/[smecontribs]/rpms/phpki-ng/contribs10/phpki-ng.spec
ViewVC logotype

Annotation of /rpms/phpki-ng/contribs10/phpki-ng.spec

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.16 - (hide annotations) (download)
Wed Dec 14 21:52:41 2022 UTC (23 months, 3 weeks ago) by jpp
Branch: MAIN
CVS Tags: phpki-ng-0_84-15_el7_sme
Changes since 1.15: +6 -1 lines
* Wed Dec 14 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.84-15.sme
- fix regex and potential code injection [SME: 12274]

1 jcrisp 1.1 # $Id: phpki-ng.spec,v 1.4 2018/11/17 13:20:42 jcrisp Exp $
2     # Authority: vip-ire
3     # Name: Daniel Berteaud
4    
5     %define name phpki-ng
6     %define version 0.84
7 jpp 1.16 %define release 15
8 jcrisp 1.1 Summary: Phpki is a simple certificate management suite
9     Name: %{name}
10     Version: %{version}
11     Release: %{release}%{?dist}
12     License: GNU GPL version 2
13     URL: http://sourceforge.net/projects/phpki/
14     Group: SMEserver/addon
15     #wget http://www.fooweb.com/downloads/foo-3.6.431.tar.gz
16     Source: %{name}-%{version}.tar.gz
17 jcrisp 1.2 Patch1: phpki-ng-0.84-fix-for-php74-code-tidy.patch
18 jcrisp 1.3 Patch2: phpki-ng-0.84-fix-pregmatch-revoke-certs.patch
19 jcrisp 1.4 Patch3: phpki-ng-0.84-fix-crl.patch
20 jcrisp 1.5 Patch4: phpki-ng-0.84-fix-missing-slash-certtype-detection.patch
21 jcrisp 1.7 Patch5: phpki-ng-0.84-fix-html-directory-check.patch
22 jcrisp 1.8 Patch6: phpki-ng-0.84-fix-download-cert.patch
23 jcrisp 1.12 Patch7: phpki-ng-0.84-fix-html-syntax-in-help.patch
24 jcrisp 1.13 Patch8: phpki-ng-0.84-fix-final-redirect.patch
25 jpp 1.15 Patch9: phpki-ng-bz12272-bz12273-crl-whitespacepass.patch
26 jpp 1.16 Patch10: phpki-ng-bz12274-regex-secu.patch
27 jcrisp 1.1
28     BuildArch: noarch
29     BuildRoot: /var/tmp/%{name}-%{version}
30    
31     BuildRequires: e-smith-devtools
32    
33 jcrisp 1.2 Requires: e-smith-release >= 10.0
34     Requires: php74-php-fpm
35 jcrisp 1.1 Requires: openssl
36     Requires: openvpn
37     Conflicts: phpki
38     AutoReqProv: no
39    
40     %description
41     http://sourceforge.net/projects/phpki/
42     https://github.com/radicand/phpki
43 jcrisp 1.2 https://github.com/reetp/phpki
44 jcrisp 1.1 PHPki is an Open Source Web application for managing a multi-agency PKI for HIPAA compliance.
45     With it, you may create and centrally manage X.509 certificates for use with S/MIME enabled
46     e-mail clients, SSL servers, and VPN applications.
47    
48     %changelog
49 jpp 1.16 * Wed Dec 14 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.84-15.sme
50     - fix regex and potential code injection [SME: 12274]
51    
52 jpp 1.15 * Wed Dec 14 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.84-14.sme
53     - add easy and safe access to crl download [SME: 12272]
54     - fix revoke certificate failing on whitespace pass [SME: 12273]
55     - fix missing default_md in config.php from previous versions [SME: 12267]
56     - updated scriptlet to ease backup and restore
57    
58     * Fri Nov 18 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.84-13.sme
59 jpp 1.14 - remove extra space in URL in search.php [SME: 12232]
60    
61 jcrisp 1.13 * Thu Sep 30 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-12.sme
62     - Attempt to fix the final reload after CA creation [SME: 11192]
63    
64 jcrisp 1.12 * Thu Aug 05 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-11.sme
65     - Fix html syntax error in help - Thanks Mauro De Carolis [SME: 11688]
66    
67     * Tue Apr 06 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-10.sme
68 jcrisp 1.11 - And tidy up the copying wording. [SME: 11192]
69     - Credit to Terry Fage for persisting with testing
70    
71 jcrisp 1.10 * Mon Apr 05 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-9.sme
72     - Really fix the copy this time [SME: 11192]
73    
74     * Sat Apr 03 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-8.sme
75     - copy phpki-store as a backup instead of move [SME: 11192]
76 jcrisp 1.9
77 jcrisp 1.8 * Thu Apr 01 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-7.sme
78     - Fix broken Download Certificate in Cert generation [SME: 11513]
79    
80 jcrisp 1.7 * Thu Mar 18 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-6.sme
81 jcrisp 1.10 - Update html header info [SME: 11192]
82 jcrisp 1.7 - Remove obsolete align
83     - Remove accidentally duplicated html
84     - Fix typo
85     - Fix directory check
86     - move function flush_exec to functions file
87    
88 jcrisp 1.5 * Tue Mar 09 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-5.sme
89     - Fix missing / [SME:11435]
90     - Update cert type detection for renew [SME: 11436]
91     - Code formatting
92    
93 jcrisp 1.4 * Mon Mar 08 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-4.sme
94     - Fix crl creation [SME: 11141]
95     - Extra notes in setup page
96    
97 jcrisp 1.3 * Mon Mar 08 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-3.sme
98     - Fix Typo in certificate password [SME: 11435]
99     - Fix typos and preg_match issues [SME: 11436]
100 jcrisp 1.4 - Add Certificate creation notification [SME: 11437]
101     - Bit of file formatting
102 jcrisp 1.3
103 jcrisp 1.4 * Wed Mar 03 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-2.sme
104 jcrisp 1.2 - Change version to 0.84
105     - Fix undefined constant errors [SME: 11397]
106     - fix tempdir [SME: 11398]
107     - update code to be PHP 7.4+ compliant
108     - format with CodeSniff to PSR2
109    
110 jcrisp 1.1 * Wed Apr 01 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-1.sme
111 jcrisp 1.2 - Rename to php-ng 0.84 [SME: 11192]
112 jcrisp 1.1 - Fix date sorting in certificates
113    
114     * Thu Mar 19 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-9.sme
115     - Update DH to 2048
116    
117     * Mon Mar 09 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-8.sme
118     - move warning and exit to %pre
119    
120     * Sat Mar 07 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-7.sme
121     - Lots of formatting - adding quotes to items and tidying up
122     - set default md to 512
123    
124     * Wed Mar 04 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-6.sme
125     - Fix renew-cert
126     - revert DH setup so you can see progress
127    
128     * Wed Mar 04 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-5.sme
129     - Fix create cert without password
130    
131     * Wed Mar 04 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-4.sme
132     - Fix openvpn error
133    
134     * Tue Mar 03 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-3.sme
135     - more fixes
136    
137     * Sat Feb 29 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-2.sme
138     - small fixes
139    
140     * Fri Feb 28 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-1.sme
141     - Update to 0.83
142    
143 jcrisp 1.2 * Sat Nov 17 2018 Terry Fage <tfage@yahoo.com.au> 0.82-19.sme
144 jcrisp 1.1 - Fix preg_match warnings [SME:10622]
145    
146     * Mon Oct 8 2018 Daniel B. <daniel@firewall-services.com> 0.82-18.sme
147     - Fix potential XSS with unsafe use of PHP_SELF [SME: 10626]
148    
149     * Thu Sep 6 2018 brian r. <brianr@bjsystems.co.uk> 0.82-17.sme
150     - Replace use of ereg by preg_replace as per deprecated in php 5.3 and removed in 7.0
151     - [SME: 10622]
152    
153     * Mon Dec 12 2011 Daniel B. <daniel@firewall-services.com> 0.82-16.sme
154     - Remove php-posix dependency (not available, nor needed on SME 7.x) [SME: 6805]
155    
156     * Wed Oct 26 2011 Daniel B. <daniel@firewall-services.com> 0.82-15.sme
157     - Requires php-posix
158    
159     * Wed Jun 29 2011 Daniel B. <daniel@firewall-services.com> 0.82-14.sme
160     - Don't check issuer (everyone allowed to access /ca can manage
161     all the certificates, access to /ca is controlled by apache)
162    
163     * Tue Mar 15 2011 Daniel B. <daniel@firewall-services.com> 0.82-13.sme
164     - Replace md5 with sha1 for signing
165    
166     * Fri May 28 2010 Daniel B. <daniel@firewall-services.com> [0.82-12]
167     - Weekly update the CRL via cron so MS Crypto API will be happy
168    
169     * Thu Mar 18 2010 Daniel B. <daniel@firewall-services.com> [0.82-11]
170     - Fixe empty password with PHP 5.2 (SME 8b5)
171    
172     * Wed Aug 26 2009 Daniel B. <daniel@firewall-services.com> [0.82-10]
173     - Fixe links for CA help page
174    
175     * Mon Mar 23 2009 Daniel B. <daniel@firewall-services.com> [0.82-9]
176     - Remove links after uninstall so you can easily re-install the contrib
177     later [SME: 5091]
178    
179     * Tue Mar 03 2009 Daniel B. <daniel@firewall-services.com> [0.82-8]
180     - Add e-smith-devtools as a dependencie
181    
182     * Tue Jan 20 2009 Daniel B. <daniel@firewall-services.com> [0.82-7]
183     - Don't replace config file on upgrades
184    
185     * Wed Jan 07 2009 Daniel B. <daniel@firewall-services.com> [0.82-6]
186     - Remove the email address from the file name during upload (in search page)
187     - Remove secure.sh script
188    
189     * Tue Dec 16 2008 Daniel B. <daniel@firewall-services.com> [0.82-5]
190     - Link index.php to setup-presetup.php
191    
192     * Mon Dec 08 2008 Daniel B. <daniel@firewall-services.com> [0.82-4]
193     - Changes so certificates imported from openvpn-bridge are recognized
194     - Configure default admin user to 'admin'
195     - Create a static key for OpenVPN TLS auth (requires openvpn)
196     - Add expirey values (3 Months, 6 Months)
197     - Display or download takey.pem and dhparam1024.pem from
198     the certificate management menue
199     - Display the Root certificate in PEM format
200     - Possibility to download the CRL in PEM format
201     - Remove the email address from the file name during upload
202     - Disable download of certificate after creating a new one
203     - Remove security warning after setup
204    
205     * Fri Dec 05 2008 Daniel B. <daniel@firewall-services.com> [0.82-3]
206     - Correct extension name for email_signing certificates
207     - Remove links, and recreate them in the %post section so upgrade can be done smoothly
208    
209     * Wed Nov 26 2008 Daniel B. <daniel@firewall-services.com> [0.82-0]
210     - initial release
211     - builds from unchanged .tar.gz
212    
213     %prep
214     %setup -c -n %{name}
215 jcrisp 1.2 %patch1 -p1
216 jcrisp 1.3 %patch2 -p1
217 jcrisp 1.4 %patch3 -p1
218 jcrisp 1.5 %patch4 -p1
219 jcrisp 1.7 %patch5 -p1
220 jcrisp 1.8 %patch6 -p1
221 jcrisp 1.12 %patch7 -p1
222 jcrisp 1.13 %patch8 -p1
223 jpp 1.15 %patch9 -p1
224 jpp 1.16 %patch10 -p1
225 jcrisp 1.1
226     %build
227     %{__mkdir_p} root/opt/phpki/html
228     %{__mkdir_p} root/opt/phpki/phpki-store
229     %{__mkdir_p} root/opt/phpki/bin
230     %{__mkdir_p} root/%{_sysconfdir}/cron.weekly/
231     %{__mv} %{name}-%{version}/gen_crl.php root/opt/phpki/bin/
232     %{__mv} %{name}-%{version}/* root/opt/phpki/html/
233    
234    
235     cat <<"HERE" > root/%{_sysconfdir}/cron.weekly/phpki_update_crl
236     #!/bin/bash
237    
238     cd /opt/phpki/bin
239 jcrisp 1.2 /usr/bin/php74 ./gen_crl.php 2>&1 > /dev/null
240 jcrisp 1.1
241     HERE
242    
243    
244     # Remove links to setup page so upgrades can be done smoothly
245     %{__rm} -f root/opt/phpki/html/index.php
246     %{__rm} -f root/opt/phpki/html/ca/index.php
247     %{__rm} -f root/opt/phpki/html/setup.php
248    
249     # This script shouldn't be here
250     %{__rm} -f root/opt/phpki/html/secure.sh
251    
252    
253     %install
254     rm -rf $RPM_BUILD_ROOT
255     (cd root ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT)
256     rm -f %{name}-%{version}-filelist
257     /sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
258     --file '/opt/phpki/html/config.php' 'attr(660,root,phpki) %config(noreplace)' \
259     --file '/opt/phpki/html/openssl.cnf' 'attr(660,root,phpki) %config(noreplace)' \
260     --file '%{_sysconfdir}/cron.weekly/phpki_update_crl' 'attr(744,root,root)' \
261     --dir '/opt/phpki/html' 'attr(770,root,phpki)' \
262     --dir '/opt/phpki/html/ca' 'attr(770,root,phpki)' \
263     --dir '/opt/phpki/phpki-store' 'attr(750,phpki,phpki)' \
264     > %{name}-%{version}-filelist
265    
266     %files -f %{name}-%{version}-filelist
267     %defattr(-,root,root)
268    
269     %clean
270     cd ..
271     rm -rf $RPM_BUILD_ROOT
272    
273     %pre
274     echo "******************************************************"
275     echo "* "
276     echo "* !!! IMPORTANT - READ THIS NOW !!! "
277     echo "* "
278     echo "******************************************************"
279     echo "* This contrib now has higher levels of encryption"
280     echo "* "
281     echo "* We cannot upgrade your existing certificates"
282 jpp 1.15 echo "* existing certificates from SME9 or below have either "
283     echo "* md5WithRSAEncryption sha1WithRSAEncryption"
284     echo "* as Signature Algorithm (weak)."
285     echo "* only way to update to sha256 or sha512 is to "
286     echo "* start from scratch."
287 jcrisp 1.1 echo "* "
288 jcrisp 1.9 echo "* If you have existing certificates you want to use"
289     echo "* then start with a new CA, backup up, and then restore"
290     echo "* your phpki-store directory in /opt/phpki"
291 jcrisp 1.1 echo "* "
292     echo "******************************************************"
293     echo ""
294    
295     if [ -d /opt/phpki/phpki-store ] ; then
296     echo "Backing up your /opt/phpki/phpki-store"
297 jpp 1.15 today=$(date "+%Y%m%d%H%M")
298     echo "Copying from /opt/phpki/phpki-store to /opt/phpki/phpki-store.$today"
299     /bin/cp -pr /opt/phpki/phpki-store "/opt/phpki/phpki-store.$today"
300     echo "Directory copied... continuing to install"
301     # fix missing md_default
302     if ( grep default_md /opt/phpki/phpki-store/config/config.php -q ); then
303     echo "md_default OK"
304     else
305     echo "default_md missing in /opt/phpki/phpki-store/config/config.php"
306     echo "getting value from /opt/phpki/phpki-store/config/openssl.cnf"
307     # it could ba acceptable to hash sha256 a certificate from a root with sha1.
308     defaultmd=$(awk '/^default_md/{print $NF}' /opt/phpki/phpki-store/config/openssl.cnf || echo "sha512")
309     echo "inserting $defaultmd default_md at end of /opt/phpki/phpki-store/config/config.php"
310     sed -i '/\?>/i \
311     # Define default md \
312     \$config['default_md'] = "'$defaultmd'";' /opt/phpki/phpki-store/config/config.php
313     echo "Done... continuing to install"
314     fi
315 jcrisp 1.1 else
316 jpp 1.15 echo "No directory detected... continuing to install"
317 jcrisp 1.1 fi
318    
319 jcrisp 1.11
320 jcrisp 1.1
321     if ! /usr/bin/id phpki &>/dev/null; then
322 jpp 1.15 echo "Creating phpki user"
323     /usr/sbin/useradd -c 'Phpki User' -s /sbin/nologin -r -d /opt/phpki/phpki-store phpki &>/dev/null || \
324 jcrisp 1.1 %logmsg "Unexpected error adding user \"phpki\". Abort installation."
325     fi
326    
327     %preun
328    
329    
330     %post
331     # First install, point index.php to setup.php
332     if [ $1 == 1 ]; then
333 jpp 1.15 #do not do if there is already a CA (restore from backup))
334     if [ ! -f /opt/phpki/phpki-store/config/config.php ] ; then
335 jcrisp 1.1 %{__ln_s} /opt/phpki/html/setup.php-presetup /opt/phpki/html/index.php
336     %{__ln_s} /opt/phpki/html/setup.php-presetup /opt/phpki/html/setup.php
337 jpp 1.15 fi
338     echo "<?php
339 jcrisp 1.1 header(\"Location: ./../index.php\");
340     ?>
341     " > /opt/phpki/html/ca/index.php
342     fi
343    
344    
345     %postun
346     # Remove the links to index.php after uninstall
347     if [ $1 == 0 ]; then
348     %{__rm} -f /opt/phpki/html/index.php
349     %{__rm} -f /opt/phpki/html/setup.php
350     %{__rm} -f /opt/phpki/html/ca/index.php
351     fi
352    
353     true

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed