- move certificates to _sysconfdir/pki/tls (#143392)

- move CA directories to _sysconfdir/pki/CA
- patch the CA script and the default config so it points to the CA
    directories
This commit is contained in:
Tomáš Mráz 2005-04-21 20:22:55 +00:00
parent 1d982a09cd
commit 79f559a35a
2 changed files with 71 additions and 26 deletions

View File

@ -0,0 +1,33 @@
--- openssl-0.9.7f/apps/CA.sh.ca-dir 2005-02-02 00:45:38.000000000 +0100
+++ openssl-0.9.7f/apps/CA.sh 2005-04-21 21:08:09.270233699 +0200
@@ -38,7 +38,7 @@
VERIFY="$OPENSSL verify"
X509="$OPENSSL x509"
-CATOP=./demoCA
+CATOP=../../CA
CAKEY=./cakey.pem
CACERT=./cacert.pem
--- openssl-0.9.7f/apps/CA.pl.ca-dir 2005-02-02 00:45:38.000000000 +0100
+++ openssl-0.9.7f/apps/CA.pl 2005-04-21 21:07:52.307995284 +0200
@@ -52,7 +52,7 @@
$X509="$openssl x509";
$PKCS12="$openssl pkcs12";
-$CATOP="./demoCA";
+$CATOP="../../CA";
$CAKEY="cakey.pem";
$CACERT="cacert.pem";
--- openssl-0.9.7f/apps/openssl.cnf.ca-dir 2005-03-30 12:20:17.000000000 +0200
+++ openssl-0.9.7f/apps/openssl.cnf 2005-04-21 21:08:29.581927172 +0200
@@ -34,7 +34,7 @@
####################################################################
[ CA_default ]
-dir = ./demoCA # Where everything is kept
+dir = ../../CA # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.

View File

@ -22,7 +22,7 @@
Summary: The OpenSSL toolkit. Summary: The OpenSSL toolkit.
Name: openssl Name: openssl
Version: 0.9.7f Version: 0.9.7f
Release: 3 Release: 4
Source: openssl-%{version}-usa.tar.bz2 Source: openssl-%{version}-usa.tar.bz2
Source1: hobble-openssl Source1: hobble-openssl
Source2: Makefile.certificate Source2: Makefile.certificate
@ -48,6 +48,7 @@ Patch18: openssl-0.9.7a-krb5-1.3.patch
Patch40: libica-1.3.4-urandom.patch Patch40: libica-1.3.4-urandom.patch
Patch42: openssl-0.9.7e-krb5.patch Patch42: openssl-0.9.7e-krb5.patch
Patch43: openssl-0.9.7f-bn-asm-uninitialized.patch Patch43: openssl-0.9.7f-bn-asm-uninitialized.patch
Patch44: openssl-0.9.7f-ca-dir.patch
License: BSDish License: BSDish
Group: System Environment/Libraries Group: System Environment/Libraries
URL: http://www.openssl.org/ URL: http://www.openssl.org/
@ -126,6 +127,8 @@ popd
# Additional fixes # Additional fixes
%patch43 -p1 -b .uninitialized %patch43 -p1 -b .uninitialized
#patch44 is patched after make test
# Modify the various perl scripts to reference perl in the right location. # Modify the various perl scripts to reference perl in the right location.
perl util/perlpath.pl `dirname %{__perl}` perl util/perlpath.pl `dirname %{__perl}`
@ -182,7 +185,7 @@ sslarch=linux-ppc64
# usable on all platforms. The Configure script already knows to use -fPIC and # usable on all platforms. The Configure script already knows to use -fPIC and
# RPM_OPT_FLAGS, so we can skip specifiying them here. # RPM_OPT_FLAGS, so we can skip specifiying them here.
./Configure \ ./Configure \
--prefix=%{_prefix} --openssldir=%{_datadir}/ssl ${sslflags} \ --prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
zlib no-idea no-mdc2 no-rc5 no-ec shared \ zlib no-idea no-mdc2 no-rc5 no-ec shared \
--with-krb5-flavor=MIT \ --with-krb5-flavor=MIT \
-I%{_prefix}/kerberos/include -L%{_prefix}/kerberos/%{_lib} \ -I%{_prefix}/kerberos/include -L%{_prefix}/kerberos/%{_lib} \
@ -211,14 +214,17 @@ make -C test apps tests
-lpthread -lz -ldl -lpthread -lz -ldl
#./openssl-thread-test --threads %{thread_test_threads} #./openssl-thread-test --threads %{thread_test_threads}
# Patch44 must be patched after tests otherwise they will fail
patch -p1 -b -z .ca-dir < %{PATCH44}
%install %install
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
# Install OpenSSL. # Install OpenSSL.
install -d $RPM_BUILD_ROOT/{%{_lib},%{_bindir},%{_includedir},%{_libdir},%{_mandir}} install -d $RPM_BUILD_ROOT/{%{_lib},%{_bindir},%{_includedir},%{_libdir},%{_mandir}}
make INSTALL_PREFIX=$RPM_BUILD_ROOT install build-shared make INSTALL_PREFIX=$RPM_BUILD_ROOT install build-shared
mv $RPM_BUILD_ROOT/usr/lib/lib*.so.%{solibbase} $RPM_BUILD_ROOT/%{_lib}/ mv $RPM_BUILD_ROOT/usr/lib/lib*.so.%{solibbase} $RPM_BUILD_ROOT/%{_lib}/
mv $RPM_BUILD_ROOT%{_datadir}/ssl/man/* $RPM_BUILD_ROOT%{_mandir}/ mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man/* $RPM_BUILD_ROOT%{_mandir}/
rmdir $RPM_BUILD_ROOT%{_datadir}/ssl/man rmdir $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man
mv $RPM_BUILD_ROOT/usr/lib/* $RPM_BUILD_ROOT%{_libdir}/ || : mv $RPM_BUILD_ROOT/usr/lib/* $RPM_BUILD_ROOT%{_libdir}/ || :
rename so.%{solibbase} so.%{version} $RPM_BUILD_ROOT/%{_lib}/*.so.%{solibbase} rename so.%{solibbase} so.%{version} $RPM_BUILD_ROOT/%{_lib}/*.so.%{solibbase}
for lib in $RPM_BUILD_ROOT/%{_lib}/*.so.%{version} ; do for lib in $RPM_BUILD_ROOT/%{_lib}/*.so.%{version} ; do
@ -229,9 +235,9 @@ done
# Install a makefile for generating keys and self-signed certs, and a script # Install a makefile for generating keys and self-signed certs, and a script
# for generating them on the fly. # for generating them on the fly.
mkdir -p $RPM_BUILD_ROOT%{_datadir}/ssl/certs mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs
install -m644 $RPM_SOURCE_DIR/Makefile.certificate $RPM_BUILD_ROOT%{_datadir}/ssl/certs/Makefile install -m644 $RPM_SOURCE_DIR/Makefile.certificate $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs/Makefile
install -m644 $RPM_SOURCE_DIR/make-dummy-cert $RPM_BUILD_ROOT%{_datadir}/ssl/certs/make-dummy-cert install -m644 $RPM_SOURCE_DIR/make-dummy-cert $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs/make-dummy-cert
# Make sure we actually include the headers we built against. # Make sure we actually include the headers we built against.
for header in $RPM_BUILD_ROOT%{_includedir}/openssl/* ; do for header in $RPM_BUILD_ROOT%{_includedir}/openssl/* ; do
@ -255,12 +261,12 @@ for conflict in passwd rand ; do
done done
# Pick a CA script. # Pick a CA script.
pushd $RPM_BUILD_ROOT%{_datadir}/ssl/misc pushd $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc
mv CA.sh CA mv CA.sh CA
popd popd
mkdir -m700 $RPM_BUILD_ROOT%{_datadir}/ssl/CA mkdir -m700 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA
mkdir -m700 $RPM_BUILD_ROOT%{_datadir}/ssl/CA/private mkdir -m700 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/private
# Install root CA stuffs. # Install root CA stuffs.
cat << EOF > RHNS-blurb.txt cat << EOF > RHNS-blurb.txt
@ -269,8 +275,8 @@ cat << EOF > RHNS-blurb.txt
# #
EOF EOF
cat %{SOURCE3} RHNS-blurb.txt %{SOURCE4} > ca-bundle.crt cat %{SOURCE3} RHNS-blurb.txt %{SOURCE4} > ca-bundle.crt
install -m644 ca-bundle.crt $RPM_BUILD_ROOT%{_datadir}/ssl/certs/ install -m644 ca-bundle.crt $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs/
ln -s certs/ca-bundle.crt $RPM_BUILD_ROOT%{_datadir}/ssl/cert.pem ln -s certs/ca-bundle.crt $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/cert.pem
# Fix libdir. # Fix libdir.
sed 's,^libdir=${exec_prefix}/lib,libdir=${exec_prefix}/%{_lib},g' \ sed 's,^libdir=${exec_prefix}/lib,libdir=${exec_prefix}/%{_lib},g' \
@ -308,7 +314,7 @@ rm -rf $RPM_BUILD_ROOT/%{_mandir}/man3/*
rm -rf $RPM_BUILD_ROOT/%{_bindir}/c_rehash rm -rf $RPM_BUILD_ROOT/%{_bindir}/c_rehash
rm -rf $RPM_BUILD_ROOT/%{_mandir}/man1*/*.pl* rm -rf $RPM_BUILD_ROOT/%{_mandir}/man1*/*.pl*
rm -rf $RPM_BUILD_ROOT/%{_datadir}/ssl/misc/*.pl rm -rf $RPM_BUILD_ROOT/%{_sysconfdir}/pki/tls/misc/*.pl
%endif %endif
# Remove fips fingerprint script # Remove fips fingerprint script
@ -336,18 +342,18 @@ popd
%doc doc/README doc/c-indentation.el doc/openssl.txt %doc doc/README doc/c-indentation.el doc/openssl.txt
%doc doc/openssl_button.html doc/openssl_button.gif %doc doc/openssl_button.html doc/openssl_button.gif
%doc doc/ssleay.txt %doc doc/ssleay.txt
%dir %{_datadir}/ssl %dir %{_sysconfdir}/pki/tls
%{_datadir}/ssl/certs %{_sysconfdir}/pki/tls/certs
%{_datadir}/ssl/cert.pem %{_sysconfdir}/pki/tls/cert.pem
%dir %{_datadir}/ssl/misc %dir %{_sysconfdir}/pki/tls/misc
%{_datadir}/ssl/misc/CA %{_sysconfdir}/pki/tls/misc/CA
%dir %{_datadir}/ssl/CA %dir %{_sysconfdir}/pki/CA
%dir %{_datadir}/ssl/CA/private %dir %{_sysconfdir}/pki/CA/private
%{_datadir}/ssl/misc/c_* %{_sysconfdir}/pki/tls/misc/c_*
%{_datadir}/ssl/private %{_sysconfdir}/pki/tls/private
%config(noreplace) %{_datadir}/ssl/openssl.cnf %config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
%config %{_datadir}/ssl/certs/ca-bundle.crt %config %{_sysconfdir}/pki/tls/certs/ca-bundle.crt
%attr(0755,root,root) %{_bindir}/openssl %attr(0755,root,root) %{_bindir}/openssl
%attr(0755,root,root) /%{_lib}/*.so.%{version} %attr(0755,root,root) /%{_lib}/*.so.%{version}
@ -374,8 +380,8 @@ popd
%defattr(-,root,root) %defattr(-,root,root)
%attr(0755,root,root) %{_bindir}/c_rehash %attr(0755,root,root) %{_bindir}/c_rehash
%attr(0644,root,root) %{_mandir}/man1*/*.pl* %attr(0644,root,root) %{_mandir}/man1*/*.pl*
%dir %{_datadir}/ssl/misc %dir %{_sysconfdir}/pki/tls/misc
%{_datadir}/ssl/misc/*.pl %{_sysconfdir}/pki/tls/misc/*.pl
%endif %endif
%post -p /sbin/ldconfig %post -p /sbin/ldconfig
@ -383,6 +389,12 @@ popd
%postun -p /sbin/ldconfig %postun -p /sbin/ldconfig
%changelog %changelog
* Thu Apr 21 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7f-4
- move certificates to _sysconfdir/pki/tls (#143392)
- move CA directories to _sysconfdir/pki/CA
- patch the CA script and the default config so it points to the
CA directories
* Fri Apr 1 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7f-3 * Fri Apr 1 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7f-3
- uninitialized variable mustn't be used as input in inline - uninitialized variable mustn't be used as input in inline
assembly assembly