|
|
8e0d43e |
%define alphatag rc1
|
|
|
8e0d43e |
%define revision %{?alphatag:-}%{alphatag}
|
|
|
8e0d43e |
|
|
|
8e0d43e |
|
|
|
8e0d43e |
Name: ocspd
|
|
|
8e0d43e |
Version: 1.5.1
|
|
|
e9ef787 |
Release: 0.4.%{alphatag}%{?dist}
|
|
|
8e0d43e |
Summary: OpenCA OCSP Daemon
|
|
|
8e0d43e |
License: ASL 1.0
|
|
|
8e0d43e |
Group: System Environment/Daemons
|
|
|
8e0d43e |
Source: http://downloads.sourceforge.net/openca/openca-ocspd-%{version}%{revision}.tar.gz
|
|
|
8e0d43e |
Patch1: openca-ocspd-1.5.1-bufresponse.patch
|
|
|
8e0d43e |
Patch2: openca-ocspd-1.5.1-misc.patch
|
|
|
8e0d43e |
Patch3: openca-ocspd-1.5.1-badcomment.patch
|
|
|
8e0d43e |
URL: http://www.openca.org/projects/ocspd
|
|
|
8e0d43e |
Obsoletes: openca-ocspd <= %{version}-%{release}
|
|
|
8e0d43e |
Provides: openca-ocspd = %{version}-%{release}
|
|
|
8e0d43e |
Requires(pre): shadow-utils
|
|
|
8e0d43e |
Requires(post): chkconfig
|
|
|
8e0d43e |
Requires(preun):chkconfig
|
|
|
8e0d43e |
Requires(preun):initscripts
|
|
|
8e0d43e |
Requires(postun):initscripts
|
|
|
8e0d43e |
BuildRequires: openssl-devel
|
|
|
8e0d43e |
BuildRequires: openldap-devel
|
|
|
8e0d43e |
BuildRequires: automake autoconf
|
|
|
8e0d43e |
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
|
|
|
8e0d43e |
|
|
|
8e0d43e |
%description
|
|
|
8e0d43e |
The ocspd is an RFC2560 compliant OCSPD responder. It can be used to
|
|
|
8e0d43e |
verify the status of a certificate using OCSP clients (such as
|
|
|
8e0d43e |
Mozilla/Firefox/Thunderbird/Apache).
|
|
|
8e0d43e |
|
|
|
8e0d43e |
|
|
|
8e0d43e |
%prep
|
|
|
8e0d43e |
%setup -q -n openca-ocspd-%{version}%{revision}
|
|
|
8e0d43e |
%patch1 -p1 -b .bufresponse
|
|
|
8e0d43e |
%patch2 -p1 -b .misc
|
|
|
8e0d43e |
%patch3 -p1 -b .badcomment
|
|
|
8e0d43e |
|
|
|
8e0d43e |
|
|
|
8e0d43e |
%build
|
|
|
8e0d43e |
|
|
|
8e0d43e |
# Need automake/autoconf rebuild because of above patches.
|
|
|
8e0d43e |
|
|
|
8e0d43e |
aclocal
|
|
|
8e0d43e |
autoheader
|
|
|
8e0d43e |
automake
|
|
|
8e0d43e |
autoconf
|
|
|
8e0d43e |
|
|
|
8e0d43e |
|
|
|
8e0d43e |
%ifarch alpha
|
|
|
8e0d43e |
ARCH_FLAGS="--host=alpha-redhat-linux"
|
|
|
8e0d43e |
%endif
|
|
|
8e0d43e |
|
|
|
8e0d43e |
|
|
|
8e0d43e |
%configure ${ARCH_FLAGS} --enable-openssl-engine --with-ocspd-group=ocspd
|
|
|
8e0d43e |
make %{?_smp_mflags}
|
|
|
8e0d43e |
|
|
|
8e0d43e |
|
|
|
8e0d43e |
%install
|
|
|
8e0d43e |
rm -rf "${RPM_BUILD_ROOT}"
|
|
|
8e0d43e |
|
|
|
8e0d43e |
make DESTDIR="${RPM_BUILD_ROOT}" install
|
|
|
8e0d43e |
|
|
|
8e0d43e |
|
|
|
8e0d43e |
%clean
|
|
|
8e0d43e |
rm -rf "${RPM_BUILD_ROOT}"
|
|
|
8e0d43e |
|
|
|
8e0d43e |
|
|
|
8e0d43e |
%pre
|
|
|
8e0d43e |
getent group ocspd >/dev/null || groupadd -r ocspd
|
|
|
8e0d43e |
getent passwd ocspd >/dev/null ||
|
|
|
8e0d43e |
useradd -r -g ocspd -d "%{_sysconfdir}/ocspd" \
|
|
|
8e0d43e |
-s /sbin/nologin -c "OCSP Responder" ocspd
|
|
|
8e0d43e |
exit 0
|
|
|
8e0d43e |
|
|
|
8e0d43e |
|
|
|
8e0d43e |
%post
|
|
|
8e0d43e |
/sbin/chkconfig --add ocspd
|
|
|
8e0d43e |
|
|
|
8e0d43e |
|
|
|
8e0d43e |
%preun
|
|
|
8e0d43e |
if [ "${1}" = "0" ]
|
|
|
8e0d43e |
then /sbin/service ocspd stop >/dev/null 2>&1 || :
|
|
|
8e0d43e |
/sbin/chkconfig --del ocspd
|
|
|
8e0d43e |
fi
|
|
|
8e0d43e |
|
|
|
8e0d43e |
|
|
|
8e0d43e |
%postun
|
|
|
8e0d43e |
if [ "${1}" -gt "0" ]
|
|
|
8e0d43e |
then /sbin/service ocspd condrestart >/dev/null 2>&1 || :
|
|
|
8e0d43e |
fi
|
|
|
8e0d43e |
|
|
|
8e0d43e |
|
|
|
8e0d43e |
%files
|
|
|
8e0d43e |
%defattr(-, root, root, -)
|
|
|
8e0d43e |
%doc AUTHORS COPYING ChangeLog README
|
|
|
8e0d43e |
%{_sbindir}/*
|
|
|
8e0d43e |
%dir %{_sysconfdir}/ocspd
|
|
|
8e0d43e |
%dir %{_sysconfdir}/ocspd/c*
|
|
|
8e0d43e |
%attr(700, ocspd, root) %dir %{_sysconfdir}/ocspd/private
|
|
|
8e0d43e |
%config(noreplace) %{_sysconfdir}/ocspd/ocspd.conf
|
|
|
8e0d43e |
%config(noreplace) %{_sysconfdir}/sysconfig/*
|
|
|
8e0d43e |
%{_initrddir}/*
|
|
|
8e0d43e |
%{_mandir}/*/*
|
|
|
8e0d43e |
|
|
|
8e0d43e |
|
|
|
8e0d43e |
%changelog
|
|
|
e9ef787 |
* Sat Jan 17 2009 Tomas Mraz <tmraz@redhat.com> 1.5.1-0.4.rc1
|
|
|
e9ef787 |
- rebuild with new openssl
|
|
|
e9ef787 |
|
|
|
8e0d43e |
* Wed Oct 8 2008 Patrick Monnerat <pm@datasphere.ch> 1.5.1-0.3.rc1
|
|
|
8e0d43e |
- Use group "ocspd" for daemon.
|
|
|
8e0d43e |
|
|
|
8e0d43e |
* Tue Oct 7 2008 Patrick Monnerat <pm@datasphere.ch> 1.5.1-0.2.rc1
|
|
|
8e0d43e |
- Spec file section reworked.
|
|
|
8e0d43e |
- autoheader called.
|
|
|
8e0d43e |
- Patch "badcomment" to replace bad "#" comment marks in configure.in.
|
|
|
8e0d43e |
- Unimplemented configure option "--disable-shared" removed.
|
|
|
8e0d43e |
- System user creation reworked.
|
|
|
8e0d43e |
|
|
|
8e0d43e |
* Wed Jul 2 2008 Patrick Monnerat <pm@datasphere.ch> 1.5.1-0.1.rc1
|
|
|
8e0d43e |
- Package revision change and specs reworked according to Fedora standards.
|
|
|
8e0d43e |
|
|
|
8e0d43e |
* Mon Jun 30 2008 Patrick Monnerat <pm@datasphere.ch> 1.5.1-rc1.2
|
|
|
8e0d43e |
- Specific Fedora RPM spec file, obsolescing package "openca-ocspd".
|
|
|
8e0d43e |
- Patch "bufresponse" to output response in a single packet if possible.
|
|
|
8e0d43e |
- Patch "misc" to clean-up various things, such as suppressing the need of
|
|
|
8e0d43e |
an unused CA certificate, use of regular Fedora directories, configuration
|
|
|
8e0d43e |
files fixes, typos, configurable listen() queue length, configuration
|
|
|
8e0d43e |
parameter names, autoconf 2.62 compatibility, etc.
|
|
|
8e0d43e |
|
|
|
8e0d43e |
* Sun Oct 15 2006 Massimiliano Pala <madwolf@openca.org>
|
|
|
8e0d43e |
-Fixed HTTP HEADERS parsing problem
|
|
|
8e0d43e |
-Tested behind an Apache Proxy
|
|
|
8e0d43e |
-Added '-debug' startup option to output the HTTP head and additional
|
|
|
8e0d43e |
informations to be pushed to stderr
|
|
|
8e0d43e |
|
|
|
8e0d43e |
* Fri Oct 13 2006 Massimiliano Pala <madwolf@openca.org>
|
|
|
8e0d43e |
-Completely changed the codebase in order to use threads instead
|
|
|
8e0d43e |
of fork().
|
|
|
8e0d43e |
-Fixed compilation under OpenSolaris (SunOS 5.11)
|
|
|
8e0d43e |
-Added chroot() capabilities
|
|
|
8e0d43e |
-Added options to set the number of threads to be pre-spawned
|
|
|
8e0d43e |
-Fixed Socket creation under Solaris (Accept)
|
|
|
8e0d43e |
-Moved from BIO_* interface to pure socket implementation for
|
|
|
8e0d43e |
better Network options management
|
|
|
8e0d43e |
|
|
|
8e0d43e |
* Tue Jul 18 2006 Massimiliano Pala <madwolf@openca.org>
|
|
|
8e0d43e |
-Removed required index file option in the configuration file (was not
|
|
|
8e0d43e |
used)
|
|
|
8e0d43e |
|
|
|
8e0d43e |
* Mon Apr 24 2006 Massimiliano Pala <madwolf@openca.org>
|
|
|
8e0d43e |
-Fixed invalidity date problem (no more empty ext added to responses)
|
|
|
8e0d43e |
-Added log reporting of returned status about a response when the
|
|
|
8e0d43e |
verbose switch is used (before it was enabled only in DEBUG mode)
|
|
|
8e0d43e |
|
|
|
8e0d43e |
* Mon Dec 19 2005 Massimiliano Pala <madwolf@openca.org>
|
|
|
8e0d43e |
-Added chroot facility to enhance server security
|
|
|
8e0d43e |
|
|
|
8e0d43e |
* Thu Nov 3 2005 Massimiliano Pala <madwolf@openca.org>
|
|
|
8e0d43e |
-Fixed compile against OpenSSL 0.9.8a
|
|
|
8e0d43e |
-Fixed HTTP downloading routines for CRLs and CA certs
|
|
|
8e0d43e |
-Fixed Solaris Port for Signal Handling on CRLs check and reloading
|
|
|
8e0d43e |
|
|
|
8e0d43e |
* Thu Oct 6 2005 Massimiliano Pala <madwolf@openca.org>
|
|
|
8e0d43e |
-Fixed variables init (for Solaris) and code cleanup
|
|
|
8e0d43e |
|
|
|
8e0d43e |
* Thu Apr 28 2005 Massimiliano Pala <madwolf@openca.org>
|
|
|
8e0d43e |
-Fixed RPM installation of man pages
|
|
|
8e0d43e |
|
|
|
8e0d43e |
* Wed Apr 27 2005 Massimiliano Pala <madwolf@openca.org>
|
|
|
8e0d43e |
-Fixed RPM creation on Fedora Distros
|
|
|
8e0d43e |
|
|
|
8e0d43e |
* Tue Apr 19 2005 Massimiliano Pala <madwolf@openca.org>
|
|
|
8e0d43e |
-Fixed child re-spawning when HSM is active
|
|
|
8e0d43e |
-Added support for CA/CRL downloading via HTTP
|
|
|
8e0d43e |
|
|
|
8e0d43e |
* Fri Jan 28 2005 Massimiliano Pala <madwolf@openca.org>
|
|
|
8e0d43e |
-Fixed SIGHUP problem when auto_crl_reload was enabled
|
|
|
8e0d43e |
-Fixed Solaris include for flock usage instead of semaphores
|
|
|
8e0d43e |
-Added --enable-flock and --enable-semaphores in configure script
|
|
|
8e0d43e |
|
|
|
8e0d43e |
* Tue Jan 18 2005 Massimiliano Pala <madwolf@openca.org>
|
|
|
8e0d43e |
- Fixed bug for nextUpdate and lastUpdate fields setting when reloading
|
|
|
8e0d43e |
CRLs.
|
|
|
8e0d43e |
- Added CA certificate loading from LDAP.
|
|
|
8e0d43e |
- Added multiple CA certificate from the same cACertificate entry in LDAP.
|
|
|
8e0d43e |
- Fixed Solaris putenv issues in configure.c
|
|
|
8e0d43e |
- Added OS architecture specific targes in makefiles
|
|
|
8e0d43e |
|
|
|
8e0d43e |
* Wed May 19 2004 Massimiliano Pala <madwolf@openca.org>
|
|
|
8e0d43e |
- First support for new data structure for CRL lookup and multi CAs
|
|
|
8e0d43e |
support (not working now)
|
|
|
8e0d43e |
- Fixed configure.in for correct generation of config.h
|
|
|
8e0d43e |
- Fixed configure.in for openldap ld options (for non-standard directories)
|
|
|
8e0d43e |
|
|
|
8e0d43e |
* Mon May 17 2004 Massimiliano Pala <madwolf@openca.org>
|
|
|
8e0d43e |
- Fixed compilation problems on Solaris
|
|
|
8e0d43e |
- Added support for exclusion of ldap usage (--disable-openldap)
|
|
|
8e0d43e |
- Added support for openldap directory specification
|
|
|
8e0d43e |
- Fixed signal handling and correct children death
|
|
|
8e0d43e |
- Added pre-spawning of processes()
|
|
|
8e0d43e |
|
|
|
8e0d43e |
* Thu May 13 2004 Massimiliano Pala <madwolf@openca.org>
|
|
|
8e0d43e |
- Fixed miscreation of responses when certificate is revoked
|
|
|
8e0d43e |
- Fixed crl loading checking (segmentation fault on loading fixed)
|
|
|
8e0d43e |
|
|
|
8e0d43e |
* Fri Jan 17 2003 Massimiliano Pala <madwolf@openca.org>
|
|
|
8e0d43e |
- Correclty lookup using loaded CRL
|
|
|
8e0d43e |
- Added extensions management from CRL to OCSP response
|
|
|
8e0d43e |
|
|
|
8e0d43e |
* Mon Jan 13 2003 Massimiliano Pala <madwolf@openca.org>
|
|
|
8e0d43e |
- Updated the sample (contrib/) configuration file
|
|
|
8e0d43e |
- Added CRL retrivial from LDAP server
|
|
|
8e0d43e |
- Added LDAP support (needs OpenLDAP libraries)
|
|
|
8e0d43e |
- Added CRL retrivial from file
|
|
|
8e0d43e |
|
|
|
8e0d43e |
* Wed Oct 16 2002 Massimiliano Pala <madwolf@openca.org>
|
|
|
8e0d43e |
- Fixed daemon description
|
|
|
8e0d43e |
- Fixed requirements (for ENGINE support)
|
|
|
8e0d43e |
- Added multi child spawning (max_childs_num)
|
|
|
8e0d43e |
- Fixed zombi child presence
|
|
|
8e0d43e |
|
|
|
8e0d43e |
* Mon Feb 25 2002 Massimiliano Pala <madwolf@openca.org>
|
|
|
8e0d43e |
- Fixed response generation
|
|
|
8e0d43e |
|
|
|
8e0d43e |
* Thu Feb 20 2001 Massimiliano Pala <madwolf@openca.org>
|
|
|
8e0d43e |
- First RPM spec file
|