From 7be58ded91dca8936fe78bedc1e442ffbd0f9b6d Mon Sep 17 00:00:00 2001
From: Richard T Bonhomme <tincantech@protonmail.com>
Date: Thu, 13 Apr 2023 23:22:13 +0100
Subject: [PATCH] vars: WARN use of 'export' and 'unset' in vars file

Use 'set_var' (Supported) or 'force_set_var' (User discretion)

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
---
 easyrsa3/easyrsa | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index d1b0368..e65ee68 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -5021,8 +5021,8 @@ Using Easy-RSA configuration:
 			# Sanitize vars
 			if grep -q \
 				-e 'EASYRSA_PASSIN' -e 'EASYRSA_PASSOUT' \
-				-e '^[^#]*export *_*[[:alpha:]]*[[:alnum:]]*.*$' \
-				-e '[^(]`[^)]' "$vars"
+				-e '[^(]`[^)]' \
+				"$vars"
 			then
 				die "\
 One or more of these problems has been found in your 'vars' file:
@@ -5030,15 +5030,27 @@ One or more of these problems has been found in your 'vars' file:
 * Use of 'EASYRSA_PASSIN' or 'EASYRSA_PASSOUT':
   Storing password information in the 'vars' file is not permitted.
 
-* Use of 'export':
-  Remove 'export' or replace it with 'set_var'.
-
 * Use of unsupported characters:
   These characters are not supported: \` backtick
 
 Please, correct these errors and try again."
 			fi
 
+			if grep -q \
+				-e '[[:blank:]]export[[:blank:]]' \
+				-e '[[:blank:]]unset[[:blank:]]' \
+				"$vars"
+			then
+				warn "\
+One or more of these problems has been found in your 'vars' file:
+
+* Use of 'export':
+  Remove 'export' or replace it with 'set_var'.
+
+* Use of 'unset':
+  Remove 'unset' ('force_set_var' may also work)."
+			fi
+
 			# Enable sourcing 'vars'
 			# shellcheck disable=SC2034 # appears unused
 			EASYRSA_CALLER=1