update to easy-rsa 3.0.1.

The previous version was supposed to have been patched to use openssl (instead of libressl) for ENV:: handling but this patch didn't work correctly, and even with that fixed, there was an issue with easy-rsa that caused generation to fail after the first certificate ("TXT_DB error number 2"), which https://community.openvpn.net/openvpn/ticket/229 marks as WONTFIX for easy-rsa 2.x. OK ajacoutot@ jasper@
2016-02-18 13:50:00 +00:00 · 2016-02-18 13:50:00 +00:00 · 61fcff7f9b
commit 61fcff7f9b
parent 39e61cecdb
20 changed files with 50 additions and 253 deletions
--- a/security/easy-rsa/Makefile
+++ b/security/easy-rsa/Makefile
@ -1,10 +1,11 @@
-# $OpenBSD: Makefile,v 1.4 2015/09/19 12:44:38 sthen Exp $
+# $OpenBSD: Makefile,v 1.5 2016/02/18 13:50:00 sthen Exp $

 COMMENT =	small RSA key management package

-PKGNAME =	easy-rsa-2.2.0
-REVISION =	1
-DISTNAME =	${PKGNAME}_master
+V =		3.0.1
+PKGNAME =	easy-rsa-$V
+DISTNAME =	EasyRSA-$V
+EXTRACT_SUFX =	.tgz
 CATEGORIES =	security

 HOMEPAGE =	http://openvpn.net/
@ -12,18 +13,21 @@ HOMEPAGE =	http://openvpn.net/
 # GPLv2 only
 PERMIT_PACKAGE_CDROM =	Yes

-MASTER_SITES =		https://github.com/downloads/OpenVPN/easy-rsa/
+MASTER_SITES =	https://github.com/OpenVPN/easy-rsa/releases/download/$V/

 # relies on passing environment variables to $ENV:: in config files
 RUN_DEPENDS =	security/openssl

-CONFIGURE_STYLE =	gnu
-
+NO_BUILD =	Yes
 NO_TEST =	Yes

-post-install:
-	@mv ${PREFIX}/share/easy-rsa/vars{,.dist}
-	perl -pi -e 's,source \./vars,. ./vars,g' \
-	    ${PREFIX}/share/doc/easy-rsa/* ${PREFIX}/share/easy-rsa/*
+I =		${PREFIX}/share/easy-rsa
+
+do-install:
+	sed -i s,/usr/local,${LOCALBASE},g ${WRKSRC}/easyrsa
+	${INSTALL_DATA_DIR} $I
+	cd ${WRKSRC}; pax -rw * $I
+	rm $I/*.orig
+	chown -R ${SHAREOWN}:${SHAREGRP} $I/*

 .include <bsd.port.mk>
--- a/security/easy-rsa/distinfo
+++ b/security/easy-rsa/distinfo
@ -1,2 +1,2 @@
-SHA256 (easy-rsa-2.2.0_master.tar.gz) = 0j3cOnZLQNA62nbzh8kq5Nz09SZtpUwrrhMDJbBe6+I=
-SIZE (easy-rsa-2.2.0_master.tar.gz) = 80460
+SHA256 (EasyRSA-3.0.1.tgz) = 29r1uURLmeDFIh/UvPFThMYjgMG2POoj1CI5QU17LU4=
+SIZE (EasyRSA-3.0.1.tgz) = 40960
--- a/security/easy-rsa/patches/patch-Makefile_in
+++ b/security/easy-rsa/patches/patch-Makefile_in
@ -1,14 +0,0 @@
-$OpenBSD: patch-Makefile_in,v 1.1.1.1 2013/04/02 11:40:36 sthen Exp $
--- Makefile.in.orig	Tue Apr  2 07:35:09 2013
-+++ Makefile.in	Tue Apr  2 07:36:41 2013
-@@ -186,9 +186,7 @@ MAINTAINERCLEANFILES = \
- 
- EXTRA_DIST = easy-rsa
- SUBDIRS = doc distro
-dist_doc_DATA = \
-	COPYRIGHT.GPL \
-	COPYING
-+dist_doc_DATA =
- 
- dist_easyrsa_DATA = 
- all: all-recursive
--- a/security/easy-rsa/patches/patch-easy-rsa_1_0_build-ca
+++ b/security/easy-rsa/patches/patch-easy-rsa_1_0_build-ca
@ -1,12 +0,0 @@
-$OpenBSD: patch-easy-rsa_1_0_build-ca,v 1.1 2015/09/19 12:44:38 sthen Exp $
--- easy-rsa/1.0/build-ca.orig	Sat Sep 19 13:40:50 2015
-+++ easy-rsa/1.0/build-ca	Sat Sep 19 13:40:54 2015
-@@ -6,7 +6,7 @@
- 
- if test $KEY_DIR; then
- 	cd $KEY_DIR && \
-	openssl req -days 3650 -nodes -new -x509 -keyout ca.key -out ca.crt -config $KEY_CONFIG && \
-+	eopenssl req -days 3650 -nodes -new -x509 -keyout ca.key -out ca.crt -config $KEY_CONFIG && \
-         chmod 0600 ca.key
- else
- 	echo you must define KEY_DIR
--- a/security/easy-rsa/patches/patch-easy-rsa_1_0_build-dh
+++ b/security/easy-rsa/patches/patch-easy-rsa_1_0_build-dh
@ -1,12 +0,0 @@
-$OpenBSD: patch-easy-rsa_1_0_build-dh,v 1.1 2015/09/19 12:44:38 sthen Exp $
--- easy-rsa/1.0/build-dh.orig	Sat Sep 19 13:40:50 2015
-+++ easy-rsa/1.0/build-dh	Sat Sep 19 13:40:56 2015
-@@ -6,7 +6,7 @@
- #
- 
- if test $KEY_DIR; then
-    openssl dhparam -out ${KEY_DIR}/dh${KEY_SIZE}.pem ${KEY_SIZE}
-+    eopenssl dhparam -out ${KEY_DIR}/dh${KEY_SIZE}.pem ${KEY_SIZE}
- else
-     echo you must define KEY_DIR
- fi
--- a/security/easy-rsa/patches/patch-easy-rsa_1_0_build-inter
+++ b/security/easy-rsa/patches/patch-easy-rsa_1_0_build-inter
@ -1,14 +0,0 @@
-$OpenBSD: patch-easy-rsa_1_0_build-inter,v 1.1 2015/09/19 12:44:38 sthen Exp $
--- easy-rsa/1.0/build-inter.orig	Sat Sep 19 13:40:50 2015
-+++ easy-rsa/1.0/build-inter	Sat Sep 19 13:41:00 2015
-@@ -12,8 +12,8 @@ fi                                                    
- 
- if test $KEY_DIR; then
- 	cd $KEY_DIR && \
-	openssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \
-	openssl ca -extensions v3_ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG
-+	eopenssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \
-+	eopenssl ca -extensions v3_ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG
- else
- 	echo you must define KEY_DIR
- fi
--- a/security/easy-rsa/patches/patch-easy-rsa_1_0_build-key
+++ b/security/easy-rsa/patches/patch-easy-rsa_1_0_build-key
@ -1,14 +0,0 @@
-$OpenBSD: patch-easy-rsa_1_0_build-key,v 1.1 2015/09/19 12:44:38 sthen Exp $
--- easy-rsa/1.0/build-key.orig	Sat Sep 19 13:40:50 2015
-+++ easy-rsa/1.0/build-key	Sat Sep 19 13:41:02 2015
-@@ -12,8 +12,8 @@ fi                                                    
- 
- if test $KEY_DIR; then
- 	cd $KEY_DIR && \
-	openssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \
-	openssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG && \
-+	eopenssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \
-+	eopenssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG && \
- 	chmod 0600 $1.key
- else
- 	echo you must define KEY_DIR
--- a/security/easy-rsa/patches/patch-easy-rsa_1_0_build-key-pass
+++ b/security/easy-rsa/patches/patch-easy-rsa_1_0_build-key-pass
@ -1,14 +0,0 @@
-$OpenBSD: patch-easy-rsa_1_0_build-key-pass,v 1.1 2015/09/19 12:44:38 sthen Exp $
--- easy-rsa/1.0/build-key-pass.orig	Sat Sep 19 13:40:50 2015
-+++ easy-rsa/1.0/build-key-pass	Sat Sep 19 13:41:04 2015
-@@ -12,8 +12,8 @@ fi
- 
- if test $KEY_DIR; then
- 	cd $KEY_DIR && \
-	openssl req -days 3650 -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \
-	openssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG && \
-+	eopenssl req -days 3650 -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \
-+	eopenssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG && \
- 	chmod 0600 $1.key
- else
- 	echo you must define KEY_DIR
--- a/security/easy-rsa/patches/patch-easy-rsa_1_0_build-key-pkcs12
+++ b/security/easy-rsa/patches/patch-easy-rsa_1_0_build-key-pkcs12
@ -1,16 +0,0 @@
-$OpenBSD: patch-easy-rsa_1_0_build-key-pkcs12,v 1.1 2015/09/19 12:44:38 sthen Exp $
--- easy-rsa/1.0/build-key-pkcs12.orig	Sat Sep 19 13:40:50 2015
-+++ easy-rsa/1.0/build-key-pkcs12	Sat Sep 19 13:41:08 2015
-@@ -12,9 +12,9 @@ fi                                                    
- 
- if test $KEY_DIR; then
- 	cd $KEY_DIR && \
-	openssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \
-	openssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG && \
-        openssl pkcs12 -export -inkey $1.key -in $1.crt -certfile ca.crt -out $1.p12 && \
-+	eopenssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \
-+	eopenssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG && \
-+        eopenssl pkcs12 -export -inkey $1.key -in $1.crt -certfile ca.crt -out $1.p12 && \
- 	chmod 0600 $1.key $1.p12
- else
- 	echo you must define KEY_DIR
--- a/security/easy-rsa/patches/patch-easy-rsa_1_0_build-key-server
+++ b/security/easy-rsa/patches/patch-easy-rsa_1_0_build-key-server
@ -1,14 +0,0 @@
-$OpenBSD: patch-easy-rsa_1_0_build-key-server,v 1.1 2015/09/19 12:44:38 sthen Exp $
--- easy-rsa/1.0/build-key-server.orig	Sat Sep 19 13:40:50 2015
-+++ easy-rsa/1.0/build-key-server	Sat Sep 19 13:41:13 2015
-@@ -14,8 +14,8 @@ fi                                                    
- 
- if test $KEY_DIR; then
- 	cd $KEY_DIR && \
-	openssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -extensions server -config $KEY_CONFIG && \
-	openssl ca -days 3650 -out $1.crt -in $1.csr -extensions server -config $KEY_CONFIG && \
-+	eopenssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -extensions server -config $KEY_CONFIG && \
-+	eopenssl ca -days 3650 -out $1.crt -in $1.csr -extensions server -config $KEY_CONFIG && \
-         chmod 0600 $1.key
- else
- 	echo you must define KEY_DIR
--- a/security/easy-rsa/patches/patch-easy-rsa_1_0_build-req
+++ b/security/easy-rsa/patches/patch-easy-rsa_1_0_build-req
@ -1,12 +0,0 @@
-$OpenBSD: patch-easy-rsa_1_0_build-req,v 1.1 2015/09/19 12:44:38 sthen Exp $
--- easy-rsa/1.0/build-req.orig	Sat Sep 19 13:40:50 2015
-+++ easy-rsa/1.0/build-req	Sat Sep 19 13:41:15 2015
-@@ -12,7 +12,7 @@ fi                                                    
- 
- if test $KEY_DIR; then
-     cd $KEY_DIR && \
-    openssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG
-+    eopenssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG
- else
-     echo you must define KEY_DIR
- fi
--- a/security/easy-rsa/patches/patch-easy-rsa_1_0_build-req-pass
+++ b/security/easy-rsa/patches/patch-easy-rsa_1_0_build-req-pass
@ -1,12 +0,0 @@
-$OpenBSD: patch-easy-rsa_1_0_build-req-pass,v 1.1 2015/09/19 12:44:38 sthen Exp $
--- easy-rsa/1.0/build-req-pass.orig	Sat Sep 19 13:40:50 2015
-+++ easy-rsa/1.0/build-req-pass	Sat Sep 19 13:41:16 2015
-@@ -12,7 +12,7 @@ fi                                                    
- 
- if test $KEY_DIR; then
-     cd $KEY_DIR && \
-    openssl req -days 3650 -new -keyout $1.key -out $1.csr -config $KEY_CONFIG
-+    eopenssl req -days 3650 -new -keyout $1.key -out $1.csr -config $KEY_CONFIG
- else
-     echo you must define KEY_DIR
- fi
--- a/security/easy-rsa/patches/patch-easy-rsa_1_0_list-crl
+++ b/security/easy-rsa/patches/patch-easy-rsa_1_0_list-crl
@ -1,12 +0,0 @@
-$OpenBSD: patch-easy-rsa_1_0_list-crl,v 1.1 2015/09/19 12:44:38 sthen Exp $
--- easy-rsa/1.0/list-crl.orig	Sat Sep 19 13:40:50 2015
-+++ easy-rsa/1.0/list-crl	Sat Sep 19 13:41:19 2015
-@@ -12,7 +12,7 @@ fi
- 
- if test $KEY_DIR; then
-        cd $KEY_DIR && \
-       openssl crl -text -noout -in $1
-+       eopenssl crl -text -noout -in $1
- else
-        echo you must define KEY_DIR
- fi
--- a/security/easy-rsa/patches/patch-easy-rsa_1_0_make-crl
+++ b/security/easy-rsa/patches/patch-easy-rsa_1_0_make-crl
@ -1,12 +0,0 @@
-$OpenBSD: patch-easy-rsa_1_0_make-crl,v 1.1 2015/09/19 12:44:38 sthen Exp $
--- easy-rsa/1.0/make-crl.orig	Sat Sep 19 13:40:50 2015
-+++ easy-rsa/1.0/make-crl	Sat Sep 19 13:41:20 2015
-@@ -12,7 +12,7 @@ fi
- 
- if test $KEY_DIR; then
-        cd $KEY_DIR && \
-       openssl ca -gencrl -out $1 -config $KEY_CONFIG
-+       eopenssl ca -gencrl -out $1 -config $KEY_CONFIG
- else
-        echo you must define KEY_DIR
- fi
--- a/security/easy-rsa/patches/patch-easy-rsa_1_0_revoke-crt
+++ b/security/easy-rsa/patches/patch-easy-rsa_1_0_revoke-crt
@ -1,12 +0,0 @@
-$OpenBSD: patch-easy-rsa_1_0_revoke-crt,v 1.1 2015/09/19 12:44:38 sthen Exp $
--- easy-rsa/1.0/revoke-crt.orig	Sat Sep 19 13:40:50 2015
-+++ easy-rsa/1.0/revoke-crt	Sat Sep 19 13:41:27 2015
-@@ -12,7 +12,7 @@ fi
- 
- if test $KEY_DIR; then
-        cd $KEY_DIR && \
-       openssl ca -revoke $1 -config $KEY_CONFIG
-+       eopenssl ca -revoke $1 -config $KEY_CONFIG
- else
-        echo you must define KEY_DIR
- fi
--- a/security/easy-rsa/patches/patch-easy-rsa_1_0_revoke-full
+++ b/security/easy-rsa/patches/patch-easy-rsa_1_0_revoke-full
@ -1,21 +0,0 @@
-$OpenBSD: patch-easy-rsa_1_0_revoke-full,v 1.1 2015/09/19 12:44:38 sthen Exp $
--- easy-rsa/1.0/revoke-full.orig	Sat Sep 19 13:40:50 2015
-+++ easy-rsa/1.0/revoke-full	Sat Sep 19 13:41:36 2015
-@@ -16,14 +16,14 @@ if test $KEY_DIR; then
-        rm -f $RT
- 
-        # revoke key and generate a new CRL
-       openssl ca -revoke $1.crt -config $KEY_CONFIG
-+       eopenssl ca -revoke $1.crt -config $KEY_CONFIG
- 
-        # generate a new CRL
-       openssl ca -gencrl -out $CRL -config $KEY_CONFIG
-+       eopenssl ca -gencrl -out $CRL -config $KEY_CONFIG
-        cat ca.crt $CRL >$RT
-     
-        # verify the revocation
-       openssl verify -CAfile $RT -crl_check $1.crt
-+       eopenssl verify -CAfile $RT -crl_check $1.crt
- else
-        echo you must define KEY_DIR
- fi
--- a/security/easy-rsa/patches/patch-easy-rsa_1_0_sign-req
+++ b/security/easy-rsa/patches/patch-easy-rsa_1_0_sign-req
@ -1,12 +0,0 @@
-$OpenBSD: patch-easy-rsa_1_0_sign-req,v 1.1 2015/09/19 12:44:38 sthen Exp $
--- easy-rsa/1.0/sign-req.orig	Sat Sep 19 13:40:50 2015
-+++ easy-rsa/1.0/sign-req	Sat Sep 19 13:41:38 2015
-@@ -12,7 +12,7 @@ fi                                                    
- 
- if test $KEY_DIR; then
- 	cd $KEY_DIR && \
-	openssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG
-+	eopenssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG
- else
- 	echo you must define KEY_DIR
- fi
--- a/security/easy-rsa/patches/patch-easy-rsa_2_0_pkitool
+++ b/security/easy-rsa/patches/patch-easy-rsa_2_0_pkitool
@ -1,12 +0,0 @@
-$OpenBSD: patch-easy-rsa_2_0_pkitool,v 1.1 2015/09/19 12:44:38 sthen Exp $
--- easy-rsa/2.0/pkitool.orig	Sat Sep 19 13:40:50 2015
-+++ easy-rsa/2.0/pkitool	Sat Sep 19 13:41:52 2015
-@@ -122,7 +122,7 @@ usage()
- }
- 
- # Set tool defaults
-[ -n "$OPENSSL" ] || export OPENSSL="openssl"
-+[ -n "$OPENSSL" ] || export OPENSSL="eopenssl"
- [ -n "$PKCS11TOOL" ] || export PKCS11TOOL="pkcs11-tool"
- [ -n "$GREP" ] || export GREP="grep"
- 
--- a/security/easy-rsa/patches/patch-easyrsa
+++ b/security/easy-rsa/patches/patch-easyrsa
@ -0,0 +1,12 @@
+$OpenBSD: patch-easyrsa,v 1.1 2016/02/18 13:50:00 sthen Exp $
+--- easyrsa.orig	Thu Feb 18 11:41:22 2016
+++ easyrsa	Thu Feb 18 11:41:37 2016
+@@ -1003,7 +1003,7 @@ Note: using Easy-RSA configuration from: $vars"
+ 	
+ 	# Set defaults, preferring existing env-vars if present
+ 	set_var EASYRSA		"$PWD"
+-	set_var EASYRSA_OPENSSL	openssl
+	set_var EASYRSA_OPENSSL	"/usr/local/bin/eopenssl"
+ 	set_var EASYRSA_PKI	"$EASYRSA/pki"
+ 	set_var EASYRSA_DN	cn_only
+ 	set_var EASYRSA_REQ_COUNTRY	"US"
--- a/security/easy-rsa/pkg/PLIST
+++ b/security/easy-rsa/pkg/PLIST
@ -1,25 +1,21 @@
-@comment $OpenBSD: PLIST,v 1.1.1.1 2013/04/02 11:40:36 sthen Exp $
-share/doc/easy-rsa/
-share/doc/easy-rsa/README-2.0
+@comment $OpenBSD: PLIST,v 1.2 2016/02/18 13:50:00 sthen Exp $
+@extraunexec rm -rf %D/share/easy-rsa/pki
 share/easy-rsa/
-share/easy-rsa/build-ca
-share/easy-rsa/build-dh
-share/easy-rsa/build-inter
-share/easy-rsa/build-key
-share/easy-rsa/build-key-pass
-share/easy-rsa/build-key-pkcs12
-share/easy-rsa/build-key-server
-share/easy-rsa/build-req
-share/easy-rsa/build-req-pass
-share/easy-rsa/clean-all
-share/easy-rsa/inherit-inter
-share/easy-rsa/list-crl
-share/easy-rsa/openssl-0.9.6.cnf
-share/easy-rsa/openssl-0.9.8.cnf
-share/easy-rsa/openssl-1.0.0.cnf
-share/easy-rsa/pkitool
-share/easy-rsa/revoke-full
-share/easy-rsa/sign-req
-share/easy-rsa/vars.dist
-@sample share/easy-rsa/vars
-share/easy-rsa/whichopensslcnf
+share/easy-rsa/COPYING
+share/easy-rsa/ChangeLog
+share/easy-rsa/README.quickstart.md
+share/easy-rsa/doc/
+share/easy-rsa/doc/EasyRSA-Advanced.md
+share/easy-rsa/doc/EasyRSA-Readme.md
+share/easy-rsa/doc/EasyRSA-Upgrade-Notes.md
+share/easy-rsa/doc/Hacking.md
+share/easy-rsa/doc/Intro-To-PKI.md
+share/easy-rsa/easyrsa
+share/easy-rsa/gpl-2.0.txt
+share/easy-rsa/openssl-1.0.cnf
+share/easy-rsa/vars.example
+share/easy-rsa/x509-types/
+share/easy-rsa/x509-types/COMMON
+share/easy-rsa/x509-types/ca
+share/easy-rsa/x509-types/client
+share/easy-rsa/x509-types/server