phpki-ng/contribs10/phpki-ng.spec

# $Id: phpki-ng.spec,v 1.4 2018/11/17 13:20:42 jcrisp Exp $
# Authority: vip-ire
# Name: Daniel Berteaud

%define         name phpki-ng
%define         version 0.84
%define         release 16
Summary:        Phpki is a simple certificate management suite
Name:           %{name}
Version:        %{version}
Release:        %{release}%{?dist}
License:        GNU GPL version 2
URL:            http://sourceforge.net/projects/phpki/
Group:          SMEserver/addon
#wget           http://www.fooweb.com/downloads/foo-3.6.431.tar.gz
Source:         %{name}-%{version}.tar.gz
Patch1:         phpki-ng-0.84-fix-for-php74-code-tidy.patch
Patch2:         phpki-ng-0.84-fix-pregmatch-revoke-certs.patch
Patch3:         phpki-ng-0.84-fix-crl.patch
Patch4:         phpki-ng-0.84-fix-missing-slash-certtype-detection.patch
Patch5:         phpki-ng-0.84-fix-html-directory-check.patch
Patch6:         phpki-ng-0.84-fix-download-cert.patch
Patch7:         phpki-ng-0.84-fix-html-syntax-in-help.patch
Patch8:         phpki-ng-0.84-fix-final-redirect.patch
Patch9:         phpki-ng-bz12272-bz12273-crl-whitespacepass.patch
Patch10:        phpki-ng-bz12274-regex-secu.patch

BuildArch:      noarch
BuildRoot:      /var/tmp/%{name}-%{version}

BuildRequires:  e-smith-devtools

Requires:       e-smith-release >= 10.0
Requires:       php74-php-fpm
Requires:       openssl
Requires:       openvpn
Conflicts:      phpki
AutoReqProv:    no

%description
http://sourceforge.net/projects/phpki/
https://github.com/radicand/phpki
https://github.com/reetp/phpki
PHPki is an Open Source Web application for managing a multi-agency PKI for HIPAA compliance.
With it, you may create and centrally manage X.509 certificates for use with S/MIME enabled 
e-mail clients, SSL servers, and VPN applications.

%changelog
* Sat Dec 17 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.84-16.sme
- add dl_crl_pem.php [SME: 12272]

* Wed Dec 14 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.84-15.sme
- fix regex and potential code injection [SME: 12274]

* Wed Dec 14 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.84-14.sme
- add easy and safe access to crl download [SME: 12272]
- fix revoke certificate failing on whitespace pass [SME: 12273]
- fix missing default_md in config.php from previous versions [SME: 12267]
- updated scriptlet to ease backup and restore

* Fri Nov 18 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.84-13.sme
- remove extra space in URL in search.php [SME: 12232]

* Thu Sep 30 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-12.sme
- Attempt to fix the final reload after CA creation [SME: 11192]

* Thu Aug 05 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-11.sme
- Fix html syntax error in help - Thanks Mauro De Carolis [SME: 11688]

* Tue Apr 06 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-10.sme
- And tidy up the copying wording. [SME: 11192]
- Credit to Terry Fage for persisting with testing

* Mon Apr 05 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-9.sme
- Really fix the copy this time [SME: 11192]

* Sat Apr 03 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-8.sme
- copy phpki-store as a backup instead of move [SME: 11192]

* Thu Apr 01 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-7.sme
- Fix broken Download Certificate in Cert generation [SME: 11513]

* Thu Mar 18 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-6.sme
- Update html header info [SME: 11192]
- Remove obsolete align
- Remove accidentally duplicated html
- Fix typo
- Fix directory check
- move function flush_exec to functions file

* Tue Mar 09 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-5.sme
- Fix missing / [SME:11435]
- Update cert type detection for renew [SME: 11436]
- Code formatting

* Mon Mar 08 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-4.sme
- Fix crl creation [SME: 11141]
- Extra notes in setup page

* Mon Mar 08 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-3.sme
- Fix Typo in certificate password [SME: 11435]
- Fix typos and preg_match issues [SME: 11436]
- Add Certificate creation notification [SME: 11437]
- Bit of file formatting

* Wed Mar 03 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-2.sme
- Change version to 0.84
- Fix undefined constant errors [SME: 11397]
- fix tempdir [SME: 11398]
- update code to be PHP 7.4+ compliant
- format with CodeSniff to PSR2

* Wed Apr 01 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-1.sme
- Rename to php-ng 0.84 [SME: 11192]
- Fix date sorting in certificates

* Thu Mar 19 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-9.sme
- Update DH to 2048

* Mon Mar 09 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-8.sme
- move warning and exit to %pre

* Sat Mar 07 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-7.sme
- Lots of formatting - adding quotes to items and tidying up
- set default md to 512

* Wed Mar 04 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-6.sme
- Fix renew-cert
- revert DH setup so you can see progress

* Wed Mar 04 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-5.sme
- Fix create cert without password

* Wed Mar 04 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-4.sme
- Fix openvpn error

* Tue Mar 03 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-3.sme
- more fixes

* Sat Feb 29 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-2.sme
- small fixes

* Fri Feb 28 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-1.sme
- Update to 0.83 

* Sat Nov 17 2018 Terry Fage <tfage@yahoo.com.au> 0.82-19.sme
- Fix preg_match warnings [SME:10622]

* Mon Oct 8 2018 Daniel B. <daniel@firewall-services.com> 0.82-18.sme
- Fix potential XSS with unsafe use of PHP_SELF [SME: 10626]

* Thu Sep 6 2018 brian r. <brianr@bjsystems.co.uk> 0.82-17.sme
- Replace use of ereg by preg_replace as per deprecated in php 5.3 and removed in 7.0
- [SME: 10622]

* Mon Dec 12 2011 Daniel B. <daniel@firewall-services.com> 0.82-16.sme
- Remove php-posix dependency (not available, nor needed on SME 7.x) [SME: 6805]

* Wed Oct 26 2011 Daniel B. <daniel@firewall-services.com> 0.82-15.sme
- Requires php-posix

* Wed Jun 29 2011 Daniel B. <daniel@firewall-services.com> 0.82-14.sme
- Don't check issuer (everyone allowed to access /ca can manage
  all the certificates, access to /ca is controlled by apache)

* Tue Mar 15 2011 Daniel B. <daniel@firewall-services.com> 0.82-13.sme
- Replace md5 with sha1 for signing

* Fri May 28 2010 Daniel B. <daniel@firewall-services.com> [0.82-12]
- Weekly update the CRL via cron so MS Crypto API will be happy

* Thu Mar 18 2010 Daniel B. <daniel@firewall-services.com> [0.82-11]
- Fixe empty password with PHP 5.2 (SME 8b5)

* Wed Aug 26 2009 Daniel B. <daniel@firewall-services.com> [0.82-10]
- Fixe links for CA help page

* Mon Mar 23 2009 Daniel B. <daniel@firewall-services.com> [0.82-9]
- Remove links after uninstall so you can easily re-install the contrib
  later [SME: 5091]

* Tue Mar 03 2009 Daniel B. <daniel@firewall-services.com> [0.82-8]
- Add e-smith-devtools as a dependencie

* Tue Jan 20 2009 Daniel B. <daniel@firewall-services.com> [0.82-7]
- Don't replace config file on upgrades

* Wed Jan 07 2009 Daniel B. <daniel@firewall-services.com> [0.82-6]
- Remove the email address from the file name during upload (in search page)
- Remove secure.sh script

* Tue Dec 16 2008 Daniel B. <daniel@firewall-services.com> [0.82-5]
- Link index.php to setup-presetup.php

* Mon Dec 08 2008 Daniel B. <daniel@firewall-services.com> [0.82-4]
- Changes so certificates imported from openvpn-bridge are recognized
- Configure default admin user to 'admin'
- Create a static key for OpenVPN TLS auth (requires openvpn)
- Add expirey values (3 Months, 6 Months)
- Display or download takey.pem and dhparam1024.pem from 
  the certificate management menue
- Display the Root certificate in PEM format
- Possibility to download the CRL in PEM format
- Remove the email address from the file name during upload
- Disable download of certificate after creating a new one
- Remove security warning after setup

* Fri Dec 05 2008 Daniel B. <daniel@firewall-services.com> [0.82-3]
- Correct extension name for email_signing certificates
- Remove links, and recreate them in the %post section so upgrade can be done smoothly

* Wed Nov 26 2008 Daniel B. <daniel@firewall-services.com> [0.82-0]
- initial release
- builds from unchanged .tar.gz

%prep
%setup  -c -n %{name}
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1

%build
%{__mkdir_p} root/opt/phpki/html
%{__mkdir_p} root/opt/phpki/phpki-store
%{__mkdir_p} root/opt/phpki/bin
%{__mkdir_p} root/%{_sysconfdir}/cron.weekly/
%{__mv} %{name}-%{version}/gen_crl.php root/opt/phpki/bin/
%{__mv} %{name}-%{version}/* root/opt/phpki/html/


cat <<"HERE" > root/%{_sysconfdir}/cron.weekly/phpki_update_crl
#!/bin/bash

cd /opt/phpki/bin
/usr/bin/php74 ./gen_crl.php 2>&1 > /dev/null

HERE


# Remove links to setup page so upgrades can be done smoothly
%{__rm} -f root/opt/phpki/html/index.php
%{__rm} -f root/opt/phpki/html/ca/index.php
%{__rm} -f root/opt/phpki/html/setup.php

# This script shouldn't be here
%{__rm} -f root/opt/phpki/html/secure.sh


%install
rm -rf $RPM_BUILD_ROOT
(cd root   ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT)
rm -f %{name}-%{version}-filelist
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
   --file '/opt/phpki/html/config.php' 'attr(660,root,phpki) %config(noreplace)' \
   --file '/opt/phpki/html/openssl.cnf' 'attr(660,root,phpki) %config(noreplace)' \
   --file '%{_sysconfdir}/cron.weekly/phpki_update_crl' 'attr(744,root,root)' \
   --dir  '/opt/phpki/html' 'attr(770,root,phpki)' \
   --dir  '/opt/phpki/html/ca' 'attr(770,root,phpki)' \
   --dir  '/opt/phpki/phpki-store' 'attr(750,phpki,phpki)' \
    > %{name}-%{version}-filelist

%files -f %{name}-%{version}-filelist
%defattr(-,root,root)

%clean
cd ..
rm -rf $RPM_BUILD_ROOT

%pre
if ! /usr/bin/id phpki &>/dev/null; then
  echo "Creating phpki user"
  /usr/sbin/useradd -c 'Phpki User' -s /sbin/nologin -r -d /opt/phpki/phpki-store phpki &>/dev/null || \
                %logmsg "Unexpected error adding user \"phpki\". Abort installation."
fi

echo "******************************************************"
echo "* "
echo "*       !!! IMPORTANT - READ THIS NOW !!! "
echo "* "
echo "******************************************************"
echo "*  This contrib now has higher levels of encryption"
echo "* "
echo "*  We cannot upgrade your existing certificates"
echo "* existing certificates from SME9 or below have either "
echo "* md5WithRSAEncryption sha1WithRSAEncryption"
echo "* as Signature Algorithm (weak)."
echo "* only way to update to sha256 or sha512 is to "
echo "* start from scratch."
echo "* "
echo "*  If you have existing certificates you want to use"
echo "*  then start with a new CA, backup up, and then restore"
echo "*  your phpki-store directory in /opt/phpki"
echo "* "
echo "******************************************************"
echo ""

if [ -d /opt/phpki/phpki-store ] ; then
    echo "Backing up your /opt/phpki/phpki-store"
    today=$(date "+%Y%m%d%H%M")
    echo "Copying from /opt/phpki/phpki-store to /opt/phpki/phpki-store.$today"
    /bin/cp -pr /opt/phpki/phpki-store "/opt/phpki/phpki-store.$today"
    echo "Directory copied... continuing to install"
    # fix missing md_default
    if ( grep default_md /opt/phpki/phpki-store/config/config.php -q ); then
      echo "md_default OK"
    else
      echo "default_md missing in /opt/phpki/phpki-store/config/config.php"
      echo "getting  value from /opt/phpki/phpki-store/config/openssl.cnf"
      # it could ba acceptable to hash sha256 a certificate from a root with sha1. 
      defaultmd=$(awk '/^default_md/{print $NF}' /opt/phpki/phpki-store/config/openssl.cnf || echo "sha512")
      echo "inserting $defaultmd default_md at end of /opt/phpki/phpki-store/config/config.php"
      sed -i '/\?>/i \
      # Define default md \
      \$config['default_md']    = "'$defaultmd'";' /opt/phpki/phpki-store/config/config.php
      echo "Done... continuing to install"
    fi 
else
    echo "No directory detected... continuing to install"
fi


%preun


%post
# First install, point index.php to setup.php
if [ $1 == 1 ]; then
  #do not do if there is already a CA (restore from backup))
  if [ ! -f /opt/phpki/phpki-store/config/config.php ] ; then
        %{__ln_s} /opt/phpki/html/setup.php-presetup /opt/phpki/html/index.php
        %{__ln_s} /opt/phpki/html/setup.php-presetup /opt/phpki/html/setup.php
  fi
  echo "<?php
header(\"Location: ./../index.php\");
?>
" > /opt/phpki/html/ca/index.php
fi


%postun
# Remove the links to index.php after uninstall
if [ $1 == 0 ]; then
    %{__rm} -f /opt/phpki/html/index.php
    %{__rm} -f /opt/phpki/html/setup.php
    %{__rm} -f /opt/phpki/html/ca/index.php
fi

true
1	jcrisp	1.1	# $Id: phpki-ng.spec,v 1.4 2018/11/17 13:20:42 jcrisp Exp $
2			# Authority: vip-ire
3			# Name: Daniel Berteaud
4
5			%define name phpki-ng
6			%define version 0.84
7	jpp	1.17	%define release 16
8	jcrisp	1.1	Summary: Phpki is a simple certificate management suite
9			Name: %{name}
10			Version: %{version}
11			Release: %{release}%{?dist}
12			License: GNU GPL version 2
13			URL: http://sourceforge.net/projects/phpki/
14			Group: SMEserver/addon
15			#wget http://www.fooweb.com/downloads/foo-3.6.431.tar.gz
16			Source: %{name}-%{version}.tar.gz
17	jcrisp	1.2	Patch1: phpki-ng-0.84-fix-for-php74-code-tidy.patch
18	jcrisp	1.3	Patch2: phpki-ng-0.84-fix-pregmatch-revoke-certs.patch
19	jcrisp	1.4	Patch3: phpki-ng-0.84-fix-crl.patch
20	jcrisp	1.5	Patch4: phpki-ng-0.84-fix-missing-slash-certtype-detection.patch
21	jcrisp	1.7	Patch5: phpki-ng-0.84-fix-html-directory-check.patch
22	jcrisp	1.8	Patch6: phpki-ng-0.84-fix-download-cert.patch
23	jcrisp	1.12	Patch7: phpki-ng-0.84-fix-html-syntax-in-help.patch
24	jcrisp	1.13	Patch8: phpki-ng-0.84-fix-final-redirect.patch
25	jpp	1.15	Patch9: phpki-ng-bz12272-bz12273-crl-whitespacepass.patch
26	jpp	1.16	Patch10: phpki-ng-bz12274-regex-secu.patch
27	jcrisp	1.1
28			BuildArch: noarch
29			BuildRoot: /var/tmp/%{name}-%{version}
30
31			BuildRequires: e-smith-devtools
32
33	jcrisp	1.2	Requires: e-smith-release >= 10.0
34			Requires: php74-php-fpm
35	jcrisp	1.1	Requires: openssl
36			Requires: openvpn
37			Conflicts: phpki
38			AutoReqProv: no
39
40			%description
41			http://sourceforge.net/projects/phpki/
42			https://github.com/radicand/phpki
43	jcrisp	1.2	https://github.com/reetp/phpki
44	jcrisp	1.1	PHPki is an Open Source Web application for managing a multi-agency PKI for HIPAA compliance.
45			With it, you may create and centrally manage X.509 certificates for use with S/MIME enabled
46			e-mail clients, SSL servers, and VPN applications.
47
48			%changelog
49	jpp	1.17	* Sat Dec 17 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.84-16.sme
50			- add dl_crl_pem.php [SME: 12272]
51
52	jpp	1.16	* Wed Dec 14 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.84-15.sme
53			- fix regex and potential code injection [SME: 12274]
54
55	jpp	1.15	* Wed Dec 14 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.84-14.sme
56			- add easy and safe access to crl download [SME: 12272]
57			- fix revoke certificate failing on whitespace pass [SME: 12273]
58			- fix missing default_md in config.php from previous versions [SME: 12267]
59			- updated scriptlet to ease backup and restore
60
61			* Fri Nov 18 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.84-13.sme
62	jpp	1.14	- remove extra space in URL in search.php [SME: 12232]
63
64	jcrisp	1.13	* Thu Sep 30 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-12.sme
65			- Attempt to fix the final reload after CA creation [SME: 11192]
66
67	jcrisp	1.12	* Thu Aug 05 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-11.sme
68			- Fix html syntax error in help - Thanks Mauro De Carolis [SME: 11688]
69
70			* Tue Apr 06 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-10.sme
71	jcrisp	1.11	- And tidy up the copying wording. [SME: 11192]
72			- Credit to Terry Fage for persisting with testing
73
74	jcrisp	1.10	* Mon Apr 05 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-9.sme
75			- Really fix the copy this time [SME: 11192]
76
77			* Sat Apr 03 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-8.sme
78			- copy phpki-store as a backup instead of move [SME: 11192]
79	jcrisp	1.9
80	jcrisp	1.8	* Thu Apr 01 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-7.sme
81			- Fix broken Download Certificate in Cert generation [SME: 11513]
82
83	jcrisp	1.7	* Thu Mar 18 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-6.sme
84	jcrisp	1.10	- Update html header info [SME: 11192]
85	jcrisp	1.7	- Remove obsolete align
86			- Remove accidentally duplicated html
87			- Fix typo
88			- Fix directory check
89			- move function flush_exec to functions file
90
91	jcrisp	1.5	* Tue Mar 09 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-5.sme
92			- Fix missing / [SME:11435]
93			- Update cert type detection for renew [SME: 11436]
94			- Code formatting
95
96	jcrisp	1.4	* Mon Mar 08 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-4.sme
97			- Fix crl creation [SME: 11141]
98			- Extra notes in setup page
99
100	jcrisp	1.3	* Mon Mar 08 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-3.sme
101			- Fix Typo in certificate password [SME: 11435]
102			- Fix typos and preg_match issues [SME: 11436]
103	jcrisp	1.4	- Add Certificate creation notification [SME: 11437]
104			- Bit of file formatting
105	jcrisp	1.3
106	jcrisp	1.4	* Wed Mar 03 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-2.sme
107	jcrisp	1.2	- Change version to 0.84
108			- Fix undefined constant errors [SME: 11397]
109			- fix tempdir [SME: 11398]
110			- update code to be PHP 7.4+ compliant
111			- format with CodeSniff to PSR2
112
113	jcrisp	1.1	* Wed Apr 01 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-1.sme
114	jcrisp	1.2	- Rename to php-ng 0.84 [SME: 11192]
115	jcrisp	1.1	- Fix date sorting in certificates
116
117			* Thu Mar 19 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-9.sme
118			- Update DH to 2048
119
120			* Mon Mar 09 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-8.sme
121			- move warning and exit to %pre
122
123			* Sat Mar 07 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-7.sme
124			- Lots of formatting - adding quotes to items and tidying up
125			- set default md to 512
126
127			* Wed Mar 04 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-6.sme
128			- Fix renew-cert
129			- revert DH setup so you can see progress
130
131			* Wed Mar 04 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-5.sme
132			- Fix create cert without password
133
134			* Wed Mar 04 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-4.sme
135			- Fix openvpn error
136
137			* Tue Mar 03 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-3.sme
138			- more fixes
139
140			* Sat Feb 29 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-2.sme
141			- small fixes
142
143			* Fri Feb 28 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-1.sme
144			- Update to 0.83
145
146	jcrisp	1.2	* Sat Nov 17 2018 Terry Fage <tfage@yahoo.com.au> 0.82-19.sme
147	jcrisp	1.1	- Fix preg_match warnings [SME:10622]
148
149			* Mon Oct 8 2018 Daniel B. <daniel@firewall-services.com> 0.82-18.sme
150			- Fix potential XSS with unsafe use of PHP_SELF [SME: 10626]
151
152			* Thu Sep 6 2018 brian r. <brianr@bjsystems.co.uk> 0.82-17.sme
153			- Replace use of ereg by preg_replace as per deprecated in php 5.3 and removed in 7.0
154			- [SME: 10622]
155
156			* Mon Dec 12 2011 Daniel B. <daniel@firewall-services.com> 0.82-16.sme
157			- Remove php-posix dependency (not available, nor needed on SME 7.x) [SME: 6805]
158
159			* Wed Oct 26 2011 Daniel B. <daniel@firewall-services.com> 0.82-15.sme
160			- Requires php-posix
161
162			* Wed Jun 29 2011 Daniel B. <daniel@firewall-services.com> 0.82-14.sme
163			- Don't check issuer (everyone allowed to access /ca can manage
164			all the certificates, access to /ca is controlled by apache)
165
166			* Tue Mar 15 2011 Daniel B. <daniel@firewall-services.com> 0.82-13.sme
167			- Replace md5 with sha1 for signing
168
169			* Fri May 28 2010 Daniel B. <daniel@firewall-services.com> [0.82-12]
170			- Weekly update the CRL via cron so MS Crypto API will be happy
171
172			* Thu Mar 18 2010 Daniel B. <daniel@firewall-services.com> [0.82-11]
173			- Fixe empty password with PHP 5.2 (SME 8b5)
174
175			* Wed Aug 26 2009 Daniel B. <daniel@firewall-services.com> [0.82-10]
176			- Fixe links for CA help page
177
178			* Mon Mar 23 2009 Daniel B. <daniel@firewall-services.com> [0.82-9]
179			- Remove links after uninstall so you can easily re-install the contrib
180			later [SME: 5091]
181
182			* Tue Mar 03 2009 Daniel B. <daniel@firewall-services.com> [0.82-8]
183			- Add e-smith-devtools as a dependencie
184
185			* Tue Jan 20 2009 Daniel B. <daniel@firewall-services.com> [0.82-7]
186			- Don't replace config file on upgrades
187
188			* Wed Jan 07 2009 Daniel B. <daniel@firewall-services.com> [0.82-6]
189			- Remove the email address from the file name during upload (in search page)
190			- Remove secure.sh script
191
192			* Tue Dec 16 2008 Daniel B. <daniel@firewall-services.com> [0.82-5]
193			- Link index.php to setup-presetup.php
194
195			* Mon Dec 08 2008 Daniel B. <daniel@firewall-services.com> [0.82-4]
196			- Changes so certificates imported from openvpn-bridge are recognized
197			- Configure default admin user to 'admin'
198			- Create a static key for OpenVPN TLS auth (requires openvpn)
199			- Add expirey values (3 Months, 6 Months)
200			- Display or download takey.pem and dhparam1024.pem from
201			the certificate management menue
202			- Display the Root certificate in PEM format
203			- Possibility to download the CRL in PEM format
204			- Remove the email address from the file name during upload
205			- Disable download of certificate after creating a new one
206			- Remove security warning after setup
207
208			* Fri Dec 05 2008 Daniel B. <daniel@firewall-services.com> [0.82-3]
209			- Correct extension name for email_signing certificates
210			- Remove links, and recreate them in the %post section so upgrade can be done smoothly
211
212			* Wed Nov 26 2008 Daniel B. <daniel@firewall-services.com> [0.82-0]
213			- initial release
214			- builds from unchanged .tar.gz
215
216			%prep
217			%setup -c -n %{name}
218	jcrisp	1.2	%patch1 -p1
219	jcrisp	1.3	%patch2 -p1
220	jcrisp	1.4	%patch3 -p1
221	jcrisp	1.5	%patch4 -p1
222	jcrisp	1.7	%patch5 -p1
223	jcrisp	1.8	%patch6 -p1
224	jcrisp	1.12	%patch7 -p1
225	jcrisp	1.13	%patch8 -p1
226	jpp	1.15	%patch9 -p1
227	jpp	1.16	%patch10 -p1
228	jcrisp	1.1
229			%build
230			%{__mkdir_p} root/opt/phpki/html
231			%{__mkdir_p} root/opt/phpki/phpki-store
232			%{__mkdir_p} root/opt/phpki/bin
233			%{__mkdir_p} root/%{_sysconfdir}/cron.weekly/
234			%{__mv} %{name}-%{version}/gen_crl.php root/opt/phpki/bin/
235			%{__mv} %{name}-%{version}/* root/opt/phpki/html/
236
237
238			cat <<"HERE" > root/%{_sysconfdir}/cron.weekly/phpki_update_crl
239			#!/bin/bash
240
241			cd /opt/phpki/bin
242	jcrisp	1.2	/usr/bin/php74 ./gen_crl.php 2>&1 > /dev/null
243	jcrisp	1.1
244			HERE
245
246
247			# Remove links to setup page so upgrades can be done smoothly
248			%{__rm} -f root/opt/phpki/html/index.php
249			%{__rm} -f root/opt/phpki/html/ca/index.php
250			%{__rm} -f root/opt/phpki/html/setup.php
251
252			# This script shouldn't be here
253			%{__rm} -f root/opt/phpki/html/secure.sh
254
255
256			%install
257			rm -rf $RPM_BUILD_ROOT
258			(cd root ; find . -depth -print \| cpio -dump $RPM_BUILD_ROOT)
259			rm -f %{name}-%{version}-filelist
260			/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
261			--file '/opt/phpki/html/config.php' 'attr(660,root,phpki) %config(noreplace)' \
262			--file '/opt/phpki/html/openssl.cnf' 'attr(660,root,phpki) %config(noreplace)' \
263			--file '%{_sysconfdir}/cron.weekly/phpki_update_crl' 'attr(744,root,root)' \
264			--dir '/opt/phpki/html' 'attr(770,root,phpki)' \
265			--dir '/opt/phpki/html/ca' 'attr(770,root,phpki)' \
266			--dir '/opt/phpki/phpki-store' 'attr(750,phpki,phpki)' \
267			> %{name}-%{version}-filelist
268
269			%files -f %{name}-%{version}-filelist
270			%defattr(-,root,root)
271
272			%clean
273			cd ..
274			rm -rf $RPM_BUILD_ROOT
275
276			%pre
277	jpp	1.18	if ! /usr/bin/id phpki &>/dev/null; then
278			echo "Creating phpki user"
279			/usr/sbin/useradd -c 'Phpki User' -s /sbin/nologin -r -d /opt/phpki/phpki-store phpki &>/dev/null \|\| \
280			%logmsg "Unexpected error adding user \"phpki\". Abort installation."
281			fi
282
283	jcrisp	1.1	echo "******************************************************"
284			echo "* "
285			echo "* !!! IMPORTANT - READ THIS NOW !!! "
286			echo "* "
287			echo "******************************************************"
288			echo "* This contrib now has higher levels of encryption"
289			echo "* "
290			echo "* We cannot upgrade your existing certificates"
291	jpp	1.15	echo "* existing certificates from SME9 or below have either "
292			echo "* md5WithRSAEncryption sha1WithRSAEncryption"
293			echo "* as Signature Algorithm (weak)."
294			echo "* only way to update to sha256 or sha512 is to "
295			echo "* start from scratch."
296	jcrisp	1.1	echo "* "
297	jcrisp	1.9	echo "* If you have existing certificates you want to use"
298			echo "* then start with a new CA, backup up, and then restore"
299			echo "* your phpki-store directory in /opt/phpki"
300	jcrisp	1.1	echo "* "
301			echo "******************************************************"
302			echo ""
303
304			if [ -d /opt/phpki/phpki-store ] ; then
305			echo "Backing up your /opt/phpki/phpki-store"
306	jpp	1.15	today=$(date "+%Y%m%d%H%M")
307			echo "Copying from /opt/phpki/phpki-store to /opt/phpki/phpki-store.$today"
308			/bin/cp -pr /opt/phpki/phpki-store "/opt/phpki/phpki-store.$today"
309			echo "Directory copied... continuing to install"
310			# fix missing md_default
311			if ( grep default_md /opt/phpki/phpki-store/config/config.php -q ); then
312			echo "md_default OK"
313			else
314			echo "default_md missing in /opt/phpki/phpki-store/config/config.php"
315			echo "getting value from /opt/phpki/phpki-store/config/openssl.cnf"
316			# it could ba acceptable to hash sha256 a certificate from a root with sha1.
317			defaultmd=$(awk '/^default_md/{print $NF}' /opt/phpki/phpki-store/config/openssl.cnf \|\| echo "sha512")
318			echo "inserting $defaultmd default_md at end of /opt/phpki/phpki-store/config/config.php"
319			sed -i '/\?>/i \
320			# Define default md \
321			\$config['default_md'] = "'$defaultmd'";' /opt/phpki/phpki-store/config/config.php
322			echo "Done... continuing to install"
323			fi
324	jcrisp	1.1	else
325	jpp	1.15	echo "No directory detected... continuing to install"
326	jcrisp	1.1	fi
327
328	jcrisp	1.11
329	jcrisp	1.1	%preun
330
331
332			%post
333			# First install, point index.php to setup.php
334			if [ $1 == 1 ]; then
335	jpp	1.15	#do not do if there is already a CA (restore from backup))
336			if [ ! -f /opt/phpki/phpki-store/config/config.php ] ; then
337	jcrisp	1.1	%{__ln_s} /opt/phpki/html/setup.php-presetup /opt/phpki/html/index.php
338			%{__ln_s} /opt/phpki/html/setup.php-presetup /opt/phpki/html/setup.php
339	jpp	1.15	fi
340			echo "<?php
341	jcrisp	1.1	header(\"Location: ./../index.php\");
342			?>
343			" > /opt/phpki/html/ca/index.php
344			fi
345
346
347			%postun
348			# Remove the links to index.php after uninstall
349			if [ $1 == 0 ]; then
350			%{__rm} -f /opt/phpki/html/index.php
351			%{__rm} -f /opt/phpki/html/setup.php
352			%{__rm} -f /opt/phpki/html/ca/index.php
353			fi
354
355			true