nixpkgs/pkgs/by-name/ea/easyrsa/package.nix

{ lib, stdenv, fetchFromGitHub, openssl, makeWrapper, runtimeShell }:

stdenv.mkDerivation rec {
  pname = "easyrsa";
  version = "3.2.1";

  src = fetchFromGitHub {
    owner = "OpenVPN";
    repo = "easy-rsa";
    rev = "v${version}";
    hash = "sha256-/c2Redb6whfM2D8hHBrcSaQ3YsBESLjeoKFb5a2lFbQ=";
  };

  nativeBuildInputs = [ makeWrapper ];
  nativeInstallCheckInputs = [ openssl.bin ];

  installPhase = ''
    mkdir -p $out/share/easy-rsa
    cp -r easyrsa3/{*.cnf,x509-types,vars.example} $out/share/easy-rsa
    install -D -m755 easyrsa3/easyrsa $out/bin/easyrsa

    substituteInPlace $out/bin/easyrsa \
      --replace /usr/ $out/ \
      --replace '~VER~' '${version}' \
      --replace '~GITHEAD~' 'v${version}' \
      --replace '~DATE~' '1970-01-01'

    # Wrap it with the correct OpenSSL binary.
    wrapProgram $out/bin/easyrsa \
      --set-default EASYRSA_OPENSSL ${openssl.bin}/bin/openssl

    # Helper utility
    cat > $out/bin/easyrsa-init <<EOF
    #!${runtimeShell} -e
    cp -r $out/share/easy-rsa/* .
    EOF
    chmod +x $out/bin/easyrsa-init
  '';

  doInstallCheck = true;
  postInstallCheck = ''
    set -euo pipefail
    export EASYRSA_BATCH=1
    export EASYRSA_PASSIN=pass:nixpkgs
    export EASYRSA_PASSOUT="$EASYRSA_PASSIN"
    export EASYRSA_REQ_CN='nixpkgs test CA'
    export EASYRSA_KEY_SIZE=3072
    export EASYRSA_ALGO=rsa
    export EASYRSA_DIGEST=sha512
    $out/bin/easyrsa init-pki
    $out/bin/easyrsa build-ca
    openssl x509 -in pki/ca.crt -noout -subject | tee /dev/stderr | grep -zq "$EASYRSA_REQ_CN"
  '';

  meta = with lib; {
    description = "Simple shell based CA utility";
    homepage = "https://openvpn.net/";
    license = licenses.gpl2Only;
    maintainers = [ maintainers.offline maintainers.numinit ];
    platforms = platforms.unix;
  };
}
easyrsa: 3.0.8 -> 3.1.1 2022-12-27 03:44:34 +00:00			`{ lib, stdenv, fetchFromGitHub, openssl, makeWrapper, runtimeShell }:`
easyrsa: 2.2.0 -> 3.0.0 2016-01-05 18:55:33 +00:00
easyrsa: 3.0.8 -> 3.1.1 2022-12-27 03:44:34 +00:00			`stdenv.mkDerivation rec {`
treewide: name -> pname 2019-08-13 21:52:01 +00:00			`pname = "easyrsa";`
easyrsa: 3.2.0 -> 3.2.1 2024-09-14 00:56:51 +00:00			`version = "3.2.1";`
easyrsa: 2.2.0 -> 3.0.0 2016-01-05 18:55:33 +00:00
			`src = fetchFromGitHub {`
			`owner = "OpenVPN";`
			`repo = "easy-rsa";`
			`rev = "v${version}";`
easyrsa: 3.2.0 -> 3.2.1 2024-09-14 00:56:51 +00:00			`hash = "sha256-/c2Redb6whfM2D8hHBrcSaQ3YsBESLjeoKFb5a2lFbQ=";`
Add easyrsa 2013-07-10 19:00:56 +00:00			`};`

easyrsa: 3.0.8 -> 3.1.1 2022-12-27 03:44:34 +00:00			`nativeBuildInputs = [ makeWrapper ];`
easyrsa: default EASYRSA_OPENSSL, add installCheckPhase 2024-02-19 01:29:37 +00:00			`nativeInstallCheckInputs = [ openssl.bin ];`
easyrsa: 2.2.0 -> 3.0.0 2016-01-05 18:55:33 +00:00
			`installPhase = ''`
easyrsa: 3.0.8 -> 3.1.1 2022-12-27 03:44:34 +00:00			`mkdir -p $out/share/easy-rsa`
			`cp -r easyrsa3/{*.cnf,x509-types,vars.example} $out/share/easy-rsa`
easyrsa: 2.2.0 -> 3.0.0 2016-01-05 18:55:33 +00:00			`install -D -m755 easyrsa3/easyrsa $out/bin/easyrsa`
easyrsa: 3.0.8 -> 3.1.1 2022-12-27 03:44:34 +00:00
easyrsa: 2.2.0 -> 3.0.0 2016-01-05 18:55:33 +00:00			`substituteInPlace $out/bin/easyrsa \`
easyrsa: 3.0.8 -> 3.1.1 2022-12-27 03:44:34 +00:00			`--replace /usr/ $out/ \`
			`--replace '~VER~' '${version}' \`
			`--replace '~GITHEAD~' 'v${version}' \`
			`--replace '~DATE~' '1970-01-01'`

			`# Wrap it with the correct OpenSSL binary.`
			`wrapProgram $out/bin/easyrsa \`
easyrsa: default EASYRSA_OPENSSL, add installCheckPhase 2024-02-19 01:29:37 +00:00			`--set-default EASYRSA_OPENSSL ${openssl.bin}/bin/openssl`
easyrsa: 2.2.0 -> 3.0.0 2016-01-05 18:55:33 +00:00
			`# Helper utility`
			`cat > $out/bin/easyrsa-init <<EOF`
treewide: use runtimeShell instead of stdenv.shell whenever possible Whenever we create scripts that are installed to $out, we must use runtimeShell in order to get the shell that can be executed on the machine we create the package for. This is relevant for cross-compiling. The only use case for stdenv.shell are scripts that are executed as part of the build system. Usages in checkPhase are borderline however to decrease the likelyhood of people copying the wrong examples, I decided to use runtimeShell as well. 2019-02-26 11:45:54 +00:00			`#!${runtimeShell} -e`
easyrsa: 3.0.8 -> 3.1.1 2022-12-27 03:44:34 +00:00			`cp -r $out/share/easy-rsa/* .`
easyrsa: 2.2.0 -> 3.0.0 2016-01-05 18:55:33 +00:00			`EOF`
			`chmod +x $out/bin/easyrsa-init`
Add easyrsa 2013-07-10 19:00:56 +00:00			`'';`

easyrsa: default EASYRSA_OPENSSL, add installCheckPhase 2024-02-19 01:29:37 +00:00			`doInstallCheck = true;`
			`postInstallCheck = ''`
			`set -euo pipefail`
			`export EASYRSA_BATCH=1`
			`export EASYRSA_PASSIN=pass:nixpkgs`
			`export EASYRSA_PASSOUT="$EASYRSA_PASSIN"`
			`export EASYRSA_REQ_CN='nixpkgs test CA'`
			`export EASYRSA_KEY_SIZE=3072`
			`export EASYRSA_ALGO=rsa`
			`export EASYRSA_DIGEST=sha512`
			`$out/bin/easyrsa init-pki`
			`$out/bin/easyrsa build-ca`
			`openssl x509 -in pki/ca.crt -noout -subject \| tee /dev/stderr \| grep -zq "$EASYRSA_REQ_CN"`
			`'';`

treewide: with stdenv.lib; in meta -> with lib; Part of: https://github.com/NixOS/nixpkgs/issues/108938 meta = with stdenv.lib; is a widely used pattern. We want to slowly remove the `stdenv.lib` indirection and encourage people to use `lib` directly. Thus let’s start with the meta field. This used a rewriting script to mostly automatically replace all occurances of this pattern, and add the `lib` argument to the package header if it doesn’t exist yet. The script in its current form is available at https://cs.tvl.fyi/depot@2f807d7f141068d2d60676a89213eaa5353ca6e0/-/blob/users/Profpatsch/nixpkgs-rewriter/default.nix 2021-01-11 07:54:33 +00:00			`meta = with lib; {`
Add easyrsa 2013-07-10 19:00:56 +00:00			`description = "Simple shell based CA utility";`
treewide: Per RFC45, remove all unquoted URLs 2020-04-01 01:11:51 +00:00			`homepage = "https://openvpn.net/";`
pkgs/tools: remove licenses.gpl2 2024-04-26 11:35:31 +00:00			`license = licenses.gpl2Only;`
easyrsa: 3.0.0 -> 3.0.8 2020-08-23 01:19:39 +00:00			`maintainers = [ maintainers.offline maintainers.numinit ];`
easyrsa: add support for darwin 2018-10-14 03:10:21 +00:00			`platforms = platforms.unix;`
Add easyrsa 2013-07-10 19:00:56 +00:00			`};`
			`}`