From ec89d11494c05906e0dd297ac11f9bf48e830ad1 Mon Sep 17 00:00:00 2001
From: Sunil Mohan Adapa <sunil@medhas.org>
Date: Thu, 24 Aug 2023 07:31:12 -0700
Subject: [PATCH] openvpn: Fix app not installing Debian testing

Closes: #2370.

- In Debian testing (trixie), easy-rsa version is 3.1.5 (up from 3.1.0). In this
version trying to sign a certificate request when the final certificate is
already present leads to an error which fails openvpn app installation.

- In versions 3.1.0 (Debian bookworm/stable) and above, build-server-full also
generates a signing request and then signs the request. So, there is no need to
run them separately.

Tests:

- Uninstall openvpn test that /etc/openvpn directory has been removed. Install
openvpn download client profile and connect using 'sudo openvpn --config
tester.ovpn'. The connection will be successful.

- Files /etc/openvpn/freedombox-keys/pki/issues/{server,tester}.ovpn show
signature values.

- Repeat test for Debian testing and stable/bookworm.

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
---
 plinth/modules/openvpn/privileged.py | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/plinth/modules/openvpn/privileged.py b/plinth/modules/openvpn/privileged.py
index aaf0432d3..7880390d4 100644
--- a/plinth/modules/openvpn/privileged.py
+++ b/plinth/modules/openvpn/privileged.py
@@ -162,10 +162,6 @@ def _create_certificates():
     subprocess.check_call([easy_rsa, 'build-ca', 'nopass'], **COMMON_ARGS)
     subprocess.check_call([easy_rsa, 'build-server-full', 'server', 'nopass'],
                           **COMMON_ARGS)
-    subprocess.check_call([easy_rsa, 'gen-req', 'server', 'nopass'],
-                          **COMMON_ARGS)
-    subprocess.check_call([easy_rsa, 'sign-req', 'server', 'server'],
-                          **COMMON_ARGS)
 
 
 @privileged