Merge pull request #207911 from numinit/update-easyrsa
This commit is contained in:
Sandro
GitHub
commit
78fa1556b9
4 changed files with 17 additions and 111 deletions
|
|
@ -1,47 +0,0 @@
|
|||
{ lib
|
||||
, stdenv
|
||||
, fetchFromGitHub
|
||||
, autoreconfHook
|
||||
, makeWrapper
|
||||
, gnugrep
|
||||
, openssl
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "easyrsa";
|
||||
version = "2.2.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "OpenVPN";
|
||||
repo = "easy-rsa";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-zTdk8mv+gC/SHK813wZ6CWZf9Jm2XkKfAPU3feFpAkY=";
|
||||
};
|
||||
|
||||
preBuild = ''
|
||||
mkdir -p $out/share/easy-rsa
|
||||
'';
|
||||
|
||||
nativeBuildInputs = [ autoreconfHook makeWrapper ];
|
||||
buildInputs = [ gnugrep openssl ];
|
||||
|
||||
# Make sane defaults and patch default config vars
|
||||
postInstall = ''
|
||||
cp $out/share/easy-rsa/openssl-1.0.0.cnf $out/share/easy-rsa/openssl.cnf
|
||||
for prog in $(find "$out/share/easy-rsa" -executable -type f); do
|
||||
makeWrapper "$prog" "$out/bin/$(basename $prog)" \
|
||||
--set EASY_RSA "$out/share/easy-rsa" \
|
||||
--set OPENSSL "${openssl.bin}/bin/openssl" \
|
||||
--set GREP "${gnugrep}/bin/grep"
|
||||
done
|
||||
sed -i "/EASY_RSA=\|OPENSSL=\|GREP=/d" $out/share/easy-rsa/vars
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "Simple shell based CA utility";
|
||||
homepage = "https://openvpn.net/";
|
||||
license = licenses.gpl2;
|
||||
maintainers = [ maintainers.offline ];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
}
|
||||
|
|
@ -1,33 +1,37 @@
|
|||
{ lib, stdenv, fetchFromGitHub, openssl, runtimeShell }:
|
||||
{ lib, stdenv, fetchFromGitHub, openssl, makeWrapper, runtimeShell }:
|
||||
|
||||
let
|
||||
version = "3.0.8";
|
||||
in stdenv.mkDerivation {
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "easyrsa";
|
||||
inherit version;
|
||||
version = "3.1.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "OpenVPN";
|
||||
repo = "easy-rsa";
|
||||
rev = "v${version}";
|
||||
sha256 = "05q60s343ydh9j6hzj0840qdcq8fkyz06q68yw4pqgqg4w68rbgs";
|
||||
sha256 = "sha256-errF7bNhX3oYEMDwB/B1W5hBWhOD+GCgET3lA121PHc=";
|
||||
};
|
||||
|
||||
patches = [ ./fix-paths.patch ];
|
||||
nativeBuildInputs = [ makeWrapper ];
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out/share/easyrsa
|
||||
cp -r easyrsa3/{*.cnf,x509-types,vars.example} $out/share/easyrsa
|
||||
cp easyrsa3/openssl-easyrsa.cnf $out/share/easyrsa/safessl-easyrsa.cnf
|
||||
mkdir -p $out/share/easy-rsa
|
||||
cp -r easyrsa3/{*.cnf,x509-types,vars.example} $out/share/easy-rsa
|
||||
install -D -m755 easyrsa3/easyrsa $out/bin/easyrsa
|
||||
|
||||
substituteInPlace $out/bin/easyrsa \
|
||||
--subst-var out \
|
||||
--subst-var-by openssl ${openssl.bin}/bin/openssl
|
||||
--replace /usr/ $out/ \
|
||||
--replace '~VER~' '${version}' \
|
||||
--replace '~GITHEAD~' 'v${version}' \
|
||||
--replace '~DATE~' '1970-01-01'
|
||||
|
||||
# Wrap it with the correct OpenSSL binary.
|
||||
wrapProgram $out/bin/easyrsa \
|
||||
--set EASYRSA_OPENSSL ${openssl.bin}/bin/openssl
|
||||
|
||||
# Helper utility
|
||||
cat > $out/bin/easyrsa-init <<EOF
|
||||
#!${runtimeShell} -e
|
||||
cp -r $out/share/easyrsa/* .
|
||||
cp -r $out/share/easy-rsa/* .
|
||||
EOF
|
||||
chmod +x $out/bin/easyrsa-init
|
||||
'';
|
||||
|
|
|
|||
|
|
@ -1,49 +0,0 @@
|
|||
diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
|
||||
index 261336f..7b9a79b 100755
|
||||
--- a/easyrsa3/easyrsa
|
||||
+++ b/easyrsa3/easyrsa
|
||||
@@ -1661,7 +1661,7 @@ Note: using Easy-RSA configuration from: $vars"
|
||||
|
||||
# Set defaults, preferring existing env-vars if present
|
||||
set_var EASYRSA "$prog_dir"
|
||||
- set_var EASYRSA_OPENSSL openssl
|
||||
+ set_var EASYRSA_OPENSSL "@openssl@"
|
||||
set_var EASYRSA_PKI "$PWD/pki"
|
||||
set_var EASYRSA_DN cn_only
|
||||
set_var EASYRSA_REQ_COUNTRY "US"
|
||||
@@ -1683,16 +1683,31 @@ Note: using Easy-RSA configuration from: $vars"
|
||||
set_var EASYRSA_TEMP_DIR "$EASYRSA_PKI"
|
||||
set_var EASYRSA_REQ_CN ChangeMe
|
||||
set_var EASYRSA_DIGEST sha256
|
||||
- set_var EASYRSA_SSL_CONF "$EASYRSA_PKI/openssl-easyrsa.cnf"
|
||||
- set_var EASYRSA_SAFE_CONF "$EASYRSA_PKI/safessl-easyrsa.cnf"
|
||||
set_var EASYRSA_KDC_REALM "CHANGEME.EXAMPLE.COM"
|
||||
|
||||
+ if [ -f "$EASYRSA_PKI/safessl-easyrsa.conf" ]; then
|
||||
+ set_var EASYRSA_SAFE_CONF "$EASYRSA_PKI/safessl-easyrsa.cnf"
|
||||
+ elif [ -f "$EASYRSA/safessl-easyrsa.conf" ]; then
|
||||
+ set_var EASYRSA_SAFE_CONF "$EASYRSA/safessl-easyrsa.cnf"
|
||||
+ elif [ -f "@out@/share/easyrsa/safessl-easyrsa.cnf" ]; then
|
||||
+ set_var EASYRSA_SAFE_CONF "@out@/share/easyrsa/safessl-easyrsa.cnf"
|
||||
+ fi
|
||||
+
|
||||
+ if [ -f "$EASYRSA_PKI/openssl-easyrsa.conf" ]; then
|
||||
+ set_var EASYRSA_SSL_CONF "$EASYRSA_PKI/openssl-easyrsa.cnf"
|
||||
+ elif [ -f "$EASYRSA/openssl-easyrsa.conf" ]; then
|
||||
+ set_var EASYRSA_SSL_CONF "$EASYRSA/openssl-easyrsa.cnf"
|
||||
+ elif [ -f "@out@/share/easyrsa/openssl-easyrsa.cnf" ]; then
|
||||
+ set_var EASYRSA_SSL_CONF "@out@/share/easyrsa/openssl-easyrsa.cnf"
|
||||
+ fi
|
||||
+
|
||||
# Same as above for the x509-types extensions dir
|
||||
if [ -d "$EASYRSA_PKI/x509-types" ]; then
|
||||
set_var EASYRSA_EXT_DIR "$EASYRSA_PKI/x509-types"
|
||||
- else
|
||||
- #TODO: This should be removed. Not really suitable for packaging.
|
||||
+ elif [ -d "$EASYRSA/x509-types" ]; then
|
||||
set_var EASYRSA_EXT_DIR "$EASYRSA/x509-types"
|
||||
+ else
|
||||
+ set_var EASYRSA_EXT_DIR "@out@/share/easyrsa/x509-types"
|
||||
fi
|
||||
|
||||
# EASYRSA_ALGO_PARAMS must be set depending on selected algo
|
||||
|
|
@ -6576,8 +6576,6 @@ with pkgs;
|
|||
|
||||
easyrsa = callPackage ../tools/networking/easyrsa { };
|
||||
|
||||
easyrsa2 = callPackage ../tools/networking/easyrsa/2.x.nix { };
|
||||
|
||||
easysnap = callPackage ../tools/backup/easysnap { };
|
||||
|
||||
ebook_tools = callPackage ../tools/text/ebook-tools { };
|
||||
|
|
|
|||
Loading…
Reference in a new issue