phpki-ng/contribs10/phpki-ng.spec

# $Id: phpki-ng.spec,v 1.4 2018/11/17 13:20:42 jcrisp Exp $
# Authority: vip-ire
# Name: Daniel Berteaud

%define         name phpki-ng
%define         version 0.84
%define         release 1
Summary:        Phpki is a simple certificate management suite
Name:           %{name}
Version:        %{version}
Release:        %{release}%{?dist}
License:        GNU GPL version 2
URL:            http://sourceforge.net/projects/phpki/
Group:          SMEserver/addon
#wget           http://www.fooweb.com/downloads/foo-3.6.431.tar.gz
Source:         %{name}-%{version}.tar.gz

BuildArch:      noarch
BuildRoot:      /var/tmp/%{name}-%{version}

BuildRequires:  e-smith-devtools

Requires:       e-smith-release >= 9.0
Requires:       php
Requires:       openssl
Requires:       openvpn
Conflicts:      phpki
AutoReqProv:    no

%description
http://sourceforge.net/projects/phpki/
https://github.com/radicand/phpki
PHPki is an Open Source Web application for managing a multi-agency PKI for HIPAA compliance.
With it, you may create and centrally manage X.509 certificates for use with S/MIME enabled 
e-mail clients, SSL servers, and VPN applications.

%changelog
* Wed Apr 01 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-1.sme
- Rename to php-ng 0.84
- Fix date sorting in certificates

* Thu Mar 19 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-9.sme
- Update DH to 2048

* Mon Mar 09 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-8.sme
- move warning and exit to %pre

* Sat Mar 07 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-7.sme
- Lots of formatting - adding quotes to items and tidying up
- set default md to 512

* Wed Mar 04 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-6.sme
- Fix renew-cert
- revert DH setup so you can see progress

* Wed Mar 04 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-5.sme
- Fix create cert without password

* Wed Mar 04 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-4.sme
- Fix openvpn error

* Tue Mar 03 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-3.sme
- more fixes

* Sat Feb 29 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-2.sme
- small fixes

* Fri Feb 28 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-1.sme
- Update to 0.83 

* Sat Nov 17 2018 Terry Fage <tfage@yahoo.com.au> 
- Fix preg_match warnings [SME:10622]

* Mon Oct 8 2018 Daniel B. <daniel@firewall-services.com> 0.82-18.sme
- Fix potential XSS with unsafe use of PHP_SELF [SME: 10626]

* Thu Sep 6 2018 brian r. <brianr@bjsystems.co.uk> 0.82-17.sme
- Replace use of ereg by preg_replace as per deprecated in php 5.3 and removed in 7.0
- [SME: 10622]

* Mon Dec 12 2011 Daniel B. <daniel@firewall-services.com> 0.82-16.sme
- Remove php-posix dependency (not available, nor needed on SME 7.x) [SME: 6805]

* Wed Oct 26 2011 Daniel B. <daniel@firewall-services.com> 0.82-15.sme
- Requires php-posix

* Wed Jun 29 2011 Daniel B. <daniel@firewall-services.com> 0.82-14.sme
- Don't check issuer (everyone allowed to access /ca can manage
  all the certificates, access to /ca is controlled by apache)

* Tue Mar 15 2011 Daniel B. <daniel@firewall-services.com> 0.82-13.sme
- Replace md5 with sha1 for signing

* Fri May 28 2010 Daniel B. <daniel@firewall-services.com> [0.82-12]
- Weekly update the CRL via cron so MS Crypto API will be happy

* Thu Mar 18 2010 Daniel B. <daniel@firewall-services.com> [0.82-11]
- Fixe empty password with PHP 5.2 (SME 8b5)

* Wed Aug 26 2009 Daniel B. <daniel@firewall-services.com> [0.82-10]
- Fixe links for CA help page

* Mon Mar 23 2009 Daniel B. <daniel@firewall-services.com> [0.82-9]
- Remove links after uninstall so you can easily re-install the contrib
  later [SME: 5091]

* Tue Mar 03 2009 Daniel B. <daniel@firewall-services.com> [0.82-8]
- Add e-smith-devtools as a dependencie

* Tue Jan 20 2009 Daniel B. <daniel@firewall-services.com> [0.82-7]
- Don't replace config file on upgrades

* Wed Jan 07 2009 Daniel B. <daniel@firewall-services.com> [0.82-6]
- Remove the email address from the file name during upload (in search page)
- Remove secure.sh script

* Tue Dec 16 2008 Daniel B. <daniel@firewall-services.com> [0.82-5]
- Link index.php to setup-presetup.php

* Mon Dec 08 2008 Daniel B. <daniel@firewall-services.com> [0.82-4]
- Changes so certificates imported from openvpn-bridge are recognized
- Configure default admin user to 'admin'
- Create a static key for OpenVPN TLS auth (requires openvpn)
- Add expirey values (3 Months, 6 Months)
- Display or download takey.pem and dhparam1024.pem from 
  the certificate management menue
- Display the Root certificate in PEM format
- Possibility to download the CRL in PEM format
- Remove the email address from the file name during upload
- Disable download of certificate after creating a new one
- Remove security warning after setup

* Fri Dec 05 2008 Daniel B. <daniel@firewall-services.com> [0.82-3]
- Correct extension name for email_signing certificates
- Remove links, and recreate them in the %post section so upgrade can be done smoothly

* Wed Nov 26 2008 Daniel B. <daniel@firewall-services.com> [0.82-0]
- initial release
- builds from unchanged .tar.gz

%prep
%setup  -c -n %{name}

%build
%{__mkdir_p} root/opt/phpki/html
%{__mkdir_p} root/opt/phpki/phpki-store
%{__mkdir_p} root/opt/phpki/bin
%{__mkdir_p} root/%{_sysconfdir}/cron.weekly/
%{__mv} %{name}-%{version}/gen_crl.php root/opt/phpki/bin/
%{__mv} %{name}-%{version}/* root/opt/phpki/html/


cat <<"HERE" > root/%{_sysconfdir}/cron.weekly/phpki_update_crl
#!/bin/bash

cd /opt/phpki/bin
php ./gen_crl.php 2>&1 > /dev/null

HERE


# Remove links to setup page so upgrades can be done smoothly
%{__rm} -f root/opt/phpki/html/index.php
%{__rm} -f root/opt/phpki/html/ca/index.php
%{__rm} -f root/opt/phpki/html/setup.php

# This script shouldn't be here
%{__rm} -f root/opt/phpki/html/secure.sh


%install
rm -rf $RPM_BUILD_ROOT
(cd root   ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT)
rm -f %{name}-%{version}-filelist
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
   --file '/opt/phpki/html/config.php' 'attr(660,root,phpki) %config(noreplace)' \
   --file '/opt/phpki/html/openssl.cnf' 'attr(660,root,phpki) %config(noreplace)' \
   --file '%{_sysconfdir}/cron.weekly/phpki_update_crl' 'attr(744,root,root)' \
   --dir  '/opt/phpki/html' 'attr(770,root,phpki)' \
   --dir  '/opt/phpki/html/ca' 'attr(770,root,phpki)' \
   --dir  '/opt/phpki/phpki-store' 'attr(750,phpki,phpki)' \
    > %{name}-%{version}-filelist

%files -f %{name}-%{version}-filelist
%defattr(-,root,root)

%clean
cd ..
rm -rf $RPM_BUILD_ROOT

%pre
echo "******************************************************"
echo "* "
echo "*       !!! IMPORTANT - READ THIS NOW !!! "
echo "* "
echo "******************************************************"
echo "*  This contrib now has higher levels of encryption"
echo "* "
echo "*  We cannot upgrade your existing certificates"
echo "* "
echo "*  If we detect an existing certificate store"
echo "*  we are going to move it"
echo "* "
echo "*  You can then start with a new CA and certificates"
echo "******************************************************"
echo ""

if [ -d /opt/phpki/phpki-store ] ; then
    echo "Backing up your /opt/phpki/phpki-store"
    RANDOM=$$
    PHPKIDIR=$(( 1 + $RANDOM%99999 ))
    echo "Number is $PHPKIDIR"
    echo "moving from /opt/phpki/phpki-store to /opt/phpki/phpki-store.$PHPKIDIR"
    mv /opt/phpki/phpki-store "/opt/phpki/phpki-store.$PHPKIDIR"
    echo "Directory moved...continuing installaton"
else
    echo "No directory detected...continuing installaton"
fi

echo "Creating phpki user"

if ! /usr/bin/id phpki &>/dev/null; then
        /usr/sbin/useradd -c 'Phpki User' -s /sbin/nologin -r -d /opt/phpki/phpki-store phpki &>/dev/null || \
                %logmsg "Unexpected error adding user \"phpki\". Abort installation."
fi

%preun


%post
# First install, point index.php to setup.php
if [ $1 == 1 ]; then
        %{__ln_s} /opt/phpki/html/setup.php-presetup /opt/phpki/html/index.php
        %{__ln_s} /opt/phpki/html/setup.php-presetup /opt/phpki/html/setup.php
        echo "<?php
header(\"Location: ./../index.php\");
?>
" > /opt/phpki/html/ca/index.php
fi


%postun
# Remove the links to index.php after uninstall
if [ $1 == 0 ]; then
    %{__rm} -f /opt/phpki/html/index.php
    %{__rm} -f /opt/phpki/html/setup.php
    %{__rm} -f /opt/phpki/html/ca/index.php
fi

true
1	# $Id: phpki-ng.spec,v 1.4 2018/11/17 13:20:42 jcrisp Exp $
2	# Authority: vip-ire
3	# Name: Daniel Berteaud
4
5	%define name phpki-ng
6	%define version 0.84
7	%define release 1
8	Summary: Phpki is a simple certificate management suite
9	Name: %{name}
10	Version: %{version}
11	Release: %{release}%{?dist}
12	License: GNU GPL version 2
13	URL: http://sourceforge.net/projects/phpki/
14	Group: SMEserver/addon
15	#wget http://www.fooweb.com/downloads/foo-3.6.431.tar.gz
16	Source: %{name}-%{version}.tar.gz
17
18	BuildArch: noarch
19	BuildRoot: /var/tmp/%{name}-%{version}
20
21	BuildRequires: e-smith-devtools
22
23	Requires: e-smith-release >= 9.0
24	Requires: php
25	Requires: openssl
26	Requires: openvpn
27	Conflicts: phpki
28	AutoReqProv: no
29
30	%description
31	http://sourceforge.net/projects/phpki/
32	https://github.com/radicand/phpki
33	PHPki is an Open Source Web application for managing a multi-agency PKI for HIPAA compliance.
34	With it, you may create and centrally manage X.509 certificates for use with S/MIME enabled
35	e-mail clients, SSL servers, and VPN applications.
36
37	%changelog
38	* Wed Apr 01 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-1.sme
39	- Rename to php-ng 0.84
40	- Fix date sorting in certificates
41
42	* Thu Mar 19 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-9.sme
43	- Update DH to 2048
44
45	* Mon Mar 09 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-8.sme
46	- move warning and exit to %pre
47
48	* Sat Mar 07 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-7.sme
49	- Lots of formatting - adding quotes to items and tidying up
50	- set default md to 512
51
52	* Wed Mar 04 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-6.sme
53	- Fix renew-cert
54	- revert DH setup so you can see progress
55
56	* Wed Mar 04 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-5.sme
57	- Fix create cert without password
58
59	* Wed Mar 04 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-4.sme
60	- Fix openvpn error
61
62	* Tue Mar 03 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-3.sme
63	- more fixes
64
65	* Sat Feb 29 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-2.sme
66	- small fixes
67
68	* Fri Feb 28 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-1.sme
69	- Update to 0.83
70
71	* Sat Nov 17 2018 Terry Fage <tfage@yahoo.com.au>
72	- Fix preg_match warnings [SME:10622]
73
74	* Mon Oct 8 2018 Daniel B. <daniel@firewall-services.com> 0.82-18.sme
75	- Fix potential XSS with unsafe use of PHP_SELF [SME: 10626]
76
77	* Thu Sep 6 2018 brian r. <brianr@bjsystems.co.uk> 0.82-17.sme
78	- Replace use of ereg by preg_replace as per deprecated in php 5.3 and removed in 7.0
79	- [SME: 10622]
80
81	* Mon Dec 12 2011 Daniel B. <daniel@firewall-services.com> 0.82-16.sme
82	- Remove php-posix dependency (not available, nor needed on SME 7.x) [SME: 6805]
83
84	* Wed Oct 26 2011 Daniel B. <daniel@firewall-services.com> 0.82-15.sme
85	- Requires php-posix
86
87	* Wed Jun 29 2011 Daniel B. <daniel@firewall-services.com> 0.82-14.sme
88	- Don't check issuer (everyone allowed to access /ca can manage
89	all the certificates, access to /ca is controlled by apache)
90
91	* Tue Mar 15 2011 Daniel B. <daniel@firewall-services.com> 0.82-13.sme
92	- Replace md5 with sha1 for signing
93
94	* Fri May 28 2010 Daniel B. <daniel@firewall-services.com> [0.82-12]
95	- Weekly update the CRL via cron so MS Crypto API will be happy
96
97	* Thu Mar 18 2010 Daniel B. <daniel@firewall-services.com> [0.82-11]
98	- Fixe empty password with PHP 5.2 (SME 8b5)
99
100	* Wed Aug 26 2009 Daniel B. <daniel@firewall-services.com> [0.82-10]
101	- Fixe links for CA help page
102
103	* Mon Mar 23 2009 Daniel B. <daniel@firewall-services.com> [0.82-9]
104	- Remove links after uninstall so you can easily re-install the contrib
105	later [SME: 5091]
106
107	* Tue Mar 03 2009 Daniel B. <daniel@firewall-services.com> [0.82-8]
108	- Add e-smith-devtools as a dependencie
109
110	* Tue Jan 20 2009 Daniel B. <daniel@firewall-services.com> [0.82-7]
111	- Don't replace config file on upgrades
112
113	* Wed Jan 07 2009 Daniel B. <daniel@firewall-services.com> [0.82-6]
114	- Remove the email address from the file name during upload (in search page)
115	- Remove secure.sh script
116
117	* Tue Dec 16 2008 Daniel B. <daniel@firewall-services.com> [0.82-5]
118	- Link index.php to setup-presetup.php
119
120	* Mon Dec 08 2008 Daniel B. <daniel@firewall-services.com> [0.82-4]
121	- Changes so certificates imported from openvpn-bridge are recognized
122	- Configure default admin user to 'admin'
123	- Create a static key for OpenVPN TLS auth (requires openvpn)
124	- Add expirey values (3 Months, 6 Months)
125	- Display or download takey.pem and dhparam1024.pem from
126	the certificate management menue
127	- Display the Root certificate in PEM format
128	- Possibility to download the CRL in PEM format
129	- Remove the email address from the file name during upload
130	- Disable download of certificate after creating a new one
131	- Remove security warning after setup
132
133	* Fri Dec 05 2008 Daniel B. <daniel@firewall-services.com> [0.82-3]
134	- Correct extension name for email_signing certificates
135	- Remove links, and recreate them in the %post section so upgrade can be done smoothly
136
137	* Wed Nov 26 2008 Daniel B. <daniel@firewall-services.com> [0.82-0]
138	- initial release
139	- builds from unchanged .tar.gz
140
141	%prep
142	%setup -c -n %{name}
143
144	%build
145	%{__mkdir_p} root/opt/phpki/html
146	%{__mkdir_p} root/opt/phpki/phpki-store
147	%{__mkdir_p} root/opt/phpki/bin
148	%{__mkdir_p} root/%{_sysconfdir}/cron.weekly/
149	%{__mv} %{name}-%{version}/gen_crl.php root/opt/phpki/bin/
150	%{__mv} %{name}-%{version}/* root/opt/phpki/html/
151
152
153	cat <<"HERE" > root/%{_sysconfdir}/cron.weekly/phpki_update_crl
154	#!/bin/bash
155
156	cd /opt/phpki/bin
157	php ./gen_crl.php 2>&1 > /dev/null
158
159	HERE
160
161
162	# Remove links to setup page so upgrades can be done smoothly
163	%{__rm} -f root/opt/phpki/html/index.php
164	%{__rm} -f root/opt/phpki/html/ca/index.php
165	%{__rm} -f root/opt/phpki/html/setup.php
166
167	# This script shouldn't be here
168	%{__rm} -f root/opt/phpki/html/secure.sh
169
170
171	%install
172	rm -rf $RPM_BUILD_ROOT
173	(cd root ; find . -depth -print \| cpio -dump $RPM_BUILD_ROOT)
174	rm -f %{name}-%{version}-filelist
175	/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
176	--file '/opt/phpki/html/config.php' 'attr(660,root,phpki) %config(noreplace)' \
177	--file '/opt/phpki/html/openssl.cnf' 'attr(660,root,phpki) %config(noreplace)' \
178	--file '%{_sysconfdir}/cron.weekly/phpki_update_crl' 'attr(744,root,root)' \
179	--dir '/opt/phpki/html' 'attr(770,root,phpki)' \
180	--dir '/opt/phpki/html/ca' 'attr(770,root,phpki)' \
181	--dir '/opt/phpki/phpki-store' 'attr(750,phpki,phpki)' \
182	> %{name}-%{version}-filelist
183
184	%files -f %{name}-%{version}-filelist
185	%defattr(-,root,root)
186
187	%clean
188	cd ..
189	rm -rf $RPM_BUILD_ROOT
190
191	%pre
192	echo "******************************************************"
193	echo "* "
194	echo "* !!! IMPORTANT - READ THIS NOW !!! "
195	echo "* "
196	echo "******************************************************"
197	echo "* This contrib now has higher levels of encryption"
198	echo "* "
199	echo "* We cannot upgrade your existing certificates"
200	echo "* "
201	echo "* If we detect an existing certificate store"
202	echo "* we are going to move it"
203	echo "* "
204	echo "* You can then start with a new CA and certificates"
205	echo "******************************************************"
206	echo ""
207
208	if [ -d /opt/phpki/phpki-store ] ; then
209	echo "Backing up your /opt/phpki/phpki-store"
210	RANDOM=$$
211	PHPKIDIR=$(( 1 + $RANDOM%99999 ))
212	echo "Number is $PHPKIDIR"
213	echo "moving from /opt/phpki/phpki-store to /opt/phpki/phpki-store.$PHPKIDIR"
214	mv /opt/phpki/phpki-store "/opt/phpki/phpki-store.$PHPKIDIR"
215	echo "Directory moved...continuing installaton"
216	else
217	echo "No directory detected...continuing installaton"
218	fi
219
220	echo "Creating phpki user"
221
222	if ! /usr/bin/id phpki &>/dev/null; then
223	/usr/sbin/useradd -c 'Phpki User' -s /sbin/nologin -r -d /opt/phpki/phpki-store phpki &>/dev/null \|\| \
224	%logmsg "Unexpected error adding user \"phpki\". Abort installation."
225	fi
226
227	%preun
228
229
230	%post
231	# First install, point index.php to setup.php
232	if [ $1 == 1 ]; then
233	%{__ln_s} /opt/phpki/html/setup.php-presetup /opt/phpki/html/index.php
234	%{__ln_s} /opt/phpki/html/setup.php-presetup /opt/phpki/html/setup.php
235	echo "<?php
236	header(\"Location: ./../index.php\");
237	?>
238	" > /opt/phpki/html/ca/index.php
239	fi
240
241
242	%postun
243	# Remove the links to index.php after uninstall
244	if [ $1 == 0 ]; then
245	%{__rm} -f /opt/phpki/html/index.php
246	%{__rm} -f /opt/phpki/html/setup.php
247	%{__rm} -f /opt/phpki/html/ca/index.php
248	fi
249
250	true