Hello community, here is the log from the commit of package easy-rsa for openSUSE:Factory checked in at 2017-09-12 19:54:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/easy-rsa (Old) and /work/SRC/openSUSE:Factory/.easy-rsa.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "easy-rsa" Tue Sep 12 19:54:05 2017 rev:5 rq:522753 version:3.0.1 Changes: -------- --- /work/SRC/openSUSE:Factory/easy-rsa/easy-rsa.changes 2017-07-25 11:41:33.746463623 +0200 +++ /work/SRC/openSUSE:Factory/.easy-rsa.new/easy-rsa.changes 2017-09-12 19:54:11.829181862 +0200 @@ -1,0 +2,29 @@ +Wed Aug 23 09:06:23 UTC 2017 - [email protected] + +- Include upstream patches: + + 4eac410.patch + Fix string comprehension + + a138c0d.patch + Fix incorrect "openssl rand" usage + + 83a1a21.patch + Add --copy-ext option + + +------------------------------------------------------------------- +Fri Jul 28 21:27:09 UTC 2017 - [email protected] + +- Include upstream patches: + + d20d2b3.patch + Update docs and examples to fit changes in 534f673 +- Adapted easy-rsa-packaging.patch to work with upstream patch + +------------------------------------------------------------------- +Mon Jul 24 23:04:34 UTC 2017 - [email protected] + +- Include upstream patches: + + 534f673.patch + Make $PWD/pki the default PKI location +- Adapted easy-rsa-packaging.patch to work with upstream patch +- Treat /etc/easy-rsa as public default config, no default vars + +------------------------------------------------------------------- New: ---- 4eac410.patch 534f673.patch 83a1a21.patch a138c0d.patch d20d2b3.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ easy-rsa.spec ++++++ --- /var/tmp/diff_new_pack.GxWzqy/_old 2017-09-12 19:54:12.573077266 +0200 +++ /var/tmp/diff_new_pack.GxWzqy/_new 2017-09-12 19:54:12.573077266 +0200 @@ -40,6 +40,16 @@ Patch5: https://github.com/OpenVPN/easy-rsa/commit/6436eaf.patch # Moved @ValdikSS's serial randomization to sign_req Patch6: https://github.com/OpenVPN/easy-rsa/commit/e9e8e27.patch +# Make $PWD/pki the default PKI location +Patch7: https://github.com/OpenVPN/easy-rsa/commit/534f673.patch +# Update docs and examples to fit changes in 534f673 +Patch8: https://github.com/OpenVPN/easy-rsa/commit/d20d2b3.patch +# Fix string comprehension +Patch9: https://github.com/OpenVPN/easy-rsa/commit/4eac410.patch +# Fix incorrect "openssl rand" usage +Patch10: https://github.com/OpenVPN/easy-rsa/commit/a138c0d.patch +# Add --copy-ext option +Patch11: https://github.com/OpenVPN/easy-rsa/commit/83a1a21.patch # openSUSE specific Patch100: easy-rsa-packaging.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -59,8 +69,12 @@ %patch4 -p1 %patch5 -p1 %patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch10 -p1 +%patch11 -p1 %patch100 -p0 -sed -i 's;#\(set_var EASYRSA \)"$PWD";\1"%{_sysconfdir}/easy-rsa";' easyrsa3/vars.example # Add this for SLE11, patch tool can't rename file. # Next release we should publish .md documentation. @@ -72,9 +86,9 @@ %build %install -install -dm0700 %{buildroot}/%{_sysconfdir}/easy-rsa/ +install -dm0755 %{buildroot}/%{_sysconfdir}/easy-rsa/ install -dm0755 %{buildroot}/%{_sysconfdir}/easy-rsa/x509-types -install -Dm0644 easyrsa3/vars.example %{buildroot}/%{_sysconfdir}/easy-rsa/vars +install -Dm0644 easyrsa3/vars.example %{buildroot}/%{_sysconfdir}/easy-rsa/ install -Dm0644 easyrsa3/openssl-1.0.cnf %{buildroot}/%{_sysconfdir}/easy-rsa/openssl-1.0.cnf install -Dm0644 easyrsa3/x509-types/* %{buildroot}/%{_sysconfdir}/easy-rsa/x509-types/ install -Dm0755 easyrsa3/easyrsa %{buildroot}/%{_bindir}/easyrsa ++++++ 4eac410.patch ++++++ >From 4eac410bce13a4730aa160ba48e6fa0aef7edd7c Mon Sep 17 00:00:00 2001 From: azvyagintsev <[email protected]> Date: Tue, 4 Jul 2017 20:14:57 +0300 Subject: [PATCH] Fix string comprehension - "[[" syntax work only in "Bash" --- easyrsa3/easyrsa | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index e004e2b..901a52f 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -641,8 +641,7 @@ $(display_dn req "$req_in") # If type is server and no subjectAltName was requested, # add one to the extensions file - if [[ "$crt_type" == 'server' ]] - then + if [ "$crt_type" = 'server' ]; then echo "$EASYRSA_EXTRA_EXTS" | grep -q subjectAltName || print $(default_server_san "$req_in") @@ -941,8 +940,7 @@ default_server_san() { awk -F'=' '/^ *CN=/{print $2}' ) echo "$cn" | egrep -q '^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$' - if [[ $? -eq 0 ]] - then + if [ $? -eq 0 ]; then print "subjectAltName = IP:$cn" else print "subjectAltName = DNS:$cn" ++++++ 534f673.patch ++++++ >From 534f67345997603e3b1fbf6b673bbaa65937019e Mon Sep 17 00:00:00 2001 From: Olav Reinert <[email protected]> Date: Mon, 5 Jun 2017 23:30:57 +0200 Subject: [PATCH] Make $PWD/pki the default PKI location --- doc/EasyRSA-Advanced.md | 3 ++- easyrsa3/easyrsa | 14 ++++++++------ 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/doc/EasyRSA-Advanced.md b/doc/EasyRSA-Advanced.md index 64b29ae..1bd8c29 100644 --- a/doc/EasyRSA-Advanced.md +++ b/doc/EasyRSA-Advanced.md @@ -34,6 +34,7 @@ Configuration Reference 1. File referenced by the --vars CLI option 2. The file referenced by the env-var named `EASYRSA_VARS_FILE` 3. The `EASYRSA_PKI` directory + 4. The default PKI directory at $PWD/pki (usually will be the same as above) 4. The `EASYRSA` directory 5. The location of the easyrsa program (usually will be the same as above) @@ -80,7 +81,7 @@ possible terse description is shown below: * `EASYRSA` - should point to the Easy-RSA top-level dir, normally $PWD * `EASYRSA_OPENSSL` - command to invoke openssl * `EASYRSA_SSL_CONF` - the openssl config file to use - * `EASYRSA_PKI` (CLI: `--pki-dir`) - dir to use to hold all PKI-specific files + * `EASYRSA_PKI` (CLI: `--pki-dir`) - dir to use to hold all PKI-specific files, normally $PWD/pki. * `EASYRSA_DN` (CLI: `--dn-mode`) - set to the string `cn_only` or `org` to alter the fields to include in the req DN * `EASYRSA_REQ_COUNTRY` (CLI: `--req-c`) - set the DN country with org mode diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index 088faeb..8adc8fc 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -989,13 +989,15 @@ vars_setup() { # set up program path local prog_vars="${0%/*}/vars" + # set up PKI path + local pki_vars="${EASYRSA_PKI:-$PWD/pki}/vars" # command-line path: if [ -f "$EASYRSA_VARS_FILE" ]; then vars="$EASYRSA_VARS_FILE" - # EASYRSA_PKI, if defined: - elif [ -n "$EASYRSA_PKI" ] && [ -f "$EASYRSA_PKI/vars" ]; then - vars="$EASYRSA_PKI/vars" + # PKI location, if present: + elif [ -f "$pki_vars" ]; then + vars="$pki_vars" # EASYRSA, if defined: elif [ -n "$EASYRSA" ] && [ -f "$EASYRSA/vars" ]; then vars="$EASYRSA/vars" @@ -1013,9 +1015,9 @@ Note: using Easy-RSA configuration from: $vars" fi # Set defaults, preferring existing env-vars if present - set_var EASYRSA "$PWD" + set_var EASYRSA "${0%/*}" set_var EASYRSA_OPENSSL openssl - set_var EASYRSA_PKI "$EASYRSA/pki" + set_var EASYRSA_PKI "$PWD/pki" set_var EASYRSA_DN cn_only set_var EASYRSA_REQ_COUNTRY "US" set_var EASYRSA_REQ_PROVINCE "California" @@ -1225,4 +1227,4 @@ case "$cmd" in ;; esac -# vim: ft=sh nu ai sw=8 ts=8 +# vim: ft=sh nu ai sw=8 ts=8 noet ++++++ 6436eaf.patch ++++++ --- /var/tmp/diff_new_pack.GxWzqy/_old 2017-09-12 19:54:12.637068268 +0200 +++ /var/tmp/diff_new_pack.GxWzqy/_new 2017-09-12 19:54:12.641067706 +0200 @@ -1,8 +1,11 @@ -commit 6436eaf8c1e5e3c44d23c1c7a0a5fef14f19d375 -Author: Martin Schmitt <[email protected]> -Date: Fri Jun 30 16:12:13 2017 +0200 +From 6436eaf8c1e5e3c44d23c1c7a0a5fef14f19d375 Mon Sep 17 00:00:00 2001 +From: Martin Schmitt <[email protected]> +Date: Fri, 30 Jun 2017 16:12:13 +0200 +Subject: [PATCH] Add CN as SAN (if none requested) on server certs by default - Add CN as SAN (if none requested) on server certs by default +--- + easyrsa3/easyrsa | 25 +++++++++++++++++++++++++ + 1 file changed, 25 insertions(+) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index 088faeb..f5ec797 100755 ++++++ 83a1a21.patch ++++++ >From 83a1a21e7a90e8666498dec2fa35ee5b8f67920c Mon Sep 17 00:00:00 2001 From: Eric F Crist <[email protected]> Date: Tue, 22 Aug 2017 20:52:26 -0500 Subject: [PATCH] Add --copy-ext option Adding the --copy-ext option to copy request extension data. This will resolve #60 and other Subject Alternative Name "issues" that have been created. Signed-off-by: Eric F Crist <[email protected]> --- easyrsa3/easyrsa | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index 81618d3..55de809 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -199,6 +199,7 @@ Certificate & Request options: (these impact cert/req field values) ./easyrsa help altname --use-algo=ALG : crypto alg to use: choose rsa (default) or ec --curve=NAME : for elliptic curve, sets the named curve to use +--copy-ext : Copy included request X509 extensions (namely subjAltName Organizational DN options: (only used with the 'org' DN mode) (values may be blank for org DN options) @@ -623,6 +624,8 @@ $(display_dn req "$req_in") # Append first any COMMON file (if present) then the cert-type extensions cat "$EASYRSA_EXT_DIR/COMMON" cat "$EASYRSA_EXT_DIR/$crt_type" + # copy req extensions + [ $EASYRSA_CP_EXT ] && print "copy_extensions = copy" # Support a dynamic CA path length when present: [ "$crt_type" = "ca" ] && [ -n "$EASYRSA_SUBCA_LEN" ] && \ @@ -1063,6 +1066,7 @@ Note: using Easy-RSA configuration from: $vars" set_var EASYRSA_TEMP_FILE_3 "" set_var EASYRSA_REQ_CN ChangeMe set_var EASYRSA_DIGEST sha256 + set_var EASYRSA_CP_EXT 0 # Detect openssl config, preferring EASYRSA_PKI over EASYRSA if [ -f "$EASYRSA_PKI/openssl-1.0.cnf" ]; then @@ -1165,6 +1169,8 @@ while :; do export EASYRSA_SUBCA_LEN="$val" ;; --vars) export EASYRSA_VARS_FILE="$val" ;; + --copy-ext) + export EASYRSA_CP_EXT=1 ;; --subject-alt-name) export EASYRSA_EXTRA_EXTS="\ $EASYRSA_EXTRA_EXTS ++++++ a138c0d.patch ++++++ >From a138c0d83b0ff1feed385c5d2d7a1c25422fe04d Mon Sep 17 00:00:00 2001 From: Uwe Hermann <[email protected]> Date: Sat, 19 Aug 2017 18:17:43 +0200 Subject: [PATCH] Fix incorrect "openssl rand" usage (#138). --- easyrsa3/easyrsa | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index e004e2b..f73b375 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -572,7 +572,7 @@ sign_req() { # Randomize Serial number local i= serial= check_serial= for i in 1 2 3 4 5; do - "$EASYRSA_OPENSSL" rand -hex 16 -out "$EASYRSA_PKI/serial" + "$EASYRSA_OPENSSL" rand -hex -out "$EASYRSA_PKI/serial 16" serial="$(cat "$EASYRSA_PKI/serial")" check_serial="$("$EASYRSA_OPENSSL" ca -config "$EASYRSA_SSL_CONF" -status "$serial" 2>&1)" case "$check_serial" in ++++++ d20d2b3.patch ++++++ >From d20d2b3c06baed2fc4e098b12331fd203e723f91 Mon Sep 17 00:00:00 2001 From: Olav Reinert <[email protected]> Date: Thu, 27 Jul 2017 08:27:27 +0200 Subject: [PATCH] Update docs and examples to fit changes in 534f673 --- doc/EasyRSA-Advanced.md | 14 +++++++------- easyrsa3/vars.example | 17 ++++++++++++----- 2 files changed, 19 insertions(+), 12 deletions(-) diff --git a/doc/EasyRSA-Advanced.md b/doc/EasyRSA-Advanced.md index 1bd8c29..5bcd526 100644 --- a/doc/EasyRSA-Advanced.md +++ b/doc/EasyRSA-Advanced.md @@ -31,12 +31,12 @@ Configuration Reference The following locations are checked, in this order, for a vars file. Only the first one found is used: - 1. File referenced by the --vars CLI option + 1. The file referenced by the --vars CLI option 2. The file referenced by the env-var named `EASYRSA_VARS_FILE` - 3. The `EASYRSA_PKI` directory - 4. The default PKI directory at $PWD/pki (usually will be the same as above) - 4. The `EASYRSA` directory - 5. The location of the easyrsa program (usually will be the same as above) + 3. The directory referenced by the `EASYRSA_PKI` env-var + 4. The default PKI directory at $PWD/pki + 4. The directory referenced by the `EASYRSA` env-var + 5. The directory containing the easyrsa program Defining the env-var `EASYRSA_NO_VARS` will override the sourcing of the vars file in all cases, including defining it subsequently as a global option. @@ -78,10 +78,10 @@ Environmental Variables Reference A list of env-vars, any matching global option (CLI) to set/override it, and a possible terse description is shown below: - * `EASYRSA` - should point to the Easy-RSA top-level dir, normally $PWD + * `EASYRSA` - should point to the Easy-RSA top-level dir, where the easyrsa script is located. * `EASYRSA_OPENSSL` - command to invoke openssl * `EASYRSA_SSL_CONF` - the openssl config file to use - * `EASYRSA_PKI` (CLI: `--pki-dir`) - dir to use to hold all PKI-specific files, normally $PWD/pki. + * `EASYRSA_PKI` (CLI: `--pki-dir`) - dir to use to hold all PKI-specific files, defaults to $PWD/pki. * `EASYRSA_DN` (CLI: `--dn-mode`) - set to the string `cn_only` or `org` to alter the fields to include in the req DN * `EASYRSA_REQ_COUNTRY` (CLI: `--req-c`) - set the DN country with org mode diff --git a/easyrsa3/vars.example b/easyrsa3/vars.example index 2c444d8..c439cba 100644 --- a/easyrsa3/vars.example +++ b/easyrsa3/vars.example @@ -39,10 +39,15 @@ fi # DO YOUR EDITS BELOW THIS POINT -# This variable should point to the top level of the easy-rsa tree. By default, -# this is taken to be the directory you are currently in. +# This variable is used as the base location of configuration files needed by +# easyrsa. More specific variables for specific files (e.g., EASYRSA_SSL_CONF) +# may override this default. +# +# The default value of this variable is the location of the easyrsa script +# itself, which is also where the configuration files are located in the +# easy-rsa tree. -#set_var EASYRSA "$PWD" +#set_var EASYRSA "${0%/*}" # If your OpenSSL command is not in the system PATH, you will need to define the # path to it here. Normally this means a full path to the executable, otherwise @@ -57,12 +62,14 @@ fi # This sample is in Windows syntax -- edit it for your path if not using PATH: #set_var EASYRSA_OPENSSL "C:/Program Files/OpenSSL-Win32/bin/openssl.exe" -# Edit this variable to point to your soon-to-be-created key directory. +# Edit this variable to point to your soon-to-be-created key directory. By +# default, this will be "$PWD/pki" (i.e. the "pki" subdirectory of the +# directory you are currently in). # # WARNING: init-pki will do a rm -rf on this directory so make sure you define # it correctly! (Interactive mode will prompt before acting.) -#set_var EASYRSA_PKI "$EASYRSA/pki" +#set_var EASYRSA_PKI "$PWD/pki" # Define X509 DN mode. # This is used to adjust what elements are included in the Subject field as the DN ++++++ e9e8e27.patch ++++++ --- /var/tmp/diff_new_pack.GxWzqy/_old 2017-09-12 19:54:12.705058708 +0200 +++ /var/tmp/diff_new_pack.GxWzqy/_new 2017-09-12 19:54:12.709058146 +0200 @@ -1,8 +1,11 @@ -commit e9e8e272e0eb5225ecfb0d8a0953a5b480c5e85d -Author: Martin Schmitt <[email protected]> -Date: Fri Jun 30 17:04:31 2017 +0200 +From e9e8e272e0eb5225ecfb0d8a0953a5b480c5e85d Mon Sep 17 00:00:00 2001 +From: Martin Schmitt <[email protected]> +Date: Fri, 30 Jun 2017 17:04:31 +0200 +Subject: [PATCH] Moved @ValdikSS's serial randomization to sign_req - Moved @ValdikSS's serial randomization to sign_req +--- + easyrsa3/easyrsa | 23 ++++++++++++----------- + 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index f5ec797..cff63f2 100755 ++++++ easy-rsa-packaging.patch ++++++ --- /var/tmp/diff_new_pack.GxWzqy/_old 2017-09-12 19:54:12.721056459 +0200 +++ /var/tmp/diff_new_pack.GxWzqy/_new 2017-09-12 19:54:12.721056459 +0200 @@ -1,12 +1,36 @@ ---- easyrsa3/easyrsa.orig 2015-04-05 21:42:25.422949081 +0200 -+++ easyrsa3/easyrsa 2015-04-05 21:43:55.493395425 +0200 -@@ -972,6 +972,9 @@ - # command-line path: - if [ -f "$EASYRSA_VARS_FILE" ]; then - vars="$EASYRSA_VARS_FILE" -+ # packaging defaults -+ elif [ -f "/etc/easy-rsa/vars" ]; then -+ vars="/etc/easy-rsa/vars" - # EASYRSA_PKI, if defined: - elif [ -n "$EASYRSA_PKI" ] && [ -f "$EASYRSA_PKI/vars" ]; then - vars="$EASYRSA_PKI/vars" +*** easyrsa3/easyrsa.orig 2017-07-18 23:46:26.431057777 +0200 +--- easyrsa3/easyrsa 2017-07-19 05:24:59.583924924 +0200 +*************** +*** 1014,1020 **** + local vars= + + # set up program path +! local prog_vars="${0%/*}/vars" + # set up PKI path + local pki_vars="${EASYRSA_PKI:-$PWD/pki}/vars" + +--- 1014,1020 ---- + local vars= + + # set up program path +! local prog_vars="/etc/easy-rsa/vars" + # set up PKI path + local pki_vars="${EASYRSA_PKI:-$PWD/pki}/vars" + +*************** +*** 1041,1047 **** + fi + + # Set defaults, preferring existing env-vars if present +! set_var EASYRSA "${0%/*}" + set_var EASYRSA_OPENSSL openssl + set_var EASYRSA_PKI "$PWD/pki" + set_var EASYRSA_DN cn_only +--- 1041,1047 ---- + fi + + # Set defaults, preferring existing env-vars if present +! set_var EASYRSA "/etc/easy-rsa" + set_var EASYRSA_OPENSSL openssl + set_var EASYRSA_PKI "$PWD/pki" + set_var EASYRSA_DN cn_only
