diff options
| -rw-r--r-- | package/easy-rsa/Makefile | 36 | ||||
| -rw-r--r-- | package/easy-rsa/files/serial (renamed from package/openvpn/files/serial) | 0 | ||||
| -rw-r--r-- | package/easy-rsa/patches/patch-easy-rsa_2_0_build-dh (renamed from package/openvpn/patches/patch-easy-rsa_2_0_build-dh) | 0 | ||||
| -rw-r--r-- | package/easy-rsa/patches/patch-easy-rsa_2_0_clean-all (renamed from package/openvpn/patches/patch-easy-rsa_2_0_clean-all) | 0 | ||||
| -rw-r--r-- | package/easy-rsa/patches/patch-easy-rsa_2_0_list-crl (renamed from package/openvpn/patches/patch-easy-rsa_2_0_list-crl) | 0 | ||||
| -rw-r--r-- | package/easy-rsa/patches/patch-easy-rsa_2_0_openssl-1_0_0_cnf (renamed from package/openvpn/patches/patch-easy-rsa_2_0_openssl-1_0_0_cnf) | 0 | ||||
| -rw-r--r-- | package/easy-rsa/patches/patch-easy-rsa_2_0_pkitool (renamed from package/openvpn/patches/patch-easy-rsa_2_0_pkitool) | 0 | ||||
| -rw-r--r-- | package/easy-rsa/patches/patch-easy-rsa_2_0_revoke-full (renamed from package/openvpn/patches/patch-easy-rsa_2_0_revoke-full) | 0 | ||||
| -rw-r--r-- | package/easy-rsa/patches/patch-easy-rsa_2_0_vars | 20 | ||||
| -rw-r--r-- | package/openvpn/Makefile | 50 | ||||
| -rw-r--r-- | package/openvpn/patches/patch-easy-rsa_2_0_vars | 32 | ||||
| -rw-r--r-- | package/openvpn/patches/patch-t_client_sh | 61 |
12 files changed, 80 insertions, 119 deletions
diff --git a/package/easy-rsa/Makefile b/package/easy-rsa/Makefile new file mode 100644 index 000000000..9b350cd92 --- /dev/null +++ b/package/easy-rsa/Makefile @@ -0,0 +1,36 @@ +# This file is part of the OpenADK project. OpenADK is copyrighted +# material, please see the LICENCE file in the top-level directory. + +include $(TOPDIR)/rules.mk + +PKG_NAME:= easy-rsa +PKG_VERSION:= 2.0 +PKG_RELEASE:= 1 +PKG_MD5SUM:= 0937fb2f91d534d4fb961e047f714946 +PKG_DESCR:= openssl ca scripts +PKG_SECTION:= crypto +PKG_DEPENDS:= openssl-util +PKG_URL:= https://github.com/OpenVPN/easy-rsa +PKG_SITES:= http://openadk.org/distfiles/ + +include $(TOPDIR)/mk/package.mk + +$(eval $(call PKG_template,EASY_RSA,easy-rsa,$(PKG_VERSION)-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION})) + +CONFIG_STYLE:= manual +BUILD_STYLE:= manual +INSTALL_STYLE:= manual + +easy-rsa-install: + ${INSTALL_DIR} $(IDIR_EASY_RSA)/usr/sbin \ + $(IDIR_EASY_RSA)/etc/easy-rsa/keys + touch $(IDIR_EASY_RSA)/etc/easy-rsa/keys/index.txt + $(CP) ./files/serial $(IDIR_EASY_RSA)/etc/easy-rsa/keys + $(CP) $(WRKBUILD)/easy-rsa/2.0/{build-*,clean-all,inherit-inter,list-crl,pkitool,revoke-full,sign-req,whichopensslcnf} \ + $(IDIR_EASY_RSA)/usr/sbin + ${INSTALL_DATA} $(WRKBUILD)/easy-rsa/2.0/openssl-1.0.0.cnf \ + $(IDIR_EASY_RSA)/etc/easy-rsa/openssl.cnf + ${INSTALL_DATA} $(WRKBUILD)/easy-rsa/2.0/vars \ + $(IDIR_EASY_RSA)/etc/easy-rsa/vars + +include ${TOPDIR}/mk/pkg-bottom.mk diff --git a/package/openvpn/files/serial b/package/easy-rsa/files/serial index 8a0f05e16..8a0f05e16 100644 --- a/package/openvpn/files/serial +++ b/package/easy-rsa/files/serial diff --git a/package/openvpn/patches/patch-easy-rsa_2_0_build-dh b/package/easy-rsa/patches/patch-easy-rsa_2_0_build-dh index 771800a17..771800a17 100644 --- a/package/openvpn/patches/patch-easy-rsa_2_0_build-dh +++ b/package/easy-rsa/patches/patch-easy-rsa_2_0_build-dh diff --git a/package/openvpn/patches/patch-easy-rsa_2_0_clean-all b/package/easy-rsa/patches/patch-easy-rsa_2_0_clean-all index 03df1d1c9..03df1d1c9 100644 --- a/package/openvpn/patches/patch-easy-rsa_2_0_clean-all +++ b/package/easy-rsa/patches/patch-easy-rsa_2_0_clean-all diff --git a/package/openvpn/patches/patch-easy-rsa_2_0_list-crl b/package/easy-rsa/patches/patch-easy-rsa_2_0_list-crl index 66f5d764d..66f5d764d 100644 --- a/package/openvpn/patches/patch-easy-rsa_2_0_list-crl +++ b/package/easy-rsa/patches/patch-easy-rsa_2_0_list-crl diff --git a/package/openvpn/patches/patch-easy-rsa_2_0_openssl-1_0_0_cnf b/package/easy-rsa/patches/patch-easy-rsa_2_0_openssl-1_0_0_cnf index 9dd542d8a..9dd542d8a 100644 --- a/package/openvpn/patches/patch-easy-rsa_2_0_openssl-1_0_0_cnf +++ b/package/easy-rsa/patches/patch-easy-rsa_2_0_openssl-1_0_0_cnf diff --git a/package/openvpn/patches/patch-easy-rsa_2_0_pkitool b/package/easy-rsa/patches/patch-easy-rsa_2_0_pkitool index 87b0c33db..87b0c33db 100644 --- a/package/openvpn/patches/patch-easy-rsa_2_0_pkitool +++ b/package/easy-rsa/patches/patch-easy-rsa_2_0_pkitool diff --git a/package/openvpn/patches/patch-easy-rsa_2_0_revoke-full b/package/easy-rsa/patches/patch-easy-rsa_2_0_revoke-full index ac66c4bb9..ac66c4bb9 100644 --- a/package/openvpn/patches/patch-easy-rsa_2_0_revoke-full +++ b/package/easy-rsa/patches/patch-easy-rsa_2_0_revoke-full diff --git a/package/easy-rsa/patches/patch-easy-rsa_2_0_vars b/package/easy-rsa/patches/patch-easy-rsa_2_0_vars new file mode 100644 index 000000000..964c6bc6a --- /dev/null +++ b/package/easy-rsa/patches/patch-easy-rsa_2_0_vars @@ -0,0 +1,20 @@ +--- easy-rsa-2.0.orig/easy-rsa/2.0/vars 2013-08-18 10:11:06.000000000 +0200 ++++ easy-rsa-2.0/easy-rsa/2.0/vars 2013-08-18 10:38:50.635782024 +0200 +@@ -12,7 +12,7 @@ + # This variable should point to + # the top level of the easy-rsa + # tree. +-export EASY_RSA="`pwd`" ++export EASY_RSA="/etc/easy-rsa" + + # + # This variable should point to +@@ -26,7 +26,7 @@ export GREP="grep" + # This variable should point to + # the openssl.cnf file included + # with easy-rsa. +-export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA` ++export KEY_CONFIG=/etc/easy-rsa/openssl.cnf + + # Edit this variable to point to + # your soon-to-be-created key diff --git a/package/openvpn/Makefile b/package/openvpn/Makefile index 39fd53b23..2deb20898 100644 --- a/package/openvpn/Makefile +++ b/package/openvpn/Makefile @@ -4,17 +4,16 @@ include $(TOPDIR)/rules.mk PKG_NAME:= openvpn -PKG_VERSION:= 2.2.2 +PKG_VERSION:= 2.3.2 PKG_RELEASE:= 1 -PKG_MD5SUM:= c5181e27b7945fa6276d21873329c5c7 +PKG_MD5SUM:= 06e5f93dbf13f2c19647ca15ffc23ac1 PKG_DESCR:= Open Source VPN solution using SSL PKG_SECTION:= net/security -PKG_DEPENDS:= kmod-tun libopenssl ip -PKG_BUILDDEP:= openssl +PKG_DEPENDS:= kmod-tun ip PKG_URL:= http://openvpn.net/ PKG_SITES:= http://swupdate.openvpn.org/community/releases/ -PKG_SUBPKGS:= OPENVPN OPENVPN_EASY_RSA +PKG_SUBPKGS:= OPENVPN PKG_FLAVOURS_OPENVPN:= WITH_LZO WITH_MANAGEMENT WITH_HTTPPROXY WITH_SOCKS SERVER CLIENT PKGSS_OPENVPN_EASY_RSA:=openssl-util PKGFD_SERVER:= deliver server example configuration @@ -26,10 +25,17 @@ PKGFD_WITH_MANAGEMENT:= enable management server support PKGFD_WITH_HTTPPROXY:= enable http proxy support PKGFD_WITH_SOCKS:= enable socks proxy support +PKG_CHOICES_OPENVPN:= WITH_OPENSSL WITH_POLARSSL +PKGCD_WITH_OPENSSL:= use OpenSSL for crypto +PKGCS_WITH_OPENSSL:= libopenssl +PKGCB_WITH_OPENSSL:= openssl +PKGCD_WITH_POLARSSL:= use PolarSSL for crypto +PKGCS_WITH_POLARSSL:= libpolarssl +PKGCB_WITH_POLARSSL:= polarssl + include $(TOPDIR)/mk/package.mk $(eval $(call PKG_template,OPENVPN,${PKG_NAME},$(PKG_VERSION)-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION})) -$(eval $(call PKG_template,OPENVPN_EASY_RSA,openvpn-easy-rsa,$(PKG_VERSION)-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION})) ifneq ($(ADK_PACKAGE_OPENVPN_WITH_LZO),) CONFIGURE_ARGS+= --enable-lzo @@ -44,9 +50,9 @@ CONFIGURE_ARGS+= --disable-management endif ifneq ($(ADK_PACKAGE_OPENVPN_WITH_HTTPPROXY),) -CONFIGURE_ARGS+= --enable-http +CONFIGURE_ARGS+= --enable-http-proxy else -CONFIGURE_ARGS+= --disable-http +CONFIGURE_ARGS+= --disable-http-proxy endif ifneq ($(ADK_PACKAGE_OPENVPN_WITH_SOCKS),) @@ -55,13 +61,17 @@ else CONFIGURE_ARGS+= --disable-socks endif -CONFIGURE_ARGS+= --disable-pthread \ - --disable-plugins \ +ifeq (${ADK_PACKAGE_OPENVPN_WITH_OPENSSL},y) +CONFIGURE_ARGS+= --with-crypto-library=openssl +endif +ifeq (${ADK_PACKAGE_OPENVPN_WITH_POLARSSL},y) +CONFIGURE_ARGS+= --with-crypto-library=polarssl +endif + +CONFIGURE_ARGS+= --disable-plugins \ --enable-small \ - --enable-iproute2 \ - --with-iproute-path=/usr/sbin/ip \ - --without-ifconfig-path \ - --without-route-path + --disable-debug \ + --enable-iproute2 post-install: ${INSTALL_DIR} $(IDIR_OPENVPN)/usr/sbin $(IDIR_OPENVPN)/etc/openvpn @@ -75,16 +85,4 @@ ifeq ($(ADK_PACKAGE_OPENVPN_CLIENT),y) echo "/etc/openvpn/client.conf" > ./files/openvpn.conffiles endif -openvpn-easy-rsa-install: - ${INSTALL_DIR} $(IDIR_OPENVPN_EASY_RSA)/usr/sbin \ - $(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/keys - touch $(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/keys/index.txt - $(CP) ./files/serial $(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/keys - $(CP) $(WRKBUILD)/easy-rsa/2.0/{build-*,clean-all,inherit-inter,list-crl,pkitool,revoke-full,sign-req,whichopensslcnf} \ - $(IDIR_OPENVPN_EASY_RSA)/usr/sbin - ${INSTALL_DATA} $(WRKBUILD)/easy-rsa/2.0/openssl-1.0.0.cnf \ - $(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/openssl.cnf - ${INSTALL_DATA} $(WRKBUILD)/easy-rsa/2.0/vars \ - $(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/vars - include ${TOPDIR}/mk/pkg-bottom.mk diff --git a/package/openvpn/patches/patch-easy-rsa_2_0_vars b/package/openvpn/patches/patch-easy-rsa_2_0_vars deleted file mode 100644 index 972f76541..000000000 --- a/package/openvpn/patches/patch-easy-rsa_2_0_vars +++ /dev/null @@ -1,32 +0,0 @@ ---- openvpn-2.2.1.orig/easy-rsa/2.0/vars 2011-07-01 10:31:26.000000000 +0200 -+++ openvpn-2.2.1/easy-rsa/2.0/vars 2011-12-02 19:44:31.000000000 +0100 -@@ -12,7 +12,7 @@ - # This variable should point to - # the top level of the easy-rsa - # tree. --export EASY_RSA="`pwd`" -+export EASY_RSA="/etc/easy-rsa" - - # - # This variable should point to -@@ -26,7 +26,7 @@ export GREP="grep" - # This variable should point to - # the openssl.cnf file included - # with easy-rsa. --export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA` -+export KEY_CONFIG=/etc/easy-rsa/openssl.cnf - - # Edit this variable to point to - # your soon-to-be-created key -@@ -66,9 +66,7 @@ export KEY_PROVINCE="CA" - export KEY_CITY="SanFrancisco" - export KEY_ORG="Fort-Funston" - export KEY_EMAIL="me@myhost.mydomain" --export KEY_EMAIL=mail@host.domain --export KEY_CN=changeme --export KEY_NAME=changeme --export KEY_OU=changeme -+export KEY_NAME=VPN -+export KEY_OU="IT Security" - export PKCS11_MODULE_PATH=changeme - export PKCS11_PIN=1234 diff --git a/package/openvpn/patches/patch-t_client_sh b/package/openvpn/patches/patch-t_client_sh deleted file mode 100644 index 43e346ee1..000000000 --- a/package/openvpn/patches/patch-t_client_sh +++ /dev/null @@ -1,61 +0,0 @@ ---- openvpn-2.2.1.orig/t_client.sh 2011-07-01 11:27:01.000000000 +0200 -+++ openvpn-2.2.1/t_client.sh 2011-12-02 19:33:52.000000000 +0100 -@@ -1,4 +1,4 @@ --#!/bin/sh -+#!/bin/bash - # - # run OpenVPN client against ``test reference'' server - # - check that ping, http, ... via tunnel works -@@ -80,12 +80,12 @@ fail() - get_ifconfig_route() - { - # linux / iproute2? (-> if configure got a path) -- if [ "/sbin/ip" != "ip" ] -+ if [ "/usr/sbin/ip" != "ip" ] - then - echo "-- linux iproute2 --" -- /sbin/ip addr show | grep -v valid_lft -- /sbin/ip route show -- /sbin/ip -6 route show | sed -e 's/expires [0-9]*sec //' -+ /usr/sbin/ip addr show | grep -v valid_lft -+ /usr/sbin/ip route show -+ /usr/sbin/ip -6 route show | sed -e 's/expires [0-9]*sec //' - return - fi - -@@ -93,27 +93,27 @@ get_ifconfig_route() - case `uname -s` in - Linux) - echo "-- linux / ifconfig --" -- LANG=C /sbin/ifconfig -a |egrep "( addr:|encap:)" -- LANG=C /bin/netstat -rn -4 -6 -+ LANG=C no -a |egrep "( addr:|encap:)" -+ LANG=C /usr/sbin/netstat -rn -4 -6 - return - ;; - FreeBSD|NetBSD|Darwin) - echo "-- FreeBSD/NetBSD/Darwin [MacOS X] --" -- /sbin/ifconfig -a | egrep "(flags=|inet)" -- /bin/netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$NF }' -+ no -a | egrep "(flags=|inet)" -+ /usr/sbin/netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$NF }' - return - ;; - OpenBSD) - echo "-- OpenBSD --" -- /sbin/ifconfig -a | egrep "(flags=|inet)" | \ -+ no -a | egrep "(flags=|inet)" | \ - sed -e 's/pltime [0-9]*//' -e 's/vltime [0-9]*//' -- /bin/netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$NF }' -+ /usr/sbin/netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$NF }' - return - ;; - SunOS) - echo "-- Solaris --" -- /sbin/ifconfig -a | egrep "(flags=|inet)" -- /bin/netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$6 }' -+ no -a | egrep "(flags=|inet)" -+ /usr/sbin/netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$6 }' - return - ;; - esac |