## ## cfssl.spec -- OpenPKG RPM Package Specification ## Copyright (c) 2000-2019 OpenPKG Project ## ## Permission to use, copy, modify, and distribute this software for ## any purpose with or without fee is hereby granted, provided that ## the above copyright notice and this permission notice appear in all ## copies. ## ## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED ## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF ## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR ## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT ## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF ## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, ## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT ## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ## SUCH DAMAGE. ## # package version %define V_opkg 1.4.1 %define V_dist 20191113 # package information Name: cfssl Summary: CloudFlare PKI Toolkit URL: https://cfssl.org/ Vendor: CloudFlare Packager: OpenPKG Project Distribution: OpenPKG Community Class: EVAL Group: Networking License: MIT Version: %{V_opkg}.%{V_dist} Release: 20191113 # list of sources Source0: http://download.openpkg.org/components/versioned/cfssl/cfssl-%{V_dist}.tar.xz Source1: rc.cfssl Source2: ca.json Source3: cfssl-initca.sh Patch0: cfssl.patch # build information BuildPreReq: OpenPKG, openpkg >= 20160101, go PreReq: OpenPKG, openpkg >= 20160101 BuildPreReq: libtool PreReq: libtool %description CF-SSL is CloudFlare's SSL/TLS/X.509 swiss army knife. It is both a command line tool and an HTTP API server for signing, verifying, and bundling SSL/TLS X.509 certificates. %track prog cfssl:release = { version = %{V_opkg} url = https://github.com/cloudflare/cfssl/releases regex = (\d+\.\d+\.\d+)\.tar\.gz } prog cfssl:snapshot = { version = %{V_dist} url = http://download.openpkg.org/components/versioned/cfssl/ regex = cfssl-(__VER__)\.tar\.xz } %prep %setup -q -n cfssl %patch -p0 %build # patch paths %{l_shtool} subst \ -e 's;/etc/cfssl/ca-bundle\.crt;%{l_prefix}/var/cfssl/dat/ca-bundle.crt;g' \ -e 's;/etc/cfssl/ca-bundle.crt.metadata;%{l_prefix}/var/cfssl/dat/ca-bundle.crt.metadata;g' \ -e 's;/etc/cfssl/int-bundle\.crt;%{l_prefix}/var/cfssl/dat/int-bundle.crt;g' \ -e 's;/etc/cfssl/intermediates;%{l_prefix}/var/cfssl/dat/int.d;g' \ src/github.com/cloudflare/cfssl/scan/broad.go \ src/github.com/cloudflare/cfssl/cli/config.go # patch prefix %{l_shtool} subst %{l_value -s -a} \ src/github.com/miekg/pkcs11/pkcs11.go # prepare Go build environment export GOPATH=`pwd` # build program go build -v -o cfssl src/github.com/cloudflare/cfssl/cmd/cfssl/cfssl.go go build -v -o cfssl-mkbundle src/github.com/cloudflare/cfssl/cmd/mkbundle/mkbundle.go go build -v -o cfssl-json src/github.com/cloudflare/cfssl/cmd/cfssljson/cfssljson.go go build -v -o cfssl-newkey src/github.com/cloudflare/cfssl/cmd/cfssl-newkey/cfssl-newkey.go go build -v -o cfssl-certinfo src/github.com/cloudflare/cfssl/cmd/cfssl-certinfo/cfssl-certinfo.go go build -v -o cfssl-scan src/github.com/cloudflare/cfssl/cmd/cfssl-scan/cfssl-scan.go go build -v -o cfssl-bundle src/github.com/cloudflare/cfssl/cmd/cfssl-bundle/cfssl-bundle.go go build -v -o cfssl-multirootca src/github.com/cloudflare/cfssl/cmd/multirootca/*.go %install # create directory hierarchy %{l_shtool} mkdir -f -p -m 755 \ $RPM_BUILD_ROOT%{l_prefix}/bin \ $RPM_BUILD_ROOT%{l_prefix}/etc/cfssl \ $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d \ $RPM_BUILD_ROOT%{l_prefix}/var/cfssl/dat/int.d \ $RPM_BUILD_ROOT%{l_prefix}/var/cfssl/run \ $RPM_BUILD_ROOT%{l_prefix}/var/cfssl/log # install program %{l_shtool} install -c -s -m 755 \ cfssl cfssl-mkbundle cfssl-json cfssl-newkey cfssl-certinfo cfssl-scan cfssl-bundle cfssl-multirootca \ $RPM_BUILD_ROOT%{l_prefix}/bin/ %{l_shtool} install -c -m 755 %{l_value -s -a} \ %{SOURCE cfssl-initca.sh} $RPM_BUILD_ROOT%{l_prefix}/bin/cfssl-initca # install default configuration %{l_shtool} install -c -m 644 %{l_value -s -a} \ %{SOURCE ca.json} $RPM_BUILD_ROOT%{l_prefix}/etc/cfssl/ # install run-command script %{l_shtool} install -c -m 755 %{l_value -s -a} \ %{SOURCE rc.cfssl} $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/ # determine installation files %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \ %{l_files_std} \ '%config %{l_prefix}/etc/cfssl/*' \ '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/cfssl/*' \ '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/cfssl/*/*' %files -f files %clean %post # on initial installation, generate CA crt/key pair if [ $1 -eq 1 ]; then ( echo "Generating initial CA RSA key and X.509 certificate files." echo "You can change the CA parameters by editing the file..." echo " $RPM_INSTALL_PREFIX/etc/cfssl/ca.json" echo "...and then re-running the command:" echo " su - %{l_rusr} -c \"$RPM_INSTALL_PREFIX/bin/cfssl-initca\"" ) | %{l_rpmtool} msg -b -t notice su - %{l_rusr} -c "$RPM_INSTALL_PREFIX/bin/cfssl-initca" fi # after upgrade, restart service [ $1 -eq 2 ] || exit 0 eval `%{l_rc} cfssl status 2>/dev/null` [ ".$cfssl_active" = .yes ] && %{l_rc} cfssl restart exit 0 %preun # before erase, stop service and remove log files [ $1 -eq 0 ] || exit 0 %{l_rc} cfssl stop 2>/dev/null rm -rf $RPM_INSTALL_PREFIX/var/cfssl/log/* >/dev/null 2>&1 || true rm -rf $RPM_INSTALL_PREFIX/var/cfssl/run/* >/dev/null 2>&1 || true exit 0