diff options
| author | lilac | 2024-12-06 16:39:21 +0800 |
|---|---|---|
| committer | lilac | 2024-12-06 16:39:21 +0800 |
| commit | b960de483f5d113312a20fca8a553a94b4ff38da (patch) | |
| tree | a7009ccc3f92df9262fc656d9236edd8e8a9020f | |
| parent | 783211d292f74ca10249b60f63ec26e506fb91ab (diff) | |
| download | aur-b960de483f5d113312a20fca8a553a94b4ff38da.tar.gz | |
[lilac] updated to 1.78.1-1
| -rw-r--r-- | .SRCINFO | 10 | ||||
| -rw-r--r-- | 0001-allow-usage-of-ip-certificates-by-bypassing-hostname.patch | 30 | ||||
| -rw-r--r-- | PKGBUILD | 31 | ||||
| -rw-r--r-- | derper-ipcert.install | 6 |
4 files changed, 22 insertions, 55 deletions
@@ -1,6 +1,6 @@ pkgbase = derper-ipcert pkgdesc = A tool that runs a custom Tailscale DERP server (IP certs version) - pkgver = 1.76.6 + pkgver = 1.78.1 pkgrel = 1 url = https://github.com/tailscale/tailscale install = derper-ipcert.install @@ -11,22 +11,20 @@ pkgbase = derper-ipcert depends = bash depends = glibc depends = openssl - provides = derper=1.76.6 + provides = derper=1.78.1 conflicts = derper options = !lto backup = etc/conf.d/derper backup = etc/derper/openssl.cnf - source = derper-ipcert-v1.76.6.tar.gz::https://github.com/tailscale/tailscale/archive/v1.76.6.tar.gz + source = derper-ipcert-v1.78.1.tar.gz::https://github.com/tailscale/tailscale/archive/v1.78.1.tar.gz source = derper.conf source = derper.service source = openssl-cert-gen.sh source = openssl.cnf - source = 0001-allow-usage-of-ip-certificates-by-bypassing-hostname.patch - sha256sums = 1603c78a6a5e9f83b278d305e1196fbfdeeb841be10ac2ddb7ea433c2701234b + sha256sums = dbc25cc241bb233f183475f003d5508af7b45add1ca548b35a6a6fea91fb91af sha256sums = 8593d6c048f4174206cbac5d82810903eab8f0afef36c50be66a2c6018c9f988 sha256sums = cda0c4e9b6e3be7ca4950ae43bd29588447eba7233e52ea067eb0215ee8eed18 sha256sums = 8473e7dde4617d2899f97e0f1716e2bfa780837486b3c8fe1f5a9f57c9c440d9 sha256sums = fd981cea16dae0b6f3008a7009a2faabe1911706d06856d504a2e046fae63cc9 - sha256sums = 66407bec41131197d2b0133dafe0e04b814b6c458052509515a1284a42046719 pkgname = derper-ipcert diff --git a/0001-allow-usage-of-ip-certificates-by-bypassing-hostname.patch b/0001-allow-usage-of-ip-certificates-by-bypassing-hostname.patch deleted file mode 100644 index 5493ba21bc42..000000000000 --- a/0001-allow-usage-of-ip-certificates-by-bypassing-hostname.patch +++ /dev/null @@ -1,30 +0,0 @@ -From f28a942601e485bd284675b0310d7fd0ec8ef579 Mon Sep 17 00:00:00 2001 -From: Roald Clark <roaldclark@gmail.com> -Date: Thu, 3 Oct 2024 18:10:16 +0800 -Subject: [PATCH] allow usage of ip certificates by bypassing hostname check - -Signed-off-by: Roald Clark <roaldclark@gmail.com> ---- - cmd/derper/cert.go | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/cmd/derper/cert.go b/cmd/derper/cert.go -index db84aa515..7a3e1351c 100644 ---- a/cmd/derper/cert.go -+++ b/cmd/derper/cert.go -@@ -88,9 +88,9 @@ func (m *manualCertManager) TLSConfig() *tls.Config { - } - - func (m *manualCertManager) getCertificate(hi *tls.ClientHelloInfo) (*tls.Certificate, error) { -- if hi.ServerName != m.hostname { -- return nil, fmt.Errorf("cert mismatch with hostname: %q", hi.ServerName) -- } -+ //if hi.ServerName != m.hostname { -+ // return nil, fmt.Errorf("cert mismatch with hostname: %q", hi.ServerName) -+ //} - - // Return a shallow copy of the cert so the caller can append to its - // Certificate field. --- -2.46.2 - @@ -4,7 +4,7 @@ _pkgname=tailscale pkgname=derper-ipcert -pkgver=1.76.6 +pkgver=1.78.1 pkgrel=1 pkgdesc="A tool that runs a custom Tailscale DERP server (IP certs version)" arch=('x86_64' 'aarch64') @@ -28,22 +28,15 @@ source=("${pkgname}-v${pkgver}.tar.gz::${url}/archive/v${pkgver}.tar.gz" "derper.conf" "derper.service" "openssl-cert-gen.sh" - "openssl.cnf" - "0001-allow-usage-of-ip-certificates-by-bypassing-hostname.patch") -sha256sums=('1603c78a6a5e9f83b278d305e1196fbfdeeb841be10ac2ddb7ea433c2701234b' + "openssl.cnf") +sha256sums=('dbc25cc241bb233f183475f003d5508af7b45add1ca548b35a6a6fea91fb91af' '8593d6c048f4174206cbac5d82810903eab8f0afef36c50be66a2c6018c9f988' 'cda0c4e9b6e3be7ca4950ae43bd29588447eba7233e52ea067eb0215ee8eed18' '8473e7dde4617d2899f97e0f1716e2bfa780837486b3c8fe1f5a9f57c9c440d9' - 'fd981cea16dae0b6f3008a7009a2faabe1911706d06856d504a2e046fae63cc9' - '66407bec41131197d2b0133dafe0e04b814b6c458052509515a1284a42046719') - -prepare() { - cd "$srcdir/$_pkgname-$pkgver" - patch -Np1 -i ../0001-allow-usage-of-ip-certificates-by-bypassing-hostname.patch -} + 'fd981cea16dae0b6f3008a7009a2faabe1911706d06856d504a2e046fae63cc9') build() { - cd "$srcdir/$_pkgname-$pkgver" + cd "${srcdir}/${_pkgname}-${pkgver}" export CGO_CFLAGS="${CFLAGS}" export CGO_CPPFLAGS="${CPPFLAGS}" export CGO_CXXFLAGS="${CXXFLAGS}" @@ -55,12 +48,12 @@ build() { } package() { - cd "$srcdir/$_pkgname-$pkgver" - install -Dm644 ../derper.conf "$pkgdir/etc/conf.d/derper" - install -Dm644 ../derper.service -t "$pkgdir/usr/lib/systemd/system/" - install -Dm644 ../openssl-cert-gen.sh -t "$pkgdir/etc/derper/" - install -Dm644 ../openssl.cnf -t "$pkgdir/etc/derper/" - install -Dm644 LICENSE -t "$pkgdir/usr/share/licenses/$pkgname/" - install -Dm755 derper -t "$pkgdir/usr/bin/" + cd "${srcdir}/${_pkgname}-${pkgver}" + install -Dm644 ../derper.conf "${pkgdir}/etc/conf.d/derper" + install -Dm644 ../derper.service -t "${pkgdir}/usr/lib/systemd/system/" + install -Dm644 ../openssl-cert-gen.sh -t "${pkgdir}/etc/derper/" + install -Dm644 ../openssl.cnf -t "${pkgdir}/etc/derper/" + install -Dm644 LICENSE -t "${pkgdir}/usr/share/licenses/${pkgname}/" + install -Dm755 derper -t "${pkgdir}/usr/bin/" ln -sfv /var/lib/derper/certs "${pkgdir}/etc/derper/certs" } diff --git a/derper-ipcert.install b/derper-ipcert.install index b89282747d8b..074573ea8eb5 100644 --- a/derper-ipcert.install +++ b/derper-ipcert.install @@ -2,6 +2,12 @@ post_install() { echo ">>> Please check the contents of /etc/derper/openssl.cnf and /etc/conf.d/derper" echo ">>> After confirming they are correct, enable the service with the following command:" echo "systemctl enable derper.service --now" + echo ">>>" + echo ">>> Starting from version v1.78.0, the absence of SNI is allowed" + echo ">>> when using manual certificates with IP literals as the hostname." + echo ">>> As a result, patches are no longer required. For more details, see:" + echo "1. https://github.com/tailscale/tailscale/issues/11776" + echo "2. https://github.com/tailscale/tailscale/pull/14291" } post_upgrade() { |