| 1 |
# $Id: phpki.spec,v 1.5 2020/03/03 14:55:34 jcrisp Exp $ |
| 2 |
# Authority: vip-ire |
| 3 |
# Name: Daniel Berteaud |
| 4 |
|
| 5 |
%define name phpki |
| 6 |
%define version 0.82 |
| 7 |
%define release 21 |
| 8 |
Summary: Phpki is a simple certificate management suite |
| 9 |
Name: %{name} |
| 10 |
Version: %{version} |
| 11 |
Release: %{release}%{?dist} |
| 12 |
License: GNU GPL version 2 |
| 13 |
URL: http://sourceforge.net/projects/phpki/ |
| 14 |
Group: SMEserver/addon |
| 15 |
#wget http://www.fooweb.com/downloads/foo-3.6.431.tar.gz |
| 16 |
Source: phpki-0.82.tar.gz |
| 17 |
Patch1: phpki-0.82-email_signing.patch |
| 18 |
Patch2: phpki-0.82-sme_openvpn_bridge_compat.patch |
| 19 |
Patch3: phpki-0.82-sme_admin_user.patch |
| 20 |
Patch4: phpki-0.82-openvpn_static_key.patch |
| 21 |
Patch5: phpki-0.82-expirey.patch |
| 22 |
Patch6: phpki-0.82-dl_display_ta_dh.patch |
| 23 |
Patch7: phpki-0.82-dl_crl_in_pem.patch |
| 24 |
Patch8: phpki-0.82-remove_email_from_upload_file_name.patch |
| 25 |
Patch9: phpki-0.82-display_root_pem.patch |
| 26 |
Patch10: phpki-0.82-disable_download_after_create.patch |
| 27 |
Patch11: phpki-0.82-remove_security_warning.patch |
| 28 |
Patch12: phpki-0.82-remove_email_from_upload_file_name.patch2 |
| 29 |
Patch13: phpki-0.82-ca_help.patch |
| 30 |
Patch14: phpki-0.82-empty_pass_php_5.2.patch |
| 31 |
Patch15: phpki-0.82-update_crl_via_cron.patch |
| 32 |
Patch16: phpki-0.82-use_sha1.patch |
| 33 |
Patch17: phpki-0.82-ca_admin_users.patch |
| 34 |
Patch18: phpki-0.82.bz10622.fixphpwarnings.patch |
| 35 |
Patch19: phpki-0.82-potential_xss_php_self.patch |
| 36 |
Patch20: phpki-0.82-fix-preg_match.patch |
| 37 |
Patch21: phpki-0.82-fix-dates.patch |
| 38 |
Patch22: phpki-0.82-fix-dates-2.patch |
| 39 |
|
| 40 |
BuildArch: noarch |
| 41 |
BuildRoot: /var/tmp/%{name}-%{version} |
| 42 |
|
| 43 |
BuildRequires: e-smith-devtools |
| 44 |
|
| 45 |
Requires: e-smith-release >= 9.0 |
| 46 |
Requires: php |
| 47 |
Requires: openssl |
| 48 |
Requires: openvpn |
| 49 |
AutoReqProv: no |
| 50 |
|
| 51 |
%description |
| 52 |
http://sourceforge.net/projects/phpki/ |
| 53 |
PHPki is an Open Source Web application for managing a multi-agency PKI for HIPAA compliance. |
| 54 |
With it, you may create and centrally manage X.509 certificates for use with S/MIME enabled |
| 55 |
e-mail clients, SSL servers, and VPN applications. |
| 56 |
|
| 57 |
%changelog |
| 58 |
* Thu Apr 02 2020 John Crisp <jcrsip@safeandsoundit.co.uk> 0.82-21.sme |
| 59 |
- Modify the dates fix to sort digitally |
| 60 |
|
| 61 |
* Tue Mar 03 2020 John Crisp <jcrsip@safeandsoundit.co.uk> 0.82-20.sme |
| 62 |
- Backporting some fixes from 0.83+ |
| 63 |
- Fix start/finish/revoke dates |
| 64 |
- expand preg match statements |
| 65 |
- Fix some formatting |
| 66 |
- Bump the required release version |
| 67 |
- Fix country code check [SME:8911] |
| 68 |
|
| 69 |
* Sat Nov 17 2018 Terry Fage <tfage@yahoo.com.au> 0.82-19.sme |
| 70 |
- Fix preg_match warnings [SME:10622] |
| 71 |
|
| 72 |
* Mon Oct 8 2018 Daniel B. <daniel@firewall-services.com> 0.82-18.sme |
| 73 |
- Fix potential XSS with unsafe use of PHP_SELF [SME: 10626] |
| 74 |
|
| 75 |
* Thu Sep 6 2018 brian r. <brianr@bjsystems.co.uk> 0.82-17.sme |
| 76 |
- Replace use of ereg by preg_replace as per deprecated in php 5.3 and removed in 7.0 |
| 77 |
- [SME: 10622] |
| 78 |
|
| 79 |
* Mon Dec 12 2011 Daniel B. <daniel@firewall-services.com> 0.82-16.sme |
| 80 |
- Remove php-posix dependency (not available, nor needed on SME 7.x) [SME: 6805] |
| 81 |
|
| 82 |
* Wed Oct 26 2011 Daniel B. <daniel@firewall-services.com> 0.82-15.sme |
| 83 |
- Requires php-posix |
| 84 |
|
| 85 |
* Wed Jun 29 2011 Daniel B. <daniel@firewall-services.com> 0.82-14.sme |
| 86 |
- Don't check issuer (everyone allowed to access /ca can manage |
| 87 |
all the certificates, access to /ca is controlled by apache) |
| 88 |
|
| 89 |
* Tue Mar 15 2011 Daniel B. <daniel@firewall-services.com> 0.82-13.sme |
| 90 |
- Replace md5 with sha1 for signing |
| 91 |
|
| 92 |
* Fri May 28 2010 Daniel B. <daniel@firewall-services.com> [0.82-12] |
| 93 |
- Weekly update the CRL via cron so MS Crypto API will be happy |
| 94 |
|
| 95 |
* Thu Mar 18 2010 Daniel B. <daniel@firewall-services.com> [0.82-11] |
| 96 |
- Fixe empty password with PHP 5.2 (SME 8b5) |
| 97 |
|
| 98 |
* Wed Aug 26 2009 Daniel B. <daniel@firewall-services.com> [0.82-10] |
| 99 |
- Fixe links for CA help page |
| 100 |
|
| 101 |
* Mon Mar 23 2009 Daniel B. <daniel@firewall-services.com> [0.82-9] |
| 102 |
- Remove links after uninstall so you can easily re-install the contrib |
| 103 |
later [SME: 5091] |
| 104 |
|
| 105 |
* Tue Mar 03 2009 Daniel B. <daniel@firewall-services.com> [0.82-8] |
| 106 |
- Add e-smith-devtools as a dependencie |
| 107 |
|
| 108 |
* Tue Jan 20 2009 Daniel B. <daniel@firewall-services.com> [0.82-7] |
| 109 |
- Don't replace config file on upgrades |
| 110 |
|
| 111 |
* Wed Jan 07 2009 Daniel B. <daniel@firewall-services.com> [0.82-6] |
| 112 |
- Remove the email address from the file name during upload (in search page) |
| 113 |
- Remove secure.sh script |
| 114 |
|
| 115 |
* Tue Dec 16 2008 Daniel B. <daniel@firewall-services.com> [0.82-5] |
| 116 |
- Link index.php to setup-presetup.php |
| 117 |
|
| 118 |
* Mon Dec 08 2008 Daniel B. <daniel@firewall-services.com> [0.82-4] |
| 119 |
- Changes so certificates imported from openvpn-bridge are recognized |
| 120 |
- Configure default admin user to 'admin' |
| 121 |
- Create a static key for OpenVPN TLS auth (requires openvpn) |
| 122 |
- Add expirey values (3 Months, 6 Months) |
| 123 |
- Display or download takey.pem and dhparam1024.pem from |
| 124 |
the certificate management menue |
| 125 |
- Display the Root certificate in PEM format |
| 126 |
- Possibility to download the CRL in PEM format |
| 127 |
- Remove the email address from the file name during upload |
| 128 |
- Disable download of certificate after creating a new one |
| 129 |
- Remove security warning after setup |
| 130 |
|
| 131 |
* Wed Dec 05 2008 Daniel B. <daniel@firewall-services.com> [0.82-3] |
| 132 |
- Correct extension name for email_signing certificates |
| 133 |
- Remove links, and recreate them in the %post section so upgrade can be done smoothly |
| 134 |
|
| 135 |
* Wed Nov 26 2008 Daniel B. <daniel@firewall-services.com> [0.82-0] |
| 136 |
- initial release |
| 137 |
- builds from unchanged .tar.gz |
| 138 |
|
| 139 |
%prep |
| 140 |
%setup -c -n %{name} |
| 141 |
%patch1 -p1 |
| 142 |
%patch2 -p1 |
| 143 |
%patch3 -p1 |
| 144 |
%patch4 -p1 |
| 145 |
%patch5 -p1 |
| 146 |
%patch6 -p1 |
| 147 |
%patch7 -p1 |
| 148 |
%patch8 -p1 |
| 149 |
%patch9 -p1 |
| 150 |
%patch10 -p1 |
| 151 |
%patch11 -p1 |
| 152 |
%patch12 -p1 |
| 153 |
%patch13 -p1 |
| 154 |
%patch14 -p1 |
| 155 |
%patch15 -p1 |
| 156 |
%patch16 -p1 |
| 157 |
%patch17 -p1 |
| 158 |
%patch18 -p1 |
| 159 |
%patch19 -p1 |
| 160 |
%patch20 -p1 |
| 161 |
%patch21 -p1 |
| 162 |
%patch22 -p1 |
| 163 |
|
| 164 |
%build |
| 165 |
%{__mkdir_p} root/opt/phpki/html |
| 166 |
%{__mkdir_p} root/opt/phpki/phpki-store |
| 167 |
%{__mkdir_p} root/opt/phpki/bin |
| 168 |
%{__mkdir_p} root/%{_sysconfdir}/cron.weekly/ |
| 169 |
%{__mv} %{name}-%{version}/gen_crl.php root/opt/phpki/bin/ |
| 170 |
%{__mv} %{name}-%{version}/* root/opt/phpki/html/ |
| 171 |
|
| 172 |
|
| 173 |
cat <<"HERE" > root/%{_sysconfdir}/cron.weekly/phpki_update_crl |
| 174 |
#!/bin/bash |
| 175 |
|
| 176 |
cd /opt/phpki/bin |
| 177 |
php ./gen_crl.php 2>&1 > /dev/null |
| 178 |
|
| 179 |
HERE |
| 180 |
|
| 181 |
|
| 182 |
# Remove links to setup page so upgrades can be done smoothly |
| 183 |
%{__rm} -f root/opt/phpki/html/index.php |
| 184 |
%{__rm} -f root/opt/phpki/html/ca/index.php |
| 185 |
%{__rm} -f root/opt/phpki/html/setup.php |
| 186 |
|
| 187 |
# This script shouldn't be here |
| 188 |
%{__rm} -f root/opt/phpki/html/secure.sh |
| 189 |
|
| 190 |
|
| 191 |
%install |
| 192 |
rm -rf $RPM_BUILD_ROOT |
| 193 |
(cd root ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT) |
| 194 |
rm -f %{name}-%{version}-filelist |
| 195 |
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \ |
| 196 |
--file '/opt/phpki/html/config.php' 'attr(660,root,phpki) %config(noreplace)' \ |
| 197 |
--file '/opt/phpki/html/openssl.cnf' 'attr(660,root,phpki) %config(noreplace)' \ |
| 198 |
--file '%{_sysconfdir}/cron.weekly/phpki_update_crl' 'attr(744,root,root)' \ |
| 199 |
--dir '/opt/phpki/html' 'attr(770,root,phpki)' \ |
| 200 |
--dir '/opt/phpki/html/ca' 'attr(770,root,phpki)' \ |
| 201 |
--dir '/opt/phpki/phpki-store' 'attr(750,phpki,phpki)' \ |
| 202 |
> %{name}-%{version}-filelist |
| 203 |
|
| 204 |
%files -f %{name}-%{version}-filelist |
| 205 |
%defattr(-,root,root) |
| 206 |
|
| 207 |
%clean |
| 208 |
cd .. |
| 209 |
rm -rf $RPM_BUILD_ROOT |
| 210 |
|
| 211 |
%pre |
| 212 |
if ! /usr/bin/id phpki &>/dev/null; then |
| 213 |
/usr/sbin/useradd -c 'Phpki User' -s /sbin/nologin -r -d /opt/phpki/phpki-store phpki &>/dev/null || \ |
| 214 |
%logmsg "Unexpected error adding user \"phpki\". Abort installation." |
| 215 |
fi |
| 216 |
|
| 217 |
%preun |
| 218 |
|
| 219 |
%post |
| 220 |
# First install, point index.php to setup.php |
| 221 |
if [ $1 == 1 ]; then |
| 222 |
%{__ln_s} /opt/phpki/html/setup.php-presetup /opt/phpki/html/index.php |
| 223 |
%{__ln_s} /opt/phpki/html/setup.php-presetup /opt/phpki/html/setup.php |
| 224 |
echo "<?php |
| 225 |
header(\"Location: ./../index.php\"); |
| 226 |
?> |
| 227 |
" > /opt/phpki/html/ca/index.php |
| 228 |
fi |
| 229 |
|
| 230 |
%postun |
| 231 |
# Remove the links to index.php after uninstall |
| 232 |
if [ $1 == 0 ]; then |
| 233 |
%{__rm} -f /opt/phpki/html/index.php |
| 234 |
%{__rm} -f /opt/phpki/html/setup.php |
| 235 |
%{__rm} -f /opt/phpki/html/ca/index.php |
| 236 |
fi |
| 237 |
|
| 238 |
|
| 239 |
true |
Parent Directory
| 
Revision Log
| 
Revision Graph
