From 48c2df5d118c98d8ba31eb62455218002eda2d77 Mon Sep 17 00:00:00 2001 From: Hugues Fafard Date: Mon, 5 Mar 2018 17:25:12 +0100 Subject: [PATCH 1/3] Added soft-reset option for `init-pki` subcommand. --- easyrsa3/easyrsa | 32 +++++++++++++++++++++++++++++--- 1 file changed, 29 insertions(+), 3 deletions(-) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index cede5b1..fd22625 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -26,7 +26,7 @@ For a listing of options that can be supplied before the command, use: Here is the list of commands available with a short syntax reminder. Use the 'help' command above to get full usage details. - init-pki + init-pki [ cmd-opts ] build-ca [ cmd-opts ] gen-dh gen-req [ cmd-opts ] @@ -64,7 +64,10 @@ cmd_help() { case "$1" in init-pki|clean-all) text=" init-pki [ cmd-opts ] - Removes & re-initializes the PKI dir for a clean PKI" ;; + Removes & re-initializes the PKI dir for a clean PKI" + opts=" + hard-reset - Recursively deletes the PKI directory if it exists. + soft-reset - Keeps the vars file and the PKI directory itself intact." ;; build-ca) text=" build-ca [ cmd-opts ] Creates a new CA" @@ -390,6 +393,16 @@ $help_note" init_pki() { vars_source_check + reset="soft" + while [ -n "$1" ]; do + case "$1" in + hard-reset|hard) reset="hard" ;; + soft-reset|soft) reset="soft" ;; + *) warn "Ignoring unknown command option: '$1'" ;; + esac + shift + done + # If EASYRSA_PKI exists, confirm before we rm -rf (skiped with EASYRSA_BATCH) if [ -e "$EASYRSA_PKI" ]; then confirm "Confirm removal: " "yes" " @@ -398,7 +411,20 @@ WARNING!!! You are about to remove the EASYRSA_PKI at: $EASYRSA_PKI and initialize a fresh PKI here." # now remove it: - rm -rf "$EASYRSA_PKI" || die "Removal of PKI dir failed. Check/correct errors above" + case "$reset" in + hard) + rm -rf "$EASYRSA_PKI" || die "Removal of PKI dir failed. Check/correct errors above" + ;; + soft) + files="ca.crt certs_by_serial ecparams index.txt issued private reqs serial" + for i in $files; do + rm -rf "$EASYRSA_PKI/$i" || die "Removal of PKI dir failed. Check/correct errors above" + done + ;; + *) + die "Removal of PKI dir failed. Unknown reset type." + ;; + esac fi # new dirs: From 5f7707dcc590d881a92600d7c2adbf4d3999614e Mon Sep 17 00:00:00 2001 From: Hugues Fafard Date: Mon, 5 Mar 2018 17:35:56 +0100 Subject: [PATCH 2/3] Forgot some files for 'soft-reset' --- easyrsa3/easyrsa | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index fd22625..76d3e70 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -416,11 +416,13 @@ and initialize a fresh PKI here." rm -rf "$EASYRSA_PKI" || die "Removal of PKI dir failed. Check/correct errors above" ;; soft) - files="ca.crt certs_by_serial ecparams index.txt issued private reqs serial" + files="ca.crt certs_by_serial ecparams index.txt index.txt.attr index.txt.old issued private reqs serial serial.old" for i in $files; do rm -rf "$EASYRSA_PKI/$i" || die "Removal of PKI dir failed. Check/correct errors above" done ;; + # More modes could be added here, e.g. only remove + # issued certs (and clean database), but keep CA intact. *) die "Removal of PKI dir failed. Unknown reset type." ;; From 0db2dbe961728b69c3a9fa96c88e1aad5b7b2361 Mon Sep 17 00:00:00 2001 From: Hugues Fafard Date: Mon, 5 Mar 2018 17:57:36 +0100 Subject: [PATCH 3/3] Fixed SC2115 --- easyrsa3/easyrsa | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index 76d3e70..ea7725b 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -418,7 +418,7 @@ and initialize a fresh PKI here." soft) files="ca.crt certs_by_serial ecparams index.txt index.txt.attr index.txt.old issued private reqs serial serial.old" for i in $files; do - rm -rf "$EASYRSA_PKI/$i" || die "Removal of PKI dir failed. Check/correct errors above" + rm -rf "${EASYRSA_PKI:?}/$i" || die "Removal of PKI dir failed. Check/correct errors above" done ;; # More modes could be added here, e.g. only remove