diff --git a/EasyRSA-3.0.4.tgz b/EasyRSA-3.0.4.tgz deleted file mode 100644 index 2a1f86c..0000000 --- a/EasyRSA-3.0.4.tgz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:472167f976c6cb7c860cec6150a5616e163ae20365c81f179811d6ee0779ec5a -size 37721 diff --git a/EasyRSA-3.0.4.tgz.sig b/EasyRSA-3.0.4.tgz.sig deleted file mode 100644 index 97c2526..0000000 Binary files a/EasyRSA-3.0.4.tgz.sig and /dev/null differ diff --git a/EasyRSA-nix-3.0.5.tgz b/EasyRSA-nix-3.0.5.tgz new file mode 100644 index 0000000..34417b8 --- /dev/null +++ b/EasyRSA-nix-3.0.5.tgz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5ebfe7dfa20008aa15cecb136f2b308f6e23e29f17568969a3ba772aa50bbb37 +size 50270 diff --git a/EasyRSA-nix-3.0.5.tgz.sig b/EasyRSA-nix-3.0.5.tgz.sig new file mode 100644 index 0000000..c440b74 Binary files /dev/null and b/EasyRSA-nix-3.0.5.tgz.sig differ diff --git a/easy-rsa.changes b/easy-rsa.changes index c782361..b82d48d 100644 --- a/easy-rsa.changes +++ b/easy-rsa.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Fri Nov 30 11:10:10 UTC 2018 - chris@computersalat.de + +- update to 3.0.5 + * Fix #17 & #58: use AES256 for CA key + * Also, don't use read -s, use stty -echo + * Fix broken "nopass" option + * Add -r to read to stop errors reported by shellcheck (and to behave) + * remove overzealous quotes around $pkcs_opts (more SC errors) +- update and rebase suse-packaging.patch + * fix: set_var EASYRSA in vars.example +- fix License + ------------------------------------------------------------------- Sun Jan 28 19:05:46 UTC 2018 - seroton10@gmail.com diff --git a/easy-rsa.spec b/easy-rsa.spec index 752ee44..958e1ae 100644 --- a/easy-rsa.spec +++ b/easy-rsa.spec @@ -17,15 +17,17 @@ # +%define pname EasyRSA-nix + Name: easy-rsa -Version: 3.0.4 +Version: 3.0.5 Release: 0 Summary: CLI utility to build and manage a PKI CA -License: GPL-2.0 +License: GPL-2.0-or-later Group: Productivity/Networking/Security Url: https://github.com/OpenVPN/easy-rsa -Source: https://github.com/OpenVPN/easy-rsa/releases/download/v%{version}/EasyRSA-%{version}.tgz -Source1: https://github.com/OpenVPN/easy-rsa/releases/download/v%{version}/EasyRSA-%{version}.tgz.sig +Source: https://github.com/OpenVPN/%{name}/releases/download/v%{version}/%{pname}-%{version}.tgz +Source1: https://github.com/OpenVPN/%{name}/releases/download/v%{version}/%{pname}-%{version}.tgz.sig # https://github.com/OpenVPN/easy-rsa/tree/master/release-keys Source2: %{name}.keyring Patch100: suse-packaging.patch @@ -38,24 +40,30 @@ easy-rsa is a CLI utility to build and manage a Public Key Infrastructure certificates, including sub-CAs, and create Certificate Revokation Lists (CRL). %prep +#setup -q -n %{pname}-%{version} %setup -q -n EasyRSA-%{version} -%patch100 -p1 +%patch100 %build %install -install -dm0755 %{buildroot}/%{_sysconfdir}/easy-rsa/ -install -dm0755 %{buildroot}/%{_sysconfdir}/easy-rsa/x509-types -install -Dm0644 vars.example %{buildroot}/%{_sysconfdir}/easy-rsa/ -install -Dm0644 openssl-easyrsa.cnf %{buildroot}/%{_sysconfdir}/easy-rsa/ -install -Dm0644 x509-types/* %{buildroot}/%{_sysconfdir}/easy-rsa/x509-types/ +install -dm0755 %{buildroot}/%{_sysconfdir}/%{name}/ +install -dm0755 %{buildroot}/%{_sysconfdir}/%{name}/x509-types +install -Dm0644 vars.example %{buildroot}/%{_sysconfdir}/%{name}/ +install -Dm0644 openssl-easyrsa.cnf %{buildroot}/%{_sysconfdir}/%{name}/ +install -Dm0644 x509-types/* %{buildroot}/%{_sysconfdir}/%{name}/x509-types/ install -Dm0755 easyrsa %{buildroot}/%{_bindir}/easyrsa %files %defattr(-,root,root) -%doc gpl-2.0.txt README.quickstart.md COPYING.md +%doc ChangeLog README.md README.quickstart.md %doc doc/* +%if 0%{?sle_version} == 11 || 0%{?sle_version} <= 120400 +%doc COPYING.md gpl-2.0.txt +%else +%license COPYING.md gpl-2.0.txt +%endif %{_bindir}/easyrsa -%config(noreplace) %{_sysconfdir}/easy-rsa +%config(noreplace) %{_sysconfdir}/%{name} %changelog diff --git a/suse-packaging.patch b/suse-packaging.patch index 4fa91ba..e0586ce 100644 --- a/suse-packaging.patch +++ b/suse-packaging.patch @@ -1,36 +1,62 @@ -*** easyrsa3/easyrsa.orig 2017-07-18 23:46:26.431057777 +0200 ---- easyrsa3/easyrsa 2017-07-19 05:24:59.583924924 +0200 -*************** -*** 1014,1020 **** - vars= - - # set up program path -! prog_vars="${0%/*}/vars" - # set up PKI path - pki_vars="${EASYRSA_PKI:-$PWD/pki}/vars" - ---- 1014,1020 ---- - vars= - - # set up program path -! prog_vars="/etc/easy-rsa/vars" - # set up PKI path - pki_vars="${EASYRSA_PKI:-$PWD/pki}/vars" - -*************** -*** 1041,1047 **** - fi - - # Set defaults, preferring existing env-vars if present -! set_var EASYRSA "${0%/*}" - set_var EASYRSA_OPENSSL openssl - set_var EASYRSA_PKI "$PWD/pki" - set_var EASYRSA_DN cn_only ---- 1041,1047 ---- - fi - - # Set defaults, preferring existing env-vars if present -! set_var EASYRSA "/etc/easy-rsa" - set_var EASYRSA_OPENSSL openssl - set_var EASYRSA_PKI "$PWD/pki" - set_var EASYRSA_DN cn_only +--- easyrsa.orig 2018-09-15 06:21:19.000000000 +0200 ++++ easyrsa 2018-12-03 23:38:04.420888219 +0100 +@@ -315,7 +315,7 @@ + EASYRSA_PKI env-var undefined" + + # make safessl-easyrsa.cnf +- make_ssl_config ++ [ "$1" == "no_safe_ssl_config" ] || make_ssl_config + + # Verify EASYRSA_OPENSSL command gives expected output + if [ -z "$EASYRSA_SSL_OK" ]; then +@@ -415,7 +415,7 @@ + + # init-pki backend: + init_pki() { +- vars_source_check ++ vars_source_check no_safe_ssl_config + + # If EASYRSA_PKI exists, confirm before we rm -rf (skiped with EASYRSA_BATCH) + if [ -e "$EASYRSA_PKI" ]; then +@@ -1124,7 +1124,7 @@ + vars= + + # set up program path +- prog_vars="${0%/*}/vars" ++ prog_vars="/etc/easy-rsa/vars" + # set up PKI path + pki_vars="${EASYRSA_PKI:-$PWD/pki}/vars" + +@@ -1154,7 +1154,7 @@ + fi + + # Set defaults, preferring existing env-vars if present +- set_var EASYRSA "${0%/*}" ++ set_var EASYRSA "/etc/easy-rsa" + set_var EASYRSA_OPENSSL openssl + set_var EASYRSA_PKI "$PWD/pki" + set_var EASYRSA_DN cn_only +@@ -1185,7 +1185,11 @@ + set_var EASYRSA_SSL_CONF "$EASYRSA_PKI/openssl-easyrsa.cnf" + set_var EASYRSA_SAFE_CONF "$EASYRSA_PKI/safessl-easyrsa.cnf" + else set_var EASYRSA_SSL_CONF "$EASYRSA/openssl-easyrsa.cnf" +- set_var EASYRSA_SAFE_CONF "$EASYRSA/safessl-easyrsa.cnf" ++ if touch "$EASYRSA/safessl-easyrsa.cnf" &>/dev/null; then ++ set_var EASYRSA_SAFE_CONF "$EASYRSA/safessl-easyrsa.cnf" ++ else ++ set_var EASYRSA_SAFE_CONF "$EASYRSA_PKI/safessl-easyrsa.cnf" ++ fi + fi + + # Same as above for the x509-types extensions dir +--- vars.example.orig 2018-12-03 23:06:35.863084842 +0100 ++++ vars.example 2018-12-03 23:07:12.538808022 +0100 +@@ -47,7 +47,7 @@ + # itself, which is also where the configuration files are located in the + # easy-rsa tree. + +-#set_var EASYRSA "${0%/*}" ++#set_var EASYRSA "/etc/easy-rsa" + + # If your OpenSSL command is not in the system PATH, you will need to define the + # path to it here. Normally this means a full path to the executable, otherwise