From 1d1b7177d67f58315724fcf10cd71e36ee89eae7 Mon Sep 17 00:00:00 2001 From: Richard T Bonhomme Date: Thu, 19 May 2022 01:57:14 +0100 Subject: [PATCH] Standardise all output for warn(), notice() and message():[New] Signed-off-by: Richard T Bonhomme --- easyrsa3/easyrsa | 124 +++++++++++++++++++++++++++-------------------- 1 file changed, 72 insertions(+), 52 deletions(-) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index 1a9c4f8..151a291 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -363,8 +363,9 @@ Host: $host_out${EASYRSA_DEBUG+ # non-fatal warning output warn() { [ "$EASYRSA_SILENT" ] && return - print "* WARNING: - + print " +WARNING +======= $1 " 1>&2 } # => warn() @@ -373,11 +374,20 @@ $1 notice() { [ "$EASYRSA_SILENT" ] && return [ "$EASYRSA_BATCH" ] && return - print "* Notice: + print " +Notice +------ $1 " } # => notice() +# informational notices to stdout +message() { + [ "$EASYRSA_SILENT" ] && return + [ "$EASYRSA_BATCH" ] && return + print "* $1" +} # => notice() + # yes/no case-insensitive match (operates on stdin pipe) # Returns 0 when input contains yes, 1 for no, 2 for no match # If both strings are present, returns 1; first matching line returns. @@ -614,7 +624,7 @@ Expected to find openssl command at: $EASYRSA_OPENSSL" 3) no_password='-noenc' ;; *) die "Unsupported SSL library: $osslv_major" esac - notice "Using SSL: $EASYRSA_OPENSSL $val" + message "Using SSL: $EASYRSA_OPENSSL ${val}" EASYRSA_SSL_OK=1 fi @@ -746,17 +756,17 @@ and initialize a fresh PKI here." fi notice "\ +'init-pki' complete; you may now create a CA or requests. - init-pki complete; you may now create a CA or requests. - - Your newly created PKI dir is: - * $EASYRSA_PKI" +Your newly created PKI dir is: +* $EASYRSA_PKI" if [ "$user_vars_true" ]; then : # ok - No message required else - notice "\ - IMPORTANT: Easy-RSA 'vars' file has now been moved to your PKI above." + message "\ +IMPORTANT: Easy-RSA 'vars' file has now been moved to your PKI above. +" fi } # => init_pki() @@ -911,6 +921,8 @@ hide_read_pass() warn "Could not disable echo. Password will be shown on screen!" read -r "$@" fi + + return 0 } # => hide_read_pass() # build-ca backend: @@ -1081,20 +1093,20 @@ current CA keypair. If you intended to start a new CA, run init-pki first." [ -f "$out_key_pass_tmp" ] && rm "$out_key_pass_tmp" # Success messages - [ "$EASYRSA_SILENT" ] || print # Separate Notice below + #[ "$EASYRSA_SILENT" ] || print # Separate Notice below if [ -n "$sub_ca" ]; then notice "\ - NOTE: Your intermediate CA request is at $out_file and now must be sent to your parent CA for signing. Place your resulting cert at $EASYRSA_PKI/ca.crt prior to signing operations." else notice "\ - CA creation complete and you may now import and sign cert requests. Your new CA certificate file for publishing is at: $out_file" fi + + return 0 } # => build_ca() # gen-dh backend: @@ -1121,6 +1133,7 @@ gen_dh() { notice "\ DH parameters of size $EASYRSA_KEY_SIZE created at $out_file" + return 0 } # => gen_dh() @@ -1130,6 +1143,7 @@ gen_req() { [ -n "$1" ] || die "\ Error: gen-req must have a file base as the first argument. Run easyrsa without commands for usage and commands." + key_out="$EASYRSA_PKI/private/$1.key" req_out="$EASYRSA_PKI/reqs/$1.req" @@ -1208,11 +1222,12 @@ $EASYRSA_EXTRA_EXTS" ${ssl_batch+ -batch} \ ${EASYRSA_PASSOUT:+ -passout "$EASYRSA_PASSOUT"} \ || die "Failed to generate request" + + # Move temp-files to target-files mv "$key_out_tmp" "$key_out" mv "$req_out_tmp" "$req_out" notice "\ - Keypair and certificate request completed. Your files are: req: $req_out key: $key_out" @@ -1374,8 +1389,7 @@ $ext_tmp" [ "$EASYRSA_SILENT" ] || print # Separate Notice below unset -v EASYRSA_BATCH # This is why batch mode should not silence output - notice "\ -Certificate created at: $crt_out" + notice "Certificate created at: $crt_out" return 0 } # => sign_req() @@ -1389,12 +1403,15 @@ build_full() { [ -n "$2" ] || die "\ Error: didn't find a file base name as the first argument. Run easyrsa without commands for usage and commands." - crt_type="$1" name="$2" - req_out="$EASYRSA_PKI/reqs/$2.req" - key_out="$EASYRSA_PKI/private/$2.key" - crt_out="$EASYRSA_PKI/issued/$2.crt" + + crt_type="$1" + name="$2" shift 2 + req_out="$EASYRSA_PKI/reqs/$name.req" + key_out="$EASYRSA_PKI/private/$name.key" + crt_out="$EASYRSA_PKI/issued/$name.crt" + # function opts support while [ -n "$1" ]; do case "$1" in @@ -1435,6 +1452,8 @@ Matching file found at: " Inline file created: $inline_file" fi fi + + return 0 } # => build_full() # Create inline credentials file for this node @@ -1456,6 +1475,8 @@ inline_creds () printf "%s\n" "" printf "%s\n" "" } > "$inline_file" + + return 0 } # => inline_creds () # revoke backend @@ -1560,8 +1581,7 @@ Cannot revoke this certificate because a conflicting file exists. revoke_move [ "$EASYRSA_SILENT" ] || print # Separate Notice below - notice "\ - + notice " IMPORTANT!!! Revocation was successful. You must run gen-crl and upload a CRL to your @@ -1763,8 +1783,7 @@ Failed to renew certificate: renew command failed." # Success messages [ "$EASYRSA_SILENT" ] || print # Separate Notice below - notice "\ - + notice " IMPORTANT!!! Renew was successful: @@ -1806,6 +1825,8 @@ renew_restore_move() { else notice "Renewed files have been restored." fi + + return 0 } # => renew_restore_move() # renew_move @@ -1974,13 +1995,11 @@ Cannot revoke this certificate because a conflicting file exists. revoke_renewed_move [ "$EASYRSA_SILENT" ] || print # Separate Notice below - notice "\ - + notice " IMPORTANT!!! Revocation was successful. You must run gen-crl and upload a CRL to your -infrastructure in order to prevent the revoked renewed cert from being accepted. -" # => notice end +infrastructure in order to prevent the revoked renewed cert from being accepted." return 0 } # => revoke_renewed() @@ -2059,11 +2078,13 @@ BEGIN { FS = "\t" }; EOF matches=$(awk "$awkscript" "${in_dir}/index.txt") if [ -z "$matches" ] ; then - # Nothing to renew - exit 1 + : # ok - Nothing is renewable else print "$matches" fi + [ "$EASYRSA_SILENT" ] || print # Separate output above + + return 0 } # => renewable # Set certificate expire date, renew date and variables needed for fixdate @@ -2209,7 +2230,6 @@ CRL Generation failed." [ "$EASYRSA_SILENT" ] || print # Separate Notice below notice "\ - An updated CRL has been created. CRL file: $out_file" @@ -2242,7 +2262,6 @@ Existing file at: $out_req" cp "$in_req" "$out_req" notice "\ - The request has been successfully imported with a short name of: $short_name You may now use this name to perform signing operations on this request." @@ -2360,7 +2379,6 @@ Missing key expected at: $key_in" esac notice "\ - Successful export of $pkcs_type file. Your exported file is at the following location: $pkcs_out" @@ -2606,16 +2624,18 @@ This file is not a valid $type file: $in_file" notice "\ +Showing $type details for: '$name' - Showing $type details for '$name'. - This file is stored at: - * $in_file" +This file is stored at: +* $in_file" easyrsa_openssl "$format" -in "$in_file" -noout -text \ ${type_opts+ "$type_opts" "$out_opts"} \ ${name_opts+ -nameopt "$name_opts"} \ || die "\ OpenSSL failure to process the input" + + [ "$EASYRSA_SILENT" ] || print # Separate certificate above } # => show() # show-ca command backend @@ -2646,15 +2666,17 @@ $in_file" This file is not a valid $type file: $in_file" - notice "\ + notice " +Showing $type details for 'ca'. - Showing $type details for 'ca'. - This file is stored at: - * $in_file" +This file is stored at: +* $in_file" easyrsa_openssl "$format" -in "$in_file" -noout -text \ -nameopt "$name_opts" -certopt "$out_opts" || die "\ OpenSSL failure to process the input" + + [ "$EASYRSA_SILENT" ] || print # Separate certificate above } # => show_ca() # Fixed format date @@ -2733,6 +2755,7 @@ read_db() { *) die "Unrecognised report: $report" esac done < "$db_in" + [ "$EASYRSA_SILENT" ] || print # Separate Notice below } # => read_db() # Expire status @@ -2816,9 +2839,8 @@ status() { expire) case "$in_crt" in all) - [ "$EASYRSA_SILENT" ] || print "\ -* Showing certificates which expire in less than $EASYRSA_CERT_RENEW days: -" + [ "$EASYRSA_SILENT" ] || notice "\ +Showing certificates which expire in less than $EASYRSA_CERT_RENEW days:" read_db expire ;; *) print "Coming soon.." @@ -2827,9 +2849,8 @@ status() { revoke) case "$in_crt" in all) - [ "$EASYRSA_SILENT" ] || print "\ -* Showing certificates which are revoked: -" + [ "$EASYRSA_SILENT" ] || notice "\ +* Showing certificates which are revoked:" read_db revoke ;; *) print "Coming soon.." @@ -2838,9 +2859,8 @@ status() { renew) case "$in_crt" in all) - [ "$EASYRSA_SILENT" ] || print "\ -* Showing certificates which have been renewed but NOT revoked: -" + [ "$EASYRSA_SILENT" ] || notice "\ +* Showing certificates which have been renewed but NOT revoked:" read_db renew ;; *) print "Coming soon.." @@ -3047,8 +3067,7 @@ vars_setup() { Conflicting 'vars' files found. Priority should be given to your PKI vars file: -* $expected_pki_vars -" +* $expected_pki_vars" esac # If a SINGLE vars file is found then assign $vars @@ -3109,7 +3128,8 @@ Failed to source the vars file, remove any unsupported characters." # Source 'vars' now # shellcheck disable=1090 # can't follow non-constant source. vars . "$vars" 2>/dev/null - notice "Using Easy-RSA configuration from: $vars" + message "Using Easy-RSA configuration from: ${vars}" + if [ "$user_vars_true" ]; then : # ok - No message required else