nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

vars_setup: Correctly locate x509-types for usage() directory STATUS

Browse Source 
Locate existing x509-types directory, after sourcing vars.
If vars is set incorrectly then this WILL over-ride vars.

Closes: #654

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This commit is contained in:
Richard T Bonhomme 2022-08-29 01:00:19 +01:00
parent 7bf1a262be
commit 47547efefc
No known key found for this signature in database
GPG Key ID: 2D767DB92FB6C246
1 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
easyrsa3/easyrsa
View File

@ -1029,11 +1029,18 @@ find_x509_types_dir() {
return return
fi fi
# if PKI/x509-types exists then it wins, except for command line
if [ -d "$PWD/pki/$x509_types_dir" ]; then
# use set_var to preserve command line
set_var EASYRSA_EXT_DIR "$PWD/pki/$x509_types_dir"
return
fi
# Find x509-types dir, in specific order # Find x509-types dir, in specific order
for area in \ for area in \
"$PWD" \
'/usr/local/share/easy-rsa' \ '/usr/local/share/easy-rsa' \
'/usr/share/easy-rsa' \ '/usr/share/easy-rsa' \
"$PWD" \
"${0%/*}" \ "${0%/*}" \
'/etc/easy-rsa' \ '/etc/easy-rsa' \
# EOL - # Add more distros here # EOL - # Add more distros here
@ -1046,7 +1053,7 @@ find_x509_types_dir() {
done done
# EASYRSA_EXT_DIR must be defined # EASYRSA_EXT_DIR must be defined
[ "${EASYRSA_EXT_DIR}" ] || return [ -d "${EASYRSA_EXT_DIR}" ] || return
} # => find_x509_types_dir() } # => find_x509_types_dir()
# Copy data-files from various sources # Copy data-files from various sources
@ -3883,8 +3890,7 @@ Priority should be given to your PKI vars file:
# If $EASYRSA_NO_VARS is defined (not blank) then do not use vars. # If $EASYRSA_NO_VARS is defined (not blank) then do not use vars.
# If $no_pki_required then located vars files are not required. # If $no_pki_required then located vars files are not required.
if [ "$EASYRSA_NO_VARS" ] || [ "$no_pki_required" ]; then if [ "$EASYRSA_NO_VARS" ] || [ "$no_pki_required" ]; then
# Find x509-types but do not fail - Not fatal here : # ok
find_x509_types_dir || :
# If a vars file was located then source it # If a vars file was located then source it
else else
@ -3893,6 +3899,7 @@ Priority should be given to your PKI vars file:
if [ -z "$vars" ]; then if [ -z "$vars" ]; then
information "No Easy-RSA configuration file exists!" information "No Easy-RSA configuration file exists!"
no_new_vars=1 no_new_vars=1
else else
# 'vars' now MUST exist # 'vars' now MUST exist
[ -e "$vars" ] || die "Missing vars file, expected: $vars" [ -e "$vars" ] || die "Missing vars file, expected: $vars"
@ -3961,6 +3968,9 @@ Sourcing the vars file and building certificates will probably fail ..'
set_var EASYRSA_KDC_REALM "CHANGEME.EXAMPLE.COM" set_var EASYRSA_KDC_REALM "CHANGEME.EXAMPLE.COM"
# Find x509-types but do not fail - Not fatal here
find_x509_types_dir || :
# For commands which 'require a PKI' and the PKI exists # For commands which 'require a PKI' and the PKI exists
if [ "$pki_is_required" ] && [ -d "$EASYRSA_PKI" ]; then if [ "$pki_is_required" ] && [ -d "$EASYRSA_PKI" ]; then