From: nbd Date: Wed, 30 Jan 2013 20:07:38 +0000 (+0000) Subject: polarssl,openvpn,openvpn-devel: delete (merged to trunk) X-Git-Url: http://git.archive.openwrt.org/?a=commitdiff_plain;h=7904b46340bd7e54037dca1465ad468b602ab660;p=packages.git polarssl,openvpn,openvpn-devel: delete (merged to trunk) git-svn-id: svn://svn.openwrt.org/openwrt/packages@35414 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- diff --git a/libs/polarssl/Makefile b/libs/polarssl/Makefile deleted file mode 100644 index 5dc2cf438..000000000 --- a/libs/polarssl/Makefile +++ /dev/null @@ -1,81 +0,0 @@ -# -# Copyright (C) 2011 OpenWrt.org -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# - -include $(TOPDIR)/rules.mk - -PKG_NAME:=polarssl -PKG_VERSION:=1.1.3 -PKG_RELEASE:=1 - -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-gpl.tgz -PKG_SOURCE_URL:=http://polarssl.org/code/releases -PKG_MD5SUM:=fdd367e3b5ab43ed2af8ffbdfaf0fb81 - -include $(INCLUDE_DIR)/package.mk -include $(INCLUDE_DIR)/cmake.mk - -define Package/polarssl/Default - SUBMENU:=SSL - TITLE:=Embedded SSL - URL:=http://polarssl.org/ -endef - -define Package/polarssl/Default/description -The aim of the PolarSSL project is to provide a quality, open-source -cryptographic library written in C and targeted at embedded systems. -endef - -define Package/libpolarssl -$(call Package/polarssl/Default) - SECTION:=libs - CATEGORY:=Libraries - TITLE+= (library) -endef - -define Package/libpolarssl/description -$(call Package/polarssl/Default/description) -This package contains the PolarSSL library. -endef - -define Package/polarssl-progs -$(call Package/polarssl/Default) - SECTION:=utils - CATEGORY:=Utilities - DEPENDS:=+libpolarssl - TITLE+= (programs) -endef - -define Package/polarssl-progs/description -$(call Package/polarssl/Default/description) -This package contains the PolarSSL programs. -endef - -PKG_INSTALL:=1 - -CMAKE_OPTIONS += \ - -DCMAKE_BUILD_TYPE:String="Release" \ - -DUSE_SHARED_POLARSSL_LIBRARY:Bool=ON \ - -define Build/InstallDev - $(INSTALL_DIR) $(1)/usr/include - $(CP) $(PKG_INSTALL_DIR)/usr/include/polarssl $(1)/usr/include/ - $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libpolarssl.so* $(1)/usr/lib/ -endef - -define Package/libpolarssl/install - $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libpolarssl.so* $(1)/usr/lib/ -endef - -define Package/polarssl-progs/install - $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/* $(1)/usr/bin/ -endef - -$(eval $(call BuildPackage,libpolarssl)) -$(eval $(call BuildPackage,polarssl-progs)) diff --git a/libs/polarssl/patches/100-disable-testsuites.patch b/libs/polarssl/patches/100-disable-testsuites.patch deleted file mode 100644 index b001cd6bf..000000000 --- a/libs/polarssl/patches/100-disable-testsuites.patch +++ /dev/null @@ -1,29 +0,0 @@ ---- a/tests/CMakeLists.txt 2012-05-20 18:37:02.390717106 +0200 -+++ b/tests/CMakeLists.txt 2012-05-20 18:37:12.282800152 +0200 -@@ -26,26 +26,3 @@ - endfunction(add_test_suite) - - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-unused-function -Wno-unused-value") -- --add_test_suite(aes) --add_test_suite(arc4) --add_test_suite(base64) --add_test_suite(camellia) --add_test_suite(cipher cipher.aes) --add_test_suite(cipher cipher.camellia) --add_test_suite(cipher cipher.des) --add_test_suite(ctr_drbg) --add_test_suite(debug) --add_test_suite(des) --add_test_suite(dhm) --add_test_suite(error) --add_test_suite(hmac_shax) --add_test_suite(md) --add_test_suite(mdx) --add_test_suite(mpi) --add_test_suite(pkcs1_v21) --add_test_suite(shax) --add_test_suite(rsa) --add_test_suite(version) --add_test_suite(xtea) --add_test_suite(x509parse) diff --git a/net/openvpn-devel/Config-nossl.in b/net/openvpn-devel/Config-nossl.in deleted file mode 100644 index 94d234929..000000000 --- a/net/openvpn-devel/Config-nossl.in +++ /dev/null @@ -1,68 +0,0 @@ -menu "Configuration" - depends on PACKAGE_openvpn-devel-nossl - -config OPENVPN_DEVEL_nossl_ENABLE_LZO - bool "Enable LZO compression support" - default y - -#config OPENVPN_DEVEL_nossl_ENABLE_CRYPTO -# bool "Enable crypto support" -# default y - -#config OPENVPN_DEVEL_nossl_ENABLE_SSL -# bool "Enable SSL support for TLS-based key exchange" -# default y - -config OPENVPN_DEVEL_nossl_ENABLE_X509_ALT_USERNAME - bool "Enable the --x509-username-field feature" - default n - -config OPENVPN_DEVEL_nossl_ENABLE_SERVER - bool "Enable server support (otherwise only client mode is support)" - default y - -#config OPENVPN_DEVEL_nossl_ENABLE_EUREPHIA -# bool "Enable support for the eurephia plug-in" -# default n - -config OPENVPN_DEVEL_nossl_ENABLE_MANAGEMENT - bool "Enable management server support" - default n - -#config OPENVPN_DEVEL_nossl_ENABLE_PKCS11 -# bool "Enable pkcs11 support" -# default n - -config OPENVPN_DEVEL_nossl_ENABLE_HTTP - bool "Enable HTTP proxy support" - default y - -config OPENVPN_DEVEL_nossl_ENABLE_SOCKS - bool "Enable SOCKS proxy support" - default y - -config OPENVPN_DEVEL_nossl_ENABLE_FRAGMENT - bool "Enable internal fragmentation support (--fragment)" - default y - -config OPENVPN_DEVEL_nossl_ENABLE_MULTIHOME - bool "Enable multi-homed UDP server support (--multihome)" - default y - -config OPENVPN_DEVEL_nossl_ENABLE_PORT_SHARE - bool "Enable TCP server port-share support (--port-share)" - default y - -config OPENVPN_DEVEL_nossl_ENABLE_DEF_AUTH - bool "Enable deferred authentication" - default y - -config OPENVPN_DEVEL_nossl_ENABLE_PF - bool "Enable internal packet filter" - default y - -config OPENVPN_DEVEL_nossl_ENABLE_IPROUTE2 - bool "Enable support for iproute2" - default n - -endmenu diff --git a/net/openvpn-devel/Config-openssl.in b/net/openvpn-devel/Config-openssl.in deleted file mode 100644 index 0c01a918e..000000000 --- a/net/openvpn-devel/Config-openssl.in +++ /dev/null @@ -1,68 +0,0 @@ -menu "Configuration" - depends on PACKAGE_openvpn-devel-openssl - -config OPENVPN_DEVEL_openssl_ENABLE_LZO - bool "Enable LZO compression support" - default y - -#config OPENVPN_DEVEL_openssl_ENABLE_CRYPTO -# bool "Enable crypto support" -# default y - -#config OPENVPN_DEVEL_openssl_ENABLE_SSL -# bool "Enable SSL support for TLS-based key exchange" -# default y - -config OPENVPN_DEVEL_openssl_ENABLE_X509_ALT_USERNAME - bool "Enable the --x509-username-field feature" - default n - -config OPENVPN_DEVEL_openssl_ENABLE_SERVER - bool "Enable server support (otherwise only client mode is support)" - default y - -#config OPENVPN_DEVEL_openssl_ENABLE_EUREPHIA -# bool "Enable support for the eurephia plug-in" -# default n - -config OPENVPN_DEVEL_openssl_ENABLE_MANAGEMENT - bool "Enable management server support" - default n - -#config OPENVPN_DEVEL_openssl_ENABLE_PKCS11 -# bool "Enable pkcs11 support" -# default n - -config OPENVPN_DEVEL_openssl_ENABLE_HTTP - bool "Enable HTTP proxy support" - default y - -config OPENVPN_DEVEL_openssl_ENABLE_SOCKS - bool "Enable SOCKS proxy support" - default y - -config OPENVPN_DEVEL_openssl_ENABLE_FRAGMENT - bool "Enable internal fragmentation support (--fragment)" - default y - -config OPENVPN_DEVEL_openssl_ENABLE_MULTIHOME - bool "Enable multi-homed UDP server support (--multihome)" - default y - -config OPENVPN_DEVEL_openssl_ENABLE_PORT_SHARE - bool "Enable TCP server port-share support (--port-share)" - default y - -config OPENVPN_DEVEL_openssl_ENABLE_DEF_AUTH - bool "Enable deferred authentication" - default y - -config OPENVPN_DEVEL_openssl_ENABLE_PF - bool "Enable internal packet filter" - default y - -config OPENVPN_DEVEL_openssl_ENABLE_IPROUTE2 - bool "Enable support for iproute2" - default n - -endmenu diff --git a/net/openvpn-devel/Config-polarssl.in b/net/openvpn-devel/Config-polarssl.in deleted file mode 100644 index e66e1aad5..000000000 --- a/net/openvpn-devel/Config-polarssl.in +++ /dev/null @@ -1,68 +0,0 @@ -menu "Configuration" - depends on PACKAGE_openvpn-devel-polarssl - -config OPENVPN_DEVEL_polarssl_ENABLE_LZO - bool "Enable LZO compression support" - default y - -#config OPENVPN_DEVEL_polarssl_ENABLE_CRYPTO -# bool "Enable crypto support" -# default y - -#config OPENVPN_DEVEL_polarssl_ENABLE_SSL -# bool "Enable SSL support for TLS-based key exchange" -# default y - -config OPENVPN_DEVEL_polarssl_ENABLE_X509_ALT_USERNAME - bool "Enable the --x509-username-field feature" - default n - -config OPENVPN_DEVEL_polarssl_ENABLE_SERVER - bool "Enable server support (otherwise only client mode is support)" - default y - -#config OPENVPN_DEVEL_polarssl_ENABLE_EUREPHIA -# bool "Enable support for the eurephia plug-in" -# default n - -config OPENVPN_DEVEL_polarssl_ENABLE_MANAGEMENT - bool "Enable management server support" - default n - -#config OPENVPN_DEVEL_polarssl_ENABLE_PKCS11 -# bool "Enable pkcs11 support" -# default n - -config OPENVPN_DEVEL_polarssl_ENABLE_HTTP - bool "Enable HTTP proxy support" - default y - -config OPENVPN_DEVEL_polarssl_ENABLE_SOCKS - bool "Enable SOCKS proxy support" - default y - -config OPENVPN_DEVEL_polarssl_ENABLE_FRAGMENT - bool "Enable internal fragmentation support (--fragment)" - default y - -config OPENVPN_DEVEL_polarssl_ENABLE_MULTIHOME - bool "Enable multi-homed UDP server support (--multihome)" - default y - -config OPENVPN_DEVEL_polarssl_ENABLE_PORT_SHARE - bool "Enable TCP server port-share support (--port-share)" - default y - -config OPENVPN_DEVEL_polarssl_ENABLE_DEF_AUTH - bool "Enable deferred authentication" - default y - -config OPENVPN_DEVEL_polarssl_ENABLE_PF - bool "Enable internal packet filter" - default y - -config OPENVPN_DEVEL_polarssl_ENABLE_IPROUTE2 - bool "Enable support for iproute2" - default n - -endmenu diff --git a/net/openvpn-devel/Makefile b/net/openvpn-devel/Makefile deleted file mode 100644 index 3aa207bab..000000000 --- a/net/openvpn-devel/Makefile +++ /dev/null @@ -1,152 +0,0 @@ -# -# Copyright (C) 2010-2012 OpenWrt.org -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# - -include $(TOPDIR)/rules.mk - -PKG_NAME:=openvpn-devel - -PKG_REV:=5d4f5435a421299ed047485d8d99bdf9a0d22fd1 -PKG_VERSION:=r$(PKG_REV) -PKG_RELEASE=1 - -PKG_SOURCE_PROTO:=git -PKG_SOURCE_URL:=git://openvpn.git.sourceforge.net/gitroot/openvpn/openvpn.git -PKG_SOURCE_VERSION:=$(PKG_REV) -PKG_SOURCE:=openvpn-$(PKG_VERSION).tar.gz -PKG_SOURCE_SUBDIR:=openvpn-$(PKG_VERSION) - -PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/openvpn-$(PKG_VERSION) - -PKG_INSTALL:=1 -PKG_FIXUP:=autoreconf -PKG_BUILD_PARALLEL:=1 - -include $(INCLUDE_DIR)/package.mk - -define Package/openvpn-devel/Default - TITLE:=Open source VPN solution using $(2) - SECTION:=net - CATEGORY:=Network - URL:=http://openvpn.net - SUBMENU:=VPN - MENU:=1 - DEPENDS:=+kmod-tun +OPENVPN_DEVEL_$(1)_ENABLE_LZO:liblzo +OPENVPN_DEVEL_$(1)_ENABLE_IPROUTE2:ip $(3) - VARIANT:=$(1) - MAINTAINER:=Mirko Vogt -endef - -Package/openvpn-devel-openssl=$(call Package/openvpn-devel/Default,openssl,OpenSSL,+libopenssl) -Package/openvpn-devel-polarssl=$(call Package/openvpn-devel/Default,polarssl,PolarSSL,+libpolarssl) -Package/openvpn-devel-nossl=$(call Package/openvpn-devel/Default,nossl,plaintext (no SSL)) - -define Package/openvpn-devel/config/Default - source "$(SOURCE)/Config-$(1).in" -endef - -Package/openvpn-devel-openssl/config=$(call Package/openvpn-devel/config/Default,openssl) -Package/openvpn-devel-polarssl/config=$(call Package/openvpn-devel/config/Default,polarssl) -Package/openvpn-devel-nossl/config=$(call Package/openvpn-devel/config/Default,nossl) - -#define Package/openvpn-devel-easy-rsa -# $(call Package/openvpn-devel-openssl) -# DEPENDS:=+openssl-util -# TITLE:=Simple shell scripts to manage a Certificate Authority -#endef - -#define Package/openvpn-devel-easy-rsa/conffiles -#/etc/easy-rsa/keys/serial -#/etc/easy-rsa/keys/index.txt -#/etc/easy-rsa/vars -#endef - - -ifeq ($(BUILD_VARIANT),polarssl) -CONFIG_OPENVPN_DEVEL_POLARSSL:=y -endif -ifeq ($(BUILD_VARIANT),openssl) -CONFIG_OPENVPN_DEVEL_OPENSSL:=y -endif -ifeq ($(BUILD_VARIANT),nossl) -CONFIG_OPENVPN_DEVEL_NOSSL:=y -endif - -CONFIGURE_VARS += \ - IFCONFIG=/sbin/ifconfig \ - ROUTE=/sbin/route \ - IPROUTE=/usr/sbin/ip \ - NETSTAT=/sbin/netstat - -define Build/Configure - $(call Build/Configure/Default, \ - --enable-small \ - --disable-selinux \ - --disable-systemd \ - --disable-plugins \ - --disable-debug \ - --disable-eurephia \ - --disable-pkcs11 \ - $(if $(CONFIG_OPENVPN_DEVEL_$(BUILD_VARIANT)_ENABLE_LZO),--enable,--disable)-lzo \ - $(if $(CONFIG_OPENVPN_DEVEL_$(BUILD_VARIANT)_ENABLE_CRYPTO),--enable,--disable)-crypto \ - $(if $(CONFIG_OPENVPN_DEVEL_$(BUILD_VARIANT)_ENABLE_X509_ALT_USERNAME),enable,disable-x509-alt-username)-ssl \ - $(if $(CONFIG_OPENVPN_DEVEL_$(BUILD_VARIANT)_ENABLE_SERVER),--enable,--disable)-server \ - $(if $(CONFIG_OPENVPN_DEVEL_$(BUILD_VARIANT)_ENABLE_MANAGEMENT),--enable,--disable)-management \ - $(if $(CONFIG_OPENVPN_DEVEL_$(BUILD_VARIANT)_ENABLE_SOCKS),--enable,--disable)-socks \ - $(if $(CONFIG_OPENVPN_DEVEL_$(BUILD_VARIANT)_ENABLE_HTTP),--enable,--disable)-http \ - $(if $(CONFIG_OPENVPN_DEVEL_$(BUILD_VARIANT)_ENABLE_FRAGMENT),--enable,--disable)-fragment \ - $(if $(CONFIG_OPENVPN_DEVEL_$(BUILD_VARIANT)_ENABLE_MULTIHOME),--enable,--disable)-multihome \ - $(if $(CONFIG_OPENVPN_DEVEL_$(BUILD_VARIANT)_ENABLE_IPROUTE2),--enable,--disable)-iproute2 \ - $(if $(CONFIG_OPENVPN_DEVEL_$(BUILD_VARIANT)_ENABLE_DEF_AUTH),--enable,--disable)-def-auth \ - $(if $(CONFIG_OPENVPN_DEVEL_$(BUILD_VARIANT)_ENABLE_PF),--enable,--disable)-pf \ - $(if $(CONFIG_OPENVPN_DEVEL_NOSSL),--disable-ssl --disable-crypto,--enable-ssl --enable-crypto) \ - $(if $(CONFIG_OPENVPN_DEVEL_OPENSSL),--with-crypto-library=openssl) \ - $(if $(CONFIG_OPENVPN_DEVEL_POLARSSL),--with-crypto-library=polarssl) \ - ) -endef - -define Package/openvpn-devel-$(BUILD_VARIANT)/conffiles -/etc/config/openvpn -endef - -define Package/openvpn-devel-$(BUILD_VARIANT)/install - $(INSTALL_DIR) \ - $(1)/usr/sbin \ - $(1)/etc/init.d \ - $(1)/etc/config \ - $(1)/etc/openvpn \ - $(1)/lib/upgrade/keep.d - - $(INSTALL_BIN) \ - $(PKG_INSTALL_DIR)/usr/sbin/openvpn \ - $(1)/usr/sbin/ - - $(INSTALL_BIN) \ - files/openvpn.init \ - $(1)/etc/init.d/openvpn - - $(INSTALL_CONF) files/openvpn.config \ - $(1)/etc/config/openvpn - - $(INSTALL_DATA) \ - files/openvpn.upgrade \ - $(1)/lib/upgrade/keep.d/openvpn -endef - -#define Package/openvpn-devel-easy-rsa/install -# $(INSTALL_DIR) $(1)/usr/sbin -# $(CP) $(PKG_BUILD_DIR)/easy-rsa/2.0/{build-*,clean-all,inherit-inter,list-crl,pkitool,revoke-full,sign-req,whichopensslcnf} $(1)/usr/sbin/ -# $(INSTALL_DIR) $(1)/etc/easy-rsa -# $(INSTALL_DATA) $(PKG_BUILD_DIR)/easy-rsa/2.0/openssl-1.0.0.cnf $(1)/etc/easy-rsa/openssl-1.0.0.cnf -# $(INSTALL_DATA) $(PKG_BUILD_DIR)/easy-rsa/2.0/vars $(1)/etc/easy-rsa/vars -# $(INSTALL_DIR) $(1)/etc/easy-rsa/keys -# $(INSTALL_DATA) files/easy-rsa.index $(1)/etc/easy-rsa/keys/index.txt -# $(INSTALL_DATA) files/easy-rsa.serial $(1)/etc/easy-rsa/keys/serial -#endef - -$(eval $(call BuildPackage,openvpn-devel-openssl)) -$(eval $(call BuildPackage,openvpn-devel-polarssl)) -$(eval $(call BuildPackage,openvpn-devel-nossl)) -#$(eval $(call BuildPackage,openvpn-devel-easy-rsa)) diff --git a/net/openvpn-devel/files b/net/openvpn-devel/files deleted file mode 120000 index aba90e9d6..000000000 --- a/net/openvpn-devel/files +++ /dev/null @@ -1 +0,0 @@ -../openvpn/files \ No newline at end of file diff --git a/net/openvpn/Config.in b/net/openvpn/Config.in deleted file mode 100644 index 82a85c596..000000000 --- a/net/openvpn/Config.in +++ /dev/null @@ -1,79 +0,0 @@ -menu "Configuration" - depends on PACKAGE_openvpn - -config OPENVPN_DISABLE_LZO - bool "Disable LZO compression support" - depends on PACKAGE_openvpn - default n - -config OPENVPN_DISABLE_CRYPTO - bool "Disable OpenSSL crypto support" - depends on PACKAGE_openvpn - default n - -config OPENVPN_DISABLE_SSL - bool "Disable OpenSSL SSL support for TLS-based key exchange" - depends on PACKAGE_openvpn - default n - -config OPENVPN_X509_ALT_USERNAME - bool "Enable the --x509-username-field feature" - depends on PACKAGE_openvpn - default n - -config OPENVPN_DISABLE_MULTI - bool "Disable client/server support (--mode server + client mode)" - depends on PACKAGE_openvpn - default n - -config OPENVPN_DISABLE_SERVER - bool "Disable server support only (but retain client support)" - depends on PACKAGE_openvpn - default n - -config OPENVPN_DISABLE_EUREPHIA - bool "Disable support for the eurephia plug-in" - depends on PACKAGE_openvpn - default y - -config OPENVPN_DISABLE_MANAGEMENT - bool "Disable management server support" - depends on PACKAGE_openvpn - default y - -config OPENVPN_DISABLE_PKCS11 - bool "Disable pkcs11 support" - depends on PACKAGE_openvpn - default n - -config OPENVPN_DISABLE_HTTP - bool "Disable HTTP proxy support" - depends on PACKAGE_openvpn - default n - -config OPENVPN_DISABLE_FRAGMENT - bool "Disable internal fragmentation support (--fragment)" - depends on PACKAGE_openvpn - default n - -config OPENVPN_DISABLE_MULTIHOME - bool "Disable multi-homed UDP server support (--multihome)" - depends on PACKAGE_openvpn - default n - -config OPENVPN_DISABLE_PORT_SHARE - bool "Disable TCP server port-share support (--port-share)" - depends on PACKAGE_openvpn - default n - -config OPENVPN_DISABLE_DEF_AUTH - bool "Disable deferred authentication" - depends on PACKAGE_openvpn - default n - -config OPENVPN_DISABLE_PF - bool "Disable internal packet filter" - depends on PACKAGE_openvpn - default n - -endmenu diff --git a/net/openvpn/Makefile b/net/openvpn/Makefile deleted file mode 100644 index 31e0b1e2b..000000000 --- a/net/openvpn/Makefile +++ /dev/null @@ -1,169 +0,0 @@ -# -# Copyright (C) 2006-2012 OpenWrt.org -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# - -include $(TOPDIR)/rules.mk - -PKG_NAME:=openvpn -PKG_VERSION:=2.2.2 -PKG_RELEASE:=2 - -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=http://swupdate.openvpn.net/community/releases @SF/openvpn -PKG_MD5SUM:=c5181e27b7945fa6276d21873329c5c7 - -PKG_INSTALL:=1 -PKG_BUILD_PARALLEL:=1 - -include $(INCLUDE_DIR)/package.mk - -define Package/openvpn - SECTION:=net - CATEGORY:=Network - SUBMENU:=VPN - DEPENDS:=+kmod-tun +libopenssl +!OPENVPN_DISABLE_LZO:liblzo - TITLE:=Open source VPN solution using SSL - URL:=http://openvpn.net - MENU:=1 -endef - -define Package/openvpn/description - Open source VPN solution using SSL -endef - -define Package/openvpn/config - source "$(SOURCE)/Config.in" -endef - - -define Package/openvpn-easy-rsa - $(call Package/openvpn) - DEPENDS:=+openssl-util - TITLE:=Simple shell scripts to manage a Certificate Authority -endef - -define Package/openvpn-easy-rsa/conffiles -/etc/easy-rsa/keys/serial -/etc/easy-rsa/keys/index.txt -/etc/easy-rsa/vars -endef - -CONFIGURE_ARGS+= \ - --with-ifconfig-path=/sbin/ifconfig \ - --with-iproute-path=/usr/sbin/ip \ - --with-route-path=/sbin/route \ - --enable-password-save \ - --disable-debug \ - --disable-plugins \ - --disable-pthread \ - --disable-selinux \ - --disable-socks \ - --enable-small - -ifeq ($(CONFIG_OPENVPN_DISABLE_LZO),y) -CONFIGURE_ARGS += \ - --disable-lzo -endif - -ifeq ($(CONFIG_OPENVPN_DISABLE_CRYPTO),y) -CONFIGURE_ARGS += \ - --disable-crypto -endif - -ifeq ($(CONFIG_OPENVPN_DISABLE_SSL),y) -CONFIGURE_ARGS += \ - --disable-ssl -endif - -ifeq ($(CONFIG_OPENVPN_X509_ALT_USERNAME),y) -CONFIGURE_ARGS += \ - --enable-x509-alt-username -endif - -ifeq ($(CONFIG_OPENVPN_DISABLE_MULTI),y) -CONFIGURE_ARGS += \ - --disable-multi -endif - -ifeq ($(CONFIG_OPENVPN_DISABLE_SERVER),y) -CONFIGURE_ARGS += \ - --disable-server -endif - -ifeq ($(CONFIG_OPENVPN_DISABLE_EUREPHIA),y) -CONFIGURE_ARGS += \ - --disable-eurephia -endif - -ifeq ($(CONFIG_OPENVPN_DISABLE_MANAGEMENT),y) -CONFIGURE_ARGS += \ - --disable-management -endif - -ifeq ($(CONFIG_OPENVPN_DISABLE_PKCS11),y) -CONFIGURE_ARGS += \ - --disable-pkcs11 -endif - -ifeq ($(CONFIG_OPENVPN_DISABLE_HTTP),y) -CONFIGURE_ARGS += \ - --disable-http -endif - -ifeq ($(CONFIG_OPENVPN_DISABLE_FRAGMENT),y) -CONFIGURE_ARGS += \ - --disable-fragment -endif - -ifeq ($(CONFIG_OPENVPN_DISABLE_MULTIHOME),y) -CONFIGURE_ARGS += \ - --disable-multihome -endif - -ifeq ($(CONFIG_OPENVPN_DISABLE_PORT_SHARE),y) -CONFIGURE_ARGS += \ - --disable-port-share -endif - -ifeq ($(CONFIG_OPENVPN_DISABLE_DEF_AUTH),y) -CONFIGURE_ARGS += \ - --disable-def-auth -endif - -ifeq ($(CONFIG_OPENVPN_DISABLE_PF),y) -CONFIGURE_ARGS += \ - --disable-pf -endif - -define Package/openvpn/conffiles -/etc/config/openvpn -endef - -define Package/openvpn/install - $(INSTALL_DIR) $(1)/usr/sbin - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/openvpn $(1)/usr/sbin/ - $(INSTALL_DIR) $(1)/etc/init.d/ - $(INSTALL_BIN) files/$(PKG_NAME).init $(1)/etc/init.d/$(PKG_NAME) - $(INSTALL_DIR) $(1)/etc/config - $(INSTALL_CONF) files/$(PKG_NAME).config $(1)/etc/config/$(PKG_NAME) - $(INSTALL_DIR) $(1)/etc/openvpn - $(INSTALL_DIR) $(1)/lib/upgrade/keep.d - $(INSTALL_DATA) files/openvpn.upgrade $(1)/lib/upgrade/keep.d/openvpn -endef - -define Package/openvpn-easy-rsa/install - $(INSTALL_DIR) $(1)/usr/sbin - $(CP) $(PKG_BUILD_DIR)/easy-rsa/2.0/{build-*,clean-all,inherit-inter,list-crl,pkitool,revoke-full,sign-req,whichopensslcnf} $(1)/usr/sbin/ - $(INSTALL_DIR) $(1)/etc/easy-rsa - $(INSTALL_DATA) $(PKG_BUILD_DIR)/easy-rsa/2.0/openssl-1.0.0.cnf $(1)/etc/easy-rsa/openssl-1.0.0.cnf - $(INSTALL_DATA) $(PKG_BUILD_DIR)/easy-rsa/2.0/vars $(1)/etc/easy-rsa/vars - $(INSTALL_DIR) $(1)/etc/easy-rsa/keys - $(INSTALL_DATA) files/easy-rsa.index $(1)/etc/easy-rsa/keys/index.txt - $(INSTALL_DATA) files/easy-rsa.serial $(1)/etc/easy-rsa/keys/serial -endef - -$(eval $(call BuildPackage,openvpn)) -$(eval $(call BuildPackage,openvpn-easy-rsa)) diff --git a/net/openvpn/files/easy-rsa.index b/net/openvpn/files/easy-rsa.index deleted file mode 100644 index e69de29bb..000000000 diff --git a/net/openvpn/files/easy-rsa.serial b/net/openvpn/files/easy-rsa.serial deleted file mode 100644 index 8a0f05e16..000000000 --- a/net/openvpn/files/easy-rsa.serial +++ /dev/null @@ -1 +0,0 @@ -01 diff --git a/net/openvpn/files/openvpn.config b/net/openvpn/files/openvpn.config deleted file mode 100644 index 4a1f66733..000000000 --- a/net/openvpn/files/openvpn.config +++ /dev/null @@ -1,398 +0,0 @@ -package openvpn - -################################################# -# Sample to include a custom config file. # -################################################# - -config openvpn custom_config - - # Set to 1 to enable this instance: - option enabled 0 - - # Include OpenVPN configuration - option config /etc/openvpn/my-vpn.conf - - -################################################# -# Sample OpenVPN 2.0 uci config for # -# multi-client server. # -################################################# - -config openvpn sample_server - - # Set to 1 to enable this instance: - option enabled 0 - - # Which local IP address should OpenVPN - # listen on? (optional) -# option local 0.0.0.0 - - # Which TCP/UDP port should OpenVPN listen on? - # If you want to run multiple OpenVPN instances - # on the same machine, use a different port - # number for each one. You will need to - # open up this port on your firewall. - option port 1194 - - # TCP or UDP server? -# option proto tcp - option proto udp - - # "dev tun" will create a routed IP tunnel, - # "dev tap" will create an ethernet tunnel. - # Use "dev tap0" if you are ethernet bridging - # and have precreated a tap0 virtual interface - # and bridged it with your ethernet interface. - # If you want to control access policies - # over the VPN, you must create firewall - # rules for the the TUN/TAP interface. - # On non-Windows systems, you can give - # an explicit unit number, such as tun0. - # On Windows, use "dev-node" for this. - # On most systems, the VPN will not function - # unless you partially or fully disable - # the firewall for the TUN/TAP interface. -# option dev tap - option dev tun - - # SSL/TLS root certificate (ca), certificate - # (cert), and private key (key). Each client - # and the server must have their own cert and - # key file. The server and all clients will - # use the same ca file. - # - # See the "easy-rsa" directory for a series - # of scripts for generating RSA certificates - # and private keys. Remember to use - # a unique Common Name for the server - # and each of the client certificates. - # - # Any X509 key management system can be used. - # OpenVPN can also use a PKCS #12 formatted key file - # (see "pkcs12" directive in man page). - option ca /etc/openvpn/ca.crt - option cert /etc/openvpn/server.crt - # This file should be kept secret: - option key /etc/openvpn/server.key - - # Diffie hellman parameters. - # Generate your own with: - # openssl dhparam -out dh1024.pem 1024 - # Substitute 2048 for 1024 if you are using - # 2048 bit keys. - option dh /etc/openvpn/dh1024.pem - - # Configure server mode and supply a VPN subnet - # for OpenVPN to draw client addresses from. - # The server will take 10.8.0.1 for itself, - # the rest will be made available to clients. - # Each client will be able to reach the server - # on 10.8.0.1. Comment this line out if you are - # ethernet bridging. See the man page for more info. - option server "10.8.0.0 255.255.255.0" - - # Maintain a record of client <-> virtual IP address - # associations in this file. If OpenVPN goes down or - # is restarted, reconnecting clients can be assigned - # the same virtual IP address from the pool that was - # previously assigned. - option ifconfig_pool_persist /tmp/ipp.txt - - # Configure server mode for ethernet bridging. - # You must first use your OS's bridging capability - # to bridge the TAP interface with the ethernet - # NIC interface. Then you must manually set the - # IP/netmask on the bridge interface, here we - # assume 10.8.0.4/255.255.255.0. Finally we - # must set aside an IP range in this subnet - # (start=10.8.0.50 end=10.8.0.100) to allocate - # to connecting clients. Leave this line commented - # out unless you are ethernet bridging. -# option server_bridge "10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100" - - # Push routes to the client to allow it - # to reach other private subnets behind - # the server. Remember that these - # private subnets will also need - # to know to route the OpenVPN client - # address pool (10.8.0.0/255.255.255.0) - # back to the OpenVPN server. -# list push "route 192.168.10.0 255.255.255.0" -# list push "route 192.168.20.0 255.255.255.0" - - # To assign specific IP addresses to specific - # clients or if a connecting client has a private - # subnet behind it that should also have VPN access, - # use the subdirectory "ccd" for client-specific - # configuration files (see man page for more info). - - # EXAMPLE: Suppose the client - # having the certificate common name "Thelonious" - # also has a small subnet behind his connecting - # machine, such as 192.168.40.128/255.255.255.248. - # First, uncomment out these lines: -# option client_config_dir /etc/openvpn/ccd -# list route "192.168.40.128 255.255.255.248" - # Then create a file ccd/Thelonious with this line: - # iroute 192.168.40.128 255.255.255.248 - # This will allow Thelonious' private subnet to - # access the VPN. This example will only work - # if you are routing, not bridging, i.e. you are - # using "dev tun" and "server" directives. - - # EXAMPLE: Suppose you want to give - # Thelonious a fixed VPN IP address of 10.9.0.1. - # First uncomment out these lines: -# option client_config_dir /etc/openvpn/ccd -# list route "10.9.0.0 255.255.255.252" -# list route "192.168.100.0 255.255.255.0" - # Then add this line to ccd/Thelonious: - # ifconfig-push "10.9.0.1 10.9.0.2" - - # Suppose that you want to enable different - # firewall access policies for different groups - # of clients. There are two methods: - # (1) Run multiple OpenVPN daemons, one for each - # group, and firewall the TUN/TAP interface - # for each group/daemon appropriately. - # (2) (Advanced) Create a script to dynamically - # modify the firewall in response to access - # from different clients. See man - # page for more info on learn-address script. -# option learn_address /etc/openvpn/script - - # If enabled, this directive will configure - # all clients to redirect their default - # network gateway through the VPN, causing - # all IP traffic such as web browsing and - # and DNS lookups to go through the VPN - # (The OpenVPN server machine may need to NAT - # the TUN/TAP interface to the internet in - # order for this to work properly). - # CAVEAT: May break client's network config if - # client's local DHCP server packets get routed - # through the tunnel. Solution: make sure - # client's local DHCP server is reachable via - # a more specific route than the default route - # of 0.0.0.0/0.0.0.0. -# list push "redirect-gateway" - - # Certain Windows-specific network settings - # can be pushed to clients, such as DNS - # or WINS server addresses. CAVEAT: - # http://openvpn.net/faq.html#dhcpcaveats -# list push "dhcp-option DNS 10.8.0.1" -# list push "dhcp-option WINS 10.8.0.1" - - # Uncomment this directive to allow different - # clients to be able to "see" each other. - # By default, clients will only see the server. - # To force clients to only see the server, you - # will also need to appropriately firewall the - # server's TUN/TAP interface. -# option client_to_client 1 - - # Uncomment this directive if multiple clients - # might connect with the same certificate/key - # files or common names. This is recommended - # only for testing purposes. For production use, - # each client should have its own certificate/key - # pair. - # - # IF YOU HAVE NOT GENERATED INDIVIDUAL - # CERTIFICATE/KEY PAIRS FOR EACH CLIENT, - # EACH HAVING ITS OWN UNIQUE "COMMON NAME", - # UNCOMMENT THIS LINE OUT. -# option duplicate_cn 1 - - # The keepalive directive causes ping-like - # messages to be sent back and forth over - # the link so that each side knows when - # the other side has gone down. - # Ping every 10 seconds, assume that remote - # peer is down if no ping received during - # a 120 second time period. - option keepalive "10 120" - - # For extra security beyond that provided - # by SSL/TLS, create an "HMAC firewall" - # to help block DoS attacks and UDP port flooding. - # - # Generate with: - # openvpn --genkey --secret ta.key - # - # The server and each client must have - # a copy of this key. - # The second parameter should be '0' - # on the server and '1' on the clients. - # This file is secret: -# option tls_auth "/etc/openvpn/ta.key 0" - - # Select a cryptographic cipher. - # This config item must be copied to - # the client config file as well. - # Blowfish (default): -# option cipher BF-CBC - # AES: -# option cipher AES-128-CBC - # Triple-DES: -# option cipher DES-EDE3-CBC - - # Enable compression on the VPN link. - # If you enable it here, you must also - # enable it in the client config file. - option comp_lzo 1 - - # The maximum number of concurrently connected - # clients we want to allow. -# option max_clients 100 - - # The persist options will try to avoid - # accessing certain resources on restart - # that may no longer be accessible because - # of the privilege downgrade. - option persist_key 1 - option persist_tun 1 - - # Output a short status file showing - # current connections, truncated - # and rewritten every minute. - option status /tmp/openvpn-status.log - - # By default, log messages will go to the syslog (or - # on Windows, if running as a service, they will go to - # the "\Program Files\OpenVPN\log" directory). - # Use log or log-append to override this default. - # "log" will truncate the log file on OpenVPN startup, - # while "log-append" will append to it. Use one - # or the other (but not both). -# option log /tmp/openvpn.log -# option log_append /tmp/openvpn.log - - # Set the appropriate level of log - # file verbosity. - # - # 0 is silent, except for fatal errors - # 4 is reasonable for general usage - # 5 and 6 can help to debug connection problems - # 9 is extremely verbose - option verb 3 - - # Silence repeating messages. At most 20 - # sequential messages of the same message - # category will be output to the log. -# option mute 20 - - -############################################## -# Sample client-side OpenVPN 2.0 uci config # -# for connecting to multi-client server. # -############################################## - -config openvpn sample_client - - # Set to 1 to enable this instance: - option enabled 0 - - # Specify that we are a client and that we - # will be pulling certain config file directives - # from the server. - option client 1 - - # Use the same setting as you are using on - # the server. - # On most systems, the VPN will not function - # unless you partially or fully disable - # the firewall for the TUN/TAP interface. -# option dev tap - option dev tun - - # Are we connecting to a TCP or - # UDP server? Use the same setting as - # on the server. -# option proto tcp - option proto udp - - # The hostname/IP and port of the server. - # You can have multiple remote entries - # to load balance between the servers. - list remote "my_server_1 1194" -# list remote "my_server_2 1194" - - # Choose a random host from the remote - # list for load_balancing. Otherwise - # try hosts in the order specified. -# option remote_random 1 - - # Keep trying indefinitely to resolve the - # host name of the OpenVPN server. Very useful - # on machines which are not permanently connected - # to the internet such as laptops. - option resolv_retry infinite - - # Most clients don't need to bind to - # a specific local port number. - option nobind 1 - - # Try to preserve some state across restarts. - option persist_key 1 - option persist_tun 1 - - # If you are connecting through an - # HTTP proxy to reach the actual OpenVPN - # server, put the proxy server/IP and - # port number here. See the man page - # if your proxy server requires - # authentication. - # retry on connection failures: -# option http_proxy_retry 1 - # specify http proxy address and port: -# option http_proxy "192.168.1.100 8080" - - # Wireless networks often produce a lot - # of duplicate packets. Set this flag - # to silence duplicate packet warnings. -# option mute_replay_warnings 1 - - # SSL/TLS parms. - # See the server config file for more - # description. It's best to use - # a separate .crt/.key file pair - # for each client. A single ca - # file can be used for all clients. - option ca /etc/openvpn/ca.crt - option cert /etc/openvpn/client.crt - option key /etc/openvpn/client.key - - # Verify server certificate by checking - # that the certicate has the nsCertType - # field set to "server". This is an - # important precaution to protect against - # a potential attack discussed here: - # http://openvpn.net/howto.html#mitm - # - # To use this feature, you will need to generate - # your server certificates with the nsCertType - # field set to "server". The build_key_server - # script in the easy_rsa folder will do this. -# option ns_cert_type server - - # If a tls_auth key is used on the server - # then every client must also have the key. -# option tls_auth "/etc/openvpn/ta.key 1" - - # Select a cryptographic cipher. - # If the cipher option is used on the server - # then you must also specify it here. -# option cipher x - - # Enable compression on the VPN link. - # Don't enable this unless it is also - # enabled in the server config file. - option comp_lzo 1 - - # Set log file verbosity. - option verb 3 - - # Silence repeating messages -# option mute 20 diff --git a/net/openvpn/files/openvpn.init b/net/openvpn/files/openvpn.init deleted file mode 100644 index c58f005f3..000000000 --- a/net/openvpn/files/openvpn.init +++ /dev/null @@ -1,154 +0,0 @@ -#!/bin/sh /etc/rc.common -# Copyright (C) 2008-2011 OpenWrt.org -# Copyright (C) 2008 Jo-Philipp Wich -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. - -START=95 - -SERVICE_DAEMONIZE=1 -SERVICE_WRITE_PID=1 - -EXTRA_COMMANDS="up down" - -LIST_SEP=" -" - -append_param() { - local v="$1" - case "$v" in - *_*_*_*) v=${v%%_*}-${v#*_}; v=${v%%_*}-${v#*_}; v=${v%%_*}-${v#*_} ;; - *_*_*) v=${v%%_*}-${v#*_}; v=${v%%_*}-${v#*_} ;; - *_*) v=${v%%_*}-${v#*_} ;; - esac - ARGS="$ARGS --$v" - return 0 -} - -append_bools() { - local p; local v; local s="$1"; shift - for p in $*; do - config_get_bool v "$s" "$p" - [ "$v" == 1 ] && append_param "$p" - done -} - -append_params() { - local p; local v; local s="$1"; shift - for p in $*; do - config_get v "$s" "$p" - IFS="$LIST_SEP" - for v in $v; do - [ -n "$v" ] && append_param "$p" && ARGS="$ARGS $v" - done - unset IFS - done -} - -section_enabled() { - config_get_bool enable "$1" 'enable' 0 - config_get_bool enabled "$1" 'enabled' 0 - [ $enable -gt 0 ] || [ $enabled -gt 0 ] -} - -start_instance() { - local s="$1" - - section_enabled "$s" || return 1 - - ARGS="" - - # append flags - append_bools "$s" \ - auth_nocache auth_retry auth_user_pass_optional bind ccd_exclusive client client_cert_not_required \ - client_to_client comp_lzo comp_noadapt disable \ - disable_occ down_pre duplicate_cn fast_io float http_proxy_retry \ - ifconfig_noexec ifconfig_nowarn ifconfig_pool_linear management_forget_disconnect management_hold \ - management_query_passwords management_signal mktun mlock mtu_test multihome mute_replay_warnings \ - nobind no_iv no_name_remapping no_replay opt_verify passtos persist_key persist_local_ip \ - persist_remote_ip persist_tun ping_timer_rem pull push_reset \ - remote_random rmtun route_noexec route_nopull single_session socks_proxy_retry \ - suppress_timestamps tcp_nodelay test_crypto tls_client tls_exit tls_server \ - tun_ipv6 up_delay up_restart username_as_common_name - - # append params - append_params "$s" \ - cd askpass auth auth_user_pass auth_user_pass_verify bcast_buffers ca cert \ - chroot cipher client_config_dir client_connect client_disconnect config connect_freq \ - connect_retry connect_timeout connect_retry_max crl_verify dev dev_node dev_type dh \ - echo engine explicit_exit_notify fragment group hand_window hash_size \ - http_proxy http_proxy_option http_proxy_timeout ifconfig ifconfig_pool \ - ifconfig_pool_persist ifconfig_push inactive ipchange iroute keepalive \ - key key_method keysize learn_address link_mtu lladdr local log log_append \ - lport management management_log_cache max_clients \ - max_routes_per_client mode mssfix mtu_disc mute nice ns_cert_type ping \ - ping_exit ping_restart pkcs12 plugin port port_share prng proto rcvbuf \ - redirect_gateway remap_usr1 remote remote_cert_eku remote_cert_ku remote_cert_tls \ - reneg_bytes reneg_pkts reneg_sec \ - replay_persist replay_window resolv_retry route route_delay route_gateway \ - route_metric route_up rport script_security secret server server_bridge setenv shaper sndbuf \ - socks_proxy status status_version syslog tcp_queue_limit tls_auth \ - tls_cipher tls_remote tls_timeout tls_verify tmp_dir topology tran_window \ - tun_mtu tun_mtu_extra txqueuelen user verb down push up - - - SERVICE_PID_FILE="/var/run/openvpn-$s.pid" - service_start /usr/sbin/openvpn --syslog "openvpn($s)" --writepid "$SERVICE_PID_FILE" $ARGS -} - -stop_instance() { - local s="$1" - - section_enabled "$s" || return 1 - - SERVICE_PID_FILE="/var/run/openvpn-$s.pid" - service_stop /usr/sbin/openvpn -} - -reload_instance() { - local s="$1" - - section_enabled "$s" || return 1 - - SERVICE_PID_FILE="/var/run/openvpn-$s.pid" - service_reload /usr/sbin/openvpn -} - -start() { - config_load 'openvpn' - config_foreach start_instance 'openvpn' -} - -stop() { - config_load 'openvpn' - config_foreach stop_instance 'openvpn' -} - -reload() { - config_load 'openvpn' - config_foreach reload_instance 'openvpn' -} - -up() { - local exists - local instance - config_load 'openvpn' - for instance in "$@"; do - config_get exists "$instance" 'TYPE' - if [ "$exists" == "openvpn" ]; then - start_instance "$instance" - fi - done -} - -down() { - local exists - local instance - config_load 'openvpn' - for instance in "$@"; do - config_get exists "$instance" 'TYPE' - if [ "$exists" == "openvpn" ]; then - stop_instance "$instance" - fi - done -} diff --git a/net/openvpn/files/openvpn.upgrade b/net/openvpn/files/openvpn.upgrade deleted file mode 100644 index 6ae49d22d..000000000 --- a/net/openvpn/files/openvpn.upgrade +++ /dev/null @@ -1 +0,0 @@ -/etc/openvpn/ diff --git a/net/openvpn/patches/001-easy_rsa.patch b/net/openvpn/patches/001-easy_rsa.patch deleted file mode 100644 index 6b1d0b757..000000000 --- a/net/openvpn/patches/001-easy_rsa.patch +++ /dev/null @@ -1,152 +0,0 @@ ---- a/easy-rsa/2.0/build-ca -+++ b/easy-rsa/2.0/build-ca -@@ -5,4 +5,4 @@ - # - - export EASY_RSA="${EASY_RSA:-.}" --"$EASY_RSA/pkitool" --interact --initca $* -+"/usr/sbin/pkitool" --interact --initca $* ---- a/easy-rsa/2.0/build-dh -+++ b/easy-rsa/2.0/build-dh -@@ -1,5 +1,7 @@ - #!/bin/sh - -+. /etc/easy-rsa/vars -+ - # Build Diffie-Hellman parameters for the server side - # of an SSL/TLS connection. - ---- a/easy-rsa/2.0/build-inter -+++ b/easy-rsa/2.0/build-inter -@@ -4,4 +4,4 @@ - # root certificate. - - export EASY_RSA="${EASY_RSA:-.}" --"$EASY_RSA/pkitool" --interact --inter $* -+"/usr/sbin/pkitool" --interact --inter $* ---- a/easy-rsa/2.0/build-key -+++ b/easy-rsa/2.0/build-key -@@ -4,4 +4,4 @@ - # root certificate. - - export EASY_RSA="${EASY_RSA:-.}" --"$EASY_RSA/pkitool" --interact $* -+"/usr/sbin/pkitool" --interact $* ---- a/easy-rsa/2.0/build-key-pass -+++ b/easy-rsa/2.0/build-key-pass -@@ -4,4 +4,4 @@ - # with a password. - - export EASY_RSA="${EASY_RSA:-.}" --"$EASY_RSA/pkitool" --interact --pass $* -+"/usr/sbin/pkitool" --interact --pass $* ---- a/easy-rsa/2.0/build-key-pkcs12 -+++ b/easy-rsa/2.0/build-key-pkcs12 -@@ -5,4 +5,4 @@ - # the CA certificate as well. - - export EASY_RSA="${EASY_RSA:-.}" --"$EASY_RSA/pkitool" --interact --pkcs12 $* -+"/usr/sbin/pkitool" --interact --pkcs12 $* ---- a/easy-rsa/2.0/build-key-server -+++ b/easy-rsa/2.0/build-key-server -@@ -7,4 +7,4 @@ - # extension in the openssl.cnf file. - - export EASY_RSA="${EASY_RSA:-.}" --"$EASY_RSA/pkitool" --interact --server $* -+"/usr/sbin/pkitool" --interact --server $* ---- a/easy-rsa/2.0/build-req -+++ b/easy-rsa/2.0/build-req -@@ -4,4 +4,4 @@ - # when your root certificate and key is not available locally. - - export EASY_RSA="${EASY_RSA:-.}" --"$EASY_RSA/pkitool" --interact --csr $* -+"/usr/sbin/pkitool" --interact --csr $* ---- a/easy-rsa/2.0/build-req-pass -+++ b/easy-rsa/2.0/build-req-pass -@@ -4,4 +4,4 @@ - # with a password. - - export EASY_RSA="${EASY_RSA:-.}" --"$EASY_RSA/pkitool" --interact --csr --pass $* -+"/usr/sbin/pkitool" --interact --csr --pass $* ---- a/easy-rsa/2.0/clean-all -+++ b/easy-rsa/2.0/clean-all -@@ -1,5 +1,7 @@ - #!/bin/sh - -+. /etc/easy-rsa/vars -+ - # Initialize the $KEY_DIR directory. - # Note that this script does a - # rm -rf on $KEY_DIR so be careful! ---- a/easy-rsa/2.0/inherit-inter -+++ b/easy-rsa/2.0/inherit-inter -@@ -1,5 +1,7 @@ - #!/bin/sh - -+. /etc/easy-rsa/vars -+ - # Build a new PKI which is rooted on an intermediate certificate generated - # by ./build-inter or ./pkitool --inter from a parent PKI. The new PKI should - # have independent vars settings, and must use a different KEY_DIR directory ---- a/easy-rsa/2.0/list-crl -+++ b/easy-rsa/2.0/list-crl -@@ -1,5 +1,7 @@ - #!/bin/sh - -+. /etc/easy-rsa/vars -+ - # list revoked certificates - - CRL="${1:-crl.pem}" ---- a/easy-rsa/2.0/pkitool -+++ b/easy-rsa/2.0/pkitool -@@ -1,5 +1,7 @@ - #!/bin/sh - -+. /etc/easy-rsa/vars -+ - # OpenVPN -- An application to securely tunnel IP networks - # over a single TCP/UDP port, with support for SSL/TLS-based - # session authentication and key exchange, ---- a/easy-rsa/2.0/revoke-full -+++ b/easy-rsa/2.0/revoke-full -@@ -1,5 +1,7 @@ - #!/bin/sh - -+. /etc/easy-rsa/vars -+ - # revoke a certificate, regenerate CRL, - # and verify revocation - ---- a/easy-rsa/2.0/sign-req -+++ b/easy-rsa/2.0/sign-req -@@ -4,4 +4,4 @@ - # with a local root certificate and key. - - export EASY_RSA="${EASY_RSA:-.}" --"$EASY_RSA/pkitool" --interact --sign $* -+"/usr/sbin/pkitool" --interact --sign $* ---- a/easy-rsa/2.0/vars -+++ b/easy-rsa/2.0/vars -@@ -12,7 +12,7 @@ - # This variable should point to - # the top level of the easy-rsa - # tree. --export EASY_RSA="`pwd`" -+export EASY_RSA="/etc/easy-rsa" - - # - # This variable should point to -@@ -26,7 +26,7 @@ export GREP="grep" - # This variable should point to - # the openssl.cnf file included - # with easy-rsa. --export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA` -+export KEY_CONFIG=`/usr/sbin/whichopensslcnf $EASY_RSA` - - # Edit this variable to point to - # your soon-to-be-created key