Port openvpn to -ng, may need some rework to modularize a bit more, upgrade to 2.0.9

git-svn-id: svn://svn.openwrt.org/openwrt/packages@4949 3c298f89-4303-0410-b956-a3cf2f4a3e73
2006-10-07 15:56:04 +00:00 · 2006-10-07 15:56:04 +00:00 · fc8aaf7cdf
commit fc8aaf7cdf
parent 5b9229da83
2 changed files with 233 additions and 0 deletions
--- a/net/openvpn/Makefile
+++ b/net/openvpn/Makefile
@ -0,0 +1,74 @@
+#
+# Copyright (C) 2006 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+# $Id: $
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=openvpn
+PKG_VERSION:=2.0.9
+PKG_RELEASE:=1
+PKG_MD5SUM:=60745008b90b7dbe25fe8337c550fec6
+
+PKG_SOURCE_URL:=http://openvpn.net/release @SF/openvpn
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_CAT:=zcat
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+PKG_INSTALL_DIR:=$(PKG_BUILD_DIR)/ipkg-install
+
+include $(INCLUDE_DIR)/package.mk
+
+PKG_CONFIGURE_OPTIONS := --enable-shared \
+                  --disable-static \
+                  --disable-pthread \
+                  --disable-debug \
+                  --disable-plugins \
+                  --enable-management \
+                  --disable-socks \
+                  --enable-password-save \
+
+define Package/openvpn
+  SECTION:=net
+  CATEGORY:=Network
+  DEPENDS:=+kmod-tun +libopenssl +liblzo
+  TITLE:=Open source VPN solution using SSL
+  DESCRIPTION:=\
+ 	 Open source VPN solution using SSL
+  URL:=http://openvpn.net
+  MENU:=1
+endef
+
+define Package/openvpn-easy-rsa
+  $(call Package/openvpn)
+  DEPENDS:=openvpn +openssl-util
+  TITLE:=Simple shell scripts to manage a Certificate Authority
+  MENU:=0
+endef
+
+define Build/Configure
+$(call Build/Configure/Default,$(PKG_CONFIGURE_OPTIONS))
+endef
+
+define Build/Compile	
+$(call Build/Compile/Default,DESTDIR="$(PKG_INSTALL_DIR)" \
+		install)
+endef
+
+define Package/openvpn/install	
+	install -d -m0755 $(1)/usr/sbin
+	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/openvpn $(1)/usr/sbin/
+endef
+
+define Package/openvpn-easy-rsa/install	
+	install -d -m0755 $(1)/usr/sbin $(1)/etc/easy-rsa
+	$(CP) $(PKG_BUILD_DIR)/easy-rsa/2.0/{build-*,clean-all,inherit-inter,list-crl,pkitool,revoke-full,sign-req} $(1)/usr/sbin
+	install -m 0644 $(PKG_BUILD_DIR)/easy-rsa/2.0/openssl.cnf $(1)/etc/easy-rsa/openssl.cnf
+	install -m 0644 $(PKG_BUILD_DIR)/easy-rsa/2.0/vars $(1)/etc/easy-rsa/vars
+endef
+
+$(eval $(call BuildPackage,openvpn))
+$(eval $(call BuildPackage,openvpn-easy-rsa))
--- a/net/openvpn/patches/easy-rsa.patch
+++ b/net/openvpn/patches/easy-rsa.patch
@ -0,0 +1,159 @@
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/build-ca openvpn-2.0.7/easy-rsa/2.0/build-ca
+--- openvpn-2.0.7.orig/easy-rsa/2.0/build-ca	2005-11-02 19:42:38.000000000 +0100
+++ openvpn-2.0.7/easy-rsa/2.0/build-ca	2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,4 @@
+-#!/bin/bash
+#!/bin/sh
+ 
+ #
+ # Build a root certificate
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/build-dh openvpn-2.0.7/easy-rsa/2.0/build-dh
+--- openvpn-2.0.7.orig/easy-rsa/2.0/build-dh	2005-11-02 19:42:39.000000000 +0100
+++ openvpn-2.0.7/easy-rsa/2.0/build-dh	2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,6 @@
+-#!/bin/bash
+#!/bin/sh
+
+. /etc/easy-rsa/vars
+ 
+ # Build Diffie-Hellman parameters for the server side
+ # of an SSL/TLS connection.
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/build-inter openvpn-2.0.7/easy-rsa/2.0/build-inter
+--- openvpn-2.0.7.orig/easy-rsa/2.0/build-inter	2005-11-02 19:42:39.000000000 +0100
+++ openvpn-2.0.7/easy-rsa/2.0/build-inter	2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,4 @@
+-#!/bin/bash
+#!/bin/sh
+ 
+ # Make an intermediate CA certificate/private key pair using a locally generated
+ # root certificate.
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/build-key openvpn-2.0.7/easy-rsa/2.0/build-key
+--- openvpn-2.0.7.orig/easy-rsa/2.0/build-key	2005-11-02 19:42:39.000000000 +0100
+++ openvpn-2.0.7/easy-rsa/2.0/build-key	2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,4 @@
+-#!/bin/bash
+#!/bin/sh
+ 
+ # Make a certificate/private key pair using a locally generated
+ # root certificate.
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/build-key-pass openvpn-2.0.7/easy-rsa/2.0/build-key-pass
+--- openvpn-2.0.7.orig/easy-rsa/2.0/build-key-pass	2005-11-02 19:42:39.000000000 +0100
+++ openvpn-2.0.7/easy-rsa/2.0/build-key-pass	2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,4 @@
+-#!/bin/bash
+#!/bin/sh
+ 
+ # Similar to build-key, but protect the private key
+ # with a password.
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/build-key-pkcs12 openvpn-2.0.7/easy-rsa/2.0/build-key-pkcs12
+--- openvpn-2.0.7.orig/easy-rsa/2.0/build-key-pkcs12	2005-11-02 19:42:39.000000000 +0100
+++ openvpn-2.0.7/easy-rsa/2.0/build-key-pkcs12	2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,4 @@
+-#!/bin/bash
+#!/bin/sh
+ 
+ # Make a certificate/private key pair using a locally generated
+ # root certificate and convert it to a PKCS #12 file including the
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/build-key-server openvpn-2.0.7/easy-rsa/2.0/build-key-server
+--- openvpn-2.0.7.orig/easy-rsa/2.0/build-key-server	2005-11-02 19:42:39.000000000 +0100
+++ openvpn-2.0.7/easy-rsa/2.0/build-key-server	2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,4 @@
+-#!/bin/bash
+#!/bin/sh
+ 
+ # Make a certificate/private key pair using a locally generated
+ # root certificate.
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/build-req openvpn-2.0.7/easy-rsa/2.0/build-req
+--- openvpn-2.0.7.orig/easy-rsa/2.0/build-req	2005-11-02 19:42:38.000000000 +0100
+++ openvpn-2.0.7/easy-rsa/2.0/build-req	2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,4 @@
+-#!/bin/bash
+#!/bin/sh
+ 
+ # Build a certificate signing request and private key.  Use this
+ # when your root certificate and key is not available locally.
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/build-req-pass openvpn-2.0.7/easy-rsa/2.0/build-req-pass
+--- openvpn-2.0.7.orig/easy-rsa/2.0/build-req-pass	2005-11-02 19:42:39.000000000 +0100
+++ openvpn-2.0.7/easy-rsa/2.0/build-req-pass	2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,4 @@
+-#!/bin/bash
+#!/bin/sh
+ 
+ # Like build-req, but protect your private key
+ # with a password.
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/clean-all openvpn-2.0.7/easy-rsa/2.0/clean-all
+--- openvpn-2.0.7.orig/easy-rsa/2.0/clean-all	2005-11-02 19:42:39.000000000 +0100
+++ openvpn-2.0.7/easy-rsa/2.0/clean-all	2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,6 @@
+-#!/bin/bash
+#!/bin/sh
+
+. /etc/easy-rsa/vars
+ 
+ # Initialize the $KEY_DIR directory.
+ # Note that this script does a
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/inherit-inter openvpn-2.0.7/easy-rsa/2.0/inherit-inter
+--- openvpn-2.0.7.orig/easy-rsa/2.0/inherit-inter	2005-11-02 19:42:38.000000000 +0100
+++ openvpn-2.0.7/easy-rsa/2.0/inherit-inter	2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,6 @@
+-#!/bin/bash
+#!/bin/sh
+
+. /etc/easy-rsa/vars
+ 
+ # Build a new PKI which is rooted on an intermediate certificate generated
+ # by ./build-inter or ./pkitool --inter from a parent PKI.  The new PKI should
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/list-crl openvpn-2.0.7/easy-rsa/2.0/list-crl
+--- openvpn-2.0.7.orig/easy-rsa/2.0/list-crl	2005-11-02 19:42:39.000000000 +0100
+++ openvpn-2.0.7/easy-rsa/2.0/list-crl	2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,6 @@
+-#!/bin/bash
+#!/bin/sh
+
+. /etc/easy-rsa/vars
+ 
+ # list revoked certificates
+ 
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/pkitool openvpn-2.0.7/easy-rsa/2.0/pkitool
+--- openvpn-2.0.7.orig/easy-rsa/2.0/pkitool	2005-11-02 19:42:38.000000000 +0100
+++ openvpn-2.0.7/easy-rsa/2.0/pkitool	2006-05-09 17:47:40.000000000 +0200
+@@ -1,5 +1,7 @@
+ #!/bin/sh
+ 
+. /etc/easy-rsa/vars
+
+ #  OpenVPN -- An application to securely tunnel IP networks
+ #             over a single TCP/UDP port, with support for SSL/TLS-based
+ #             session authentication and key exchange,
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/revoke-full openvpn-2.0.7/easy-rsa/2.0/revoke-full
+--- openvpn-2.0.7.orig/easy-rsa/2.0/revoke-full	2005-11-02 19:42:39.000000000 +0100
+++ openvpn-2.0.7/easy-rsa/2.0/revoke-full	2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,6 @@
+-#!/bin/bash
+#!/bin/sh
+
+. /etc/easy-rsa/vars
+ 
+ # revoke a certificate, regenerate CRL,
+ # and verify revocation
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/sign-req openvpn-2.0.7/easy-rsa/2.0/sign-req
+--- openvpn-2.0.7.orig/easy-rsa/2.0/sign-req	2005-11-02 19:42:39.000000000 +0100
+++ openvpn-2.0.7/easy-rsa/2.0/sign-req	2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,4 @@
+-#!/bin/bash
+#!/bin/sh
+ 
+ # Sign a certificate signing request (a .csr file)
+ # with a local root certificate and key.
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/vars openvpn-2.0.7/easy-rsa/2.0/vars
+--- openvpn-2.0.7.orig/easy-rsa/2.0/vars	2005-11-02 19:42:39.000000000 +0100
+++ openvpn-2.0.7/easy-rsa/2.0/vars	2006-05-09 17:47:40.000000000 +0200
+@@ -12,7 +12,7 @@
+ # This variable should point to
+ # the top level of the easy-rsa
+ # tree.
+-export EASY_RSA="`pwd`"
+export EASY_RSA="/etc/easy-rsa"
+ 
+ # This variable should point to
+ # the openssl.cnf file included