File openca-ocspd.spec of Package ocspd-3.1.3

Name:           openca-ocspd
Version:        3.1.3
Release:        p1.2.1
%define pkg_name ocspd
#
License:        Apache-2.0
Group:          System/Daemons
#
%if 0%{?suse_version} >= 1210
%bcond_without systemd
%else
%bcond_with systemd
%endif

BuildRoot:      %{_tmppath}/%{name}-%{version}-build
BuildRequires:  libpki-devel = 0.9.2
BuildRequires:  openssl-devel
BuildRequires:  libmemcached-devel
BuildRequires:  pkg-config
%if %{with systemd}
# See also https://en.opensuse.org/openSUSE:Systemd_packaging_guidelines
BuildRequires: systemd-rpm-macros
%endif
#
Url:            http://openca.org/projects/ocspd/
Source:         %{name}-%{version}.tar.bz2
Source1:        %{name}.init
Source2:        %{name}.sysconfig
Source3:        %{pkg_name}.service
Patch0:         %{name}-%{version}.patch
#
Summary:        OCSP daemon
%description
The OpenCA OCSPD project is aimed to develop a robust and easy-to-install OCSP
daemon. The server is developed as a stand-alone application and can be
integrated into many different PKI solutions as it does not depend on specific
database scheme. Furthermore it can be used as a responder for multiple CAs.

The OCSP Responder is an rfc2560 compliant OCSPD responder.

%prep
%setup -q
%patch0 -p1

%build
export CFLAGS="%{optflags} -Wno-unused"
%configure \
  --exec-prefix=/ \
  --prefix= \
  --mandir=/usr/share/man
make %{?_smp_mflags}

%install
%makeinstall
rm %{buildroot}/etc/init.d/ocspd
%if %{with systemd}
install -D -m 644 %{S:3} %{buildroot}%{_unitdir}/%{pkg_name}.service
ln -s service %{buildroot}%{_sbindir}/rcocspd
%else
install -D -m 0755 %{S:1} %{buildroot}/%{_initrddir}/ocspd
[ ! -f %{_sysconfdir}/sysconfig/ocspd ] || install -D -m 0755 %{S:2} %{buildroot}/%{_initrddir}/ocspd
ln -sf %{_initrddir}/ocspd %{buildroot}%{_sbindir}/rcocspd
%endif
strip %{buildroot}/%{_sbindir}/ocspd
echo %{buildroot}%{_sysconfdir}
[ -f %{buildroot}%{_sysconfdir}/ocspd/ca.d/collegeca.xml ] && mv %{buildroot}%{_sysconfdir}/ocspd/ca.d/collegeca.xml %{buildroot}%{_sysconfdir}/ocspd/ca.d/collegeca.xml.exmp
[ -f %{buildroot}%{_sysconfdir}/ocspd/ca.d/self-certs.xml ] && mv %{buildroot}%{_sysconfdir}/ocspd/ca.d/self-certs.xml %{buildroot}%{_sysconfdir}/ocspd/ca.d/self-certs.xml.exmp

%clean
rm -rf %{buildroot}

%pre
%if %{with systemd}
%service_add_pre %{pkg_name}.service
%endif

%post
%if %{with systemd}
%service_add_post %{pkg_name}.service
%else
%fillup_and_insserv -f -y %{pkg_name}
%endif

%preun
%if %{with systemd}
%service_del_preun %{pkg_name}.service
%else
%stop_on_removal %{pkg_name}
%endif

%postun
%if %{with systemd}
%service_del_postun %{pkg_name}.service
%else
%insserv_cleanup
%restart_on_update %{pkg_name}
%endif


%files
%defattr(-,root,root,-)
%doc AUTHORS COPYING ChangeLog NEWS README
%if %{with systemd}
%{_unitdir}/%{pkg_name}.service
%{_sbindir}/rcocspd
%else
/etc/init.d/*
%{_sbindir}/rcocspd
%endif
%config(noreplace) %{_sysconfdir}/ocspd/

%exclude %{_bindir}/ocspd-genreq.sh
%exclude %{_bindir}/test.sh
%exclude %{_libdir}/pkgconfig/openca-ocspd.pc
%{_sbindir}/ocspd
%{_mandir}/man3/*

%changelog
* Thu Jun  2 2022 Massimiliano Pala <madwolf@openca.org> 3.1.3
- Fixed support for LibPKI 0.9.2
- Fixed response generation for revoked certificates
- Fixed compilation on older distributions (RHEL6)

* Sun Jun  3 2018 Massimiliano Pala <madwolf@openca.org>
- Improved handling of non OCSP requests (i.e., HTTP w/out OCSP payload)

* Fri May 25 2018 Massimiliano Pala <madwolf@openca.org>
- Fixed warnings under strict compiling options
- Fixed aclocal, automake, and autoconf warnings
- Removed 'addResponderId' option from the default config file
- Fixed ResponderID generation
- Fixed checking condition for CRL validity. Improved logging for non-verbose case
- Fixed possible memory leaks and overall improved logging for config processing and error handling
- Improved CRL check and reload process and logging
- Fixed processing of CRLs and improved logging for CRL check and reload process

* Tue Nov  7 2017 Massimiliano Pala <madwolf@openca.org>
- Fixed incosistency in OCSP_CACHE_Entry_idx() signature. Fixed call to PKI_RWLOCK_init()
- Added forward declaration for OCSPD_CACHE data structure

* Tue Oct 31 2017 Massimiliano Pala <madwolf@openca.org>
- Added initial skeleton for caching of responses
- Added configuration example for reverse proxy on Apache
- Fix for post-install init.d links generation for RPM
- Fixed RPM generation and post-install options
- Fixed issue with ocspd man page generation
- Removed unused variables in source code to fix strict compile option

* Thu Oct 19 2017 Massimiliano Pala <madwolf@openca.org>
- Added startup option for memory debugging
- Memory leak fix and updated to the last libpki master branch

* Wed Oct 18 2017 Massimiliano Pala <madwolf@openca.org>
- Fixed memory leak in URL entry for OCSPD_build_ca_list()

* Wed Mar 25 2015 Massimiliano Pala <madwolf@openca.org> 3.1.2
- Added the responderIdType option for CA configuration
- Removed not-used addResponderKeyID option for OCSP responder config
- Updated requirement for LibPKI v0.8.9+

* Tue Mar 24 2015 Massimiliano Pala <madwolf@openca.org>
- Modified behavior by providing normal responses if crlValidityCheck is 0

* Sat Aug 09 2014 Massimiliano Pala <madwolf@openca.org>
- Added check for the same pubkey in cert and keypair (debug mode)
- Added better support for CRL status checking when building responses

* Fri Aug 08 2014 Massimiliano Pala <madwolf@openca.org>
- Cleaned up main thread handling code

* Mon Aug 04 2014 Massimiliano Pala <madwolf@openca.org>
- Updated to LibPKI 0.8.7 interface
- Fixed a double-free issue with HTTP GET requests
- Added proper pthread SIGPIPE handling

* Sat May 10 2014 Massimiliano Pala <madwolf@openca.org> 3.0.0
- Fixed issue with generating responses with hardware tokens
- Updated support for LibPKI 0.8.5+

* Mon Oct 07 2013 Massimiliano Pala <madwolf@openca.org>
- Fixed ocsp-genreq.sh script to correctly handle signing algorithm

* Mon Oct 07 2013 Massimiliano Pala <madwolf@openca.org>
- Updated support for libpki 0.8.2
- Added extra checks option for the configure (--enable-extra-checks)
- Fixed all reported warnings

* Tue Sep 24 2013 Massimiliano Pala <madwolf@openca.org>
- Fixed using ca-specific OCSPD server certificate (option was ignored)
- Updated support for libpki 0.8.2 to fix HTTP GET method support
- Updated configure.in to configure.ac script

* Wed Aug 07 2013 Massimiliano Pala <madwolf@openca.org> 2.4.2
- Updated API for using OCSPD with libpki 0.8.0
- Added signatureDigestAlgorithm option in ocspd.xml config file to force signing digest algoritm

* Thu Jun 13 2013 Massimiliano Pala <madwolf@openca.org>
- Updated API for using OCSPD with libpki 0.7.0+
- Improved logging for startup sequence (better report of errors during token loading)

* Tue Mar 15 2011 Massimiliano Pala <madwolf@openca.org> 2.1.1
-Added '-testmode' switch to set the OCSP as a test responder: all signatures are invalidated by flipping the first bit in the signature

* Thu Feb 10 2011 Massimiliano Pala <madwolf@openca.org> 2.1.0
-Updated default configuration files (default passin set to none)
-Enhanced support for ECDSA support