SOURCES: easy-rsa2.patch - also use pkcs11-tool from $PATH

glen glen at pld-linux.org
Tue Sep 18 13:10:38 CEST 2007


Author: glen                         Date: Tue Sep 18 11:10:38 2007 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- also use pkcs11-tool from $PATH

---- Files affected:
SOURCES:
   easy-rsa2.patch (1.7 -> 1.8) 

---- Diffs:

================================================================
Index: SOURCES/easy-rsa2.patch
diff -u SOURCES/easy-rsa2.patch:1.7 SOURCES/easy-rsa2.patch:1.8
--- SOURCES/easy-rsa2.patch:1.7	Tue Sep 18 13:08:01 2007
+++ SOURCES/easy-rsa2.patch	Tue Sep 18 13:10:33 2007
@@ -1,5 +1,5 @@
 --- openvpn-2.1_rc4/easy-rsa/2.0/build-ca	2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-ca	2007-09-18 14:02:30.971147578 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-ca	2007-09-18 14:08:03.688714502 +0300
 @@ -1,8 +1,8 @@
 -#!/bin/bash
 +#!/bin/sh
@@ -13,7 +13,7 @@
 +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
 +/usr/sbin/pkitool --interact --initca $*
 --- openvpn-2.1_rc4/easy-rsa/2.0/build-dh	2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-dh	2007-09-18 14:03:45.252837051 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-dh	2007-09-18 14:08:03.688714502 +0300
 @@ -1,10 +1,13 @@
 -#!/bin/bash
 +#!/bin/sh
@@ -31,7 +31,7 @@
      echo 'Please source the vars script first (i.e. "source ./vars")'
      echo 'Make sure you have edited it to reflect your configuration.'
 --- openvpn-2.1_rc4/easy-rsa/2.0/build-inter	2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-inter	2007-09-18 14:02:30.971147578 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-inter	2007-09-18 14:08:03.688714502 +0300
 @@ -1,7 +1,7 @@
 -#!/bin/bash
 +#!/bin/sh
@@ -44,7 +44,7 @@
 +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
 +/usr/sbin/pkitool --interact --inter $*
 --- openvpn-2.1_rc4/easy-rsa/2.0/build-key	2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-key	2007-09-18 14:02:30.971147578 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-key	2007-09-18 14:08:03.688714502 +0300
 @@ -1,7 +1,7 @@
 -#!/bin/bash
 +#!/bin/sh
@@ -57,7 +57,7 @@
 +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
 +/usr/sbin/pkitool --interact $*
 --- openvpn-2.1_rc4/easy-rsa/2.0/build-key-pass	2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-key-pass	2007-09-18 14:02:30.971147578 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-key-pass	2007-09-18 14:08:03.688714502 +0300
 @@ -1,7 +1,7 @@
 -#!/bin/bash
 +#!/bin/sh
@@ -70,7 +70,7 @@
 +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
 +/usr/sbin/pkitool --interact --pass $*
 --- openvpn-2.1_rc4/easy-rsa/2.0/build-key-pkcs12	2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-key-pkcs12	2007-09-18 14:02:30.971147578 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-key-pkcs12	2007-09-18 14:08:03.698714729 +0300
 @@ -1,8 +1,8 @@
 -#!/bin/bash
 +#!/bin/sh
@@ -84,7 +84,7 @@
 +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
 +/usr/sbin/pkitool --interact --pkcs12 $*
 --- openvpn-2.1_rc4/easy-rsa/2.0/build-key-server	2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-key-server	2007-09-18 14:02:30.971147578 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-key-server	2007-09-18 14:08:03.698714729 +0300
 @@ -1,4 +1,4 @@
 -#!/bin/bash
 +#!/bin/sh
@@ -100,7 +100,7 @@
 +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
 +/usr/sbin/pkitool --interact --server $*
 --- openvpn-2.1_rc4/easy-rsa/2.0/build-req	2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-req	2007-09-18 14:02:30.971147578 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-req	2007-09-18 14:08:03.698714729 +0300
 @@ -1,7 +1,7 @@
 -#!/bin/bash
 +#!/bin/sh
@@ -113,7 +113,7 @@
 +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
 +/usr/sbin/pkitool --interact --csr $*
 --- openvpn-2.1_rc4/easy-rsa/2.0/build-req-pass	2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-req-pass	2007-09-18 14:02:30.981147805 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-req-pass	2007-09-18 14:08:03.698714729 +0300
 @@ -1,7 +1,7 @@
 -#!/bin/bash
 +#!/bin/sh
@@ -126,7 +126,7 @@
 +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
 +/usr/sbin/pkitool --interact --csr --pass $*
 --- openvpn-2.1_rc4/easy-rsa/2.0/clean-all	2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/clean-all	2007-09-18 14:02:30.981147805 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/clean-all	2007-09-18 14:08:03.698714729 +0300
 @@ -1,9 +1,13 @@
 -#!/bin/bash
 +#!/bin/sh
@@ -143,7 +143,7 @@
      rm -rf "$KEY_DIR"
      mkdir "$KEY_DIR" && \
 --- openvpn-2.1_rc4/easy-rsa/2.0/inherit-inter	2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/inherit-inter	2007-09-18 14:02:30.981147805 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/inherit-inter	2007-09-18 14:08:03.698714729 +0300
 @@ -1,4 +1,4 @@
 -#!/bin/bash
 +#!/bin/sh
@@ -162,7 +162,7 @@
  # referenced by the OpenVPN "ca" directive in config files.  The ca.crt file
  # will only contain the local intermediate CA -- it's needed by the easy-rsa
 --- openvpn-2.1_rc4/easy-rsa/2.0/list-crl	2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/list-crl	2007-09-18 14:03:47.542889136 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/list-crl	2007-09-18 14:08:03.698714729 +0300
 @@ -1,12 +1,15 @@
 -#!/bin/bash
 +#!/bin/sh
@@ -182,7 +182,7 @@
      echo 'Please source the vars script first (i.e. "source ./vars")'
      echo 'Make sure you have edited it to reflect your configuration.'
 --- openvpn-2.1_rc4/easy-rsa/2.0/pkitool	2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/pkitool	2007-09-18 14:04:35.363976753 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/pkitool	2007-09-18 14:08:59.219977182 +0300
 @@ -39,6 +39,10 @@
      exit 1
  }
@@ -194,6 +194,35 @@
  need_vars()
  {
      echo '  Please edit the vars script to reflect your configuration,'
+@@ -164,16 +168,16 @@
+ 		     if [ -z "$PKCS11_LABEL" ]; then
+ 		       die "Please specify library name, slot and label"
+ 		     fi
+-		     $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --init-token --slot "$PKCS11_SLOT" \
++		     pkcs11-tool --module "$PKCS11_MODULE_PATH" --init-token --slot "$PKCS11_SLOT" \
+ 		     	--label "$PKCS11_LABEL" &&
+-			$PKCS11TOOL --module "$PKCS11_MODULE_PATH" --init-pin --slot "$PKCS11_SLOT"
++			pkcs11-tool --module "$PKCS11_MODULE_PATH" --init-pin --slot "$PKCS11_SLOT"
+ 		     exit $?;;
+ 	--pkcs11-slots)
+ 	             PKCS11_MODULE_PATH="$2"
+ 		     if [ -z "$PKCS11_MODULE_PATH" ]; then
+ 		       die "Please specify library name"
+ 		     fi
+-		     $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --list-slots
++		     pkcs11-tool --module "$PKCS11_MODULE_PATH" --list-slots
+ 		     exit 0;;
+ 	--pkcs11-objects)
+ 	             PKCS11_MODULE_PATH="$2"
+@@ -181,7 +185,7 @@
+ 		     if [ -z "$PKCS11_SLOT" ]; then
+ 		       die "Please specify library name and slot"
+ 		     fi
+-		     $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --list-objects --login --slot "$PKCS11_SLOT"
++		     pkcs11-tool --module "$PKCS11_MODULE_PATH" --list-objects --login --slot "$PKCS11_SLOT"
+ 		     exit 0;;
+ 
+ 	# errors
 @@ -192,7 +196,7 @@
  done
  
@@ -221,7 +250,16 @@
  	    -x509 -keyout "$CA.key" -out "$CA.crt" -config "$KEY_CONFIG" && \
  	    chmod 0600 "$CA.key"
      else        
-@@ -327,18 +331,18 @@
+@@ -319,7 +323,7 @@
+ 		export PKCS11_PIN
+ 
+ 		echo "Generating key pair on PKCS#11 token..."
+-		$PKCS11TOOL --module "$PKCS11_MODULE_PATH" --keypairgen \
++		pkcs11-tool --module "$PKCS11_MODULE_PATH" --keypairgen \
+ 			--login --pin "$PKCS11_PIN" \
+ 			--key-type rsa:1024 \
+ 			--slot "$PKCS11_SLOT" --id "$PKCS11_ID" --label "$PKCS11_LABEL" || exit 1
+@@ -327,19 +331,19 @@
  	fi
  
          # Build cert/key
@@ -240,12 +278,14 @@
  	# Load certificate into PKCS#11 token
  	if [ $DO_P11 -eq 1 ]; then
 -		$OPENSSL x509 -in "$KEY_CN.crt" -inform PEM -out "$KEY_CN.crt.der" -outform DER && \
+-		  $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --write-object "$KEY_CN.crt.der" --type cert \
 +		openssl x509 -in "$KEY_CN.crt" -inform PEM -out "$KEY_CN.crt.der" -outform DER && \
- 		  $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --write-object "$KEY_CN.crt.der" --type cert \
++		  pkcs11-tool --module "$PKCS11_MODULE_PATH" --write-object "$KEY_CN.crt.der" --type cert \
  			--login --pin "$PKCS11_PIN" \
  			--slot "$PKCS11_SLOT" --id "$PKCS11_ID" --label "$PKCS11_LABEL" 
+ 		[ -e "$KEY_CN.crt.der" ]; rm "$KEY_CN.crt.der"
 --- openvpn-2.1_rc4/easy-rsa/2.0/revoke-full	2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/revoke-full	2007-09-18 14:03:56.763098837 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/revoke-full	2007-09-18 14:08:03.698714729 +0300
 @@ -1,7 +1,10 @@
 -#!/bin/bash
 +#!/bin/sh
@@ -282,7 +322,7 @@
      echo 'Please source the vars script first (i.e. "source ./vars")'
      echo 'Make sure you have edited it to reflect your configuration.'
 --- openvpn-2.1_rc4/easy-rsa/2.0/sign-req	2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/sign-req	2007-09-18 14:02:30.981147805 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/sign-req	2007-09-18 14:08:03.698714729 +0300
 @@ -1,7 +1,7 @@
 -#!/bin/bash
 +#!/bin/sh
@@ -295,7 +335,7 @@
 +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
 +/usr/sbin/pkitool --interact --sign $*
 --- openvpn-2.1_rc4/easy-rsa/2.0/vars	2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/vars	2007-09-18 14:05:43.535527169 +0300
++++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/vars	2007-09-18 14:08:03.698714729 +0300
 @@ -12,21 +12,12 @@
  # This variable should point to
  # the top level of the easy-rsa
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/easy-rsa2.patch?r1=1.7&r2=1.8&f=u



More information about the pld-cvs-commit mailing list