[packages/openvpn] - up to 2.3.0; easy-rsa is gone (separate spec is needed); contrib scripts not installed by default;
arekm
arekm at pld-linux.org
Wed Jan 9 08:42:17 CET 2013
commit d073bea73c9547d0e54ebcc4fd5343fad9b19840
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Wed Jan 9 08:42:13 2013 +0100
- up to 2.3.0; easy-rsa is gone (separate spec is needed); contrib scripts not installed by default; this version supports IPv6 already so drop external patch/bcond
easy-rsa2.patch | 342 -------------------------------------------------
openvpn-optflags.patch | 22 ----
openvpn-pam.patch | 8 +-
openvpn.spec | 106 +++------------
4 files changed, 21 insertions(+), 457 deletions(-)
---
diff --git a/openvpn.spec b/openvpn.spec
index 2641d8a..a850743 100644
--- a/openvpn.spec
+++ b/openvpn.spec
@@ -1,27 +1,21 @@
# Conditional build:
%bcond_without pkcs11 # build without PKCS#11 support
-%bcond_with ipv6_payload # build with ipv6 payload support in server
# mode
Summary: VPN Daemon
Summary(pl.UTF-8): Serwer VPN
Name: openvpn
-Version: 2.2.2
-Release: 3
+Version: 2.3.0
+Release: 1
License: GPL
Group: Networking/Daemons
Source0: http://swupdate.openvpn.net/community/releases/%{name}-%{version}.tar.gz
-# Source0-md5: c5181e27b7945fa6276d21873329c5c7
+# Source0-md5: 56cffde5d5320e0b1ec364d3e486aca9
Source1: %{name}.init
Source2: %{name}.sysconfig
-Source3: %{name}-update-resolv-conf
-Source4: %{name}.tmpfiles
-Patch0: %{name}-optflags.patch
-Patch1: easy-rsa2.patch
-Patch2: %{name}-pam.patch
-# http://www.greenie.net/ipv6/openvpn-2.2.0-ipv6-20110522-1.patch.gz
-Patch3: %{name}-ipv6_payload.patch
+Source3: %{name}.tmpfiles
+Patch0: %{name}-pam.patch
URL: http://www.openvpn.net/
BuildRequires: autoconf
BuildRequires: automake
@@ -61,43 +55,14 @@ development.
%description devel -l pl.UTF-8
Ten pakiet zawiera pliki nagłówkowe do tworzenia wtyczek OpenVPN.
-%package -n easy-rsa
-Summary: Small RSA key management package
-Summary(pl.UTF-8): Mały pakiet do zarządzania kluczami RSA
-Group: Applications
-Requires: grep
-Requires: openssl-tools
-
-%description -n easy-rsa
-This is a small RSA key management package, based on the openssl
-command line tool, that can be found in the easy-rsa subdirectory of
-the OpenVPN distribution.
-
-For step-by-step instructions, see the HOWTO:
-<http://www.openvpn.net/index.php/documentation/howto.html>.
-
-%description -n easy-rsa -l pl.UTF-8
-To jest mały pakiet do zarządzania kluczami RSA, oparty na narzędziu
-linii poleceń openssl. Pakiet ten pochodzi z podkatalogu easy-rsa
-dystrybucji OpenVPN.
-
-Instrukcje krok po kroku można znaleźć w HOWTO:
-<http://www.openvpn.net/index.php/documentation/howto.html>.
-
%prep
%setup -q
%patch0 -p1
-%patch1 -p1
-%patch2 -p1
-%{?with_ipv6_payload:%patch3 -p1}
-
-mv plugin/auth-pam/README README.auth-pam
-mv plugin/down-root/README README.down-root
sed -e 's,/''usr/lib/openvpn,%{_libdir}/%{name},' %{SOURCE3} > contrib/update-resolv-conf
%build
-%{__aclocal}
+%{__aclocal} -I m4
%{__autoheader}
%{__autoconf}
%{__automake}
@@ -106,17 +71,12 @@ sed -e 's,/''usr/lib/openvpn,%{_libdir}/%{name},' %{SOURCE3} > contrib/update-re
%{!?with_pkcs11:--disable-pkcs11} \
--enable-password-save \
--enable-iproute2 \
- --with-ifconfig-path=/sbin/ifconfig \
- --with-iproute-path=/sbin/ip \
- --with-route-path=/sbin/route \
- --with-netstat-path=/bin/netstat
+ IFCONFIG=/sbin/ifconfig \
+ IPROUTE=/sbin/ip \
+ ROUTE=/sbin/route \
+ NETSTAT=/bin/netstat
-%{__make} CFLAGS="%{rpmcflags} %{rpmcppflags} -D_GNU_SOURCE"
-
-%{__make} -C plugin/auth-pam \
- OPTFLAGS="%{rpmcflags} %{rpmcppflags}"
-%{__make} -C plugin/down-root \
- OPTFLAGS="%{rpmcflags} %{rpmcppflags}"
+%{__make}
%install
rm -rf $RPM_BUILD_ROOT
@@ -124,28 +84,12 @@ install -d $RPM_BUILD_ROOT{%{_sysconfdir}/openvpn,%{_sbindir},%{_mandir}/man8} \
$RPM_BUILD_ROOT{/etc/{rc.d/init.d,sysconfig},/var/run/openvpn,%{_includedir}} \
$RPM_BUILD_ROOT{%{_libdir}/%{name}/plugins,/usr/lib/tmpfiles.d}
-install openvpn $RPM_BUILD_ROOT%{_sbindir}
-install *.8 $RPM_BUILD_ROOT%{_mandir}/man8
+%{__make} install \
+ DESTDIR=$RPM_BUILD_ROOT
install %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
install %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/%{name}
-install openvpn-plugin.h $RPM_BUILD_ROOT%{_includedir}
-install plugin/{auth-pam,down-root}/*.so $RPM_BUILD_ROOT%{_libdir}/%{name}/plugins
-
-install %{SOURCE4} $RPM_BUILD_ROOT/usr/lib/tmpfiles.d/%{name}.conf
-
-# easy-rsa 2.0
-install -d $RPM_BUILD_ROOT{%{_sysconfdir},%{_datadir}}/easy-rsa
-install -d $RPM_BUILD_ROOT%{_sysconfdir}/easy-rsa/keys
-cp -a easy-rsa/2.0/vars $RPM_BUILD_ROOT%{_sysconfdir}/easy-rsa
-cp -a easy-rsa/2.0/openssl-1.0.0.cnf $RPM_BUILD_ROOT%{_sysconfdir}/easy-rsa/openssl.cnf
-cp -a easy-rsa/2.0/{build-*,clean-all,inherit-inter,list-crl,revoke-full,sign-req} $RPM_BUILD_ROOT%{_datadir}/easy-rsa
-cp -a easy-rsa/2.0/pkitool $RPM_BUILD_ROOT%{_sbindir}
-
-# we use cp -a, not to pull /bin/bash dependency
-cp -a contrib/pull-resolv-conf/client.down $RPM_BUILD_ROOT%{_libdir}/%{name}
-cp -a contrib/pull-resolv-conf/client.up $RPM_BUILD_ROOT%{_libdir}/%{name}
-cp -a contrib/update-resolv-conf $RPM_BUILD_ROOT%{_libdir}/%{name}
+install %{SOURCE3} $RPM_BUILD_ROOT/usr/lib/tmpfiles.d/%{name}.conf
%clean
rm -rf $RPM_BUILD_ROOT
@@ -162,18 +106,13 @@ fi
%files
%defattr(644,root,root,755)
-%doc AUTHORS README* ChangeLog sample-config-files sample-keys sample-scripts management/management-notes.txt
-%if %{with ipv6_payload}
-%doc *.IPv6
-%endif
+%doc AUTHORS README* ChangeLog sample/sample-{config-files,keys,scripts} doc/management-notes.txt
+%doc *.IPv6 src/plugins/*/README.*
%dir %{_sysconfdir}/openvpn
%config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/%{name}
%attr(755,root,root) %{_sbindir}/openvpn
%attr(754,root,root) /etc/rc.d/init.d/%{name}
%dir %{_libdir}/%{name}
-%attr(755,root,root) %{_libdir}/%{name}/client.down
-%attr(755,root,root) %{_libdir}/%{name}/client.up
-%attr(755,root,root) %{_libdir}/%{name}/update-resolv-conf
%dir %{_libdir}/%{name}/plugins
%attr(755,root,root) %{_libdir}/%{name}/plugins/*.so
%{_mandir}/man?/*
@@ -182,16 +121,5 @@ fi
%files devel
%defattr(644,root,root,755)
-%doc plugin/{README,examples/}
+%doc doc/README.plugins sample/sample-plugins
%{_includedir}/*.h
-
-%files -n easy-rsa
-%defattr(644,root,root,755)
-%doc easy-rsa/2.0/README
-%dir %{_sysconfdir}/easy-rsa
-%dir %attr(700,root,root) %{_sysconfdir}/easy-rsa/keys
-%config(noreplace) %attr(640,root,root) %verify(not md5 mtime size) %{_sysconfdir}/easy-rsa/vars
-%config(noreplace) %attr(640,root,root) %verify(not md5 mtime size) %{_sysconfdir}/easy-rsa/openssl.cnf
-%attr(755,root,root) %{_sbindir}/pkitool
-%dir %{_datadir}/easy-rsa
-%attr(755,root,root) %{_datadir}/easy-rsa/*
diff --git a/easy-rsa2.patch b/easy-rsa2.patch
deleted file mode 100644
index 3d63b38..0000000
--- a/easy-rsa2.patch
+++ /dev/null
@@ -1,342 +0,0 @@
-diff -ur openvpn-2.2.0-orig/easy-rsa/2.0/build-ca openvpn-2.2.0/easy-rsa/2.0/build-ca
---- openvpn-2.2.0-orig/easy-rsa/2.0/build-ca 2011-04-06 18:05:52.000000000 +0200
-+++ openvpn-2.2.0/easy-rsa/2.0/build-ca 2011-04-27 22:34:59.357652908 +0200
-@@ -4,5 +4,5 @@
- # Build a root certificate
- #
-
--export EASY_RSA="${EASY_RSA:-.}"
--"$EASY_RSA/pkitool" --interact --initca $*
-+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
-+/usr/sbin/pkitool --interact --initca $*
-diff -ur openvpn-2.2.0-orig/easy-rsa/2.0/build-dh openvpn-2.2.0/easy-rsa/2.0/build-dh
---- openvpn-2.2.0-orig/easy-rsa/2.0/build-dh 2011-04-06 18:05:52.000000000 +0200
-+++ openvpn-2.2.0/easy-rsa/2.0/build-dh 2011-04-27 22:36:11.867656490 +0200
-@@ -3,8 +3,12 @@
- # Build Diffie-Hellman parameters for the server side
- # of an SSL/TLS connection.
-
-+if [ -z "$EASY_RSA" ]; then
-+ . /etc/easy-rsa/vars
-+fi
-+
- if [ -d $KEY_DIR ] && [ $KEY_SIZE ]; then
-- $OPENSSL dhparam -out ${KEY_DIR}/dh${KEY_SIZE}.pem ${KEY_SIZE}
-+ openssl dhparam -out ${KEY_DIR}/dh${KEY_SIZE}.pem ${KEY_SIZE}
- else
- echo 'Please source the vars script first (i.e. "source ./vars")'
- echo 'Make sure you have edited it to reflect your configuration.'
-diff -ur openvpn-2.2.0-orig/easy-rsa/2.0/build-inter openvpn-2.2.0/easy-rsa/2.0/build-inter
---- openvpn-2.2.0-orig/easy-rsa/2.0/build-inter 2011-04-06 18:05:52.000000000 +0200
-+++ openvpn-2.2.0/easy-rsa/2.0/build-inter 2011-04-27 22:37:59.789289422 +0200
-@@ -3,5 +3,5 @@
- # Make an intermediate CA certificate/private key pair using a locally generated
- # root certificate.
-
--export EASY_RSA="${EASY_RSA:-.}"
--"$EASY_RSA/pkitool" --interact --inter $*
-+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
-+/usr/sbin/pkitool --interact --inter $*
-diff -ur openvpn-2.2.0-orig/easy-rsa/2.0/build-key openvpn-2.2.0/easy-rsa/2.0/build-key
---- openvpn-2.2.0-orig/easy-rsa/2.0/build-key 2011-04-06 18:05:52.000000000 +0200
-+++ openvpn-2.2.0/easy-rsa/2.0/build-key 2011-04-27 22:38:35.330924876 +0200
-@@ -3,5 +3,5 @@
- # Make a certificate/private key pair using a locally generated
- # root certificate.
-
--export EASY_RSA="${EASY_RSA:-.}"
--"$EASY_RSA/pkitool" --interact $*
-+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
-+/usr/sbin/pkitool --interact $*
-diff -ur openvpn-2.2.0-orig/easy-rsa/2.0/build-key-pass openvpn-2.2.0/easy-rsa/2.0/build-key-pass
---- openvpn-2.2.0-orig/easy-rsa/2.0/build-key-pass 2011-04-06 18:05:52.000000000 +0200
-+++ openvpn-2.2.0/easy-rsa/2.0/build-key-pass 2011-04-27 22:39:23.919827311 +0200
-@@ -3,5 +3,5 @@
- # Similar to build-key, but protect the private key
- # with a password.
-
--export EASY_RSA="${EASY_RSA:-.}"
--"$EASY_RSA/pkitool" --interact --pass $*
-+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
-+/usr/sbin/pkitool --interact --pass $*
-diff -ur openvpn-2.2.0-orig/easy-rsa/2.0/build-key-pkcs12 openvpn-2.2.0/easy-rsa/2.0/build-key-pkcs12
---- openvpn-2.2.0-orig/easy-rsa/2.0/build-key-pkcs12 2011-04-06 18:05:52.000000000 +0200
-+++ openvpn-2.2.0/easy-rsa/2.0/build-key-pkcs12 2011-04-27 22:40:10.288627524 +0200
-@@ -4,5 +4,5 @@
- # root certificate and convert it to a PKCS #12 file including the
- # the CA certificate as well.
-
--export EASY_RSA="${EASY_RSA:-.}"
--"$EASY_RSA/pkitool" --interact --pkcs12 $*
-+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
-+/usr/sbin/pkitool --interact --pkcs12 $*
-diff -ur openvpn-2.2.0-orig/easy-rsa/2.0/build-key-server openvpn-2.2.0/easy-rsa/2.0/build-key-server
---- openvpn-2.2.0-orig/easy-rsa/2.0/build-key-server 2011-04-06 18:05:52.000000000 +0200
-+++ openvpn-2.2.0/easy-rsa/2.0/build-key-server 2011-04-27 22:41:24.715385295 +0200
-@@ -6,5 +6,5 @@
- # Explicitly set nsCertType to server using the "server"
- # extension in the openssl.cnf file.
-
--export EASY_RSA="${EASY_RSA:-.}"
--"$EASY_RSA/pkitool" --interact --server $*
-+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
-+/usr/sbin/pkitool --interact --server $*
-diff -ur openvpn-2.2.0-orig/easy-rsa/2.0/build-req openvpn-2.2.0/easy-rsa/2.0/build-req
---- openvpn-2.2.0-orig/easy-rsa/2.0/build-req 2011-04-06 18:05:52.000000000 +0200
-+++ openvpn-2.2.0/easy-rsa/2.0/build-req 2011-04-27 22:41:59.636992013 +0200
-@@ -3,5 +3,5 @@
- # Build a certificate signing request and private key. Use this
- # when your root certificate and key is not available locally.
-
--export EASY_RSA="${EASY_RSA:-.}"
--"$EASY_RSA/pkitool" --interact --csr $*
-+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
-+/usr/sbin/pkitool --interact --csr $*
-diff -ur openvpn-2.2.0-orig/easy-rsa/2.0/build-req-pass openvpn-2.2.0/easy-rsa/2.0/build-req-pass
---- openvpn-2.2.0-orig/easy-rsa/2.0/build-req-pass 2011-04-06 18:05:52.000000000 +0200
-+++ openvpn-2.2.0/easy-rsa/2.0/build-req-pass 2011-04-27 22:43:36.938135257 +0200
-@@ -3,5 +3,5 @@
- # Like build-req, but protect your private key
- # with a password.
-
--export EASY_RSA="${EASY_RSA:-.}"
--"$EASY_RSA/pkitool" --interact --csr --pass $*
-+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
-+/usr/sbin/pkitool --interact --csr --pass $*
-diff -ur openvpn-2.2.0-orig/easy-rsa/2.0/clean-all openvpn-2.2.0/easy-rsa/2.0/clean-all
---- openvpn-2.2.0-orig/easy-rsa/2.0/clean-all 2011-04-06 18:05:52.000000000 +0200
-+++ openvpn-2.2.0/easy-rsa/2.0/clean-all 2011-04-27 22:44:36.544210785 +0200
-@@ -4,6 +4,10 @@
- # Note that this script does a
- # rm -rf on $KEY_DIR so be careful!
-
-+if [ -z "$EASY_RSA" ]; then
-+ . /etc/easy-rsa/vars
-+fi
-+
- if [ "$KEY_DIR" ]; then
- rm -rf "$KEY_DIR"
- mkdir "$KEY_DIR" && \
-diff -ur openvpn-2.2.0-orig/easy-rsa/2.0/inherit-inter openvpn-2.2.0/easy-rsa/2.0/inherit-inter
---- openvpn-2.2.0-orig/easy-rsa/2.0/inherit-inter 2011-04-06 18:05:52.000000000 +0200
-+++ openvpn-2.2.0/easy-rsa/2.0/inherit-inter 2011-04-27 22:45:20.809580498 +0200
-@@ -9,6 +9,10 @@
- # To build an intermediate CA, follow the same steps for a regular PKI but
- # replace ./build-key or ./pkitool --initca with this script.
-
-+if [ -z "$EASY_RSA" ]; then
-+ . /etc/easy-rsa/vars
-+fi
-+
- # The EXPORT_CA file will contain the CA certificate chain and should be
- # referenced by the OpenVPN "ca" directive in config files. The ca.crt file
- # will only contain the local intermediate CA -- it's needed by the easy-rsa
-diff -ur openvpn-2.2.0-orig/easy-rsa/2.0/list-crl openvpn-2.2.0/easy-rsa/2.0/list-crl
---- openvpn-2.2.0-orig/easy-rsa/2.0/list-crl 2011-04-06 18:05:52.000000000 +0200
-+++ openvpn-2.2.0/easy-rsa/2.0/list-crl 2011-04-27 22:46:23.149114937 +0200
-@@ -2,11 +2,15 @@
-
- # list revoked certificates
-
-+if [ -z "$EASY_RSA" ]; then
-+ . /etc/easy-rsa/vars
-+fi
-+
- CRL="${1:-crl.pem}"
-
- if [ "$KEY_DIR" ]; then
- cd "$KEY_DIR" && \
-- $OPENSSL crl -text -noout -in "$CRL"
-+ openssl crl -text -noout -in "$CRL"
- else
- echo 'Please source the vars script first (i.e. "source ./vars")'
- echo 'Make sure you have edited it to reflect your configuration.'
-diff -ur openvpn-2.2.0-orig/easy-rsa/2.0/pkitool openvpn-2.2.0/easy-rsa/2.0/pkitool
---- openvpn-2.2.0-orig/easy-rsa/2.0/pkitool 2011-04-06 18:05:52.000000000 +0200
-+++ openvpn-2.2.0/easy-rsa/2.0/pkitool 2011-04-27 22:53:35.735697923 +0200
-@@ -42,6 +42,10 @@
- exit 1
- }
-
-+if [ -z "$EASY_RSA" ]; then
-+ . /etc/easy-rsa/vars
-+fi
-+
- need_vars()
- {
- echo ' Please edit the vars script to reflect your configuration,'
-@@ -172,16 +176,16 @@
- if [ -z "$PKCS11_LABEL" ]; then
- die "Please specify library name, slot and label"
- fi
-- $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --init-token --slot "$PKCS11_SLOT" \
-+ pkcs11-tool --module "$PKCS11_MODULE_PATH" --init-token --slot "$PKCS11_SLOT" \
- --label "$PKCS11_LABEL" &&
-- $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --init-pin --slot "$PKCS11_SLOT"
-+ pkcs11-tool --module "$PKCS11_MODULE_PATH" --init-pin --slot "$PKCS11_SLOT"
- exit $?;;
- --pkcs11-slots)
- PKCS11_MODULE_PATH="$2"
- if [ -z "$PKCS11_MODULE_PATH" ]; then
- die "Please specify library name"
- fi
-- $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --list-slots
-+ pkcs11-tool --module "$PKCS11_MODULE_PATH" --list-slots
- exit 0;;
- --pkcs11-objects)
- PKCS11_MODULE_PATH="$2"
-@@ -189,7 +193,7 @@
- if [ -z "$PKCS11_SLOT" ]; then
- die "Please specify library name and slot"
- fi
-- $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --list-objects --login --slot "$PKCS11_SLOT"
-+ pkcs11-tool --module "$PKCS11_MODULE_PATH" --list-objects --login --slot "$PKCS11_SLOT"
- exit 0;;
-
- --help|--usage)
-@@ -206,7 +210,7 @@
- done
-
- if ! [ -z "$BATCH" ]; then
-- if $OPENSSL version | grep 0.9.6 > /dev/null; then
-+ if openssl version | grep 0.9.6 > /dev/null; then
- die "Batch mode is unsupported in openssl<0.9.7"
- fi
- fi
-@@ -311,7 +315,7 @@
-
- # Make sure $KEY_CONFIG points to the correct version
- # of openssl.cnf
-- if $GREP -i 'easy-rsa version 2\.[0-9]' "$KEY_CONFIG" >/dev/null; then
-+ if grep -i 'easy-rsa version 2\.[0-9]' "$KEY_CONFIG" >/dev/null; then
- :
- else
- echo "$PROGNAME: KEY_CONFIG (set by the ./vars script) is pointing to the wrong"
-@@ -322,7 +326,7 @@
-
- # Build root CA
- if [ $DO_ROOT -eq 1 ]; then
-- $OPENSSL req $BATCH -days $CA_EXPIRE $NODES_REQ -new -newkey rsa:$KEY_SIZE -sha1 \
-+ openssl req $BATCH -days $CA_EXPIRE $NODES_REQ -new -newkey rsa:$KEY_SIZE -sha1 \
- -x509 -keyout "$CA.key" -out "$CA.crt" -config "$KEY_CONFIG" && \
- chmod 0600 "$CA.key"
- else
-@@ -345,7 +349,7 @@
- export PKCS11_PIN
-
- echo "Generating key pair on PKCS#11 token..."
-- $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --keypairgen \
-+ pkcs11-tool --module "$PKCS11_MODULE_PATH" --keypairgen \
- --login --pin "$PKCS11_PIN" \
- --key-type rsa:1024 \
- --slot "$PKCS11_SLOT" --id "$PKCS11_ID" --label "$PKCS11_LABEL" || exit 1
-@@ -353,19 +357,19 @@
- fi
-
- # Build cert/key
-- ( [ $DO_REQ -eq 0 ] || $OPENSSL req $BATCH -days $KEY_EXPIRE $NODES_REQ -new -newkey rsa:$KEY_SIZE \
-+ ( [ $DO_REQ -eq 0 ] || openssl req $BATCH -days $KEY_EXPIRE $NODES_REQ -new -newkey rsa:$KEY_SIZE \
- -keyout "$FN.key" -out "$FN.csr" $REQ_EXT -config "$KEY_CONFIG" $PKCS11_ARGS ) && \
-- ( [ $DO_CA -eq 0 ] || $OPENSSL ca $BATCH -days $KEY_EXPIRE -out "$FN.crt" \
-+ ( [ $DO_CA -eq 0 ] || openssl ca $BATCH -days $KEY_EXPIRE -out "$FN.crt" \
- -in "$FN.csr" $CA_EXT -md sha1 -config "$KEY_CONFIG" ) && \
-- ( [ $DO_P12 -eq 0 ] || $OPENSSL pkcs12 -export -inkey "$FN.key" \
-+ ( [ $DO_P12 -eq 0 ] || openssl pkcs12 -export -inkey "$FN.key" \
- -in "$FN.crt" -certfile "$CA.crt" -out "$FN.p12" $NODES_P12 ) && \
- ( [ $DO_CA -eq 0 -o $DO_P11 -eq 1 ] || chmod 0600 "$FN.key" ) && \
- ( [ $DO_P12 -eq 0 ] || chmod 0600 "$FN.p12" )
-
- # Load certificate into PKCS#11 token
- if [ $DO_P11 -eq 1 ]; then
-- $OPENSSL x509 -in "$FN.crt" -inform PEM -out "$FN.crt.der" -outform DER && \
-- $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --write-object "$FN.crt.der" --type cert \
-+ openssl x509 -in "$FN.crt" -inform PEM -out "$FN.crt.der" -outform DER && \
-+ pkcs11-tool --module "$PKCS11_MODULE_PATH" --write-object "$FN.crt.der" --type cert \
- --login --pin "$PKCS11_PIN" \
- --slot "$PKCS11_SLOT" --id "$PKCS11_ID" --label "$PKCS11_LABEL"
- [ -e "$FN.crt.der" ]; rm "$FN.crt.der"
-diff -ur openvpn-2.2.0-orig/easy-rsa/2.0/revoke-full openvpn-2.2.0/easy-rsa/2.0/revoke-full
---- openvpn-2.2.0-orig/easy-rsa/2.0/revoke-full 2011-04-06 18:05:52.000000000 +0200
-+++ openvpn-2.2.0/easy-rsa/2.0/revoke-full 2011-04-27 22:56:07.449351374 +0200
-@@ -3,6 +3,10 @@
- # revoke a certificate, regenerate CRL,
- # and verify revocation
-
-+if [ -z "$EASY_RSA" ]; then
-+ . /etc/easy-rsa/vars
-+fi
-+
- CRL="crl.pem"
- RT="revoke-test.pem"
-
-@@ -21,11 +25,11 @@
- export KEY_NAME=""
-
- # revoke key and generate a new CRL
-- $OPENSSL ca -revoke "$1.crt" -config "$KEY_CONFIG"
-+ openssl ca -revoke "$1" -config "$KEY_CONFIG"
-
- # generate a new CRL -- try to be compatible with
- # intermediate PKIs
-- $OPENSSL ca -gencrl -out "$CRL" -config "$KEY_CONFIG"
-+ openssl ca -gencrl -out "$CRL" -config "$KEY_CONFIG"
- if [ -e export-ca.crt ]; then
- cat export-ca.crt "$CRL" >"$RT"
- else
-@@ -33,7 +37,7 @@
- fi
-
- # verify the revocation
-- $OPENSSL verify -CAfile "$RT" -crl_check "$1.crt"
-+ openssl verify -CAfile "$RT" -crl_check "$1"
- else
- echo 'Please source the vars script first (i.e. "source ./vars")'
- echo 'Make sure you have edited it to reflect your configuration.'
-diff -ur openvpn-2.2.0-orig/easy-rsa/2.0/sign-req openvpn-2.2.0/easy-rsa/2.0/sign-req
---- openvpn-2.2.0-orig/easy-rsa/2.0/sign-req 2011-04-06 18:05:52.000000000 +0200
-+++ openvpn-2.2.0/easy-rsa/2.0/sign-req 2011-04-27 22:56:46.124465700 +0200
-@@ -3,5 +3,5 @@
- # Sign a certificate signing request (a .csr file)
- # with a local root certificate and key.
-
--export EASY_RSA="${EASY_RSA:-.}"
--"$EASY_RSA/pkitool" --interact --sign $*
-+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
-+/usr/sbin/pkitool --interact --sign $*
-diff -ur openvpn-2.2.0-orig/easy-rsa/2.0/vars openvpn-2.2.0/easy-rsa/2.0/vars
---- openvpn-2.2.0-orig/easy-rsa/2.0/vars 2010-10-21 11:18:17.000000000 +0200
-+++ openvpn-2.2.0/easy-rsa/2.0/vars 2011-04-27 22:58:41.789791888 +0200
-@@ -12,21 +12,12 @@
- # This variable should point to
- # the top level of the easy-rsa
- # tree.
--export EASY_RSA="`pwd`"
--
--#
--# This variable should point to
--# the requested executables
--#
--export OPENSSL="openssl"
--export PKCS11TOOL="pkcs11-tool"
--export GREP="grep"
--
-+export EASY_RSA="/etc/easy-rsa"
-
- # This variable should point to
- # the openssl.cnf file included
- # with easy-rsa.
--export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
-+export KEY_CONFIG="$EASY_RSA/openssl.cnf"
-
- # Edit this variable to point to
- # your soon-to-be-created key
-@@ -38,9 +29,6 @@
- # it correctly!
- export KEY_DIR="$EASY_RSA/keys"
-
--# Issue rm -rf warning
--echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
--
- # PKCS11 fixes
- export PKCS11_MODULE_PATH="dummy"
- export PKCS11_PIN="dummy"
diff --git a/openvpn-optflags.patch b/openvpn-optflags.patch
deleted file mode 100644
index bee6b74..0000000
--- a/openvpn-optflags.patch
+++ /dev/null
@@ -1,22 +0,0 @@
---- ./plugin/auth-pam/Makefile~ 2005-10-03 17:45:36.000000000 +0300
-+++ ./plugin/auth-pam/Makefile 2005-10-03 17:45:50.000000000 +0300
-@@ -15,7 +15,7 @@
- # This directory is where we will look for openvpn-plugin.h
- INCLUDE=-I../..
-
--CC_FLAGS=-O2 -Wall -DDLOPEN_PAM=$(DLOPEN_PAM)
-+CC_FLAGS=-O2 -Wall -DDLOPEN_PAM=$(DLOPEN_PAM) $(OPTFLAGS)
-
- openvpn-auth-pam.so : auth-pam.o pamdl.o
- gcc ${CC_FLAGS} -fPIC -shared -Wl,-soname,openvpn-auth-pam.so -o openvpn-auth-pam.so auth-pam.o pamdl.o -lc $(LIBPAM)
---- ./plugin/down-root/Makefile~ 2004-11-25 02:08:39.000000000 +0200
-+++ ./plugin/down-root/Makefile 2005-10-03 17:46:09.000000000 +0300
-@@ -5,7 +5,7 @@
- # This directory is where we will look for openvpn-plugin.h
- INCLUDE=-I../..
-
--CC_FLAGS=-O2 -Wall
-+CC_FLAGS=-O2 -Wall $(OPTFLAGS)
-
- down-root.so : down-root.o
- gcc ${CC_FLAGS} -fPIC -shared -Wl,-soname,openvpn-down-root.so -o openvpn-down-root.so down-root.o -lc
diff --git a/openvpn-pam.patch b/openvpn-pam.patch
index d391736..273a495 100644
--- a/openvpn-pam.patch
+++ b/openvpn-pam.patch
@@ -1,9 +1,9 @@
---- openvpn-2.1~rc4.orig/plugin/auth-pam/auth-pam.c
-+++ openvpn-2.1~rc4/plugin/auth-pam/auth-pam.c
-@@ -658,7 +658,7 @@
+--- x/src/plugins/auth-pam/auth-pam.c~ 2012-11-22 13:07:51.000000000 +0100
++++ x/src/plugins/auth-pam/auth-pam.c 2013-01-09 06:36:53.012563695 +0100
+@@ -696,7 +696,7 @@
struct user_pass up;
int command;
- #if DLOPEN_PAM
+ #ifdef USE_PAM_DLOPEN
- static const char pam_so[] = "libpam.so";
+ static const char pam_so[] = "libpam.so.0";
#endif
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/openvpn.git/commitdiff/d073bea73c9547d0e54ebcc4fd5343fad9b19840
More information about the pld-cvs-commit
mailing list