From 7ca587c04a9d012a67b9466e3667cad89b2a3de8 Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Tue, 26 Nov 2024 19:21:50 +0300 Subject: [PATCH] import sscg-3.0.5-8.el10 --- .gitignore | 1 + .sscg.metadata | 1 + .../0001-Extend-maximum-DNS-name-to-255.patch | 205 ++++++++++ SPECS/sscg.spec | 361 ++++++++++++++++++ 4 files changed, 568 insertions(+) create mode 100644 .gitignore create mode 100644 .sscg.metadata create mode 100644 SOURCES/0001-Extend-maximum-DNS-name-to-255.patch create mode 100644 SPECS/sscg.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d66c2e2 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/sscg-3.0.5.tar.gz diff --git a/.sscg.metadata b/.sscg.metadata new file mode 100644 index 0000000..faaab08 --- /dev/null +++ b/.sscg.metadata @@ -0,0 +1 @@ +5e6bf0b81e1a607d5c72c4edec33584fa924ecfa SOURCES/sscg-3.0.5.tar.gz diff --git a/SOURCES/0001-Extend-maximum-DNS-name-to-255.patch b/SOURCES/0001-Extend-maximum-DNS-name-to-255.patch new file mode 100644 index 0000000..7ce5725 --- /dev/null +++ b/SOURCES/0001-Extend-maximum-DNS-name-to-255.patch @@ -0,0 +1,205 @@ +From 750dee2eded3b1c16e0434fa387d35a869545d9e Mon Sep 17 00:00:00 2001 +From: Stephen Gallagher +Date: Wed, 15 Feb 2023 15:49:38 -0500 +Subject: [PATCH 1/2] Extend maximum DNS name to 255 + +The hostname part is still restricted to 63 characters + +See RFC 1035, section 2.3.4 + +Signed-off-by: Stephen Gallagher +--- + include/sscg.h | 3 +++ + src/arguments.c | 35 +++++++++++++++++++++++++++-------- + src/authority.c | 26 +++++++++++++++++++++++--- + src/cert.c | 5 +++++ + src/x509.c | 6 +++--- + 5 files changed, 61 insertions(+), 14 deletions(-) + +diff --git a/include/sscg.h b/include/sscg.h +index 0f35631018dc2745e986cd1e7e094e3e37be8e54..f0c6d93b871e4bd3f2c805be8dfa7485ec34746a 100644 +--- a/include/sscg.h ++++ b/include/sscg.h +@@ -313,6 +313,9 @@ enum sscg_cert_type + #define SSCG_MIN_KEY_PASS_LEN 4 + #define SSCG_MAX_KEY_PASS_LEN 1023 + ++/* RFC 1035, section 2.3.4 (Size Limits) */ ++#define MAX_HOST_LEN 63 ++#define MAX_FQDN_LEN 255 + + int + sscg_handle_arguments (TALLOC_CTX *mem_ctx, +diff --git a/src/arguments.c b/src/arguments.c +index 0b7a060d31bed97130c7cb9b7feacf0876e25c0d..2f412bee1bee9620f28b6e84aed4aef17aee3a6a 100644 +--- a/src/arguments.c ++++ b/src/arguments.c +@@ -786,10 +786,19 @@ sscg_handle_arguments (TALLOC_CTX *mem_ctx, + } + CHECK_MEM (options->hostname); + +- if (strnlen (options->hostname, MAXHOSTNAMELEN + 1) > MAXHOSTNAMELEN) ++ if (strnlen (options->hostname, MAX_FQDN_LEN + 1) > MAX_FQDN_LEN) + { +- fprintf ( +- stderr, "Hostnames may not exceed %d characters\n", MAXHOSTNAMELEN); ++ fprintf (stderr, "FQDNs may not exceed %d characters\n", MAX_FQDN_LEN); ++ ret = EINVAL; ++ goto done; ++ } ++ ++ if ((strchr (options->hostname, '.') - options->hostname) > MAX_HOST_LEN + 4) ++ { ++ fprintf (stderr, ++ "Hostnames may not exceed %d characters in Subject " ++ "Alternative Names\n", ++ MAX_HOST_LEN); + ret = EINVAL; + goto done; + } +@@ -798,25 +807,35 @@ sscg_handle_arguments (TALLOC_CTX *mem_ctx, + options struct. It's not the most efficient approach, but + it's only done one time, so there is no sense in optimizing + it. */ ++ size_t i = 0; + if (alternative_names) + { +- size_t i = 0; + while (alternative_names[i] != NULL) + { + options->subject_alt_names = talloc_realloc ( +- options, options->subject_alt_names, char *, i + 2); ++ options, options->subject_alt_names, char *, i + 1); + CHECK_MEM (options->subject_alt_names); + + options->subject_alt_names[i] = + talloc_strdup (options->subject_alt_names, alternative_names[i]); + CHECK_MEM (options->subject_alt_names[i]); +- +- /* Add a NULL terminator to the end */ +- options->subject_alt_names[i + 1] = NULL; + i++; + } + } + ++ /* ++ The hostname must always be listed in SubjectAlternativeNames as well. ++ Note that the realloc also adds an extra entry for the NULL terminator ++ */ ++ options->subject_alt_names = ++ talloc_realloc (options, options->subject_alt_names, char *, i + 2); ++ CHECK_MEM (options->subject_alt_names); ++ options->subject_alt_names[i] = ++ talloc_strdup (options->subject_alt_names, options->hostname); ++ CHECK_MEM (options->subject_alt_names[i]); ++ /* Add a NULL terminator to the end */ ++ options->subject_alt_names[i + 1] = NULL; ++ + if (options->key_strength < options->minimum_key_strength) + { + fprintf (stderr, +diff --git a/src/authority.c b/src/authority.c +index 4efaa9e730964b9762b59d0e6698c1623901ccfe..f509fd4316c3b7b230f99de6464491c319fc5d45 100644 +--- a/src/authority.c ++++ b/src/authority.c +@@ -56,6 +56,7 @@ create_private_CA (TALLOC_CTX *mem_ctx, + char *name_constraint; + char *san; + char *tmp; ++ char *dot; + + tmp_ctx = talloc_new (NULL); + CHECK_MEM (tmp_ctx); +@@ -89,6 +90,26 @@ create_private_CA (TALLOC_CTX *mem_ctx, + + ca_certinfo->cn = talloc_strdup (ca_certinfo, options->hostname); + CHECK_MEM (ca_certinfo->cn); ++ /* Truncate the CN at the first dot */ ++ if ((dot = strchr (ca_certinfo->cn, '.'))) ++ *dot = '\0'; ++ ++ if (options->subject_alt_names) ++ { ++ for (i = 0; options->subject_alt_names[i]; i++) ++ { ++ ca_certinfo->subject_alt_names = talloc_realloc ( ++ ca_certinfo, ca_certinfo->subject_alt_names, char *, i + 2); ++ CHECK_MEM (ca_certinfo->subject_alt_names); ++ ++ ca_certinfo->subject_alt_names[i] = talloc_strdup ( ++ ca_certinfo->subject_alt_names, options->subject_alt_names[i]); ++ CHECK_MEM (ca_certinfo->subject_alt_names[i]); ++ ++ /* Add a NULL terminator to the end */ ++ ca_certinfo->subject_alt_names[i + 1] = NULL; ++ } ++ } + + /* Make this a CA certificate */ + +@@ -106,10 +127,9 @@ create_private_CA (TALLOC_CTX *mem_ctx, + CHECK_MEM (ex); + sk_X509_EXTENSION_push (ca_certinfo->extensions, ex); + +- /* Restrict signing to the hostname and subjectAltNames of the +- service certificate */ ++ /* Restrict signing to the CN and subjectAltNames of the service certificate */ + name_constraint = +- talloc_asprintf (tmp_ctx, "permitted;DNS:%s", options->hostname); ++ talloc_asprintf (tmp_ctx, "permitted;DNS:%s", ca_certinfo->cn); + CHECK_MEM (name_constraint); + + if (options->subject_alt_names) +diff --git a/src/cert.c b/src/cert.c +index 99d9109f5981ef408aeb7d05a8327e1a38d5700a..e36de71e7ca9b34f87734542d5646b466cd61d4c 100644 +--- a/src/cert.c ++++ b/src/cert.c +@@ -31,6 +31,7 @@ + */ + + ++#include + #include "include/sscg.h" + #include "include/cert.h" + #include "include/x509.h" +@@ -52,6 +53,7 @@ create_cert (TALLOC_CTX *mem_ctx, + struct sscg_x509_req *csr; + struct sscg_evp_pkey *pkey; + struct sscg_x509_cert *cert; ++ char *dot; + X509_EXTENSION *ex = NULL; + EXTENDED_KEY_USAGE *extended; + TALLOC_CTX *tmp_ctx = NULL; +@@ -87,6 +89,9 @@ create_cert (TALLOC_CTX *mem_ctx, + + certinfo->cn = talloc_strdup (certinfo, options->hostname); + CHECK_MEM (certinfo->cn); ++ /* Truncate the CN at the first dot */ ++ if ((dot = strchr (certinfo->cn, '.'))) ++ *dot = '\0'; + + if (options->subject_alt_names) + { +diff --git a/src/x509.c b/src/x509.c +index 4f3f11cd3411f00cf6de3a72ba897adc97944e35..9f6f21b49c2dd70629fed67d327027374eb21b15 100644 +--- a/src/x509.c ++++ b/src/x509.c +@@ -290,12 +290,12 @@ sscg_x509v3_csr_new (TALLOC_CTX *mem_ctx, + } + CHECK_MEM (san); + +- if (strnlen (san, MAXHOSTNAMELEN + 5) > MAXHOSTNAMELEN + 4) ++ if (strnlen (san, MAX_FQDN_LEN + 5) > MAX_FQDN_LEN + 4) + { + fprintf (stderr, +- "Hostnames may not exceed %d characters in Subject " ++ "FQDNs may not exceed %d characters in Subject " + "Alternative Names\n", +- MAXHOSTNAMELEN); ++ MAX_FQDN_LEN); + ret = EINVAL; + goto done; + } +-- +2.41.0 + diff --git a/SPECS/sscg.spec b/SPECS/sscg.spec new file mode 100644 index 0000000..50b05d6 --- /dev/null +++ b/SPECS/sscg.spec @@ -0,0 +1,361 @@ +## START: Set by rpmautospec +## (rpmautospec version 0.6.1) +## RPMAUTOSPEC: autorelease, autochangelog +%define autorelease(e:s:pb:n) %{?-p:0.}%{lua: + release_number = 8; + base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}")); + print(release_number + base_release_number - 1); +}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}} +## END: Set by rpmautospec + +%global provider github +%global provider_tld com +%global project sgallagher +%global repo sscg +# https://github.com/sgallagher/sscg +%global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo} +%global import_path %{provider_prefix} + +%{!?meson_test: %global meson_test %{__meson} test -C %{_vpath_builddir} --num-processes %{_smp_build_ncpus} --print-errorlogs} + +Name: sscg +Version: 3.0.5 +Release: %autorelease +Summary: Simple SSL certificate generator + +License: GPL-3.0-or-later WITH cryptsetup-OpenSSL-exception +URL: https://%{provider_prefix} +Source0: sscg-3.0.5.tar.gz +# Extend maximum DNS name to 255 +# Author: Stephen Gallagher +Patch1: 0001-Extend-maximum-DNS-name-to-255.patch +BuildRequires: gcc +BuildRequires: libtalloc-devel +BuildRequires: openssl +BuildRequires: openssl-devel +BuildRequires: popt-devel +BuildRequires: libpath_utils-devel +BuildRequires: meson +BuildRequires: ninja-build +BuildRequires: help2man + + +%description +A utility to aid in the creation of more secure "self-signed" +certificates. The certificates created by this tool are generated in a +way so as to create a CA certificate that can be safely imported into a +client machine to trust the service certificate without needing to set +up a full PKI environment and without exposing the machine to a risk of +false signatures from the service certificate. + +%prep +%autosetup -p1 -n sscg-3.0.5 + + +%build +%meson +%meson_build + +%install +%meson_install + +%check +%meson_test -t 10 + +%files +%license COPYING +%doc README.md +%{_bindir}/%{name} +%{_mandir}/man8/%{name}.8* + +%changelog +* Tue Nov 26 2024 MSVSphere Packaging Team - 3.0.5-8 +- Rebuilt for MSVSphere 10 + +## START: Generated by rpmautospec +* Mon Jun 24 2024 Troy Dawson - 3.0.5-8 +- Bump release for June 2024 mass rebuild + +* Fri Jun 21 2024 Branislav Náter - 3.0.5-7 +- Adding gating rules for RHEL + +* Sat Jan 27 2024 Fedora Release Engineering - 3.0.5-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Thu Nov 16 2023 Joe Orton - 3.0.5-5 +- SPDX migration + +* Fri Sep 01 2023 Stephen Gallagher - 3.0.5-4 +- Update README.md with latest usage + +* Sat Jul 22 2023 Fedora Release Engineering - 3.0.5-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Wed Jul 19 2023 Stephen Gallagher - 3.0.5-2 +- Extend maximum DNS name to 256 + +* Tue Jun 20 2023 Stephen Gallagher - 3.0.5-1 +- Release 3.0.5 + +* Thu Jun 08 2023 Stephen Gallagher - 3.0.3-4 +- [packit] 3.0.4 upstream release + +* Sat Jan 21 2023 Fedora Release Engineering - 3.0.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Mon Jan 16 2023 Stephen Gallagher - 3.0.3-2 +- Add missing BR: openssl + +* Mon Jan 16 2023 Stephen Gallagher - 3.0.3-1 +- Release 3.0.3 + +* Sat Jul 23 2022 Fedora Release Engineering - 3.0.2-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Wed Apr 20 2022 Branislav Náter - 3.0.2-8 +- Adding fmf metadata + +* Wed Apr 20 2022 Branislav Náter - 3.0.2-7 +- Adding tmt test plans and gating configuration + +* Wed Mar 09 2022 Stephen Gallagher - 3.0.2-3 +- Truncate IP address in SAN + +* Wed Mar 09 2022 Stephen Gallagher - 3.0.2-2 +- Remove old packit data + +* Mon Feb 28 2022 Stephen Gallagher - 3.0.2-1 +- [packit] 3.0.2 upstream release + +* Sat Jan 22 2022 Fedora Release Engineering - 3.0.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Fri Oct 29 2021 Packit Service - 3.0.1-1 +- [packit] 3.0.1 upstream release + +* Tue Sep 14 2021 Sahana Prasad - 3.0.0-5 +- Rebuilt with OpenSSL 3.0.0 + +* Sat Aug 07 2021 Stephen Gallagher - 3.0.0-4 +- Drop usage of ERR_GET_FUNC() + +* Sat Aug 07 2021 Stephen Gallagher - 3.0.0-3 +- Enable autorelease and autochangelog + +* Wed Jul 21 2021 Stephen Gallagher - 3.0.0-1 +- Release 3.0.0 +- Support for OpenSSL 3.0 +- Support for outputting named Diffie-Hellman parameter groups +- Support for CentOS Stream 9 + +* Wed Mar 17 2021 Stephen Gallagher - 2.6.2-5 +- Fixing incorrect license declaration + +* Wed Mar 17 2021 Stephen Gallagher - 2.6.2-4 +- Updating to rebuild against the latest glibc + +* Wed Jan 27 2021 Fedora Release Engineering - 2.6.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Wed Jul 29 2020 Fedora Release Engineering - 2.6.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jun 23 2020 Stephen Gallagher - 2.6.2-1 +- Update to 2.6.2 +- Handle very short and very long passphrases properly (fixes rhbz#1850183) +- Drop upstreamed patch + +* Thu Apr 30 2020 Stephen Gallagher - 2.6.1-4 +- Rebuild with corrected ELN macro definitions + +* Thu Apr 30 2020 Stephen Gallagher - 2.6.1-3 +- Don't bother running clang-format in the RPM build +- Lengthen the test timeout so ARM tests pass + +* Fri Jan 31 2020 Fedora Release Engineering - 2.6.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Thu Jan 09 2020 Stephen Gallagher - 2.6.1-1 +- Bugfixes from upstream + +* Fri Dec 13 2019 Stephen Gallagher - 2.6.0-2 +- Fix incorrect help description for --client-key-file + +* Fri Dec 13 2019 Stephen Gallagher - 2.6.0-1 +- Update to 2.6.0 +- Can now generate an empty CRL file. +- Can now create and store a Diffie-Hellman parameters (dhparams) file. +- Support for setting a password on private keys. +- Support for generating a client authentication certificate and key. +- Better support for OpenSSL 1.0 + +* Sat Jul 27 2019 Fedora Release Engineering - 2.5.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Sun Feb 03 2019 Fedora Release Engineering - 2.5.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Wed Nov 28 2018 Stephen Gallagher - 2.5.1-1 +- Update to 2.5.1 +- Fixes discovered by automated testing. + +* Wed Nov 28 2018 Stephen Gallagher - 2.5.0-1 +- Update to 2.5.0 +- Auto-detect the hash algorithm to use by default. + +* Tue Nov 27 2018 Stephen Gallagher - 2.4.0-1 +- Update to 2.4.0 +- Autodetect the minimum key strength from the system security level. +- Disallow setting a key strength below the system minimum. + +- Drop upstreamed patches + +* Mon Sep 17 2018 Stephen Gallagher - 2.3.3-4 +- Add a manpage. + +* Sat Jul 14 2018 Fedora Release Engineering - 2.3.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Fri Feb 09 2018 Fedora Release Engineering - 2.3.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Fri Feb 02 2018 Stephen Gallagher - 2.3.3-1 +- Update to 2.3.3 +- Do not overwrite destination files without --force + +* Thu Jan 25 2018 Stephen Gallagher - 2.3.2-1 +- Update to 2.3.2 +- Properly support hostnames up to 64 characters +- Resolves: rhbz#1535537 + +* Tue Jan 02 2018 Stephen Gallagher - 2.3.1-2 +- Skip tests on 32-bit ARM for now + +* Tue Jan 02 2018 Stephen Gallagher - 2.3.1-1 +- Update to 2.3.1 +- Bundle popt 1.16 on older releases like EPEL. + +* Mon Dec 18 2017 Stephen Gallagher - 2.3.0-1 +- Update to 2.3.0 +- Switch to meson build system +- Add support for non-DNS subjectAlternativeName values (issue #4) + +* Thu Sep 21 2017 Stephen Gallagher - 2.2.0-1 +- Reorder combined PEM file +- Resolves: RHBZ#1494208 + +* Wed Sep 20 2017 Stephen Gallagher - 2.1.0-1 +- Add --email argument for setting emailAddress in the issuer + +* Thu Aug 03 2017 Fedora Release Engineering - 2.0.4-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 2.0.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Mon Apr 03 2017 Stephen Gallagher - 2.0.4-2 +- Bump release to perform taskotron tests + +* Tue Mar 21 2017 Stephen Gallagher - 2.0.4-1 +- Update to 2.0.4 +- Addresses a potential race-condition when the key and certificate share the + same file. + +* Wed Mar 08 2017 Stephen Gallagher - 2.0.3-1 +- Update to 2.0.3 +- Adds support for setting the file mode on the output certificates + and keys. + +* Fri Mar 03 2017 Stephen Gallagher - 2.0.2-1 +- Update to 2.0.2 +- Always run with umask(077) + +* Fri Mar 03 2017 Stephen Gallagher - 2.0.1-1 +- Update to 2.0.1 +- Fix an issue with passing certificate lifetime explicitly + +* Thu Feb 16 2017 Stephen Gallagher - 2.0.0-1 +- Update to 2.0.0 + +* Thu Feb 16 2017 Stephen Gallagher - 1.1.0-6 +- Exclude PPC64 from the build since it doesn't support linking to OpenSSL + +* Sat Feb 11 2017 Fedora Release Engineering - 1.1.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Wed Nov 23 2016 Stephen Gallagher - 1.1.0-4 +- Use compat-openssl10-devel on F26+ + +* Thu Jul 21 2016 Fedora Release Engineering - 1.1.0-3 +- https://fedoraproject.org/wiki/Changes/golang1.7 + +* Tue May 31 2016 Stephen Gallagher - 1.1.0-2 +- Debundle spacelog + +* Wed May 25 2016 Stephen Gallagher - 1.1.0-1 +- Update to 1.1.0 +- Add support for signing service keys with an existing CA + +* Wed May 25 2016 Stephen Gallagher - 1.0.4-1 +- Add support for exporting the CA private key +- Fix incorrect output from -version +- Add README.md + +* Tue May 24 2016 Stephen Gallagher - 1.0.3-1 +- Only sign certificates after all extensions have been added + +* Mon May 23 2016 Stephen Gallagher - 1.0.2-1 +- Generate x509v3 certificates + +* Mon May 23 2016 Stephen Gallagher - 1.0.1-1 +- Fix issue with temporary file creation + +* Mon May 23 2016 Stephen Gallagher - 1.0.0-1 +- New upstream release 1.0.0 +- Rewritten in Go +- Runtime depends only on OpenSSL, no more Python +- Support for writing certificate and key in a single file + +* Wed May 18 2016 Stephen Gallagher - 0.4.1-4 +- Add requirement on python-setuptools + +* Fri Feb 05 2016 Fedora Release Engineering - 0.4.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Tue Nov 10 2015 Fedora Release Engineering - 0.4.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5 + +* Fri Jun 19 2015 Fedora Release Engineering - 0.4.1-1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Mon Mar 30 2015 Stephen Gallagher 0.4.1-1 +- Change default CA location to match service certificate +- Improve error handling + +* Tue Mar 24 2015 Stephen Gallagher 0.4.0-1 +- Spec file cleanups +- PEP8 Cleanups +- Make location arguments optional + +* Mon Mar 23 2015 Stephen Gallagher 0.3.0-1 +- Rename to sscg +- Only build with default python interpreter + +* Tue Mar 17 2015 Stephen Gallagher 0.2.1-1 +- Include the LICENSE file in the tarball + +* Tue Mar 17 2015 Stephen Gallagher 0.2-2 +- Include the license in the build RPMs + +* Tue Mar 17 2015 Stephen Gallagher 0.2-1 +- Add support for namedConstraints +- Add support for subjectAltNames +- Fix packaging issues from Fedora package review + +* Mon Mar 16 2015 Stephen Gallagher 0.1-2 +- Update BuildRequires + +* Mon Mar 16 2015 Stephen Gallagher 0.1-1 +- First packaging + +## END: Generated by rpmautospec