%define newpkihome /etc/newpki
%define version 2.0.0 
%define subversion	beta3 
%define release %mkrel 1.beta3.5

Summary:	The NewPKI server
Name:		newpki-server
Version:	%{version}
Release:	%{release}
License:	GPL
Group:		System/Servers
Source0:	http://www.newpki.org/newpki-server-%{version}-%{subversion}.tar.bz2
Patch0:		newpki-server-2.0.0-beta3-initscript.patch.bz2
Patch1:		newpki-server-2.0.0-fpic.patch.bz2
URL:		http://www.newpki.org
Requires:	mysql >= 3.23.36
Requires:	openssl >= 0.9.7a
BuildRequires:	automake1.7
BuildRequires:	MySQL-devel
BuildRequires:	openldap-devel
BuildRoot:	%{_tmppath}/%{name}-%{version}-root
%define		lib_major 2
%define		lib_name %mklibname %{name} %{lib_major}

%description
NewPKI is a PKI based on the OpenSSL low-level API, all the datas are
handled through a database, which provides a much more flexible PKI than
with OpenSSL, such as seeking a certificate with a search engine.

%prep
%setup -q
%patch0 -p1 -b .initscript
%patch1 -p1 -b .fpic

%build
export CFLAGS="%{optflags} -fPIC -DLDAP_DEPRECATED"
export CXXFLAGS="%{optflags} -fPIC -DLDAP_DEPRECATED"

cd Server/Linux
rm -f configure
libtoolize --copy --force; aclocal-1.7; autoconf; automake-1.7 --copy --add-missing
%configure2_5x
%make
cd ../../publication_ldap/Linux
rm -f configure
libtoolize --copy --force; aclocal-1.7; autoconf; automake-1.7 --copy --add-missing
%configure2_5x
%make

%install
install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/newpki
install -m 600 config.conf $RPM_BUILD_ROOT%{_sysconfdir}/newpki/
install -m 755 -d $RPM_BUILD_ROOT%{_initrddir}
install -m 755 newpki $RPM_BUILD_ROOT%{_initrddir}/newpki

cd Server/Linux
%makeinstall
cd ../../publication_ldap/Linux
%makeinstall

%preun
/etc/init.d/newpki stop >/dev/null 2>/dev/null
chkconfig --del newpki >/dev/null 2>/dev/null

%post
chkconfig --add newpki

%clean
rm -rf $RPM_BUILD_ROOT

%files
%defattr(-,root,root)
%config(noreplace) %{_sysconfdir}/newpki/config.conf
%{_bindir}/newpki_server
%config(noreplace) %{_initrddir}/newpki
%{_libdir}/*.la
%{_libdir}/*.so
%{_libdir}/*.so.*

%changelog
* Tue Aug 30 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.0-0.beta3.6mdk
- rebuilt against openldap-2.3.6 libs
- pass "-DLDAP_DEPRECATED" to the CFLAGS
- reconstruct the autotools

* Fri Jun 10 2005 Buchan Milne <bgmilne@linux-mandrake.com> 2.0.0-0.beta3.5mdk
- fix build on amd64
- %%mkrel

* Tue Feb 08 2005 Buchan Milne <bgmilne@linux-mandrake.com> 2.0.0-0.beta3.4mdk
- rebuild for ldap2.2_7

* Fri Feb  4 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.0-0.beta3.3mdk
- rebuilt against new openldap libs

* Tue Jan 25 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.0-0.beta3.2mdk
- rebuilt against MySQL-4.1.x system libs

* Thu Apr 15 2004 Stefan van der Eijk <stefan@eijk.nu> 2.0.0-0.beta3.1mdk
- initial mdk package

* Tue Nov 11 2003 Frédéric Giudicelli <frederic.giudicelli@newpki.org>
Version 2.0.0-beta3
	- Rewrote the extension syntax parser to allow the use of commas (",") inside it, to have a 
	comma (",") inside an extension value, you nee to double it (",,").
	- Added a log entry for certification on CA side.
	- Added a log entry when receiving a request on CA side.
	- Fixed a minor bug a links synchronization.
	- Added the Publication Entity.
	- Created a LDAP publication module.
	- Added multilanguage support in GUIs.
	- Removed old and unused error messages.
	- Added a real error message when trying to use a CA that hasn't been intialized yet.
	- Minor improvements of code structure.
	- Updated to wxWindows 2.4.2.
	- Certificates that have been revoked from the CA GUI, are now displayed, 
	back in the RA, as revoked.
	- LDAP connection is made by the server, the LDAP search in RA is processed by the server,
	not the client. The LDAP info are blanked when the RA conf is sent to the RA GUI.
	- Improved memory usage.
	- Added auto synchronization between LDAP entries and RA profiles.
	- Added the possibility to send the PKCS#12 password to the end user.
	- Added the possibility to make the RA randomly generate the PKCS#12 password.
	- The mails are temporally saved in DB, to make sure they don't get lost if the 
	server shuts down unexpectedly.
	- Generally improved the mails handling.
	- Improved the statistics display.
	- Added logs export in XML format.
	- Added the possibility to check logs global integrity.
	- Added the "Change Password" functionality in the Server GUI.
	- Compiled against openssl 0.9.7c.
	- Added some logs, when the responses comes back to the RA.
	- Fixed a bug when setting filters for the visualization of the logs.
	- Added a "debug" level for logging.
	- The PKI Admins can now access all the profiles and their certificates, in the RA.
	- Fixed the bug where the log entry for a user notification email showed up as an
	administrative email.
	- Added the possibility to save the entities links picture to a file.
	- The entities links window can now be as big as desired, the scroll bars expand
	according to the objects position.
	- It's now impossible to revoke the last PKI Admin certificate.
	- Fixed a memory link in the Server Admin GUI when displaying a context menu.
	- Added a test in the linux client's "configure" to check for "wx-config".
	- Added the OCSP responder, inside the publication entity.
	- Replaced the obsolete Configuration structures to classes.
	- Fixed a bug in Configuration parser, where the error message
	wasn't displayed in WIN32.
	- Fixed a bug when stopping 2 times the server (eg. sending 2 SIGTERM in a row).
	- Rewrote the thread codes, and improved thread related code's readability.
	- In the Repository store, the hash for the requests and the responses, get recreated if
	they have been erased.
	- It's now possible to send an attachement along with an administrative mail.
	- Improved the RA Store's code readability.
	- The RA now sends the requests that were not sent before an unexpected event.
	- Initialize the OpenSSL MUTEX context, used by internal functions.
	- Tremendously improved the speed of mString::sprintf.
	- Improved the mail code.
	- Removed all occurences of HashTable_Any.
	- Transformed PkiClient::THREAD_ERROR into a class.
	- Optimized the handling of transaction IDs, by making them a maximum length.
	- The entities are now deleted in another thread.
	- Fixed a problem with MIME format under Linux.
	- Introduced the concept of firewalled Repository, meaning that the normal synchronization
	behavior is modified, normally each repository would connect to each other to send 
	each other the new PKI Conf and the new Objects. eg. We have RepositoryLAN in the LAN and 
	RepositoryDMZ in the DMZ, RepositoryDMZ cannot connect to RepositoryLAN due to the LAN firewall,
	so we declare RepositoryLAN has being firewalled in regard of RepositoryDMZ, which will allow
	RepositoryLAN to gets the new Objects of RepositoryDMZ, exactly as if RepositoryDMZ did the 
	synchronization connection itself.
	- Fixed a few potential MUTEX deadlocks.
	
* Wed Sep 24 2003 Frédéric Giudicelli <frederic.giudicelli@newpki.org>
Version 2.0.0-beta2
	- Corrected the bug in the CA Gui.
	- Corrected a bug in the RA store handler.
	- Added admin mail notification, when a request gets back to the RA.
	- Added the possibility to send the certificate/PKCS#12 directly to the user by mail, 
	  when it gets back to the RA.
	- Added the "Delete PKCS#12" functonnality in the RA GUI.
	- The certificate can now be imported back to a CSP in the RA GUI.
	- Corrected a bug in CA when a certificate's DN had an accentued letter.

* Wed Sep 24 2003 Frédéric Giudicelli <frederic.giudicelli@newpki.org>
Version 2.0.0-beta1
	- Added the RA entity.
	- Corrected some minor bugs.

* Thu Jul 24 2003 Frédéric Giudicelli <frederic.giudicelli@newpki.org>
Version 2.0.0-beta0
	- Well nothing much to say, NewPKI as be redeveloped.