From 2ca66d331a03cb49e23f964c525582665052cd94 Mon Sep 17 00:00:00 2001 From: Richard Bonhomme Date: Sat, 26 Jan 2019 18:21:47 +0000 Subject: [PATCH] Improve op_test.sh New op_test.sh was commited before it was ready: * Improve TEMP_DIR management (./easyrsa3/temp must not exist) * Use WORK_DIR (./easyrsa3) * Clean up CUSTOM_OPTS * Clean up Sample requests * Clean up destroy_data (openssl_easyrsa.cnf must be restored) * Added note to import_req * Re-instate DEPS_DIR hooks * Improve output (newline) * Add required shellcheck exclusions (# shellcheck disable=SC2086 two instances) Signed-off-by: Richard Bonhomme --- op_test.sh | 84 +++++++++++++++++++++++++++++++++--------------------- 1 file changed, 51 insertions(+), 33 deletions(-) diff --git a/op_test.sh b/op_test.sh index 83efea3..d0bc7c5 100644 --- a/op_test.sh +++ b/op_test.sh @@ -52,29 +52,37 @@ exit 0 init () { ROOT_DIR="$(pwd)" - export TEMP_DIR="$ROOT_DIR/temp" + WORK_DIR="$ROOT_DIR/easyrsa3" + TEMP_DIR="$WORK_DIR/temp" + + if [ -d "$TEMP_DIR" ] + then + print "Aborted! Temporary directory exists: $TEMP_DIR" + exit 1 + fi + DIE=1 VERBOSE="${VERBOSE:-0}" VVERBOSE="${VVERBOSE:-0}" - FIRST_RUN=1 + SAVE_PKI="${SAVE_PKI:-0}" ERSA_OUT="${ERSA_OUT:-0}" ERSA_BIN="./easyrsa" CUSTOM_VARS="${CUSTOM_VARS:-1}" UNSIGNED_PKI="${UNSIGNED_PKI:-1}" SYS_SSL_ENABLE="${SYS_SSL_ENABLE:-1}" BROKEN_PKI="${BROKEN_PKI:-0}" - SAVE_PKI="${SAVE_PKI:-0}" CUSTOM_OPTS="${CUSTOM_OPTS:-0}" + export DEPS_DIR="$ROOT_DIR/testdeps" export EASYRSA_CA_EXPIRE="${EASYRSA_CA_EXPIRE:-1}" export EASYRSA_CERT_EXPIRE="${EASYRSA_CERT_EXPIRE:-1}" export OPENSSL_ENABLE="${OPENSSL_ENABLE:-0}" export OPENSSL_BUILD="${OPENSSL_BUILD:-0}" export OPENSSL_VERSION="${OPENSSL_VERSION:-git}" - export OSSL_LIBB="${OSSL_LIBB:-"$TEMP_DIR/openssl-dev/bin/openssl"}" + export OSSL_LIBB="${OSSL_LIBB:-"$DEPS_DIR/openssl-dev/bin/openssl"}" export LIBRESSL_ENABLE="${LIBRESSL_ENABLE:-0}" export LIBRESSL_BUILD="${LIBRESSL_BUILD:-0}" export LIBRESSL_VERSION="${LIBRESSL_VERSION:-2.8.3}" - export LSSL_LIBB="${LSSL_LIBB:-"$TEMP_DIR/libressl/usr/local/bin/openssl"}" + export LSSL_LIBB="${LSSL_LIBB:-"$DEPS_DIR/libressl/usr/local/bin/openssl"}" } # Wrapper around printf - clobber print since it's not POSIX anyway @@ -87,7 +95,7 @@ newline () then print "|| ============================================================================" else - print + [ $((ERSA_OUT)) -ne 1 ] || print fi } @@ -160,17 +168,18 @@ setup () newline 1 vverbose "Setup" - [ -d easyrsa3 ] && cd easyrsa3 - vverbose "Working dir: $(pwd)" + cd "$WORK_DIR" || die "cd $WORK_DIR" + [ $((VVERBOSE)) -eq 1 ] && print "|| :: Working dir: $WORK_DIR" destroy_data STEP_NAME="vars" if [ $((CUSTOM_VARS)) -eq 1 ] then - vverbose "$STEP_NAME" - cp vars.example vars || die "cp vars.example vars" - create_vars >> vars || die "create_vars" + [ -f "$WORK_DIR/vars.example" ] || dir "File missing: $WORK_DIR/vars.example" + cp "$WORK_DIR/vars.example" "$WORK_DIR/vars" || die "cp vars.example vars" + create_vars >> "$WORK_DIR/vars" || die "create_vars" + vcompleted "$STEP_NAME" else vdisabled "$STEP_NAME" fi @@ -181,41 +190,36 @@ setup () # https://github.com/OpenVPN/easy-rsa/pull/278 export CUSTOM_EASYRSA_REQ_ORG2="Custom Option" export LIBRESSL_ENABLE=0 - [ -f ./openssl-easyrsa.cnf ] || die "Cannot find ./openssl-easyrsa.cnf" - cp ./openssl-easyrsa.cnf ./openssl-easyrsa.cnf.orig || die "Cannot copy ./openssl-easyrsa.cnf" - create_custom_opts > ./openssl-easyrsa.cnf_custom || die "Cannot create ./openssl-easyrsa.cnf_custom" - mv -f ./openssl-easyrsa.cnf_custom ./openssl-easyrsa.cnf || die "Cannot move ./openssl-easyrsa.cnf_custom" - vcompeleted "$STEP_NAME" + YACF="$WORK_DIR/openssl-easyrsa.cnf" + [ -f "$YACF" ] || die "File missing: $YACF" + [ -f "$YACF.orig" ] && die "Aborted! Temporary file exists: $YACF.orig" + mv "$YACF" "$YACF.orig" + create_custom_opts > "$YACF" + vcompleted "$STEP_NAME" fi - STEP_NAME="Sample requests" + STAGE_NAME="Sample requests" if [ $((UNSIGNED_PKI)) -eq 1 ] && [ $((SYS_SSL_ENABLE + OPENSSL_ENABLE + LIBRESSL_ENABLE)) -ne 0 ] then - vverbose "$STEP_NAME" verb_off NEW_PKI="pki-req" - create_req || die "$STEP_NAME" - mv "$TEMP_DIR/$NEW_PKI" "$TEMP_DIR/pki-bkp" || die "$STEP_NAME" + create_req || die "$STAGE_NAME create_req" + mv "$TEMP_DIR/$NEW_PKI" "$TEMP_DIR/pki-bkp" || die "$STAGE_NAME mv" verb_on + vcompleted "$STAGE_NAME" else - vdisabled "$STEP_NAME" + vdisabled "$STAGE_NAME" fi } destroy_data () { - if [ $((SAVE_PKI)) -ne 1 ] || [ $((FIRST_RUN)) -eq 1 ] + [ $((SAVE_PKI)) -ne 1 ] && rm -rf "$TEMP_DIR" + rm -f "$WORK_DIR/vars" + if [ -f "$YACF.orig" ] then - rm -f vars - for i in pki-req pki-bkp pki-dssl pki-ossl pki-lssl pki-empty pki-error - do - TARGET="$TEMP_DIR/$i" - rm -rf "$TARGET" - done - [ -d "$TEMP_DIR" ] && rm -rf "$TEMP_DIR" - [ -f ./openssl-easyrsa.cnf.orig ] && mv -f ./openssl-easyrsa.cnf.orig ./openssl-easyrsa.cnf + mv -f "$YACF.orig" "$YACF" fi - FIRST_RUN=0 } secure_key () @@ -249,10 +253,10 @@ create_vars () create_custom_opts () { - head -n 91 ./openssl-easyrsa.cnf + head -n 91 "$YACF.orig" print "1.organizationName = Second Organization Name" print "1.organizationName_default = \$ENV::CUSTOM_EASYRSA_REQ_ORG2" - tail -n +91 ./openssl-easyrsa.cnf + tail -n +91 "$YACF.orig" } create_req () @@ -316,8 +320,11 @@ action () { if [ $((ERSA_OUT)) -eq 1 ] then + newline + # shellcheck disable=SC2086 "$ERSA_BIN" $STEP_NAME || die "$STEP_NAME" else + # shellcheck disable=SC2086 "$ERSA_BIN" $STEP_NAME >/dev/null 2>&1 || die "$STEP_NAME" fi completed "$STEP_NAME" @@ -378,10 +385,13 @@ import_req () *) DIE=1 die "Unknown certificate type $REQ_type" ;; esac + # Note: easyrsa still appears to work in batch mode for this action ? + export EASYRSA_BATCH=0 newline 1 STEP_NAME="import-req $REQ_file $REQ_name" vverbose "$STEP_NAME" action + export EASYRSA_BATCH=1 } sign_req () @@ -541,6 +551,8 @@ create_pki () unset EASYRSA_BATCH unset EASYRSA_PKI + + newline 1 vcompleted "$STAGE_NAME" newline 1 } @@ -561,6 +573,12 @@ create_pki () init + [ -f "$DEPS_DIR/openssl.sh" ] || export OPENSSL_ENABLE=0 + [ $((OPENSSL_ENABLE)) -eq 1 ] && "$DEPS_DIR/openssl.sh" + + [ -f "$DEPS_DIR/libressl.sh" ] || export LIBRESSL_ENABLE=0 + [ $((LIBRESSL_ENABLE)) -eq 1 ] && "$DEPS_DIR/libressl.sh" + setup STAGE_NAME="Default ssl"