[rs-commit] r188 - in /rs-distribution/trunk/nixos: ./ pkgs/servers/http/apache-modules/mod_crl/ pkgs/servers/http/apache-modules/mod_csr/ pkgs/servers/http/apache-modules/mod_ocsp/ pkgs/servers/http/apache-modules/mod_pkcs12/ pkgs/servers/http/apache-modules/mod_scep/ pkgs/servers/http/apache-modules/mod_spkac/ pkgs/servers/http/apache-modules/mod_timestamp/
rs-commit at redwax.eu
rs-commit at redwax.eu
Fri Dec 13 21:26:22 CET 2019
Author: dirkx at redwax.eu
Date: Fri Dec 13 21:26:21 2019
New Revision: 188
Log:
Update nixos build with correct 0.2.1 checksums.
Added:
rs-distribution/trunk/nixos/gen-sha256
rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_csr/openssl_setter_compat.h (with props)
rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_scep/openssl_setter_compat.h (with props)
Modified:
rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_crl/default.nix
rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_csr/default.nix
rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_ocsp/default.nix
rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_pkcs12/default.nix
rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_scep/default.nix
rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_spkac/default.nix
rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_timestamp/default.nix
Added: rs-distribution/trunk/nixos/gen-sha256
==============================================================================
--- rs-distribution/trunk/nixos/gen-sha256 (added)
+++ rs-distribution/trunk/nixos/gen-sha256 Fri Dec 13 21:26:21 2019
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+if [ $# != 1 ]; then
+ echo "$0 <version tag>"
+ exit 1
+fi
+VERSION=$1
+for i in mod_ca mod_csr mod_pkcs12 mod_spkac mod_crl mod_ocsp mod_scep mod_timestamp
+do
+ SHA=`nix-prefetch-url https://redwax.eu/dist/rs/$i-${VERSION}.tar.gz`
+ echo $i: $SHA
+done | sort
+
Modified: rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_crl/default.nix
==============================================================================
--- rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_crl/default.nix (original)
+++ rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_crl/default.nix Fri Dec 13 21:26:21 2019
@@ -1,18 +1,21 @@
-{ stdenv, fetchsvn, gnused, coreutils, pkgconfig, apacheHttpd, openssl, openldap, mod_ca, apr, aprutil }:
+{ stdenv, fetchurl, gnused, coreutils, pkgconfig, apacheHttpd, openssl, openldap, mod_ca, apr, aprutil }:
stdenv.mkDerivation rec {
name = "mod_crl";
meta = with stdenv.lib; {
+ description = "RedWax CA service module to handle Certificate Revocation Lists.";
+ baseurl = "https://redwax.eu/dist/rs/";
+ suffix = ".tar.gz";
homepage = "https://redwax.eu";
- description = "RedWax CA service module to handle Certificate Revocation Lists.";
license = licenses.asl20;
maintainers = with maintainers; [ dirkx ];
+ version = "0.2.1";
};
- src = fetchsvn {
- url = "https://source.redwax.eu/svn/redwax/rs/mod_crl/trunk";
- sha256 = "0z9pvv8c10w9rrm29i1zn4vmvxnj525f9xpyy6pyrn26ijbs91qv";
+ src = fetchurl {
+ url = "${meta.baseurl}${name}-${meta.version}${meta.suffix}";
+ sha256 = "0k6iqn5a4bqdz3yx6d53f1r75c21jnwhxmmcq071zq0361xjzzj6";
};
buildInputs = [ mod_ca gnused coreutils pkgconfig apacheHttpd apr aprutil openssl openldap ];
Modified: rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_csr/default.nix
==============================================================================
--- rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_csr/default.nix (original)
+++ rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_csr/default.nix Fri Dec 13 21:26:21 2019
@@ -1,19 +1,25 @@
-{ stdenv, fetchsvn, gnused, coreutils, pkgconfig, apacheHttpd, openssl, openldap, apr, aprutil, mod_ca }:
+{ stdenv, fetchurl, gnused, coreutils, pkgconfig, apacheHttpd, openssl, openldap, apr, aprutil, mod_ca }:
stdenv.mkDerivation rec {
name = "mod_csr";
meta = with stdenv.lib; {
+ description = "RedWax CA service module to handle Certificate Signing Requests.";
+ baseurl = "https://redwax.eu/dist/rs/";
+ suffix = ".tar.gz";
homepage = "https://redwax.eu";
- description = "RedWax CA service module to handle Certificate Signing Requests.";
license = licenses.asl20;
maintainers = with maintainers; [ dirkx ];
+ version = "0.2.1";
};
- src = fetchsvn {
- url = "https://source.redwax.eu/svn/redwax/rs/mod_csr/trunk";
- sha256 = "07fnswqxlv40kbj35vqhimk2qhwm01lky7y7z302hc1h14x2cn9z";
+
+ src = fetchurl {
+ url = "${meta.baseurl}${name}-${meta.version}${meta.suffix}";
+ sha256 = "01sdvv07kchdd6ssrmd2cbhj50qh2ibp5g5h6jy1jqbzp0b3j9ja";
};
buildInputs = [ mod_ca gnused coreutils pkgconfig apacheHttpd apr aprutil openssl openldap ];
+
+ preBuild = "cp ${./openssl_setter_compat.h} openssl_setter_compat.h";
configurePlatforms = [];
configureFlags = [
Added: rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_csr/openssl_setter_compat.h
==============================================================================
--- rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_csr/openssl_setter_compat.h (added)
+++ rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_csr/openssl_setter_compat.h Fri Dec 13 21:26:21 2019
@@ -0,0 +1,66 @@
+/* Licensed to Stichting The Commons Conservancy (TCC) under one or more
+ * contributor license agreements. See the AUTHORS file distributed with
+ * this work for additional information regarding copyright ownership.
+ * TCC licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// These routines are copies from OpenSSL/1.1.1 its x509/x509_req.c
+// and the private header files for that. They are needed as
+// starting with OpenSSL 1.1.0 the X509_req structure became
+// private; and got some get0 functions to access its internals.
+// But no getter's until post 1.1.1 (PR#10563). So this is a
+// stopgap for these lacking releases.
+//
+// Testest against:
+// openssl-1.0.2t 0x01000214fL (does not need it, privates still accessile)
+// openssl-1.1.0l 0x0101000cfL (needs it)
+// openssl-1.1.1d 0x01010104fL (last version that needs it)
+// openssl-1.1.1-dev (should not need it - post PR#10563).
+//
+/* #if OPENSSL_VERSION_NUMBER >= 0x010100000L && OPENSSL_VERSION_NUMBER <= 0x01010104fL */
+#if OPENSSL_VERSION_NUMBER >= 0x010100000L
+#include "openssl/x509.h"
+
+#define HAS_OPENSSL_PR10563_WORK_AROUND
+
+struct X509_req_info_st {
+ ASN1_ENCODING enc;
+ ASN1_INTEGER *version;
+ X509_NAME *subject;
+ X509_PUBKEY *pubkey;
+ STACK_OF(X509_ATTRIBUTE) *attributes;
+};
+
+typedef _Atomic int CRYPTO_REF_COUNT;
+
+struct X509_req_st {
+ X509_REQ_INFO req_info;
+ X509_ALGOR sig_alg;
+ ASN1_BIT_STRING *signature; /* signature */
+ CRYPTO_REF_COUNT references;
+ CRYPTO_RWLOCK *lock;
+# ifndef OPENSSL_NO_SM2
+ ASN1_OCTET_STRING *sm2_id;
+# endif
+};
+
+
+static void _X509_REQ_set1_signature(X509_REQ *req, X509_ALGOR *palg)
+{
+ if (req->sig_alg.algorithm)
+ ASN1_OBJECT_free(req->sig_alg.algorithm);
+ if (req->sig_alg.parameter)
+ ASN1_TYPE_free(req->sig_alg.parameter);
+ req->sig_alg = *palg;
+}
+#endif
Propchange: rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_csr/openssl_setter_compat.h
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_csr/openssl_setter_compat.h
------------------------------------------------------------------------------
svn:keywords = Author Date Id Rev URL
Modified: rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_ocsp/default.nix
==============================================================================
--- rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_ocsp/default.nix (original)
+++ rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_ocsp/default.nix Fri Dec 13 21:26:21 2019
@@ -1,19 +1,31 @@
-{ stdenv, fetchsvn, gnused, coreutils, pkgconfig, apacheHttpd, openssl, openldap, apr, aprutil, mod_ca }:
-with import <nixpkgs> {};
+{ stdenv, fetchurl, gnused, coreutils, pkgconfig, apacheHttpd, openssl, openldap, apr, aprutil, mod_ca }:
stdenv.mkDerivation rec {
name = "mod_ocsp";
meta = with stdenv.lib; {
- homepage = "https://redwax.eu";
- description = "RedWax CA service modules of OCSP Online Certificate Validation";
- license = licenses.asl20;
- maintainers = with maintainers; [ dirkx ];
+ description = "RedWax CA service modules of OCSP Online Certificate Validation";
+ suffix = ".tar.gz";
+
+ baseurl = "https://redwax.eu/dist/rs/";
+ homepage = "https://redwax.eu";
+
+ license = licenses.asl20;
+
+ maintainers = with maintainers; [ dirkx ];
+
+ version = "0.2.1";
+
+ # This propably should be a wildcard - as we build on all
+ # current NixOS platforms.
+ # platforms = [ platforms.linux platforms.darwin ];
+
};
- src = fetchsvn {
- url = "https://source.redwax.eu/svn/redwax/rs/mod_ocsp/trunk";
- sha256 = "1qai3gcq3mdxqlycd3yns1p2kz0lbwl43573cr98hmrmgwzbwy9c";
+ src = fetchurl {
+ url = "${meta.baseurl}${name}-${meta.version}${meta.suffix}";
+
+ sha256 = "1vwgai56krdf8knb0mgy07ni9mqxk82bcb4gibwpnxvl6qwgv2i0";
};
buildInputs = [ mod_ca gnused coreutils pkgconfig apacheHttpd apr aprutil openssl openldap ];
Modified: rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_pkcs12/default.nix
==============================================================================
--- rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_pkcs12/default.nix (original)
+++ rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_pkcs12/default.nix Fri Dec 13 21:26:21 2019
@@ -1,18 +1,29 @@
-{ stdenv, fetchsvn, gnused, coreutils, pkgconfig, apacheHttpd, openssl, openldap, apr, aprutil, mod_ca }:
+{ stdenv, fetchurl, gnused, coreutils, pkgconfig, apacheHttpd, openssl, openldap, apr, aprutil, mod_ca }:
stdenv.mkDerivation rec {
name = "mod_pkcs12";
meta = with stdenv.lib; {
- homepage = "https://redwax.eu";
- description = "RedWax CA service modules for PKCS#12 format files";
- license = licenses.asl20;
- maintainers = with maintainers; [ dirkx ];
+ description = "RedWax CA service modules for PKCS#12 format files";
+ suffix = ".tar.gz";
+
+ baseurl = "https://redwax.eu/dist/rs/";
+ homepage = "https://redwax.eu";
+
+ license = licenses.asl20;
+
+ maintainers = with maintainers; [ dirkx ];
+
+ version = "0.2.1";
+
+ # This propably should be a wildcard - as we build on all
+ # current NixOS platforms.
+ # platforms = [ platforms.linux platforms.darwin ];
};
- src = fetchsvn {
- url = "https://source.redwax.eu/svn/redwax/rs/mod_pkcs12/trunk";
- sha256 = "0ph88f3n0x7fdxdgv9vbmxxij7hy3gipf96vbp4546b9zr2fs6b8";
+ src = fetchurl {
+ url = "${meta.baseurl}${name}-${meta.version}${meta.suffix}";
+ sha256 = "0by4qfjs3a8q0amzwazfq8ii6ydv36v2mjga0jzc9i6xyl4rs6ai";
};
buildInputs = [ mod_ca gnused coreutils pkgconfig apacheHttpd apr aprutil openssl openldap ];
Modified: rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_scep/default.nix
==============================================================================
--- rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_scep/default.nix (original)
+++ rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_scep/default.nix Fri Dec 13 21:26:21 2019
@@ -1,21 +1,34 @@
-{ stdenv, fetchsvn, gnused, coreutils, pkgconfig, apacheHttpd, openssl, openldap , apr, aprutil, mod_ca}:
+{ stdenv, fetchurl, gnused, coreutils, pkgconfig, apacheHttpd, openssl, openldap , apr, aprutil, mod_ca}:
stdenv.mkDerivation rec {
name = "mod_scep";
meta = with stdenv.lib; {
- homepage = "https://redwax.eu";
- description = "RedWax CA service modules for SCEP (Automatic ceritifcate issue/renewal)";
- license = licenses.asl20;
- maintainers = with maintainers; [ dirkx ];
+ description = "RedWax CA service modules for SCEP (Automatic ceritifcate issue/renewal)";
+ suffix = ".tar.gz";
+
+ baseurl = "https://redwax.eu/dist/rs/";
+ homepage = "https://redwax.eu";
+
+ license = licenses.asl20;
+
+ maintainers = with maintainers; [ dirkx ];
+
+ version = "0.2.1";
+
+ # This propably should be a wildcard - as we build on all
+ # current NixOS platforms.
+ # platforms = [ platforms.linux platforms.darwin ];
+
};
- src = fetchsvn {
- url = "https://source.redwax.eu/svn/redwax/rs/mod_scep/trunk";
- sha256 = "0b5np7mbfbczi8vmil9gy5rlh268idmz7p053rwy90v26y6wd8vv";
+ src = fetchurl {
+ url = "${meta.baseurl}${name}-${meta.version}${meta.suffix}";
+
+ sha256 = "14l8v6y6kx5dg8avb5ny95qdcgrw40ss80nqrgmw615mk7zcj81f";
};
+ preBuild = "cp ${./openssl_setter_compat.h} openssl_setter_compat.h";
buildInputs = [ mod_ca gnused coreutils pkgconfig apacheHttpd apr aprutil openssl openldap ];
-
configurePlatforms = [];
configureFlags = [
"--with-apxs=${apacheHttpd.dev}/bin/apxs"
Added: rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_scep/openssl_setter_compat.h
==============================================================================
--- rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_scep/openssl_setter_compat.h (added)
+++ rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_scep/openssl_setter_compat.h Fri Dec 13 21:26:21 2019
@@ -0,0 +1,66 @@
+/* Licensed to Stichting The Commons Conservancy (TCC) under one or more
+ * contributor license agreements. See the AUTHORS file distributed with
+ * this work for additional information regarding copyright ownership.
+ * TCC licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// These routines are copies from OpenSSL/1.1.1 its x509/x509_req.c
+// and the private header files for that. They are needed as
+// starting with OpenSSL 1.1.0 the X509_req structure became
+// private; and got some get0 functions to access its internals.
+// But no getter's until post 1.1.1 (PR#10563). So this is a
+// stopgap for these lacking releases.
+//
+// Testest against:
+// openssl-1.0.2t 0x01000214fL (does not need it, privates still accessile)
+// openssl-1.1.0l 0x0101000cfL (needs it)
+// openssl-1.1.1d 0x01010104fL (last version that needs it)
+// openssl-1.1.1-dev (should not need it - post PR#10563).
+//
+/* #if OPENSSL_VERSION_NUMBER >= 0x010100000L && OPENSSL_VERSION_NUMBER <= 0x01010104fL */
+#if OPENSSL_VERSION_NUMBER >= 0x010100000L
+#include "openssl/x509.h"
+
+#define HAS_OPENSSL_PR10563_WORK_AROUND
+
+struct X509_req_info_st {
+ ASN1_ENCODING enc;
+ ASN1_INTEGER *version;
+ X509_NAME *subject;
+ X509_PUBKEY *pubkey;
+ STACK_OF(X509_ATTRIBUTE) *attributes;
+};
+
+typedef _Atomic int CRYPTO_REF_COUNT;
+
+struct X509_req_st {
+ X509_REQ_INFO req_info;
+ X509_ALGOR sig_alg;
+ ASN1_BIT_STRING *signature; /* signature */
+ CRYPTO_REF_COUNT references;
+ CRYPTO_RWLOCK *lock;
+# ifndef OPENSSL_NO_SM2
+ ASN1_OCTET_STRING *sm2_id;
+# endif
+};
+
+
+static void _X509_REQ_set1_signature(X509_REQ *req, X509_ALGOR *palg)
+{
+ if (req->sig_alg.algorithm)
+ ASN1_OBJECT_free(req->sig_alg.algorithm);
+ if (req->sig_alg.parameter)
+ ASN1_TYPE_free(req->sig_alg.parameter);
+ req->sig_alg = *palg;
+}
+#endif
Propchange: rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_scep/openssl_setter_compat.h
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_scep/openssl_setter_compat.h
------------------------------------------------------------------------------
svn:keywords = Author Date Id Rev URL
Modified: rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_spkac/default.nix
==============================================================================
--- rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_spkac/default.nix (original)
+++ rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_spkac/default.nix Fri Dec 13 21:26:21 2019
@@ -1,18 +1,31 @@
-{ stdenv, fetchsvn, gnused, coreutils, pkgconfig, apacheHttpd, openssl, openldap , apr, aprutil, mod_ca}:
+{ stdenv, fetchurl, gnused, coreutils, pkgconfig, apacheHttpd, openssl, openldap , apr, aprutil, mod_ca}:
stdenv.mkDerivation rec {
name = "mod_spkac";
meta = with stdenv.lib; {
- homepage = "https://redwax.eu";
- description = "RedWax CA service module for handling the Netscape keygen requests. ";
- license = licenses.asl20;
- maintainers = with maintainers; [ dirkx ];
+ description = "RedWax CA service module for handling the Netscape keygen requests. ";
+ suffix = ".tar.gz";
+
+ baseurl = "https://redwax.eu/dist/rs/";
+ homepage = "https://redwax.eu";
+
+ license = licenses.asl20;
+
+ maintainers = with maintainers; [ dirkx ];
+
+ version = "0.2.1";
+
+ # This propably should be a wildcard - as we build on all
+ # current NixOS platforms.
+ # platforms = [ platforms.linux platforms.darwin ];
+
};
- src = fetchsvn {
- url = "https://source.redwax.eu/svn/redwax/rs/mod_spkac/trunk";
- sha256 = "0m9l30pa552jnrjrngk2k60sdqi7b8bsaiiz777bxxrxvaw5fyij";
+ src = fetchurl {
+ url = "${meta.baseurl}${name}-${meta.version}${meta.suffix}";
+
+ sha256 = "0x6ia9qcr7lx2awpv9cr4ndic5f4g8yqzmp2hz66zpzkmk2b2pyz";
};
buildInputs = [ mod_ca gnused coreutils pkgconfig apacheHttpd apr aprutil openssl openldap ];
Modified: rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_timestamp/default.nix
==============================================================================
--- rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_timestamp/default.nix (original)
+++ rs-distribution/trunk/nixos/pkgs/servers/http/apache-modules/mod_timestamp/default.nix Fri Dec 13 21:26:21 2019
@@ -1,18 +1,30 @@
-{ stdenv, fetchsvn, gnused, coreutils, pkgconfig, apacheHttpd, openssl, openldap, apr, aprutil, mod_ca}:
+{ stdenv, fetchurl, gnused, coreutils, pkgconfig, apacheHttpd, openssl, openldap, apr, aprutil, mod_ca}:
stdenv.mkDerivation rec {
name = "mod_timestamp";
meta = with stdenv.lib; {
- homepage = "https://redwax.eu";
- description = "RedWax CA service module for issuing signed timestamps.";
- license = licenses.asl20;
- maintainers = with maintainers; [ dirkx ];
+ description = "RedWax CA service module for issuing signed timestamps.";
+ suffix = ".tar.gz";
+
+ baseurl = "https://redwax.eu/dist/rs/";
+ homepage = "https://redwax.eu";
+
+ license = licenses.asl20;
+
+ maintainers = with maintainers; [ dirkx ];
+
+ version = "0.2.1";
+
+ # This propably should be a wildcard - as we build on all
+ # current NixOS platforms.
+ # platforms = [ platforms.linux platforms.darwin ];
};
- src = fetchsvn {
- url = "https://source.redwax.eu/svn/redwax/rs/mod_timestamp/trunk";
- sha256 = "1gdd3vq4w8d6ppkwavpj6q1z21wmyzvjfb2sg2dkbkz1rs2bgfcx";
+ src = fetchurl {
+ url = "${meta.baseurl}${name}-${meta.version}${meta.suffix}";
+
+ sha256 = "0j4b04dbdwn9aff3da9m0lnqi0qbw6c6hhi81skl15kyc3vzp67f";
};
buildInputs = [ mod_ca gnused coreutils pkgconfig apacheHttpd apr aprutil openssl openldap ];
More information about the rs-commit
mailing list