easyrsa: 3.0.8 -> 3.1.1
This commit is contained in:
parent
86a14dbfe8
commit
aebbd7a483
@ -1,33 +1,37 @@
|
||||
{ lib, stdenv, fetchFromGitHub, openssl, runtimeShell }:
|
||||
{ lib, stdenv, fetchFromGitHub, openssl, makeWrapper, runtimeShell }:
|
||||
|
||||
let
|
||||
version = "3.0.8";
|
||||
in stdenv.mkDerivation {
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "easyrsa";
|
||||
inherit version;
|
||||
version = "3.1.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "OpenVPN";
|
||||
repo = "easy-rsa";
|
||||
rev = "v${version}";
|
||||
sha256 = "05q60s343ydh9j6hzj0840qdcq8fkyz06q68yw4pqgqg4w68rbgs";
|
||||
sha256 = "sha256-errF7bNhX3oYEMDwB/B1W5hBWhOD+GCgET3lA121PHc=";
|
||||
};
|
||||
|
||||
patches = [ ./fix-paths.patch ];
|
||||
nativeBuildInputs = [ makeWrapper ];
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out/share/easyrsa
|
||||
cp -r easyrsa3/{*.cnf,x509-types,vars.example} $out/share/easyrsa
|
||||
cp easyrsa3/openssl-easyrsa.cnf $out/share/easyrsa/safessl-easyrsa.cnf
|
||||
mkdir -p $out/share/easy-rsa
|
||||
cp -r easyrsa3/{*.cnf,x509-types,vars.example} $out/share/easy-rsa
|
||||
install -D -m755 easyrsa3/easyrsa $out/bin/easyrsa
|
||||
|
||||
substituteInPlace $out/bin/easyrsa \
|
||||
--subst-var out \
|
||||
--subst-var-by openssl ${openssl.bin}/bin/openssl
|
||||
--replace /usr/ $out/ \
|
||||
--replace '~VER~' '${version}' \
|
||||
--replace '~GITHEAD~' 'v${version}' \
|
||||
--replace '~DATE~' '1970-01-01'
|
||||
|
||||
# Wrap it with the correct OpenSSL binary.
|
||||
wrapProgram $out/bin/easyrsa \
|
||||
--set EASYRSA_OPENSSL ${openssl.bin}/bin/openssl
|
||||
|
||||
# Helper utility
|
||||
cat > $out/bin/easyrsa-init <<EOF
|
||||
#!${runtimeShell} -e
|
||||
cp -r $out/share/easyrsa/* .
|
||||
cp -r $out/share/easy-rsa/* .
|
||||
EOF
|
||||
chmod +x $out/bin/easyrsa-init
|
||||
'';
|
||||
|
@ -1,49 +0,0 @@
|
||||
diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
|
||||
index 261336f..7b9a79b 100755
|
||||
--- a/easyrsa3/easyrsa
|
||||
+++ b/easyrsa3/easyrsa
|
||||
@@ -1661,7 +1661,7 @@ Note: using Easy-RSA configuration from: $vars"
|
||||
|
||||
# Set defaults, preferring existing env-vars if present
|
||||
set_var EASYRSA "$prog_dir"
|
||||
- set_var EASYRSA_OPENSSL openssl
|
||||
+ set_var EASYRSA_OPENSSL "@openssl@"
|
||||
set_var EASYRSA_PKI "$PWD/pki"
|
||||
set_var EASYRSA_DN cn_only
|
||||
set_var EASYRSA_REQ_COUNTRY "US"
|
||||
@@ -1683,16 +1683,31 @@ Note: using Easy-RSA configuration from: $vars"
|
||||
set_var EASYRSA_TEMP_DIR "$EASYRSA_PKI"
|
||||
set_var EASYRSA_REQ_CN ChangeMe
|
||||
set_var EASYRSA_DIGEST sha256
|
||||
- set_var EASYRSA_SSL_CONF "$EASYRSA_PKI/openssl-easyrsa.cnf"
|
||||
- set_var EASYRSA_SAFE_CONF "$EASYRSA_PKI/safessl-easyrsa.cnf"
|
||||
set_var EASYRSA_KDC_REALM "CHANGEME.EXAMPLE.COM"
|
||||
|
||||
+ if [ -f "$EASYRSA_PKI/safessl-easyrsa.conf" ]; then
|
||||
+ set_var EASYRSA_SAFE_CONF "$EASYRSA_PKI/safessl-easyrsa.cnf"
|
||||
+ elif [ -f "$EASYRSA/safessl-easyrsa.conf" ]; then
|
||||
+ set_var EASYRSA_SAFE_CONF "$EASYRSA/safessl-easyrsa.cnf"
|
||||
+ elif [ -f "@out@/share/easyrsa/safessl-easyrsa.cnf" ]; then
|
||||
+ set_var EASYRSA_SAFE_CONF "@out@/share/easyrsa/safessl-easyrsa.cnf"
|
||||
+ fi
|
||||
+
|
||||
+ if [ -f "$EASYRSA_PKI/openssl-easyrsa.conf" ]; then
|
||||
+ set_var EASYRSA_SSL_CONF "$EASYRSA_PKI/openssl-easyrsa.cnf"
|
||||
+ elif [ -f "$EASYRSA/openssl-easyrsa.conf" ]; then
|
||||
+ set_var EASYRSA_SSL_CONF "$EASYRSA/openssl-easyrsa.cnf"
|
||||
+ elif [ -f "@out@/share/easyrsa/openssl-easyrsa.cnf" ]; then
|
||||
+ set_var EASYRSA_SSL_CONF "@out@/share/easyrsa/openssl-easyrsa.cnf"
|
||||
+ fi
|
||||
+
|
||||
# Same as above for the x509-types extensions dir
|
||||
if [ -d "$EASYRSA_PKI/x509-types" ]; then
|
||||
set_var EASYRSA_EXT_DIR "$EASYRSA_PKI/x509-types"
|
||||
- else
|
||||
- #TODO: This should be removed. Not really suitable for packaging.
|
||||
+ elif [ -d "$EASYRSA/x509-types" ]; then
|
||||
set_var EASYRSA_EXT_DIR "$EASYRSA/x509-types"
|
||||
+ else
|
||||
+ set_var EASYRSA_EXT_DIR "@out@/share/easyrsa/x509-types"
|
||||
fi
|
||||
|
||||
# EASYRSA_ALGO_PARAMS must be set depending on selected algo
|
Loading…
Reference in New Issue
Block a user