From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from ptx.hi.pengutronix.de ([2001:67c:670:100:1d::c0] ident=Debian-exim) by metis.ext.pengutronix.de with esmtp (Exim 4.72) (envelope-from ) id 1YFl9n-0000qN-25 for ptxdist@pengutronix.de; Mon, 26 Jan 2015 16:00:51 +0100 Received: from mol by ptx.hi.pengutronix.de with local (Exim 4.80) (envelope-from ) id 1YFl9n-0006Bc-0h for ptxdist@pengutronix.de; Mon, 26 Jan 2015 16:00:51 +0100 Date: Mon, 26 Jan 2015 16:00:51 +0100 From: Michael Olbrich Message-ID: <20150126150050.GB20195@pengutronix.de> References: <1422215784-25936-1-git-send-email-alex.aring@gmail.com> <1422215784-25936-4-git-send-email-alex.aring@gmail.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <1422215784-25936-4-git-send-email-alex.aring@gmail.com> Subject: Re: [ptxdist] [PATCHv2 3/4] easy-rsa: initial commit Reply-To: ptxdist@pengutronix.de List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ptxdist-bounces@pengutronix.de Errors-To: ptxdist-bounces@pengutronix.de To: ptxdist@pengutronix.de On Sun, Jan 25, 2015 at 08:56:23PM +0100, Alexander Aring wrote: > This patch adds easy-rsa. Some scripting framework to generate a PKI > CA "correctly". > > Signed-off-by: Alexander Aring > --- > patches/easy-rsa-2.2.2/autogen.sh | 1 + > rules/easy-rsa.in | 17 +++++++++++ > rules/easy-rsa.make | 62 +++++++++++++++++++++++++++++++++++++++ > 3 files changed, 80 insertions(+) > create mode 120000 patches/easy-rsa-2.2.2/autogen.sh > create mode 100644 rules/easy-rsa.in > create mode 100644 rules/easy-rsa.make > > diff --git a/patches/easy-rsa-2.2.2/autogen.sh b/patches/easy-rsa-2.2.2/autogen.sh > new file mode 120000 > index 0000000..9f8a4cb > --- /dev/null > +++ b/patches/easy-rsa-2.2.2/autogen.sh > @@ -0,0 +1 @@ > +../autogen.sh > \ No newline at end of file > diff --git a/rules/easy-rsa.in b/rules/easy-rsa.in > new file mode 100644 > index 0000000..25aebb4 > --- /dev/null > +++ b/rules/easy-rsa.in > @@ -0,0 +1,17 @@ > +## SECTION=security > + > +config EASY_RSA > + tristate > + prompt "easy-rsa" > + select GREP if !BUSYBOX_GREP && RUNTIME > + select GCCLIBS_GCC_S if !BUSYBOX_GREP && RUNTIME > + select OPENSSL select OPENSSL if RUNTIME right? > + select OPENSSL_BIN > + help > + easy-rsa is a CLI utility to build and manage a PKI CA. In laymen's > + terms, this means to create a root certificate authority, and request > + and sign certificates, including sub-CAs and certificate revokation > + lists (CRL). This is for people which don't know how to generate > + all PKI files with openssl tool. Additional this is for people which > + have a enough less paranoia to generate keys on an embedded device. > + The easy-rsa scripts will be placed at /usr/share/easy-rsa aferwards. > diff --git a/rules/easy-rsa.make b/rules/easy-rsa.make > new file mode 100644 > index 0000000..e6b18f8 > --- /dev/null > +++ b/rules/easy-rsa.make > @@ -0,0 +1,62 @@ > +# -*-makefile-*- > +# > +# Copyright (C) 2014 by Alexander Aring > +# > +# See CREDITS for details about who has contributed to this project. > +# > +# For further information about the PTXdist project and license conditions > +# see the README file. > +# > + > +# > +# We provide this package > +# > +PACKAGES-$(PTXCONF_EASY_RSA) += easy-rsa > + > +# > +# Paths and names > +# > +EASY_RSA_VERSION := 2.2.2 > +EASY_RSA_MD5 := 040238338980617bc9c2df4274349593 > +EASY_RSA := easy-rsa-$(EASY_RSA_VERSION) > +EASY_RSA_SUFFIX := tar.gz > +EASY_RSA_TARBALL := $(EASY_RSA_VERSION).$(EASY_RSA_SUFFIX) > +EASY_RSA_URL := https://github.com/OpenVPN/easy-rsa/archive/$(EASY_RSA_TARBALL) > +EASY_RSA_SOURCE := $(SRCDIR)/$(EASY_RSA).$(EASY_RSA_SUFFIX) > +EASY_RSA_DIR := $(BUILDDIR)/$(EASY_RSA) > +EASY_RSA_LICENSE := GPLv2 > + > +EASY_RSA_INSTALL_SCRIPTS := \ > + build-ca build-dh build-inter build-key build-key-pass build-key-pkcs12 \ > + build-key-server build-req build-req-pass clean-all inherit-inter \ > + list-crl pkitool revoke-full sign-req whichopensslcnf > + > +EASY_RSA_INSTALL_FILES := \ > + openssl-0.9.6.cnf openssl-0.9.8.cnf openssl-1.0.0.cnf vars I don't think we need openssl-0.9.6.cnf and openssl-0.9.8.cnf. We just have 1.0.x in ptxdist. Michael > + > +# ---------------------------------------------------------------------------- > +# Target-Install > +# ---------------------------------------------------------------------------- > + > +$(STATEDIR)/easy-rsa.targetinstall: > + @$(call targetinfo) > + > + @$(call install_init, easy-rsa) > + @$(call install_fixup, easy-rsa,PRIORITY,optional) > + @$(call install_fixup, easy-rsa,SECTION,base) > + @$(call install_fixup, easy-rsa,AUTHOR,"Alexander Aring ") > + @$(call install_fixup, easy-rsa,DESCRIPTION,missing) > + > + @$(foreach script,$(EASY_RSA_INSTALL_SCRIPTS), \ > + $(call install_copy, easy-rsa, 0, 0, 0755, -, \ > + /usr/share/easy-rsa/$(script));) > + > + @$(foreach file,$(EASY_RSA_INSTALL_FILES), \ > + $(call install_copy, easy-rsa, 0, 0, 0644, -, \ > + /usr/share/easy-rsa/$(file));) > + > + @$(call install_finish, easy-rsa) > + > + @$(call touch) > + > +# vim: syntax=make > -- > 2.2.2 > > > -- > ptxdist mailing list > ptxdist@pengutronix.de > -- Pengutronix e.K. | | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | -- ptxdist mailing list ptxdist@pengutronix.de