colin
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

easyrsa: default EASYRSA_OPENSSL, add installCheckPhase

This commit is contained in:
Morgan Jones 2024-02-18 17:29:37 -08:00
parent 311a4be96d
commit c9b61a3205
No known key found for this signature in database
GPG Key ID: 52BAC54ED447974E
1 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
pkgs/tools/networking/easyrsa/default.nix
View File

@ -8,10 +8,11 @@ stdenv.mkDerivation rec {
owner = "OpenVPN";
repo = "easy-rsa";
rev = "v${version}";
sha256 = "sha256-zdVcT04nj7eE1a6M7WHeWpwG/TVTwyK+WgD70XwPXfY=";
hash = "sha256-zdVcT04nj7eE1a6M7WHeWpwG/TVTwyK+WgD70XwPXfY=";
};
nativeBuildInputs = [ makeWrapper ];
nativeInstallCheckInputs = [ openssl.bin ];
installPhase = ''
mkdir -p $out/share/easy-rsa
@ -26,7 +27,7 @@ stdenv.mkDerivation rec {
# Wrap it with the correct OpenSSL binary.
wrapProgram $out/bin/easyrsa \
--set EASYRSA_OPENSSL ${openssl.bin}/bin/openssl
--set-default EASYRSA_OPENSSL ${openssl.bin}/bin/openssl
# Helper utility
cat > $out/bin/easyrsa-init <<EOF
@ -36,6 +37,21 @@ stdenv.mkDerivation rec {
chmod +x $out/bin/easyrsa-init
'';
doInstallCheck = true;
postInstallCheck = ''
set -euo pipefail
export EASYRSA_BATCH=1
export EASYRSA_PASSIN=pass:nixpkgs
export EASYRSA_PASSOUT="$EASYRSA_PASSIN"
export EASYRSA_REQ_CN='nixpkgs test CA'
export EASYRSA_KEY_SIZE=3072
export EASYRSA_ALGO=rsa
export EASYRSA_DIGEST=sha512
$out/bin/easyrsa init-pki
$out/bin/easyrsa build-ca
openssl x509 -in pki/ca.crt -noout -subject | tee /dev/stderr | grep -zq "$EASYRSA_REQ_CN"
'';
meta = with lib; {
description = "Simple shell based CA utility";
homepage = "https://openvpn.net/";