nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove unused function vars_setup()

Browse Source 
Replaced by: select_vars(), source_vars() and default_vars().

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This commit is contained in:
Richard T Bonhomme 2023-09-24 22:15:45 +01:00
parent f05adaf9d7
commit 79571583e5
No known key found for this signature in database
GPG Key ID: 2D767DB92FB6C246
1 changed files with 0 additions and 295 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

295
easyrsa3/easyrsa
View File

@ -5844,301 +5844,6 @@ change these values:
${unexpected_error}"
} # => validate_default_vars()
# vars setup
# Here sourcing of 'vars' if present occurs.
# If not present, defaults are used to support
# running without a sourced config format
vars_setup() {
die "vars_setup: DISABLED"
# Try to locate a 'vars' file in order of preference.
# If one is found then source it.
# NOTE: EASYRSA_PKI is never set here,
# unless cmd-line --pki-dir=<DIR> is set.
# NOTE: EASYRSA is never set here,
# unless done so outside of easyrsa.
vars=
# Find vars
# User set vars '$user_vars_true' takes priority
# Deliberate NO vars
if [ "$EASYRSA_NO_VARS" ]; then
user_vars_true=1
# Found exactly zero vars files
found_vars=0
# Priority: Explicit user defined vars file:
elif [ "$EASYRSA_VARS_FILE" ]; then
if [ -e "$EASYRSA_VARS_FILE" ]; then
vars="$EASYRSA_VARS_FILE"
# User set vars turns off pki/var warning
user_vars_true=1
# Found exactly one vars file
found_vars=1
else
# If the --vars option does not point to a file
user_error "\
The 'vars' file was not found:
* $EASYRSA_VARS_FILE"
fi
# Secondary: Setting EASYRSA forces vars to EASYRSA/vars
elif [ "$EASYRSA" ]; then
if [ -e "$EASYRSA/vars" ]; then
vars="${EASYRSA}/vars"
user_vars_true=1
found_vars=1
else
# Allow to run without EASYRSA/vars file
user_vars_true=1
found_vars=0
fi
# Otherwise, find vars
else
# If EASYRSA_PKI is set then it is user set,
# allow use of the default vars in the set PKI
if [ "$EASYRSA_PKI" ]; then
# EASYRSA_PKI will not be changed by vars
pki_vars="${EASYRSA_PKI}/vars"
else
# default pki/vars
# if this conflicts then bail
pki_vars="${PWD}/pki/vars"
# Setup "catch EXPECTED PKI changed"
# auto-load 'pki/vars' is FORBIDDEN to change PKI
expected_pki="${PWD}/pki"
fi
# vars of last resort; The Default
pwd_vars="$PWD/vars"
# Clear flags - This is the preferred order to find:
unset -v \
e_pki_vars e_pwd_vars \
found_vars vars_in_pki
# PKI location, if present:
[ -e "$pki_vars" ] && e_pki_vars=1
# vars of last resort
[ -e "$pwd_vars" ] && e_pwd_vars=1
# Allow only one vars to be found, No exceptions!
found_vars="$((
e_pki_vars + e_pwd_vars
))"
verbose "vars_setup: found_vars = '$found_vars'"
# If found_vars greater than 1
# then output user info and exit
case "$found_vars" in
0)
: # ok
;;
1)
# If a SINGLE vars file is found
# then assign $vars
[ "$e_pwd_vars" ] && vars="$pwd_vars"
if [ "$e_pki_vars" ]; then
vars="$pki_vars"
vars_in_pki=1
else
unset -v vars_in_pki
fi
;;
*)
found_msg=""
[ "$e_pki_vars" ] && \
found_msg="${found_msg}${NL} * Found pki_vars : $pki_vars"
[ "$e_pwd_vars" ] && \
found_msg="${found_msg}${NL} * Found pwd_vars : $pwd_vars"
# If command is not 'help' etc then Error out
[ "$ignore_vars" ] || user_error "\
Conflicting 'vars' files found:
$found_msg
Use option --vars=<FILE> to define the vars file
or remove the conflicting vars files.
Easy-RSA recommends moving your vars file to your PKI and using
option --pki=<DIR>, which will auto-select the correct vars file."
verbose "vars_setup: Conflicting vars IGNORED"
esac
verbose "vars_setup: vars = '$vars'"
# Clean up
unset -v pwd_vars pki_vars
# END: Find vars
fi
# If EASYRSA_NO_VARS is defined then do not use vars
# If PKI is not required then located vars files are
# not required
if [ "$EASYRSA_NO_VARS" ]; then
verbose "vars_setup: EASYRSA_NO_VARS enabled"
# $vars remains undefined .. no vars found
# 'install_data_to_pki vars-setup' will NOT
# create a default PKI/vars, no_new_vars
elif [ -z "$vars" ]; then
# If PKI is required then warn
# For init-pki, version and help, skip this
if [ "$require_pki" ]; then
information "\
No Easy-RSA 'vars' configuration file exists!"
fi
# If a vars file was located then source it
else
# 'vars' MUST not be a directory
[ -d "$vars" ] && user_error "\
Missing vars file:
* $vars"
# 'vars' now MUST exist
[ -e "$vars" ] || user_error "\
Missing vars file:
* $vars"
# Installation information
[ "$require_pki" ] && information "\
Using Easy-RSA 'vars' configuration:
* $vars"
# Sanitize vars
if grep -q \
-e 'EASYRSA_PASSIN' -e 'EASYRSA_PASSOUT' \
-e '[^(]`[^)]' \
"$vars"
then
user_error "\
One or more of these problems has been found in your 'vars' file:
* Use of 'EASYRSA_PASSIN' or 'EASYRSA_PASSOUT':
Storing password information in the 'vars' file is not permitted.
* Use of unsupported characters:
These characters are not supported: \` backtick
Please, correct these errors and try again."
fi
# Sanitize vars
if grep -q \
-e '[[:blank:]]export[[:blank:]]*' \
-e '[[:blank:]]unset[[:blank:]]*' \
"$vars"
then
user_error "\
One or more of these problems has been found in your 'vars' file:
* Use of 'export':
Remove 'export' or replace it with 'set_var'.
* Use of 'unset':
Remove 'unset' ('force_set_var' may also work)."
fi
# Enable sourcing 'vars'
# shellcheck disable=SC2034 # appears unused
EASYRSA_CALLER=1
easyrsa_path="$PATH"
# shellcheck disable=SC2123 # PATH is the shell ..
PATH=./
# Test sourcing 'vars' in a subshell
# shellcheck disable=1090 # can't follow .. vars
( . "$vars" ) || \
die "Failed to dry-run the vars file."
# Source 'vars' now
# shellcheck disable=1090 # can't follow .. vars
. "$vars" || \
die "Failed to source the vars file."
PATH="$easyrsa_path"
unset -v EASYRSA_CALLER easyrsa_path
verbose "vars_setup: sourced 'vars' OK"
fi
# Set defaults, preferring existing env-vars if present
set_var EASYRSA "$PWD"
set_var EASYRSA_OPENSSL openssl
set_var EASYRSA_PKI "$EASYRSA/pki"
set_var EASYRSA_DN cn_only
set_var EASYRSA_REQ_COUNTRY "US"
set_var EASYRSA_REQ_PROVINCE "California"
set_var EASYRSA_REQ_CITY "San Francisco"
set_var EASYRSA_REQ_ORG "Copyleft Certificate Co"
set_var EASYRSA_REQ_EMAIL me@example.net
set_var EASYRSA_REQ_OU "My Organizational Unit"
set_var EASYRSA_REQ_SERIAL ""
set_var EASYRSA_ALGO rsa
set_var EASYRSA_KEY_SIZE 2048
case "$EASYRSA_ALGO" in
rsa)
: # ok
# default EASYRSA_KEY_SIZE must always be set
# it must NOT be set selectively because it is
# present in the SSL config file
;;
ec)
set_var EASYRSA_CURVE secp384r1
;;
ed)
set_var EASYRSA_CURVE ed25519
;;
*) user_error "\
Algorithm '$EASYRSA_ALGO' is invalid: Must be 'rsa', 'ec' or 'ed'"
esac
set_var EASYRSA_CA_EXPIRE 3650
set_var EASYRSA_CERT_EXPIRE 825
set_var \
EASYRSA_PRE_EXPIRY_WINDOW 90
set_var EASYRSA_CRL_DAYS 180
set_var EASYRSA_NS_SUPPORT no
set_var EASYRSA_NS_COMMENT \
"Easy-RSA (~VER~) Generated Certificate"
set_var EASYRSA_TEMP_DIR "$EASYRSA_PKI"
set_var EASYRSA_REQ_CN ChangeMe
set_var EASYRSA_DIGEST sha256
set_var EASYRSA_SSL_CONF \
"$EASYRSA_PKI/openssl-easyrsa.cnf"
set_var EASYRSA_SAFE_CONF \
"$EASYRSA_PKI/safessl-easyrsa.cnf"
set_var EASYRSA_KDC_REALM "CHANGEME.EXAMPLE.COM"
set_var EASYRSA_MAX_TEMP 4
# Catch unexpected PKI change
if [ "$expected_pki" ]; then
[ "$expected_pki" = "$EASYRSA_PKI" ] || \
user_error "\
The PKI was unexpectedly changed by the vars file.
* vars : $vars
* Expected: $expected_pki
* Set : $EASYRSA_PKI"
fi
# if the vars file in use is not in the PKI
# and not user defined then Show the messages
if [ "$require_pki" ]; then
prefer_vars_in_pki_msg
fi
verbose "vars_setup: COMPLETED"
} # => vars_setup()
# Verify working environment
verify_working_env() {
# Do not allow demented paths, eg: '/' or '\'