/[smecontribs]/rpms/phpki-ng/contribs10/phpki-ng.spec

Diff of /rpms/phpki-ng/contribs10/phpki-ng.spec

Parent Directory | Revision Log | View Revision Graph Revision Graph | View Patch Patch

-Revision 1.1 by jcrisp,
Tue Nov 24 16:17:15 2020 UTC
+Revision 1.18 by jpp,
Wed Dec 28 20:13:45 2022 UTC
 Line 4
  %define         name phpki-ng
  %define         version 0.84
- %define         release 1
+ %define         release 16
  Summary:        Phpki is a simple certificate management suite
  Name:           %{name}
  Version:        %{version}
 Line 14 
 URL:           http://sourceforge.net/projects/p
  Group:          SMEserver/addon
  #wget           http://www.fooweb.com/downloads/foo-3.6.431.tar.gz
  Source:         %{name}-%{version}.tar.gz
+ Patch1:         phpki-ng-0.84-fix-for-php74-code-tidy.patch
+ Patch2:         phpki-ng-0.84-fix-pregmatch-revoke-certs.patch
+ Patch3:         phpki-ng-0.84-fix-crl.patch
+ Patch4:         phpki-ng-0.84-fix-missing-slash-certtype-detection.patch
+ Patch5:         phpki-ng-0.84-fix-html-directory-check.patch
+ Patch6:         phpki-ng-0.84-fix-download-cert.patch
+ Patch7:         phpki-ng-0.84-fix-html-syntax-in-help.patch
+ Patch8:         phpki-ng-0.84-fix-final-redirect.patch
+ Patch9:         phpki-ng-bz12272-bz12273-crl-whitespacepass.patch
+ Patch10:        phpki-ng-bz12274-regex-secu.patch
  BuildArch:      noarch
  BuildRoot:      /var/tmp/%{name}-%{version}
  BuildRequires:  e-smith-devtools
- Requires:       e-smith-release >= 9.0
+ Requires:       e-smith-release >= 10.0
- Requires:       php
+ Requires:       php74-php-fpm
  Requires:       openssl
  Requires:       openvpn
  Conflicts:      phpki
-Line 30 
 AutoReqProv:   no
+Line 40 
 AutoReqProv:   no
  %description
  http://sourceforge.net/projects/phpki/
  https://github.com/radicand/phpki
+ https://github.com/reetp/phpki
  PHPki is an Open Source Web application for managing a multi-agency PKI for HIPAA compliance.
  With it, you may create and centrally manage X.509 certificates for use with S/MIME enabled
  e-mail clients, SSL servers, and VPN applications.
  %changelog
+ * Sat Dec 17 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.84-16.sme
+ - add dl_crl_pem.php [SME: 12272]
+ * Wed Dec 14 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.84-15.sme
+ - fix regex and potential code injection [SME: 12274]
+ * Wed Dec 14 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.84-14.sme
+ - add easy and safe access to crl download [SME: 12272]
+ - fix revoke certificate failing on whitespace pass [SME: 12273]
+ - fix missing default_md in config.php from previous versions [SME: 12267]
+ - updated scriptlet to ease backup and restore
+ * Fri Nov 18 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.84-13.sme
+ - remove extra space in URL in search.php [SME: 12232]
+ * Thu Sep 30 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-12.sme
+ - Attempt to fix the final reload after CA creation [SME: 11192]
+ * Thu Aug 05 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-11.sme
+ - Fix html syntax error in help - Thanks Mauro De Carolis [SME: 11688]
+ * Tue Apr 06 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-10.sme
+ - And tidy up the copying wording. [SME: 11192]
+ - Credit to Terry Fage for persisting with testing
+ * Mon Apr 05 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-9.sme
+ - Really fix the copy this time [SME: 11192]
+ * Sat Apr 03 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-8.sme
+ - copy phpki-store as a backup instead of move [SME: 11192]
+ * Thu Apr 01 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-7.sme
+ - Fix broken Download Certificate in Cert generation [SME: 11513]
+ * Thu Mar 18 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-6.sme
+ - Update html header info [SME: 11192]
+ - Remove obsolete align
+ - Remove accidentally duplicated html
+ - Fix typo
+ - Fix directory check
+ - move function flush_exec to functions file
+ * Tue Mar 09 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-5.sme
+ - Fix missing / [SME:11435]
+ - Update cert type detection for renew [SME: 11436]
+ - Code formatting
+ * Mon Mar 08 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-4.sme
+ - Fix crl creation [SME: 11141]
+ - Extra notes in setup page
+ * Mon Mar 08 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-3.sme
+ - Fix Typo in certificate password [SME: 11435]
+ - Fix typos and preg_match issues [SME: 11436]
+ - Add Certificate creation notification [SME: 11437]
+ - Bit of file formatting
+ * Wed Mar 03 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-2.sme
+ - Change version to 0.84
+ - Fix undefined constant errors [SME: 11397]
+ - fix tempdir [SME: 11398]
+ - update code to be PHP 7.4+ compliant
+ - format with CodeSniff to PSR2
  * Wed Apr 01 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-1.sme
- - Rename to php-ng 0.84
+ - Rename to php-ng 0.84 [SME: 11192]
  - Fix date sorting in certificates
  * Thu Mar 19 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-9.sme
-Line 68 
 e-mail clients, SSL servers, and VPN app
+Line 143 
 e-mail clients, SSL servers, and VPN app
  * Fri Feb 28 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-1.sme
  - Update to 0.83
- * Sat Nov 17 2018 Terry Fage <tfage@yahoo.com.au>
+ * Sat Nov 17 2018 Terry Fage <tfage@yahoo.com.au> 0.82-19.sme
  - Fix preg_match warnings [SME:10622]
  * Mon Oct 8 2018 Daniel B. <daniel@firewall-services.com> 0.82-18.sme
-Line 140 
 e-mail clients, SSL servers, and VPN app
+Line 215 
 e-mail clients, SSL servers, and VPN app
  %prep
  %setup  -c -n %{name}
+ %patch1 -p1
+ %patch2 -p1
+ %patch3 -p1
+ %patch4 -p1
+ %patch5 -p1
+ %patch6 -p1
+ %patch7 -p1
+ %patch8 -p1
+ %patch9 -p1
+ %patch10 -p1
  %build
  %{__mkdir_p} root/opt/phpki/html
-Line 154 
 cat <<"HERE" > root/%{_sysconfdir}/cron.
+Line 239 
 cat <<"HERE" > root/%{_sysconfdir}/cron.
  #!/bin/bash
  cd /opt/phpki/bin
- php ./gen_crl.php 2>&1 > /dev/null
+ /usr/bin/php74 ./gen_crl.php 2>&1 > /dev/null
  HERE
-Line 189 
 cd ..
+Line 274 
 cd ..
  rm -rf $RPM_BUILD_ROOT
  %pre
+ if ! /usr/bin/id phpki &>/dev/null; then
+   echo "Creating phpki user"
+   /usr/sbin/useradd -c 'Phpki User' -s /sbin/nologin -r -d /opt/phpki/phpki-store phpki &>/dev/null || \
+                 %logmsg "Unexpected error adding user \"phpki\". Abort installation."
+ fi
  echo "******************************************************"
  echo "* "
  echo "*       !!! IMPORTANT - READ THIS NOW !!! "
-Line 197 
 echo "**********************************
+Line 288 
 echo "**********************************
  echo "*  This contrib now has higher levels of encryption"
  echo "* "
  echo "*  We cannot upgrade your existing certificates"
+ echo "* existing certificates from SME9 or below have either "
+ echo "* md5WithRSAEncryption sha1WithRSAEncryption"
+ echo "* as Signature Algorithm (weak)."
+ echo "* only way to update to sha256 or sha512 is to "
+ echo "* start from scratch."
  echo "* "
- echo "*  If we detect an existing certificate store"
+ echo "*  If you have existing certificates you want to use"
- echo "*  we are going to move it"
+ echo "*  then start with a new CA, backup up, and then restore"
+ echo "*  your phpki-store directory in /opt/phpki"
  echo "* "
- echo "*  You can then start with a new CA and certificates"
  echo "******************************************************"
  echo ""
  if [ -d /opt/phpki/phpki-store ] ; then
      echo "Backing up your /opt/phpki/phpki-store"
-     RANDOM=$$
+     today=$(date "+%Y%m%d%H%M")
-     PHPKIDIR=$(( 1 + $RANDOM%99999 ))
+     echo "Copying from /opt/phpki/phpki-store to /opt/phpki/phpki-store.$today"
-     echo "Number is $PHPKIDIR"
+     /bin/cp -pr /opt/phpki/phpki-store "/opt/phpki/phpki-store.$today"
-     echo "moving from /opt/phpki/phpki-store to /opt/phpki/phpki-store.$PHPKIDIR"
+     echo "Directory copied... continuing to install"
-     mv /opt/phpki/phpki-store "/opt/phpki/phpki-store.$PHPKIDIR"
+     # fix missing md_default
-     echo "Directory moved...continuing installaton"
+     if ( grep default_md /opt/phpki/phpki-store/config/config.php -q ); then
+       echo "md_default OK"
+     else
+       echo "default_md missing in /opt/phpki/phpki-store/config/config.php"
+       echo "getting  value from /opt/phpki/phpki-store/config/openssl.cnf"
+       # it could ba acceptable to hash sha256 a certificate from a root with sha1.
+       defaultmd=$(awk '/^default_md/{print $NF}' /opt/phpki/phpki-store/config/openssl.cnf || echo "sha512")
+       echo "inserting $defaultmd default_md at end of /opt/phpki/phpki-store/config/config.php"
+       sed -i '/\?>/i \
+       # Define default md \
+       \$config['default_md']    = "'$defaultmd'";' /opt/phpki/phpki-store/config/config.php
+       echo "Done... continuing to install"
+     fi
  else
-     echo "No directory detected...continuing installaton"
+     echo "No directory detected... continuing to install"
  fi
- echo "Creating phpki user"
- if ! /usr/bin/id phpki &>/dev/null; then
-         /usr/sbin/useradd -c 'Phpki User' -s /sbin/nologin -r -d /opt/phpki/phpki-store phpki &>/dev/null || \
-                 %logmsg "Unexpected error adding user \"phpki\". Abort installation."
- fi
  %preun
-Line 230 
 fi
+Line 332 
 fi
  %post
  # First install, point index.php to setup.php
  if [ $1 == 1 ]; then
+   #do not do if there is already a CA (restore from backup))
+   if [ ! -f /opt/phpki/phpki-store/config/config.php ] ; then
          %{__ln_s} /opt/phpki/html/setup.php-presetup /opt/phpki/html/index.php
          %{__ln_s} /opt/phpki/html/setup.php-presetup /opt/phpki/html/setup.php
-         echo "<?php
+   fi
+   echo "<?php
  header(\"Location: ./../index.php\");
  ?>
  " > /opt/phpki/html/ca/index.php

 Legend:



Removed lines/characters
 


Changed lines/characters


 
Added lines/characters
 Legend:



Removed lines/characters
 


Changed lines/characters


 
Added lines/characters
-Removed lines/characters
+Added lines/characters

admin@koozali.org	ViewVC Help
Powered by ViewVC 1.2.1