From 5f85068558bc9a2849a5001592cc14450f93a137 Mon Sep 17 00:00:00 2001
From: Richard T Bonhomme <tincantech@protonmail.com>
Date: Sun, 1 Jan 2023 22:56:51 +0000
Subject: [PATCH] init-pki(): Introduce second warning before HARD removal

Only if a PKI currently exists, add a second confirmation to promote
the use of 'init-pki soft'.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
---
 easyrsa3/easyrsa | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index a9509fb..eff4b7b 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -1021,6 +1021,16 @@ and initialize a fresh PKI here."
 		# now remove it:
 		case "$reset" in
 		hard)
+
+			# Promote use of soft init
+			confirm "Remove current 'vars' file? " yes "\
+* SECOND WARNING!!!
+
+* This will remove everything in your current PKI directory.
+  To keep your current settings use 'init-pki soft' instead.
+  Using 'init-pki soft' is recommended.
+"
+
 				# # # shellcheck disable=SC2115 # Use "${var:?}" to ensure
 				rm -rf "$EASYRSA_PKI" || \
 					die "init-pki hard reset failed."