%define crver 1.3 Summary: SSL certificate and key management utilities Name: crypto-utils Version: 2.4.1 Release: 42%{?dist} Group: Applications/System License: MIT and GPLv2+ and MPLv1.0 Source: crypto-rand-%{crver}.tar.gz Source1: genkey.pl Source2: certwatch.c Source3: certwatch.cron Source4: certwatch.xml Source5: genkey.xml Source6: keyrand.c Source7: COPYING Source8: keyrand.xml Source9: pemutil.c Source10: keyutil.c Source11: certext.c Source12: secutil.c Source14: keyutil.h Source15: secutil.h Source16: NSPRerrs.h Source17: SECerrs.h Source18: copying BuildRequires: nss-devel >= 3.13.1, nss-util-devel >= 3.13.1, pkgconfig, newt-devel, xmlto BuildRequires: perl-devel, perl(Newt), perl(ExtUtils::MakeMaker) Requires: perl(Newt), nss >= 3.13.1, nss-util >= 3.13.1 Requires: %(eval `perl -V:version`; echo "perl(:MODULE_COMPAT_$version)") %description This package provides tools for managing and generating SSL certificates and keys. %prep %setup -q -n crypto-rand-%{crver} %build %configure --with-newt=%{_prefix} CFLAGS="$CFLAGS -fPIC" make -C librand cc $RPM_OPT_FLAGS -Wall -Werror -I/usr/include/nspr4 -I/usr/include/nss3 \ %{SOURCE2} %{SOURCE9} \ -o certwatch -lnspr4 -lnss3 cc $RPM_OPT_FLAGS -Wall -Werror -I/usr/include/nspr4 -I/usr/include/nss3 \ %{SOURCE10} \ %{SOURCE11} \ %{SOURCE12} \ -o keyutil -lplc4 -lnspr4 -lnss3 cc $RPM_OPT_FLAGS -Wall -Werror \ %{SOURCE6} -o keyrand -lnewt -lslang date +"%e %B %Y" | tr -d '\n' > date.xml echo -n %{version} > version.xml for m in %{SOURCE4} %{SOURCE5} %{SOURCE8}; do cp ${m} . done for m in certwatch.xml genkey.xml keyrand.xml; do xmlto man ${m} done pushd Makerand perl -pi -e "s/Stronghold/Crypt/g" * perl Makefile.PL PREFIX=$RPM_BUILD_ROOT/usr OPTIMIZE="$RPM_OPT_FLAGS" INSTALLDIRS=vendor make popd %install sed -n '1,/^ \*\/$/p' librand/qshs.c > LICENSE.librand cp -p %{SOURCE7} . pushd Makerand make install popd find $RPM_BUILD_ROOT -name Makerand.so | xargs chmod 755 find $RPM_BUILD_ROOT \( -name perllocal.pod -o -name .packlist \) -exec rm -v {} \; find $RPM_BUILD_ROOT -type f -name '*.bs' -a -size 0 -exec rm -f {} ';' find $RPM_BUILD_ROOT -depth -type d -exec rmdir {} 2>/dev/null ';' mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/cron.daily \ $RPM_BUILD_ROOT%{_mandir}/man1 \ $RPM_BUILD_ROOT%{_bindir} # install keyrand install -c -m 755 keyrand $RPM_BUILD_ROOT%{_bindir}/keyrand # install certwatch install -c -m 755 certwatch $RPM_BUILD_ROOT%{_bindir}/certwatch install -c -m 755 %{SOURCE3} \ $RPM_BUILD_ROOT%{_sysconfdir}/cron.daily/certwatch for f in certwatch genkey keyrand; do install -c -m 644 ${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1 done # install keyutil install -c -m 755 keyutil $RPM_BUILD_ROOT%{_bindir}/keyutil # install genkey sed -e "s|^\$bindir.*$|\$bindir = \"%{_bindir}\";|" \ -e "s|^\$ssltop.*$|\$ssltop = \"/etc/pki/tls\";|" \ -e "s|^\$sslconf.*$|\$sslconf = \"/etc/pki/tls/openssl.cnf\";|" \ -e "s|^\$cadir.*$|\$cadir = \"/etc/pki/CA\";|" \ -e "1s|.*|\#\!/usr/bin/perl|g" \ -e "s/'Challenge',/'Email','Challenge',/g" \ -e "/@EXTRA@/d" \ < %{SOURCE1} > $RPM_BUILD_ROOT%{_bindir}/genkey chmod -R u+w $RPM_BUILD_ROOT %files %defattr(-,root,root) %attr(0755,root,root) %{_bindir}/* %attr(0755,root,root) %{_sysconfdir}/cron.daily/certwatch %{_mandir}/man*/* %doc LICENSE* COPYING %{perl_vendorarch}/Crypt %{perl_vendorarch}/auto/Crypt %changelog * Thu Feb 13 2014 Joe Orton - 2.4.1-42 - genkey: skip cert generation after CSR for OpenSSL (#1039896) - keyutil: fix error reporting (#1039896) * Fri Jan 24 2014 Daniel Mach - 2.4.1-41 - Mass rebuild 2014-01-24 * Wed Jan 22 2014 Joe Orton - 2.4.1-40.2 - genkey: further improvement to wording around key size (#1039896) * Wed Jan 22 2014 Joe Orton - 2.4.1-40.1 - keyutil: use SHA1 as default hash in created certs (#1030470) - genkey: default to 2048 bit keysize (#1039896) * Fri Dec 27 2013 Daniel Mach - 2.4.1-40 - Mass rebuild 2013-12-27 * Sat Feb 23 2013 Elio Maldonado - 2.4.1-39 - Resolves: rhbz#862430 - CVE-2012-3504 - insecure temporary file usage in genkey * Thu Feb 07 2013 Jon Ciesla - 2.4.1-38 - Merge review fixes, BZ 225666. * Thu Jan 17 2013 Elio Maldonado - 2.4.1-37 - Fix Bug 883618 - certwatch cron job library path - multilib * Wed Jul 18 2012 Fedora Release Engineering - 2.4.1-36 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Mon Jun 11 2012 Petr Pisar - 2.4.1-35 - Perl 5.16 rebuild * Sun Feb 19 2012 Peter Robinson - 2.4.1-34 - Add disttag, cleanup spec * Wed Feb 01 2012 Elio Maldonado - 2.4.1-33 - Resolves: Bug 782142 - keyutil should use error string utilities provided by nss since 3.13 - Update Requires and BuildRequires nss and nss-util mininimum versions - Add needed line breaks to the keyutil usage message * Fri Jan 13 2012 Fedora Release Engineering - 2.4.1-32 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Thu Jul 21 2011 Petr Sabata - 2.4.1-31 - Perl mass rebuild * Thu Jun 23 2011 Elio Maldonado - 2.4.1-30 - Enable building with -Werror=unused-but-set-variable flags (#716076) * Sun Jun 19 2011 Marcela Mašláňová - 2.4.1-29 - Perl mass rebuild * Tue Feb 08 2011 Fedora Release Engineering - 2.4.1-28 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Tue Jun 01 2010 Marcela Maslanova - 2.4.1-27 - Mass rebuild with perl-5.12.0 * Sat Feb 13 2010 Elio Maldonado - 2.4.1-26 - Retag * Sat Feb 13 2010 Elio Maldonado - 2.4.1-25 - Fix broken build due to change in implicit DSO Linking (#565064) * Thu Oct 01 2009 Elio Maldonado - 2.4.1-23 - Fix genkey to produce CSRs, certs, and key in ascii PEM format (#526720) * Fri Jul 24 2009 Fedora Release Engineering - 2.4.1-22 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Thu May 21 2009 Elio Maldonado - 2.4.1-20 - certwatch: Fixed cert suffix to be .crt as Apache expects it (#162116) * Sun Mar 15 2009 Elio Maldonado - 2.4.1-18 - certwatch: Fixed cert expiry time calculations (#473860) - keyutil: Fixed segfault on certificate generation and missing of key/cert pem files (#479886) * Tue Feb 24 2009 Fedora Release Engineering - 2.4.1-17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Fri Feb 20 2009 Elio Maldonado - 2.4.1-14 - keyutil: Fixed bug where key pem file was not written (#473860) - keyutil: Fixed reverse logic that prevented output of the pem encoded key * Thu Jan 29 2009 Elio Maldonado - 2.4.1-9 - certwatch: Fixed cert expiry time calculations (#473860) - keyutil: Fixed segfault on certificate generation (#479886) - genkey: Fixed key file name extension * Wed Jan 21 2009 Elio Maldonado - 2.4.1-8 - certwatch: Fixed cert expiry time warnings off by one error (#473860) * Wed Jan 21 2009 Elio Maldonado - 2.4.1-7 - certwatch: Fixed cert expiry time warnings (#473860) * Mon Jan 05 2009 Elio Maldonado - 2.4.1-6 - genkey: fix ca key name extension * Sun Dec 28 2008 Elio Maldonado - 2.4.1-5 - genkey: fix server key name extension - certwatch: code cleanup * Wed Dec 24 2008 Elio Maldonado - 2.4.1-4 - Fix certwatch time calculations for expiring certificates (#473860) * Mon Nov 03 2008 Elio Maldonado - 2.4.1-3 - preauthenticate to modules using specially formatted password file * Sun Oct 26 2008 Elio Maldonado - 2.4.1-2 - enabled renewal for certs in the nss database - disabled renewal for certs in pem files - added man page examples - requires nss 3.12.2 or higher * Tue Jun 03 2008 Elio Maldonado - 2.4-2 - removed unneeded declaration in pemutil * Tue Jun 03 2008 Elio Maldonado - 2.4-1 - crypto-utils ported to use NSS for cryptography (#346731) - updated documentation accordingly * Mon Mar 3 2008 Tom "spot" Callaway - 2.3-10 - rebuild for new perl again * Tue Feb 19 2008 Fedora Release Engineering - 2.3-9 - Autorebuild for GCC 4.3 * Thu Feb 7 2008 Tom "spot" Callaway 2.3-8 - rebuild for new perl * Wed Dec 5 2007 Joe Orton 2.3-7 - rebuild for new OpenSSL * Tue Oct 30 2007 Joe Orton 2.3-6 - genkey: wording fix * Wed Oct 24 2007 Joe Orton 2.3-5 - genkey: skip the CA selection dialog; the CA-specific instructions are all out-of-date - man page updates, add man page for keyrand * Thu Aug 23 2007 Joe Orton 2.3-4 - fix certwatch -p too - clarify License; package license texts * Wed Aug 22 2007 Joe Orton 2.3-3 - fix certwatch -a (Tuomo Soini, #253819) * Thu Mar 1 2007 Joe Orton 2.3-2 - various cleanups; require perl(Newt) throughout not newt-perl * Thu Aug 17 2006 Joe Orton 2.3-1 - add GPL-licensed keyrand replacement (#20254) * Wed Jul 12 2006 Jesse Keating - 2.2-9.2.2 - rebuild * Fri Feb 10 2006 Jesse Keating - 2.2-9.2.1 - bump again for double-long bug on ppc(64) * Tue Feb 07 2006 Jesse Keating - 2.2-9.2 - rebuilt for new gcc4.1 snapshot and glibc changes * Fri Dec 09 2005 Jesse Keating - rebuilt * Thu Nov 24 2005 Joe Orton 2.2-9 - rebuild for new slang * Tue Nov 8 2005 Tomas Mraz - 2.2-8 - rebuilt with new openssl * Mon Oct 3 2005 Petr Rockai - 2.2-7 - rebuild against newt 0.52 * Thu May 26 2005 Joe Orton 2.2-6 - certwatch: use UTC time correctly (Tomas Mraz, #158703) * Fri May 13 2005 Joe Orton 2.2-5 - genkey(1): fix paths to use /etc/pki * Wed Apr 27 2005 Joe Orton 2.2-4 - genkey: create private key files with permissions 0400 - genkey: tidy up error handling a little * Tue Apr 26 2005 Joe Orton 2.2-3 - pass $OPTIONS to $HTTPD in certwatch.cron - man page tweaks * Tue Apr 26 2005 Joe Orton 2.2-2 - add configuration options for certwatch (#152990) - allow passing options in certwatch.cron via $CERTWATCH_OPTS - require openssl with /etc/pki/tls * Mon Apr 25 2005 Joe Orton 2.2-1 - adapt to use /etc/pki * Fri Mar 4 2005 Joe Orton 2.1-6 - rebuild * Tue Feb 15 2005 Joe Orton 2.1-5 - certwatch: prevent warnings for duplicate certs (#103807) - make /etc/cron.daily/certwatch 0755 (#141003) - add genkey(1) man page (#134821) * Tue Oct 19 2004 Joe Orton 2.1-4 - make certwatch(1) warning distro-neutral - update to crypto-rand 1.1, fixing #136093 * Wed Oct 13 2004 Joe Orton 2.1-3 - send warnings To: root rather than root@localhost (#135533) * Wed Oct 6 2004 Joe Orton 2.1-2 - add BuildRequire newt-devel, xmlto (#134695) * Fri Sep 10 2004 Joe Orton 2.1-1 - add /usr/bin/certwatch - support --days argument to genkey (#131045) * Tue Aug 17 2004 Joe Orton 2.0-6 - add perl MODULE_COMPAT requirement * Mon Aug 16 2004 Joe Orton 2.0-5 - rebuild * Mon Sep 15 2003 Joe Orton 2.0-4 - hide private key passwords during entry - fix CSR generation * Mon Sep 1 2003 Joe Orton 2.0-3 - fix warnings when in UTF-8 locale * Tue Aug 26 2003 Joe Orton 2.0-2 - allow upgrade from Stronghold 4.0 * Mon Aug 4 2003 Joe Orton 2.0-1 - update for RHEL * Wed Sep 11 2002 Joe Orton 1.0-12 - rebuild * Thu Aug 22 2002 Joe Orton 1.0-11 - fix location of OpenSSL configuration file in gencert * Mon Jul 15 2002 Joe Orton 1.0-10 - fix getca SERVERROOT, SSLTOP expansion (#68870) * Mon May 13 2002 Joe Orton 1.0-9 - improvements to genkey * Mon May 13 2002 Joe Orton 1.0-8 - add php.ini handling to stronghold-config * Mon May 13 2002 Joe Orton 1.0-7 - restore stronghold-config * Tue May 07 2002 Gary Benson 1.0-6 - remove stronghold-config * Tue Apr 09 2002 Gary Benson 1.0-5 - change the group to match crypto-rand - change Copyright to License * Mon Mar 25 2002 Gary Benson 1.0-4 - hack to clean up some cruft that gets left in the docroot after we install. * Fri Mar 22 2002 Gary Benson - excise interchange. * Wed Feb 13 2002 Gary Benson 1.0-3 - ask about interchange too. - make /etc/sysconfig/httpd nicer. * Thu May 17 2001 Joe Orton - Redone for Red Hat Linux. * Tue Mar 20 2001 Mark Cox - Changes to make genkey a perl script * Mon Dec 04 2000 Joe Orton - Put the stronghold/bin -> stronghold/ssl/bin symlink in the %%files section rather than creating it in %%post. * Fri Nov 24 2000 Mark Cox - No need for .configure scripts, do the substitution ourselves * Tue Nov 21 2000 Mark Cox - First version. Because this depends on a build environment - We won't worry about ni-scripts for now, they're not used anyhow