[packages/easy-rsa.git] / easy-rsa2.patch

--- openvpn-2.2.0-orig/easy-rsa/2.0/build-ca	2011-04-06 18:05:52.000000000 +0200
+++ openvpn-2.2.0/easy-rsa/2.0/build-ca	2011-04-27 22:34:59.357652908 +0200
@@ -4,5 +4,5 @@
 # Build a root certificate
 #
 
-export EASY_RSA="${EASY_RSA:-.}"
-"$EASY_RSA/pkitool" --interact --initca $*
+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
+/usr/sbin/pkitool --interact --initca $*
--- openvpn-2.2.0/easy-rsa/2.0/build-dh	2011-04-27 22:36:11.867656490 +0200
+++ easy-rsa-2.2.2/easy-rsa/2.0/build-dh	2015-06-02 21:31:45.871587248 +0300
@@ -3,4 +3,11 @@
 # Build Diffie-Hellman parameters for the server side
 # of an SSL/TLS connection.
 
+if [ -z "$EASY_RSA" ]; then
+       . /etc/easy-rsa/vars
+fi
+
+# Set tool defaults
+[ -n "$OPENSSL" ] || export OPENSSL="openssl"
+
 if [ -d $KEY_DIR ] && [ $KEY_SIZE ]; then
--- openvpn-2.2.0-orig/easy-rsa/2.0/build-inter	2011-04-06 18:05:52.000000000 +0200
+++ openvpn-2.2.0/easy-rsa/2.0/build-inter	2011-04-27 22:37:59.789289422 +0200
@@ -3,5 +3,5 @@
 # Make an intermediate CA certificate/private key pair using a locally generated
 # root certificate.
 
-export EASY_RSA="${EASY_RSA:-.}"
-"$EASY_RSA/pkitool" --interact --inter $*
+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
+/usr/sbin/pkitool --interact --inter $*
--- openvpn-2.2.0-orig/easy-rsa/2.0/build-key	2011-04-06 18:05:52.000000000 +0200
+++ openvpn-2.2.0/easy-rsa/2.0/build-key	2011-04-27 22:38:35.330924876 +0200
@@ -3,5 +3,5 @@
 # Make a certificate/private key pair using a locally generated
 # root certificate.
 
-export EASY_RSA="${EASY_RSA:-.}"
-"$EASY_RSA/pkitool" --interact $*
+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
+/usr/sbin/pkitool --interact $*
--- openvpn-2.2.0-orig/easy-rsa/2.0/build-key-pass	2011-04-06 18:05:52.000000000 +0200
+++ openvpn-2.2.0/easy-rsa/2.0/build-key-pass	2011-04-27 22:39:23.919827311 +0200
@@ -3,5 +3,5 @@
 # Similar to build-key, but protect the private key
 # with a password.
 
-export EASY_RSA="${EASY_RSA:-.}"
-"$EASY_RSA/pkitool" --interact --pass $*
+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
+/usr/sbin/pkitool --interact --pass $*
--- openvpn-2.2.0-orig/easy-rsa/2.0/build-key-pkcs12	2011-04-06 18:05:52.000000000 +0200
+++ openvpn-2.2.0/easy-rsa/2.0/build-key-pkcs12	2011-04-27 22:40:10.288627524 +0200
@@ -4,5 +4,5 @@
 # root certificate and convert it to a PKCS #12 file including the
 # the CA certificate as well.
 
-export EASY_RSA="${EASY_RSA:-.}"
-"$EASY_RSA/pkitool" --interact --pkcs12 $*
+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
+/usr/sbin/pkitool --interact --pkcs12 $*
--- openvpn-2.2.0-orig/easy-rsa/2.0/build-key-server	2011-04-06 18:05:52.000000000 +0200
+++ openvpn-2.2.0/easy-rsa/2.0/build-key-server	2011-04-27 22:41:24.715385295 +0200
@@ -6,5 +6,5 @@
 # Explicitly set nsCertType to server using the "server"
 # extension in the openssl.cnf file.
 
-export EASY_RSA="${EASY_RSA:-.}"
-"$EASY_RSA/pkitool" --interact --server $*
+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
+/usr/sbin/pkitool --interact --server $*
--- openvpn-2.2.0-orig/easy-rsa/2.0/build-req	2011-04-06 18:05:52.000000000 +0200
+++ openvpn-2.2.0/easy-rsa/2.0/build-req	2011-04-27 22:41:59.636992013 +0200
@@ -3,5 +3,5 @@
 # Build a certificate signing request and private key.  Use this
 # when your root certificate and key is not available locally.
 
-export EASY_RSA="${EASY_RSA:-.}"
-"$EASY_RSA/pkitool" --interact --csr $*
+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
+/usr/sbin/pkitool --interact --csr $*
--- openvpn-2.2.0-orig/easy-rsa/2.0/build-req-pass	2011-04-06 18:05:52.000000000 +0200
+++ openvpn-2.2.0/easy-rsa/2.0/build-req-pass	2011-04-27 22:43:36.938135257 +0200
@@ -3,5 +3,5 @@
 # Like build-req, but protect your private key
 # with a password.
 
-export EASY_RSA="${EASY_RSA:-.}"
-"$EASY_RSA/pkitool" --interact --csr --pass $*
+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
+/usr/sbin/pkitool --interact --csr --pass $*
--- openvpn-2.2.0-orig/easy-rsa/2.0/clean-all	2011-04-06 18:05:52.000000000 +0200
+++ openvpn-2.2.0/easy-rsa/2.0/clean-all	2011-04-27 22:44:36.544210785 +0200
@@ -4,6 +4,10 @@
 # Note that this script does a
 # rm -rf on $KEY_DIR so be careful!
 
+if [ -z "$EASY_RSA" ]; then
+       . /etc/easy-rsa/vars
+fi
+
 if [ "$KEY_DIR" ]; then
     rm -rf "$KEY_DIR"
     mkdir "$KEY_DIR" && \
--- openvpn-2.2.0-orig/easy-rsa/2.0/inherit-inter	2011-04-06 18:05:52.000000000 +0200
+++ openvpn-2.2.0/easy-rsa/2.0/inherit-inter	2011-04-27 22:45:20.809580498 +0200
@@ -9,6 +9,10 @@
 # To build an intermediate CA, follow the same steps for a regular PKI but
 # replace ./build-key or ./pkitool --initca with this script.
 
+if [ -z "$EASY_RSA" ]; then
+       . /etc/easy-rsa/vars
+fi
+
 # The EXPORT_CA file will contain the CA certificate chain and should be
 # referenced by the OpenVPN "ca" directive in config files.  The ca.crt file
 # will only contain the local intermediate CA -- it's needed by the easy-rsa
--- easy-rsa-2.2.2/easy-rsa/2.0/list-crl	2015-06-02 21:09:57.640431912 +0300
+++ easy-rsa-2.2.2/easy-rsa/2.0/list-crl	2015-06-02 21:28:49.245772384 +0300
@@ -2,6 +2,13 @@
 
 # list revoked certificates
 
+if [ -z "$EASY_RSA" ]; then
+	. /etc/easy-rsa/vars
+fi
+
+# Set tool defaults
+[ -n "$OPENSSL" ] || export OPENSSL="openssl"
+
 CRL="${1:-crl.pem}"
 
 if [ "$KEY_DIR" ]; then
--- easy-rsa-2.2.2/easy-rsa/2.0/pkitool~	2015-06-02 21:08:57.000000000 +0300
+++ easy-rsa-2.2.2/easy-rsa/2.0/pkitool	2015-06-02 21:11:42.382534794 +0300
@@ -42,6 +42,10 @@
     exit 1
 }
 
+if [ -z "$EASY_RSA" ]; then
+       . /etc/easy-rsa/vars
+fi
+
 need_vars()
 {
     echo '  Please edit the vars script to reflect your configuration,'
--- openvpn-2.2.0/easy-rsa/2.0/revoke-full	2011-04-27 22:56:07.449351374 +0200
+++ easy-rsa-2.2.2/easy-rsa/2.0/revoke-full	2015-06-02 21:30:26.690819476 +0300
@@ -3,6 +3,13 @@
 # revoke a certificate, regenerate CRL,
 # and verify revocation
 
+if [ -z "$EASY_RSA" ]; then
+       . /etc/easy-rsa/vars
+fi
+
+# Set tool defaults
+[ -n "$OPENSSL" ] || export OPENSSL="openssl"
+
 CRL="crl.pem"
 RT="revoke-test.pem"
 
--- openvpn-2.2.0-orig/easy-rsa/2.0/sign-req	2011-04-06 18:05:52.000000000 +0200
+++ openvpn-2.2.0/easy-rsa/2.0/sign-req	2011-04-27 22:56:46.124465700 +0200
@@ -3,5 +3,5 @@
 # Sign a certificate signing request (a .csr file)
 # with a local root certificate and key.
 
-export EASY_RSA="${EASY_RSA:-.}"
-"$EASY_RSA/pkitool" --interact --sign $*
+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
+/usr/sbin/pkitool --interact --sign $*
--- openvpn-2.2.0-orig/easy-rsa/2.0/vars	2010-10-21 11:18:17.000000000 +0200
+++ openvpn-2.2.0/easy-rsa/2.0/vars	2011-04-27 22:58:41.789791888 +0200
@@ -12,21 +12,12 @@
 # This variable should point to
 # the top level of the easy-rsa
 # tree.
-export EASY_RSA="`pwd`"
-
-#
-# This variable should point to
-# the requested executables
-#
-export OPENSSL="openssl"
-export PKCS11TOOL="pkcs11-tool"
-export GREP="grep"
-
+export EASY_RSA="/etc/easy-rsa"
 
 # This variable should point to
 # the openssl.cnf file included
 # with easy-rsa.
-export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+export KEY_CONFIG="$EASY_RSA/openssl.cnf"
 
 # Edit this variable to point to
 # your soon-to-be-created key
@@ -38,9 +29,6 @@
 # it correctly!
 export KEY_DIR="$EASY_RSA/keys"
 
-# Issue rm -rf warning
-echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
-
 # PKCS11 fixes
 export PKCS11_MODULE_PATH="dummy"
 export PKCS11_PIN="dummy"
Commit	Line	Data
7b891ac1 AM	1	--- openvpn-2.2.0-orig/easy-rsa/2.0/build-ca 2011-04-06 18:05:52.000000000 +0200
	2	+++ openvpn-2.2.0/easy-rsa/2.0/build-ca 2011-04-27 22:34:59.357652908 +0200
	3	@@ -4,5 +4,5 @@
	4	# Build a root certificate
	5	#
	6
	7	-export EASY_RSA="${EASY_RSA:-.}"
	8	-"$EASY_RSA/pkitool" --interact --initca $*
	9	+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
	10	+/usr/sbin/pkitool --interact --initca $*
948aa51d ER	11	--- openvpn-2.2.0/easy-rsa/2.0/build-dh 2011-04-27 22:36:11.867656490 +0200
	12	+++ easy-rsa-2.2.2/easy-rsa/2.0/build-dh 2015-06-02 21:31:45.871587248 +0300
	13	@@ -3,4 +3,11 @@
7b891ac1 AM	14	# Build Diffie-Hellman parameters for the server side
	15	# of an SSL/TLS connection.
	16
	17	+if [ -z "$EASY_RSA" ]; then
	18	+ . /etc/easy-rsa/vars
	19	+fi
948aa51d ER	20	+
	21	+# Set tool defaults
	22	+[ -n "$OPENSSL" ] \|\| export OPENSSL="openssl"
7b891ac1 AM	23	+
7b891ac1 AM	24	if [ -d $KEY_DIR ] && [ $KEY_SIZE ]; then
7b891ac1 AM	25	--- openvpn-2.2.0-orig/easy-rsa/2.0/build-inter 2011-04-06 18:05:52.000000000 +0200
	26	+++ openvpn-2.2.0/easy-rsa/2.0/build-inter 2011-04-27 22:37:59.789289422 +0200
	27	@@ -3,5 +3,5 @@
	28	# Make an intermediate CA certificate/private key pair using a locally generated
	29	# root certificate.
	30
	31	-export EASY_RSA="${EASY_RSA:-.}"
	32	-"$EASY_RSA/pkitool" --interact --inter $*
	33	+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
	34	+/usr/sbin/pkitool --interact --inter $*
7b891ac1 AM	35	--- openvpn-2.2.0-orig/easy-rsa/2.0/build-key 2011-04-06 18:05:52.000000000 +0200
	36	+++ openvpn-2.2.0/easy-rsa/2.0/build-key 2011-04-27 22:38:35.330924876 +0200
	37	@@ -3,5 +3,5 @@
	38	# Make a certificate/private key pair using a locally generated
	39	# root certificate.
	40
	41	-export EASY_RSA="${EASY_RSA:-.}"
	42	-"$EASY_RSA/pkitool" --interact $*
	43	+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
	44	+/usr/sbin/pkitool --interact $*
7b891ac1 AM	45	--- openvpn-2.2.0-orig/easy-rsa/2.0/build-key-pass 2011-04-06 18:05:52.000000000 +0200
	46	+++ openvpn-2.2.0/easy-rsa/2.0/build-key-pass 2011-04-27 22:39:23.919827311 +0200
	47	@@ -3,5 +3,5 @@
	48	# Similar to build-key, but protect the private key
	49	# with a password.
	50
	51	-export EASY_RSA="${EASY_RSA:-.}"
	52	-"$EASY_RSA/pkitool" --interact --pass $*
	53	+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
	54	+/usr/sbin/pkitool --interact --pass $*
7b891ac1 AM	55	--- openvpn-2.2.0-orig/easy-rsa/2.0/build-key-pkcs12 2011-04-06 18:05:52.000000000 +0200
	56	+++ openvpn-2.2.0/easy-rsa/2.0/build-key-pkcs12 2011-04-27 22:40:10.288627524 +0200
	57	@@ -4,5 +4,5 @@
	58	# root certificate and convert it to a PKCS #12 file including the
	59	# the CA certificate as well.
	60
	61	-export EASY_RSA="${EASY_RSA:-.}"
	62	-"$EASY_RSA/pkitool" --interact --pkcs12 $*
	63	+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
	64	+/usr/sbin/pkitool --interact --pkcs12 $*
7b891ac1 AM	65	--- openvpn-2.2.0-orig/easy-rsa/2.0/build-key-server 2011-04-06 18:05:52.000000000 +0200
	66	+++ openvpn-2.2.0/easy-rsa/2.0/build-key-server 2011-04-27 22:41:24.715385295 +0200
	67	@@ -6,5 +6,5 @@
	68	# Explicitly set nsCertType to server using the "server"
	69	# extension in the openssl.cnf file.
	70
	71	-export EASY_RSA="${EASY_RSA:-.}"
	72	-"$EASY_RSA/pkitool" --interact --server $*
	73	+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
	74	+/usr/sbin/pkitool --interact --server $*
7b891ac1 AM	75	--- openvpn-2.2.0-orig/easy-rsa/2.0/build-req 2011-04-06 18:05:52.000000000 +0200
	76	+++ openvpn-2.2.0/easy-rsa/2.0/build-req 2011-04-27 22:41:59.636992013 +0200
	77	@@ -3,5 +3,5 @@
	78	# Build a certificate signing request and private key. Use this
	79	# when your root certificate and key is not available locally.
	80
	81	-export EASY_RSA="${EASY_RSA:-.}"
	82	-"$EASY_RSA/pkitool" --interact --csr $*
	83	+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
	84	+/usr/sbin/pkitool --interact --csr $*
7b891ac1 AM	85	--- openvpn-2.2.0-orig/easy-rsa/2.0/build-req-pass 2011-04-06 18:05:52.000000000 +0200
	86	+++ openvpn-2.2.0/easy-rsa/2.0/build-req-pass 2011-04-27 22:43:36.938135257 +0200
	87	@@ -3,5 +3,5 @@
	88	# Like build-req, but protect your private key
	89	# with a password.
	90
	91	-export EASY_RSA="${EASY_RSA:-.}"
	92	-"$EASY_RSA/pkitool" --interact --csr --pass $*
	93	+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
	94	+/usr/sbin/pkitool --interact --csr --pass $*
7b891ac1 AM	95	--- openvpn-2.2.0-orig/easy-rsa/2.0/clean-all 2011-04-06 18:05:52.000000000 +0200
	96	+++ openvpn-2.2.0/easy-rsa/2.0/clean-all 2011-04-27 22:44:36.544210785 +0200
	97	@@ -4,6 +4,10 @@
	98	# Note that this script does a
	99	# rm -rf on $KEY_DIR so be careful!
	100
	101	+if [ -z "$EASY_RSA" ]; then
	102	+ . /etc/easy-rsa/vars
	103	+fi
	104	+
	105	if [ "$KEY_DIR" ]; then
	106	rm -rf "$KEY_DIR"
	107	mkdir "$KEY_DIR" && \
7b891ac1 AM	108	--- openvpn-2.2.0-orig/easy-rsa/2.0/inherit-inter 2011-04-06 18:05:52.000000000 +0200
	109	+++ openvpn-2.2.0/easy-rsa/2.0/inherit-inter 2011-04-27 22:45:20.809580498 +0200
	110	@@ -9,6 +9,10 @@
	111	# To build an intermediate CA, follow the same steps for a regular PKI but
	112	# replace ./build-key or ./pkitool --initca with this script.
	113
	114	+if [ -z "$EASY_RSA" ]; then
	115	+ . /etc/easy-rsa/vars
	116	+fi
	117	+
	118	# The EXPORT_CA file will contain the CA certificate chain and should be
	119	# referenced by the OpenVPN "ca" directive in config files. The ca.crt file
	120	# will only contain the local intermediate CA -- it's needed by the easy-rsa
948aa51d ER	121	--- easy-rsa-2.2.2/easy-rsa/2.0/list-crl 2015-06-02 21:09:57.640431912 +0300
	122	+++ easy-rsa-2.2.2/easy-rsa/2.0/list-crl 2015-06-02 21:28:49.245772384 +0300
	123	@@ -2,6 +2,13 @@
7b891ac1 AM	124
	125	# list revoked certificates
	126
	127	+if [ -z "$EASY_RSA" ]; then
d5801c5f	128	+ . /etc/easy-rsa/vars
7b891ac1	129	+fi
948aa51d ER	130	+
	131	+# Set tool defaults
	132	+[ -n "$OPENSSL" ] \|\| export OPENSSL="openssl"
7b891ac1 AM	133	+
	134	CRL="${1:-crl.pem}"
	135
	136	if [ "$KEY_DIR" ]; then
d5801c5f ER	137	--- easy-rsa-2.2.2/easy-rsa/2.0/pkitool~ 2015-06-02 21:08:57.000000000 +0300
d5801c5f ER	138	+++ easy-rsa-2.2.2/easy-rsa/2.0/pkitool 2015-06-02 21:11:42.382534794 +0300
7b891ac1 AM	139	@@ -42,6 +42,10 @@
	140	exit 1
	141	}
	142
	143	+if [ -z "$EASY_RSA" ]; then
	144	+ . /etc/easy-rsa/vars
	145	+fi
	146	+
	147	need_vars()
	148	{
	149	echo ' Please edit the vars script to reflect your configuration,'
948aa51d ER	150	--- openvpn-2.2.0/easy-rsa/2.0/revoke-full 2011-04-27 22:56:07.449351374 +0200
	151	+++ easy-rsa-2.2.2/easy-rsa/2.0/revoke-full 2015-06-02 21:30:26.690819476 +0300
	152	@@ -3,6 +3,13 @@
7b891ac1 AM	153	# revoke a certificate, regenerate CRL,
	154	# and verify revocation
	155
	156	+if [ -z "$EASY_RSA" ]; then
	157	+ . /etc/easy-rsa/vars
	158	+fi
948aa51d ER	159	+
	160	+# Set tool defaults
	161	+[ -n "$OPENSSL" ] \|\| export OPENSSL="openssl"
7b891ac1 AM	162	+
	163	CRL="crl.pem"
	164	RT="revoke-test.pem"
	165
7b891ac1 AM	166	--- openvpn-2.2.0-orig/easy-rsa/2.0/sign-req 2011-04-06 18:05:52.000000000 +0200
	167	+++ openvpn-2.2.0/easy-rsa/2.0/sign-req 2011-04-27 22:56:46.124465700 +0200
	168	@@ -3,5 +3,5 @@
	169	# Sign a certificate signing request (a .csr file)
	170	# with a local root certificate and key.
	171
	172	-export EASY_RSA="${EASY_RSA:-.}"
	173	-"$EASY_RSA/pkitool" --interact --sign $*
	174	+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
	175	+/usr/sbin/pkitool --interact --sign $*
7b891ac1 AM	176	--- openvpn-2.2.0-orig/easy-rsa/2.0/vars 2010-10-21 11:18:17.000000000 +0200
	177	+++ openvpn-2.2.0/easy-rsa/2.0/vars 2011-04-27 22:58:41.789791888 +0200
	178	@@ -12,21 +12,12 @@
	179	# This variable should point to
	180	# the top level of the easy-rsa
	181	# tree.
	182	-export EASY_RSA="`pwd`"
	183	-
	184	-#
	185	-# This variable should point to
	186	-# the requested executables
	187	-#
	188	-export OPENSSL="openssl"
	189	-export PKCS11TOOL="pkcs11-tool"
	190	-export GREP="grep"
	191	-
	192	+export EASY_RSA="/etc/easy-rsa"
	193
	194	# This variable should point to
	195	# the openssl.cnf file included
	196	# with easy-rsa.
	197	-export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
	198	+export KEY_CONFIG="$EASY_RSA/openssl.cnf"
	199
	200	# Edit this variable to point to
	201	# your soon-to-be-created key
	202	@@ -38,9 +29,6 @@
	203	# it correctly!
	204	export KEY_DIR="$EASY_RSA/keys"
	205
	206	-# Issue rm -rf warning
	207	-echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
	208	-
	209	# PKCS11 fixes
	210	export PKCS11_MODULE_PATH="dummy"
	211	export PKCS11_PIN="dummy"