smecontribs/phpki
6
0
Fork 0
generated from smedev/Template-for-SMEServer-Contribs-Package
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a747530268892a62491ed1f1e609f12bef07736a
phpki/phpki.spec
Jean-Philippe Pialasse a747530268 * Thu Sep 30 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-12.sme 
- Attempt to fix the final reload after CA creation [SME: 11192]
2025-09-11 00:03:08 -04:00

337 lines
12 KiB
RPMSpec
Raw Blame History

# $Id: phpki-ng.spec,v 1.4 2018/11/17 13:20:42 jcrisp Exp $
# Authority: vip-ire
# Name: Daniel Berteaud
%define name phpki
%define version 0.84
%define release 12
Summary: Phpki is a simple certificate management suite
Name: %{name}
Version: %{version}
Release: %{release}%{?dist}
License: GNU GPL version 2
URL: http://sourceforge.net/projects/phpki/
Group: SMEserver/addon
#wget http://www.fooweb.com/downloads/foo-3.6.431.tar.gz
Source: %{name}-%{version}.tar.gz
Patch1: phpki-ng-0.84-fix-for-php74-code-tidy.patch
Patch2: phpki-ng-0.84-fix-pregmatch-revoke-certs.patch
Patch3: phpki-ng-0.84-fix-crl.patch
Patch4: phpki-ng-0.84-fix-missing-slash-certtype-detection.patch
Patch5: phpki-ng-0.84-fix-html-directory-check.patch
Patch6: phpki-ng-0.84-fix-download-cert.patch
Patch7: phpki-ng-0.84-fix-html-syntax-in-help.patch
Patch8: phpki-ng-0.84-fix-final-redirect.patch
BuildArch: noarch
BuildRoot: /var/tmp/%{name}-%{version}
BuildRequires: e-smith-devtools
Requires: e-smith-release >= 10.0
Requires: php74-php-fpm
Requires: openssl
Requires: openvpn
Provides: phpki-ng
AutoReqProv: no
%description
http://sourceforge.net/projects/phpki/
https://github.com/radicand/phpki
https://github.com/reetp/phpki
PHPki is an Open Source Web application for managing a multi-agency PKI for HIPAA compliance.
With it, you may create and centrally manage X.509 certificates for use with S/MIME enabled
e-mail clients, SSL servers, and VPN applications.
%changelog
* Thu Sep 30 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-12.sme
- Attempt to fix the final reload after CA creation [SME: 11192]
* Thu Aug 05 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-11.sme
- Fix html syntax error in help - Thanks Mauro De Carolis [SME: 11688]
* Tue Apr 06 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-10.sme
- And tidy up the copying wording. [SME: 11192]
- Credit to Terry Fage for persisting with testing
* Mon Apr 05 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-9.sme
- Really fix the copy this time [SME: 11192]
* Sat Apr 03 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-8.sme
- copy phpki-store as a backup instead of move [SME: 11192]
* Thu Apr 01 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-7.sme
- Fix broken Download Certificate in Cert generation [SME: 11513]
* Thu Mar 18 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-6.sme
- Update html header info [SME: 11192]
- Remove obsolete align
- Remove accidentally duplicated html
- Fix typo
- Fix directory check
- move function flush_exec to functions file
* Tue Mar 09 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-5.sme
- Fix missing / [SME:11435]
- Update cert type detection for renew [SME: 11436]
- Code formatting
* Mon Mar 08 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-4.sme
- Fix crl creation [SME: 11141]
- Extra notes in setup page
* Mon Mar 08 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-3.sme
- Fix Typo in certificate password [SME: 11435]
- Fix typos and preg_match issues [SME: 11436]
- Add Certificate creation notification [SME: 11437]
- Bit of file formatting
* Wed Mar 03 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-2.sme
- Change version to 0.84
- Fix undefined constant errors [SME: 11397]
- fix tempdir [SME: 11398]
- update code to be PHP 7.4+ compliant
- format with CodeSniff to PSR2
* Wed Apr 01 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.84-1.sme
- Rename to php-ng 0.84 [SME: 11192]
- Fix date sorting in certificates
* Thu Mar 19 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-9.sme
- Update DH to 2048
* Mon Mar 09 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-8.sme
- move warning and exit to %pre
* Sat Mar 07 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-7.sme
- Lots of formatting - adding quotes to items and tidying up
- set default md to 512
* Wed Mar 04 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-6.sme
- Fix renew-cert
- revert DH setup so you can see progress
* Wed Mar 04 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-5.sme
- Fix create cert without password
* Wed Mar 04 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-4.sme
- Fix openvpn error
* Tue Mar 03 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-3.sme
- more fixes
* Sat Feb 29 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-2.sme
- small fixes
* Fri Feb 28 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.83-1.sme
- Update to 0.83
* Sat Nov 17 2018 Terry Fage <tfage@yahoo.com.au> 0.82-19.sme
- Fix preg_match warnings [SME:10622]
* Mon Oct 8 2018 Daniel B. <daniel@firewall-services.com> 0.82-18.sme
- Fix potential XSS with unsafe use of PHP_SELF [SME: 10626]
* Thu Sep 6 2018 brian r. <brianr@bjsystems.co.uk> 0.82-17.sme
- Replace use of ereg by preg_replace as per deprecated in php 5.3 and removed in 7.0
- [SME: 10622]
* Mon Dec 12 2011 Daniel B. <daniel@firewall-services.com> 0.82-16.sme
- Remove php-posix dependency (not available, nor needed on SME 7.x) [SME: 6805]
* Wed Oct 26 2011 Daniel B. <daniel@firewall-services.com> 0.82-15.sme
- Requires php-posix
* Wed Jun 29 2011 Daniel B. <daniel@firewall-services.com> 0.82-14.sme
- Don't check issuer (everyone allowed to access /ca can manage
all the certificates, access to /ca is controlled by apache)
* Tue Mar 15 2011 Daniel B. <daniel@firewall-services.com> 0.82-13.sme
- Replace md5 with sha1 for signing
* Fri May 28 2010 Daniel B. <daniel@firewall-services.com> [0.82-12]
- Weekly update the CRL via cron so MS Crypto API will be happy
* Thu Mar 18 2010 Daniel B. <daniel@firewall-services.com> [0.82-11]
- Fixe empty password with PHP 5.2 (SME 8b5)
* Wed Aug 26 2009 Daniel B. <daniel@firewall-services.com> [0.82-10]
- Fixe links for CA help page
* Mon Mar 23 2009 Daniel B. <daniel@firewall-services.com> [0.82-9]
- Remove links after uninstall so you can easily re-install the contrib
later [SME: 5091]
* Tue Mar 03 2009 Daniel B. <daniel@firewall-services.com> [0.82-8]
- Add e-smith-devtools as a dependencie
* Tue Jan 20 2009 Daniel B. <daniel@firewall-services.com> [0.82-7]
- Don't replace config file on upgrades
* Wed Jan 07 2009 Daniel B. <daniel@firewall-services.com> [0.82-6]
- Remove the email address from the file name during upload (in search page)
- Remove secure.sh script
* Tue Dec 16 2008 Daniel B. <daniel@firewall-services.com> [0.82-5]
- Link index.php to setup-presetup.php
* Mon Dec 08 2008 Daniel B. <daniel@firewall-services.com> [0.82-4]
- Changes so certificates imported from openvpn-bridge are recognized
- Configure default admin user to 'admin'
- Create a static key for OpenVPN TLS auth (requires openvpn)
- Add expirey values (3 Months, 6 Months)
- Display or download takey.pem and dhparam1024.pem from
the certificate management menue
- Display the Root certificate in PEM format
- Possibility to download the CRL in PEM format
- Remove the email address from the file name during upload
- Disable download of certificate after creating a new one
- Remove security warning after setup
* Fri Dec 05 2008 Daniel B. <daniel@firewall-services.com> [0.82-3]
- Correct extension name for email_signing certificates
- Remove links, and recreate them in the %post section so upgrade can be done smoothly
* Wed Nov 26 2008 Daniel B. <daniel@firewall-services.com> [0.82-0]
- initial release
- builds from unchanged .tar.gz
%prep
%setup -c -n %{name}
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%build
%{__mkdir_p} root/opt/phpki/html
%{__mkdir_p} root/opt/phpki/phpki-store
%{__mkdir_p} root/opt/phpki/bin
%{__mkdir_p} root/%{_sysconfdir}/cron.weekly/
%{__mv} %{name}-%{version}/gen_crl.php root/opt/phpki/bin/
%{__mv} %{name}-%{version}/* root/opt/phpki/html/
cat <<"HERE" > root/%{_sysconfdir}/cron.weekly/phpki_update_crl
#!/bin/bash
cd /opt/phpki/bin
/usr/bin/php74 ./gen_crl.php 2>&1 > /dev/null
HERE
# Remove links to setup page so upgrades can be done smoothly
%{__rm} -f root/opt/phpki/html/index.php
%{__rm} -f root/opt/phpki/html/ca/index.php
%{__rm} -f root/opt/phpki/html/setup.php
# This script shouldn't be here
%{__rm} -f root/opt/phpki/html/secure.sh
%install
rm -rf $RPM_BUILD_ROOT
(cd root ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT)
rm -f %{name}-%{version}-filelist
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
--file '/opt/phpki/html/config.php' 'attr(660,root,phpki) %config(noreplace)' \
--file '/opt/phpki/html/openssl.cnf' 'attr(660,root,phpki) %config(noreplace)' \
--file '%{_sysconfdir}/cron.weekly/phpki_update_crl' 'attr(744,root,root)' \
--dir '/opt/phpki/html' 'attr(770,root,phpki)' \
--dir '/opt/phpki/html/ca' 'attr(770,root,phpki)' \
--dir '/opt/phpki/phpki-store' 'attr(750,phpki,phpki)' \
> %{name}-%{version}-filelist
%files -f %{name}-%{version}-filelist
%defattr(-,root,root)
%clean
cd ..
rm -rf $RPM_BUILD_ROOT
%pre
if ! /usr/bin/id phpki &>/dev/null; then
echo "Creating phpki user"
/usr/sbin/useradd -c 'Phpki User' -s /sbin/nologin -r -d /opt/phpki/phpki-store phpki &>/dev/null || \
%logmsg "Unexpected error adding user \"phpki\". Abort installation."
fi
echo "******************************************************"
echo "* "
echo "* !!! IMPORTANT - READ THIS NOW !!! "
echo "* "
echo "******************************************************"
echo "* This contrib now has higher levels of encryption"
echo "* "
echo "* We cannot upgrade your existing certificates"
echo "* existing certificates from SME9 or below have either "
echo "* md5WithRSAEncryption sha1WithRSAEncryption"
echo "* as Signature Algorithm (weak)."
echo "* only way to update to sha256 or sha512 is to "
echo "* start from scratch."
echo "* "
echo "* If you have existing certificates you want to use"
echo "* then start with a new CA, backup up, and then restore"
echo "* your phpki-store directory in /opt/phpki"
echo "* "
echo "******************************************************"
echo ""
if [ -d /opt/phpki/phpki-store ] ; then
echo "Backing up your /opt/phpki/phpki-store"
today=$(date "+%Y%m%d%H%M")
echo "Copying from /opt/phpki/phpki-store to /opt/phpki/phpki-store.$today"
/bin/cp -pr /opt/phpki/phpki-store "/opt/phpki/phpki-store.$today"
echo "Directory copied... continuing to install"
# fix missing md_default
if ( grep default_md /opt/phpki/phpki-store/config/config.php -q ); then
echo "md_default OK"
else
echo "default_md missing in /opt/phpki/phpki-store/config/config.php"
echo "getting value from /opt/phpki/phpki-store/config/openssl.cnf"
# it could ba acceptable to hash sha256 a certificate from a root with sha1.
defaultmd=$(awk '/^default_md/{print $NF}' /opt/phpki/phpki-store/config/openssl.cnf || echo "sha512")
echo "inserting $defaultmd default_md at end of /opt/phpki/phpki-store/config/config.php"
sed -i '/\?>/i \
# Define default md \
\$config['default_md'] = "'$defaultmd'";' /opt/phpki/phpki-store/config/config.php
echo "Done... continuing to install"
fi
else
echo "No directory detected... continuing to install"
fi
%preun
%post
# First install, point index.php to setup.php
if [ $1 == 1 ]; then
#do not do if there is already a CA (restore from backup))
if [ ! -f /opt/phpki/phpki-store/config/config.php ] ; then
%{__ln_s} /opt/phpki/html/setup.php-presetup /opt/phpki/html/index.php
%{__ln_s} /opt/phpki/html/setup.php-presetup /opt/phpki/html/setup.php
fi
echo "<?php
header(\"Location: ./../index.php\");
?>
" > /opt/phpki/html/ca/index.php
fi
%postun
# Remove the links to index.php after uninstall
if [ $1 == 0 ]; then
%{__rm} -f /opt/phpki/html/index.php
%{__rm} -f /opt/phpki/html/setup.php
%{__rm} -f /opt/phpki/html/ca/index.php
fi
true
Reference in New Issue View Git Blame Copy Permalink