Hello community, here is the log from the commit of package easy-rsa for openSUSE:Factory checked in at 2017-05-31 12:18:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/easy-rsa (Old) and /work/SRC/openSUSE:Factory/.easy-rsa.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "easy-rsa" Wed May 31 12:18:07 2017 rev:2 rq:498607 version:3.0.1 Changes: -------- --- /work/SRC/openSUSE:Factory/easy-rsa/easy-rsa.changes 2017-02-03 17:36:11.445527613 +0100 +++ /work/SRC/openSUSE:Factory/.easy-rsa.new/easy-rsa.changes 2017-05-31 12:19:18.308102231 +0200 @@ -1,0 +2,19 @@ +Sat May 27 07:30:22 UTC 2017 - [email protected] + +- Add special %if for SLE11 as patch tool can't rename files. +- Include upstream patches + + f174800.patch + Generate random serial number for all certificates + + 29d4dee.patch + Fixes #91 basename: invalid option -- 's' + + b93d0a1.patch + Spelling fixes and sentence structure improvements + + fb4d8d8.patch + Fix comment indicating the end of the function verify_file() + + b75faa4.patch + Convert README and COPYING into markdown files +- Rename openSUSE specific patch easyrsa.packaging.patch to + easy-rsa-packaging.patch +- spec-cleaner -m (Add also SUSE copyrights) + +------------------------------------------------------------------- Old: ---- easy-rsa-3.0.1.tar.gz easyrsa.packaging.patch New: ---- 29d4dee.patch 3.0.1.tar.gz b75faa4.patch b93d0a1.patch easy-rsa-packaging.patch f174800.patch fb4d8d8.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ easy-rsa.spec ++++++ --- /var/tmp/diff_new_pack.uNphnX/_old 2017-05-31 12:19:19.079993268 +0200 +++ /var/tmp/diff_new_pack.uNphnX/_new 2017-05-31 12:19:19.083992704 +0200 @@ -1,6 +1,7 @@ # # spec file for package easy-rsa # +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2015 Stefan Jakobs. # # All modifications and additions to the file contributed by third parties @@ -12,15 +13,31 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + + Name: easy-rsa Version: 3.0.1 -Release: 1 -License: GPL-2.0 +Release: 0 Summary: CLI utility to build and manage a PKI CA -Url: https://github.com/OpenVPN/easy-rsa +License: GPL-2.0 Group: Productivity/Networking/Security -Source: %{name}-%{version}.tar.gz -Patch0: easyrsa.packaging.patch +Url: https://github.com/OpenVPN/easy-rsa +Source: https://github.com/OpenVPN/easy-rsa/archive/%{version}.tar.gz +# Fixed upstream issues +# Generate random serial number for all certificates +Patch0: https://github.com/OpenVPN/easy-rsa/commit/f174800.patch +# Fixes #91 basename: invalid option -- 's'. +Patch1: https://github.com/OpenVPN/easy-rsa/commit/29d4dee.patch +# spelling fixes and setence structure improvements +Patch2: https://github.com/OpenVPN/easy-rsa/commit/b93d0a1.patch +# Fix comment indicating the end of the function verify_file() comment. +Patch3: https://github.com/OpenVPN/easy-rsa/commit/fb4d8d8.patch +# Convert README and COPYING into markdown files +Patch4: https://github.com/OpenVPN/easy-rsa/commit/b75faa4.patch +# openSUSE specific +Patch100: easy-rsa-packaging.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch @@ -31,9 +48,24 @@ %prep %setup -q -%patch0 -p0 -sed -i 's;#\(set_var EASYRSA \)"$PWD";\1"/etc/easy-rsa";' easyrsa3/vars.example -mv README.quickstart.md README.quickstart +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch100 -p0 +sed -i 's;#\(set_var EASYRSA \)"$PWD";\1"%{_sysconfdir}/easy-rsa";' easyrsa3/vars.example + +# Add this for SLE11, patch tool can't rename file. +# Next release we should publish .md documentation. +%if 0%{?sles_version} > 0 && 0%{?sles_version} < 12 +mv -v COPYING COPYING.md +mv -v README README.md +%endif + +mv -v COPYING.md COPYING +mv -v README.md README +mv -v README.quickstart.md README.quickstart for f in doc/*.md; do mv $f ${f%.md} done @@ -48,11 +80,12 @@ install -Dm0644 easyrsa3/x509-types/* %{buildroot}/%{_sysconfdir}/easy-rsa/x509-types/ install -Dm0755 easyrsa3/easyrsa %{buildroot}/%{_bindir}/easyrsa - %files %defattr(-,root,root) %doc KNOWN_ISSUES README README.quickstart COPYING +%doc Licensing/* %doc doc/* %{_bindir}/easyrsa %config(noreplace) %{_sysconfdir}/easy-rsa +%changelog ++++++ 29d4dee.patch ++++++ >From 29d4dee508706a34b50c20d338b3f2d452446716 Mon Sep 17 00:00:00 2001 From: Thomas Szteliga <[email protected]> Date: Mon, 21 Mar 2016 17:25:58 +0100 Subject: [PATCH] Fixes #91 basename: invalid option -- 's'. --- build/build-dist.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/build-dist.sh b/build/build-dist.sh index 2f11fb2..dca4b9a 100755 --- a/build/build-dist.sh +++ b/build/build-dist.sh @@ -88,7 +88,7 @@ stage_win() { for f in `ls $SRC_ROOT/doc/*.md`; do - fname=`basename -s .md $f` + fname=`basename $f .md` python -m markdown $f > $DIST_ROOT/windows/$PV/doc/$fname.html done ++++++ easy-rsa-3.0.1.tar.gz -> 3.0.1.tar.gz ++++++ ++++ no output (probably identical) ++++++ b75faa4.patch ++++++ >From b75faa475f22af55202d4b2be429cd30f16f15ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Samuli=20Sepp=C3=A4nen?= <[email protected]> Date: Wed, 22 Jun 2016 18:51:48 +0300 Subject: [PATCH] Convert README and COPYING into markdown files MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Samuli Seppänen <[email protected]> --- COPYING => COPYING.md | 5 +++-- README => README.md | 25 +++++++++++++------------ 2 files changed, 16 insertions(+), 14 deletions(-) rename COPYING => COPYING.md (91%) rename README => README.md (68%) diff --git a/COPYING b/COPYING.md similarity index 91% rename from COPYING rename to COPYING.md index 25b910e..39bce08 100644 --- a/COPYING +++ b/COPYING.md @@ -1,15 +1,16 @@ Easy-RSA -- A Shell-based CA Utility +==================================== Copyright (C) 2013 by the Open-Source OpenVPN development community -Easy-RSA 3 license: GPLv2: +Easy-RSA 3 license: GPLv2 ------------------------- All the Easy-RSA code contained in this project falls under a GPLv2 license with full text available in the Licensing/ directory. Additional components used by this project fall under additional licenses: -Additional licenses for external components: +Additional licenses for external components ------------------------------------------- The following components are under different licenses; while not part of the diff --git a/README b/README.md similarity index 68% rename from README rename to README.md index 325e7e6..5a574e5 100644 --- a/README +++ b/README.md @@ -1,39 +1,40 @@ -OVERVIEW: +# Overview + easy-rsa is a CLI utility to build and manage a PKI CA. In laymen's terms, this means to create a root certificate authority, and request and sign certificates, including sub-CAs and certificate revokation lists (CRL). -DOWNLOADS: +# Downloads If you are looking for release downloads, please see the releases section on GitHub. Releases are also available as source checkouts using named tags. -DOCUMENTATION: +# Documentation -For 3.x project documentation and usage, see the README.quickstart.md file or +For 3.x project documentation and usage, see the [README.quickstart.md](README.quickstart.md) file or the more detailed docs under the doc/ directory. The .md files are in Markdown format and can be converted to html files as desired for release packages, or read as-is in plaintext. -GETTING HELP USING EASY-RSA: +# Getting help using easy-rsa Currently, Easy-RSA development co-exists with OpenVPN even though they are separate projects. The following resources are good places as of this writing to seek help using Easy-RSA: -The openvpn-users mailing list is a good place to post usage or help questions: -https://lists.sourceforge.net/lists/listinfo/openvpn-users +The [openvpn-users mailing list](https://lists.sourceforge.net/lists/listinfo/openvpn-users) +is a good place to post usage or help questions. You can also try IRC at Freenode/#openvpn -BRANCH STRUCTURE: +# Branch structure The easy-rsa master branch is currently tracking development for the 3.x release cycle. The prior 2.x and 1.x versions are available as release branches for tracking and possible back-porting of relevant fixes. Branch layout is: - master <- 3.x, at present - release/2.x - release/1.x + master <- 3.x, at present + release/2.x + release/1.x -LICENSING info for 3.x is in the COPYING file +LICENSING info for 3.x is in the [COPYING.md](COPYING.md) file ++++++ b93d0a1.patch ++++++ >From b93d0a16759137d68f6ffbf9fd41e9de23eacb71 Mon Sep 17 00:00:00 2001 From: Drew Anderson <[email protected]> Date: Mon, 9 May 2016 10:24:02 +1000 Subject: [PATCH] spelling fixes and setence structure improvements --- doc/EasyRSA-Advanced.md | 2 +- doc/EasyRSA-Readme.md | 6 +++--- doc/EasyRSA-Upgrade-Notes.md | 2 +- doc/Intro-To-PKI.md | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/doc/EasyRSA-Advanced.md b/doc/EasyRSA-Advanced.md index 6406946..64b29ae 100644 --- a/doc/EasyRSA-Advanced.md +++ b/doc/EasyRSA-Advanced.md @@ -108,7 +108,7 @@ possible terse description is shown below: extensions * `EASYRSA_REQ_CN` (CLI: `--req-cn`) - default CN, necessary to set in BATCH mode - * `EASYRSA_DIGEST` (CLI: `--digest`) - set a hash diget to use for req/cert + * `EASYRSA_DIGEST` (CLI: `--digest`) - set a hash digest to use for req/cert signing * `EASYRSA_BATCH` (CLI: `--batch`) - enable batch (no-prompt) mode; set env-var to non-zero string to enable (CLI takes no options) diff --git a/doc/EasyRSA-Readme.md b/doc/EasyRSA-Readme.md index 568c3a6..bece589 100644 --- a/doc/EasyRSA-Readme.md +++ b/doc/EasyRSA-Readme.md @@ -74,7 +74,7 @@ Obtaining and Using Easy-RSA General usage and command help can be shown with: ./easyrsa help [ command ] - + When run without any command, general usage and a list of available commands are shown; when a command is supplied, detailed help output for that command is shown. @@ -135,7 +135,7 @@ you need a more basic description of how a PKI works. When building a CA, a number of new files are created by a combination of Easy-RSA and (indirectly) openssl. The important CA files are: - + * `ca.crt` - This is the CA certificate * `index.txt` - This is the "master database" of all issued certs * `serial` - Stores the next serial number (serial numbers increment) @@ -224,7 +224,7 @@ Easy-RSA can generate a keypair and request with the following command: ./easyrsa gen-req nameOfRequest You will then be given a chance to modify the Subject details of your request. -By default Easy-RSA uses the short name supplied on the command-line, though you +Easy-RSA uses the short name supplied on the command-line by default, though you are free to change it if necessary. After providing a passphrase and Subject details, the keypair and request files will be shown. diff --git a/doc/EasyRSA-Upgrade-Notes.md b/doc/EasyRSA-Upgrade-Notes.md index f5c1514..6cc6df2 100644 --- a/doc/EasyRSA-Upgrade-Notes.md +++ b/doc/EasyRSA-Upgrade-Notes.md @@ -54,5 +54,5 @@ Easy-RSA 3 has some new concepts compared to the prior v2 series. generation as the requester doesn't need to know the CA's values in advance. Previously in v2, the Country, State, and Org values all had to match or a - request couldn't be signed. If you want the old behavior your can change the + request couldn't be signed. If you want the old behavior you can change the OpenSSL config to require it or simply look over the DN at signing time. diff --git a/doc/Intro-To-PKI.md b/doc/Intro-To-PKI.md index cd8217b..ea56629 100644 --- a/doc/Intro-To-PKI.md +++ b/doc/Intro-To-PKI.md @@ -37,7 +37,7 @@ PKI mixed in with one used to generate end-entity certificates, such as clients or servers (VPN or web servers.) To start a new PKI, the CA is first created on the secure environment. -Depending on security needs, this could managed under a locked down account, +Depending on security needs, this could be managed under a locked down account, dedicated system, or even a completely offline system or using removable media to improve security (after all, you can't suffer an online break-in if your system or PKI is not online.) The exact steps to create a CA are described in a ++++++ easy-rsa-packaging.patch ++++++ --- easyrsa3/easyrsa.orig 2015-04-05 21:42:25.422949081 +0200 +++ easyrsa3/easyrsa 2015-04-05 21:43:55.493395425 +0200 @@ -972,6 +972,9 @@ # command-line path: if [ -f "$EASYRSA_VARS_FILE" ]; then vars="$EASYRSA_VARS_FILE" + # packaging defaults + elif [ -f "/etc/easy-rsa/vars" ]; then + vars="/etc/easy-rsa/vars" # EASYRSA_PKI, if defined: elif [ -n "$EASYRSA_PKI" ] && [ -f "$EASYRSA_PKI/vars" ]; then vars="$EASYRSA_PKI/vars" ++++++ f174800.patch ++++++ >From d309c6aaa23f661ccd2563df6a184e1351293b61 Mon Sep 17 00:00:00 2001 From: ValdikSS <[email protected]> Date: Mon, 11 Jan 2016 01:53:32 +0300 Subject: [PATCH] Generate random serial number for all certificates --- easyrsa3/easyrsa | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index 6fec288..bcb3aeb 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -652,6 +652,17 @@ Certificate created at: $crt_out build_full() { verify_ca_init + local i= serial= check_serial= + for i in 1 2 3 4 5; do + "$EASYRSA_OPENSSL" rand -hex 16 -out "$EASYRSA_PKI/serial" + serial="$(cat "$EASYRSA_PKI/serial")" + check_serial="$("$EASYRSA_OPENSSL" ca -config "$EASYRSA_SSL_CONF" -status "$serial" 2>&1)" + case "$check_serial" in + *"not present in db"*) break ;; + *) continue ;; + esac + done + # pull filename base: [ -n "$2" ] || die "\ Error: didn't find a file base name as the first argument. ++++++ fb4d8d8.patch ++++++ >From fb4d8d8e26dd83b0782a3e92fded1cd9ca3aa0cd Mon Sep 17 00:00:00 2001 From: Jiri Tyr <[email protected]> Date: Tue, 21 Jun 2016 14:16:45 +0100 Subject: [PATCH] Fix comment indicating the end of the function This patch corrects the comment indicating the end of the `verify_file()` function. --- easyrsa3/easyrsa | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index bcb3aeb..088faeb 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -928,7 +928,7 @@ verify_file() { local format="$1" path="$2" "$EASYRSA_OPENSSL" $format -in "$path" -noout 2>/dev/null || return 1 return 0 -} # => verify_x509() +} # => verify_file() # show-* command backend # Prints req/cert details in a readable format
