Allow ca.key to be a pipe

Non-interactive use of Easy-RSA requires ca.key to be available unencrypted, because the password prompt is interactive. Allow ca.key to be a pipe that could be created eg. with 'mkfifo -m 600' prior to invoking Easy-RSA.
2020-01-04 16:19:39 +02:00 · 2020-01-04 16:19:39 +02:00 · b7dbefcd56
commit b7dbefcd56
parent 7f727b791b
1 changed files with 3 additions and 2 deletions
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@ -474,9 +474,10 @@ verify_ca_init() {
 	# First check the PKI has been initialized
 	verify_pki_init

-	# verify expected files present:
+	# Verify expected files are present. Allow files to be regular files
+	# (or symlinks), but also pipes, for flexibility with ca.key
 	for i in serial index.txt index.txt.attr ca.crt private/ca.key; do
-		if [ ! -f "$EASYRSA_PKI/$i" ]; then
+		if [ ! -f "$EASYRSA_PKI/$i" ] && [ ! -p "$EASYRSA_PKI/$i" ]; then
 			[ "$1" = "test" ] && return 1
 			die "\
 Missing expected CA file: $i (perhaps you need to run build-ca?)