switch easy-rsa to using openssl to unbreak; libressl doesn't allow $ENV::

in config files and easy-arrrrsa uses this heavily.
This commit is contained in:
sthen 2015-09-19 12:44:38 +00:00
parent f09a508b2f
commit c1a401f90e
16 changed files with 206 additions and 4 deletions

View File

@ -1,11 +1,9 @@
# $OpenBSD: Makefile,v 1.3 2015/09/18 22:04:44 sthen Exp $
BROKEN = relies on $$ENV:: in openssl .cnf files
# $OpenBSD: Makefile,v 1.4 2015/09/19 12:44:38 sthen Exp $
COMMENT = small RSA key management package
PKGNAME = easy-rsa-2.2.0
REVISION = 0
REVISION = 1
DISTNAME = ${PKGNAME}_master
CATEGORIES = security
@ -16,6 +14,9 @@ PERMIT_PACKAGE_CDROM = Yes
MASTER_SITES = https://github.com/downloads/OpenVPN/easy-rsa/
# relies on passing environment variables to $ENV:: in config files
RUN_DEPENDS = security/openssl
CONFIGURE_STYLE = gnu
NO_TEST = Yes

View File

@ -0,0 +1,12 @@
$OpenBSD: patch-easy-rsa_1_0_build-ca,v 1.1 2015/09/19 12:44:38 sthen Exp $
--- easy-rsa/1.0/build-ca.orig Sat Sep 19 13:40:50 2015
+++ easy-rsa/1.0/build-ca Sat Sep 19 13:40:54 2015
@@ -6,7 +6,7 @@
if test $KEY_DIR; then
cd $KEY_DIR && \
- openssl req -days 3650 -nodes -new -x509 -keyout ca.key -out ca.crt -config $KEY_CONFIG && \
+ eopenssl req -days 3650 -nodes -new -x509 -keyout ca.key -out ca.crt -config $KEY_CONFIG && \
chmod 0600 ca.key
else
echo you must define KEY_DIR

View File

@ -0,0 +1,12 @@
$OpenBSD: patch-easy-rsa_1_0_build-dh,v 1.1 2015/09/19 12:44:38 sthen Exp $
--- easy-rsa/1.0/build-dh.orig Sat Sep 19 13:40:50 2015
+++ easy-rsa/1.0/build-dh Sat Sep 19 13:40:56 2015
@@ -6,7 +6,7 @@
#
if test $KEY_DIR; then
- openssl dhparam -out ${KEY_DIR}/dh${KEY_SIZE}.pem ${KEY_SIZE}
+ eopenssl dhparam -out ${KEY_DIR}/dh${KEY_SIZE}.pem ${KEY_SIZE}
else
echo you must define KEY_DIR
fi

View File

@ -0,0 +1,14 @@
$OpenBSD: patch-easy-rsa_1_0_build-inter,v 1.1 2015/09/19 12:44:38 sthen Exp $
--- easy-rsa/1.0/build-inter.orig Sat Sep 19 13:40:50 2015
+++ easy-rsa/1.0/build-inter Sat Sep 19 13:41:00 2015
@@ -12,8 +12,8 @@ fi
if test $KEY_DIR; then
cd $KEY_DIR && \
- openssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \
- openssl ca -extensions v3_ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG
+ eopenssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \
+ eopenssl ca -extensions v3_ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG
else
echo you must define KEY_DIR
fi

View File

@ -0,0 +1,14 @@
$OpenBSD: patch-easy-rsa_1_0_build-key,v 1.1 2015/09/19 12:44:38 sthen Exp $
--- easy-rsa/1.0/build-key.orig Sat Sep 19 13:40:50 2015
+++ easy-rsa/1.0/build-key Sat Sep 19 13:41:02 2015
@@ -12,8 +12,8 @@ fi
if test $KEY_DIR; then
cd $KEY_DIR && \
- openssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \
- openssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG && \
+ eopenssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \
+ eopenssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG && \
chmod 0600 $1.key
else
echo you must define KEY_DIR

View File

@ -0,0 +1,14 @@
$OpenBSD: patch-easy-rsa_1_0_build-key-pass,v 1.1 2015/09/19 12:44:38 sthen Exp $
--- easy-rsa/1.0/build-key-pass.orig Sat Sep 19 13:40:50 2015
+++ easy-rsa/1.0/build-key-pass Sat Sep 19 13:41:04 2015
@@ -12,8 +12,8 @@ fi
if test $KEY_DIR; then
cd $KEY_DIR && \
- openssl req -days 3650 -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \
- openssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG && \
+ eopenssl req -days 3650 -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \
+ eopenssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG && \
chmod 0600 $1.key
else
echo you must define KEY_DIR

View File

@ -0,0 +1,16 @@
$OpenBSD: patch-easy-rsa_1_0_build-key-pkcs12,v 1.1 2015/09/19 12:44:38 sthen Exp $
--- easy-rsa/1.0/build-key-pkcs12.orig Sat Sep 19 13:40:50 2015
+++ easy-rsa/1.0/build-key-pkcs12 Sat Sep 19 13:41:08 2015
@@ -12,9 +12,9 @@ fi
if test $KEY_DIR; then
cd $KEY_DIR && \
- openssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \
- openssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG && \
- openssl pkcs12 -export -inkey $1.key -in $1.crt -certfile ca.crt -out $1.p12 && \
+ eopenssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \
+ eopenssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG && \
+ eopenssl pkcs12 -export -inkey $1.key -in $1.crt -certfile ca.crt -out $1.p12 && \
chmod 0600 $1.key $1.p12
else
echo you must define KEY_DIR

View File

@ -0,0 +1,14 @@
$OpenBSD: patch-easy-rsa_1_0_build-key-server,v 1.1 2015/09/19 12:44:38 sthen Exp $
--- easy-rsa/1.0/build-key-server.orig Sat Sep 19 13:40:50 2015
+++ easy-rsa/1.0/build-key-server Sat Sep 19 13:41:13 2015
@@ -14,8 +14,8 @@ fi
if test $KEY_DIR; then
cd $KEY_DIR && \
- openssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -extensions server -config $KEY_CONFIG && \
- openssl ca -days 3650 -out $1.crt -in $1.csr -extensions server -config $KEY_CONFIG && \
+ eopenssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -extensions server -config $KEY_CONFIG && \
+ eopenssl ca -days 3650 -out $1.crt -in $1.csr -extensions server -config $KEY_CONFIG && \
chmod 0600 $1.key
else
echo you must define KEY_DIR

View File

@ -0,0 +1,12 @@
$OpenBSD: patch-easy-rsa_1_0_build-req,v 1.1 2015/09/19 12:44:38 sthen Exp $
--- easy-rsa/1.0/build-req.orig Sat Sep 19 13:40:50 2015
+++ easy-rsa/1.0/build-req Sat Sep 19 13:41:15 2015
@@ -12,7 +12,7 @@ fi
if test $KEY_DIR; then
cd $KEY_DIR && \
- openssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG
+ eopenssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG
else
echo you must define KEY_DIR
fi

View File

@ -0,0 +1,12 @@
$OpenBSD: patch-easy-rsa_1_0_build-req-pass,v 1.1 2015/09/19 12:44:38 sthen Exp $
--- easy-rsa/1.0/build-req-pass.orig Sat Sep 19 13:40:50 2015
+++ easy-rsa/1.0/build-req-pass Sat Sep 19 13:41:16 2015
@@ -12,7 +12,7 @@ fi
if test $KEY_DIR; then
cd $KEY_DIR && \
- openssl req -days 3650 -new -keyout $1.key -out $1.csr -config $KEY_CONFIG
+ eopenssl req -days 3650 -new -keyout $1.key -out $1.csr -config $KEY_CONFIG
else
echo you must define KEY_DIR
fi

View File

@ -0,0 +1,12 @@
$OpenBSD: patch-easy-rsa_1_0_list-crl,v 1.1 2015/09/19 12:44:38 sthen Exp $
--- easy-rsa/1.0/list-crl.orig Sat Sep 19 13:40:50 2015
+++ easy-rsa/1.0/list-crl Sat Sep 19 13:41:19 2015
@@ -12,7 +12,7 @@ fi
if test $KEY_DIR; then
cd $KEY_DIR && \
- openssl crl -text -noout -in $1
+ eopenssl crl -text -noout -in $1
else
echo you must define KEY_DIR
fi

View File

@ -0,0 +1,12 @@
$OpenBSD: patch-easy-rsa_1_0_make-crl,v 1.1 2015/09/19 12:44:38 sthen Exp $
--- easy-rsa/1.0/make-crl.orig Sat Sep 19 13:40:50 2015
+++ easy-rsa/1.0/make-crl Sat Sep 19 13:41:20 2015
@@ -12,7 +12,7 @@ fi
if test $KEY_DIR; then
cd $KEY_DIR && \
- openssl ca -gencrl -out $1 -config $KEY_CONFIG
+ eopenssl ca -gencrl -out $1 -config $KEY_CONFIG
else
echo you must define KEY_DIR
fi

View File

@ -0,0 +1,12 @@
$OpenBSD: patch-easy-rsa_1_0_revoke-crt,v 1.1 2015/09/19 12:44:38 sthen Exp $
--- easy-rsa/1.0/revoke-crt.orig Sat Sep 19 13:40:50 2015
+++ easy-rsa/1.0/revoke-crt Sat Sep 19 13:41:27 2015
@@ -12,7 +12,7 @@ fi
if test $KEY_DIR; then
cd $KEY_DIR && \
- openssl ca -revoke $1 -config $KEY_CONFIG
+ eopenssl ca -revoke $1 -config $KEY_CONFIG
else
echo you must define KEY_DIR
fi

View File

@ -0,0 +1,21 @@
$OpenBSD: patch-easy-rsa_1_0_revoke-full,v 1.1 2015/09/19 12:44:38 sthen Exp $
--- easy-rsa/1.0/revoke-full.orig Sat Sep 19 13:40:50 2015
+++ easy-rsa/1.0/revoke-full Sat Sep 19 13:41:36 2015
@@ -16,14 +16,14 @@ if test $KEY_DIR; then
rm -f $RT
# revoke key and generate a new CRL
- openssl ca -revoke $1.crt -config $KEY_CONFIG
+ eopenssl ca -revoke $1.crt -config $KEY_CONFIG
# generate a new CRL
- openssl ca -gencrl -out $CRL -config $KEY_CONFIG
+ eopenssl ca -gencrl -out $CRL -config $KEY_CONFIG
cat ca.crt $CRL >$RT
# verify the revocation
- openssl verify -CAfile $RT -crl_check $1.crt
+ eopenssl verify -CAfile $RT -crl_check $1.crt
else
echo you must define KEY_DIR
fi

View File

@ -0,0 +1,12 @@
$OpenBSD: patch-easy-rsa_1_0_sign-req,v 1.1 2015/09/19 12:44:38 sthen Exp $
--- easy-rsa/1.0/sign-req.orig Sat Sep 19 13:40:50 2015
+++ easy-rsa/1.0/sign-req Sat Sep 19 13:41:38 2015
@@ -12,7 +12,7 @@ fi
if test $KEY_DIR; then
cd $KEY_DIR && \
- openssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG
+ eopenssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG
else
echo you must define KEY_DIR
fi

View File

@ -0,0 +1,12 @@
$OpenBSD: patch-easy-rsa_2_0_pkitool,v 1.1 2015/09/19 12:44:38 sthen Exp $
--- easy-rsa/2.0/pkitool.orig Sat Sep 19 13:40:50 2015
+++ easy-rsa/2.0/pkitool Sat Sep 19 13:41:52 2015
@@ -122,7 +122,7 @@ usage()
}
# Set tool defaults
-[ -n "$OPENSSL" ] || export OPENSSL="openssl"
+[ -n "$OPENSSL" ] || export OPENSSL="eopenssl"
[ -n "$PKCS11TOOL" ] || export PKCS11TOOL="pkcs11-tool"
[ -n "$GREP" ] || export GREP="grep"