/[smecontribs]/rpms/phpki-ng/contribs10/phpki-ng.spec
ViewVC logotype

Annotation of /rpms/phpki-ng/contribs10/phpki-ng.spec

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.15 - (hide annotations) (download)
Wed Dec 14 18:32:49 2022 UTC (23 months, 3 weeks ago) by jpp
Branch: MAIN
CVS Tags: phpki-ng-0_84-14_el7_sme
Changes since 1.14: +40 -13 lines
* Wed Dec 14 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.84-14.sme
- add easy and safe access to crl download [SME: 12272]
- fix revoke certificate failing on whitespace pass [SME: 12273]
- fix missing default_md in config.php from previous versions [SME: 12267]
- updated scriptlet to ease backup and restore

1 jcrisp 1.1 # $Id: phpki-ng.spec,v 1.4 2018/11/17 13:20:42 jcrisp Exp $
2     # Authority: vip-ire
3     # Name: Daniel Berteaud
4    
5     %define name phpki-ng
6     %define version 0.84
7 jpp 1.15 %define release 14
8 jcrisp 1.1 Summary: Phpki is a simple certificate management suite
9     Name: %{name}
10     Version: %{version}
11     Release: %{release}%{?dist}
12     License: GNU GPL version 2
13     URL: http://sourceforge.net/projects/phpki/
14     Group: SMEserver/addon
15     #wget http://www.fooweb.com/downloads/foo-3.6.431.tar.gz
16     Source: %{name}-%{version}.tar.gz
17 jcrisp 1.2 Patch1: phpki-ng-0.84-fix-for-php74-code-tidy.patch
18 jcrisp 1.3 Patch2: phpki-ng-0.84-fix-pregmatch-revoke-certs.patch
19 jcrisp 1.4 Patch3: phpki-ng-0.84-fix-crl.patch
20 jcrisp 1.5 Patch4: phpki-ng-0.84-fix-missing-slash-certtype-detection.patch
21 jcrisp 1.7 Patch5: phpki-ng-0.84-fix-html-directory-check.patch
22 jcrisp 1.8 Patch6: phpki-ng-0.84-fix-download-cert.patch
23 jcrisp 1.12 Patch7: phpki-ng-0.84-fix-html-syntax-in-help.patch
24 jcrisp 1.13 Patch8: phpki-ng-0.84-fix-final-redirect.patch
25 jpp 1.15 Patch9: phpki-ng-bz12272-bz12273-crl-whitespacepass.patch
26 jcrisp 1.1
27     BuildArch: noarch
28     BuildRoot: /var/tmp/%{name}-%{version}
29    
30     BuildRequires: e-smith-devtools
31    
32 jcrisp 1.2 Requires: e-smith-release >= 10.0
33     Requires: php74-php-fpm
34 jcrisp 1.1 Requires: openssl
35     Requires: openvpn
36     Conflicts: phpki
37     AutoReqProv: no
38    
39     %description
40     http://sourceforge.net/projects/phpki/
41     https://github.com/radicand/phpki
42 jcrisp 1.2 https://github.com/reetp/phpki
43 jcrisp 1.1 PHPki is an Open Source Web application for managing a multi-agency PKI for HIPAA compliance.
44     With it, you may create and centrally manage X.509 certificates for use with S/MIME enabled
45     e-mail clients, SSL servers, and VPN applications.
46    
47     %changelog
48 jpp 1.15 * Wed Dec 14 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.84-14.sme
49     - add easy and safe access to crl download [SME: 12272]
50     - fix revoke certificate failing on whitespace pass [SME: 12273]
51     - fix missing default_md in config.php from previous versions [SME: 12267]
52     - updated scriptlet to ease backup and restore
53    
54     * Fri Nov 18 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.84-13.sme
55 jpp 1.14 - remove extra space in URL in search.php [SME: 12232]
56    
57 jcrisp 1.13 * Thu Sep 30 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-12.sme
58     - Attempt to fix the final reload after CA creation [SME: 11192]
59    
60 jcrisp 1.12 * Thu Aug 05 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-11.sme
61     - Fix html syntax error in help - Thanks Mauro De Carolis [SME: 11688]
62    
63     * Tue Apr 06 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-10.sme
64 jcrisp 1.11 - And tidy up the copying wording. [SME: 11192]
65     - Credit to Terry Fage for persisting with testing
66    
67 jcrisp 1.10 * Mon Apr 05 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-9.sme
68     - Really fix the copy this time [SME: 11192]
69    
70     * Sat Apr 03 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-8.sme
71     - copy phpki-store as a backup instead of move [SME: 11192]
72 jcrisp 1.9
73 jcrisp 1.8 * Thu Apr 01 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-7.sme
74     - Fix broken Download Certificate in Cert generation [SME: 11513]
75    
76 jcrisp 1.7 * Thu Mar 18 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-6.sme
77 jcrisp 1.10 - Update html header info [SME: 11192]
78 jcrisp 1.7 - Remove obsolete align
79     - Remove accidentally duplicated html
80     - Fix typo
81     - Fix directory check
82     - move function flush_exec to functions file
83    
84 jcrisp 1.5 * Tue Mar 09 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-5.sme
85     - Fix missing / [SME:11435]
86     - Update cert type detection for renew [SME: 11436]
87     - Code formatting
88    
89 jcrisp 1.4 * Mon Mar 08 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-4.sme
90     - Fix crl creation [SME: 11141]
91     - Extra notes in setup page
92    
93 jcrisp 1.3 * Mon Mar 08 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-3.sme
94     - Fix Typo in certificate password [SME: 11435]
95     - Fix typos and preg_match issues [SME: 11436]
96 jcrisp 1.4 - Add Certificate creation notification [SME: 11437]
97     - Bit of file formatting
98 jcrisp 1.3
99 jcrisp 1.4 * Wed Mar 03 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-2.sme
100 jcrisp 1.2 - Change version to 0.84
101     - Fix undefined constant errors [SME: 11397]
102     - fix tempdir [SME: 11398]
103     - update code to be PHP 7.4+ compliant
104     - format with CodeSniff to PSR2
105    
106 jcrisp 1.1 * Wed Apr 01 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-1.sme
107 jcrisp 1.2 - Rename to php-ng 0.84 [SME: 11192]
108 jcrisp 1.1 - Fix date sorting in certificates
109    
110     * Thu Mar 19 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-9.sme
111     - Update DH to 2048
112    
113     * Mon Mar 09 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-8.sme
114     - move warning and exit to %pre
115    
116     * Sat Mar 07 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-7.sme
117     - Lots of formatting - adding quotes to items and tidying up
118     - set default md to 512
119    
120     * Wed Mar 04 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-6.sme
121     - Fix renew-cert
122     - revert DH setup so you can see progress
123    
124     * Wed Mar 04 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-5.sme
125     - Fix create cert without password
126    
127     * Wed Mar 04 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-4.sme
128     - Fix openvpn error
129    
130     * Tue Mar 03 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-3.sme
131     - more fixes
132    
133     * Sat Feb 29 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-2.sme
134     - small fixes
135    
136     * Fri Feb 28 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-1.sme
137     - Update to 0.83
138    
139 jcrisp 1.2 * Sat Nov 17 2018 Terry Fage <tfage@yahoo.com.au> 0.82-19.sme
140 jcrisp 1.1 - Fix preg_match warnings [SME:10622]
141    
142     * Mon Oct 8 2018 Daniel B. <daniel@firewall-services.com> 0.82-18.sme
143     - Fix potential XSS with unsafe use of PHP_SELF [SME: 10626]
144    
145     * Thu Sep 6 2018 brian r. <brianr@bjsystems.co.uk> 0.82-17.sme
146     - Replace use of ereg by preg_replace as per deprecated in php 5.3 and removed in 7.0
147     - [SME: 10622]
148    
149     * Mon Dec 12 2011 Daniel B. <daniel@firewall-services.com> 0.82-16.sme
150     - Remove php-posix dependency (not available, nor needed on SME 7.x) [SME: 6805]
151    
152     * Wed Oct 26 2011 Daniel B. <daniel@firewall-services.com> 0.82-15.sme
153     - Requires php-posix
154    
155     * Wed Jun 29 2011 Daniel B. <daniel@firewall-services.com> 0.82-14.sme
156     - Don't check issuer (everyone allowed to access /ca can manage
157     all the certificates, access to /ca is controlled by apache)
158    
159     * Tue Mar 15 2011 Daniel B. <daniel@firewall-services.com> 0.82-13.sme
160     - Replace md5 with sha1 for signing
161    
162     * Fri May 28 2010 Daniel B. <daniel@firewall-services.com> [0.82-12]
163     - Weekly update the CRL via cron so MS Crypto API will be happy
164    
165     * Thu Mar 18 2010 Daniel B. <daniel@firewall-services.com> [0.82-11]
166     - Fixe empty password with PHP 5.2 (SME 8b5)
167    
168     * Wed Aug 26 2009 Daniel B. <daniel@firewall-services.com> [0.82-10]
169     - Fixe links for CA help page
170    
171     * Mon Mar 23 2009 Daniel B. <daniel@firewall-services.com> [0.82-9]
172     - Remove links after uninstall so you can easily re-install the contrib
173     later [SME: 5091]
174    
175     * Tue Mar 03 2009 Daniel B. <daniel@firewall-services.com> [0.82-8]
176     - Add e-smith-devtools as a dependencie
177    
178     * Tue Jan 20 2009 Daniel B. <daniel@firewall-services.com> [0.82-7]
179     - Don't replace config file on upgrades
180    
181     * Wed Jan 07 2009 Daniel B. <daniel@firewall-services.com> [0.82-6]
182     - Remove the email address from the file name during upload (in search page)
183     - Remove secure.sh script
184    
185     * Tue Dec 16 2008 Daniel B. <daniel@firewall-services.com> [0.82-5]
186     - Link index.php to setup-presetup.php
187    
188     * Mon Dec 08 2008 Daniel B. <daniel@firewall-services.com> [0.82-4]
189     - Changes so certificates imported from openvpn-bridge are recognized
190     - Configure default admin user to 'admin'
191     - Create a static key for OpenVPN TLS auth (requires openvpn)
192     - Add expirey values (3 Months, 6 Months)
193     - Display or download takey.pem and dhparam1024.pem from
194     the certificate management menue
195     - Display the Root certificate in PEM format
196     - Possibility to download the CRL in PEM format
197     - Remove the email address from the file name during upload
198     - Disable download of certificate after creating a new one
199     - Remove security warning after setup
200    
201     * Fri Dec 05 2008 Daniel B. <daniel@firewall-services.com> [0.82-3]
202     - Correct extension name for email_signing certificates
203     - Remove links, and recreate them in the %post section so upgrade can be done smoothly
204    
205     * Wed Nov 26 2008 Daniel B. <daniel@firewall-services.com> [0.82-0]
206     - initial release
207     - builds from unchanged .tar.gz
208    
209     %prep
210     %setup -c -n %{name}
211 jcrisp 1.2 %patch1 -p1
212 jcrisp 1.3 %patch2 -p1
213 jcrisp 1.4 %patch3 -p1
214 jcrisp 1.5 %patch4 -p1
215 jcrisp 1.7 %patch5 -p1
216 jcrisp 1.8 %patch6 -p1
217 jcrisp 1.12 %patch7 -p1
218 jcrisp 1.13 %patch8 -p1
219 jpp 1.15 %patch9 -p1
220 jcrisp 1.1
221     %build
222     %{__mkdir_p} root/opt/phpki/html
223     %{__mkdir_p} root/opt/phpki/phpki-store
224     %{__mkdir_p} root/opt/phpki/bin
225     %{__mkdir_p} root/%{_sysconfdir}/cron.weekly/
226     %{__mv} %{name}-%{version}/gen_crl.php root/opt/phpki/bin/
227     %{__mv} %{name}-%{version}/* root/opt/phpki/html/
228    
229    
230     cat <<"HERE" > root/%{_sysconfdir}/cron.weekly/phpki_update_crl
231     #!/bin/bash
232    
233     cd /opt/phpki/bin
234 jcrisp 1.2 /usr/bin/php74 ./gen_crl.php 2>&1 > /dev/null
235 jcrisp 1.1
236     HERE
237    
238    
239     # Remove links to setup page so upgrades can be done smoothly
240     %{__rm} -f root/opt/phpki/html/index.php
241     %{__rm} -f root/opt/phpki/html/ca/index.php
242     %{__rm} -f root/opt/phpki/html/setup.php
243    
244     # This script shouldn't be here
245     %{__rm} -f root/opt/phpki/html/secure.sh
246    
247    
248     %install
249     rm -rf $RPM_BUILD_ROOT
250     (cd root ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT)
251     rm -f %{name}-%{version}-filelist
252     /sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
253     --file '/opt/phpki/html/config.php' 'attr(660,root,phpki) %config(noreplace)' \
254     --file '/opt/phpki/html/openssl.cnf' 'attr(660,root,phpki) %config(noreplace)' \
255     --file '%{_sysconfdir}/cron.weekly/phpki_update_crl' 'attr(744,root,root)' \
256     --dir '/opt/phpki/html' 'attr(770,root,phpki)' \
257     --dir '/opt/phpki/html/ca' 'attr(770,root,phpki)' \
258     --dir '/opt/phpki/phpki-store' 'attr(750,phpki,phpki)' \
259     > %{name}-%{version}-filelist
260    
261     %files -f %{name}-%{version}-filelist
262     %defattr(-,root,root)
263    
264     %clean
265     cd ..
266     rm -rf $RPM_BUILD_ROOT
267    
268     %pre
269     echo "******************************************************"
270     echo "* "
271     echo "* !!! IMPORTANT - READ THIS NOW !!! "
272     echo "* "
273     echo "******************************************************"
274     echo "* This contrib now has higher levels of encryption"
275     echo "* "
276     echo "* We cannot upgrade your existing certificates"
277 jpp 1.15 echo "* existing certificates from SME9 or below have either "
278     echo "* md5WithRSAEncryption sha1WithRSAEncryption"
279     echo "* as Signature Algorithm (weak)."
280     echo "* only way to update to sha256 or sha512 is to "
281     echo "* start from scratch."
282 jcrisp 1.1 echo "* "
283 jcrisp 1.9 echo "* If you have existing certificates you want to use"
284     echo "* then start with a new CA, backup up, and then restore"
285     echo "* your phpki-store directory in /opt/phpki"
286 jcrisp 1.1 echo "* "
287     echo "******************************************************"
288     echo ""
289    
290     if [ -d /opt/phpki/phpki-store ] ; then
291     echo "Backing up your /opt/phpki/phpki-store"
292 jpp 1.15 today=$(date "+%Y%m%d%H%M")
293     echo "Copying from /opt/phpki/phpki-store to /opt/phpki/phpki-store.$today"
294     /bin/cp -pr /opt/phpki/phpki-store "/opt/phpki/phpki-store.$today"
295     echo "Directory copied... continuing to install"
296     # fix missing md_default
297     if ( grep default_md /opt/phpki/phpki-store/config/config.php -q ); then
298     echo "md_default OK"
299     else
300     echo "default_md missing in /opt/phpki/phpki-store/config/config.php"
301     echo "getting value from /opt/phpki/phpki-store/config/openssl.cnf"
302     # it could ba acceptable to hash sha256 a certificate from a root with sha1.
303     defaultmd=$(awk '/^default_md/{print $NF}' /opt/phpki/phpki-store/config/openssl.cnf || echo "sha512")
304     echo "inserting $defaultmd default_md at end of /opt/phpki/phpki-store/config/config.php"
305     sed -i '/\?>/i \
306     # Define default md \
307     \$config['default_md'] = "'$defaultmd'";' /opt/phpki/phpki-store/config/config.php
308     echo "Done... continuing to install"
309     fi
310 jcrisp 1.1 else
311 jpp 1.15 echo "No directory detected... continuing to install"
312 jcrisp 1.1 fi
313    
314 jcrisp 1.11
315 jcrisp 1.1
316     if ! /usr/bin/id phpki &>/dev/null; then
317 jpp 1.15 echo "Creating phpki user"
318     /usr/sbin/useradd -c 'Phpki User' -s /sbin/nologin -r -d /opt/phpki/phpki-store phpki &>/dev/null || \
319 jcrisp 1.1 %logmsg "Unexpected error adding user \"phpki\". Abort installation."
320     fi
321    
322     %preun
323    
324    
325     %post
326     # First install, point index.php to setup.php
327     if [ $1 == 1 ]; then
328 jpp 1.15 #do not do if there is already a CA (restore from backup))
329     if [ ! -f /opt/phpki/phpki-store/config/config.php ] ; then
330 jcrisp 1.1 %{__ln_s} /opt/phpki/html/setup.php-presetup /opt/phpki/html/index.php
331     %{__ln_s} /opt/phpki/html/setup.php-presetup /opt/phpki/html/setup.php
332 jpp 1.15 fi
333     echo "<?php
334 jcrisp 1.1 header(\"Location: ./../index.php\");
335     ?>
336     " > /opt/phpki/html/ca/index.php
337     fi
338    
339    
340     %postun
341     # Remove the links to index.php after uninstall
342     if [ $1 == 0 ]; then
343     %{__rm} -f /opt/phpki/html/index.php
344     %{__rm} -f /opt/phpki/html/setup.php
345     %{__rm} -f /opt/phpki/html/ca/index.php
346     fi
347    
348     true

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed