%define crver 1.1 Summary: SSL certificate and key management utilities Name: crypto-utils Version: 2.2 Release: 5 Source: crypto-rand-%{crver}.tar.gz Source1: genkey.pl Source2: certwatch.c Source3: certwatch.cron Source4: certwatch.xml Source5: genkey.xml Group: Applications/System License: Various BuildRoot: %{_tmppath}/%{name}-%{version}-root BuildRequires: openssl-devel, perl, pkgconfig, newt-devel, xmlto Requires: newt-perl, openssl >= 0.9.7f-4 Requires: %(eval `perl -V:version`; echo "perl(:MODULE_COMPAT_$version)") Obsoletes: crypto-rand %description This package provides tools for managing and generating SSL certificates and keys. %prep %setup -q -n crypto-rand-%{crver} %build %configure --with-newt=%{_prefix} CFLAGS="-fPIC $RPM_OPT_FLAGS -Wall" make cc $RPM_OPT_FLAGS -Wall -Werror -I/usr/include/openssl \ $RPM_SOURCE_DIR/certwatch.c -o certwatch -lcrypto for m in certwatch.xml genkey.xml; do xmlto man $RPM_SOURCE_DIR/$m done pushd Makerand perl -pi -e "s/Stronghold/Crypt/g" * CFLAGS="$RPM_OPT_FLAGS" perl Makefile.PL PREFIX=$RPM_BUILD_ROOT/usr INSTALLDIRS=vendor make popd %install rm -rf $RPM_BUILD_ROOT pushd Makerand make install popd # fix Newt.so perms find $RPM_BUILD_ROOT/usr -name Makerand.so | xargs chmod 755 [ -x /usr/lib/rpm/brp-compress ] && /usr/lib/rpm/brp-compress find $RPM_BUILD_ROOT \( -name perllocal.pod -o -name .packlist \) -exec rm -v {} \; find $RPM_BUILD_ROOT/usr -type f -print | sed "s@^$RPM_BUILD_ROOT@@g" | grep -v perllocal.pod | grep -v "\.packlist" > filelist if [ ! -s filelist ] ; then echo "ERROR: EMPTY FILE LIST" exit 1 fi mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/cron.daily \ $RPM_BUILD_ROOT%{_mandir}/man1 \ $RPM_BUILD_ROOT%{_bindir} # install keyrand install -c -m 755 keyrand/keyrand $RPM_BUILD_ROOT%{_bindir}/keyrand # install certwatch install -c -m 755 certwatch $RPM_BUILD_ROOT%{_bindir}/certwatch install -c -m 755 $RPM_SOURCE_DIR/certwatch.cron \ $RPM_BUILD_ROOT%{_sysconfdir}/cron.daily/certwatch install -c -m 644 certwatch.1 \ $RPM_BUILD_ROOT%{_mandir}/man1/certwatch.1 install -c -m 644 genkey.1 \ $RPM_BUILD_ROOT%{_mandir}/man1/genkey.1 # install genkey sed -e "s|^\$bindir.*$|\$bindir = \"%{_bindir}\";|" \ -e "s|^\$ssltop.*$|\$ssltop = \"/etc/pki/tls\";|" \ -e "s|^\$sslconf.*$|\$sslconf = \"/etc/pki/tls/openssl.cnf\";|" \ -e "s|^\$cadir.*$|\$cadir = \"/etc/pki/CA\";|" \ -e "1s|.*|\#\!/usr/bin/perl|g" \ -e "s/'Challenge',/'Email','Challenge',/g" \ -e "/@EXTRA@/d" \ < $RPM_SOURCE_DIR/genkey.pl > $RPM_BUILD_ROOT%{_bindir}/genkey %clean [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT %files -f filelist %defattr(0644,root,root,0755) %attr(0755,root,root) %{_bindir}/* %attr(0755,root,root) %{_sysconfdir}/cron.daily/certwatch %{_mandir}/man1/*.1* %changelog * Fri May 13 2005 Joe Orton 2.2-5 - genkey(1): fix paths to use /etc/pki * Wed Apr 27 2005 Joe Orton 2.2-4 - genkey: create private key files with permissions 0400 - genkey: tidy up error handling a little * Tue Apr 26 2005 Joe Orton 2.2-3 - pass $OPTIONS to $HTTPD in certwatch.cron - man page tweaks * Tue Apr 26 2005 Joe Orton 2.2-2 - add configuration options for certwatch (#152990) - allow passing options in certwatch.cron via $CERTWATCH_OPTS - require openssl with /etc/pki/tls * Mon Apr 25 2005 Joe Orton 2.2-1 - adapt to use /etc/pki * Fri Mar 4 2005 Joe Orton 2.1-6 - rebuild * Tue Feb 15 2005 Joe Orton 2.1-5 - certwatch: prevent warnings for duplicate certs (#103807) - make /etc/cron.daily/certwatch 0755 (#141003) - add genkey(1) man page (#134821) * Tue Oct 19 2004 Joe Orton 2.1-4 - make certwatch(1) warning distro-neutral - update to crypto-rand 1.1, fixing #136093 * Wed Oct 13 2004 Joe Orton 2.1-3 - send warnings To: root rather than root@localhost (#135533) * Wed Oct 6 2004 Joe Orton 2.1-2 - add BuildRequire newt-devel, xmlto (#134695) * Fri Sep 10 2004 Joe Orton 2.1-1 - add /usr/bin/certwatch - support --days argument to genkey (#131045) * Tue Aug 17 2004 Joe Orton 2.0-6 - add perl MODULE_COMPAT requirement * Mon Aug 16 2004 Joe Orton 2.0-5 - rebuild * Mon Sep 15 2003 Joe Orton 2.0-4 - hide private key passwords during entry - fix CSR generation * Mon Sep 1 2003 Joe Orton 2.0-3 - fix warnings when in UTF-8 locale * Tue Aug 26 2003 Joe Orton 2.0-2 - allow upgrade from Stronghold 4.0 * Mon Aug 4 2003 Joe Orton 2.0-1 - update for RHEL * Wed Sep 11 2002 Joe Orton 1.0-12 - rebuild * Thu Aug 22 2002 Joe Orton 1.0-11 - fix location of OpenSSL configuration file in gencert * Mon Jul 15 2002 Joe Orton 1.0-10 - fix getca SERVERROOT, SSLTOP expansion (#68870) * Mon May 13 2002 Joe Orton 1.0-9 - improvements to genkey * Mon May 13 2002 Joe Orton 1.0-8 - add php.ini handling to stronghold-config * Mon May 13 2002 Joe Orton 1.0-7 - restore stronghold-config * Tue May 07 2002 Gary Benson 1.0-6 - remove stronghold-config * Tue Apr 09 2002 Gary Benson 1.0-5 - change the group to match crypto-rand - change Copyright to License * Mon Mar 25 2002 Gary Benson 1.0-4 - hack to clean up some cruft that gets left in the docroot after we install. * Fri Mar 22 2002 Gary Benson - excise interchange. * Wed Feb 13 2002 Gary Benson 1.0-3 - ask about interchange too. - make /etc/sysconfig/httpd nicer. * Thu May 17 2001 Joe Orton - Redone for Red Hat Linux. * Mon Mar 20 2001 Mark Cox - Changes to make genkey a perl script * Mon Dec 04 2000 Joe Orton - Put the stronghold/bin -> stronghold/ssl/bin symlink in the %files section rather than creating it in %post. * Fri Nov 24 2000 Mark Cox - No need for .configure scripts, do the substitution ourselves * Tue Nov 21 2000 Mark Cox - First version. Because this depends on a build environment - We won't worry about ni-scripts for now, they're not used anyhow