|  |  |  | ##
 | 
					
						
							|  |  |  | ##  cfssl.spec -- OpenPKG RPM Package Specification
 | 
					
						
							|  |  |  | ##  Copyright (c) 2000-2017 OpenPKG Foundation e.V. <http://openpkg.net/>
 | 
					
						
							|  |  |  | ##
 | 
					
						
							|  |  |  | ##  Permission to use, copy, modify, and distribute this software for
 | 
					
						
							|  |  |  | ##  any purpose with or without fee is hereby granted, provided that
 | 
					
						
							|  |  |  | ##  the above copyright notice and this permission notice appear in all
 | 
					
						
							|  |  |  | ##  copies.
 | 
					
						
							|  |  |  | ##
 | 
					
						
							|  |  |  | ##  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
 | 
					
						
							|  |  |  | ##  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
 | 
					
						
							|  |  |  | ##  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 | 
					
						
							|  |  |  | ##  IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
 | 
					
						
							|  |  |  | ##  CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 | 
					
						
							|  |  |  | ##  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 | 
					
						
							|  |  |  | ##  LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
 | 
					
						
							|  |  |  | ##  USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 | 
					
						
							|  |  |  | ##  ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 | 
					
						
							|  |  |  | ##  OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
 | 
					
						
							|  |  |  | ##  OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 | 
					
						
							|  |  |  | ##  SUCH DAMAGE.
 | 
					
						
							|  |  |  | ##
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | #   package version
 | 
					
						
							|  |  |  | %define       V_opkg  20171018
 | 
					
						
							|  |  |  | %define       V_dist  20171018
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | #   package information
 | 
					
						
							|  |  |  | Name:         cfssl
 | 
					
						
							|  |  |  | Summary:      CloudFlare PKI Toolkit
 | 
					
						
							|  |  |  | URL:          https://github.com/cloudflare/cfssl
 | 
					
						
							|  |  |  | Vendor:       CloudFlare
 | 
					
						
							|  |  |  | Packager:     OpenPKG Foundation e.V.
 | 
					
						
							|  |  |  | Distribution: OpenPKG Community
 | 
					
						
							|  |  |  | Class:        EVAL
 | 
					
						
							|  |  |  | Group:        Networking
 | 
					
						
							|  |  |  | License:      MIT
 | 
					
						
							|  |  |  | Version:      %{V_opkg}
 | 
					
						
							|  |  |  | Release:      20171018
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | #   list of sources
 | 
					
						
							|  |  |  | Source0:      http://download.openpkg.org/components/versioned/cfssl/cfssl-%{V_dist}.tar.xz
 | 
					
						
							|  |  |  | Source1:      rc.cfssl
 | 
					
						
							|  |  |  | Source2:      ca.json
 | 
					
						
							|  |  |  | Source3:      cfssl-initca.sh
 | 
					
						
							|  |  |  | Patch0:       cfssl.patch
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | #   build information
 | 
					
						
							|  |  |  | BuildPreReq:  OpenPKG, openpkg >= 20160101, go
 | 
					
						
							|  |  |  | PreReq:       OpenPKG, openpkg >= 20160101
 | 
					
						
							|  |  |  | BuildPreReq:  libtool
 | 
					
						
							|  |  |  | PreReq:       libtool
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | %description
 | 
					
						
							|  |  |  |     CF-SSL is CloudFlare's SSL/TLS/X.509 swiss army knife. It is both a
 | 
					
						
							|  |  |  |     command line tool and an HTTP API server for signing, verifying, and
 | 
					
						
							|  |  |  |     bundling SSL/TLS X.509 certificates.
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | %track
 | 
					
						
							|  |  |  |     prog cfssl = {
 | 
					
						
							|  |  |  |         version   = %{version}
 | 
					
						
							|  |  |  |         url       = http://download.openpkg.org/components/versioned/cfssl/
 | 
					
						
							|  |  |  |         regex     = cfssl-(__VER__)\.tar\.xz
 | 
					
						
							|  |  |  |     }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | %prep
 | 
					
						
							|  |  |  |     %setup -q -n cfssl
 | 
					
						
							|  |  |  |     %patch -p0
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | %build
 | 
					
						
							|  |  |  |     #   patch paths
 | 
					
						
							|  |  |  |     %{l_shtool} subst \
 | 
					
						
							|  |  |  |         -e 's;/etc/cfssl/ca-bundle\.crt;%{l_prefix}/var/cfssl/dat/ca-bundle.crt;g' \
 | 
					
						
							|  |  |  |         -e 's;/etc/cfssl/ca-bundle.crt.metadata;%{l_prefix}/var/cfssl/dat/ca-bundle.crt.metadata;g' \
 | 
					
						
							|  |  |  |         -e 's;/etc/cfssl/int-bundle\.crt;%{l_prefix}/var/cfssl/dat/int-bundle.crt;g' \
 | 
					
						
							|  |  |  |         -e 's;/etc/cfssl/intermediates;%{l_prefix}/var/cfssl/dat/int.d;g' \
 | 
					
						
							|  |  |  |         src/github.com/cloudflare/cfssl/scan/broad.go \
 | 
					
						
							|  |  |  |         src/github.com/cloudflare/cfssl/cli/config.go
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     #   patch prefix
 | 
					
						
							|  |  |  |     %{l_shtool} subst %{l_value -s -a} \
 | 
					
						
							|  |  |  |         src/github.com/miekg/pkcs11/pkcs11.go
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     #   prepare Go build environment
 | 
					
						
							|  |  |  |     export GOPATH=`pwd`
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     #   build program
 | 
					
						
							|  |  |  |     go build -x -o cfssl src/github.com/cloudflare/cfssl/cmd/cfssl/cfssl.go
 | 
					
						
							|  |  |  |     go build -x -o cfssl-mkbundle src/github.com/cloudflare/cfssl/cmd/mkbundle/mkbundle.go
 | 
					
						
							|  |  |  |     go build -x -o cfssl-json src/github.com/cloudflare/cfssl/cmd/cfssljson/cfssljson.go
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | %install
 | 
					
						
							|  |  |  |     #   create directory hierarchy
 | 
					
						
							|  |  |  |     %{l_shtool} mkdir -f -p -m 755 \
 | 
					
						
							|  |  |  |         $RPM_BUILD_ROOT%{l_prefix}/bin \
 | 
					
						
							|  |  |  |         $RPM_BUILD_ROOT%{l_prefix}/etc/cfssl \
 | 
					
						
							|  |  |  |         $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d \
 | 
					
						
							|  |  |  |         $RPM_BUILD_ROOT%{l_prefix}/var/cfssl/dat/int.d \
 | 
					
						
							|  |  |  |         $RPM_BUILD_ROOT%{l_prefix}/var/cfssl/run \
 | 
					
						
							|  |  |  |         $RPM_BUILD_ROOT%{l_prefix}/var/cfssl/log
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     #   install program
 | 
					
						
							|  |  |  |     %{l_shtool} install -c -s -m 755 \
 | 
					
						
							|  |  |  |         cfssl cfssl-mkbundle cfssl-json \
 | 
					
						
							|  |  |  |         $RPM_BUILD_ROOT%{l_prefix}/bin/
 | 
					
						
							|  |  |  |     %{l_shtool} install -c -m 755 %{l_value -s -a} \
 | 
					
						
							|  |  |  |         %{SOURCE cfssl-initca.sh} $RPM_BUILD_ROOT%{l_prefix}/bin/cfssl-initca
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     #   install default configuration
 | 
					
						
							|  |  |  |     %{l_shtool} install -c -m 644 %{l_value -s -a} \
 | 
					
						
							|  |  |  |         %{SOURCE ca.json} $RPM_BUILD_ROOT%{l_prefix}/etc/cfssl/
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     #   install run-command script
 | 
					
						
							|  |  |  |     %{l_shtool} install -c -m 755 %{l_value -s -a} \
 | 
					
						
							|  |  |  |         %{SOURCE rc.cfssl} $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     #   determine installation files
 | 
					
						
							|  |  |  |     %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \
 | 
					
						
							|  |  |  |         %{l_files_std} \
 | 
					
						
							|  |  |  |         '%config %{l_prefix}/etc/cfssl/*' \
 | 
					
						
							|  |  |  |         '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/cfssl/*' \
 | 
					
						
							|  |  |  |         '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/cfssl/*/*'
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | %files -f files
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | %clean
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | %post
 | 
					
						
							|  |  |  |     #   on initial installation, generate CA crt/key pair
 | 
					
						
							|  |  |  |     if [ $1 -eq 1 ]; then
 | 
					
						
							|  |  |  |         ( echo "Generating initial CA RSA key and X.509 certificate files."
 | 
					
						
							|  |  |  |           echo "You can change the CA parameters by editing the file..."
 | 
					
						
							|  |  |  |           echo "    $RPM_INSTALL_PREFIX/etc/cfssl/ca.json"
 | 
					
						
							|  |  |  |           echo "...and then re-running the command:"
 | 
					
						
							|  |  |  |           echo "    su - %{l_rusr} -c \"$RPM_INSTALL_PREFIX/bin/cfssl-initca\""
 | 
					
						
							|  |  |  |         ) | %{l_rpmtool} msg -b -t notice
 | 
					
						
							|  |  |  |         su - %{l_rusr} -c "$RPM_INSTALL_PREFIX/bin/cfssl-initca"
 | 
					
						
							|  |  |  |     fi
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     #   after upgrade, restart service
 | 
					
						
							|  |  |  |     [ $1 -eq 2 ] || exit 0
 | 
					
						
							|  |  |  |     eval `%{l_rc} cfssl status 2>/dev/null`
 | 
					
						
							|  |  |  |     [ ".$cfssl_active" = .yes ] && %{l_rc} cfssl restart
 | 
					
						
							|  |  |  |     exit 0
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | %preun
 | 
					
						
							|  |  |  |     #   before erase, stop service and remove log files
 | 
					
						
							|  |  |  |     [ $1 -eq 0 ] || exit 0
 | 
					
						
							|  |  |  |     %{l_rc} cfssl stop 2>/dev/null
 | 
					
						
							|  |  |  |     rm -rf $RPM_INSTALL_PREFIX/var/cfssl/log/* >/dev/null 2>&1 || true
 | 
					
						
							|  |  |  |     rm -rf $RPM_INSTALL_PREFIX/var/cfssl/run/* >/dev/null 2>&1 || true
 | 
					
						
							|  |  |  |     exit 0
 | 
					
						
							|  |  |  | 
 |