tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom
nixpkgs / pkgs / by-name / ea / easyrsa / package.nix
at devShellTools-shell 72 lines 1.8 kB view raw
1{ 2 lib, 3 stdenv, 4 fetchFromGitHub, 5 openssl, 6 makeWrapper, 7 runtimeShell, 8}: 9 10stdenv.mkDerivation rec { 11 pname = "easyrsa"; 12 version = "3.2.3"; 13 14 src = fetchFromGitHub { 15 owner = "OpenVPN"; 16 repo = "easy-rsa"; 17 rev = "v${version}"; 18 hash = "sha256-TAJAwvcIkAB4YShK9NItw14UTvuxtNd/OxLDkO8p0d0="; 19 }; 20 21 nativeBuildInputs = [ makeWrapper ]; 22 nativeInstallCheckInputs = [ openssl.bin ]; 23 24 installPhase = '' 25 mkdir -p $out/share/easy-rsa 26 cp -r easyrsa3/{*.cnf,x509-types,vars.example} $out/share/easy-rsa 27 install -D -m755 easyrsa3/easyrsa $out/bin/easyrsa 28 29 substituteInPlace $out/bin/easyrsa \ 30 --replace /usr/ $out/ \ 31 --replace '~VER~' '${version}' \ 32 --replace '~GITHEAD~' 'v${version}' \ 33 --replace '~DATE~' '1970-01-01' 34 35 # Wrap it with the correct OpenSSL binary. 36 wrapProgram $out/bin/easyrsa \ 37 --set-default EASYRSA_OPENSSL ${openssl.bin}/bin/openssl 38 39 # Helper utility 40 cat > $out/bin/easyrsa-init <<EOF 41 #!${runtimeShell} -e 42 cp -r $out/share/easy-rsa/* . 43 EOF 44 chmod +x $out/bin/easyrsa-init 45 ''; 46 47 doInstallCheck = true; 48 postInstallCheck = '' 49 set -euo pipefail 50 export EASYRSA_BATCH=1 51 export EASYRSA_PASSIN=pass:nixpkgs 52 export EASYRSA_PASSOUT="$EASYRSA_PASSIN" 53 export EASYRSA_REQ_CN='nixpkgs test CA' 54 export EASYRSA_KEY_SIZE=3072 55 export EASYRSA_ALGO=rsa 56 export EASYRSA_DIGEST=sha512 57 $out/bin/easyrsa init-pki 58 $out/bin/easyrsa build-ca 59 openssl x509 -in pki/ca.crt -noout -subject | tee /dev/stderr | grep -zq "$EASYRSA_REQ_CN" 60 ''; 61 62 meta = with lib; { 63 description = "Simple shell based CA utility"; 64 homepage = "https://openvpn.net/"; 65 license = licenses.gpl2Only; 66 maintainers = [ 67 maintainers.offline 68 maintainers.numinit 69 ]; 70 platforms = platforms.unix; 71 }; 72}