2022-12-27 03:44:34 +00:00
|
|
|
{ lib, stdenv, fetchFromGitHub, openssl, makeWrapper, runtimeShell }:
|
2016-01-05 18:55:33 +00:00
|
|
|
|
2022-12-27 03:44:34 +00:00
|
|
|
stdenv.mkDerivation rec {
|
2019-08-13 21:52:01 +00:00
|
|
|
pname = "easyrsa";
|
2024-05-18 12:42:09 +00:00
|
|
|
version = "3.2.0";
|
2016-01-05 18:55:33 +00:00
|
|
|
|
|
|
|
src = fetchFromGitHub {
|
|
|
|
owner = "OpenVPN";
|
|
|
|
repo = "easy-rsa";
|
|
|
|
rev = "v${version}";
|
2024-05-18 12:42:09 +00:00
|
|
|
hash = "sha256-hjebDE7Ts93vtoOTquFbfTWdInhI7HXc4pRxIsvNLtg=";
|
2013-07-10 19:00:56 +00:00
|
|
|
};
|
|
|
|
|
2022-12-27 03:44:34 +00:00
|
|
|
nativeBuildInputs = [ makeWrapper ];
|
2024-02-19 01:29:37 +00:00
|
|
|
nativeInstallCheckInputs = [ openssl.bin ];
|
2016-01-05 18:55:33 +00:00
|
|
|
|
|
|
|
installPhase = ''
|
2022-12-27 03:44:34 +00:00
|
|
|
mkdir -p $out/share/easy-rsa
|
|
|
|
cp -r easyrsa3/{*.cnf,x509-types,vars.example} $out/share/easy-rsa
|
2016-01-05 18:55:33 +00:00
|
|
|
install -D -m755 easyrsa3/easyrsa $out/bin/easyrsa
|
2022-12-27 03:44:34 +00:00
|
|
|
|
2016-01-05 18:55:33 +00:00
|
|
|
substituteInPlace $out/bin/easyrsa \
|
2022-12-27 03:44:34 +00:00
|
|
|
--replace /usr/ $out/ \
|
|
|
|
--replace '~VER~' '${version}' \
|
|
|
|
--replace '~GITHEAD~' 'v${version}' \
|
|
|
|
--replace '~DATE~' '1970-01-01'
|
|
|
|
|
|
|
|
# Wrap it with the correct OpenSSL binary.
|
|
|
|
wrapProgram $out/bin/easyrsa \
|
2024-02-19 01:29:37 +00:00
|
|
|
--set-default EASYRSA_OPENSSL ${openssl.bin}/bin/openssl
|
2016-01-05 18:55:33 +00:00
|
|
|
|
|
|
|
# Helper utility
|
|
|
|
cat > $out/bin/easyrsa-init <<EOF
|
2019-02-26 11:45:54 +00:00
|
|
|
#!${runtimeShell} -e
|
2022-12-27 03:44:34 +00:00
|
|
|
cp -r $out/share/easy-rsa/* .
|
2016-01-05 18:55:33 +00:00
|
|
|
EOF
|
|
|
|
chmod +x $out/bin/easyrsa-init
|
2013-07-10 19:00:56 +00:00
|
|
|
'';
|
|
|
|
|
2024-02-19 01:29:37 +00:00
|
|
|
doInstallCheck = true;
|
|
|
|
postInstallCheck = ''
|
|
|
|
set -euo pipefail
|
|
|
|
export EASYRSA_BATCH=1
|
|
|
|
export EASYRSA_PASSIN=pass:nixpkgs
|
|
|
|
export EASYRSA_PASSOUT="$EASYRSA_PASSIN"
|
|
|
|
export EASYRSA_REQ_CN='nixpkgs test CA'
|
|
|
|
export EASYRSA_KEY_SIZE=3072
|
|
|
|
export EASYRSA_ALGO=rsa
|
|
|
|
export EASYRSA_DIGEST=sha512
|
|
|
|
$out/bin/easyrsa init-pki
|
|
|
|
$out/bin/easyrsa build-ca
|
|
|
|
openssl x509 -in pki/ca.crt -noout -subject | tee /dev/stderr | grep -zq "$EASYRSA_REQ_CN"
|
|
|
|
'';
|
|
|
|
|
2021-01-11 07:54:33 +00:00
|
|
|
meta = with lib; {
|
2013-07-10 19:00:56 +00:00
|
|
|
description = "Simple shell based CA utility";
|
2020-04-01 01:11:51 +00:00
|
|
|
homepage = "https://openvpn.net/";
|
2024-04-26 11:35:31 +00:00
|
|
|
license = licenses.gpl2Only;
|
2020-08-23 01:19:39 +00:00
|
|
|
maintainers = [ maintainers.offline maintainers.numinit ];
|
2018-10-14 03:10:21 +00:00
|
|
|
platforms = platforms.unix;
|
2013-07-10 19:00:56 +00:00
|
|
|
};
|
|
|
|
}
|