Backport openvpn freatures from kamikaze to whiterussian Add easy-rsa package to openvpn, closes #541 Fix kmod-ipip module (wrong kernel extension)

SVN-Revision: 3800
This commit is contained in:
Florian Fainelli 2006-05-19 13:14:02 +00:00
parent 2cfc87015f
commit 9f68ceb9ce
5 changed files with 183 additions and 1 deletions

View file

@ -12,6 +12,17 @@ config BR2_PACKAGE_OPENVPN
Depends: kmod-tun, libpthread Depends: kmod-tun, libpthread
config BR2_PACKAGE_OPENVPN_EASY_RSA
prompt "openvpn-easy-rsa................ simple shell scripts to manage a Certificate Authority"
tristate
default m if CONFIG_DEVEL
select BR2_PACKAGE_OPENSSL_UTIL
depends on BR2_PACKAGE_OPENVPN
help
collection of shell scripts to manage a simple CA infrastructure
Depends: openpvn, openssl-util
config BR2_COMPILE_OPENVPN_WITH_SERVER config BR2_COMPILE_OPENVPN_WITH_SERVER
prompt "Enable server support" prompt "Enable server support"
bool bool

View file

@ -17,6 +17,7 @@ PKG_INSTALL_DIR:=$(PKG_BUILD_DIR)/ipkg-install
include $(TOPDIR)/package/rules.mk include $(TOPDIR)/package/rules.mk
$(eval $(call PKG_template,OPENVPN,openvpn,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH))) $(eval $(call PKG_template,OPENVPN,openvpn,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
$(eval $(call PKG_template,OPENVPN_EASY_RSA,openvpn-easy-rsa,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
PKG_DEPEND:="kmod-tun" PKG_DEPEND:="kmod-tun"
@ -102,3 +103,9 @@ $(IPKG_OPENVPN):
echo "Depends: $(PKG_DEPEND)" >> $(IDIR_OPENVPN)/CONTROL/control echo "Depends: $(PKG_DEPEND)" >> $(IDIR_OPENVPN)/CONTROL/control
$(IPKG_BUILD) $(IDIR_OPENVPN) $(PACKAGE_DIR) $(IPKG_BUILD) $(IDIR_OPENVPN) $(PACKAGE_DIR)
$(IPKG_OPENVPN_EASY_RSA):
install -d -m0755 $(IDIR_OPENVPN_EASY_RSA)/usr/sbin $(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa
$(CP) $(PKG_BUILD_DIR)/easy-rsa/2.0/{build-*,clean-all,inherit-inter,list-crl,pkitool,revoke-full,sign-req} $(IDIR_OPENVPN_EASY_RSA)/usr/sbin
install -m 0644 $(PKG_BUILD_DIR)/easy-rsa/2.0/openssl.cnf $(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/openssl.cnf
install -m 0644 $(PKG_BUILD_DIR)/easy-rsa/2.0/vars $(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/vars
$(IPKG_BUILD) $(IDIR_OPENVPN_EASY_RSA) $(PACKAGE_DIR)

View file

@ -0,0 +1,5 @@
Package: openvpn-easy-rsa
Priority: optional
Section: net
Description: collection of shell scripts to manage a simple CA infrastructure
Depends: openssl-util

View file

@ -0,0 +1,159 @@
diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/build-ca openvpn-2.0.7/easy-rsa/2.0/build-ca
--- openvpn-2.0.7.orig/easy-rsa/2.0/build-ca 2005-11-02 19:42:38.000000000 +0100
+++ openvpn-2.0.7/easy-rsa/2.0/build-ca 2006-05-09 17:47:40.000000000 +0200
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
#
# Build a root certificate
diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/build-dh openvpn-2.0.7/easy-rsa/2.0/build-dh
--- openvpn-2.0.7.orig/easy-rsa/2.0/build-dh 2005-11-02 19:42:39.000000000 +0100
+++ openvpn-2.0.7/easy-rsa/2.0/build-dh 2006-05-09 17:47:40.000000000 +0200
@@ -1,4 +1,6 @@
-#!/bin/bash
+#!/bin/sh
+
+. /etc/easy-rsa/vars
# Build Diffie-Hellman parameters for the server side
# of an SSL/TLS connection.
diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/build-inter openvpn-2.0.7/easy-rsa/2.0/build-inter
--- openvpn-2.0.7.orig/easy-rsa/2.0/build-inter 2005-11-02 19:42:39.000000000 +0100
+++ openvpn-2.0.7/easy-rsa/2.0/build-inter 2006-05-09 17:47:40.000000000 +0200
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
# Make an intermediate CA certificate/private key pair using a locally generated
# root certificate.
diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/build-key openvpn-2.0.7/easy-rsa/2.0/build-key
--- openvpn-2.0.7.orig/easy-rsa/2.0/build-key 2005-11-02 19:42:39.000000000 +0100
+++ openvpn-2.0.7/easy-rsa/2.0/build-key 2006-05-09 17:47:40.000000000 +0200
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
# Make a certificate/private key pair using a locally generated
# root certificate.
diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/build-key-pass openvpn-2.0.7/easy-rsa/2.0/build-key-pass
--- openvpn-2.0.7.orig/easy-rsa/2.0/build-key-pass 2005-11-02 19:42:39.000000000 +0100
+++ openvpn-2.0.7/easy-rsa/2.0/build-key-pass 2006-05-09 17:47:40.000000000 +0200
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
# Similar to build-key, but protect the private key
# with a password.
diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/build-key-pkcs12 openvpn-2.0.7/easy-rsa/2.0/build-key-pkcs12
--- openvpn-2.0.7.orig/easy-rsa/2.0/build-key-pkcs12 2005-11-02 19:42:39.000000000 +0100
+++ openvpn-2.0.7/easy-rsa/2.0/build-key-pkcs12 2006-05-09 17:47:40.000000000 +0200
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
# Make a certificate/private key pair using a locally generated
# root certificate and convert it to a PKCS #12 file including the
diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/build-key-server openvpn-2.0.7/easy-rsa/2.0/build-key-server
--- openvpn-2.0.7.orig/easy-rsa/2.0/build-key-server 2005-11-02 19:42:39.000000000 +0100
+++ openvpn-2.0.7/easy-rsa/2.0/build-key-server 2006-05-09 17:47:40.000000000 +0200
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
# Make a certificate/private key pair using a locally generated
# root certificate.
diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/build-req openvpn-2.0.7/easy-rsa/2.0/build-req
--- openvpn-2.0.7.orig/easy-rsa/2.0/build-req 2005-11-02 19:42:38.000000000 +0100
+++ openvpn-2.0.7/easy-rsa/2.0/build-req 2006-05-09 17:47:40.000000000 +0200
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
# Build a certificate signing request and private key. Use this
# when your root certificate and key is not available locally.
diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/build-req-pass openvpn-2.0.7/easy-rsa/2.0/build-req-pass
--- openvpn-2.0.7.orig/easy-rsa/2.0/build-req-pass 2005-11-02 19:42:39.000000000 +0100
+++ openvpn-2.0.7/easy-rsa/2.0/build-req-pass 2006-05-09 17:47:40.000000000 +0200
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
# Like build-req, but protect your private key
# with a password.
diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/clean-all openvpn-2.0.7/easy-rsa/2.0/clean-all
--- openvpn-2.0.7.orig/easy-rsa/2.0/clean-all 2005-11-02 19:42:39.000000000 +0100
+++ openvpn-2.0.7/easy-rsa/2.0/clean-all 2006-05-09 17:47:40.000000000 +0200
@@ -1,4 +1,6 @@
-#!/bin/bash
+#!/bin/sh
+
+. /etc/easy-rsa/vars
# Initialize the $KEY_DIR directory.
# Note that this script does a
diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/inherit-inter openvpn-2.0.7/easy-rsa/2.0/inherit-inter
--- openvpn-2.0.7.orig/easy-rsa/2.0/inherit-inter 2005-11-02 19:42:38.000000000 +0100
+++ openvpn-2.0.7/easy-rsa/2.0/inherit-inter 2006-05-09 17:47:40.000000000 +0200
@@ -1,4 +1,6 @@
-#!/bin/bash
+#!/bin/sh
+
+. /etc/easy-rsa/vars
# Build a new PKI which is rooted on an intermediate certificate generated
# by ./build-inter or ./pkitool --inter from a parent PKI. The new PKI should
diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/list-crl openvpn-2.0.7/easy-rsa/2.0/list-crl
--- openvpn-2.0.7.orig/easy-rsa/2.0/list-crl 2005-11-02 19:42:39.000000000 +0100
+++ openvpn-2.0.7/easy-rsa/2.0/list-crl 2006-05-09 17:47:40.000000000 +0200
@@ -1,4 +1,6 @@
-#!/bin/bash
+#!/bin/sh
+
+. /etc/easy-rsa/vars
# list revoked certificates
diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/pkitool openvpn-2.0.7/easy-rsa/2.0/pkitool
--- openvpn-2.0.7.orig/easy-rsa/2.0/pkitool 2005-11-02 19:42:38.000000000 +0100
+++ openvpn-2.0.7/easy-rsa/2.0/pkitool 2006-05-09 17:47:40.000000000 +0200
@@ -1,5 +1,7 @@
#!/bin/sh
+. /etc/easy-rsa/vars
+
# OpenVPN -- An application to securely tunnel IP networks
# over a single TCP/UDP port, with support for SSL/TLS-based
# session authentication and key exchange,
diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/revoke-full openvpn-2.0.7/easy-rsa/2.0/revoke-full
--- openvpn-2.0.7.orig/easy-rsa/2.0/revoke-full 2005-11-02 19:42:39.000000000 +0100
+++ openvpn-2.0.7/easy-rsa/2.0/revoke-full 2006-05-09 17:47:40.000000000 +0200
@@ -1,4 +1,6 @@
-#!/bin/bash
+#!/bin/sh
+
+. /etc/easy-rsa/vars
# revoke a certificate, regenerate CRL,
# and verify revocation
diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/sign-req openvpn-2.0.7/easy-rsa/2.0/sign-req
--- openvpn-2.0.7.orig/easy-rsa/2.0/sign-req 2005-11-02 19:42:39.000000000 +0100
+++ openvpn-2.0.7/easy-rsa/2.0/sign-req 2006-05-09 17:47:40.000000000 +0200
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
# Sign a certificate signing request (a .csr file)
# with a local root certificate and key.
diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/vars openvpn-2.0.7/easy-rsa/2.0/vars
--- openvpn-2.0.7.orig/easy-rsa/2.0/vars 2005-11-02 19:42:39.000000000 +0100
+++ openvpn-2.0.7/easy-rsa/2.0/vars 2006-05-09 17:47:40.000000000 +0200
@@ -12,7 +12,7 @@
# This variable should point to
# the top level of the easy-rsa
# tree.
-export EASY_RSA="`pwd`"
+export EASY_RSA="/etc/easy-rsa"
# This variable should point to
# the openssl.cnf file included

View file

@ -19,7 +19,7 @@ $(eval $(call KMOD_template,IMQ,imq,\
)) ))
$(eval $(call KMOD_template,IPIP,ipip,\ $(eval $(call KMOD_template,IPIP,ipip,\
$(MODULES_DIR)/kernel/net/ipv4/ipip.o \ $(MODULES_DIR)/kernel/net/ipv4/ipip.ko \
,CONFIG_NET_IPIP,,60,ipip)) ,CONFIG_NET_IPIP,,60,ipip))
$(eval $(call KMOD_template,IPV6,ipv6,\ $(eval $(call KMOD_template,IPV6,ipv6,\