%define alphatag rc1
%define revision %{?alphatag:-}%{alphatag}
Name: ocspd
Version: 1.5.1
Release: 0.7.%{alphatag}%{?dist}
Summary: OpenCA OCSP Daemon
License: ASL 1.0
Group: System Environment/Daemons
Source: http://downloads.sourceforge.net/openca/openca-ocspd-%{version}%{revision}.tar.gz
Patch1: openca-ocspd-1.5.1-bufresponse.patch
Patch2: openca-ocspd-1.5.1-misc.patch
Patch3: openca-ocspd-1.5.1-badcomment.patch
URL: http://www.openca.org/projects/ocspd
Obsoletes: openca-ocspd <= %{version}-%{release}
Provides: openca-ocspd = %{version}-%{release}
Requires(pre): shadow-utils
Requires(post): chkconfig
Requires(preun):chkconfig
Requires(preun):initscripts
Requires(postun):initscripts
BuildRequires: openssl-devel
BuildRequires: openldap-devel
BuildRequires: automake autoconf
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
%description
The ocspd is an RFC2560 compliant OCSPD responder. It can be used to
verify the status of a certificate using OCSP clients (such as
Mozilla/Firefox/Thunderbird/Apache).
%prep
%setup -q -n openca-ocspd-%{version}%{revision}
%patch1 -p1 -b .bufresponse
%patch2 -p1 -b .misc
%patch3 -p1 -b .badcomment
%build
# Need automake/autoconf rebuild because of above patches.
aclocal
autoheader
automake
autoconf
%ifarch alpha
ARCH_FLAGS="--host=alpha-redhat-linux"
%endif
%configure ${ARCH_FLAGS} --enable-openssl-engine --with-ocspd-group=ocspd
make %{?_smp_mflags}
%install
rm -rf "${RPM_BUILD_ROOT}"
make DESTDIR="${RPM_BUILD_ROOT}" install
%clean
rm -rf "${RPM_BUILD_ROOT}"
%pre
getent group ocspd >/dev/null || groupadd -r ocspd
getent passwd ocspd >/dev/null ||
useradd -r -g ocspd -d "%{_sysconfdir}/ocspd" \
-s /sbin/nologin -c "OCSP Responder" ocspd
exit 0
%post
/sbin/chkconfig --add ocspd
%preun
if [ "${1}" = "0" ]
then /sbin/service ocspd stop >/dev/null 2>&1 || :
/sbin/chkconfig --del ocspd
fi
%postun
if [ "${1}" -gt "0" ]
then /sbin/service ocspd condrestart >/dev/null 2>&1 || :
fi
%files
%defattr(-, root, root, -)
%doc AUTHORS COPYING ChangeLog README
%{_sbindir}/*
%dir %{_sysconfdir}/ocspd
%dir %{_sysconfdir}/ocspd/c*
%attr(700, ocspd, root) %dir %{_sysconfdir}/ocspd/private
%config(noreplace) %{_sysconfdir}/ocspd/ocspd.conf
%config(noreplace) %{_sysconfdir}/sysconfig/*
%{_initrddir}/*
%{_mandir}/*/*
%changelog
* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 1.5.1-0.7.rc1
- rebuilt with new openssl
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5.1-0.6.rc1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5.1-0.5.rc1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Sat Jan 17 2009 Tomas Mraz <tmraz@redhat.com> 1.5.1-0.4.rc1
- rebuild with new openssl
* Wed Oct 8 2008 Patrick Monnerat <pm@datasphere.ch> 1.5.1-0.3.rc1
- Use group "ocspd" for daemon.
* Tue Oct 7 2008 Patrick Monnerat <pm@datasphere.ch> 1.5.1-0.2.rc1
- Spec file section reworked.
- autoheader called.
- Patch "badcomment" to replace bad "#" comment marks in configure.in.
- Unimplemented configure option "--disable-shared" removed.
- System user creation reworked.
* Wed Jul 2 2008 Patrick Monnerat <pm@datasphere.ch> 1.5.1-0.1.rc1
- Package revision change and specs reworked according to Fedora standards.
* Mon Jun 30 2008 Patrick Monnerat <pm@datasphere.ch> 1.5.1-rc1.2
- Specific Fedora RPM spec file, obsolescing package "openca-ocspd".
- Patch "bufresponse" to output response in a single packet if possible.
- Patch "misc" to clean-up various things, such as suppressing the need of
an unused CA certificate, use of regular Fedora directories, configuration
files fixes, typos, configurable listen() queue length, configuration
parameter names, autoconf 2.62 compatibility, etc.
* Sun Oct 15 2006 Massimiliano Pala <madwolf@openca.org>
-Fixed HTTP HEADERS parsing problem
-Tested behind an Apache Proxy
-Added '-debug' startup option to output the HTTP head and additional
informations to be pushed to stderr
* Fri Oct 13 2006 Massimiliano Pala <madwolf@openca.org>
-Completely changed the codebase in order to use threads instead
of fork().
-Fixed compilation under OpenSolaris (SunOS 5.11)
-Added chroot() capabilities
-Added options to set the number of threads to be pre-spawned
-Fixed Socket creation under Solaris (Accept)
-Moved from BIO_* interface to pure socket implementation for
better Network options management
* Tue Jul 18 2006 Massimiliano Pala <madwolf@openca.org>
-Removed required index file option in the configuration file (was not
used)
* Mon Apr 24 2006 Massimiliano Pala <madwolf@openca.org>
-Fixed invalidity date problem (no more empty ext added to responses)
-Added log reporting of returned status about a response when the
verbose switch is used (before it was enabled only in DEBUG mode)
* Mon Dec 19 2005 Massimiliano Pala <madwolf@openca.org>
-Added chroot facility to enhance server security
* Thu Nov 3 2005 Massimiliano Pala <madwolf@openca.org>
-Fixed compile against OpenSSL 0.9.8a
-Fixed HTTP downloading routines for CRLs and CA certs
-Fixed Solaris Port for Signal Handling on CRLs check and reloading
* Thu Oct 6 2005 Massimiliano Pala <madwolf@openca.org>
-Fixed variables init (for Solaris) and code cleanup
* Thu Apr 28 2005 Massimiliano Pala <madwolf@openca.org>
-Fixed RPM installation of man pages
* Wed Apr 27 2005 Massimiliano Pala <madwolf@openca.org>
-Fixed RPM creation on Fedora Distros
* Tue Apr 19 2005 Massimiliano Pala <madwolf@openca.org>
-Fixed child re-spawning when HSM is active
-Added support for CA/CRL downloading via HTTP
* Fri Jan 28 2005 Massimiliano Pala <madwolf@openca.org>
-Fixed SIGHUP problem when auto_crl_reload was enabled
-Fixed Solaris include for flock usage instead of semaphores
-Added --enable-flock and --enable-semaphores in configure script
* Tue Jan 18 2005 Massimiliano Pala <madwolf@openca.org>
- Fixed bug for nextUpdate and lastUpdate fields setting when reloading
CRLs.
- Added CA certificate loading from LDAP.
- Added multiple CA certificate from the same cACertificate entry in LDAP.
- Fixed Solaris putenv issues in configure.c
- Added OS architecture specific targes in makefiles
* Wed May 19 2004 Massimiliano Pala <madwolf@openca.org>
- First support for new data structure for CRL lookup and multi CAs
support (not working now)
- Fixed configure.in for correct generation of config.h
- Fixed configure.in for openldap ld options (for non-standard directories)
* Mon May 17 2004 Massimiliano Pala <madwolf@openca.org>
- Fixed compilation problems on Solaris
- Added support for exclusion of ldap usage (--disable-openldap)
- Added support for openldap directory specification
- Fixed signal handling and correct children death
- Added pre-spawning of processes()
* Thu May 13 2004 Massimiliano Pala <madwolf@openca.org>
- Fixed miscreation of responses when certificate is revoked
- Fixed crl loading checking (segmentation fault on loading fixed)
* Fri Jan 17 2003 Massimiliano Pala <madwolf@openca.org>
- Correclty lookup using loaded CRL
- Added extensions management from CRL to OCSP response
* Mon Jan 13 2003 Massimiliano Pala <madwolf@openca.org>
- Updated the sample (contrib/) configuration file
- Added CRL retrivial from LDAP server
- Added LDAP support (needs OpenLDAP libraries)
- Added CRL retrivial from file
* Wed Oct 16 2002 Massimiliano Pala <madwolf@openca.org>
- Fixed daemon description
- Fixed requirements (for ENGINE support)
- Added multi child spawning (max_childs_num)
- Fixed zombi child presence
* Mon Feb 25 2002 Massimiliano Pala <madwolf@openca.org>
- Fixed response generation
* Thu Feb 20 2001 Massimiliano Pala <madwolf@openca.org>
- First RPM spec file