SOURCES: easy-rsa2.patch - use grep and openssl programs from $PATH

Tue Sep 18 13:08:06 CEST 2007

Author: glen                         Date: Tue Sep 18 11:08:06 2007 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- use grep and openssl programs from $PATH

---- Files affected:
SOURCES:
   easy-rsa2.patch (1.6 -> 1.7) 

---- Diffs:

================================================================
Index: SOURCES/easy-rsa2.patch
diff -u SOURCES/easy-rsa2.patch:1.6 SOURCES/easy-rsa2.patch:1.7

--- SOURCES/easy-rsa2.patch:1.6	Tue Sep 18 13:03:33 2007
+++ SOURCES/easy-rsa2.patch	Tue Sep 18 13:08:01 2007
@@ -1,5 +1,5 @@
 --- openvpn-2.1_rc4/easy-rsa/2.0/build-ca	2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-ca	2007-09-18 14:00:41.538658520 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-ca	2007-09-18 14:02:30.971147578 +0300
 @@ -1,8 +1,8 @@
 -#!/bin/bash
 +#!/bin/sh
@@ -13,8 +13,8 @@
 +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
 +/usr/sbin/pkitool --interact --initca $*
 --- openvpn-2.1_rc4/easy-rsa/2.0/build-dh	2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-dh	2007-09-18 14:00:41.538658520 +0300
-@@ -1,7 +1,10 @@
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-dh	2007-09-18 14:03:45.252837051 +0300
+@@ -1,10 +1,13 @@
 -#!/bin/bash
 +#!/bin/sh
  
@@ -25,9 +25,13 @@
 +fi
  
  if [ -d $KEY_DIR ] && [ $KEY_SIZE ]; then
-     $OPENSSL dhparam -out ${KEY_DIR}/dh${KEY_SIZE}.pem ${KEY_SIZE}
+-    $OPENSSL dhparam -out ${KEY_DIR}/dh${KEY_SIZE}.pem ${KEY_SIZE}
++    openssl dhparam -out ${KEY_DIR}/dh${KEY_SIZE}.pem ${KEY_SIZE}
+ else
+     echo 'Please source the vars script first (i.e. "source ./vars")'
+     echo 'Make sure you have edited it to reflect your configuration.'
 --- openvpn-2.1_rc4/easy-rsa/2.0/build-inter	2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-inter	2007-09-18 14:00:41.538658520 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-inter	2007-09-18 14:02:30.971147578 +0300
 @@ -1,7 +1,7 @@
 -#!/bin/bash
 +#!/bin/sh
@@ -40,7 +44,7 @@
 +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
 +/usr/sbin/pkitool --interact --inter $*
 --- openvpn-2.1_rc4/easy-rsa/2.0/build-key	2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-key	2007-09-18 14:00:41.538658520 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-key	2007-09-18 14:02:30.971147578 +0300
 @@ -1,7 +1,7 @@
 -#!/bin/bash
 +#!/bin/sh
@@ -53,7 +57,7 @@
 +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
 +/usr/sbin/pkitool --interact $*
 --- openvpn-2.1_rc4/easy-rsa/2.0/build-key-pass	2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-key-pass	2007-09-18 14:00:41.538658520 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-key-pass	2007-09-18 14:02:30.971147578 +0300
 @@ -1,7 +1,7 @@
 -#!/bin/bash
 +#!/bin/sh
@@ -66,7 +70,7 @@
 +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
 +/usr/sbin/pkitool --interact --pass $*
 --- openvpn-2.1_rc4/easy-rsa/2.0/build-key-pkcs12	2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-key-pkcs12	2007-09-18 14:00:41.538658520 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-key-pkcs12	2007-09-18 14:02:30.971147578 +0300
 @@ -1,8 +1,8 @@
 -#!/bin/bash
 +#!/bin/sh
@@ -80,7 +84,7 @@
 +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
 +/usr/sbin/pkitool --interact --pkcs12 $*
 --- openvpn-2.1_rc4/easy-rsa/2.0/build-key-server	2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-key-server	2007-09-18 14:00:41.538658520 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-key-server	2007-09-18 14:02:30.971147578 +0300
 @@ -1,4 +1,4 @@
 -#!/bin/bash
 +#!/bin/sh
@@ -96,7 +100,7 @@
 +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
 +/usr/sbin/pkitool --interact --server $*
 --- openvpn-2.1_rc4/easy-rsa/2.0/build-req	2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-req	2007-09-18 14:00:41.538658520 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-req	2007-09-18 14:02:30.971147578 +0300
 @@ -1,7 +1,7 @@
 -#!/bin/bash
 +#!/bin/sh
@@ -109,7 +113,7 @@
 +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
 +/usr/sbin/pkitool --interact --csr $*
 --- openvpn-2.1_rc4/easy-rsa/2.0/build-req-pass	2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-req-pass	2007-09-18 14:00:41.548658748 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-req-pass	2007-09-18 14:02:30.981147805 +0300
 @@ -1,7 +1,7 @@
 -#!/bin/bash
 +#!/bin/sh
@@ -122,7 +126,7 @@
 +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
 +/usr/sbin/pkitool --interact --csr --pass $*
 --- openvpn-2.1_rc4/easy-rsa/2.0/clean-all	2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/clean-all	2007-09-18 14:00:41.548658748 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/clean-all	2007-09-18 14:02:30.981147805 +0300
 @@ -1,9 +1,13 @@
 -#!/bin/bash
 +#!/bin/sh
@@ -139,7 +143,7 @@
      rm -rf "$KEY_DIR"
      mkdir "$KEY_DIR" && \
 --- openvpn-2.1_rc4/easy-rsa/2.0/inherit-inter	2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/inherit-inter	2007-09-18 14:00:41.548658748 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/inherit-inter	2007-09-18 14:02:30.981147805 +0300
 @@ -1,4 +1,4 @@
 -#!/bin/bash
 +#!/bin/sh
@@ -158,8 +162,8 @@
  # referenced by the OpenVPN "ca" directive in config files.  The ca.crt file
  # will only contain the local intermediate CA -- it's needed by the easy-rsa
 --- openvpn-2.1_rc4/easy-rsa/2.0/list-crl	2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/list-crl	2007-09-18 14:00:41.548658748 +0300
-@@ -1,6 +1,9 @@
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/list-crl	2007-09-18 14:03:47.542889136 +0300
+@@ -1,12 +1,15 @@
 -#!/bin/bash
 +#!/bin/sh
  
@@ -170,8 +174,15 @@
  
  CRL="${1:-crl.pem}"
  
+ if [ "$KEY_DIR" ]; then
+     cd "$KEY_DIR" && \
+-	$OPENSSL crl -text -noout -in "$CRL"
++	openssl crl -text -noout -in "$CRL"
+ else
+     echo 'Please source the vars script first (i.e. "source ./vars")'
+     echo 'Make sure you have edited it to reflect your configuration.'
 --- openvpn-2.1_rc4/easy-rsa/2.0/pkitool	2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/pkitool	2007-09-18 14:00:41.548658748 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/pkitool	2007-09-18 14:04:35.363976753 +0300
 @@ -39,6 +39,10 @@
      exit 1
  }
@@ -183,8 +194,58 @@
  need_vars()
  {
      echo '  Please edit the vars script to reflect your configuration,'
+@@ -192,7 +196,7 @@
+ done
+ 
+ if ! [ -z "$BATCH" ]; then
+-	if $OPENSSL version | grep 0.9.6 > /dev/null; then
++	if openssl version | grep 0.9.6 > /dev/null; then
+ 		die "Batch mode is unsupported in openssl<0.9.7"
+ 	fi
+ fi
+@@ -285,7 +289,7 @@
+ 
+     # Make sure $KEY_CONFIG points to the correct version
+     # of openssl.cnf
+-    if $GREP -i 'easy-rsa version 2\.[0-9]' "$KEY_CONFIG" >/dev/null; then
++    if grep -i 'easy-rsa version 2\.[0-9]' "$KEY_CONFIG" >/dev/null; then
+ 	:
+     else
+ 	echo "$PROGNAME: KEY_CONFIG (set by the ./vars script) is pointing to the wrong"
+@@ -296,7 +300,7 @@
+ 
+     # Build root CA
+     if [ $DO_ROOT -eq 1 ]; then
+-	$OPENSSL req $BATCH -days $CA_EXPIRE $NODES_REQ -new -newkey rsa:$KEY_SIZE -sha1 \
++	openssl req $BATCH -days $CA_EXPIRE $NODES_REQ -new -newkey rsa:$KEY_SIZE -sha1 \
+ 	    -x509 -keyout "$CA.key" -out "$CA.crt" -config "$KEY_CONFIG" && \
+ 	    chmod 0600 "$CA.key"
+     else        
+@@ -327,18 +331,18 @@
+ 	fi
+ 
+         # Build cert/key
+-	( [ $DO_REQ -eq 0 ] || $OPENSSL req $BATCH -days $KEY_EXPIRE $NODES_REQ -new -newkey rsa:$KEY_SIZE \
++	( [ $DO_REQ -eq 0 ] || openssl req $BATCH -days $KEY_EXPIRE $NODES_REQ -new -newkey rsa:$KEY_SIZE \
+ 	        -keyout "$KEY_CN.key" -out "$KEY_CN.csr" $REQ_EXT -config "$KEY_CONFIG" $PKCS11_ARGS ) && \
+-	    ( [ $DO_CA -eq 0 ]  || $OPENSSL ca $BATCH -days $KEY_EXPIRE -out "$KEY_CN.crt" \
++	    ( [ $DO_CA -eq 0 ]  || openssl ca $BATCH -days $KEY_EXPIRE -out "$KEY_CN.crt" \
+ 	        -in "$KEY_CN.csr" $CA_EXT -md sha1 -config "$KEY_CONFIG" ) && \
+-	    ( [ $DO_P12 -eq 0 ] || $OPENSSL pkcs12 -export -inkey "$KEY_CN.key" \
++	    ( [ $DO_P12 -eq 0 ] || openssl pkcs12 -export -inkey "$KEY_CN.key" \
+ 	        -in "$KEY_CN.crt" -certfile "$CA.crt" -out "$KEY_CN.p12" $NODES_P12 ) && \
+ 	    ( [ $DO_CA -eq 0 -o $DO_P11 -eq 1 ]  || chmod 0600 "$KEY_CN.key" ) && \
+ 	    ( [ $DO_P12 -eq 0 ] || chmod 0600 "$KEY_CN.p12" )
+ 
+ 	# Load certificate into PKCS#11 token
+ 	if [ $DO_P11 -eq 1 ]; then
+-		$OPENSSL x509 -in "$KEY_CN.crt" -inform PEM -out "$KEY_CN.crt.der" -outform DER && \
++		openssl x509 -in "$KEY_CN.crt" -inform PEM -out "$KEY_CN.crt.der" -outform DER && \
+ 		  $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --write-object "$KEY_CN.crt.der" --type cert \
+ 			--login --pin "$PKCS11_PIN" \
+ 			--slot "$PKCS11_SLOT" --id "$PKCS11_ID" --label "$PKCS11_LABEL" 
 --- openvpn-2.1_rc4/easy-rsa/2.0/revoke-full	2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/revoke-full	2007-09-18 14:00:41.548658748 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/revoke-full	2007-09-18 14:03:56.763098837 +0300
 @@ -1,7 +1,10 @@
 -#!/bin/bash
 +#!/bin/sh
@@ -197,26 +258,31 @@
  
  CRL="crl.pem"
  RT="revoke-test.pem"
-@@ -20,7 +23,7 @@
+@@ -20,11 +23,11 @@
      export KEY_OU=""
  
      # revoke key and generate a new CRL
 -    $OPENSSL ca -revoke "$1.crt" -config "$KEY_CONFIG"
-+    $OPENSSL ca -revoke "$1" -config "$KEY_CONFIG"
++    openssl ca -revoke "$1" -config "$KEY_CONFIG"
  
      # generate a new CRL -- try to be compatible with
      # intermediate PKIs
+-    $OPENSSL ca -gencrl -out "$CRL" -config "$KEY_CONFIG"
++    openssl ca -gencrl -out "$CRL" -config "$KEY_CONFIG"
+     if [ -e export-ca.crt ]; then
+ 	cat export-ca.crt "$CRL" >"$RT"
+     else
 @@ -32,7 +35,7 @@
      fi
      
      # verify the revocation
 -    $OPENSSL verify -CAfile "$RT" -crl_check "$1.crt"
-+    $OPENSSL verify -CAfile "$RT" -crl_check "$1"
++    openssl verify -CAfile "$RT" -crl_check "$1"
  else
      echo 'Please source the vars script first (i.e. "source ./vars")'
      echo 'Make sure you have edited it to reflect your configuration.'
 --- openvpn-2.1_rc4/easy-rsa/2.0/sign-req	2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/sign-req	2007-09-18 14:00:41.548658748 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/sign-req	2007-09-18 14:02:30.981147805 +0300
 @@ -1,7 +1,7 @@
 -#!/bin/bash
 +#!/bin/sh
@@ -229,17 +295,23 @@
 +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
 +/usr/sbin/pkitool --interact --sign $*
 --- openvpn-2.1_rc4/easy-rsa/2.0/vars	2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/vars	2007-09-18 14:00:41.548658748 +0300
-@@ -12,7 +12,7 @@
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/vars	2007-09-18 14:05:43.535527169 +0300
+@@ -12,21 +12,12 @@
  # This variable should point to
  # the top level of the easy-rsa
  # tree.
 -export EASY_RSA="`pwd`"
+-
+-#
+-# This variable should point to
+-# the requested executables
+-#
+-export OPENSSL="openssl"
+-export PKCS11TOOL="pkcs11-tool"
+-export GREP="grep"
+-
 +export EASY_RSA="/etc/easy-rsa"
  
- #
- # This variable should point to
-@@ -26,7 +26,7 @@
  # This variable should point to
  # the openssl.cnf file included
  # with easy-rsa.
@@ -248,7 +320,7 @@
  
  # Edit this variable to point to
  # your soon-to-be-created key
-@@ -38,9 +38,6 @@
+@@ -38,9 +29,6 @@
  # it correctly!
  export KEY_DIR="$EASY_RSA/keys"
  
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/easy-rsa2.patch?r1=1.6&r2=1.7&f=u

