packages: openvpn/easy-rsa2.patch - adjusted to openvpn-2.2.0
marti
marti at pld-linux.org
Wed Apr 27 23:03:43 CEST 2011
Author: marti Date: Wed Apr 27 21:03:43 2011 GMT
Module: packages Tag: HEAD
---- Log message:
- adjusted to openvpn-2.2.0
---- Files affected:
packages/openvpn:
easy-rsa2.patch (1.10 -> 1.11)
---- Diffs:
================================================================
Index: packages/openvpn/easy-rsa2.patch
diff -u packages/openvpn/easy-rsa2.patch:1.10 packages/openvpn/easy-rsa2.patch:1.11
--- packages/openvpn/easy-rsa2.patch:1.10 Sun Nov 30 00:18:20 2008
+++ packages/openvpn/easy-rsa2.patch Wed Apr 27 23:03:38 2011
@@ -1,10 +1,7 @@
---- openvpn-2.1_rc4/easy-rsa/2.0/build-ca 2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-ca 2007-09-18 14:08:03.688714502 +0300
-@@ -1,8 +1,8 @@
--#!/bin/bash
-+#!/bin/sh
-
- #
+diff -ur openvpn-2.2.0-orig/easy-rsa/2.0/build-ca openvpn-2.2.0/easy-rsa/2.0/build-ca
+--- openvpn-2.2.0-orig/easy-rsa/2.0/build-ca 2011-04-06 18:05:52.000000000 +0200
++++ openvpn-2.2.0/easy-rsa/2.0/build-ca 2011-04-27 22:34:59.357652908 +0200
+@@ -4,5 +4,5 @@
# Build a root certificate
#
@@ -12,30 +9,27 @@
-"$EASY_RSA/pkitool" --interact --initca $*
+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
+/usr/sbin/pkitool --interact --initca $*
---- openvpn-2.1_rc4/easy-rsa/2.0/build-dh 2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-dh 2007-09-18 14:08:03.688714502 +0300
-@@ -1,10 +1,13 @@
--#!/bin/bash
-+#!/bin/sh
-
+diff -ur openvpn-2.2.0-orig/easy-rsa/2.0/build-dh openvpn-2.2.0/easy-rsa/2.0/build-dh
+--- openvpn-2.2.0-orig/easy-rsa/2.0/build-dh 2011-04-06 18:05:52.000000000 +0200
++++ openvpn-2.2.0/easy-rsa/2.0/build-dh 2011-04-27 22:36:11.867656490 +0200
+@@ -3,8 +3,12 @@
# Build Diffie-Hellman parameters for the server side
# of an SSL/TLS connection.
+
+if [ -z "$EASY_RSA" ]; then
-+ . /etc/easy-rsa/vars
++ . /etc/easy-rsa/vars
+fi
-
++
if [ -d $KEY_DIR ] && [ $KEY_SIZE ]; then
- $OPENSSL dhparam -out ${KEY_DIR}/dh${KEY_SIZE}.pem ${KEY_SIZE}
+ openssl dhparam -out ${KEY_DIR}/dh${KEY_SIZE}.pem ${KEY_SIZE}
else
echo 'Please source the vars script first (i.e. "source ./vars")'
echo 'Make sure you have edited it to reflect your configuration.'
---- openvpn-2.1_rc4/easy-rsa/2.0/build-inter 2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-inter 2007-09-18 14:08:03.688714502 +0300
-@@ -1,7 +1,7 @@
--#!/bin/bash
-+#!/bin/sh
-
+diff -ur openvpn-2.2.0-orig/easy-rsa/2.0/build-inter openvpn-2.2.0/easy-rsa/2.0/build-inter
+--- openvpn-2.2.0-orig/easy-rsa/2.0/build-inter 2011-04-06 18:05:52.000000000 +0200
++++ openvpn-2.2.0/easy-rsa/2.0/build-inter 2011-04-27 22:37:59.789289422 +0200
+@@ -3,5 +3,5 @@
# Make an intermediate CA certificate/private key pair using a locally generated
# root certificate.
@@ -43,12 +37,10 @@
-"$EASY_RSA/pkitool" --interact --inter $*
+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
+/usr/sbin/pkitool --interact --inter $*
---- openvpn-2.1_rc4/easy-rsa/2.0/build-key 2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-key 2007-09-18 14:08:03.688714502 +0300
-@@ -1,7 +1,7 @@
--#!/bin/bash
-+#!/bin/sh
-
+diff -ur openvpn-2.2.0-orig/easy-rsa/2.0/build-key openvpn-2.2.0/easy-rsa/2.0/build-key
+--- openvpn-2.2.0-orig/easy-rsa/2.0/build-key 2011-04-06 18:05:52.000000000 +0200
++++ openvpn-2.2.0/easy-rsa/2.0/build-key 2011-04-27 22:38:35.330924876 +0200
+@@ -3,5 +3,5 @@
# Make a certificate/private key pair using a locally generated
# root certificate.
@@ -56,12 +48,10 @@
-"$EASY_RSA/pkitool" --interact $*
+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
+/usr/sbin/pkitool --interact $*
---- openvpn-2.1_rc4/easy-rsa/2.0/build-key-pass 2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-key-pass 2007-09-18 14:08:03.688714502 +0300
-@@ -1,7 +1,7 @@
--#!/bin/bash
-+#!/bin/sh
-
+diff -ur openvpn-2.2.0-orig/easy-rsa/2.0/build-key-pass openvpn-2.2.0/easy-rsa/2.0/build-key-pass
+--- openvpn-2.2.0-orig/easy-rsa/2.0/build-key-pass 2011-04-06 18:05:52.000000000 +0200
++++ openvpn-2.2.0/easy-rsa/2.0/build-key-pass 2011-04-27 22:39:23.919827311 +0200
+@@ -3,5 +3,5 @@
# Similar to build-key, but protect the private key
# with a password.
@@ -69,13 +59,10 @@
-"$EASY_RSA/pkitool" --interact --pass $*
+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
+/usr/sbin/pkitool --interact --pass $*
---- openvpn-2.1_rc4/easy-rsa/2.0/build-key-pkcs12 2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-key-pkcs12 2007-09-18 14:08:03.698714729 +0300
-@@ -1,8 +1,8 @@
--#!/bin/bash
-+#!/bin/sh
-
- # Make a certificate/private key pair using a locally generated
+diff -ur openvpn-2.2.0-orig/easy-rsa/2.0/build-key-pkcs12 openvpn-2.2.0/easy-rsa/2.0/build-key-pkcs12
+--- openvpn-2.2.0-orig/easy-rsa/2.0/build-key-pkcs12 2011-04-06 18:05:52.000000000 +0200
++++ openvpn-2.2.0/easy-rsa/2.0/build-key-pkcs12 2011-04-27 22:40:10.288627524 +0200
+@@ -4,5 +4,5 @@
# root certificate and convert it to a PKCS #12 file including the
# the CA certificate as well.
@@ -83,14 +70,9 @@
-"$EASY_RSA/pkitool" --interact --pkcs12 $*
+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
+/usr/sbin/pkitool --interact --pkcs12 $*
---- openvpn-2.1_rc4/easy-rsa/2.0/build-key-server 2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-key-server 2007-09-18 14:08:03.698714729 +0300
-@@ -1,4 +1,4 @@
--#!/bin/bash
-+#!/bin/sh
-
- # Make a certificate/private key pair using a locally generated
- # root certificate.
+diff -ur openvpn-2.2.0-orig/easy-rsa/2.0/build-key-server openvpn-2.2.0/easy-rsa/2.0/build-key-server
+--- openvpn-2.2.0-orig/easy-rsa/2.0/build-key-server 2011-04-06 18:05:52.000000000 +0200
++++ openvpn-2.2.0/easy-rsa/2.0/build-key-server 2011-04-27 22:41:24.715385295 +0200
@@ -6,5 +6,5 @@
# Explicitly set nsCertType to server using the "server"
# extension in the openssl.cnf file.
@@ -99,12 +81,10 @@
-"$EASY_RSA/pkitool" --interact --server $*
+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
+/usr/sbin/pkitool --interact --server $*
---- openvpn-2.1_rc4/easy-rsa/2.0/build-req 2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-req 2007-09-18 14:08:03.698714729 +0300
-@@ -1,7 +1,7 @@
--#!/bin/bash
-+#!/bin/sh
-
+diff -ur openvpn-2.2.0-orig/easy-rsa/2.0/build-req openvpn-2.2.0/easy-rsa/2.0/build-req
+--- openvpn-2.2.0-orig/easy-rsa/2.0/build-req 2011-04-06 18:05:52.000000000 +0200
++++ openvpn-2.2.0/easy-rsa/2.0/build-req 2011-04-27 22:41:59.636992013 +0200
+@@ -3,5 +3,5 @@
# Build a certificate signing request and private key. Use this
# when your root certificate and key is not available locally.
@@ -112,12 +92,10 @@
-"$EASY_RSA/pkitool" --interact --csr $*
+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
+/usr/sbin/pkitool --interact --csr $*
---- openvpn-2.1_rc4/easy-rsa/2.0/build-req-pass 2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/build-req-pass 2007-09-18 14:08:03.698714729 +0300
-@@ -1,7 +1,7 @@
--#!/bin/bash
-+#!/bin/sh
-
+diff -ur openvpn-2.2.0-orig/easy-rsa/2.0/build-req-pass openvpn-2.2.0/easy-rsa/2.0/build-req-pass
+--- openvpn-2.2.0-orig/easy-rsa/2.0/build-req-pass 2011-04-06 18:05:52.000000000 +0200
++++ openvpn-2.2.0/easy-rsa/2.0/build-req-pass 2011-04-27 22:43:36.938135257 +0200
+@@ -3,5 +3,5 @@
# Like build-req, but protect your private key
# with a password.
@@ -125,53 +103,45 @@
-"$EASY_RSA/pkitool" --interact --csr --pass $*
+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
+/usr/sbin/pkitool --interact --csr --pass $*
---- openvpn-2.1_rc4/easy-rsa/2.0/clean-all 2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/clean-all 2007-09-18 14:08:03.698714729 +0300
-@@ -1,9 +1,13 @@
--#!/bin/bash
-+#!/bin/sh
-
- # Initialize the $KEY_DIR directory.
+diff -ur openvpn-2.2.0-orig/easy-rsa/2.0/clean-all openvpn-2.2.0/easy-rsa/2.0/clean-all
+--- openvpn-2.2.0-orig/easy-rsa/2.0/clean-all 2011-04-06 18:05:52.000000000 +0200
++++ openvpn-2.2.0/easy-rsa/2.0/clean-all 2011-04-27 22:44:36.544210785 +0200
+@@ -4,6 +4,10 @@
# Note that this script does a
# rm -rf on $KEY_DIR so be careful!
+if [ -z "$EASY_RSA" ]; then
-+ . /etc/easy-rsa/vars
++ . /etc/easy-rsa/vars
+fi
+
if [ "$KEY_DIR" ]; then
rm -rf "$KEY_DIR"
mkdir "$KEY_DIR" && \
---- openvpn-2.1_rc4/easy-rsa/2.0/inherit-inter 2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/inherit-inter 2007-09-18 14:08:03.698714729 +0300
-@@ -1,4 +1,4 @@
--#!/bin/bash
-+#!/bin/sh
-
- # Build a new PKI which is rooted on an intermediate certificate generated
- # by ./build-inter or ./pkitool --inter from a parent PKI. The new PKI should
+diff -ur openvpn-2.2.0-orig/easy-rsa/2.0/inherit-inter openvpn-2.2.0/easy-rsa/2.0/inherit-inter
+--- openvpn-2.2.0-orig/easy-rsa/2.0/inherit-inter 2011-04-06 18:05:52.000000000 +0200
++++ openvpn-2.2.0/easy-rsa/2.0/inherit-inter 2011-04-27 22:45:20.809580498 +0200
@@ -9,6 +9,10 @@
# To build an intermediate CA, follow the same steps for a regular PKI but
# replace ./build-key or ./pkitool --initca with this script.
+if [ -z "$EASY_RSA" ]; then
-+ . /etc/easy-rsa/vars
++ . /etc/easy-rsa/vars
+fi
+
# The EXPORT_CA file will contain the CA certificate chain and should be
# referenced by the OpenVPN "ca" directive in config files. The ca.crt file
# will only contain the local intermediate CA -- it's needed by the easy-rsa
---- openvpn-2.1_rc4/easy-rsa/2.0/list-crl 2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/list-crl 2007-09-18 14:08:03.698714729 +0300
-@@ -1,12 +1,15 @@
--#!/bin/bash
-+#!/bin/sh
+diff -ur openvpn-2.2.0-orig/easy-rsa/2.0/list-crl openvpn-2.2.0/easy-rsa/2.0/list-crl
+--- openvpn-2.2.0-orig/easy-rsa/2.0/list-crl 2011-04-06 18:05:52.000000000 +0200
++++ openvpn-2.2.0/easy-rsa/2.0/list-crl 2011-04-27 22:46:23.149114937 +0200
+@@ -2,11 +2,15 @@
# list revoked certificates
+
+if [ -z "$EASY_RSA" ]; then
-+ . /etc/easy-rsa/vars
++ . /etc/easy-rsa/vars
+fi
-
++
CRL="${1:-crl.pem}"
if [ "$KEY_DIR" ]; then
@@ -181,20 +151,21 @@
else
echo 'Please source the vars script first (i.e. "source ./vars")'
echo 'Make sure you have edited it to reflect your configuration.'
---- openvpn-2.1_rc4/easy-rsa/2.0/pkitool 2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/pkitool 2007-09-18 14:08:59.219977182 +0300
-@@ -39,6 +39,10 @@
+diff -ur openvpn-2.2.0-orig/easy-rsa/2.0/pkitool openvpn-2.2.0/easy-rsa/2.0/pkitool
+--- openvpn-2.2.0-orig/easy-rsa/2.0/pkitool 2011-04-06 18:05:52.000000000 +0200
++++ openvpn-2.2.0/easy-rsa/2.0/pkitool 2011-04-27 22:53:35.735697923 +0200
+@@ -42,6 +42,10 @@
exit 1
}
+if [ -z "$EASY_RSA" ]; then
-+ . /etc/easy-rsa/vars
++ . /etc/easy-rsa/vars
+fi
+
need_vars()
{
echo ' Please edit the vars script to reflect your configuration,'
-@@ -164,16 +168,16 @@
+@@ -172,16 +176,16 @@
if [ -z "$PKCS11_LABEL" ]; then
die "Please specify library name, slot and label"
fi
@@ -214,7 +185,7 @@
exit 0;;
--pkcs11-objects)
PKCS11_MODULE_PATH="$2"
-@@ -181,7 +185,7 @@
+@@ -189,7 +193,7 @@
if [ -z "$PKCS11_SLOT" ]; then
die "Please specify library name and slot"
fi
@@ -222,8 +193,8 @@
+ pkcs11-tool --module "$PKCS11_MODULE_PATH" --list-objects --login --slot "$PKCS11_SLOT"
exit 0;;
- # errors
-@@ -192,7 +196,7 @@
+ --help|--usage)
+@@ -206,7 +210,7 @@
done
if ! [ -z "$BATCH" ]; then
@@ -232,7 +203,7 @@
die "Batch mode is unsupported in openssl<0.9.7"
fi
fi
-@@ -285,7 +289,7 @@
+@@ -311,7 +315,7 @@
# Make sure $KEY_CONFIG points to the correct version
# of openssl.cnf
@@ -241,7 +212,7 @@
:
else
echo "$PROGNAME: KEY_CONFIG (set by the ./vars script) is pointing to the wrong"
-@@ -296,7 +300,7 @@
+@@ -322,7 +326,7 @@
# Build root CA
if [ $DO_ROOT -eq 1 ]; then
@@ -250,7 +221,7 @@
-x509 -keyout "$CA.key" -out "$CA.crt" -config "$KEY_CONFIG" && \
chmod 0600 "$CA.key"
else
-@@ -319,7 +323,7 @@
+@@ -345,7 +349,7 @@
export PKCS11_PIN
echo "Generating key pair on PKCS#11 token..."
@@ -259,7 +230,7 @@
--login --pin "$PKCS11_PIN" \
--key-type rsa:1024 \
--slot "$PKCS11_SLOT" --id "$PKCS11_ID" --label "$PKCS11_LABEL" || exit 1
-@@ -327,19 +331,19 @@
+@@ -353,19 +357,19 @@
fi
# Build cert/key
@@ -284,22 +255,22 @@
--login --pin "$PKCS11_PIN" \
--slot "$PKCS11_SLOT" --id "$PKCS11_ID" --label "$PKCS11_LABEL"
[ -e "$FN.crt.der" ]; rm "$FN.crt.der"
---- openvpn-2.1_rc4/easy-rsa/2.0/revoke-full 2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/revoke-full 2007-09-18 14:08:03.698714729 +0300
-@@ -1,7 +1,10 @@
--#!/bin/bash
-+#!/bin/sh
-
+diff -ur openvpn-2.2.0-orig/easy-rsa/2.0/revoke-full openvpn-2.2.0/easy-rsa/2.0/revoke-full
+--- openvpn-2.2.0-orig/easy-rsa/2.0/revoke-full 2011-04-06 18:05:52.000000000 +0200
++++ openvpn-2.2.0/easy-rsa/2.0/revoke-full 2011-04-27 22:56:07.449351374 +0200
+@@ -3,6 +3,10 @@
# revoke a certificate, regenerate CRL,
# and verify revocation
+
+if [ -z "$EASY_RSA" ]; then
-+ . /etc/easy-rsa/vars
++ . /etc/easy-rsa/vars
+fi
-
++
CRL="crl.pem"
RT="revoke-test.pem"
-@@ -20,11 +23,11 @@
- export KEY_OU=""
+
+@@ -21,11 +25,11 @@
+ export KEY_NAME=""
# revoke key and generate a new CRL
- $OPENSSL ca -revoke "$1.crt" -config "$KEY_CONFIG"
@@ -312,7 +283,7 @@
if [ -e export-ca.crt ]; then
cat export-ca.crt "$CRL" >"$RT"
else
-@@ -32,7 +35,7 @@
+@@ -33,7 +37,7 @@
fi
# verify the revocation
@@ -321,12 +292,10 @@
else
echo 'Please source the vars script first (i.e. "source ./vars")'
echo 'Make sure you have edited it to reflect your configuration.'
---- openvpn-2.1_rc4/easy-rsa/2.0/sign-req 2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/sign-req 2007-09-18 14:08:03.698714729 +0300
-@@ -1,7 +1,7 @@
--#!/bin/bash
-+#!/bin/sh
-
+diff -ur openvpn-2.2.0-orig/easy-rsa/2.0/sign-req openvpn-2.2.0/easy-rsa/2.0/sign-req
+--- openvpn-2.2.0-orig/easy-rsa/2.0/sign-req 2011-04-06 18:05:52.000000000 +0200
++++ openvpn-2.2.0/easy-rsa/2.0/sign-req 2011-04-27 22:56:46.124465700 +0200
+@@ -3,5 +3,5 @@
# Sign a certificate signing request (a .csr file)
# with a local root certificate and key.
@@ -334,8 +303,9 @@
-"$EASY_RSA/pkitool" --interact --sign $*
+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
+/usr/sbin/pkitool --interact --sign $*
---- openvpn-2.1_rc4/easy-rsa/2.0/vars 2007-04-26 00:38:44.000000000 +0300
-+++ openvpn-2.1_rc4-rsa2/easy-rsa/2.0/vars 2007-09-18 14:08:03.698714729 +0300
+diff -ur openvpn-2.2.0-orig/easy-rsa/2.0/vars openvpn-2.2.0/easy-rsa/2.0/vars
+--- openvpn-2.2.0-orig/easy-rsa/2.0/vars 2010-10-21 11:18:17.000000000 +0200
++++ openvpn-2.2.0/easy-rsa/2.0/vars 2011-04-27 22:58:41.789791888 +0200
@@ -12,21 +12,12 @@
# This variable should point to
# the top level of the easy-rsa
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/openvpn/easy-rsa2.patch?r1=1.10&r2=1.11&f=u
More information about the pld-cvs-commit
mailing list