Fix security/easy-rsa regression that broke bootstrapping.
v3.0.5 added code that expanded variables, for compatibility with LibreSSL.
This code assumed that the source configuration file could be variable-
expanded and the result could be saved next to the source - which it
cannot, since the latter is under ${PREFIX} where the unprivileged users
should not be able to write.
Add a patch provided by Eric Crist, and rename another file to keep
a sane patch order.
This commit is contained in:
Matthias Andree
parent
16601cd5db
commit
837c8d04db
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=479838
@ -2,6 +2,7 @@
|
||||
|
||||
PORTNAME= easy-rsa
|
||||
DISTVERSION= 3.0.5
|
||||
PORTREVISION= 1
|
||||
CATEGORIES= security net-mgmt
|
||||
MASTER_SITES= https://github.com/OpenVPN/easy-rsa/releases/download/v${DISTVERSION}/
|
||||
DISTNAME= EasyRSA-nix-${DISTVERSION}
|
||||
@ -15,8 +16,6 @@ LICENSE= GPLv2
|
||||
|
||||
CONFLICTS_INSTALL=easy-rsa2-*
|
||||
|
||||
BROKEN= regression for common configurations, patch in a few hours
|
||||
|
||||
USES= tar:tgz
|
||||
NO_BUILD= yes
|
||||
|
||||
|
||||
46
security/easy-rsa/files/patch-easyrsa
Normal file
46
security/easy-rsa/files/patch-easyrsa
Normal file
@ -0,0 +1,46 @@
|
||||
--- easyrsa~ 2018-09-14 23:21:19.000000000 -0500
|
||||
+++ easyrsa 2018-09-15 10:21:49.241886000 -0500
|
||||
@@ -415,7 +415,6 @@
|
||||
|
||||
# init-pki backend:
|
||||
init_pki() {
|
||||
- vars_source_check
|
||||
|
||||
# If EASYRSA_PKI exists, confirm before we rm -rf (skiped with EASYRSA_BATCH)
|
||||
if [ -e "$EASYRSA_PKI" ]; then
|
||||
@@ -432,6 +431,11 @@
|
||||
for i in private reqs; do
|
||||
mkdir -p "$EASYRSA_PKI/$i" || die "Failed to create PKI file structure (permissions?)"
|
||||
done
|
||||
+
|
||||
+ if [ ! -f "$EASYRSA_PKI/openssl-easyrsa.cnf" -a -f "$EASYRSA/openssl-easyrsa.cnf" ];
|
||||
+ then
|
||||
+ cp "$EASYRSA/openssl-easyrsa.cnf" "$EASYRSA_PKI/openssl-easyrsa.cnf"
|
||||
+ fi
|
||||
|
||||
notice "\
|
||||
init-pki complete; you may now create a CA or requests.
|
||||
@@ -1180,18 +1184,15 @@
|
||||
set_var EASYRSA_REQ_CN ChangeMe
|
||||
set_var EASYRSA_DIGEST sha256
|
||||
|
||||
- # Detect openssl config, preferring EASYRSA_PKI over EASYRSA
|
||||
- if [ -f "$EASYRSA_PKI/openssl-easyrsa.cnf" ]; then
|
||||
- set_var EASYRSA_SSL_CONF "$EASYRSA_PKI/openssl-easyrsa.cnf"
|
||||
- set_var EASYRSA_SAFE_CONF "$EASYRSA_PKI/safessl-easyrsa.cnf"
|
||||
- else set_var EASYRSA_SSL_CONF "$EASYRSA/openssl-easyrsa.cnf"
|
||||
- set_var EASYRSA_SAFE_CONF "$EASYRSA/safessl-easyrsa.cnf"
|
||||
- fi
|
||||
+ set_var EASYRSA_SSL_CONF "$EASYRSA_PKI/openssl-easyrsa.cnf"
|
||||
+ set_var EASYRSA_SAFE_CONF "$EASYRSA_PKI/safessl-easyrsa.cnf"
|
||||
|
||||
# Same as above for the x509-types extensions dir
|
||||
if [ -d "$EASYRSA_PKI/x509-types" ]; then
|
||||
set_var EASYRSA_EXT_DIR "$EASYRSA_PKI/x509-types"
|
||||
- else set_var EASYRSA_EXT_DIR "$EASYRSA/x509-types"
|
||||
+ else
|
||||
+ #TODO: This should be removed. Not really suitable for packaging.
|
||||
+ set_var EASYRSA_EXT_DIR "$EASYRSA/x509-types"
|
||||
fi
|
||||
|
||||
# EASYRSA_ALGO_PARAMS must be set depending on selected algo
|
||||
Loading…
Reference in New Issue
Block a user