update to easy-rsa 3.0.1.
The previous version was supposed to have been patched to use openssl (instead of libressl) for ENV:: handling but this patch didn't work correctly, and even with that fixed, there was an issue with easy-rsa that caused generation to fail after the first certificate ("TXT_DB error number 2"), which https://community.openvpn.net/openvpn/ticket/229 marks as WONTFIX for easy-rsa 2.x. OK ajacoutot@ jasper@
This commit is contained in:
parent
39e61cecdb
commit
61fcff7f9b
@ -1,10 +1,11 @@
|
||||
# $OpenBSD: Makefile,v 1.4 2015/09/19 12:44:38 sthen Exp $
|
||||
# $OpenBSD: Makefile,v 1.5 2016/02/18 13:50:00 sthen Exp $
|
||||
|
||||
COMMENT = small RSA key management package
|
||||
|
||||
PKGNAME = easy-rsa-2.2.0
|
||||
REVISION = 1
|
||||
DISTNAME = ${PKGNAME}_master
|
||||
V = 3.0.1
|
||||
PKGNAME = easy-rsa-$V
|
||||
DISTNAME = EasyRSA-$V
|
||||
EXTRACT_SUFX = .tgz
|
||||
CATEGORIES = security
|
||||
|
||||
HOMEPAGE = http://openvpn.net/
|
||||
@ -12,18 +13,21 @@ HOMEPAGE = http://openvpn.net/
|
||||
# GPLv2 only
|
||||
PERMIT_PACKAGE_CDROM = Yes
|
||||
|
||||
MASTER_SITES = https://github.com/downloads/OpenVPN/easy-rsa/
|
||||
MASTER_SITES = https://github.com/OpenVPN/easy-rsa/releases/download/$V/
|
||||
|
||||
# relies on passing environment variables to $ENV:: in config files
|
||||
RUN_DEPENDS = security/openssl
|
||||
RUN_DEPENDS = security/openssl
|
||||
|
||||
CONFIGURE_STYLE = gnu
|
||||
NO_BUILD = Yes
|
||||
NO_TEST = Yes
|
||||
|
||||
NO_TEST = Yes
|
||||
I = ${PREFIX}/share/easy-rsa
|
||||
|
||||
post-install:
|
||||
@mv ${PREFIX}/share/easy-rsa/vars{,.dist}
|
||||
perl -pi -e 's,source \./vars,. ./vars,g' \
|
||||
${PREFIX}/share/doc/easy-rsa/* ${PREFIX}/share/easy-rsa/*
|
||||
do-install:
|
||||
sed -i s,/usr/local,${LOCALBASE},g ${WRKSRC}/easyrsa
|
||||
${INSTALL_DATA_DIR} $I
|
||||
cd ${WRKSRC}; pax -rw * $I
|
||||
rm $I/*.orig
|
||||
chown -R ${SHAREOWN}:${SHAREGRP} $I/*
|
||||
|
||||
.include <bsd.port.mk>
|
||||
|
@ -1,2 +1,2 @@
|
||||
SHA256 (easy-rsa-2.2.0_master.tar.gz) = 0j3cOnZLQNA62nbzh8kq5Nz09SZtpUwrrhMDJbBe6+I=
|
||||
SIZE (easy-rsa-2.2.0_master.tar.gz) = 80460
|
||||
SHA256 (EasyRSA-3.0.1.tgz) = 29r1uURLmeDFIh/UvPFThMYjgMG2POoj1CI5QU17LU4=
|
||||
SIZE (EasyRSA-3.0.1.tgz) = 40960
|
||||
|
@ -1,14 +0,0 @@
|
||||
$OpenBSD: patch-Makefile_in,v 1.1.1.1 2013/04/02 11:40:36 sthen Exp $
|
||||
--- Makefile.in.orig Tue Apr 2 07:35:09 2013
|
||||
+++ Makefile.in Tue Apr 2 07:36:41 2013
|
||||
@@ -186,9 +186,7 @@ MAINTAINERCLEANFILES = \
|
||||
|
||||
EXTRA_DIST = easy-rsa
|
||||
SUBDIRS = doc distro
|
||||
-dist_doc_DATA = \
|
||||
- COPYRIGHT.GPL \
|
||||
- COPYING
|
||||
+dist_doc_DATA =
|
||||
|
||||
dist_easyrsa_DATA =
|
||||
all: all-recursive
|
@ -1,12 +0,0 @@
|
||||
$OpenBSD: patch-easy-rsa_1_0_build-ca,v 1.1 2015/09/19 12:44:38 sthen Exp $
|
||||
--- easy-rsa/1.0/build-ca.orig Sat Sep 19 13:40:50 2015
|
||||
+++ easy-rsa/1.0/build-ca Sat Sep 19 13:40:54 2015
|
||||
@@ -6,7 +6,7 @@
|
||||
|
||||
if test $KEY_DIR; then
|
||||
cd $KEY_DIR && \
|
||||
- openssl req -days 3650 -nodes -new -x509 -keyout ca.key -out ca.crt -config $KEY_CONFIG && \
|
||||
+ eopenssl req -days 3650 -nodes -new -x509 -keyout ca.key -out ca.crt -config $KEY_CONFIG && \
|
||||
chmod 0600 ca.key
|
||||
else
|
||||
echo you must define KEY_DIR
|
@ -1,12 +0,0 @@
|
||||
$OpenBSD: patch-easy-rsa_1_0_build-dh,v 1.1 2015/09/19 12:44:38 sthen Exp $
|
||||
--- easy-rsa/1.0/build-dh.orig Sat Sep 19 13:40:50 2015
|
||||
+++ easy-rsa/1.0/build-dh Sat Sep 19 13:40:56 2015
|
||||
@@ -6,7 +6,7 @@
|
||||
#
|
||||
|
||||
if test $KEY_DIR; then
|
||||
- openssl dhparam -out ${KEY_DIR}/dh${KEY_SIZE}.pem ${KEY_SIZE}
|
||||
+ eopenssl dhparam -out ${KEY_DIR}/dh${KEY_SIZE}.pem ${KEY_SIZE}
|
||||
else
|
||||
echo you must define KEY_DIR
|
||||
fi
|
@ -1,14 +0,0 @@
|
||||
$OpenBSD: patch-easy-rsa_1_0_build-inter,v 1.1 2015/09/19 12:44:38 sthen Exp $
|
||||
--- easy-rsa/1.0/build-inter.orig Sat Sep 19 13:40:50 2015
|
||||
+++ easy-rsa/1.0/build-inter Sat Sep 19 13:41:00 2015
|
||||
@@ -12,8 +12,8 @@ fi
|
||||
|
||||
if test $KEY_DIR; then
|
||||
cd $KEY_DIR && \
|
||||
- openssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \
|
||||
- openssl ca -extensions v3_ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG
|
||||
+ eopenssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \
|
||||
+ eopenssl ca -extensions v3_ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG
|
||||
else
|
||||
echo you must define KEY_DIR
|
||||
fi
|
@ -1,14 +0,0 @@
|
||||
$OpenBSD: patch-easy-rsa_1_0_build-key,v 1.1 2015/09/19 12:44:38 sthen Exp $
|
||||
--- easy-rsa/1.0/build-key.orig Sat Sep 19 13:40:50 2015
|
||||
+++ easy-rsa/1.0/build-key Sat Sep 19 13:41:02 2015
|
||||
@@ -12,8 +12,8 @@ fi
|
||||
|
||||
if test $KEY_DIR; then
|
||||
cd $KEY_DIR && \
|
||||
- openssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \
|
||||
- openssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG && \
|
||||
+ eopenssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \
|
||||
+ eopenssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG && \
|
||||
chmod 0600 $1.key
|
||||
else
|
||||
echo you must define KEY_DIR
|
@ -1,14 +0,0 @@
|
||||
$OpenBSD: patch-easy-rsa_1_0_build-key-pass,v 1.1 2015/09/19 12:44:38 sthen Exp $
|
||||
--- easy-rsa/1.0/build-key-pass.orig Sat Sep 19 13:40:50 2015
|
||||
+++ easy-rsa/1.0/build-key-pass Sat Sep 19 13:41:04 2015
|
||||
@@ -12,8 +12,8 @@ fi
|
||||
|
||||
if test $KEY_DIR; then
|
||||
cd $KEY_DIR && \
|
||||
- openssl req -days 3650 -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \
|
||||
- openssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG && \
|
||||
+ eopenssl req -days 3650 -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \
|
||||
+ eopenssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG && \
|
||||
chmod 0600 $1.key
|
||||
else
|
||||
echo you must define KEY_DIR
|
@ -1,16 +0,0 @@
|
||||
$OpenBSD: patch-easy-rsa_1_0_build-key-pkcs12,v 1.1 2015/09/19 12:44:38 sthen Exp $
|
||||
--- easy-rsa/1.0/build-key-pkcs12.orig Sat Sep 19 13:40:50 2015
|
||||
+++ easy-rsa/1.0/build-key-pkcs12 Sat Sep 19 13:41:08 2015
|
||||
@@ -12,9 +12,9 @@ fi
|
||||
|
||||
if test $KEY_DIR; then
|
||||
cd $KEY_DIR && \
|
||||
- openssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \
|
||||
- openssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG && \
|
||||
- openssl pkcs12 -export -inkey $1.key -in $1.crt -certfile ca.crt -out $1.p12 && \
|
||||
+ eopenssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \
|
||||
+ eopenssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG && \
|
||||
+ eopenssl pkcs12 -export -inkey $1.key -in $1.crt -certfile ca.crt -out $1.p12 && \
|
||||
chmod 0600 $1.key $1.p12
|
||||
else
|
||||
echo you must define KEY_DIR
|
@ -1,14 +0,0 @@
|
||||
$OpenBSD: patch-easy-rsa_1_0_build-key-server,v 1.1 2015/09/19 12:44:38 sthen Exp $
|
||||
--- easy-rsa/1.0/build-key-server.orig Sat Sep 19 13:40:50 2015
|
||||
+++ easy-rsa/1.0/build-key-server Sat Sep 19 13:41:13 2015
|
||||
@@ -14,8 +14,8 @@ fi
|
||||
|
||||
if test $KEY_DIR; then
|
||||
cd $KEY_DIR && \
|
||||
- openssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -extensions server -config $KEY_CONFIG && \
|
||||
- openssl ca -days 3650 -out $1.crt -in $1.csr -extensions server -config $KEY_CONFIG && \
|
||||
+ eopenssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -extensions server -config $KEY_CONFIG && \
|
||||
+ eopenssl ca -days 3650 -out $1.crt -in $1.csr -extensions server -config $KEY_CONFIG && \
|
||||
chmod 0600 $1.key
|
||||
else
|
||||
echo you must define KEY_DIR
|
@ -1,12 +0,0 @@
|
||||
$OpenBSD: patch-easy-rsa_1_0_build-req,v 1.1 2015/09/19 12:44:38 sthen Exp $
|
||||
--- easy-rsa/1.0/build-req.orig Sat Sep 19 13:40:50 2015
|
||||
+++ easy-rsa/1.0/build-req Sat Sep 19 13:41:15 2015
|
||||
@@ -12,7 +12,7 @@ fi
|
||||
|
||||
if test $KEY_DIR; then
|
||||
cd $KEY_DIR && \
|
||||
- openssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG
|
||||
+ eopenssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG
|
||||
else
|
||||
echo you must define KEY_DIR
|
||||
fi
|
@ -1,12 +0,0 @@
|
||||
$OpenBSD: patch-easy-rsa_1_0_build-req-pass,v 1.1 2015/09/19 12:44:38 sthen Exp $
|
||||
--- easy-rsa/1.0/build-req-pass.orig Sat Sep 19 13:40:50 2015
|
||||
+++ easy-rsa/1.0/build-req-pass Sat Sep 19 13:41:16 2015
|
||||
@@ -12,7 +12,7 @@ fi
|
||||
|
||||
if test $KEY_DIR; then
|
||||
cd $KEY_DIR && \
|
||||
- openssl req -days 3650 -new -keyout $1.key -out $1.csr -config $KEY_CONFIG
|
||||
+ eopenssl req -days 3650 -new -keyout $1.key -out $1.csr -config $KEY_CONFIG
|
||||
else
|
||||
echo you must define KEY_DIR
|
||||
fi
|
@ -1,12 +0,0 @@
|
||||
$OpenBSD: patch-easy-rsa_1_0_list-crl,v 1.1 2015/09/19 12:44:38 sthen Exp $
|
||||
--- easy-rsa/1.0/list-crl.orig Sat Sep 19 13:40:50 2015
|
||||
+++ easy-rsa/1.0/list-crl Sat Sep 19 13:41:19 2015
|
||||
@@ -12,7 +12,7 @@ fi
|
||||
|
||||
if test $KEY_DIR; then
|
||||
cd $KEY_DIR && \
|
||||
- openssl crl -text -noout -in $1
|
||||
+ eopenssl crl -text -noout -in $1
|
||||
else
|
||||
echo you must define KEY_DIR
|
||||
fi
|
@ -1,12 +0,0 @@
|
||||
$OpenBSD: patch-easy-rsa_1_0_make-crl,v 1.1 2015/09/19 12:44:38 sthen Exp $
|
||||
--- easy-rsa/1.0/make-crl.orig Sat Sep 19 13:40:50 2015
|
||||
+++ easy-rsa/1.0/make-crl Sat Sep 19 13:41:20 2015
|
||||
@@ -12,7 +12,7 @@ fi
|
||||
|
||||
if test $KEY_DIR; then
|
||||
cd $KEY_DIR && \
|
||||
- openssl ca -gencrl -out $1 -config $KEY_CONFIG
|
||||
+ eopenssl ca -gencrl -out $1 -config $KEY_CONFIG
|
||||
else
|
||||
echo you must define KEY_DIR
|
||||
fi
|
@ -1,12 +0,0 @@
|
||||
$OpenBSD: patch-easy-rsa_1_0_revoke-crt,v 1.1 2015/09/19 12:44:38 sthen Exp $
|
||||
--- easy-rsa/1.0/revoke-crt.orig Sat Sep 19 13:40:50 2015
|
||||
+++ easy-rsa/1.0/revoke-crt Sat Sep 19 13:41:27 2015
|
||||
@@ -12,7 +12,7 @@ fi
|
||||
|
||||
if test $KEY_DIR; then
|
||||
cd $KEY_DIR && \
|
||||
- openssl ca -revoke $1 -config $KEY_CONFIG
|
||||
+ eopenssl ca -revoke $1 -config $KEY_CONFIG
|
||||
else
|
||||
echo you must define KEY_DIR
|
||||
fi
|
@ -1,21 +0,0 @@
|
||||
$OpenBSD: patch-easy-rsa_1_0_revoke-full,v 1.1 2015/09/19 12:44:38 sthen Exp $
|
||||
--- easy-rsa/1.0/revoke-full.orig Sat Sep 19 13:40:50 2015
|
||||
+++ easy-rsa/1.0/revoke-full Sat Sep 19 13:41:36 2015
|
||||
@@ -16,14 +16,14 @@ if test $KEY_DIR; then
|
||||
rm -f $RT
|
||||
|
||||
# revoke key and generate a new CRL
|
||||
- openssl ca -revoke $1.crt -config $KEY_CONFIG
|
||||
+ eopenssl ca -revoke $1.crt -config $KEY_CONFIG
|
||||
|
||||
# generate a new CRL
|
||||
- openssl ca -gencrl -out $CRL -config $KEY_CONFIG
|
||||
+ eopenssl ca -gencrl -out $CRL -config $KEY_CONFIG
|
||||
cat ca.crt $CRL >$RT
|
||||
|
||||
# verify the revocation
|
||||
- openssl verify -CAfile $RT -crl_check $1.crt
|
||||
+ eopenssl verify -CAfile $RT -crl_check $1.crt
|
||||
else
|
||||
echo you must define KEY_DIR
|
||||
fi
|
@ -1,12 +0,0 @@
|
||||
$OpenBSD: patch-easy-rsa_1_0_sign-req,v 1.1 2015/09/19 12:44:38 sthen Exp $
|
||||
--- easy-rsa/1.0/sign-req.orig Sat Sep 19 13:40:50 2015
|
||||
+++ easy-rsa/1.0/sign-req Sat Sep 19 13:41:38 2015
|
||||
@@ -12,7 +12,7 @@ fi
|
||||
|
||||
if test $KEY_DIR; then
|
||||
cd $KEY_DIR && \
|
||||
- openssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG
|
||||
+ eopenssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG
|
||||
else
|
||||
echo you must define KEY_DIR
|
||||
fi
|
@ -1,12 +0,0 @@
|
||||
$OpenBSD: patch-easy-rsa_2_0_pkitool,v 1.1 2015/09/19 12:44:38 sthen Exp $
|
||||
--- easy-rsa/2.0/pkitool.orig Sat Sep 19 13:40:50 2015
|
||||
+++ easy-rsa/2.0/pkitool Sat Sep 19 13:41:52 2015
|
||||
@@ -122,7 +122,7 @@ usage()
|
||||
}
|
||||
|
||||
# Set tool defaults
|
||||
-[ -n "$OPENSSL" ] || export OPENSSL="openssl"
|
||||
+[ -n "$OPENSSL" ] || export OPENSSL="eopenssl"
|
||||
[ -n "$PKCS11TOOL" ] || export PKCS11TOOL="pkcs11-tool"
|
||||
[ -n "$GREP" ] || export GREP="grep"
|
||||
|
12
security/easy-rsa/patches/patch-easyrsa
Normal file
12
security/easy-rsa/patches/patch-easyrsa
Normal file
@ -0,0 +1,12 @@
|
||||
$OpenBSD: patch-easyrsa,v 1.1 2016/02/18 13:50:00 sthen Exp $
|
||||
--- easyrsa.orig Thu Feb 18 11:41:22 2016
|
||||
+++ easyrsa Thu Feb 18 11:41:37 2016
|
||||
@@ -1003,7 +1003,7 @@ Note: using Easy-RSA configuration from: $vars"
|
||||
|
||||
# Set defaults, preferring existing env-vars if present
|
||||
set_var EASYRSA "$PWD"
|
||||
- set_var EASYRSA_OPENSSL openssl
|
||||
+ set_var EASYRSA_OPENSSL "/usr/local/bin/eopenssl"
|
||||
set_var EASYRSA_PKI "$EASYRSA/pki"
|
||||
set_var EASYRSA_DN cn_only
|
||||
set_var EASYRSA_REQ_COUNTRY "US"
|
@ -1,25 +1,21 @@
|
||||
@comment $OpenBSD: PLIST,v 1.1.1.1 2013/04/02 11:40:36 sthen Exp $
|
||||
share/doc/easy-rsa/
|
||||
share/doc/easy-rsa/README-2.0
|
||||
@comment $OpenBSD: PLIST,v 1.2 2016/02/18 13:50:00 sthen Exp $
|
||||
@extraunexec rm -rf %D/share/easy-rsa/pki
|
||||
share/easy-rsa/
|
||||
share/easy-rsa/build-ca
|
||||
share/easy-rsa/build-dh
|
||||
share/easy-rsa/build-inter
|
||||
share/easy-rsa/build-key
|
||||
share/easy-rsa/build-key-pass
|
||||
share/easy-rsa/build-key-pkcs12
|
||||
share/easy-rsa/build-key-server
|
||||
share/easy-rsa/build-req
|
||||
share/easy-rsa/build-req-pass
|
||||
share/easy-rsa/clean-all
|
||||
share/easy-rsa/inherit-inter
|
||||
share/easy-rsa/list-crl
|
||||
share/easy-rsa/openssl-0.9.6.cnf
|
||||
share/easy-rsa/openssl-0.9.8.cnf
|
||||
share/easy-rsa/openssl-1.0.0.cnf
|
||||
share/easy-rsa/pkitool
|
||||
share/easy-rsa/revoke-full
|
||||
share/easy-rsa/sign-req
|
||||
share/easy-rsa/vars.dist
|
||||
@sample share/easy-rsa/vars
|
||||
share/easy-rsa/whichopensslcnf
|
||||
share/easy-rsa/COPYING
|
||||
share/easy-rsa/ChangeLog
|
||||
share/easy-rsa/README.quickstart.md
|
||||
share/easy-rsa/doc/
|
||||
share/easy-rsa/doc/EasyRSA-Advanced.md
|
||||
share/easy-rsa/doc/EasyRSA-Readme.md
|
||||
share/easy-rsa/doc/EasyRSA-Upgrade-Notes.md
|
||||
share/easy-rsa/doc/Hacking.md
|
||||
share/easy-rsa/doc/Intro-To-PKI.md
|
||||
share/easy-rsa/easyrsa
|
||||
share/easy-rsa/gpl-2.0.txt
|
||||
share/easy-rsa/openssl-1.0.cnf
|
||||
share/easy-rsa/vars.example
|
||||
share/easy-rsa/x509-types/
|
||||
share/easy-rsa/x509-types/COMMON
|
||||
share/easy-rsa/x509-types/ca
|
||||
share/easy-rsa/x509-types/client
|
||||
share/easy-rsa/x509-types/server
|
||||
|
Loading…
Reference in New Issue
Block a user