SOURCES: easy-rsa2.patch - also use pkcs11-tool from $PATH
glen
glen at pld-linux.org
Tue Sep 18 13:10:38 CEST 2007
Author: glen Date: Tue Sep 18 11:10:38 2007 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- also use pkcs11-tool from $PATH
---- Files affected:
SOURCES:
easy-rsa2.patch (1.7 -> 1.8)
---- Diffs:
================================================================
Index: SOURCES/easy-rsa2.patch
diff -u SOURCES/easy-rsa2.patch:1.7 SOURCES/easy-rsa2.patch:1.8
--- SOURCES/easy-rsa2.patch:1.7 Tue Sep 18 13:08:01 2007
+++ SOURCES/easy-rsa2.patch Tue Sep 18 13:10:33 2007
@@ -1,5 +1,5 @@
--- openvpn-2.1_rc4/easy-rsa/2.0/build-ca 2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-ca 2007-09-18 14:02:30.971147578 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-ca 2007-09-18 14:08:03.688714502 +0300
@@ -1,8 +1,8 @@
-#!/bin/bash
+#!/bin/sh
@@ -13,7 +13,7 @@
+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
+/usr/sbin/pkitool --interact --initca $*
--- openvpn-2.1_rc4/easy-rsa/2.0/build-dh 2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-dh 2007-09-18 14:03:45.252837051 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-dh 2007-09-18 14:08:03.688714502 +0300
@@ -1,10 +1,13 @@
-#!/bin/bash
+#!/bin/sh
@@ -31,7 +31,7 @@
echo 'Please source the vars script first (i.e. "source ./vars")'
echo 'Make sure you have edited it to reflect your configuration.'
--- openvpn-2.1_rc4/easy-rsa/2.0/build-inter 2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-inter 2007-09-18 14:02:30.971147578 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-inter 2007-09-18 14:08:03.688714502 +0300
@@ -1,7 +1,7 @@
-#!/bin/bash
+#!/bin/sh
@@ -44,7 +44,7 @@
+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
+/usr/sbin/pkitool --interact --inter $*
--- openvpn-2.1_rc4/easy-rsa/2.0/build-key 2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-key 2007-09-18 14:02:30.971147578 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-key 2007-09-18 14:08:03.688714502 +0300
@@ -1,7 +1,7 @@
-#!/bin/bash
+#!/bin/sh
@@ -57,7 +57,7 @@
+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
+/usr/sbin/pkitool --interact $*
--- openvpn-2.1_rc4/easy-rsa/2.0/build-key-pass 2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-key-pass 2007-09-18 14:02:30.971147578 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-key-pass 2007-09-18 14:08:03.688714502 +0300
@@ -1,7 +1,7 @@
-#!/bin/bash
+#!/bin/sh
@@ -70,7 +70,7 @@
+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
+/usr/sbin/pkitool --interact --pass $*
--- openvpn-2.1_rc4/easy-rsa/2.0/build-key-pkcs12 2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-key-pkcs12 2007-09-18 14:02:30.971147578 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-key-pkcs12 2007-09-18 14:08:03.698714729 +0300
@@ -1,8 +1,8 @@
-#!/bin/bash
+#!/bin/sh
@@ -84,7 +84,7 @@
+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
+/usr/sbin/pkitool --interact --pkcs12 $*
--- openvpn-2.1_rc4/easy-rsa/2.0/build-key-server 2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-key-server 2007-09-18 14:02:30.971147578 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-key-server 2007-09-18 14:08:03.698714729 +0300
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
@@ -100,7 +100,7 @@
+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
+/usr/sbin/pkitool --interact --server $*
--- openvpn-2.1_rc4/easy-rsa/2.0/build-req 2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-req 2007-09-18 14:02:30.971147578 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-req 2007-09-18 14:08:03.698714729 +0300
@@ -1,7 +1,7 @@
-#!/bin/bash
+#!/bin/sh
@@ -113,7 +113,7 @@
+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
+/usr/sbin/pkitool --interact --csr $*
--- openvpn-2.1_rc4/easy-rsa/2.0/build-req-pass 2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-req-pass 2007-09-18 14:02:30.981147805 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-req-pass 2007-09-18 14:08:03.698714729 +0300
@@ -1,7 +1,7 @@
-#!/bin/bash
+#!/bin/sh
@@ -126,7 +126,7 @@
+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
+/usr/sbin/pkitool --interact --csr --pass $*
--- openvpn-2.1_rc4/easy-rsa/2.0/clean-all 2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/clean-all 2007-09-18 14:02:30.981147805 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/clean-all 2007-09-18 14:08:03.698714729 +0300
@@ -1,9 +1,13 @@
-#!/bin/bash
+#!/bin/sh
@@ -143,7 +143,7 @@
rm -rf "$KEY_DIR"
mkdir "$KEY_DIR" && \
--- openvpn-2.1_rc4/easy-rsa/2.0/inherit-inter 2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/inherit-inter 2007-09-18 14:02:30.981147805 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/inherit-inter 2007-09-18 14:08:03.698714729 +0300
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
@@ -162,7 +162,7 @@
# referenced by the OpenVPN "ca" directive in config files. The ca.crt file
# will only contain the local intermediate CA -- it's needed by the easy-rsa
--- openvpn-2.1_rc4/easy-rsa/2.0/list-crl 2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/list-crl 2007-09-18 14:03:47.542889136 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/list-crl 2007-09-18 14:08:03.698714729 +0300
@@ -1,12 +1,15 @@
-#!/bin/bash
+#!/bin/sh
@@ -182,7 +182,7 @@
echo 'Please source the vars script first (i.e. "source ./vars")'
echo 'Make sure you have edited it to reflect your configuration.'
--- openvpn-2.1_rc4/easy-rsa/2.0/pkitool 2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/pkitool 2007-09-18 14:04:35.363976753 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/pkitool 2007-09-18 14:08:59.219977182 +0300
@@ -39,6 +39,10 @@
exit 1
}
@@ -194,6 +194,35 @@
need_vars()
{
echo ' Please edit the vars script to reflect your configuration,'
+@@ -164,16 +168,16 @@
+ if [ -z "$PKCS11_LABEL" ]; then
+ die "Please specify library name, slot and label"
+ fi
+- $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --init-token --slot "$PKCS11_SLOT" \
++ pkcs11-tool --module "$PKCS11_MODULE_PATH" --init-token --slot "$PKCS11_SLOT" \
+ --label "$PKCS11_LABEL" &&
+- $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --init-pin --slot "$PKCS11_SLOT"
++ pkcs11-tool --module "$PKCS11_MODULE_PATH" --init-pin --slot "$PKCS11_SLOT"
+ exit $?;;
+ --pkcs11-slots)
+ PKCS11_MODULE_PATH="$2"
+ if [ -z "$PKCS11_MODULE_PATH" ]; then
+ die "Please specify library name"
+ fi
+- $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --list-slots
++ pkcs11-tool --module "$PKCS11_MODULE_PATH" --list-slots
+ exit 0;;
+ --pkcs11-objects)
+ PKCS11_MODULE_PATH="$2"
+@@ -181,7 +185,7 @@
+ if [ -z "$PKCS11_SLOT" ]; then
+ die "Please specify library name and slot"
+ fi
+- $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --list-objects --login --slot "$PKCS11_SLOT"
++ pkcs11-tool --module "$PKCS11_MODULE_PATH" --list-objects --login --slot "$PKCS11_SLOT"
+ exit 0;;
+
+ # errors
@@ -192,7 +196,7 @@
done
@@ -221,7 +250,16 @@
-x509 -keyout "$CA.key" -out "$CA.crt" -config "$KEY_CONFIG" && \
chmod 0600 "$CA.key"
else
-@@ -327,18 +331,18 @@
+@@ -319,7 +323,7 @@
+ export PKCS11_PIN
+
+ echo "Generating key pair on PKCS#11 token..."
+- $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --keypairgen \
++ pkcs11-tool --module "$PKCS11_MODULE_PATH" --keypairgen \
+ --login --pin "$PKCS11_PIN" \
+ --key-type rsa:1024 \
+ --slot "$PKCS11_SLOT" --id "$PKCS11_ID" --label "$PKCS11_LABEL" || exit 1
+@@ -327,19 +331,19 @@
fi
# Build cert/key
@@ -240,12 +278,14 @@
# Load certificate into PKCS#11 token
if [ $DO_P11 -eq 1 ]; then
- $OPENSSL x509 -in "$KEY_CN.crt" -inform PEM -out "$KEY_CN.crt.der" -outform DER && \
+- $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --write-object "$KEY_CN.crt.der" --type cert \
+ openssl x509 -in "$KEY_CN.crt" -inform PEM -out "$KEY_CN.crt.der" -outform DER && \
- $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --write-object "$KEY_CN.crt.der" --type cert \
++ pkcs11-tool --module "$PKCS11_MODULE_PATH" --write-object "$KEY_CN.crt.der" --type cert \
--login --pin "$PKCS11_PIN" \
--slot "$PKCS11_SLOT" --id "$PKCS11_ID" --label "$PKCS11_LABEL"
+ [ -e "$KEY_CN.crt.der" ]; rm "$KEY_CN.crt.der"
--- openvpn-2.1_rc4/easy-rsa/2.0/revoke-full 2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/revoke-full 2007-09-18 14:03:56.763098837 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/revoke-full 2007-09-18 14:08:03.698714729 +0300
@@ -1,7 +1,10 @@
-#!/bin/bash
+#!/bin/sh
@@ -282,7 +322,7 @@
echo 'Please source the vars script first (i.e. "source ./vars")'
echo 'Make sure you have edited it to reflect your configuration.'
--- openvpn-2.1_rc4/easy-rsa/2.0/sign-req 2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/sign-req 2007-09-18 14:02:30.981147805 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/sign-req 2007-09-18 14:08:03.698714729 +0300
@@ -1,7 +1,7 @@
-#!/bin/bash
+#!/bin/sh
@@ -295,7 +335,7 @@
+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
+/usr/sbin/pkitool --interact --sign $*
--- openvpn-2.1_rc4/easy-rsa/2.0/vars 2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/vars 2007-09-18 14:05:43.535527169 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/vars 2007-09-18 14:08:03.698714729 +0300
@@ -12,21 +12,12 @@
# This variable should point to
# the top level of the easy-rsa
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/easy-rsa2.patch?r1=1.7&r2=1.8&f=u
More information about the pld-cvs-commit
mailing list