From 393a510cf45aada58aa32feb4d014091f9c326b5 Mon Sep 17 00:00:00 2001
From: Richard T Bonhomme <tincantech@protonmail.com>
Date: Mon, 4 Apr 2022 00:52:38 +0100
Subject: [PATCH] shellcheck recommendations (Ongoing)

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
---
 easyrsa3/easyrsa | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index ecfa603..edbd7af 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -722,6 +722,7 @@ install_data_to_pki () {
 	#[ -e "${EASYRSA_PKI}/${x509_types_dir}" ] || return
 
 	# EASYRSA_EXT_DIR must be found! No exceptions!
+	# The shellcheck warning 2015 is valid, however, this code works correctly.
 	[ -n "$EASYRSA_EXT_DIR" ] && [ -e "$EASYRSA_EXT_DIR" ] || \
 		die "x509-types folder cannot be found"
 
@@ -771,7 +772,7 @@ build_ca() {
 	# setup for the simpler intermediate CA situation and overwrite with root-CA if needed:
 	out_file="$EASYRSA_PKI/reqs/ca.req"
 	out_key="$EASYRSA_PKI/private/ca.key"
-	if [ ! $sub_ca ]; then
+	if [ -z "$sub_ca" ]; then
 		out_file="$EASYRSA_PKI/ca.crt"
 		opts="$opts -x509 -days $EASYRSA_CA_EXPIRE "
 	fi
@@ -810,7 +811,10 @@ current CA keypair. If you intended to start a new CA, run init-pki first."
 	out_key_tmp="$(easyrsa_mktemp)" || die "Failed to create temporary file"
 	out_file_tmp="$(easyrsa_mktemp)" || die "Failed to create temporary file"
 	# Get password from user if necessary
-	if [ ! $nopass ] && ( [ -z "$EASYRSA_PASSOUT" ] || [ -z "$EASYRSA_PASSIN" ] ); then
+	if [ -z "$nopass" ] && {
+		[ -z "$EASYRSA_PASSOUT" ] || [ -z "$EASYRSA_PASSIN" ]
+		}
+	then
 		out_key_pass_tmp="$(easyrsa_mktemp)" || die "Failed to create temporary file"
 		echo
 		printf "Enter New CA Key Passphrase: "
@@ -836,7 +840,7 @@ current CA keypair. If you intended to start a new CA, run init-pki first."
 		# If encrypted then create the CA key using AES256 cipher ($crypto)
 		# 'genpkey' requires '-pass'
 		crypto_opts=""
-		if [ ! $nopass ]; then
+		if [ -z "$nopass" ]; then
 			crypto_opts="$crypto"
 			if [ -z "$EASYRSA_PASSOUT" ]; then
 				crypto_opts="$crypto_opts -pass file:$out_key_pass_tmp"
@@ -878,7 +882,7 @@ current CA keypair. If you intended to start a new CA, run init-pki first."
 		# Private key encryption password or use no_password
 		# 'req' requires '-passin'
 		crypto_opts=""
-		if [ ! $nopass ] && [ -z "$EASYRSA_PASSIN" ]; then
+		if [ -z "$nopass" ] && [ -z "$EASYRSA_PASSIN" ]; then
 			crypto_opts="-passin file:$out_key_pass_tmp"
 		else
 			crypto_opts="$no_password"
@@ -897,7 +901,7 @@ current CA keypair. If you intended to start a new CA, run init-pki first."
 	1|2)
 		# If encrypted then create the CA key using AES256 cipher ($crypto)
 		crypto_opts=""
-		if [ ! $nopass ]; then
+		if [ -z "$nopass" ]; then
 			crypto_opts="$crypto"
 			if [ -z "$EASYRSA_PASSOUT" ]; then
 				if [ "ed" = "$EASYRSA_ALGO" ]; then
@@ -938,7 +942,7 @@ current CA keypair. If you intended to start a new CA, run init-pki first."
 
 		# create the CA keypair:
 		crypto_opts=""
-		if [ ! $nopass ] && [ -z "$EASYRSA_PASSIN" ]; then
+		if [ -z "$nopass" ] && [ -z "$EASYRSA_PASSIN" ]; then
 			crypto_opts="-passin file:$out_key_pass_tmp"
 		else
 			crypto_opts="$no_password"
@@ -961,7 +965,7 @@ current CA keypair. If you intended to start a new CA, run init-pki first."
 	[ -f "$out_key_pass_tmp" ] && rm "$out_key_pass_tmp"
 
 	# Success messages
-	if [ $sub_ca ]; then
+	if [ -n "$sub_ca" ]; then
 		notice "\
 NOTE: Your intermediate CA request is at $out_file
 and now must be sent to your parent CA for signing. Place your resulting cert