/[smecontribs]/rpms/phpki-ng/contribs10/phpki-ng.spec
ViewVC logotype

Contents of /rpms/phpki-ng/contribs10/phpki-ng.spec

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.16 - (show annotations) (download)
Wed Dec 14 21:52:41 2022 UTC (23 months, 2 weeks ago) by jpp
Branch: MAIN
CVS Tags: phpki-ng-0_84-15_el7_sme
Changes since 1.15: +6 -1 lines
* Wed Dec 14 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.84-15.sme
- fix regex and potential code injection [SME: 12274]

1 # $Id: phpki-ng.spec,v 1.4 2018/11/17 13:20:42 jcrisp Exp $
2 # Authority: vip-ire
3 # Name: Daniel Berteaud
4
5 %define name phpki-ng
6 %define version 0.84
7 %define release 15
8 Summary: Phpki is a simple certificate management suite
9 Name: %{name}
10 Version: %{version}
11 Release: %{release}%{?dist}
12 License: GNU GPL version 2
13 URL: http://sourceforge.net/projects/phpki/
14 Group: SMEserver/addon
15 #wget http://www.fooweb.com/downloads/foo-3.6.431.tar.gz
16 Source: %{name}-%{version}.tar.gz
17 Patch1: phpki-ng-0.84-fix-for-php74-code-tidy.patch
18 Patch2: phpki-ng-0.84-fix-pregmatch-revoke-certs.patch
19 Patch3: phpki-ng-0.84-fix-crl.patch
20 Patch4: phpki-ng-0.84-fix-missing-slash-certtype-detection.patch
21 Patch5: phpki-ng-0.84-fix-html-directory-check.patch
22 Patch6: phpki-ng-0.84-fix-download-cert.patch
23 Patch7: phpki-ng-0.84-fix-html-syntax-in-help.patch
24 Patch8: phpki-ng-0.84-fix-final-redirect.patch
25 Patch9: phpki-ng-bz12272-bz12273-crl-whitespacepass.patch
26 Patch10: phpki-ng-bz12274-regex-secu.patch
27
28 BuildArch: noarch
29 BuildRoot: /var/tmp/%{name}-%{version}
30
31 BuildRequires: e-smith-devtools
32
33 Requires: e-smith-release >= 10.0
34 Requires: php74-php-fpm
35 Requires: openssl
36 Requires: openvpn
37 Conflicts: phpki
38 AutoReqProv: no
39
40 %description
41 http://sourceforge.net/projects/phpki/
42 https://github.com/radicand/phpki
43 https://github.com/reetp/phpki
44 PHPki is an Open Source Web application for managing a multi-agency PKI for HIPAA compliance.
45 With it, you may create and centrally manage X.509 certificates for use with S/MIME enabled
46 e-mail clients, SSL servers, and VPN applications.
47
48 %changelog
49 * Wed Dec 14 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.84-15.sme
50 - fix regex and potential code injection [SME: 12274]
51
52 * Wed Dec 14 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.84-14.sme
53 - add easy and safe access to crl download [SME: 12272]
54 - fix revoke certificate failing on whitespace pass [SME: 12273]
55 - fix missing default_md in config.php from previous versions [SME: 12267]
56 - updated scriptlet to ease backup and restore
57
58 * Fri Nov 18 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.84-13.sme
59 - remove extra space in URL in search.php [SME: 12232]
60
61 * Thu Sep 30 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-12.sme
62 - Attempt to fix the final reload after CA creation [SME: 11192]
63
64 * Thu Aug 05 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-11.sme
65 - Fix html syntax error in help - Thanks Mauro De Carolis [SME: 11688]
66
67 * Tue Apr 06 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-10.sme
68 - And tidy up the copying wording. [SME: 11192]
69 - Credit to Terry Fage for persisting with testing
70
71 * Mon Apr 05 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-9.sme
72 - Really fix the copy this time [SME: 11192]
73
74 * Sat Apr 03 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-8.sme
75 - copy phpki-store as a backup instead of move [SME: 11192]
76
77 * Thu Apr 01 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-7.sme
78 - Fix broken Download Certificate in Cert generation [SME: 11513]
79
80 * Thu Mar 18 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-6.sme
81 - Update html header info [SME: 11192]
82 - Remove obsolete align
83 - Remove accidentally duplicated html
84 - Fix typo
85 - Fix directory check
86 - move function flush_exec to functions file
87
88 * Tue Mar 09 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-5.sme
89 - Fix missing / [SME:11435]
90 - Update cert type detection for renew [SME: 11436]
91 - Code formatting
92
93 * Mon Mar 08 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-4.sme
94 - Fix crl creation [SME: 11141]
95 - Extra notes in setup page
96
97 * Mon Mar 08 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-3.sme
98 - Fix Typo in certificate password [SME: 11435]
99 - Fix typos and preg_match issues [SME: 11436]
100 - Add Certificate creation notification [SME: 11437]
101 - Bit of file formatting
102
103 * Wed Mar 03 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-2.sme
104 - Change version to 0.84
105 - Fix undefined constant errors [SME: 11397]
106 - fix tempdir [SME: 11398]
107 - update code to be PHP 7.4+ compliant
108 - format with CodeSniff to PSR2
109
110 * Wed Apr 01 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-1.sme
111 - Rename to php-ng 0.84 [SME: 11192]
112 - Fix date sorting in certificates
113
114 * Thu Mar 19 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-9.sme
115 - Update DH to 2048
116
117 * Mon Mar 09 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-8.sme
118 - move warning and exit to %pre
119
120 * Sat Mar 07 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-7.sme
121 - Lots of formatting - adding quotes to items and tidying up
122 - set default md to 512
123
124 * Wed Mar 04 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-6.sme
125 - Fix renew-cert
126 - revert DH setup so you can see progress
127
128 * Wed Mar 04 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-5.sme
129 - Fix create cert without password
130
131 * Wed Mar 04 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-4.sme
132 - Fix openvpn error
133
134 * Tue Mar 03 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-3.sme
135 - more fixes
136
137 * Sat Feb 29 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-2.sme
138 - small fixes
139
140 * Fri Feb 28 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-1.sme
141 - Update to 0.83
142
143 * Sat Nov 17 2018 Terry Fage <tfage@yahoo.com.au> 0.82-19.sme
144 - Fix preg_match warnings [SME:10622]
145
146 * Mon Oct 8 2018 Daniel B. <daniel@firewall-services.com> 0.82-18.sme
147 - Fix potential XSS with unsafe use of PHP_SELF [SME: 10626]
148
149 * Thu Sep 6 2018 brian r. <brianr@bjsystems.co.uk> 0.82-17.sme
150 - Replace use of ereg by preg_replace as per deprecated in php 5.3 and removed in 7.0
151 - [SME: 10622]
152
153 * Mon Dec 12 2011 Daniel B. <daniel@firewall-services.com> 0.82-16.sme
154 - Remove php-posix dependency (not available, nor needed on SME 7.x) [SME: 6805]
155
156 * Wed Oct 26 2011 Daniel B. <daniel@firewall-services.com> 0.82-15.sme
157 - Requires php-posix
158
159 * Wed Jun 29 2011 Daniel B. <daniel@firewall-services.com> 0.82-14.sme
160 - Don't check issuer (everyone allowed to access /ca can manage
161 all the certificates, access to /ca is controlled by apache)
162
163 * Tue Mar 15 2011 Daniel B. <daniel@firewall-services.com> 0.82-13.sme
164 - Replace md5 with sha1 for signing
165
166 * Fri May 28 2010 Daniel B. <daniel@firewall-services.com> [0.82-12]
167 - Weekly update the CRL via cron so MS Crypto API will be happy
168
169 * Thu Mar 18 2010 Daniel B. <daniel@firewall-services.com> [0.82-11]
170 - Fixe empty password with PHP 5.2 (SME 8b5)
171
172 * Wed Aug 26 2009 Daniel B. <daniel@firewall-services.com> [0.82-10]
173 - Fixe links for CA help page
174
175 * Mon Mar 23 2009 Daniel B. <daniel@firewall-services.com> [0.82-9]
176 - Remove links after uninstall so you can easily re-install the contrib
177 later [SME: 5091]
178
179 * Tue Mar 03 2009 Daniel B. <daniel@firewall-services.com> [0.82-8]
180 - Add e-smith-devtools as a dependencie
181
182 * Tue Jan 20 2009 Daniel B. <daniel@firewall-services.com> [0.82-7]
183 - Don't replace config file on upgrades
184
185 * Wed Jan 07 2009 Daniel B. <daniel@firewall-services.com> [0.82-6]
186 - Remove the email address from the file name during upload (in search page)
187 - Remove secure.sh script
188
189 * Tue Dec 16 2008 Daniel B. <daniel@firewall-services.com> [0.82-5]
190 - Link index.php to setup-presetup.php
191
192 * Mon Dec 08 2008 Daniel B. <daniel@firewall-services.com> [0.82-4]
193 - Changes so certificates imported from openvpn-bridge are recognized
194 - Configure default admin user to 'admin'
195 - Create a static key for OpenVPN TLS auth (requires openvpn)
196 - Add expirey values (3 Months, 6 Months)
197 - Display or download takey.pem and dhparam1024.pem from
198 the certificate management menue
199 - Display the Root certificate in PEM format
200 - Possibility to download the CRL in PEM format
201 - Remove the email address from the file name during upload
202 - Disable download of certificate after creating a new one
203 - Remove security warning after setup
204
205 * Fri Dec 05 2008 Daniel B. <daniel@firewall-services.com> [0.82-3]
206 - Correct extension name for email_signing certificates
207 - Remove links, and recreate them in the %post section so upgrade can be done smoothly
208
209 * Wed Nov 26 2008 Daniel B. <daniel@firewall-services.com> [0.82-0]
210 - initial release
211 - builds from unchanged .tar.gz
212
213 %prep
214 %setup -c -n %{name}
215 %patch1 -p1
216 %patch2 -p1
217 %patch3 -p1
218 %patch4 -p1
219 %patch5 -p1
220 %patch6 -p1
221 %patch7 -p1
222 %patch8 -p1
223 %patch9 -p1
224 %patch10 -p1
225
226 %build
227 %{__mkdir_p} root/opt/phpki/html
228 %{__mkdir_p} root/opt/phpki/phpki-store
229 %{__mkdir_p} root/opt/phpki/bin
230 %{__mkdir_p} root/%{_sysconfdir}/cron.weekly/
231 %{__mv} %{name}-%{version}/gen_crl.php root/opt/phpki/bin/
232 %{__mv} %{name}-%{version}/* root/opt/phpki/html/
233
234
235 cat <<"HERE" > root/%{_sysconfdir}/cron.weekly/phpki_update_crl
236 #!/bin/bash
237
238 cd /opt/phpki/bin
239 /usr/bin/php74 ./gen_crl.php 2>&1 > /dev/null
240
241 HERE
242
243
244 # Remove links to setup page so upgrades can be done smoothly
245 %{__rm} -f root/opt/phpki/html/index.php
246 %{__rm} -f root/opt/phpki/html/ca/index.php
247 %{__rm} -f root/opt/phpki/html/setup.php
248
249 # This script shouldn't be here
250 %{__rm} -f root/opt/phpki/html/secure.sh
251
252
253 %install
254 rm -rf $RPM_BUILD_ROOT
255 (cd root ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT)
256 rm -f %{name}-%{version}-filelist
257 /sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
258 --file '/opt/phpki/html/config.php' 'attr(660,root,phpki) %config(noreplace)' \
259 --file '/opt/phpki/html/openssl.cnf' 'attr(660,root,phpki) %config(noreplace)' \
260 --file '%{_sysconfdir}/cron.weekly/phpki_update_crl' 'attr(744,root,root)' \
261 --dir '/opt/phpki/html' 'attr(770,root,phpki)' \
262 --dir '/opt/phpki/html/ca' 'attr(770,root,phpki)' \
263 --dir '/opt/phpki/phpki-store' 'attr(750,phpki,phpki)' \
264 > %{name}-%{version}-filelist
265
266 %files -f %{name}-%{version}-filelist
267 %defattr(-,root,root)
268
269 %clean
270 cd ..
271 rm -rf $RPM_BUILD_ROOT
272
273 %pre
274 echo "******************************************************"
275 echo "* "
276 echo "* !!! IMPORTANT - READ THIS NOW !!! "
277 echo "* "
278 echo "******************************************************"
279 echo "* This contrib now has higher levels of encryption"
280 echo "* "
281 echo "* We cannot upgrade your existing certificates"
282 echo "* existing certificates from SME9 or below have either "
283 echo "* md5WithRSAEncryption sha1WithRSAEncryption"
284 echo "* as Signature Algorithm (weak)."
285 echo "* only way to update to sha256 or sha512 is to "
286 echo "* start from scratch."
287 echo "* "
288 echo "* If you have existing certificates you want to use"
289 echo "* then start with a new CA, backup up, and then restore"
290 echo "* your phpki-store directory in /opt/phpki"
291 echo "* "
292 echo "******************************************************"
293 echo ""
294
295 if [ -d /opt/phpki/phpki-store ] ; then
296 echo "Backing up your /opt/phpki/phpki-store"
297 today=$(date "+%Y%m%d%H%M")
298 echo "Copying from /opt/phpki/phpki-store to /opt/phpki/phpki-store.$today"
299 /bin/cp -pr /opt/phpki/phpki-store "/opt/phpki/phpki-store.$today"
300 echo "Directory copied... continuing to install"
301 # fix missing md_default
302 if ( grep default_md /opt/phpki/phpki-store/config/config.php -q ); then
303 echo "md_default OK"
304 else
305 echo "default_md missing in /opt/phpki/phpki-store/config/config.php"
306 echo "getting value from /opt/phpki/phpki-store/config/openssl.cnf"
307 # it could ba acceptable to hash sha256 a certificate from a root with sha1.
308 defaultmd=$(awk '/^default_md/{print $NF}' /opt/phpki/phpki-store/config/openssl.cnf || echo "sha512")
309 echo "inserting $defaultmd default_md at end of /opt/phpki/phpki-store/config/config.php"
310 sed -i '/\?>/i \
311 # Define default md \
312 \$config['default_md'] = "'$defaultmd'";' /opt/phpki/phpki-store/config/config.php
313 echo "Done... continuing to install"
314 fi
315 else
316 echo "No directory detected... continuing to install"
317 fi
318
319
320
321 if ! /usr/bin/id phpki &>/dev/null; then
322 echo "Creating phpki user"
323 /usr/sbin/useradd -c 'Phpki User' -s /sbin/nologin -r -d /opt/phpki/phpki-store phpki &>/dev/null || \
324 %logmsg "Unexpected error adding user \"phpki\". Abort installation."
325 fi
326
327 %preun
328
329
330 %post
331 # First install, point index.php to setup.php
332 if [ $1 == 1 ]; then
333 #do not do if there is already a CA (restore from backup))
334 if [ ! -f /opt/phpki/phpki-store/config/config.php ] ; then
335 %{__ln_s} /opt/phpki/html/setup.php-presetup /opt/phpki/html/index.php
336 %{__ln_s} /opt/phpki/html/setup.php-presetup /opt/phpki/html/setup.php
337 fi
338 echo "<?php
339 header(\"Location: ./../index.php\");
340 ?>
341 " > /opt/phpki/html/ca/index.php
342 fi
343
344
345 %postun
346 # Remove the links to index.php after uninstall
347 if [ $1 == 0 ]; then
348 %{__rm} -f /opt/phpki/html/index.php
349 %{__rm} -f /opt/phpki/html/setup.php
350 %{__rm} -f /opt/phpki/html/ca/index.php
351 fi
352
353 true

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed