From be3c4c1cc5c30d7ccf0f97a1a8a336c1fcf92b3129d09d7c4b180f6630d8498a Mon Sep 17 00:00:00 2001 From: Olav Reinert Date: Sat, 1 Dec 2018 17:26:16 +0000 Subject: [PATCH 1/2] Accepting request 652846 from home:computersalat:devel:vpn update to 3.0.5, fix License OBS-URL: https://build.opensuse.org/request/show/652846 OBS-URL: https://build.opensuse.org/package/show/network:vpn/easy-rsa?expand=0&rev=24 --- EasyRSA-3.0.4.tgz | 3 -- EasyRSA-3.0.4.tgz.sig | Bin 310 -> 0 bytes EasyRSA-nix-3.0.5.tgz | 3 ++ EasyRSA-nix-3.0.5.tgz.sig | Bin 0 -> 310 bytes easy-rsa.changes | 13 +++++++ easy-rsa.spec | 34 +++++++++++------- suse-packaging.patch | 71 +++++++++++++++++++------------------- 7 files changed, 72 insertions(+), 52 deletions(-) delete mode 100644 EasyRSA-3.0.4.tgz delete mode 100644 EasyRSA-3.0.4.tgz.sig create mode 100644 EasyRSA-nix-3.0.5.tgz create mode 100644 EasyRSA-nix-3.0.5.tgz.sig diff --git a/EasyRSA-3.0.4.tgz b/EasyRSA-3.0.4.tgz deleted file mode 100644 index 2a1f86c..0000000 --- a/EasyRSA-3.0.4.tgz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:472167f976c6cb7c860cec6150a5616e163ae20365c81f179811d6ee0779ec5a -size 37721 diff --git a/EasyRSA-3.0.4.tgz.sig b/EasyRSA-3.0.4.tgz.sig deleted file mode 100644 index 97c252638fcc8f25d1510318688d098816c6bd3f5f371de4b5f47c7205940446..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 310 zcmV-60m=S}0W$;u0SEvc79j-4{G;dhhX*X)xg9TZmO>dh4Gj(j0$OCY&;SYv5OS76 z895CN4ik$A0D+;}5_dXU3c|+0>`K1I0^l^1C9yiDku=)41Kd*#Qy7r9#Z zC^o(XdANU&BIA1~yBjorZ+$fAqiAdO4tRUZ7Lf&nbvot1mr|@#D=WoTekFwvGXb9T z!-yZx=m_@~V1spqu7)IcCVXfvi;Xta%7|xKe*g4J404L0WVl9KeUk&9F~y!tl+otn zp~r`%?hQ%C=NI62rGcIF-J|b)9!K(-XJmO7^oLVQ;Ws3~_dhdbdikw^nR(dwxU%Fb IfS7d8bXJs)-2eap diff --git a/EasyRSA-nix-3.0.5.tgz b/EasyRSA-nix-3.0.5.tgz new file mode 100644 index 0000000..34417b8 --- /dev/null +++ b/EasyRSA-nix-3.0.5.tgz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5ebfe7dfa20008aa15cecb136f2b308f6e23e29f17568969a3ba772aa50bbb37 +size 50270 diff --git a/EasyRSA-nix-3.0.5.tgz.sig b/EasyRSA-nix-3.0.5.tgz.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..c440b74c2d007f7ec2ebbc335bb748e292425ae4a7bf12fa8e02f0d4055b8f41 GIT binary patch literal 310 zcmV-60m=S}0W$;u0SEvc79j-4{G;dhhX*X)xg9TZmO>dh4Gj(j0$ZGl%K!=q5OS76 z895CN4iC%-0MNWaM4hj;bu7nRJVETi^VuRuqASur^%TIm(~iNgx3+}C)CKgoT?ol( zHOOp=AWUfXJf^xV#x)ZQ;NR(TvS{qF*ucUy;b06?XSqU89UkapV1DQ=Q2hhe@?>{`F@2mJJrl_Pt@5mVGq4)T#Dsy Ik&$*CjZj9BdH?_b literal 0 HcmV?d00001 diff --git a/easy-rsa.changes b/easy-rsa.changes index c782361..b82d48d 100644 --- a/easy-rsa.changes +++ b/easy-rsa.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Fri Nov 30 11:10:10 UTC 2018 - chris@computersalat.de + +- update to 3.0.5 + * Fix #17 & #58: use AES256 for CA key + * Also, don't use read -s, use stty -echo + * Fix broken "nopass" option + * Add -r to read to stop errors reported by shellcheck (and to behave) + * remove overzealous quotes around $pkcs_opts (more SC errors) +- update and rebase suse-packaging.patch + * fix: set_var EASYRSA in vars.example +- fix License + ------------------------------------------------------------------- Sun Jan 28 19:05:46 UTC 2018 - seroton10@gmail.com diff --git a/easy-rsa.spec b/easy-rsa.spec index 752ee44..3cacb3d 100644 --- a/easy-rsa.spec +++ b/easy-rsa.spec @@ -13,19 +13,21 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # +%define pname EasyRSA-nix + Name: easy-rsa -Version: 3.0.4 +Version: 3.0.5 Release: 0 Summary: CLI utility to build and manage a PKI CA -License: GPL-2.0 +License: GPL-2.0-or-later Group: Productivity/Networking/Security Url: https://github.com/OpenVPN/easy-rsa -Source: https://github.com/OpenVPN/easy-rsa/releases/download/v%{version}/EasyRSA-%{version}.tgz -Source1: https://github.com/OpenVPN/easy-rsa/releases/download/v%{version}/EasyRSA-%{version}.tgz.sig +Source: https://github.com/OpenVPN/%{name}/releases/download/v%{version}/%{pname}-%{version}.tgz +Source1: https://github.com/OpenVPN/%{name}/releases/download/v%{version}/%{pname}-%{version}.tgz.sig # https://github.com/OpenVPN/easy-rsa/tree/master/release-keys Source2: %{name}.keyring Patch100: suse-packaging.patch @@ -38,24 +40,30 @@ easy-rsa is a CLI utility to build and manage a Public Key Infrastructure certificates, including sub-CAs, and create Certificate Revokation Lists (CRL). %prep +#setup -q -n %{pname}-%{version} %setup -q -n EasyRSA-%{version} -%patch100 -p1 +%patch100 %build %install -install -dm0755 %{buildroot}/%{_sysconfdir}/easy-rsa/ -install -dm0755 %{buildroot}/%{_sysconfdir}/easy-rsa/x509-types -install -Dm0644 vars.example %{buildroot}/%{_sysconfdir}/easy-rsa/ -install -Dm0644 openssl-easyrsa.cnf %{buildroot}/%{_sysconfdir}/easy-rsa/ -install -Dm0644 x509-types/* %{buildroot}/%{_sysconfdir}/easy-rsa/x509-types/ +install -dm0755 %{buildroot}/%{_sysconfdir}/%{name}/ +install -dm0755 %{buildroot}/%{_sysconfdir}/%{name}/x509-types +install -Dm0644 vars.example %{buildroot}/%{_sysconfdir}/%{name}/ +install -Dm0644 openssl-easyrsa.cnf %{buildroot}/%{_sysconfdir}/%{name}/ +install -Dm0644 x509-types/* %{buildroot}/%{_sysconfdir}/%{name}/x509-types/ install -Dm0755 easyrsa %{buildroot}/%{_bindir}/easyrsa %files %defattr(-,root,root) -%doc gpl-2.0.txt README.quickstart.md COPYING.md +%doc ChangeLog README.md README.quickstart.md %doc doc/* +%if 0%{?sle_version} == 11 || 0%{?sle_version} <= 120400 +%doc COPYING.md gpl-2.0.txt +%else +%license COPYING.md gpl-2.0.txt +%endif %{_bindir}/easyrsa -%config(noreplace) %{_sysconfdir}/easy-rsa +%config(noreplace) %{_sysconfdir}/%{name} %changelog diff --git a/suse-packaging.patch b/suse-packaging.patch index 4fa91ba..c2973b3 100644 --- a/suse-packaging.patch +++ b/suse-packaging.patch @@ -1,36 +1,35 @@ -*** easyrsa3/easyrsa.orig 2017-07-18 23:46:26.431057777 +0200 ---- easyrsa3/easyrsa 2017-07-19 05:24:59.583924924 +0200 -*************** -*** 1014,1020 **** - vars= - - # set up program path -! prog_vars="${0%/*}/vars" - # set up PKI path - pki_vars="${EASYRSA_PKI:-$PWD/pki}/vars" - ---- 1014,1020 ---- - vars= - - # set up program path -! prog_vars="/etc/easy-rsa/vars" - # set up PKI path - pki_vars="${EASYRSA_PKI:-$PWD/pki}/vars" - -*************** -*** 1041,1047 **** - fi - - # Set defaults, preferring existing env-vars if present -! set_var EASYRSA "${0%/*}" - set_var EASYRSA_OPENSSL openssl - set_var EASYRSA_PKI "$PWD/pki" - set_var EASYRSA_DN cn_only ---- 1041,1047 ---- - fi - - # Set defaults, preferring existing env-vars if present -! set_var EASYRSA "/etc/easy-rsa" - set_var EASYRSA_OPENSSL openssl - set_var EASYRSA_PKI "$PWD/pki" - set_var EASYRSA_DN cn_only +Index: easyrsa +=================================================================== +--- easyrsa.orig ++++ easyrsa +@@ -1124,7 +1124,7 @@ vars_setup() { + vars= + + # set up program path +- prog_vars="${0%/*}/vars" ++ prog_vars="/etc/easy-rsa/vars" + # set up PKI path + pki_vars="${EASYRSA_PKI:-$PWD/pki}/vars" + +@@ -1154,7 +1154,7 @@ Note: using Easy-RSA configuration from: + fi + + # Set defaults, preferring existing env-vars if present +- set_var EASYRSA "${0%/*}" ++ set_var EASYRSA "/etc/easy-rsa" + set_var EASYRSA_OPENSSL openssl + set_var EASYRSA_PKI "$PWD/pki" + set_var EASYRSA_DN cn_only +Index: vars.example +=================================================================== +--- vars.example.orig ++++ vars.example +@@ -47,7 +47,7 @@ fi + # itself, which is also where the configuration files are located in the + # easy-rsa tree. + +-#set_var EASYRSA "${0%/*}" ++#set_var EASYRSA "/etc/easy-rsa" + + # If your OpenSSL command is not in the system PATH, you will need to define the + # path to it here. Normally this means a full path to the executable, otherwise From d9dcf74b8a6925ddbc4e0409fe8ef3f56e120fd24bb514a5a51367c63fc501f6 Mon Sep 17 00:00:00 2001 From: Olav Reinert Date: Mon, 3 Dec 2018 22:44:23 +0000 Subject: [PATCH 2/2] Fix suse-packaging.patch for non-root usage. OBS-URL: https://build.opensuse.org/package/show/network:vpn/easy-rsa?expand=0&rev=25 --- easy-rsa.spec | 2 +- suse-packaging.patch | 49 ++++++++++++++++++++++++++++++++++---------- 2 files changed, 39 insertions(+), 12 deletions(-) diff --git a/easy-rsa.spec b/easy-rsa.spec index 3cacb3d..958e1ae 100644 --- a/easy-rsa.spec +++ b/easy-rsa.spec @@ -13,7 +13,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# Please submit bugfixes or comments via http://bugs.opensuse.org/ # diff --git a/suse-packaging.patch b/suse-packaging.patch index c2973b3..e0586ce 100644 --- a/suse-packaging.patch +++ b/suse-packaging.patch @@ -1,8 +1,24 @@ -Index: easyrsa -=================================================================== ---- easyrsa.orig -+++ easyrsa -@@ -1124,7 +1124,7 @@ vars_setup() { +--- easyrsa.orig 2018-09-15 06:21:19.000000000 +0200 ++++ easyrsa 2018-12-03 23:38:04.420888219 +0100 +@@ -315,7 +315,7 @@ + EASYRSA_PKI env-var undefined" + + # make safessl-easyrsa.cnf +- make_ssl_config ++ [ "$1" == "no_safe_ssl_config" ] || make_ssl_config + + # Verify EASYRSA_OPENSSL command gives expected output + if [ -z "$EASYRSA_SSL_OK" ]; then +@@ -415,7 +415,7 @@ + + # init-pki backend: + init_pki() { +- vars_source_check ++ vars_source_check no_safe_ssl_config + + # If EASYRSA_PKI exists, confirm before we rm -rf (skiped with EASYRSA_BATCH) + if [ -e "$EASYRSA_PKI" ]; then +@@ -1124,7 +1124,7 @@ vars= # set up program path @@ -11,7 +27,7 @@ Index: easyrsa # set up PKI path pki_vars="${EASYRSA_PKI:-$PWD/pki}/vars" -@@ -1154,7 +1154,7 @@ Note: using Easy-RSA configuration from: +@@ -1154,7 +1154,7 @@ fi # Set defaults, preferring existing env-vars if present @@ -20,11 +36,22 @@ Index: easyrsa set_var EASYRSA_OPENSSL openssl set_var EASYRSA_PKI "$PWD/pki" set_var EASYRSA_DN cn_only -Index: vars.example -=================================================================== ---- vars.example.orig -+++ vars.example -@@ -47,7 +47,7 @@ fi +@@ -1185,7 +1185,11 @@ + set_var EASYRSA_SSL_CONF "$EASYRSA_PKI/openssl-easyrsa.cnf" + set_var EASYRSA_SAFE_CONF "$EASYRSA_PKI/safessl-easyrsa.cnf" + else set_var EASYRSA_SSL_CONF "$EASYRSA/openssl-easyrsa.cnf" +- set_var EASYRSA_SAFE_CONF "$EASYRSA/safessl-easyrsa.cnf" ++ if touch "$EASYRSA/safessl-easyrsa.cnf" &>/dev/null; then ++ set_var EASYRSA_SAFE_CONF "$EASYRSA/safessl-easyrsa.cnf" ++ else ++ set_var EASYRSA_SAFE_CONF "$EASYRSA_PKI/safessl-easyrsa.cnf" ++ fi + fi + + # Same as above for the x509-types extensions dir +--- vars.example.orig 2018-12-03 23:06:35.863084842 +0100 ++++ vars.example 2018-12-03 23:07:12.538808022 +0100 +@@ -47,7 +47,7 @@ # itself, which is also where the configuration files are located in the # easy-rsa tree.