From b4f463d969cc56fb2522d8dc5eb97d8134777254 Mon Sep 17 00:00:00 2001 From: Luiz Angelo Daros de Luca Date: Wed, 1 Mar 2017 01:42:55 -0300 Subject: [PATCH] openvpn-easy-rsa: update to 3.0.1 easy-rsa v3 is now a single script. It expects a 'vars' configuration file which path can be set using easy-rsa options, environment variables or just looking in the current directory. The default usage would be: # cd /etc/easy-rsa # easy-rsa COMMAND [command-options] Following upstream changes, /etc/easy-rsa/pki replaces /etc/easy-rsa/keys directory. The default /etc/easy-rsa/pki dir is marked to be kept during upgrade (WARN: priv keys are saved in the system backup) /etc/easy-rsa/openssl.1.0.cnf is now marked as config file while index and serial got removed. Signed-off-by: Luiz Angelo Daros de Luca --- .../services/openvpn-easy-rsa/Makefile | 41 +++-- .../openvpn-easy-rsa/files/easy-rsa.index | 0 .../openvpn-easy-rsa/files/easy-rsa.serial | 1 - .../files/openvpn-easy-rsa.upgrade | 1 + .../patches/100-run-ootb.patch | 152 ------------------ 5 files changed, 26 insertions(+), 169 deletions(-) delete mode 100644 package/network/services/openvpn-easy-rsa/files/easy-rsa.index delete mode 100644 package/network/services/openvpn-easy-rsa/files/easy-rsa.serial create mode 100644 package/network/services/openvpn-easy-rsa/files/openvpn-easy-rsa.upgrade delete mode 100644 package/network/services/openvpn-easy-rsa/patches/100-run-ootb.patch diff --git a/package/network/services/openvpn-easy-rsa/Makefile b/package/network/services/openvpn-easy-rsa/Makefile index 5b7d9be213..f4b479986f 100644 --- a/package/network/services/openvpn-easy-rsa/Makefile +++ b/package/network/services/openvpn-easy-rsa/Makefile @@ -9,19 +9,18 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openvpn-easy-rsa -PKG_RELEASE=2 - -PKG_SOURCE_PROTO:=git -PKG_SOURCE_URL:=https://github.com/OpenVPN/easy-rsa.git -PKG_SOURCE_DATE:=2013-01-30 -PKG_SOURCE_VERSION:=ff5bfd1dd8e548cb24d302742af3894f893ef92f -PKG_MIRROR_HASH:=c87704b3906a0c14f51c6677151a9389f698523c7ec07f7c75489ca31786f128 +PKG_VERSION:=3.0.1 +PKG_RELEASE:=1 +PKG_SOURCE_URL:=https://github.com/OpenVPN/easy-rsa/releases/download/$(PKG_VERSION)/ +PKG_SOURCE:=EasyRSA-$(PKG_VERSION).tgz +PKG_HASH:=dbdaf5b9444b99e0c5221fd4bcf15384c62380c1b63cea23d42239414d7b2d4e PKG_LICENSE:=GPL-2.0 +PKG_BUILD_DIR:=$(BUILD_DIR)/EasyRSA-$(PKG_VERSION) include $(INCLUDE_DIR)/package.mk define Package/openvpn-easy-rsa - TITLE:=Simple shell scripts to manage a Certificate Authority + TITLE:=CLI utility to build and manage a PKI CA. SECTION:=net CATEGORY:=Network URL:=http://openvpn.net @@ -30,9 +29,8 @@ define Package/openvpn-easy-rsa endef define Package/openvpn-easy-rsa/conffiles -/etc/easy-rsa/keys/serial -/etc/easy-rsa/keys/index.txt /etc/easy-rsa/vars +/etc/easy-rsa/openssl-1.0.cnf endef define Build/Configure @@ -45,13 +43,24 @@ endef define Package/openvpn-easy-rsa/install $(INSTALL_DIR) $(1)/usr/sbin - $(CP) $(PKG_BUILD_DIR)/easy-rsa/2.0/{build-*,clean-all,inherit-inter,list-crl,pkitool,revoke-full,sign-req,whichopensslcnf} $(1)/usr/sbin/ + + $(INSTALL_BIN) $(PKG_BUILD_DIR)/easyrsa $(1)/usr/sbin/ $(INSTALL_DIR) $(1)/etc/easy-rsa - $(INSTALL_DATA) $(PKG_BUILD_DIR)/easy-rsa/2.0/openssl-1.0.0.cnf $(1)/etc/easy-rsa/openssl-1.0.0.cnf - $(INSTALL_DATA) $(PKG_BUILD_DIR)/easy-rsa/2.0/vars $(1)/etc/easy-rsa/vars - $(INSTALL_DIR) $(1)/etc/easy-rsa/keys - $(INSTALL_DATA) files/easy-rsa.index $(1)/etc/easy-rsa/keys/index.txt - $(INSTALL_DATA) files/easy-rsa.serial $(1)/etc/easy-rsa/keys/serial + $(INSTALL_DATA) $(PKG_BUILD_DIR)/openssl-1.0.cnf $(1)/etc/easy-rsa/openssl-1.0.cnf + $(INSTALL_DATA) $(PKG_BUILD_DIR)/vars.example $(1)/etc/easy-rsa/vars + + $(INSTALL_DIR) $(1)/etc/easy-rsa/pki + chmod 700 $(1)/etc/easy-rsa/pki + $(INSTALL_DIR) $(1)/etc/easy-rsa/pki/private + chmod 700 $(1)/etc/easy-rsa/pki/private + $(INSTALL_DIR) $(1)/etc/easy-rsa/pki/reqs + chmod 700 $(1)/etc/easy-rsa/pki/reqs + + $(INSTALL_DIR) $(1)/etc/easy-rsa/x509-types + $(INSTALL_DATA) $(PKG_BUILD_DIR)/x509-types/* $(1)/etc/easy-rsa/x509-types/ + + $(INSTALL_DIR) $(1)/lib/upgrade/keep.d + $(INSTALL_DATA) files/openvpn-easy-rsa.upgrade $(1)/lib/upgrade/keep.d/$(PKG_NAME) endef $(eval $(call BuildPackage,openvpn-easy-rsa)) diff --git a/package/network/services/openvpn-easy-rsa/files/easy-rsa.index b/package/network/services/openvpn-easy-rsa/files/easy-rsa.index deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/package/network/services/openvpn-easy-rsa/files/easy-rsa.serial b/package/network/services/openvpn-easy-rsa/files/easy-rsa.serial deleted file mode 100644 index 8a0f05e166..0000000000 --- a/package/network/services/openvpn-easy-rsa/files/easy-rsa.serial +++ /dev/null @@ -1 +0,0 @@ -01 diff --git a/package/network/services/openvpn-easy-rsa/files/openvpn-easy-rsa.upgrade b/package/network/services/openvpn-easy-rsa/files/openvpn-easy-rsa.upgrade new file mode 100644 index 0000000000..8110b81a46 --- /dev/null +++ b/package/network/services/openvpn-easy-rsa/files/openvpn-easy-rsa.upgrade @@ -0,0 +1 @@ +/etc/easy-rsa/pki/ diff --git a/package/network/services/openvpn-easy-rsa/patches/100-run-ootb.patch b/package/network/services/openvpn-easy-rsa/patches/100-run-ootb.patch deleted file mode 100644 index 4c1b889e39..0000000000 --- a/package/network/services/openvpn-easy-rsa/patches/100-run-ootb.patch +++ /dev/null @@ -1,152 +0,0 @@ ---- a/easy-rsa/2.0/build-ca -+++ b/easy-rsa/2.0/build-ca -@@ -5,4 +5,4 @@ - # - - export EASY_RSA="${EASY_RSA:-.}" --"$EASY_RSA/pkitool" --interact --initca $* -+"/usr/sbin/pkitool" --interact --initca $* ---- a/easy-rsa/2.0/build-dh -+++ b/easy-rsa/2.0/build-dh -@@ -1,5 +1,7 @@ - #!/bin/sh - -+. /etc/easy-rsa/vars -+ - # Build Diffie-Hellman parameters for the server side - # of an SSL/TLS connection. - ---- a/easy-rsa/2.0/build-inter -+++ b/easy-rsa/2.0/build-inter -@@ -4,4 +4,4 @@ - # root certificate. - - export EASY_RSA="${EASY_RSA:-.}" --"$EASY_RSA/pkitool" --interact --inter $* -+"/usr/sbin/pkitool" --interact --inter $* ---- a/easy-rsa/2.0/build-key -+++ b/easy-rsa/2.0/build-key -@@ -4,4 +4,4 @@ - # root certificate. - - export EASY_RSA="${EASY_RSA:-.}" --"$EASY_RSA/pkitool" --interact $* -+"/usr/sbin/pkitool" --interact $* ---- a/easy-rsa/2.0/build-key-pass -+++ b/easy-rsa/2.0/build-key-pass -@@ -4,4 +4,4 @@ - # with a password. - - export EASY_RSA="${EASY_RSA:-.}" --"$EASY_RSA/pkitool" --interact --pass $* -+"/usr/sbin/pkitool" --interact --pass $* ---- a/easy-rsa/2.0/build-key-pkcs12 -+++ b/easy-rsa/2.0/build-key-pkcs12 -@@ -5,4 +5,4 @@ - # the CA certificate as well. - - export EASY_RSA="${EASY_RSA:-.}" --"$EASY_RSA/pkitool" --interact --pkcs12 $* -+"/usr/sbin/pkitool" --interact --pkcs12 $* ---- a/easy-rsa/2.0/build-key-server -+++ b/easy-rsa/2.0/build-key-server -@@ -7,4 +7,4 @@ - # extension in the openssl.cnf file. - - export EASY_RSA="${EASY_RSA:-.}" --"$EASY_RSA/pkitool" --interact --server $* -+"/usr/sbin/pkitool" --interact --server $* ---- a/easy-rsa/2.0/build-req -+++ b/easy-rsa/2.0/build-req -@@ -4,4 +4,4 @@ - # when your root certificate and key is not available locally. - - export EASY_RSA="${EASY_RSA:-.}" --"$EASY_RSA/pkitool" --interact --csr $* -+"/usr/sbin/pkitool" --interact --csr $* ---- a/easy-rsa/2.0/build-req-pass -+++ b/easy-rsa/2.0/build-req-pass -@@ -4,4 +4,4 @@ - # with a password. - - export EASY_RSA="${EASY_RSA:-.}" --"$EASY_RSA/pkitool" --interact --csr --pass $* -+"/usr/sbin/pkitool" --interact --csr --pass $* ---- a/easy-rsa/2.0/clean-all -+++ b/easy-rsa/2.0/clean-all -@@ -1,5 +1,7 @@ - #!/bin/sh - -+. /etc/easy-rsa/vars -+ - # Initialize the $KEY_DIR directory. - # Note that this script does a - # rm -rf on $KEY_DIR so be careful! ---- a/easy-rsa/2.0/inherit-inter -+++ b/easy-rsa/2.0/inherit-inter -@@ -1,5 +1,7 @@ - #!/bin/sh - -+. /etc/easy-rsa/vars -+ - # Build a new PKI which is rooted on an intermediate certificate generated - # by ./build-inter or ./pkitool --inter from a parent PKI. The new PKI should - # have independent vars settings, and must use a different KEY_DIR directory ---- a/easy-rsa/2.0/list-crl -+++ b/easy-rsa/2.0/list-crl -@@ -1,5 +1,7 @@ - #!/bin/sh - -+. /etc/easy-rsa/vars -+ - # list revoked certificates - - CRL="${1:-crl.pem}" ---- a/easy-rsa/2.0/pkitool -+++ b/easy-rsa/2.0/pkitool -@@ -1,5 +1,7 @@ - #!/bin/sh - -+. /etc/easy-rsa/vars -+ - # OpenVPN -- An application to securely tunnel IP networks - # over a single TCP/UDP port, with support for SSL/TLS-based - # session authentication and key exchange, ---- a/easy-rsa/2.0/revoke-full -+++ b/easy-rsa/2.0/revoke-full -@@ -1,5 +1,7 @@ - #!/bin/sh - -+. /etc/easy-rsa/vars -+ - # revoke a certificate, regenerate CRL, - # and verify revocation - ---- a/easy-rsa/2.0/sign-req -+++ b/easy-rsa/2.0/sign-req -@@ -4,4 +4,4 @@ - # with a local root certificate and key. - - export EASY_RSA="${EASY_RSA:-.}" --"$EASY_RSA/pkitool" --interact --sign $* -+"/usr/sbin/pkitool" --interact --sign $* ---- a/easy-rsa/2.0/vars -+++ b/easy-rsa/2.0/vars -@@ -12,7 +12,7 @@ - # This variable should point to - # the top level of the easy-rsa - # tree. --export EASY_RSA="`pwd`" -+export EASY_RSA="/etc/easy-rsa" - - # - # This variable should point to -@@ -26,7 +26,7 @@ - # This variable should point to - # the openssl.cnf file included - # with easy-rsa. --export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA` -+export KEY_CONFIG=`/usr/sbin/whichopensslcnf $EASY_RSA` - - # Edit this variable to point to - # your soon-to-be-created key