import sscg-3.0.0-4.el9

This commit is contained in:
CentOS Sources 2022-05-17 04:47:12 -04:00 committed by Stepan Oksanichenko
commit 42f594292c
5 changed files with 383 additions and 0 deletions

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
SOURCES/sscg-3.0.0.tar.xz

1
.sscg.metadata Normal file
View File

@ -0,0 +1 @@
81e3b33e118edff96583314ceb4bfde9a1e6b45c SOURCES/sscg-3.0.0.tar.xz

View File

@ -0,0 +1,34 @@
From d2277e711bb16e3b98f43565e71b7865b5fed423 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Sat, 7 Aug 2021 11:48:04 -0400
Subject: [PATCH 1/2] Drop usage of ERR_GET_FUNC()
This macro was dropped in OpenSSL 3.0 and has actually not been
providing a valid return code for some time.
Related: rhbz#1964837
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
---
include/sscg.h | 1 -
1 file changed, 1 deletion(-)
diff --git a/include/sscg.h b/include/sscg.h
index faf86ba4f68e186bd35c7bc3ec77b98b8e37d253..851dc93175607e5223a70ef40a5feb24b7b69215 100644
--- a/include/sscg.h
+++ b/include/sscg.h
@@ -94,11 +94,10 @@
if (_sslret != 1) \
{ \
/* Get information about error from OpenSSL */ \
unsigned long _ssl_error = ERR_get_error (); \
if ((ERR_GET_LIB (_ssl_error) == ERR_LIB_UI) && \
- (ERR_GET_FUNC (_ssl_error) == UI_F_UI_SET_RESULT_EX) && \
((ERR_GET_REASON (_ssl_error) == UI_R_RESULT_TOO_LARGE) || \
(ERR_GET_REASON (_ssl_error) == UI_R_RESULT_TOO_SMALL))) \
{ \
fprintf ( \
stderr, \
--
2.33.0

View File

@ -0,0 +1,46 @@
From 87604820a935f87a8f533e3f294419d27c0514eb Mon Sep 17 00:00:00 2001
From: Allison Karlitskaya <allison.karlitskaya@redhat.com>
Date: Tue, 26 Oct 2021 12:32:13 +0200
Subject: [PATCH 2/2] Correct certificate lifetime calculation
sscg allows passing the certificate lifetime, as a number of days, as a
commandline argument. It converts this value to seconds using the
formula
days * 24 * 3650
which is incorrect. The correct value is 3600.
This effectively adds an extra 20 minutes to the lifetime of the
certificate for each day as given on the commandline, and was enough to
cause some new integration tests in cockpit to fail.
Interestingly, 3650 is the old default value for the number of days of
certificate validity (~10 years) so this probably slipped in as a sort
of muscle-memory-assisted typo.
Let's just write `24 * 60 * 60` to make things clear.
---
src/x509.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/x509.c b/src/x509.c
index dc1594a4bdcb9d81607f0fe5ad2d4562e5edb533..7c7e4dfe56d5756862f3e0f851941e846ce96f31 100644
--- a/src/x509.c
+++ b/src/x509.c
@@ -416,11 +416,11 @@ sscg_sign_x509_csr (TALLOC_CTX *mem_ctx,
X509_set_issuer_name (cert, X509_REQ_get_subject_name (csr));
}
/* set time */
X509_gmtime_adj (X509_get_notBefore (cert), 0);
- X509_gmtime_adj (X509_get_notAfter (cert), days * 24 * 3650);
+ X509_gmtime_adj (X509_get_notAfter (cert), days * 24 * 60 * 60);
/* set subject */
subject = X509_NAME_dup (X509_REQ_get_subject_name (csr));
sslret = X509_set_subject_name (cert, subject);
CHECK_SSL (sslret, X509_set_subject_name);
--
2.33.0

301
SPECS/sscg.spec Normal file
View File

@ -0,0 +1,301 @@
%global provider github
%global provider_tld com
%global project sgallagher
%global repo sscg
# https://github.com/sgallagher/sscg
%global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo}
%global import_path %{provider_prefix}
Name: sscg
Version: 3.0.0
Release: 4%{?dist}
Summary: Simple SSL certificate generator
License: GPLv3+ with exceptions
URL: https://%{provider_prefix}
Source0: https://%{provider_prefix}/releases/download/%{repo}-%{version}/%{repo}-%{version}.tar.xz
BuildRequires: gcc
BuildRequires: libtalloc-devel
BuildRequires: openssl-devel
BuildRequires: popt-devel
BuildRequires: libpath_utils-devel
BuildRequires: meson
BuildRequires: ninja-build
BuildRequires: help2man
Patch0001: 0001-Drop-usage-of-ERR_GET_FUNC.patch
Patch0002: 0002-Correct-certificate-lifetime-calculation.patch
%description
A utility to aid in the creation of more secure "self-signed"
certificates. The certificates created by this tool are generated in a
way so as to create a CA certificate that can be safely imported into a
client machine to trust the service certificate without needing to set
up a full PKI environment and without exposing the machine to a risk of
false signatures from the service certificate.
%prep
%autosetup -p1
%build
%meson
%meson_build
%install
%meson_install
%check
%meson_test -t 10
%files
%license COPYING
%doc README.md
%{_bindir}/%{name}
%{_mandir}/man8/%{name}.8*
%changelog
* Fri Oct 29 2021 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-4
- Correct certificate lifetime calculation
- Resolves: rhbz#2017667
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 3.0.0-3
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Sat Aug 07 2021 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-2
- Drop usage of removed macro ERR_GET_FUNC()
- Related: rhbz#1964837
* Wed Jul 21 2021 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-1
- Release 3.0.0
- Support for OpenSSL 3.0
- Support for outputting named Diffie-Hellman parameter groups
- Support for CentOS Stream 9
- Resolves: rhbz#1984468
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.6.2-8
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Wed May 26 2021 Stephen Gallagher <sgallagh@redhat.com> - 2.6.2-7
- OpenSSL 3.0 compatibility: fix RSA key-generation test
- Resolves: rhbz#1964837
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.6.2-6
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Wed Mar 17 2021 Stephen Gallagher <sgallagh@redhat.com> - 2.6.2-5
- Fixing incorrect license declaration
* Wed Mar 17 2021 Stephen Gallagher <sgallagh@redhat.com> - 2.6.2-4
- Updating to rebuild against the latest glibc
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jun 23 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.6.2-1
- Update to 2.6.2
- Handle very short and very long passphrases properly (fixes rhbz#1850183)
- Drop upstreamed patch
* Thu Apr 30 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.6.1-4
- Rebuild with corrected ELN macro definitions
* Thu Apr 30 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.6.1-3
- Don't bother running clang-format in the RPM build
- Lengthen the test timeout so ARM tests pass
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Jan 09 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.6.1-1
- Bugfixes from upstream
* Fri Dec 13 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.6.0-2
- Fix incorrect help description for --client-key-file
* Fri Dec 13 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.6.0-1
- Update to 2.6.0
- Can now generate an empty CRL file.
- Can now create and store a Diffie-Hellman parameters (dhparams) file.
- Support for setting a password on private keys.
- Support for generating a client authentication certificate and key.
- Better support for OpenSSL 1.0
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Nov 28 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.5.1-1
- Update to 2.5.1
- Fixes discovered by automated testing.
* Wed Nov 28 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.5.0-1
- Update to 2.5.0
- Auto-detect the hash algorithm to use by default.
* Tue Nov 27 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.4.0-1
- Update to 2.4.0
- Autodetect the minimum key strength from the system security level.
- Disallow setting a key strength below the system minimum.
- Drop upstreamed patches
* Mon Sep 17 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-4
- Add a manpage.
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Fri Feb 02 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-1
- Update to 2.3.3
- Do not overwrite destination files without --force
* Thu Jan 25 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.2-1
- Update to 2.3.2
- Properly support hostnames up to 64 characters
- Resolves: rhbz#1535537
* Tue Jan 02 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.1-2
- Skip tests on 32-bit ARM for now
* Tue Jan 02 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.1-1
- Update to 2.3.1
- Bundle popt 1.16 on older releases like EPEL.
* Mon Dec 18 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.3.0-1
- Update to 2.3.0
- Switch to meson build system
- Add support for non-DNS subjectAlternativeName values (issue #4)
* Thu Sep 21 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.2.0-1
- Reorder combined PEM file
- Resolves: RHBZ#1494208
* Wed Sep 20 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.1.0-1
- Add --email argument for setting emailAddress in the issuer
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Mon Apr 03 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.0.4-2
- Bump release to perform taskotron tests
* Tue Mar 21 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.0.4-1
- Update to 2.0.4
- Addresses a potential race-condition when the key and certificate share the
same file.
* Wed Mar 08 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.0.3-1
- Update to 2.0.3
- Adds support for setting the file mode on the output certificates
and keys.
* Fri Mar 03 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.0.2-1
- Update to 2.0.2
- Always run with umask(077)
* Fri Mar 03 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.0.1-1
- Update to 2.0.1
- Fix an issue with passing certificate lifetime explicitly
* Thu Feb 16 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.0.0-1
- Update to 2.0.0
* Thu Feb 16 2017 Stephen Gallagher <sgallagh@redhat.com> - 1.1.0-6
- Exclude PPC64 from the build since it doesn't support linking to OpenSSL
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Wed Nov 23 2016 Stephen Gallagher <sgallagh@redhat.com> - 1.1.0-4
- Use compat-openssl10-devel on F26+
* Thu Jul 21 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1.0-3
- https://fedoraproject.org/wiki/Changes/golang1.7
* Tue May 31 2016 Stephen Gallagher <sgallagh@redhat.com> - 1.1.0-2
- Debundle spacelog
* Wed May 25 2016 Stephen Gallagher <sgallagh@redhat.com> - 1.1.0-1
- Update to 1.1.0
- Add support for signing service keys with an existing CA
* Wed May 25 2016 Stephen Gallagher <sgallagh@redhat.com> - 1.0.4-1
- Add support for exporting the CA private key
- Fix incorrect output from -version
- Add README.md
* Tue May 24 2016 Stephen Gallagher <sgallagh@redhat.com> - 1.0.3-1
- Only sign certificates after all extensions have been added
* Mon May 23 2016 Stephen Gallagher <sgallagh@redhat.com> - 1.0.2-1
- Generate x509v3 certificates
* Mon May 23 2016 Stephen Gallagher <sgallagh@redhat.com> - 1.0.1-1
- Fix issue with temporary file creation
* Mon May 23 2016 Stephen Gallagher <sgallagh@redhat.com> - 1.0.0-1
- New upstream release 1.0.0
- Rewritten in Go
- Runtime depends only on OpenSSL, no more Python
- Support for writing certificate and key in a single file
* Wed May 18 2016 Stephen Gallagher <sgallagh@redhat.com> - 0.4.1-4
- Add requirement on python-setuptools
* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Tue Nov 10 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.1-2
- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5
* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.1-1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Mon Mar 30 2015 Stephen Gallagher <sgallagh@redhat.com> 0.4.1-1
- Change default CA location to match service certificate
- Improve error handling
* Tue Mar 24 2015 Stephen Gallagher <sgallagh@redhat.com> 0.4.0-1
- Spec file cleanups
- PEP8 Cleanups
- Make location arguments optional
* Mon Mar 23 2015 Stephen Gallagher <sgallagh@redhat.com> 0.3.0-1
- Rename to sscg
- Only build with default python interpreter
* Tue Mar 17 2015 Stephen Gallagher <sgallagh@redhat.com> 0.2.1-1
- Include the LICENSE file in the tarball
* Tue Mar 17 2015 Stephen Gallagher <sgallagh@redhat.com> 0.2-2
- Include the license in the build RPMs
* Tue Mar 17 2015 Stephen Gallagher <sgallagh@redhat.com> 0.2-1
- Add support for namedConstraints
- Add support for subjectAltNames
- Fix packaging issues from Fedora package review
* Mon Mar 16 2015 Stephen Gallagher <sgallagh@redhat.com> 0.1-2
- Update BuildRequires
* Mon Mar 16 2015 Stephen Gallagher <sgallagh@redhat.com> 0.1-1
- First packaging