From b7dbefcd56917700a347546f85b060633c4d73b3 Mon Sep 17 00:00:00 2001 From: Jaakko Salo Date: Sat, 4 Jan 2020 16:19:39 +0200 Subject: [PATCH] Allow ca.key to be a pipe Non-interactive use of Easy-RSA requires ca.key to be available unencrypted, because the password prompt is interactive. Allow ca.key to be a pipe that could be created eg. with 'mkfifo -m 600' prior to invoking Easy-RSA. --- easyrsa3/easyrsa | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index 042c5df..c057709 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -474,9 +474,10 @@ verify_ca_init() { # First check the PKI has been initialized verify_pki_init - # verify expected files present: + # Verify expected files are present. Allow files to be regular files + # (or symlinks), but also pipes, for flexibility with ca.key for i in serial index.txt index.txt.attr ca.crt private/ca.key; do - if [ ! -f "$EASYRSA_PKI/$i" ]; then + if [ ! -f "$EASYRSA_PKI/$i" ] && [ ! -p "$EASYRSA_PKI/$i" ]; then [ "$1" = "test" ] && return 1 die "\ Missing expected CA file: $i (perhaps you need to run build-ca?)