phpki/contribs9/phpki.spec

# $Id: phpki.spec,v 1.2 2018/09/08 20:59:10 jcrisp Exp $
# Authority: vip-ire
# Name: Daniel Berteaud

%define         name phpki
%define         version 0.82
%define         release 18
Summary:        Phpki is a simple certificate management suite
Name:           %{name}
Version:        %{version}
Release:        %{release}%{?dist}
License:        GNU GPL version 2
URL:            http://sourceforge.net/projects/phpki/
Group:          SMEserver/addon
#wget           http://www.fooweb.com/downloads/foo-3.6.431.tar.gz
Source:         phpki-0.82.tar.gz
Patch1:         phpki-0.82-email_signing.patch
Patch2:         phpki-0.82-sme_openvpn_bridge_compat.patch
Patch3:         phpki-0.82-sme_admin_user.patch
Patch4:         phpki-0.82-openvpn_static_key.patch
Patch5:         phpki-0.82-expirey.patch
Patch6:         phpki-0.82-dl_display_ta_dh.patch
Patch7:         phpki-0.82-dl_crl_in_pem.patch
Patch8:         phpki-0.82-remove_email_from_upload_file_name.patch
Patch9:         phpki-0.82-display_root_pem.patch
Patch10:        phpki-0.82-disable_download_after_create.patch
Patch11:        phpki-0.82-remove_security_warning.patch
Patch12:        phpki-0.82-remove_email_from_upload_file_name.patch2
Patch13:        phpki-0.82-ca_help.patch
Patch14:        phpki-0.82-empty_pass_php_5.2.patch
Patch15:        phpki-0.82-update_crl_via_cron.patch
Patch16:        phpki-0.82-use_sha1.patch
Patch17:        phpki-0.82-ca_admin_users.patch
Patch18:        phpki-0.82.bz10622.fixphpwarnings.patch
Patch19:        phpki-0.82-potential_xss_php_self.patch

BuildArch:      noarch
BuildRoot:      /var/tmp/%{name}-%{version}

BuildRequires:  e-smith-devtools

Requires:       e-smith-release >= 7.0
Requires:       php
Requires:       openssl
Requires:       openvpn
AutoReqProv:    no

%description
http://sourceforge.net/projects/phpki/
PHPki is an Open Source Web application for managing a multi-agency PKI for HIPAA compliance.
With it, you may create and centrally manage X.509 certificates for use with S/MIME enabled 
e-mail clients, SSL servers, and VPN applications.

%changelog
* Mon Oct 8 2018 Daniel B. <daniel@firewall-services.com> 0.82-18.sme
- Fix potential XSS with unsafe use of PHP_SELF [SME: 10626]

* Thu Sep 6 2018 brian r. <brianr@bjsystems.co.uk> 0.82-17.sme
- Replace use of ereg by preg_replace as per deprecated in php 5.3 and removed in 7.0

* Mon Dec 12 2011 Daniel B. <daniel@firewall-services.com> 0.82-16.sme
- Remove php-posix dependency (not available, nor needed on SME 7.x) [SME: 6805]

* Wed Oct 26 2011 Daniel B. <daniel@firewall-services.com> 0.82-15.sme
- Requires php-posix

* Wed Jun 29 2011 Daniel B. <daniel@firewall-services.com> 0.82-14.sme
- Don't check issuer (everyone allowed to access /ca can manage
  all the certificates, access to /ca is controlled by apache)

* Tue Mar 15 2011 Daniel B. <daniel@firewall-services.com> 0.82-13.sme
- Replace md5 with sha1 for signing

* Fri May 28 2010 Daniel B. <daniel@firewall-services.com> [0.82-12]
- Weekly update the CRL via cron so MS Crypto API will be happy

* Thu Mar 18 2010 Daniel B. <daniel@firewall-services.com> [0.82-11]
- Fixe empty password with PHP 5.2 (SME 8b5)

* Wed Aug 26 2009 Daniel B. <daniel@firewall-services.com> [0.82-10]
- Fixe links for CA help page

* Mon Mar 23 2009 Daniel B. <daniel@firewall-services.com> [0.82-9]
- Remove links after uninstall so you can easily re-install the contrib
  later [SME: 5091]

* Tue Mar 03 2009 Daniel B. <daniel@firewall-services.com> [0.82-8]
- Add e-smith-devtools as a dependencie

* Tue Jan 20 2009 Daniel B. <daniel@firewall-services.com> [0.82-7]
- Don't replace config file on upgrades

* Wed Jan 07 2009 Daniel B. <daniel@firewall-services.com> [0.82-6]
- Remove the email address from the file name during upload (in search page)
- Remove secure.sh script

* Tue Dec 16 2008 Daniel B. <daniel@firewall-services.com> [0.82-5]
- Link index.php to setup-presetup.php

* Mon Dec 08 2008 Daniel B. <daniel@firewall-services.com> [0.82-4]
- Changes so certificates imported from openvpn-bridge are recognized
- Configure default admin user to 'admin'
- Create a static key for OpenVPN TLS auth (requires openvpn)
- Add expirey values (3 Months, 6 Months)
- Display or download takey.pem and dhparam1024.pem from 
  the certificate management menue
- Display the Root certificate in PEM format
- Possibility to download the CRL in PEM format
- Remove the email address from the file name during upload
- Disable download of certificate after creating a new one
- Remove security warning after setup

* Wed Dec 05 2008 Daniel B. <daniel@firewall-services.com> [0.82-3]
- Correct extension name for email_signing certificates
- Remove links, and recreate them in the %post section so upgrade can be done smoothly

* Wed Nov 26 2008 Daniel B. <daniel@firewall-services.com> [0.82-0]
- initial release
- builds from unchanged .tar.gz

%prep
%setup  -c -n %{name}
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1

%build
%{__mkdir_p} root/opt/phpki/html
%{__mkdir_p} root/opt/phpki/phpki-store
%{__mkdir_p} root/opt/phpki/bin
%{__mkdir_p} root/%{_sysconfdir}/cron.weekly/
%{__mv} %{name}-%{version}/gen_crl.php root/opt/phpki/bin/
%{__mv} %{name}-%{version}/* root/opt/phpki/html/


cat <<"HERE" > root/%{_sysconfdir}/cron.weekly/phpki_update_crl
#!/bin/bash

cd /opt/phpki/bin
php ./gen_crl.php 2>&1 > /dev/null

HERE


# Remove links to setup page so upgrades can be done smoothly
%{__rm} -f root/opt/phpki/html/index.php
%{__rm} -f root/opt/phpki/html/ca/index.php
%{__rm} -f root/opt/phpki/html/setup.php

# This script shouldn't be here
%{__rm} -f root/opt/phpki/html/secure.sh


%install
rm -rf $RPM_BUILD_ROOT
(cd root   ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT)
rm -f %{name}-%{version}-filelist
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
   --file '/opt/phpki/html/config.php' 'attr(660,root,phpki) %config(noreplace)' \
   --file '/opt/phpki/html/openssl.cnf' 'attr(660,root,phpki) %config(noreplace)' \
   --file '%{_sysconfdir}/cron.weekly/phpki_update_crl' 'attr(744,root,root)' \
   --dir  '/opt/phpki/html' 'attr(770,root,phpki)' \
   --dir  '/opt/phpki/html/ca' 'attr(770,root,phpki)' \
   --dir  '/opt/phpki/phpki-store' 'attr(750,phpki,phpki)' \
    > %{name}-%{version}-filelist

%files -f %{name}-%{version}-filelist
%defattr(-,root,root)

%clean
cd ..
rm -rf $RPM_BUILD_ROOT

%pre
if ! /usr/bin/id phpki &>/dev/null; then
        /usr/sbin/useradd -c 'Phpki User' -s /sbin/nologin -r -d /opt/phpki/phpki-store phpki &>/dev/null || \
                %logmsg "Unexpected error adding user \"phpki\". Abort installation."
fi

%preun

%post
# First install, point index.php to setup.php
if [ $1 == 1 ]; then
        %{__ln_s} /opt/phpki/html/setup.php-presetup /opt/phpki/html/index.php
        %{__ln_s} /opt/phpki/html/setup.php-presetup /opt/phpki/html/setup.php
        echo "<?php
header(\"Location: ./../index.php\");
?>
" > /opt/phpki/html/ca/index.php
fi

%postun
# Remove the links to index.php after uninstall
if [ $1 == 0 ]; then
    %{__rm} -f /opt/phpki/html/index.php
    %{__rm} -f /opt/phpki/html/setup.php
    %{__rm} -f /opt/phpki/html/ca/index.php
fi


true
1	# $Id: phpki.spec,v 1.2 2018/09/08 20:59:10 jcrisp Exp $
2	# Authority: vip-ire
3	# Name: Daniel Berteaud
4
5	%define name phpki
6	%define version 0.82
7	%define release 18
8	Summary: Phpki is a simple certificate management suite
9	Name: %{name}
10	Version: %{version}
11	Release: %{release}%{?dist}
12	License: GNU GPL version 2
13	URL: http://sourceforge.net/projects/phpki/
14	Group: SMEserver/addon
15	#wget http://www.fooweb.com/downloads/foo-3.6.431.tar.gz
16	Source: phpki-0.82.tar.gz
17	Patch1: phpki-0.82-email_signing.patch
18	Patch2: phpki-0.82-sme_openvpn_bridge_compat.patch
19	Patch3: phpki-0.82-sme_admin_user.patch
20	Patch4: phpki-0.82-openvpn_static_key.patch
21	Patch5: phpki-0.82-expirey.patch
22	Patch6: phpki-0.82-dl_display_ta_dh.patch
23	Patch7: phpki-0.82-dl_crl_in_pem.patch
24	Patch8: phpki-0.82-remove_email_from_upload_file_name.patch
25	Patch9: phpki-0.82-display_root_pem.patch
26	Patch10: phpki-0.82-disable_download_after_create.patch
27	Patch11: phpki-0.82-remove_security_warning.patch
28	Patch12: phpki-0.82-remove_email_from_upload_file_name.patch2
29	Patch13: phpki-0.82-ca_help.patch
30	Patch14: phpki-0.82-empty_pass_php_5.2.patch
31	Patch15: phpki-0.82-update_crl_via_cron.patch
32	Patch16: phpki-0.82-use_sha1.patch
33	Patch17: phpki-0.82-ca_admin_users.patch
34	Patch18: phpki-0.82.bz10622.fixphpwarnings.patch
35	Patch19: phpki-0.82-potential_xss_php_self.patch
36
37	BuildArch: noarch
38	BuildRoot: /var/tmp/%{name}-%{version}
39
40	BuildRequires: e-smith-devtools
41
42	Requires: e-smith-release >= 7.0
43	Requires: php
44	Requires: openssl
45	Requires: openvpn
46	AutoReqProv: no
47
48	%description
49	http://sourceforge.net/projects/phpki/
50	PHPki is an Open Source Web application for managing a multi-agency PKI for HIPAA compliance.
51	With it, you may create and centrally manage X.509 certificates for use with S/MIME enabled
52	e-mail clients, SSL servers, and VPN applications.
53
54	%changelog
55	* Mon Oct 8 2018 Daniel B. <daniel@firewall-services.com> 0.82-18.sme
56	- Fix potential XSS with unsafe use of PHP_SELF [SME: 10626]
57
58	* Thu Sep 6 2018 brian r. <brianr@bjsystems.co.uk> 0.82-17.sme
59	- Replace use of ereg by preg_replace as per deprecated in php 5.3 and removed in 7.0
60
61	* Mon Dec 12 2011 Daniel B. <daniel@firewall-services.com> 0.82-16.sme
62	- Remove php-posix dependency (not available, nor needed on SME 7.x) [SME: 6805]
63
64	* Wed Oct 26 2011 Daniel B. <daniel@firewall-services.com> 0.82-15.sme
65	- Requires php-posix
66
67	* Wed Jun 29 2011 Daniel B. <daniel@firewall-services.com> 0.82-14.sme
68	- Don't check issuer (everyone allowed to access /ca can manage
69	all the certificates, access to /ca is controlled by apache)
70
71	* Tue Mar 15 2011 Daniel B. <daniel@firewall-services.com> 0.82-13.sme
72	- Replace md5 with sha1 for signing
73
74	* Fri May 28 2010 Daniel B. <daniel@firewall-services.com> [0.82-12]
75	- Weekly update the CRL via cron so MS Crypto API will be happy
76
77	* Thu Mar 18 2010 Daniel B. <daniel@firewall-services.com> [0.82-11]
78	- Fixe empty password with PHP 5.2 (SME 8b5)
79
80	* Wed Aug 26 2009 Daniel B. <daniel@firewall-services.com> [0.82-10]
81	- Fixe links for CA help page
82
83	* Mon Mar 23 2009 Daniel B. <daniel@firewall-services.com> [0.82-9]
84	- Remove links after uninstall so you can easily re-install the contrib
85	later [SME: 5091]
86
87	* Tue Mar 03 2009 Daniel B. <daniel@firewall-services.com> [0.82-8]
88	- Add e-smith-devtools as a dependencie
89
90	* Tue Jan 20 2009 Daniel B. <daniel@firewall-services.com> [0.82-7]
91	- Don't replace config file on upgrades
92
93	* Wed Jan 07 2009 Daniel B. <daniel@firewall-services.com> [0.82-6]
94	- Remove the email address from the file name during upload (in search page)
95	- Remove secure.sh script
96
97	* Tue Dec 16 2008 Daniel B. <daniel@firewall-services.com> [0.82-5]
98	- Link index.php to setup-presetup.php
99
100	* Mon Dec 08 2008 Daniel B. <daniel@firewall-services.com> [0.82-4]
101	- Changes so certificates imported from openvpn-bridge are recognized
102	- Configure default admin user to 'admin'
103	- Create a static key for OpenVPN TLS auth (requires openvpn)
104	- Add expirey values (3 Months, 6 Months)
105	- Display or download takey.pem and dhparam1024.pem from
106	the certificate management menue
107	- Display the Root certificate in PEM format
108	- Possibility to download the CRL in PEM format
109	- Remove the email address from the file name during upload
110	- Disable download of certificate after creating a new one
111	- Remove security warning after setup
112
113	* Wed Dec 05 2008 Daniel B. <daniel@firewall-services.com> [0.82-3]
114	- Correct extension name for email_signing certificates
115	- Remove links, and recreate them in the %post section so upgrade can be done smoothly
116
117	* Wed Nov 26 2008 Daniel B. <daniel@firewall-services.com> [0.82-0]
118	- initial release
119	- builds from unchanged .tar.gz
120
121	%prep
122	%setup -c -n %{name}
123	%patch1 -p1
124	%patch2 -p1
125	%patch3 -p1
126	%patch4 -p1
127	%patch5 -p1
128	%patch6 -p1
129	%patch7 -p1
130	%patch8 -p1
131	%patch9 -p1
132	%patch10 -p1
133	%patch11 -p1
134	%patch12 -p1
135	%patch13 -p1
136	%patch14 -p1
137	%patch15 -p1
138	%patch16 -p1
139	%patch17 -p1
140	%patch18 -p1
141	%patch19 -p1
142
143	%build
144	%{__mkdir_p} root/opt/phpki/html
145	%{__mkdir_p} root/opt/phpki/phpki-store
146	%{__mkdir_p} root/opt/phpki/bin
147	%{__mkdir_p} root/%{_sysconfdir}/cron.weekly/
148	%{__mv} %{name}-%{version}/gen_crl.php root/opt/phpki/bin/
149	%{__mv} %{name}-%{version}/* root/opt/phpki/html/
150
151
152	cat <<"HERE" > root/%{_sysconfdir}/cron.weekly/phpki_update_crl
153	#!/bin/bash
154
155	cd /opt/phpki/bin
156	php ./gen_crl.php 2>&1 > /dev/null
157
158	HERE
159
160
161	# Remove links to setup page so upgrades can be done smoothly
162	%{__rm} -f root/opt/phpki/html/index.php
163	%{__rm} -f root/opt/phpki/html/ca/index.php
164	%{__rm} -f root/opt/phpki/html/setup.php
165
166	# This script shouldn't be here
167	%{__rm} -f root/opt/phpki/html/secure.sh
168
169
170	%install
171	rm -rf $RPM_BUILD_ROOT
172	(cd root ; find . -depth -print \| cpio -dump $RPM_BUILD_ROOT)
173	rm -f %{name}-%{version}-filelist
174	/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
175	--file '/opt/phpki/html/config.php' 'attr(660,root,phpki) %config(noreplace)' \
176	--file '/opt/phpki/html/openssl.cnf' 'attr(660,root,phpki) %config(noreplace)' \
177	--file '%{_sysconfdir}/cron.weekly/phpki_update_crl' 'attr(744,root,root)' \
178	--dir '/opt/phpki/html' 'attr(770,root,phpki)' \
179	--dir '/opt/phpki/html/ca' 'attr(770,root,phpki)' \
180	--dir '/opt/phpki/phpki-store' 'attr(750,phpki,phpki)' \
181	> %{name}-%{version}-filelist
182
183	%files -f %{name}-%{version}-filelist
184	%defattr(-,root,root)
185
186	%clean
187	cd ..
188	rm -rf $RPM_BUILD_ROOT
189
190	%pre
191	if ! /usr/bin/id phpki &>/dev/null; then
192	/usr/sbin/useradd -c 'Phpki User' -s /sbin/nologin -r -d /opt/phpki/phpki-store phpki &>/dev/null \|\| \
193	%logmsg "Unexpected error adding user \"phpki\". Abort installation."
194	fi
195
196	%preun
197
198	%post
199	# First install, point index.php to setup.php
200	if [ $1 == 1 ]; then
201	%{__ln_s} /opt/phpki/html/setup.php-presetup /opt/phpki/html/index.php
202	%{__ln_s} /opt/phpki/html/setup.php-presetup /opt/phpki/html/setup.php
203	echo "<?php
204	header(\"Location: ./../index.php\");
205	?>
206	" > /opt/phpki/html/ca/index.php
207	fi
208
209	%postun
210	# Remove the links to index.php after uninstall
211	if [ $1 == 0 ]; then
212	%{__rm} -f /opt/phpki/html/index.php
213	%{__rm} -f /opt/phpki/html/setup.php
214	%{__rm} -f /opt/phpki/html/ca/index.php
215	fi
216
217
218	true