSA-nix-3.0.5.tgz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5ebfe7dfa20008aa15cecb136f2b308f6e23e29f17568969a3ba772aa50bbb37
+size 50270
--- a/EasyRSA-nix-3.0.5.tgz.sig
+++ b/EasyRSA-nix-3.0.5.tgz.sig
--- a/easy-rsa.changes
+++ b/easy-rsa.changes
@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Fri Nov 30 11:10:10 UTC 2018 - chris@computersalat.de
+
+- update to 3.0.5
+  * Fix #17 & #58: use AES256 for CA key
+  * Also, don't use read -s, use stty -echo
+  * Fix broken "nopass" option
+  * Add -r to read to stop errors reported by shellcheck (and to behave)
+  * remove overzealous quotes around $pkcs_opts (more SC errors)
+- update and rebase suse-packaging.patch
+  * fix: set_var EASYRSA in vars.example
+- fix License
+
 -------------------------------------------------------------------
 Sun Jan 28 19:05:46 UTC 2018 - seroton10@gmail.com

--- a/easy-rsa.spec
+++ b/easy-rsa.spec
@ -17,15 +17,17 @@
 #


+%define pname   EasyRSA-nix
+
 Name:           easy-rsa
-Version:        3.0.4
+Version:        3.0.5
 Release:        0
 Summary:        CLI utility to build and manage a PKI CA
-License:        GPL-2.0
+License:        GPL-2.0-or-later
 Group:          Productivity/Networking/Security
 Url:            https://github.com/OpenVPN/easy-rsa
-Source:         https://github.com/OpenVPN/easy-rsa/releases/download/v%{version}/EasyRSA-%{version}.tgz
-Source1:        https://github.com/OpenVPN/easy-rsa/releases/download/v%{version}/EasyRSA-%{version}.tgz.sig
+Source:         https://github.com/OpenVPN/%{name}/releases/download/v%{version}/%{pname}-%{version}.tgz
+Source1:        https://github.com/OpenVPN/%{name}/releases/download/v%{version}/%{pname}-%{version}.tgz.sig
 # https://github.com/OpenVPN/easy-rsa/tree/master/release-keys
 Source2:        %{name}.keyring
 Patch100:       suse-packaging.patch
@ -38,24 +40,30 @@ easy-rsa is a CLI utility to build and manage a Public Key Infrastructure
 certificates, including sub-CAs, and create Certificate Revokation Lists (CRL).

 %prep
+#setup -q -n %{pname}-%{version}
 %setup -q -n EasyRSA-%{version}
-%patch100 -p1
+%patch100

 %build

 %install
-install -dm0755 %{buildroot}/%{_sysconfdir}/easy-rsa/
-install -dm0755 %{buildroot}/%{_sysconfdir}/easy-rsa/x509-types
-install -Dm0644 vars.example %{buildroot}/%{_sysconfdir}/easy-rsa/
-install -Dm0644 openssl-easyrsa.cnf %{buildroot}/%{_sysconfdir}/easy-rsa/
-install -Dm0644 x509-types/* %{buildroot}/%{_sysconfdir}/easy-rsa/x509-types/
+install -dm0755 %{buildroot}/%{_sysconfdir}/%{name}/
+install -dm0755 %{buildroot}/%{_sysconfdir}/%{name}/x509-types
+install -Dm0644 vars.example %{buildroot}/%{_sysconfdir}/%{name}/
+install -Dm0644 openssl-easyrsa.cnf %{buildroot}/%{_sysconfdir}/%{name}/
+install -Dm0644 x509-types/* %{buildroot}/%{_sysconfdir}/%{name}/x509-types/
 install -Dm0755 easyrsa %{buildroot}/%{_bindir}/easyrsa

 %files
 %defattr(-,root,root)
-%doc gpl-2.0.txt README.quickstart.md COPYING.md
+%doc ChangeLog README.md README.quickstart.md
 %doc doc/*
+%if 0%{?sle_version} == 11 || 0%{?sle_version} <= 120400
+%doc COPYING.md gpl-2.0.txt
+%else
+%license COPYING.md gpl-2.0.txt
+%endif
 %{_bindir}/easyrsa
-%config(noreplace) %{_sysconfdir}/easy-rsa
+%config(noreplace) %{_sysconfdir}/%{name}

 %changelog
--- a/suse-packaging.patch
+++ b/suse-packaging.patch
@ -1,36 +1,62 @@
-*** easyrsa3/easyrsa.orig	2017-07-18 23:46:26.431057777 +0200
--- easyrsa3/easyrsa	2017-07-19 05:24:59.583924924 +0200
-***************
-*** 1014,1020 ****
-  	vars=
-  
-  	# set up program path
-! 	prog_vars="${0%/*}/vars"
-  	# set up PKI path
-  	pki_vars="${EASYRSA_PKI:-$PWD/pki}/vars"
-  
--- 1014,1020 ----
-  	vars=
-  
-  	# set up program path
-! 	prog_vars="/etc/easy-rsa/vars"
-  	# set up PKI path
-  	pki_vars="${EASYRSA_PKI:-$PWD/pki}/vars"
-  
-***************
-*** 1041,1047 ****
-  	fi
-  	
-  	# Set defaults, preferring existing env-vars if present
-! 	set_var EASYRSA		"${0%/*}"
-  	set_var EASYRSA_OPENSSL	openssl
-  	set_var EASYRSA_PKI	"$PWD/pki"
-  	set_var EASYRSA_DN	cn_only
--- 1041,1047 ----
-  	fi
-  	
-  	# Set defaults, preferring existing env-vars if present
-! 	set_var EASYRSA		"/etc/easy-rsa"
-  	set_var EASYRSA_OPENSSL	openssl
-  	set_var EASYRSA_PKI	"$PWD/pki"
-  	set_var EASYRSA_DN	cn_only
+--- easyrsa.orig	2018-09-15 06:21:19.000000000 +0200
+++ easyrsa	2018-12-03 23:38:04.420888219 +0100
+@@ -315,7 +315,7 @@
+ EASYRSA_PKI env-var undefined"
+ 
+ 	# make safessl-easyrsa.cnf
+-	make_ssl_config
+	[ "$1" == "no_safe_ssl_config" ] || make_ssl_config
+ 
+ 	# Verify EASYRSA_OPENSSL command gives expected output
+ 	if [ -z "$EASYRSA_SSL_OK" ]; then
+@@ -415,7 +415,7 @@
+ 
+ # init-pki backend:
+ init_pki() {
+-	vars_source_check
+	vars_source_check no_safe_ssl_config
+ 
+ 	# If EASYRSA_PKI exists, confirm before we rm -rf (skiped with EASYRSA_BATCH)
+ 	if [ -e "$EASYRSA_PKI" ]; then
+@@ -1124,7 +1124,7 @@
+ 	vars=
+ 
+ 	# set up program path
+-	prog_vars="${0%/*}/vars"
+	prog_vars="/etc/easy-rsa/vars"
+ 	# set up PKI path
+ 	pki_vars="${EASYRSA_PKI:-$PWD/pki}/vars"
+ 
+@@ -1154,7 +1154,7 @@
+ 	fi
+ 	
+ 	# Set defaults, preferring existing env-vars if present
+-	set_var EASYRSA		"${0%/*}"
+	set_var EASYRSA		"/etc/easy-rsa"
+ 	set_var EASYRSA_OPENSSL	openssl
+ 	set_var EASYRSA_PKI	"$PWD/pki"
+ 	set_var EASYRSA_DN	cn_only
+@@ -1185,7 +1185,11 @@
+ 		set_var EASYRSA_SSL_CONF	"$EASYRSA_PKI/openssl-easyrsa.cnf"
+ 		set_var EASYRSA_SAFE_CONF	"$EASYRSA_PKI/safessl-easyrsa.cnf"
+ 	else	set_var EASYRSA_SSL_CONF	"$EASYRSA/openssl-easyrsa.cnf"
+-		set_var EASYRSA_SAFE_CONF	"$EASYRSA/safessl-easyrsa.cnf"
+		if touch "$EASYRSA/safessl-easyrsa.cnf" &>/dev/null; then
+			set_var EASYRSA_SAFE_CONF	"$EASYRSA/safessl-easyrsa.cnf"
+		else
+			set_var EASYRSA_SAFE_CONF	"$EASYRSA_PKI/safessl-easyrsa.cnf"
+		fi
+ 	fi
+ 
+ 	# Same as above for the x509-types extensions dir
+--- vars.example.orig	2018-12-03 23:06:35.863084842 +0100
+++ vars.example	2018-12-03 23:07:12.538808022 +0100
+@@ -47,7 +47,7 @@
+ # itself, which is also where the configuration files are located in the
+ # easy-rsa tree.
+ 
+-#set_var EASYRSA	"${0%/*}"
+#set_var EASYRSA	"/etc/easy-rsa"
+ 
+ # If your OpenSSL command is not in the system PATH, you will need to define the
+ # path to it here. Normally this means a full path to the executable, otherwise