initial commit of file from CVS for smeserver-phpki-ng on Sat Sep 7 20:50:40 AEST 2024
This commit is contained in:
parent
216095c0ea
commit
c46ac6300b
4
.gitignore
vendored
Normal file
4
.gitignore
vendored
Normal file
@ -0,0 +1,4 @@
|
||||
*.rpm
|
||||
*.log
|
||||
*spec-20*
|
||||
*.tar.xz
|
21
Makefile
Normal file
21
Makefile
Normal file
@ -0,0 +1,21 @@
|
||||
# Makefile for source rpm: smeserver-phpki-ng
|
||||
# $Id: Makefile,v 1.1 2020/11/24 16:28:21 jcrisp Exp $
|
||||
NAME := smeserver-phpki-ng
|
||||
SPECFILE = $(firstword $(wildcard *.spec))
|
||||
|
||||
define find-makefile-common
|
||||
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
|
||||
endef
|
||||
|
||||
MAKEFILE_COMMON := $(shell $(find-makefile-common))
|
||||
|
||||
ifeq ($(MAKEFILE_COMMON),)
|
||||
# attept a checkout
|
||||
define checkout-makefile-common
|
||||
test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
|
||||
endef
|
||||
|
||||
MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
|
||||
endif
|
||||
|
||||
include $(MAKEFILE_COMMON)
|
14
README.md
14
README.md
@ -1,3 +1,15 @@
|
||||
# smeserver-phpki-ng
|
||||
# <img src="https://www.koozali.org/images/koozali/Logo/Png/Koozali_logo_2016.png" width="25%" vertical="auto" style="vertical-align:bottom"> smeserver-phpki-ng
|
||||
|
||||
SMEServer Koozali developed git repo for smeserver-phpki-ng smecontribs
|
||||
|
||||
## Wiki
|
||||
<br />https://wiki.koozali.org/
|
||||
|
||||
## Bugzilla
|
||||
Show list of outstanding bugs: [here](https://bugs.koozali.org/buglist.cgi?component=smeserver-phpki-ng&product=SME%20Contribs&query_format=advanced&limit=0&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=CONFIRMED)
|
||||
|
||||
## Description
|
||||
|
||||
<br />*This description has been generated by an LLM AI system and cannot be relied on to be fully correct.*
|
||||
*Once it has been checked, then this comment will be deleted*
|
||||
<br />
|
||||
|
1
contriborbase
Normal file
1
contriborbase
Normal file
@ -0,0 +1 @@
|
||||
contribs10
|
60
createlinks
Normal file
60
createlinks
Normal file
@ -0,0 +1,60 @@
|
||||
#!/usr/bin/perl -w
|
||||
|
||||
use esmith::Build::CreateLinks qw(:all);
|
||||
|
||||
# Start and stop links
|
||||
|
||||
#service_link_enhanced("httpd-pki", "S86", "7");
|
||||
#service_link_enhanced("httpd-pki", "K15", "6");
|
||||
#service_link_enhanced("httpd-pki", "K15", "0");
|
||||
#service_link_enhanced("httpd-pki", "K15", "1");
|
||||
|
||||
#safe_symlink("../daemontools" , 'root/etc/rc.d/init.d/supervise/httpd-pki');
|
||||
#safe_symlink("/var/service/httpd-pki" , 'root/service/httpd-pki');
|
||||
|
||||
# Panel links
|
||||
|
||||
panel_link("phpki", 'manager');
|
||||
|
||||
# Events links
|
||||
event_link("phpki-fixtakey", qw(bootstrap-console-save post-upgrade), "50");
|
||||
event_link("phpki-fixownership", qw(bootstrap-console-save post-upgrade), "02");
|
||||
templates2events("/etc/httpd/pki-conf/httpd.conf", qw(bootstrap-console-save conf-userpanel domain-modify));
|
||||
safe_symlink("restart", "root/etc/e-smith/events/conf-userpanel/services2adjust/httpd-pki");
|
||||
safe_symlink("restart", "root/etc/e-smith/events/domain-modify/services2adjust/httpd-pki");
|
||||
safe_symlink("restart", "root/etc/e-smith/events/logrotate/services2adjust/httpd-pki");
|
||||
|
||||
|
||||
# our event specific for updating with yum without reboot
|
||||
$event = "smeserver-phpki-ng-update";
|
||||
#add here the path to your templates needed to expand
|
||||
#see the /etc/systemd/system-preset/49-koozali.preset should be present for systemd integration on all you yum update event
|
||||
|
||||
foreach my $file (qw(
|
||||
/etc/systemd/system-preset/49-koozali.preset
|
||||
/etc/httpd/conf/httpd.conf
|
||||
/etc/httpd/pki-conf/httpd.conf
|
||||
/etc/opt/remi/php73/php-fpm.d/www.conf
|
||||
/opt/phpki/html/config.php
|
||||
))
|
||||
{
|
||||
templates2events( $file, $event );
|
||||
}
|
||||
|
||||
#action needed in case we have a systemd unit
|
||||
event_link("systemd-default", $event, "10");
|
||||
event_link("systemd-reload", $event, "50");
|
||||
|
||||
#action specific to this package
|
||||
event_link("phpki-fixownership", $event, "02");
|
||||
event_link("phpki-fixtakey", $event, "50");
|
||||
#event_link("conf-timezone", $event, "30");
|
||||
#services we need to restart
|
||||
safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/httpd-pki");
|
||||
safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/httpd-e-smith");
|
||||
safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/php73-php-fpm");
|
||||
|
||||
use esmith::Build::Backup qw(:all);
|
||||
backup_includes("smeserver-phpki-ng", qw(
|
||||
/opt/phpki/
|
||||
));
|
1
root/etc/e-smith/db/accounts/defaults/phpki/type
Normal file
1
root/etc/e-smith/db/accounts/defaults/phpki/type
Normal file
@ -0,0 +1 @@
|
||||
system
|
@ -0,0 +1 @@
|
||||
940
|
@ -0,0 +1 @@
|
||||
enabled
|
@ -0,0 +1 @@
|
||||
service
|
9
root/etc/e-smith/events/actions/phpki-fixownership
Normal file
9
root/etc/e-smith/events/actions/phpki-fixownership
Normal file
@ -0,0 +1,9 @@
|
||||
#!/bin/bash
|
||||
|
||||
chown root:phpki /opt/phpki/html/config.php
|
||||
chown root:phpki /opt/phpki/html/openssl.cnf
|
||||
chown phpki:phpki -R /opt/phpki/phpki-store*
|
||||
chown root:phpki /opt/phpki/html/ca
|
||||
|
||||
chmod +x /opt/phpki/html/
|
||||
chmod +x /opt/phpki/html/ca
|
8
root/etc/e-smith/events/actions/phpki-fixtakey
Normal file
8
root/etc/e-smith/events/actions/phpki-fixtakey
Normal file
@ -0,0 +1,8 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [[ -f /opt/phpki/phpki-store/CA/private/cakey.pem && ! -f /opt/phpki/phpki-store/CA/private/takey.pem ]]
|
||||
then
|
||||
echo "creating missing takey.pem"
|
||||
runuser -u phpki -- openvpn --genkey --secret /opt/phpki/phpki-store/CA/private/takey.pem
|
||||
fi
|
||||
|
@ -0,0 +1,8 @@
|
||||
<lexicon lang="fr" params="lexicon_params()">
|
||||
<!-- vim: ft=xml
|
||||
-->
|
||||
<entry>
|
||||
<base>Certificate Management</base>
|
||||
<trans>Gestion des certificats</trans>
|
||||
</entry>
|
||||
</lexicon>
|
@ -0,0 +1,3 @@
|
||||
FILTER=sub { $_[0] =~ /^\s*$/ ? '' : $_[0] }
|
||||
GID='phpki'
|
||||
PERMS=0660
|
@ -0,0 +1,69 @@
|
||||
{
|
||||
# vim: ft=perl:
|
||||
|
||||
|
||||
$haveSSL = (exists ${modSSL}{status} and ${modSSL}{status} eq "enabled") ? 'yes' : 'no';
|
||||
|
||||
$OUT = '';
|
||||
if ((${'httpd-pki'}{'status'} || 'disabled') eq 'enabled'){
|
||||
|
||||
if (($port eq "80") && ($haveSSL eq 'yes')){
|
||||
$OUT .= " RewriteRule ^/phpki(/.*|\$) https://%{HTTP_HOST}/phpki\$1 [L,R]\n";
|
||||
}
|
||||
else{
|
||||
$OUT .= " ProxyPass /phpki http://127.0.0.1:${'httpd-pki'}{TCPPort}/phpki\n";
|
||||
$OUT .= " ProxyPassReverse /phpki http://127.0.0.1:${'httpd-pki'}{TCPPort}/phpki\n";
|
||||
}
|
||||
|
||||
$OUT .=<<"HERE";
|
||||
|
||||
#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
|
||||
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
|
||||
#LoadModule proxy_express_module modules/mod_proxy_express.so
|
||||
#LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
|
||||
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
|
||||
#LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
|
||||
#LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
|
||||
|
||||
<Location /phpki>
|
||||
SSLRequireSSL on
|
||||
Require ip $localAccess $externalSSLAccess
|
||||
</Location>
|
||||
# we want Public access to ns_revoke_query.php
|
||||
<Location /phpki/ns_revoke_query.php>
|
||||
Require all granted
|
||||
</Location>
|
||||
# we want Public access to policy
|
||||
<Location /phpki/policy.html>
|
||||
Require all granted
|
||||
</Location>
|
||||
# we want Public access to help
|
||||
<Location /phpki/help>
|
||||
Require all granted
|
||||
</Location>
|
||||
<Location /phpki/help.php>
|
||||
Require all granted
|
||||
</Location>
|
||||
# we want Public access to crl list
|
||||
<Location /phpki/dl_crl.php>
|
||||
Require all granted
|
||||
</Location>
|
||||
<Location /phpki/dl_crl_pem.php>
|
||||
Require all granted
|
||||
</Location>
|
||||
# and we redirect old config to our new safer script
|
||||
RewriteEngine On
|
||||
RewriteCond %{QUERY_STRING} stage=dl_crl(&|\$)
|
||||
RewriteRule ^ /phpki/dl_crl.php [QSD,R=302,L]
|
||||
RewriteCond %{QUERY_STRING} stage=dl_crl_pem(&|\$)
|
||||
RewriteRule ^ /phpki/dl_crl_pem.php [QSD,R=302,L]
|
||||
|
||||
HERE
|
||||
# safely redirect crl request to php script striping all GET requests
|
||||
# but would leave POST
|
||||
#RewriteEngine On
|
||||
#RewriteCond %{REQUEST_URI} ^/?phpki/dl_crl/?\$
|
||||
#RewriteRule ^ /phpki/index.php?stage=dl_crl [P,NC]
|
||||
|
||||
}
|
||||
}
|
@ -0,0 +1,28 @@
|
||||
{
|
||||
|
||||
use esmith::AccountsDB;
|
||||
|
||||
sub getUsersList ($){
|
||||
my ($panelName) = @_;
|
||||
my $a = esmith::AccountsDB->open_ro || die "Error opening accounts db";
|
||||
my @users = $a->users();
|
||||
my @groups = $a->groups();
|
||||
my @Users = ();
|
||||
foreach my $user (@users){
|
||||
my $panels = $user->prop('AdminPanels') || '';
|
||||
push(@Users,$user->key) if ($panels =~ /^(.*,)?$panelName(,.*)?$/);
|
||||
}
|
||||
foreach my $group (@groups){
|
||||
$panels = $group->prop('AdminPanels') || '';
|
||||
if ($panels =~ /^(.*,)?$panelName(,.*)?$/){
|
||||
my @members = split(/,/,($group->prop('Members') || ''));
|
||||
push(@Users,@members);
|
||||
}
|
||||
}
|
||||
|
||||
my %seen = ();
|
||||
my $u = join (' ', grep { ! $seen{ $_ }++ } @Users);
|
||||
return $u;
|
||||
}
|
||||
}
|
||||
|
@ -0,0 +1,23 @@
|
||||
{
|
||||
#---------------------------------------------------------------------
|
||||
# Grab ValidFrom access list property of httpd-admin
|
||||
# SSL enabled virtual hosts should only allow access from IP's in
|
||||
# this list, as well as local networks.
|
||||
#---------------------------------------------------------------------
|
||||
use esmith::NetworksDB;
|
||||
|
||||
my $ndb = esmith::NetworksDB->open_ro();
|
||||
|
||||
my @localAccess = $ndb->local_access_spec();
|
||||
my $validFrom = ${'httpd-admin'}{'ValidFrom'};
|
||||
if ($validFrom)
|
||||
{
|
||||
push @localAccess, split /,/, $validFrom;
|
||||
}
|
||||
$localAccess .= join ' ',
|
||||
map { s:/255.255.255.255::; $_ }
|
||||
@localAccess;
|
||||
|
||||
"";
|
||||
}
|
||||
|
@ -0,0 +1,8 @@
|
||||
{
|
||||
$OUT .= "LoadModule auth_tkt_module modules/mod_auth_tkt.so\n";
|
||||
|
||||
my $secret = ${'httpd-admin'}{TKTAuthSecret} || "34322500-7330-4400-423A-3A00434F5245";
|
||||
$OUT .= "TKTAuthSecret \"$secret\"\n";
|
||||
$OUT .= "TKTAuthDigestType SHA256\n";
|
||||
}
|
||||
|
@ -0,0 +1,162 @@
|
||||
{
|
||||
my $port = ${'httpd-pki'}{TCPPort} || '940';
|
||||
$OUT .= "Listen 127.0.0.1:$port\n";
|
||||
|
||||
$OUT .= <<HERE;
|
||||
|
||||
HostnameLookups off
|
||||
|
||||
ServerAdmin admin@$DomainName
|
||||
ServerRoot /etc/httpd
|
||||
ServerTokens ProductOnly
|
||||
|
||||
User phpki
|
||||
Group phpki
|
||||
|
||||
ErrorLog /var/log/httpd/pki_error_log
|
||||
LogLevel warn
|
||||
HERE
|
||||
|
||||
foreach (qw(
|
||||
env
|
||||
log_config
|
||||
mime
|
||||
negotiation
|
||||
status
|
||||
info
|
||||
include
|
||||
autoindex
|
||||
dir
|
||||
asis
|
||||
imagemap
|
||||
actions
|
||||
userdir
|
||||
proxy
|
||||
proxy_http
|
||||
alias
|
||||
rewrite
|
||||
auth
|
||||
auth_anon
|
||||
auth_digest
|
||||
expires
|
||||
headers
|
||||
usertrack
|
||||
setenvif
|
||||
ssl
|
||||
cgi
|
||||
mpm_prefork
|
||||
unixd
|
||||
authn_core
|
||||
authz_core
|
||||
authz_user
|
||||
authz_host
|
||||
proxy_ajp
|
||||
proxy_connect
|
||||
proxy_express
|
||||
proxy_fcgi
|
||||
proxy_ftp
|
||||
proxy_html
|
||||
proxy_scgi
|
||||
proxy_wstunnel
|
||||
))
|
||||
{
|
||||
next unless -f "/usr/lib/httpd/modules/mod_${_}.so" ||
|
||||
-f "/usr/lib64/httpd/modules/mod_${_}.so";
|
||||
$OUT .= "LoadModule ${_}_module modules/mod_${_}.so\n";
|
||||
}
|
||||
|
||||
$OUT .= "# we do not use php module anymore, but php-fpm";
|
||||
|
||||
$OUT .=<<"HERE";
|
||||
|
||||
|
||||
|
||||
PidFile /var/run/httpd-pki.pid
|
||||
ScoreBoardFile /var/run/httpd-pki.scoreboard
|
||||
UseCanonicalName off
|
||||
LogFormat "%h %l %u %t \\"%r\\" %>s %b" common
|
||||
LogFormat "%{User-agent}i" agent
|
||||
|
||||
CustomLog /var/log/httpd/pki_access_log common
|
||||
|
||||
KeepAlive On
|
||||
MaxKeepAliveRequests 100
|
||||
KeepAliveTimeout 15
|
||||
|
||||
MaxClients 150
|
||||
MaxRequestsPerChild 100
|
||||
|
||||
ServerName www.$DomainName
|
||||
|
||||
MinSpareServers 1
|
||||
MaxSpareServers 5
|
||||
StartServers 1
|
||||
Timeout 300
|
||||
|
||||
DefaultIcon /icons/unknown.gif
|
||||
DirectoryIndex index.htm index.html index.php index.cgi
|
||||
IndexOptions FancyIndexing VersionSort NameWidth=*
|
||||
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
|
||||
AccessFileName .htaccess
|
||||
|
||||
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
|
||||
AddIconByType (TXT,/icons/text.gif) text/*
|
||||
AddIconByType (IMG,/icons/image2.gif) image/*
|
||||
AddIconByType (SND,/icons/sound2.gif) audio/*
|
||||
AddIconByType (VID,/icons/movie.gif) video/*
|
||||
TypesConfig /etc/mime.types
|
||||
|
||||
AddEncoding x-compress Z
|
||||
AddEncoding x-gzip gz
|
||||
|
||||
AddIcon /icons/binary.gif .bin .exe
|
||||
AddIcon /icons/binhex.gif .hqx
|
||||
AddIcon /icons/tar.gif .tar
|
||||
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
|
||||
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
|
||||
AddIcon /icons/a.gif .ps .ai .eps
|
||||
AddIcon /icons/layout.gif .html .shtml .htm .pdf
|
||||
AddIcon /icons/text.gif .txt
|
||||
AddIcon /icons/c.gif .c
|
||||
AddIcon /icons/p.gif .pl .py
|
||||
AddIcon /icons/f.gif .for
|
||||
AddIcon /icons/dvi.gif .dvi
|
||||
AddIcon /icons/uuencoded.gif .uu
|
||||
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
|
||||
AddIcon /icons/tex.gif .tex
|
||||
AddIcon /icons/bomb.gif core
|
||||
|
||||
AddIcon /icons/back.gif ..
|
||||
AddIcon /icons/hand.right.gif README
|
||||
AddIcon /icons/folder.gif ^^DIRECTORY^^
|
||||
AddIcon /icons/blank.gif ^^BLANKICON^^
|
||||
|
||||
AddLanguage en .en
|
||||
AddLanguage fr .fr
|
||||
AddLanguage de .de
|
||||
AddLanguage da .da
|
||||
AddLanguage el .el
|
||||
AddLanguage it .it
|
||||
|
||||
LanguagePriority en fr de
|
||||
|
||||
AddType text/html .shtml
|
||||
AddType application/x-pkcs7-crl .crl
|
||||
|
||||
AddType application/x-x509-ca-cert .crt
|
||||
|
||||
BrowserMatch "Mozilla/2" nokeepalive
|
||||
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
|
||||
BrowserMatch "RealPlayer 4\.0" force-response-1.0
|
||||
BrowserMatch "Java/1\.0" force-response-1.0
|
||||
BrowserMatch "JDK/1\.0" force-response-1.0
|
||||
|
||||
AddHandler cgi-script .cgi
|
||||
AddHandler server-parsed .shtml
|
||||
AddHandler imap-file map
|
||||
|
||||
DocumentRoot /opt/phpki/html
|
||||
|
||||
HERE
|
||||
}
|
||||
|
@ -0,0 +1,11 @@
|
||||
|
||||
# First, we configure the "default" to be a very restrictive set of
|
||||
# permissions.
|
||||
|
||||
<Directory />
|
||||
Options None
|
||||
AllowOverride None
|
||||
Require all denied
|
||||
</Directory>
|
||||
|
||||
|
@ -0,0 +1,52 @@
|
||||
|
||||
Alias /phpki /opt/phpki/html/
|
||||
|
||||
# Main access allowed for valid user
|
||||
<Directory /opt/phpki/html>
|
||||
AddType application/x-httpd-php .php
|
||||
Options FollowSymLinks
|
||||
{
|
||||
my $key = "phpki";
|
||||
my $pool_name = lc $key;
|
||||
my $version = ${httpd-pki}{'PHPVersion'} || '73';
|
||||
$OUT .="
|
||||
<FilesMatch .php\$>
|
||||
SetHandler \"proxy:unix:/var/run/php-fpm/php${version}-${pool_name}.sock|fcgi://localhost\"
|
||||
</FilesMatch>\n";
|
||||
}
|
||||
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
|
||||
SetEnvIfNoCase Cookie ".*auth_tkt=(.*);?" HTTP_AUTH_TKT=$1
|
||||
AddType application/x-x509-ca-cert .crt .pem
|
||||
AddType application/pkix-crl .crl
|
||||
AddType application/pkix-cert .cer .der
|
||||
AllowOverride None
|
||||
Require ip 127.0.0.1
|
||||
</Directory>
|
||||
|
||||
# /ca is only allowed for admin and explicitely authorized users
|
||||
<Location /phpki/ca>
|
||||
AuthName "PHPKI Admin"
|
||||
AuthType Basic
|
||||
TKTAuthLoginURL /server-common/cgi-bin/login
|
||||
<RequireAll>
|
||||
Require user admin {getUsersList("phpki");}
|
||||
Require ip 127.0.0.1
|
||||
</RequireAll>
|
||||
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
|
||||
SetEnvIfNoCase Cookie ".*auth_tkt=(.*);?" HTTP_AUTH_TKT=$1
|
||||
{
|
||||
my $ManagerTimeout = ${'httpd-admin'}{ManagerTimeout} || "30m";
|
||||
$OUT = " TKTAuthTimeout $ManagerTimeout\n";
|
||||
my $Cookie = ${'httpd-admin'}{Cookie} || "disabled";
|
||||
$OUT .= " TKTAuthCookieExpires $ManagerTimeout\n" if "$Cookie" eq "enabled";
|
||||
my $ManagerTimeoutReset = ${'httpd-admin'}{ManagerTimeoutReset} || "0.66";
|
||||
$OUT .= " TKTAuthTimeoutRefresh $ManagerTimeoutReset\n";
|
||||
}
|
||||
</Location>
|
||||
|
||||
# Disable access to /admin, which is used to configure user/password
|
||||
# via an htaccess file
|
||||
<Directory /opt/phpki/html/admin>
|
||||
Require all denied
|
||||
</Directory>
|
||||
|
69
root/etc/e-smith/templates/etc/php-fpm.d/www.conf/20pki
Normal file
69
root/etc/e-smith/templates/etc/php-fpm.d/www.conf/20pki
Normal file
@ -0,0 +1,69 @@
|
||||
{
|
||||
use esmith::ConfigDB;
|
||||
my $c = esmith::ConfigDB->open_ro || die "Couldn't open the configuration database\n";
|
||||
my $httpdpki = $c->get( 'httpd-pki' );
|
||||
|
||||
my $version = $httpdpki->prop('PHPVersion') || '73';
|
||||
# we enable both the httpd server and php pool with same status
|
||||
my $status = $httpdpki->prop('status') || 'disabled';
|
||||
return unless ($status eq 'enabled' && $version eq $PHP_VERSION);
|
||||
my $key = 'phpki';
|
||||
my $pool_name = lc $key;
|
||||
my $include_path = ".:/usr/share/pear-addons:/usr/share/pear:/usr/share/pear-data:/usr/share/php:/usr/sbin/:/usr/bin:/opt/phpki/html:/opt/phpki/html/include";
|
||||
my $open_basedir = "/opt/phpki:/var/lib/php/phpki:/usr/sbin/openvpn:/usr/bin/which:/usr/bin/cat:/usr/bin/egrep:$include_path";
|
||||
my $disabled_functions = 'show_source,dl,passthru'
|
||||
;
|
||||
# Format vars
|
||||
$disabled_functions = join(', ', split /[,;:]/, $disabled_functions);
|
||||
$open_basedir = join(':', split(/[,;:]/, $open_basedir . ",/usr/share/php"));
|
||||
|
||||
$OUT .=<<"_EOF" if ($version eq $PHP_VERSION);
|
||||
|
||||
[$pool_name]
|
||||
user = phpki
|
||||
group = phpki
|
||||
listen.owner = root
|
||||
listen.group = phpki
|
||||
listen.mode = 0660
|
||||
listen = /var/run/php-fpm/php$version-$pool_name.sock
|
||||
catch_workers_output = yes
|
||||
pm = dynamic
|
||||
pm.max_children = 15
|
||||
pm.start_servers = 3
|
||||
pm.min_spare_servers = 3
|
||||
pm.max_spare_servers = 4
|
||||
pm.max_requests = 1000
|
||||
slowlog = /var/log/$key/slow.log
|
||||
php_admin_value[session.save_path] = /var/lib/php/$key/session
|
||||
php_admin_value[opcache.file_cache] = /var/lib/php/$key/opcache
|
||||
php_admin_value[upload_tmp_dir] = /var/lib/php/$key/tmp
|
||||
php_admin_value[sys_temp_dir] = /var/lib/php/$key/tmp
|
||||
php_admin_flag[display_errors] = off
|
||||
php_admin_value[error_reporting] =E_ERROR | E_WARNING | E_PARSE
|
||||
php_admin_value[error_log] = /var/log/$key/error.log
|
||||
php_admin_flag[log_errors] = on
|
||||
; php_admin_value[max_execution_time] = $max_execution_time
|
||||
php_admin_value[disable_functions] = $disabled_functions
|
||||
php_admin_flag[allow_url_fopen] = off
|
||||
php_admin_flag[file_upload] = off
|
||||
php_admin_flag[session.cookie_httponly] = on
|
||||
php_admin_flag[allow_url_include] = off
|
||||
php_admin_value[session.save_handler] = files
|
||||
php_admin_value[open_basedir] = $open_basedir
|
||||
|
||||
php_admin_value[auto_prepend_file] = /usr/share/php/auth_translation.php
|
||||
php_value[include_path] = $include_path
|
||||
php_flag[magic_quotes_gpc] = off
|
||||
php_flag[track_vars] = on
|
||||
php_flag[session.use_trans_sid] = off
|
||||
php_flag[register_globals] = off
|
||||
php_flag[register_long_arrays] = on
|
||||
|
||||
; Needed so shell_exec does it right
|
||||
env[PATH] = $include_path
|
||||
|
||||
_EOF
|
||||
|
||||
|
||||
}
|
||||
|
@ -0,0 +1,38 @@
|
||||
{
|
||||
# use Data::Validate::IP;
|
||||
use Net::IP qw(ip_is_ipv4 ip_is_ipv6);
|
||||
our $KeySize = $modSSL{KeySize} ||'4096';
|
||||
our $FQDN = "$SystemName.$DomainName";
|
||||
our $Country = $modSSL{Country} || "--";
|
||||
our $State = $modSSL{State} || "----";
|
||||
our $commonName = $modSSL{CommonName} || $FQDN;
|
||||
our $crt = "/home/e-smith/ssl.crt/$FQDN.crt";
|
||||
our $key = "/home/e-smith/ssl.key/$FQDN.key";
|
||||
our $defaultCity = $ldap{defaultCity} || '-';
|
||||
our $defaultCompany = $ldap{defaultCompany} || $commonName ;
|
||||
our $defaultDepartment = $ldap{defaultDepartment} || '-';
|
||||
our $email = "admin\@$DomainName";
|
||||
our @subjectAlt = `/sbin/e-smith/generate-subjectaltnames`;
|
||||
chomp @subjectAlt;
|
||||
our $subjectAltName = "";
|
||||
my $i=0;
|
||||
for my $elem (@subjectAlt) {
|
||||
$subjectAltName .= ", " if $i>0;
|
||||
$i++;
|
||||
if (ip_is_ipv4($elem) || ip_is_ipv6($elem) ){
|
||||
$subjectAltName .= "IP:$elem";
|
||||
next;
|
||||
}
|
||||
$subjectAltName .= "DNS:$elem";
|
||||
}
|
||||
$subjectAltName = ( $subjectAltName eq "DNS: ")? "": $subjectAltName;
|
||||
|
||||
# crop fields that are too long for X509:
|
||||
$Country = substr($Country, 0, 2);
|
||||
$defaultCity = substr($defaultCity, 0, 128);
|
||||
$defaultCompany = substr($defaultCompany, 0, 64);
|
||||
$defaultDepartment = substr($defaultDepartment, 0, 64);
|
||||
$email = substr($email, 0, 64);
|
||||
$commonName = substr($commonName, 0, 64);
|
||||
$OUT="";
|
||||
}
|
@ -0,0 +1,30 @@
|
||||
{
|
||||
my $phone = ${ldap}{defaultPhoneNumber} || "none";
|
||||
my $zip = ${ldap}{postalCode} || "H0H 0H0";
|
||||
my $street = ${ldap}{defaultStreet} || "Address Line #1";
|
||||
@lines = map {
|
||||
m:\$config\['common_name'\]: && s/.*/\$config['common_name']='$commonName';/;
|
||||
m:\$config\['unit'\]: && s/.*/\$config['unit']='$defaultDepartment';/;
|
||||
m:\$config\['keysize'\]: && s/.*/\$config['keysize']='4096';/;
|
||||
m:\$config\['country'\]: && s/.*/\$config['country']='$Country';/;
|
||||
m:\$config\['province'\]: && s/.*/\$config['province']='$State';/;
|
||||
m:\$config\['locality'\]: && s/.*/\$config['locality']='$defaultCity';/;
|
||||
m:\$config\['organization'\]: && s/.*/\$config['organization']='$defaultCompany';/;
|
||||
m:\$config\['contact'\]: && s/.*/\$config['contact']='$email';/;
|
||||
m:\$config\['base_url'\]: && s/.*/\$config['base_url']='https:\/\/$commonName\/phpki\/';/;
|
||||
s/(^|\n)[\n\s]*/$1/g;;
|
||||
$_
|
||||
} @lines;
|
||||
push @lines, "\$config['common_name']='$commonName';" unless grep( /\$config\['common_name'\]/ ,@lines);
|
||||
push @lines, "\$config['unit']='$defaultDepartment';" unless grep( /\$config\['unit'\]/ ,@lines);
|
||||
push @lines, "\$config['keysize']='4096';" unless grep( /\$config\['keysize'\]/ ,@lines);
|
||||
push @lines, "\$config['country']='$Country';" unless grep( /\$config\['country'\]/ ,@lines);
|
||||
push @lines, "\$config['province']='$State';" unless grep( /\$config\['province'\]/ ,@lines);
|
||||
push @lines, "\$config['locality']='$defaultCity';" unless grep( /\$config\['locality'\]/ ,@lines);
|
||||
push @lines, "\$config['organization']='$defaultCompany';" unless grep( /\$config\['organization'\]/ ,@lines);
|
||||
push @lines, "\$config['contact']='$email';" unless grep( /\$config\['contact'\]/ ,@lines);
|
||||
push @lines, "\$config['base_url']='https://$commonName/phpki/';" unless grep( /\$config\['base_url'\]/ ,@lines);
|
||||
# we do not update the following as it will mess up the file.
|
||||
push @lines, "\$config[\'getting_help\']=\'<b>Contact:</b><br>\nFirst-Name Last-Name<br>\n$defaultCompany/$defaultDepartment<br>\n$street<br>\n$defaultCity, $State, $zip<br>\n<br>\nPhone: $phone<br>\nE-mail: <a href=mailto:$email>$email</a> <i><b>E-mail is preferred.</b></i><br>\';" unless grep( /\$config\['getting_help'\]/ ,@lines);
|
||||
"";
|
||||
}
|
@ -0,0 +1,12 @@
|
||||
{
|
||||
$OUT .= "";
|
||||
foreach my $line (@lines)
|
||||
{
|
||||
chomp $line;
|
||||
next if grep { /^$/ } $line ;
|
||||
push @lines, $_;
|
||||
|
||||
$OUT .= "$line\n";
|
||||
}
|
||||
$OUT .= "?>";
|
||||
}
|
@ -0,0 +1,17 @@
|
||||
{
|
||||
# vim: ft=perl:
|
||||
%lines = ();
|
||||
@lines = ();
|
||||
open (RD, "</opt/phpki/html/config.php")
|
||||
|| warn "Cannot open input file /opt/phpki/html/config.php: $!\n";
|
||||
while (<RD>)
|
||||
{
|
||||
chomp;
|
||||
next if grep { /^$/ } $_ ;
|
||||
next if grep { /^\?/ } $_;
|
||||
push @lines, $_;
|
||||
$lines{$_} = 1;
|
||||
}
|
||||
close(RD);
|
||||
"";
|
||||
}
|
32
root/etc/e-smith/web/functions/phpki
Normal file
32
root/etc/e-smith/web/functions/phpki
Normal file
@ -0,0 +1,32 @@
|
||||
#!/usr/bin/perl
|
||||
#----------------------------------------------------------------------
|
||||
# heading : Security
|
||||
# description : Certificate Management
|
||||
# navigation : 4000 4200
|
||||
#----------------------------------------------------------------------
|
||||
|
||||
use strict;
|
||||
use CGI':all';
|
||||
use CGI::Carp qw(fatalsToBrowser);
|
||||
|
||||
|
||||
BEGIN
|
||||
{
|
||||
$ENV {'PATH'} = '/bin:/usr/bin:/sbin';
|
||||
$ENV {'SHELL'} = '/bin/bash';
|
||||
delete $ENV {'ENV'};
|
||||
}
|
||||
|
||||
|
||||
my $q = new CGI;
|
||||
my $content="0; url=https://".$ENV {'HTTP_X_FORWARDED_HOST'}."/phpki/ca/";
|
||||
$q->default_dtd('-//W3C//DTD XHTML 1.0 Transitional//EN');
|
||||
|
||||
print $q->header ('text/html');
|
||||
print $q->start_html (-head=>meta({-http_equiv=>'refresh', -content=>$content}));
|
||||
|
||||
|
||||
|
||||
print $q->end_html;
|
||||
|
||||
|
163
root/etc/httpd/pki-conf/httpd.conf
Normal file
163
root/etc/httpd/pki-conf/httpd.conf
Normal file
@ -0,0 +1,163 @@
|
||||
#------------------------------------------------------------
|
||||
# !!DO NOT MODIFY THIS FILE!!
|
||||
#
|
||||
# Manual changes will be lost when this file is regenerated.
|
||||
#
|
||||
# Please read the developer's guide, which is available
|
||||
# at http://www.contribs.org/development/
|
||||
#
|
||||
# Copyright (C) 1999-2006 Mitel Networks Corporation
|
||||
#------------------------------------------------------------
|
||||
|
||||
|
||||
LoadModule auth_tkt_module modules/mod_auth_tkt.so
|
||||
TKTAuthSecret "1234"
|
||||
|
||||
|
||||
Listen 127.0.0.1:940
|
||||
|
||||
HostnameLookups off
|
||||
|
||||
ServerAdmin admin
|
||||
ServerRoot /etc/httpd
|
||||
ServerTokens ProductOnly
|
||||
|
||||
User phpki
|
||||
Group phpki
|
||||
|
||||
ErrorLog /var/log/httpd/pki_error_log
|
||||
LogLevel warn
|
||||
LoadModule env_module modules/mod_env.so
|
||||
LoadModule log_config_module modules/mod_log_config.so
|
||||
LoadModule mime_module modules/mod_mime.so
|
||||
LoadModule negotiation_module modules/mod_negotiation.so
|
||||
LoadModule status_module modules/mod_status.so
|
||||
LoadModule info_module modules/mod_info.so
|
||||
LoadModule include_module modules/mod_include.so
|
||||
LoadModule autoindex_module modules/mod_autoindex.so
|
||||
LoadModule dir_module modules/mod_dir.so
|
||||
LoadModule asis_module modules/mod_asis.so
|
||||
#LoadModule imap_module modules/mod_imap.so
|
||||
LoadModule actions_module modules/mod_actions.so
|
||||
LoadModule userdir_module modules/mod_userdir.so
|
||||
LoadModule proxy_module modules/mod_proxy.so
|
||||
LoadModule proxy_http_module modules/mod_proxy_http.so
|
||||
LoadModule alias_module modules/mod_alias.so
|
||||
LoadModule rewrite_module modules/mod_rewrite.so
|
||||
#LoadModule access_module modules/mod_access.so
|
||||
#LoadModule auth_module modules/mod_auth.so
|
||||
#LoadModule auth_anon_module modules/mod_auth_anon.so
|
||||
LoadModule auth_digest_module modules/mod_auth_digest.so
|
||||
LoadModule expires_module modules/mod_expires.so
|
||||
LoadModule headers_module modules/mod_headers.so
|
||||
LoadModule usertrack_module modules/mod_usertrack.so
|
||||
LoadModule setenvif_module modules/mod_setenvif.so
|
||||
LoadModule ssl_module modules/mod_ssl.so
|
||||
LoadModule cgi_module modules/mod_cgi.so
|
||||
|
||||
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
|
||||
LoadModule unixd_module modules/mod_unixd.so
|
||||
LoadModule access_compat_module modules/mod_access_compat.so
|
||||
LoadModule authn_core_module modules/mod_authn_core.so
|
||||
LoadModule authz_core_module modules/mod_authz_core.so
|
||||
|
||||
PidFile /var/run/httpd-bkpc.pid
|
||||
ScoreBoardFile /var/run/httpd-bkpc.scoreboard
|
||||
UseCanonicalName off
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %b" common
|
||||
LogFormat "%{User-agent}i" agent
|
||||
|
||||
CustomLog /var/log/httpd/pki_access_log common
|
||||
|
||||
KeepAlive On
|
||||
MaxKeepAliveRequests 100
|
||||
KeepAliveTimeout 15
|
||||
|
||||
MaxClients 150
|
||||
MaxRequestsPerChild 100
|
||||
|
||||
ServerName www.domain.tld
|
||||
|
||||
MinSpareServers 1
|
||||
MaxSpareServers 5
|
||||
StartServers 1
|
||||
Timeout 300
|
||||
|
||||
DefaultIcon /icons/unknown.gif
|
||||
DirectoryIndex index.htm index.html index.php index.cgi
|
||||
IndexOptions FancyIndexing VersionSort NameWidth=*
|
||||
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
|
||||
AccessFileName .htaccess
|
||||
|
||||
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
|
||||
AddIconByType (TXT,/icons/text.gif) text/*
|
||||
AddIconByType (IMG,/icons/image2.gif) image/*
|
||||
AddIconByType (SND,/icons/sound2.gif) audio/*
|
||||
AddIconByType (VID,/icons/movie.gif) video/*
|
||||
DefaultType text/plain
|
||||
TypesConfig /etc/mime.types
|
||||
|
||||
AddEncoding x-compress Z
|
||||
AddEncoding x-gzip gz
|
||||
|
||||
AddIcon /icons/binary.gif .bin .exe
|
||||
AddIcon /icons/binhex.gif .hqx
|
||||
AddIcon /icons/tar.gif .tar
|
||||
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
|
||||
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
|
||||
AddIcon /icons/a.gif .ps .ai .eps
|
||||
AddIcon /icons/layout.gif .html .shtml .htm .pdf
|
||||
AddIcon /icons/text.gif .txt
|
||||
AddIcon /icons/c.gif .c
|
||||
AddIcon /icons/p.gif .pl .py
|
||||
AddIcon /icons/f.gif .for
|
||||
AddIcon /icons/dvi.gif .dvi
|
||||
AddIcon /icons/uuencoded.gif .uu
|
||||
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
|
||||
AddIcon /icons/tex.gif .tex
|
||||
AddIcon /icons/bomb.gif core
|
||||
|
||||
AddIcon /icons/back.gif ..
|
||||
AddIcon /icons/hand.right.gif README
|
||||
AddIcon /icons/folder.gif ^^DIRECTORY^^
|
||||
AddIcon /icons/blank.gif ^^BLANKICON^^
|
||||
|
||||
AddLanguage en .en
|
||||
AddLanguage fr .fr
|
||||
AddLanguage de .de
|
||||
AddLanguage da .da
|
||||
AddLanguage el .el
|
||||
AddLanguage it .it
|
||||
|
||||
LanguagePriority en fr de
|
||||
|
||||
AddType text/html .shtml
|
||||
AddType application/x-pkcs7-crl .crl
|
||||
|
||||
AddType application/x-x509-ca-cert .crt
|
||||
|
||||
BrowserMatch "Mozilla/2" nokeepalive
|
||||
BrowserMatch "MSIE 4.0b2;" nokeepalive downgrade-1.0 force-response-1.0
|
||||
BrowserMatch "RealPlayer 4.0" force-response-1.0
|
||||
BrowserMatch "Java/1.0" force-response-1.0
|
||||
BrowserMatch "JDK/1.0" force-response-1.0
|
||||
|
||||
AddHandler cgi-script .cgi
|
||||
AddHandler server-parsed .shtml
|
||||
AddHandler imap-file map
|
||||
|
||||
DocumentRoot /opt/phpki/
|
||||
|
||||
|
||||
# First, we configure the "default" to be a very restrictive set of
|
||||
# permissions.
|
||||
|
||||
<Directory />
|
||||
Options None
|
||||
AllowOverride None
|
||||
order deny,allow
|
||||
deny from all
|
||||
allow from none
|
||||
</Directory>
|
||||
|
||||
|
9
root/usr/lib/systemd/system/httpd-pki.service
Normal file
9
root/usr/lib/systemd/system/httpd-pki.service
Normal file
@ -0,0 +1,9 @@
|
||||
[Unit]
|
||||
Description=Certificate management
|
||||
After=network.service
|
||||
[Service]
|
||||
Type=forking
|
||||
ExecStart=/usr/sbin/systemd/httpd-pki
|
||||
[Install]
|
||||
WantedBy=sme-server.target
|
||||
|
12
root/usr/sbin/systemd/httpd-pki
Normal file
12
root/usr/sbin/systemd/httpd-pki
Normal file
@ -0,0 +1,12 @@
|
||||
#!/bin/sh
|
||||
#----------------------------------------------------------------------
|
||||
# copyright (C) 1999-2004 Mitel Networks Corporation
|
||||
#----------------------------------------------------------------------
|
||||
|
||||
config=/etc/httpd/pki-conf/httpd.conf
|
||||
|
||||
[ -e $config ] || exit 1
|
||||
|
||||
exec 2>&1
|
||||
exec chpst -P /usr/sbin/httpd -f $config -D FOREGROUND &
|
||||
|
0
root/var/lib/php/phpki/opcache/.gitignore
vendored
Normal file
0
root/var/lib/php/phpki/opcache/.gitignore
vendored
Normal file
0
root/var/lib/php/phpki/session/.gitignore
vendored
Normal file
0
root/var/lib/php/phpki/session/.gitignore
vendored
Normal file
0
root/var/lib/php/phpki/tmp/.gitignore
vendored
Normal file
0
root/var/lib/php/phpki/tmp/.gitignore
vendored
Normal file
0
root/var/log/phpki/.gitignore
vendored
Normal file
0
root/var/log/phpki/.gitignore
vendored
Normal file
0
root/var/service/.gitignore
vendored
Normal file
0
root/var/service/.gitignore
vendored
Normal file
198
smeserver-phpki-ng.spec
Normal file
198
smeserver-phpki-ng.spec
Normal file
@ -0,0 +1,198 @@
|
||||
# $Id: smeserver-phpki.spec,v 1.6 2017/05/03 21:08:27 unnilennium Exp $
|
||||
# Authority: vip-ire
|
||||
# Name: Daniel Berteaud
|
||||
|
||||
Name: smeserver-phpki-ng
|
||||
Version: 0.3
|
||||
Release: 23%{?dist}
|
||||
Summary: php integration into SME server
|
||||
|
||||
Group: Applications/System
|
||||
License: GPL
|
||||
URL: http://phpki.sourceforge.net/
|
||||
Source: %{name}-%{version}.tar.xz
|
||||
|
||||
#Patch0: smeserver-phpki-0.2-fix_redirect_with_user-manager_and_sso.patch
|
||||
#Patch1: smeserver-phpki-0.2.bz10267.updatetktauth.patch
|
||||
|
||||
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}
|
||||
BuildArch: noarch
|
||||
|
||||
BuildRequires: e-smith-devtools
|
||||
|
||||
Requires: mod_auth_tkt
|
||||
Requires: openvpn
|
||||
Requires: e-smith-base
|
||||
Requires: phpki-ng >= 0.84-14
|
||||
Requires: php-process
|
||||
Requires: e-smith-manager >= 2.6.0-22
|
||||
Requires: e-smith-apache >= 2.6.0-19
|
||||
Requires: smeserver-php >= 3.0.0-44
|
||||
Provides: smeserver-phpki
|
||||
#Obsoletes: smeserver-phpki
|
||||
|
||||
%description
|
||||
PHPki is an Open Source Web application for managing a multi-agency PKI for HIPAA compliance.
|
||||
With it, you may create and centrally manage X.509 certificates for use with S/MIME enabled
|
||||
e-mail clients, SSL servers, and VPN applications.
|
||||
This package contains specific configuration for SME server
|
||||
|
||||
|
||||
%changelog
|
||||
* Sat Sep 07 2024 cvs2git.sh aka Brian Read <brianr@koozali.org> 0.3-23.sme
|
||||
- Roll up patches and move to git repo [SME: 12338]
|
||||
|
||||
* Sat Sep 07 2024 BogusDateBot
|
||||
- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,
|
||||
by assuming the date is correct and changing the weekday.
|
||||
|
||||
* Thu May 11 2023 Jean-Philippe Pialasse <tests@pialasse.com> 0.3-22.sme
|
||||
- fix httpd needs QSD in place of ? [SME: 12354]
|
||||
|
||||
* Wed Dec 28 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.3-21.sme
|
||||
- fix chop isntead of chomp for config.php [SME: 12293]
|
||||
fix PATH not right for exec
|
||||
|
||||
* Sat Dec 17 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.3-19.sme
|
||||
- small fixes for config.php and httpd
|
||||
|
||||
* Wed Dec 14 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.3-18.sme
|
||||
- revert log/phpki [SME: 12266]
|
||||
- phpki-ng autopopulate base info from ldap [SME: 11440]
|
||||
- ensure user are seen by php-pool [SME: 12268]
|
||||
- safe remote access for crl [SME: 11439]
|
||||
- 17-18: applying patches
|
||||
|
||||
* Tue Dec 13 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.3-15.sme
|
||||
- fix typo preventing httpd-pki to start 2
|
||||
|
||||
* Sun Nov 20 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.3-14.sme
|
||||
- fix typo preventing httpd-pki to start
|
||||
|
||||
* Fri Nov 18 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.3-13.sme
|
||||
- add some more needed bins which cat and egrep [SME: 11438]
|
||||
|
||||
* Fri Nov 18 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.3-11.sme
|
||||
- fix missing takey [SME: 11438]
|
||||
|
||||
* Fri Nov 18 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.3-10.sme
|
||||
- ease migration from smeserver-phpki smeserver-phpki-ng using Provides [SME: 12222]
|
||||
- fix ownership on migration (backup/restore) [SME: 12228]
|
||||
- remove /var/service/httpd-pki [SME: 12229]
|
||||
- remove old logrotate [SME: 11873]
|
||||
- remove /var/log/phpki and /var/log/httpd-pki [SME: 12198]
|
||||
|
||||
* Tue Oct 04 2022 John Crisp <jcrisp@safeandsoundit.co.uk> 0.3-9.sme
|
||||
- Fix spec file versioning
|
||||
|
||||
* Sat Jul 30 2022 Brian Read <brianr@bjsystems.co.uk> 0.3-8.sme
|
||||
- Re-build and link to latest devtools [SME: 11997]
|
||||
|
||||
* Thu Jul 21 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.3-7.sme
|
||||
- add to core backup [SME: 12021]
|
||||
- httpd 2.4 access syntax [SME: 12054]
|
||||
|
||||
* Thu Aug 05 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.3-6.sme
|
||||
- remove modules from patch file [SME: 11402]
|
||||
|
||||
* Sun Mar 07 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.3-5.sme
|
||||
- modify dirs in spec file
|
||||
|
||||
* Thu Feb 25 2021 Jean-Philipe Pialasse <tests@pialasse.com> 0.3-4.sme
|
||||
- configure php73 pool [SME: 11207]
|
||||
tidy httpd.conf file
|
||||
reuse phpki user and group
|
||||
|
||||
* Sat Feb 13 2021 Brian Read <brianr@bjsystems.co.uk> 0.3-3.sme
|
||||
- Set execution bit on /opt/phpki/html/ca in spec file[SME: 11207]
|
||||
|
||||
* Tue Feb 09 2021 Brian Read <brianr@bjsystems.co.uk> 0.3-3.sme
|
||||
- Add-in-systemd-startup [SME: 11207]
|
||||
|
||||
* Thu Nov 26 2020 Brian Read <brianr@bjsystems.co.uk> 0.3-2.sme
|
||||
- Add in Loadmodules needed to pki-conf/httpd.conf [SME: 11207]
|
||||
|
||||
* Fri Apr 03 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.3-1.sme
|
||||
- New release for phpki-ng-0.84 based on phpki-0.83
|
||||
|
||||
* Wed May 03 2017 Jean-Philipe Pialasse <tests@pialasse.com> 0.2-3.sme
|
||||
- update TKT auth parameter for SME 9.2 update [SME: 10267]
|
||||
|
||||
* Mon Nov 18 2013 Daniel B. <daniel@firewall-services.com> - 0.2-2.sme
|
||||
- Fix a redirect issue with user-manager and LemonLDAP::NG as SSO
|
||||
|
||||
* Mon Nov 11 2013 Daniel B. <daniel@firewall-services.com> - 0.2-1.sme
|
||||
- Rebuild for SME9
|
||||
- Do not disable httpd-pki service on uninstall
|
||||
|
||||
* Fri May 24 2013 JP Pialasse <tests@pialasse.com> - 0.1-6.sme
|
||||
- added php-process as dependency [SME: 7439]
|
||||
|
||||
* Thu Oct 13 2011 Daniel B. <daniel@firewall-services.com> - 0.1-5.sme
|
||||
- Change session path [SME: 6661]
|
||||
|
||||
* Wed Jul 20 2011 Daniel B. <daniel@firewall-services.com> - 0.1-5.sme
|
||||
- Protect by location (so we can set another location protected by LemonLDAP::NG)
|
||||
|
||||
* Mon Feb 23 2009 Daniel B. <daniel@firewall-services.com> [0.1-4]
|
||||
- Fix logrotate issue (send a sigusr1 signal to httpd-pki)
|
||||
|
||||
* Mon Dec 15 2008 Daniel B. <daniel@firewall-services.com> [0.1-3]
|
||||
- Move server-manager panel to "security" section
|
||||
|
||||
* Wed Dec 10 2008 Daniel B. <daniel@firewall-services.com> [0.1-2]
|
||||
- expand-templates in bootstrap-console-save instead of post-upgrade
|
||||
- Disable authentication for the public part (so CRL can be updated automatically)
|
||||
- Change the name of the menue in server-manager to certificate Management
|
||||
|
||||
* Tue Dec 02 2008 Daniel B. <daniel@firewall-services.com> [0.1-1]
|
||||
- Restrict access to /phpki/ca for admin, ask for a valid user for /phpki
|
||||
- expand-templates on signal events conf-userpanels and domain-modify
|
||||
|
||||
* Thu Nov 27 2008 Daniel B. <daniel@firewall-services.com> [0.1-0]
|
||||
- initial release
|
||||
|
||||
|
||||
%prep
|
||||
%setup -q -n %{name}-%{version}
|
||||
mkdir -p root/var/lib/php/phpki/{tmp,session,opcache}
|
||||
rm -rf root/var/lib/php/pki-session
|
||||
mkdir -p root/var/log/phpki
|
||||
rm -rf root/var/service/httpd-pki
|
||||
|
||||
%build
|
||||
perl createlinks
|
||||
|
||||
%install
|
||||
|
||||
%{__mkdir_p} $RPM_BUILD_ROOT/var/lib/php/pki-session
|
||||
|
||||
|
||||
(cd root ; /usr/bin/find . -depth -print | /bin/cpio -dump $RPM_BUILD_ROOT)
|
||||
|
||||
chmod +x $RPM_BUILD_ROOT/usr/sbin/systemd/httpd-pki
|
||||
|
||||
/bin/rm -f %{name}-%{version}-filelist
|
||||
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
|
||||
--dir /var/lib/php/phpki 'attr(0770,root,phpki)' \
|
||||
--dir /var/lib/php/phpki/session 'attr(0770,root,phpki)' \
|
||||
--dir /var/lib/php/phpki/opcache 'attr(0770,root,phpki)' \
|
||||
--dir /var/lib/php/phpki/tmp 'attr(0770,root,phpki)' \
|
||||
--dir /var/log/phpki 'attr(0770,phpki,phpki)' \
|
||||
> %{name}-%{version}-filelist
|
||||
|
||||
%post
|
||||
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
%files -f %{name}-%{version}-filelist
|
||||
%defattr(-,root,root)
|
||||
|
||||
%pre
|
||||
#/sbin/e-smith/create-system-user phpki 455 'Phpki User' /opt/phpki /bin/false >& /dev/null || :
|
||||
|
||||
%preun
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user