easyrsa: 3.0.8 -> 3.1.1

This commit is contained in:
Morgan Jones 2022-12-26 19:44:34 -08:00
parent 86a14dbfe8
commit aebbd7a483
2 changed files with 17 additions and 62 deletions

View File

@ -1,33 +1,37 @@
{ lib, stdenv, fetchFromGitHub, openssl, runtimeShell }:
{ lib, stdenv, fetchFromGitHub, openssl, makeWrapper, runtimeShell }:
let
version = "3.0.8";
in stdenv.mkDerivation {
stdenv.mkDerivation rec {
pname = "easyrsa";
inherit version;
version = "3.1.1";
src = fetchFromGitHub {
owner = "OpenVPN";
repo = "easy-rsa";
rev = "v${version}";
sha256 = "05q60s343ydh9j6hzj0840qdcq8fkyz06q68yw4pqgqg4w68rbgs";
sha256 = "sha256-errF7bNhX3oYEMDwB/B1W5hBWhOD+GCgET3lA121PHc=";
};
patches = [ ./fix-paths.patch ];
nativeBuildInputs = [ makeWrapper ];
installPhase = ''
mkdir -p $out/share/easyrsa
cp -r easyrsa3/{*.cnf,x509-types,vars.example} $out/share/easyrsa
cp easyrsa3/openssl-easyrsa.cnf $out/share/easyrsa/safessl-easyrsa.cnf
mkdir -p $out/share/easy-rsa
cp -r easyrsa3/{*.cnf,x509-types,vars.example} $out/share/easy-rsa
install -D -m755 easyrsa3/easyrsa $out/bin/easyrsa
substituteInPlace $out/bin/easyrsa \
--subst-var out \
--subst-var-by openssl ${openssl.bin}/bin/openssl
--replace /usr/ $out/ \
--replace '~VER~' '${version}' \
--replace '~GITHEAD~' 'v${version}' \
--replace '~DATE~' '1970-01-01'
# Wrap it with the correct OpenSSL binary.
wrapProgram $out/bin/easyrsa \
--set EASYRSA_OPENSSL ${openssl.bin}/bin/openssl
# Helper utility
cat > $out/bin/easyrsa-init <<EOF
#!${runtimeShell} -e
cp -r $out/share/easyrsa/* .
cp -r $out/share/easy-rsa/* .
EOF
chmod +x $out/bin/easyrsa-init
'';

View File

@ -1,49 +0,0 @@
diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index 261336f..7b9a79b 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -1661,7 +1661,7 @@ Note: using Easy-RSA configuration from: $vars"
# Set defaults, preferring existing env-vars if present
set_var EASYRSA "$prog_dir"
- set_var EASYRSA_OPENSSL openssl
+ set_var EASYRSA_OPENSSL "@openssl@"
set_var EASYRSA_PKI "$PWD/pki"
set_var EASYRSA_DN cn_only
set_var EASYRSA_REQ_COUNTRY "US"
@@ -1683,16 +1683,31 @@ Note: using Easy-RSA configuration from: $vars"
set_var EASYRSA_TEMP_DIR "$EASYRSA_PKI"
set_var EASYRSA_REQ_CN ChangeMe
set_var EASYRSA_DIGEST sha256
- set_var EASYRSA_SSL_CONF "$EASYRSA_PKI/openssl-easyrsa.cnf"
- set_var EASYRSA_SAFE_CONF "$EASYRSA_PKI/safessl-easyrsa.cnf"
set_var EASYRSA_KDC_REALM "CHANGEME.EXAMPLE.COM"
+ if [ -f "$EASYRSA_PKI/safessl-easyrsa.conf" ]; then
+ set_var EASYRSA_SAFE_CONF "$EASYRSA_PKI/safessl-easyrsa.cnf"
+ elif [ -f "$EASYRSA/safessl-easyrsa.conf" ]; then
+ set_var EASYRSA_SAFE_CONF "$EASYRSA/safessl-easyrsa.cnf"
+ elif [ -f "@out@/share/easyrsa/safessl-easyrsa.cnf" ]; then
+ set_var EASYRSA_SAFE_CONF "@out@/share/easyrsa/safessl-easyrsa.cnf"
+ fi
+
+ if [ -f "$EASYRSA_PKI/openssl-easyrsa.conf" ]; then
+ set_var EASYRSA_SSL_CONF "$EASYRSA_PKI/openssl-easyrsa.cnf"
+ elif [ -f "$EASYRSA/openssl-easyrsa.conf" ]; then
+ set_var EASYRSA_SSL_CONF "$EASYRSA/openssl-easyrsa.cnf"
+ elif [ -f "@out@/share/easyrsa/openssl-easyrsa.cnf" ]; then
+ set_var EASYRSA_SSL_CONF "@out@/share/easyrsa/openssl-easyrsa.cnf"
+ fi
+
# Same as above for the x509-types extensions dir
if [ -d "$EASYRSA_PKI/x509-types" ]; then
set_var EASYRSA_EXT_DIR "$EASYRSA_PKI/x509-types"
- else
- #TODO: This should be removed. Not really suitable for packaging.
+ elif [ -d "$EASYRSA/x509-types" ]; then
set_var EASYRSA_EXT_DIR "$EASYRSA/x509-types"
+ else
+ set_var EASYRSA_EXT_DIR "@out@/share/easyrsa/x509-types"
fi
# EASYRSA_ALGO_PARAMS must be set depending on selected algo