CVS commit: pkgsrc/security/easy-rsa

["Adam Ciarcinski" <adam%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   adam
Date:           Sat Jun  8 07:14:37 UTC 2024

Modified Files:
        pkgsrc/security/easy-rsa: Makefile distinfo
        pkgsrc/security/easy-rsa/patches: patch-easyrsa

Log Message:
easy-rsa: updated to 3.2.0

EasyRSA v3.2.0 - Most significant changes

New commands:

self-sign-server and self-sign-client
Create self-signed certificates for use with OpenVPN Peer Fingerprint mode.
These certificates comply with other EasyRSA signing policies.

expire
Selectively move certificates from the issued/ to expired/ directory.
This allows a new certificate to be signed from the original signing request file.
This allows all custom signing options to be applied as required.
This replaces the old command renew, which has been removed.
Further details: doc/EasyRSA-Renew-and-Revoke.md

write
Create legacy support files: openssl-easyrsa.cnf, x509-types/* and vars.example.
This allows EasyRSA to be used without having copies of the support files installed.

Removed commands:

renew
Replaced by command expire, followed by command sign-req.
This allows all custom options to be used when signing, which renew did not.

rebuild and rewind-renew
No longer required.

upgrade
No longer supported.

New Global Option:

--new-subject -- Command sign-req option: newsubj
Edit Request Subject during command sign-req

New files:

easyrsa-tools.lib
Moved code for commands show-expire, show-revoke and show-renew to the new file.
easyrsa-tools.lib is auto-loaded, if it is found in a supported location. eg. $pwd


To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 pkgsrc/security/easy-rsa/Makefile
cvs rdiff -u -r1.17 -r1.18 pkgsrc/security/easy-rsa/distinfo
cvs rdiff -u -r1.5 -r1.6 pkgsrc/security/easy-rsa/patches/patch-easyrsa

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/easy-rsa/Makefile
diff -u pkgsrc/security/easy-rsa/Makefile:1.16 pkgsrc/security/easy-rsa/Makefile:1.17
--- pkgsrc/security/easy-rsa/Makefile:1.16      Tue Dec  5 18:29:16 2023
+++ pkgsrc/security/easy-rsa/Makefile   Sat Jun  8 07:14:36 2024
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.16 2023/12/05 18:29:16 adam Exp $
+# $NetBSD: Makefile,v 1.17 2024/06/08 07:14:36 adam Exp $
 
-DISTNAME=      EasyRSA-3.1.7
+DISTNAME=      EasyRSA-3.2.0
 PKGNAME=       ${DISTNAME:S/EasyRSA/easy-rsa/}
 CATEGORIES=    security
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=OpenVPN/}

Index: pkgsrc/security/easy-rsa/distinfo
diff -u pkgsrc/security/easy-rsa/distinfo:1.17 pkgsrc/security/easy-rsa/distinfo:1.18
--- pkgsrc/security/easy-rsa/distinfo:1.17      Tue Dec  5 18:29:16 2023
+++ pkgsrc/security/easy-rsa/distinfo   Sat Jun  8 07:14:36 2024
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.17 2023/12/05 18:29:16 adam Exp $
+$NetBSD: distinfo,v 1.18 2024/06/08 07:14:36 adam Exp $
 
-BLAKE2s (EasyRSA-3.1.7.tgz) = b34db3fbb27c87114e106abb1e79550dc6d3f185958f4fc102c7dac282f6ee35
-SHA512 (EasyRSA-3.1.7.tgz) = eb3978b07c313af148c6ae94b60e213c8b810c5974242855560b22ad949cfc094d311e4cc04a95ddd0f817bfec54971caa5289e5fc532895e1e58499d265c705
-Size (EasyRSA-3.1.7.tgz) = 81373 bytes
-SHA1 (patch-easyrsa) = d08b55e92e9d3cdece0e7861cd0e950f1d4f1f78
+BLAKE2s (EasyRSA-3.2.0.tgz) = 6c2b9be5271ab090e58f15e87c5324b404bdb5469cb021ccffeaf5b752e9d06d
+SHA512 (EasyRSA-3.2.0.tgz) = 0f0006165857f9b00bfb2f5a3ac2fe2feba724d8122c8299323cddf584890c080b12ecfb99d127a40b82dbc2e373a1755f4ff6728c5cc8113bad5719dc23a6aa
+Size (EasyRSA-3.2.0.tgz) = 73675 bytes
+SHA1 (patch-easyrsa) = cc44e86031c875f102e140cea9582e4d88789b20
 SHA1 (patch-vars.example) = 6148e15e404da398b9e04064f3195b60361339e9

Index: pkgsrc/security/easy-rsa/patches/patch-easyrsa
diff -u pkgsrc/security/easy-rsa/patches/patch-easyrsa:1.5 pkgsrc/security/easy-rsa/patches/patch-easyrsa:1.6
--- pkgsrc/security/easy-rsa/patches/patch-easyrsa:1.5  Tue Dec  5 18:29:16 2023
+++ pkgsrc/security/easy-rsa/patches/patch-easyrsa      Sat Jun  8 07:14:37 2024
@@ -1,19 +1,10 @@
-$NetBSD: patch-easyrsa,v 1.5 2023/12/05 18:29:16 adam Exp $
+$NetBSD: patch-easyrsa,v 1.6 2024/06/08 07:14:37 adam Exp $
 
 Set a sane default for config file. Needs to be SUBSTed.
 
---- easyrsa.orig       2023-10-13 22:27:51.000000000 +0000
+--- easyrsa.orig       2024-05-18 12:20:59.000000000 +0000
 +++ easyrsa
-@@ -1443,7 +1443,7 @@ install_data_to_pki() {
-       # '/usr/local/share/easy-rsa' - Default user installed
-       # '/usr/share/easy-rsa' - Default system installed
-       # Room for more..
--      # '/etc/easy-rsa' - Last resort
-+      # '@SYSCONFDIR@' - Last resort
- 
-       # Find and optionally copy data-files, in specific order
-       for area in \
-@@ -1453,7 +1453,7 @@ install_data_to_pki() {
+@@ -1475,7 +1475,7 @@ locate_support_files() {
                "${0%/*}" \
                '/usr/local/share/easy-rsa' \
                '/usr/share/easy-rsa' \
@@ -21,4 +12,4 @@ Set a sane default for config file. Need
 +              '@SYSCONFDIR@' \
                # EOL
        do
-               if [ "$context" = x509-types-only ]; then
+               # Find x509-types