openvpn-easy-rsa: update to 3.0.1
easy-rsa v3 is now a single script. It expects a 'vars' configuration file which path can be set using easy-rsa options, environment variables or just looking in the current directory. The default usage would be: # cd /etc/easy-rsa # easy-rsa COMMAND [command-options] Following upstream changes, /etc/easy-rsa/pki replaces /etc/easy-rsa/keys directory. The default /etc/easy-rsa/pki dir is marked to be kept during upgrade (WARN: priv keys are saved in the system backup) /etc/easy-rsa/openssl.1.0.cnf is now marked as config file while index and serial got removed. Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
This commit is contained in:
parent
09c2f4a176
commit
b4f463d969
5 changed files with 26 additions and 169 deletions
|
@ -9,19 +9,18 @@ include $(TOPDIR)/rules.mk
|
||||||
|
|
||||||
PKG_NAME:=openvpn-easy-rsa
|
PKG_NAME:=openvpn-easy-rsa
|
||||||
|
|
||||||
PKG_RELEASE=2
|
PKG_VERSION:=3.0.1
|
||||||
|
PKG_RELEASE:=1
|
||||||
PKG_SOURCE_PROTO:=git
|
PKG_SOURCE_URL:=https://github.com/OpenVPN/easy-rsa/releases/download/$(PKG_VERSION)/
|
||||||
PKG_SOURCE_URL:=https://github.com/OpenVPN/easy-rsa.git
|
PKG_SOURCE:=EasyRSA-$(PKG_VERSION).tgz
|
||||||
PKG_SOURCE_DATE:=2013-01-30
|
PKG_HASH:=dbdaf5b9444b99e0c5221fd4bcf15384c62380c1b63cea23d42239414d7b2d4e
|
||||||
PKG_SOURCE_VERSION:=ff5bfd1dd8e548cb24d302742af3894f893ef92f
|
|
||||||
PKG_MIRROR_HASH:=c87704b3906a0c14f51c6677151a9389f698523c7ec07f7c75489ca31786f128
|
|
||||||
PKG_LICENSE:=GPL-2.0
|
PKG_LICENSE:=GPL-2.0
|
||||||
|
PKG_BUILD_DIR:=$(BUILD_DIR)/EasyRSA-$(PKG_VERSION)
|
||||||
|
|
||||||
include $(INCLUDE_DIR)/package.mk
|
include $(INCLUDE_DIR)/package.mk
|
||||||
|
|
||||||
define Package/openvpn-easy-rsa
|
define Package/openvpn-easy-rsa
|
||||||
TITLE:=Simple shell scripts to manage a Certificate Authority
|
TITLE:=CLI utility to build and manage a PKI CA.
|
||||||
SECTION:=net
|
SECTION:=net
|
||||||
CATEGORY:=Network
|
CATEGORY:=Network
|
||||||
URL:=http://openvpn.net
|
URL:=http://openvpn.net
|
||||||
|
@ -30,9 +29,8 @@ define Package/openvpn-easy-rsa
|
||||||
endef
|
endef
|
||||||
|
|
||||||
define Package/openvpn-easy-rsa/conffiles
|
define Package/openvpn-easy-rsa/conffiles
|
||||||
/etc/easy-rsa/keys/serial
|
|
||||||
/etc/easy-rsa/keys/index.txt
|
|
||||||
/etc/easy-rsa/vars
|
/etc/easy-rsa/vars
|
||||||
|
/etc/easy-rsa/openssl-1.0.cnf
|
||||||
endef
|
endef
|
||||||
|
|
||||||
define Build/Configure
|
define Build/Configure
|
||||||
|
@ -45,13 +43,24 @@ endef
|
||||||
|
|
||||||
define Package/openvpn-easy-rsa/install
|
define Package/openvpn-easy-rsa/install
|
||||||
$(INSTALL_DIR) $(1)/usr/sbin
|
$(INSTALL_DIR) $(1)/usr/sbin
|
||||||
$(CP) $(PKG_BUILD_DIR)/easy-rsa/2.0/{build-*,clean-all,inherit-inter,list-crl,pkitool,revoke-full,sign-req,whichopensslcnf} $(1)/usr/sbin/
|
|
||||||
|
$(INSTALL_BIN) $(PKG_BUILD_DIR)/easyrsa $(1)/usr/sbin/
|
||||||
$(INSTALL_DIR) $(1)/etc/easy-rsa
|
$(INSTALL_DIR) $(1)/etc/easy-rsa
|
||||||
$(INSTALL_DATA) $(PKG_BUILD_DIR)/easy-rsa/2.0/openssl-1.0.0.cnf $(1)/etc/easy-rsa/openssl-1.0.0.cnf
|
$(INSTALL_DATA) $(PKG_BUILD_DIR)/openssl-1.0.cnf $(1)/etc/easy-rsa/openssl-1.0.cnf
|
||||||
$(INSTALL_DATA) $(PKG_BUILD_DIR)/easy-rsa/2.0/vars $(1)/etc/easy-rsa/vars
|
$(INSTALL_DATA) $(PKG_BUILD_DIR)/vars.example $(1)/etc/easy-rsa/vars
|
||||||
$(INSTALL_DIR) $(1)/etc/easy-rsa/keys
|
|
||||||
$(INSTALL_DATA) files/easy-rsa.index $(1)/etc/easy-rsa/keys/index.txt
|
$(INSTALL_DIR) $(1)/etc/easy-rsa/pki
|
||||||
$(INSTALL_DATA) files/easy-rsa.serial $(1)/etc/easy-rsa/keys/serial
|
chmod 700 $(1)/etc/easy-rsa/pki
|
||||||
|
$(INSTALL_DIR) $(1)/etc/easy-rsa/pki/private
|
||||||
|
chmod 700 $(1)/etc/easy-rsa/pki/private
|
||||||
|
$(INSTALL_DIR) $(1)/etc/easy-rsa/pki/reqs
|
||||||
|
chmod 700 $(1)/etc/easy-rsa/pki/reqs
|
||||||
|
|
||||||
|
$(INSTALL_DIR) $(1)/etc/easy-rsa/x509-types
|
||||||
|
$(INSTALL_DATA) $(PKG_BUILD_DIR)/x509-types/* $(1)/etc/easy-rsa/x509-types/
|
||||||
|
|
||||||
|
$(INSTALL_DIR) $(1)/lib/upgrade/keep.d
|
||||||
|
$(INSTALL_DATA) files/openvpn-easy-rsa.upgrade $(1)/lib/upgrade/keep.d/$(PKG_NAME)
|
||||||
endef
|
endef
|
||||||
|
|
||||||
$(eval $(call BuildPackage,openvpn-easy-rsa))
|
$(eval $(call BuildPackage,openvpn-easy-rsa))
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
01
|
|
|
@ -0,0 +1 @@
|
||||||
|
/etc/easy-rsa/pki/
|
|
@ -1,152 +0,0 @@
|
||||||
--- a/easy-rsa/2.0/build-ca
|
|
||||||
+++ b/easy-rsa/2.0/build-ca
|
|
||||||
@@ -5,4 +5,4 @@
|
|
||||||
#
|
|
||||||
|
|
||||||
export EASY_RSA="${EASY_RSA:-.}"
|
|
||||||
-"$EASY_RSA/pkitool" --interact --initca $*
|
|
||||||
+"/usr/sbin/pkitool" --interact --initca $*
|
|
||||||
--- a/easy-rsa/2.0/build-dh
|
|
||||||
+++ b/easy-rsa/2.0/build-dh
|
|
||||||
@@ -1,5 +1,7 @@
|
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
+. /etc/easy-rsa/vars
|
|
||||||
+
|
|
||||||
# Build Diffie-Hellman parameters for the server side
|
|
||||||
# of an SSL/TLS connection.
|
|
||||||
|
|
||||||
--- a/easy-rsa/2.0/build-inter
|
|
||||||
+++ b/easy-rsa/2.0/build-inter
|
|
||||||
@@ -4,4 +4,4 @@
|
|
||||||
# root certificate.
|
|
||||||
|
|
||||||
export EASY_RSA="${EASY_RSA:-.}"
|
|
||||||
-"$EASY_RSA/pkitool" --interact --inter $*
|
|
||||||
+"/usr/sbin/pkitool" --interact --inter $*
|
|
||||||
--- a/easy-rsa/2.0/build-key
|
|
||||||
+++ b/easy-rsa/2.0/build-key
|
|
||||||
@@ -4,4 +4,4 @@
|
|
||||||
# root certificate.
|
|
||||||
|
|
||||||
export EASY_RSA="${EASY_RSA:-.}"
|
|
||||||
-"$EASY_RSA/pkitool" --interact $*
|
|
||||||
+"/usr/sbin/pkitool" --interact $*
|
|
||||||
--- a/easy-rsa/2.0/build-key-pass
|
|
||||||
+++ b/easy-rsa/2.0/build-key-pass
|
|
||||||
@@ -4,4 +4,4 @@
|
|
||||||
# with a password.
|
|
||||||
|
|
||||||
export EASY_RSA="${EASY_RSA:-.}"
|
|
||||||
-"$EASY_RSA/pkitool" --interact --pass $*
|
|
||||||
+"/usr/sbin/pkitool" --interact --pass $*
|
|
||||||
--- a/easy-rsa/2.0/build-key-pkcs12
|
|
||||||
+++ b/easy-rsa/2.0/build-key-pkcs12
|
|
||||||
@@ -5,4 +5,4 @@
|
|
||||||
# the CA certificate as well.
|
|
||||||
|
|
||||||
export EASY_RSA="${EASY_RSA:-.}"
|
|
||||||
-"$EASY_RSA/pkitool" --interact --pkcs12 $*
|
|
||||||
+"/usr/sbin/pkitool" --interact --pkcs12 $*
|
|
||||||
--- a/easy-rsa/2.0/build-key-server
|
|
||||||
+++ b/easy-rsa/2.0/build-key-server
|
|
||||||
@@ -7,4 +7,4 @@
|
|
||||||
# extension in the openssl.cnf file.
|
|
||||||
|
|
||||||
export EASY_RSA="${EASY_RSA:-.}"
|
|
||||||
-"$EASY_RSA/pkitool" --interact --server $*
|
|
||||||
+"/usr/sbin/pkitool" --interact --server $*
|
|
||||||
--- a/easy-rsa/2.0/build-req
|
|
||||||
+++ b/easy-rsa/2.0/build-req
|
|
||||||
@@ -4,4 +4,4 @@
|
|
||||||
# when your root certificate and key is not available locally.
|
|
||||||
|
|
||||||
export EASY_RSA="${EASY_RSA:-.}"
|
|
||||||
-"$EASY_RSA/pkitool" --interact --csr $*
|
|
||||||
+"/usr/sbin/pkitool" --interact --csr $*
|
|
||||||
--- a/easy-rsa/2.0/build-req-pass
|
|
||||||
+++ b/easy-rsa/2.0/build-req-pass
|
|
||||||
@@ -4,4 +4,4 @@
|
|
||||||
# with a password.
|
|
||||||
|
|
||||||
export EASY_RSA="${EASY_RSA:-.}"
|
|
||||||
-"$EASY_RSA/pkitool" --interact --csr --pass $*
|
|
||||||
+"/usr/sbin/pkitool" --interact --csr --pass $*
|
|
||||||
--- a/easy-rsa/2.0/clean-all
|
|
||||||
+++ b/easy-rsa/2.0/clean-all
|
|
||||||
@@ -1,5 +1,7 @@
|
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
+. /etc/easy-rsa/vars
|
|
||||||
+
|
|
||||||
# Initialize the $KEY_DIR directory.
|
|
||||||
# Note that this script does a
|
|
||||||
# rm -rf on $KEY_DIR so be careful!
|
|
||||||
--- a/easy-rsa/2.0/inherit-inter
|
|
||||||
+++ b/easy-rsa/2.0/inherit-inter
|
|
||||||
@@ -1,5 +1,7 @@
|
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
+. /etc/easy-rsa/vars
|
|
||||||
+
|
|
||||||
# Build a new PKI which is rooted on an intermediate certificate generated
|
|
||||||
# by ./build-inter or ./pkitool --inter from a parent PKI. The new PKI should
|
|
||||||
# have independent vars settings, and must use a different KEY_DIR directory
|
|
||||||
--- a/easy-rsa/2.0/list-crl
|
|
||||||
+++ b/easy-rsa/2.0/list-crl
|
|
||||||
@@ -1,5 +1,7 @@
|
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
+. /etc/easy-rsa/vars
|
|
||||||
+
|
|
||||||
# list revoked certificates
|
|
||||||
|
|
||||||
CRL="${1:-crl.pem}"
|
|
||||||
--- a/easy-rsa/2.0/pkitool
|
|
||||||
+++ b/easy-rsa/2.0/pkitool
|
|
||||||
@@ -1,5 +1,7 @@
|
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
+. /etc/easy-rsa/vars
|
|
||||||
+
|
|
||||||
# OpenVPN -- An application to securely tunnel IP networks
|
|
||||||
# over a single TCP/UDP port, with support for SSL/TLS-based
|
|
||||||
# session authentication and key exchange,
|
|
||||||
--- a/easy-rsa/2.0/revoke-full
|
|
||||||
+++ b/easy-rsa/2.0/revoke-full
|
|
||||||
@@ -1,5 +1,7 @@
|
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
+. /etc/easy-rsa/vars
|
|
||||||
+
|
|
||||||
# revoke a certificate, regenerate CRL,
|
|
||||||
# and verify revocation
|
|
||||||
|
|
||||||
--- a/easy-rsa/2.0/sign-req
|
|
||||||
+++ b/easy-rsa/2.0/sign-req
|
|
||||||
@@ -4,4 +4,4 @@
|
|
||||||
# with a local root certificate and key.
|
|
||||||
|
|
||||||
export EASY_RSA="${EASY_RSA:-.}"
|
|
||||||
-"$EASY_RSA/pkitool" --interact --sign $*
|
|
||||||
+"/usr/sbin/pkitool" --interact --sign $*
|
|
||||||
--- a/easy-rsa/2.0/vars
|
|
||||||
+++ b/easy-rsa/2.0/vars
|
|
||||||
@@ -12,7 +12,7 @@
|
|
||||||
# This variable should point to
|
|
||||||
# the top level of the easy-rsa
|
|
||||||
# tree.
|
|
||||||
-export EASY_RSA="`pwd`"
|
|
||||||
+export EASY_RSA="/etc/easy-rsa"
|
|
||||||
|
|
||||||
#
|
|
||||||
# This variable should point to
|
|
||||||
@@ -26,7 +26,7 @@
|
|
||||||
# This variable should point to
|
|
||||||
# the openssl.cnf file included
|
|
||||||
# with easy-rsa.
|
|
||||||
-export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
|
|
||||||
+export KEY_CONFIG=`/usr/sbin/whichopensslcnf $EASY_RSA`
|
|
||||||
|
|
||||||
# Edit this variable to point to
|
|
||||||
# your soon-to-be-created key
|
|
Loading…
Reference in a new issue