import sscg-3.0.0-4.el9
This commit is contained in:
commit
42f594292c
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
||||
SOURCES/sscg-3.0.0.tar.xz
|
1
.sscg.metadata
Normal file
1
.sscg.metadata
Normal file
@ -0,0 +1 @@
|
||||
81e3b33e118edff96583314ceb4bfde9a1e6b45c SOURCES/sscg-3.0.0.tar.xz
|
34
SOURCES/0001-Drop-usage-of-ERR_GET_FUNC.patch
Normal file
34
SOURCES/0001-Drop-usage-of-ERR_GET_FUNC.patch
Normal file
@ -0,0 +1,34 @@
|
||||
From d2277e711bb16e3b98f43565e71b7865b5fed423 Mon Sep 17 00:00:00 2001
|
||||
From: Stephen Gallagher <sgallagh@redhat.com>
|
||||
Date: Sat, 7 Aug 2021 11:48:04 -0400
|
||||
Subject: [PATCH 1/2] Drop usage of ERR_GET_FUNC()
|
||||
|
||||
This macro was dropped in OpenSSL 3.0 and has actually not been
|
||||
providing a valid return code for some time.
|
||||
|
||||
Related: rhbz#1964837
|
||||
|
||||
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
|
||||
---
|
||||
include/sscg.h | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/include/sscg.h b/include/sscg.h
|
||||
index faf86ba4f68e186bd35c7bc3ec77b98b8e37d253..851dc93175607e5223a70ef40a5feb24b7b69215 100644
|
||||
--- a/include/sscg.h
|
||||
+++ b/include/sscg.h
|
||||
@@ -94,11 +94,10 @@
|
||||
if (_sslret != 1) \
|
||||
{ \
|
||||
/* Get information about error from OpenSSL */ \
|
||||
unsigned long _ssl_error = ERR_get_error (); \
|
||||
if ((ERR_GET_LIB (_ssl_error) == ERR_LIB_UI) && \
|
||||
- (ERR_GET_FUNC (_ssl_error) == UI_F_UI_SET_RESULT_EX) && \
|
||||
((ERR_GET_REASON (_ssl_error) == UI_R_RESULT_TOO_LARGE) || \
|
||||
(ERR_GET_REASON (_ssl_error) == UI_R_RESULT_TOO_SMALL))) \
|
||||
{ \
|
||||
fprintf ( \
|
||||
stderr, \
|
||||
--
|
||||
2.33.0
|
||||
|
46
SOURCES/0002-Correct-certificate-lifetime-calculation.patch
Normal file
46
SOURCES/0002-Correct-certificate-lifetime-calculation.patch
Normal file
@ -0,0 +1,46 @@
|
||||
From 87604820a935f87a8f533e3f294419d27c0514eb Mon Sep 17 00:00:00 2001
|
||||
From: Allison Karlitskaya <allison.karlitskaya@redhat.com>
|
||||
Date: Tue, 26 Oct 2021 12:32:13 +0200
|
||||
Subject: [PATCH 2/2] Correct certificate lifetime calculation
|
||||
|
||||
sscg allows passing the certificate lifetime, as a number of days, as a
|
||||
commandline argument. It converts this value to seconds using the
|
||||
formula
|
||||
|
||||
days * 24 * 3650
|
||||
|
||||
which is incorrect. The correct value is 3600.
|
||||
|
||||
This effectively adds an extra 20 minutes to the lifetime of the
|
||||
certificate for each day as given on the commandline, and was enough to
|
||||
cause some new integration tests in cockpit to fail.
|
||||
|
||||
Interestingly, 3650 is the old default value for the number of days of
|
||||
certificate validity (~10 years) so this probably slipped in as a sort
|
||||
of muscle-memory-assisted typo.
|
||||
|
||||
Let's just write `24 * 60 * 60` to make things clear.
|
||||
---
|
||||
src/x509.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/x509.c b/src/x509.c
|
||||
index dc1594a4bdcb9d81607f0fe5ad2d4562e5edb533..7c7e4dfe56d5756862f3e0f851941e846ce96f31 100644
|
||||
--- a/src/x509.c
|
||||
+++ b/src/x509.c
|
||||
@@ -416,11 +416,11 @@ sscg_sign_x509_csr (TALLOC_CTX *mem_ctx,
|
||||
X509_set_issuer_name (cert, X509_REQ_get_subject_name (csr));
|
||||
}
|
||||
|
||||
/* set time */
|
||||
X509_gmtime_adj (X509_get_notBefore (cert), 0);
|
||||
- X509_gmtime_adj (X509_get_notAfter (cert), days * 24 * 3650);
|
||||
+ X509_gmtime_adj (X509_get_notAfter (cert), days * 24 * 60 * 60);
|
||||
|
||||
/* set subject */
|
||||
subject = X509_NAME_dup (X509_REQ_get_subject_name (csr));
|
||||
sslret = X509_set_subject_name (cert, subject);
|
||||
CHECK_SSL (sslret, X509_set_subject_name);
|
||||
--
|
||||
2.33.0
|
||||
|
301
SPECS/sscg.spec
Normal file
301
SPECS/sscg.spec
Normal file
@ -0,0 +1,301 @@
|
||||
%global provider github
|
||||
%global provider_tld com
|
||||
%global project sgallagher
|
||||
%global repo sscg
|
||||
# https://github.com/sgallagher/sscg
|
||||
%global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo}
|
||||
%global import_path %{provider_prefix}
|
||||
|
||||
|
||||
Name: sscg
|
||||
Version: 3.0.0
|
||||
Release: 4%{?dist}
|
||||
Summary: Simple SSL certificate generator
|
||||
|
||||
License: GPLv3+ with exceptions
|
||||
URL: https://%{provider_prefix}
|
||||
Source0: https://%{provider_prefix}/releases/download/%{repo}-%{version}/%{repo}-%{version}.tar.xz
|
||||
|
||||
BuildRequires: gcc
|
||||
BuildRequires: libtalloc-devel
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: popt-devel
|
||||
BuildRequires: libpath_utils-devel
|
||||
BuildRequires: meson
|
||||
BuildRequires: ninja-build
|
||||
BuildRequires: help2man
|
||||
|
||||
|
||||
Patch0001: 0001-Drop-usage-of-ERR_GET_FUNC.patch
|
||||
Patch0002: 0002-Correct-certificate-lifetime-calculation.patch
|
||||
|
||||
|
||||
%description
|
||||
A utility to aid in the creation of more secure "self-signed"
|
||||
certificates. The certificates created by this tool are generated in a
|
||||
way so as to create a CA certificate that can be safely imported into a
|
||||
client machine to trust the service certificate without needing to set
|
||||
up a full PKI environment and without exposing the machine to a risk of
|
||||
false signatures from the service certificate.
|
||||
|
||||
%prep
|
||||
%autosetup -p1
|
||||
|
||||
|
||||
%build
|
||||
%meson
|
||||
%meson_build
|
||||
|
||||
%install
|
||||
%meson_install
|
||||
|
||||
%check
|
||||
%meson_test -t 10
|
||||
|
||||
%files
|
||||
%license COPYING
|
||||
%doc README.md
|
||||
%{_bindir}/%{name}
|
||||
%{_mandir}/man8/%{name}.8*
|
||||
|
||||
%changelog
|
||||
* Fri Oct 29 2021 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-4
|
||||
- Correct certificate lifetime calculation
|
||||
- Resolves: rhbz#2017667
|
||||
|
||||
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 3.0.0-3
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
|
||||
* Sat Aug 07 2021 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-2
|
||||
- Drop usage of removed macro ERR_GET_FUNC()
|
||||
- Related: rhbz#1964837
|
||||
|
||||
* Wed Jul 21 2021 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-1
|
||||
- Release 3.0.0
|
||||
- Support for OpenSSL 3.0
|
||||
- Support for outputting named Diffie-Hellman parameter groups
|
||||
- Support for CentOS Stream 9
|
||||
- Resolves: rhbz#1984468
|
||||
|
||||
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.6.2-8
|
||||
- Rebuilt for RHEL 9 BETA for openssl 3.0
|
||||
Related: rhbz#1971065
|
||||
|
||||
* Wed May 26 2021 Stephen Gallagher <sgallagh@redhat.com> - 2.6.2-7
|
||||
- OpenSSL 3.0 compatibility: fix RSA key-generation test
|
||||
- Resolves: rhbz#1964837
|
||||
|
||||
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.6.2-6
|
||||
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||
|
||||
* Wed Mar 17 2021 Stephen Gallagher <sgallagh@redhat.com> - 2.6.2-5
|
||||
- Fixing incorrect license declaration
|
||||
|
||||
* Wed Mar 17 2021 Stephen Gallagher <sgallagh@redhat.com> - 2.6.2-4
|
||||
- Updating to rebuild against the latest glibc
|
||||
|
||||
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Tue Jun 23 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.6.2-1
|
||||
- Update to 2.6.2
|
||||
- Handle very short and very long passphrases properly (fixes rhbz#1850183)
|
||||
- Drop upstreamed patch
|
||||
|
||||
* Thu Apr 30 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.6.1-4
|
||||
- Rebuild with corrected ELN macro definitions
|
||||
|
||||
* Thu Apr 30 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.6.1-3
|
||||
- Don't bother running clang-format in the RPM build
|
||||
- Lengthen the test timeout so ARM tests pass
|
||||
|
||||
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Thu Jan 09 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.6.1-1
|
||||
- Bugfixes from upstream
|
||||
|
||||
* Fri Dec 13 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.6.0-2
|
||||
- Fix incorrect help description for --client-key-file
|
||||
|
||||
* Fri Dec 13 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.6.0-1
|
||||
- Update to 2.6.0
|
||||
- Can now generate an empty CRL file.
|
||||
- Can now create and store a Diffie-Hellman parameters (dhparams) file.
|
||||
- Support for setting a password on private keys.
|
||||
- Support for generating a client authentication certificate and key.
|
||||
- Better support for OpenSSL 1.0
|
||||
|
||||
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.1-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.1-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Wed Nov 28 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.5.1-1
|
||||
- Update to 2.5.1
|
||||
- Fixes discovered by automated testing.
|
||||
|
||||
* Wed Nov 28 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.5.0-1
|
||||
- Update to 2.5.0
|
||||
- Auto-detect the hash algorithm to use by default.
|
||||
|
||||
* Tue Nov 27 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.4.0-1
|
||||
- Update to 2.4.0
|
||||
- Autodetect the minimum key strength from the system security level.
|
||||
- Disallow setting a key strength below the system minimum.
|
||||
|
||||
- Drop upstreamed patches
|
||||
|
||||
* Mon Sep 17 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-4
|
||||
- Add a manpage.
|
||||
|
||||
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.3-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
|
||||
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.3-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||
|
||||
* Fri Feb 02 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-1
|
||||
- Update to 2.3.3
|
||||
- Do not overwrite destination files without --force
|
||||
|
||||
* Thu Jan 25 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.2-1
|
||||
- Update to 2.3.2
|
||||
- Properly support hostnames up to 64 characters
|
||||
- Resolves: rhbz#1535537
|
||||
|
||||
* Tue Jan 02 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.1-2
|
||||
- Skip tests on 32-bit ARM for now
|
||||
|
||||
* Tue Jan 02 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.1-1
|
||||
- Update to 2.3.1
|
||||
- Bundle popt 1.16 on older releases like EPEL.
|
||||
|
||||
* Mon Dec 18 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.3.0-1
|
||||
- Update to 2.3.0
|
||||
- Switch to meson build system
|
||||
- Add support for non-DNS subjectAlternativeName values (issue #4)
|
||||
|
||||
* Thu Sep 21 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.2.0-1
|
||||
- Reorder combined PEM file
|
||||
- Resolves: RHBZ#1494208
|
||||
|
||||
* Wed Sep 20 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.1.0-1
|
||||
- Add --email argument for setting emailAddress in the issuer
|
||||
|
||||
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.4-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||
|
||||
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.4-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
||||
|
||||
* Mon Apr 03 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.0.4-2
|
||||
- Bump release to perform taskotron tests
|
||||
|
||||
* Tue Mar 21 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.0.4-1
|
||||
- Update to 2.0.4
|
||||
- Addresses a potential race-condition when the key and certificate share the
|
||||
same file.
|
||||
|
||||
* Wed Mar 08 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.0.3-1
|
||||
- Update to 2.0.3
|
||||
- Adds support for setting the file mode on the output certificates
|
||||
and keys.
|
||||
|
||||
* Fri Mar 03 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.0.2-1
|
||||
- Update to 2.0.2
|
||||
- Always run with umask(077)
|
||||
|
||||
* Fri Mar 03 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.0.1-1
|
||||
- Update to 2.0.1
|
||||
- Fix an issue with passing certificate lifetime explicitly
|
||||
|
||||
* Thu Feb 16 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.0.0-1
|
||||
- Update to 2.0.0
|
||||
|
||||
* Thu Feb 16 2017 Stephen Gallagher <sgallagh@redhat.com> - 1.1.0-6
|
||||
- Exclude PPC64 from the build since it doesn't support linking to OpenSSL
|
||||
|
||||
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.0-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
||||
|
||||
* Wed Nov 23 2016 Stephen Gallagher <sgallagh@redhat.com> - 1.1.0-4
|
||||
- Use compat-openssl10-devel on F26+
|
||||
|
||||
* Thu Jul 21 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1.0-3
|
||||
- https://fedoraproject.org/wiki/Changes/golang1.7
|
||||
|
||||
* Tue May 31 2016 Stephen Gallagher <sgallagh@redhat.com> - 1.1.0-2
|
||||
- Debundle spacelog
|
||||
|
||||
* Wed May 25 2016 Stephen Gallagher <sgallagh@redhat.com> - 1.1.0-1
|
||||
- Update to 1.1.0
|
||||
- Add support for signing service keys with an existing CA
|
||||
|
||||
* Wed May 25 2016 Stephen Gallagher <sgallagh@redhat.com> - 1.0.4-1
|
||||
- Add support for exporting the CA private key
|
||||
- Fix incorrect output from -version
|
||||
- Add README.md
|
||||
|
||||
* Tue May 24 2016 Stephen Gallagher <sgallagh@redhat.com> - 1.0.3-1
|
||||
- Only sign certificates after all extensions have been added
|
||||
|
||||
* Mon May 23 2016 Stephen Gallagher <sgallagh@redhat.com> - 1.0.2-1
|
||||
- Generate x509v3 certificates
|
||||
|
||||
* Mon May 23 2016 Stephen Gallagher <sgallagh@redhat.com> - 1.0.1-1
|
||||
- Fix issue with temporary file creation
|
||||
|
||||
* Mon May 23 2016 Stephen Gallagher <sgallagh@redhat.com> - 1.0.0-1
|
||||
- New upstream release 1.0.0
|
||||
- Rewritten in Go
|
||||
- Runtime depends only on OpenSSL, no more Python
|
||||
- Support for writing certificate and key in a single file
|
||||
|
||||
* Wed May 18 2016 Stephen Gallagher <sgallagh@redhat.com> - 0.4.1-4
|
||||
- Add requirement on python-setuptools
|
||||
|
||||
* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.1-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
||||
|
||||
* Tue Nov 10 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.1-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5
|
||||
|
||||
* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.1-1
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
||||
|
||||
* Mon Mar 30 2015 Stephen Gallagher <sgallagh@redhat.com> 0.4.1-1
|
||||
- Change default CA location to match service certificate
|
||||
- Improve error handling
|
||||
|
||||
* Tue Mar 24 2015 Stephen Gallagher <sgallagh@redhat.com> 0.4.0-1
|
||||
- Spec file cleanups
|
||||
- PEP8 Cleanups
|
||||
- Make location arguments optional
|
||||
|
||||
* Mon Mar 23 2015 Stephen Gallagher <sgallagh@redhat.com> 0.3.0-1
|
||||
- Rename to sscg
|
||||
- Only build with default python interpreter
|
||||
|
||||
* Tue Mar 17 2015 Stephen Gallagher <sgallagh@redhat.com> 0.2.1-1
|
||||
- Include the LICENSE file in the tarball
|
||||
|
||||
* Tue Mar 17 2015 Stephen Gallagher <sgallagh@redhat.com> 0.2-2
|
||||
- Include the license in the build RPMs
|
||||
|
||||
* Tue Mar 17 2015 Stephen Gallagher <sgallagh@redhat.com> 0.2-1
|
||||
- Add support for namedConstraints
|
||||
- Add support for subjectAltNames
|
||||
- Fix packaging issues from Fedora package review
|
||||
|
||||
* Mon Mar 16 2015 Stephen Gallagher <sgallagh@redhat.com> 0.1-2
|
||||
- Update BuildRequires
|
||||
|
||||
* Mon Mar 16 2015 Stephen Gallagher <sgallagh@redhat.com> 0.1-1
|
||||
- First packaging
|
||||
|
Loading…
Reference in New Issue
Block a user