| blob | 47f4e5a7b835f6dc8fd0869f0add67569e557332 |
1 { lib, stdenv, fetchFromGitHub, openssl, makeWrapper, runtimeShell }:
3 stdenv.mkDerivation rec {
4 pname = "easyrsa";
5 version = "3.1.7";
7 src = fetchFromGitHub {
8 owner = "OpenVPN";
9 repo = "easy-rsa";
10 rev = "v${version}";
11 hash = "sha256-zdVcT04nj7eE1a6M7WHeWpwG/TVTwyK+WgD70XwPXfY=";
12 };
14 nativeBuildInputs = [ makeWrapper ];
15 nativeInstallCheckInputs = [ openssl.bin ];
17 installPhase = ''
18 mkdir -p $out/share/easy-rsa
19 cp -r easyrsa3/{*.cnf,x509-types,vars.example} $out/share/easy-rsa
20 install -D -m755 easyrsa3/easyrsa $out/bin/easyrsa
22 substituteInPlace $out/bin/easyrsa \
23 --replace /usr/ $out/ \
24 --replace '~VER~' '${version}' \
25 --replace '~GITHEAD~' 'v${version}' \
26 --replace '~DATE~' '1970-01-01'
28 # Wrap it with the correct OpenSSL binary.
29 wrapProgram $out/bin/easyrsa \
30 --set-default EASYRSA_OPENSSL ${openssl.bin}/bin/openssl
32 # Helper utility
33 cat > $out/bin/easyrsa-init <<EOF
34 #!${runtimeShell} -e
35 cp -r $out/share/easy-rsa/* .
36 EOF
37 chmod +x $out/bin/easyrsa-init
38 '';
40 doInstallCheck = true;
41 postInstallCheck = ''
42 set -euo pipefail
43 export EASYRSA_BATCH=1
44 export EASYRSA_PASSIN=pass:nixpkgs
45 export EASYRSA_PASSOUT="$EASYRSA_PASSIN"
46 export EASYRSA_REQ_CN='nixpkgs test CA'
47 export EASYRSA_KEY_SIZE=3072
48 export EASYRSA_ALGO=rsa
49 export EASYRSA_DIGEST=sha512
50 $out/bin/easyrsa init-pki
51 $out/bin/easyrsa build-ca
52 openssl x509 -in pki/ca.crt -noout -subject | tee /dev/stderr | grep -zq "$EASYRSA_REQ_CN"
53 '';
55 meta = with lib; {
56 description = "Simple shell based CA utility";
57 homepage = "https://openvpn.net/";
58 license = licenses.gpl2Only;
59 maintainers = [ maintainers.offline maintainers.numinit ];
60 platforms = platforms.unix;
61 };
62 }