From d3502a9d85cf7eaedd287b90334527152795c413 Mon Sep 17 00:00:00 2001
From: Eric F Crist <ecrist@secure-computing.net>
Date: Thu, 7 Dec 2017 19:59:14 -0600
Subject: [PATCH] Remove "local" keyword from variable assignment

Resolves #165

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
---
 ChangeLog        |   4 +-
 easyrsa3/easyrsa | 124 +++++++++++++++++++++++------------------------
 2 files changed, 65 insertions(+), 63 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 9d54d24..6aa963d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,7 +1,9 @@
 Easy-RSA 3 ChangeLog
 
-3.0.4 (TBD)
+3.0.x (TBD)
     * Remove use of egrep (#154)
+    * Integrate with Travis-CI (#165)
+    * Remove "local" from variable assignment (#165)
 
 
 3.0.3 (2017-08-22)
diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index f4dc091..6241573 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -46,9 +46,9 @@ Here is the list of commands available with a short syntax reminder. Use the
 "
 
 	# collect/show dir status:
-	local err_source="Not defined: vars autodetect failed and no value provided"
-	local work_dir="${EASYRSA:-$err_source}"
-	local pki_dir="${EASYRSA_PKI:-$err_source}"
+	err_source="Not defined: vars autodetect failed and no value provided"
+	work_dir="${EASYRSA:-$err_source}"
+	pki_dir="${EASYRSA_PKI:-$err_source}"
 	print "\
 DIRECTORY STATUS (commands would take effect on these locations)
   EASYRSA: $work_dir
@@ -59,7 +59,7 @@ DIRECTORY STATUS (commands would take effect on these locations)
 # Detailed command help
 # When called with no args, calls usage(), otherwise shows help for a command
 cmd_help() {
-	local text opts
+	text opts
 	case "$1" in
 		init-pki|clean-all) text="
   init-pki [ cmd-opts ]
@@ -249,7 +249,7 @@ $1"
 # Returns 0 when input contains yes, 1 for no, 2 for no match
 # If both strings are present, returns 1; first matching line returns.
 awk_yesno() {
-	local awkscript='
+	awkscript='
 BEGIN {IGNORECASE=1; r=2}
 {       if(match($0,"no")) {r=1; exit}
         if(match($0,"yes")) {r=0; exit}
@@ -261,7 +261,7 @@ BEGIN {IGNORECASE=1; r=2}
 # returns without prompting in EASYRSA_BATCH
 confirm() {
 	[ $EASYRSA_BATCH ] && return
-	local prompt="$1" value="$2" msg="$3" input
+	prompt="$1" value="$2" msg="$3" input
 	print "
 $msg
 
@@ -287,7 +287,7 @@ EASYRSA_PKI env-var undefined"
 
 	# Verify EASYRSA_OPENSSL command gives expected output
 	if [ -z "$EASYRSA_SSL_OK" ]; then
-		local val="$("$EASYRSA_OPENSSL" version)"
+		val="$("$EASYRSA_OPENSSL" version)"
 		case "${val%% *}" in
 			OpenSSL|LibreSSL) ;;
 			*) die "\
@@ -317,7 +317,7 @@ Failed creating ecparams dir (permissions?) at:
 $EASYRSA_EC_DIR"
 
 	# Check that the required ecparams file exists
-	local out="$EASYRSA_EC_DIR/${EASYRSA_CURVE}.pem"
+	out="$EASYRSA_EC_DIR/${EASYRSA_CURVE}.pem"
 	[ -f "$out" ] && return 0
 	"$EASYRSA_OPENSSL" ecparam -name "$EASYRSA_CURVE" -out "$out" || die "\
 Failed to generate ecparam file (permissions?) when writing to:
@@ -329,7 +329,7 @@ $out"
 
 # Basic sanity-check of PKI init and complain if missing
 verify_pki_init() {
-	local help_note="Run easyrsa without commands for usage and command help."
+	help_note="Run easyrsa without commands for usage and command help."
 
 	# check that the pki dir exists
 	vars_source_check
@@ -348,7 +348,7 @@ $help_note"
 
 # Verify core CA files present
 verify_ca_init() {
-	local help_note="Run without commands for usage and command help."
+	help_note="Run without commands for usage and command help."
 
 	# First check the PKI has been initialized
 	verify_pki_init
@@ -408,7 +408,7 @@ Your newly created PKI dir is: $EASYRSA_PKI
 
 # build-ca backend:
 build_ca() {
-	local opts= sub_ca=
+	opts= sub_ca=
 	while [ -n "$1" ]; do
 		case "$1" in
 			nopass) opts="$opts -nodes" ;;
@@ -422,8 +422,8 @@ build_ca() {
 	[ "$EASYRSA_ALGO" = "ec" ] && verify_curve
 
 	# setup for the simpler sub-CA situation and overwrite with root-CA if needed:
-	local out_file="$EASYRSA_PKI/reqs/ca.req"
-	local out_key="$EASYRSA_PKI/private/ca.key"
+	out_file="$EASYRSA_PKI/reqs/ca.req"
+	out_key="$EASYRSA_PKI/private/ca.key"
 	if [ ! $sub_ca ]; then
 		out_file="$EASYRSA_PKI/ca.crt"
 		opts="$opts -x509 -days $EASYRSA_CA_EXPIRE"
@@ -445,7 +445,7 @@ Refusing to create a new CA keypair as this operation would overwrite your
 current CA keypair. If you intended to start a new CA, run init-pki first."
 
 	# create necessary files and dirs:
-	local err_file="Unable to create necessary PKI files (permissions?)"
+	err_file="Unable to create necessary PKI files (permissions?)"
 	for i in issued certs_by_serial; do
 		mkdir -p "$EASYRSA_PKI/$i" || die "$err_file"
 	done
@@ -484,7 +484,7 @@ $out_file
 gen_dh() {
 	verify_pki_init
 
-	local out_file="$EASYRSA_PKI/dh.pem"
+	out_file="$EASYRSA_PKI/dh.pem"
 	"$EASYRSA_OPENSSL" dhparam -out "$out_file" $EASYRSA_KEY_SIZE || \
 		die "Failed to build DH params"
 	notice "\
@@ -499,18 +499,18 @@ gen_req() {
 	[ -n "$1" ] || die "\
 Error: gen-req must have a file base as the first argument.
 Run easyrsa without commands for usage and commands."
-	local key_out="$EASYRSA_PKI/private/$1.key"
-	local req_out="$EASYRSA_PKI/reqs/$1.req"
+	key_out="$EASYRSA_PKI/private/$1.key"
+	req_out="$EASYRSA_PKI/reqs/$1.req"
 	[ ! $EASYRSA_BATCH ] && EASYRSA_REQ_CN="$1"
 	shift
 
 	# function opts support
-	local opts=
+	opts=
 	while [ -n "$1" ]; do
 		case "$1" in
 			nopass) opts="$opts -nodes" ;;
 			# batch flag supports internal callers needing silent operation
-			batch) local EASYRSA_BATCH=1 ;;
+			batch) EASYRSA_BATCH=1 ;;
 			*) warn "Ignoring unknown command option: '$1'" ;;
 		esac
 		shift
@@ -530,11 +530,11 @@ Continuing with key generation will replace this key."
 	# When EASYRSA_EXTRA_EXTS is defined, append it to openssl's [req] section:
 	if [ -n "$EASYRSA_EXTRA_EXTS" ]; then
 		# Setup & insert the extra ext data keyed by a magic line
-		local extra_exts="
+		extra_exts="
 req_extensions = req_extra
 [ req_extra ]
 $EASYRSA_EXTRA_EXTS"
-		local awkscript='
+		awkscript='
 {if ( match($0, "^#%EXTRA_EXTS%") )
 	{ while ( getline<"/dev/stdin" ) {print} next }
  {print}
@@ -544,7 +544,7 @@ $EASYRSA_EXTRA_EXTS"
 			> "$EASYRSA_TEMP_FILE" \
 			|| die "Copying SSL config to temp file failed"
 		# Use this new SSL config for the rest of this function
-		local EASYRSA_SSL_CONF="$EASYRSA_TEMP_FILE"
+		EASYRSA_SSL_CONF="$EASYRSA_TEMP_FILE"
 	fi
 
 	key_out_tmp="$(mktemp "$key_out.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_2="$key_out_tmp"
@@ -566,12 +566,12 @@ key: $key_out
 
 # common signing backend
 sign_req() {
-	local crt_type="$1" opts=
-	local req_in="$EASYRSA_PKI/reqs/$2.req"
-	local crt_out="$EASYRSA_PKI/issued/$2.crt"
+	crt_type="$1" opts=
+	req_in="$EASYRSA_PKI/reqs/$2.req"
+	crt_out="$EASYRSA_PKI/issued/$2.crt"
 
 	# Randomize Serial number
-	local i= serial= check_serial=
+	i= serial= check_serial=
 	for i in 1 2 3 4 5; do
 		"$EASYRSA_OPENSSL" rand -hex -out "$EASYRSA_PKI/serial" 16
 		serial="$(cat "$EASYRSA_PKI/serial")"
@@ -583,7 +583,7 @@ sign_req() {
 	done
 
 	# Support batch by internal caller:
-	[ "$3" = "batch" ] && local EASYRSA_BATCH=1
+	[ "$3" = "batch" ] && EASYRSA_BATCH=1
 
 	verify_ca_init
 
@@ -679,14 +679,14 @@ build_full() {
 	[ -n "$2" ] || die "\
 Error: didn't find a file base name as the first argument.
 Run easyrsa without commands for usage and commands."
-	local crt_type="$1" name="$2"
-	local req_out="$EASYRSA_PKI/reqs/$2.req"
-	local key_out="$EASYRSA_PKI/private/$2.key"
-	local crt_out="$EASYRSA_PKI/issued/$2.crt"
+	crt_type="$1" name="$2"
+	req_out="$EASYRSA_PKI/reqs/$2.req"
+	key_out="$EASYRSA_PKI/private/$2.key"
+	crt_out="$EASYRSA_PKI/issued/$2.crt"
 	shift 2
 
 	# function opts support
-	local req_opts=
+	req_opts=
 	while [ -n "$1" ]; do
 		case "$1" in
 			nopass) req_opts="$req_opts nopass" ;;
@@ -696,7 +696,7 @@ Run easyrsa without commands for usage and commands."
 	done
 
 	# abort on existing req/key/crt files
-	local err_exists="\
+	err_exists="\
 file already exists. Aborting build to avoid overwriting this file.
 If you wish to continue, please use a different name or remove the file.
 Matching file found at: "
@@ -721,7 +721,7 @@ revoke() {
 	[ -n "$1" ] || die "\
 Error: didn't find a file base name as the first argument.
 Run easyrsa without commands for usage and command help."
-	local crt_in="$EASYRSA_PKI/issued/$1.crt"
+	crt_in="$EASYRSA_PKI/issued/$1.crt"
 
 	verify_file x509 "$crt_in" || die "\
 Unable to revoke as the input file is not a valid certificate. Unexpected
@@ -755,7 +755,7 @@ infrastructure in order to prevent the revoked cert from being accepted.
 gen_crl() {
 	verify_ca_init
 
-	local out_file="$EASYRSA_PKI/crl.pem"
+	out_file="$EASYRSA_PKI/crl.pem"
 	out_file_tmp="$(mktemp "$out_file.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_2="$out_file_tmp"
 	"$EASYRSA_OPENSSL" ca -utf8 -gencrl -out "$out_file_tmp" -config "$EASYRSA_SSL_CONF" || die "\
 CRL Generation failed.
@@ -774,8 +774,8 @@ import_req() {
 	verify_pki_init
 
 	# pull passed paths
-	local in_req="$1" short_name="$2"
-	local out_req="$EASYRSA_PKI/reqs/$2.req" 
+	in_req="$1" short_name="$2"
+	out_req="$EASYRSA_PKI/reqs/$2.req" 
 
 	[ -n "$short_name" ] || die "\
 Unable to import: incorrect command syntax.
@@ -803,24 +803,24 @@ You may now use this name to perform signing operations on this request.
 
 # export pkcs#12 or pkcs#7
 export_pkcs() {
-	local pkcs_type="$1"
+	pkcs_type="$1"
 	shift
 
 	[ -n "$1" ] || die "\
 Unable to export p12: incorrect command syntax.
 Run easyrsa without commands for usage and command help."
 
-	local short_name="$1"
-	local crt_in="$EASYRSA_PKI/issued/$1.crt"
-	local key_in="$EASYRSA_PKI/private/$1.key"
-	local crt_ca="$EASYRSA_PKI/ca.crt"
+	short_name="$1"
+	crt_in="$EASYRSA_PKI/issued/$1.crt"
+	key_in="$EASYRSA_PKI/private/$1.key"
+	crt_ca="$EASYRSA_PKI/ca.crt"
 	shift
 
 	verify_pki_init
 
 	# opts support
-	local want_ca=1
-	local want_key=1
+	want_ca=1
+	want_key=1
 	while [ -n "$1" ]; do
 		case "$1" in
 			noca) want_ca= ;;
@@ -830,7 +830,7 @@ Run easyrsa without commands for usage and command help."
 		shift
 	done
 
-	local pkcs_opts=
+	pkcs_opts=
 	if [ $want_ca ]; then
 		verify_file x509 "$crt_ca" || die "\
 Unable to include CA cert in the $pkcs_type output (missing file, or use noca option.)
@@ -845,7 +845,7 @@ Missing cert expected at: $crt_in"
 
 	case "$pkcs_type" in
 	p12)
-		local pkcs_out="$EASYRSA_PKI/private/$short_name.p12"
+		pkcs_out="$EASYRSA_PKI/private/$short_name.p12"
 
 		if [ $want_key ]; then
 			[ -f "$key_in" ] || die "\
@@ -862,7 +862,7 @@ Missing key expected at: $key_in"
 Export of p12 failed: see above for related openssl errors."
 	;;
 	p7)
-		local pkcs_out="$EASYRSA_PKI/issued/$short_name.p7b"
+		pkcs_out="$EASYRSA_PKI/issued/$short_name.p7b"
 
 		# export the p7:
 		"$EASYRSA_OPENSSL" crl2pkcs7 -nocrl -certfile "$crt_in" \
@@ -883,18 +883,18 @@ set_pass() {
 	verify_pki_init
 
 	# key type, supplied internally from frontend command call (rsa/ec)
-	local key_type="$1"
+	key_type="$1"
 
 	# values supplied by the user:
-	local raw_file="$2"
-	local file="$EASYRSA_PKI/private/$raw_file.key"
+	raw_file="$2"
+	file="$EASYRSA_PKI/private/$raw_file.key"
 	[ -n "$raw_file" ] || die "\
 Missing argument to 'set-$key_type-pass' command: no name/file supplied.
 See help output for usage details."
 
 	# parse command options
 	shift 2
-	local crypto="-aes256"
+	crypto="-aes256"
 	while [ -n "$1" ]; do
 		case "$1" in
 			nopass)	crypto= ;;
@@ -931,14 +931,14 @@ Failed to perform update-db: see above for related openssl errors."
 
 # display cert DN info on a req/X509, passed by full pathname
 display_dn() {
-	local format="$1" path="$2"
+	format="$1" path="$2"
 	print "$("$EASYRSA_OPENSSL" $format -in "$path" -noout -subject -nameopt multiline)"
 } # => display_dn()
 
 # generate default SAN from req/X509, passed by full pathname
 default_server_san() {
-	local path="$1"
-	local cn=$(
+	path="$1"
+	cn=$(
 		"$EASYRSA_OPENSSL" req -in "$path" -noout -subject -nameopt sep_multiline |
 		awk -F'=' '/^  *CN=/{print $2}'
 		)
@@ -952,7 +952,7 @@ default_server_san() {
 
 # verify a file seems to be a valid req/X509
 verify_file() {
-	local format="$1" path="$2"
+	format="$1" path="$2"
 	"$EASYRSA_OPENSSL" $format -in "$path" -noout 2>/dev/null || return 1
 	return 0
 } # => verify_file()
@@ -960,14 +960,14 @@ verify_file() {
 # show-* command backend
 # Prints req/cert details in a readable format
 show() {
-	local type="$1" name="$2" in_file format
+	type="$1" name="$2" in_file format
 	[ -n "$name" ] || die "\
 Missing expected filename_base argument.
 Run easyrsa without commands for usage help."
 	shift 2
 
 	# opts support
-	local opts="-${type}opt no_pubkey,no_sigdump"
+	opts="-${type}opt no_pubkey,no_sigdump"
 	while [ -n "$1" ]; do
 		case "$1" in
 			full) opts= ;;
@@ -1012,12 +1012,12 @@ OpenSSL failure to process the input"
 vars_setup() {
 	# Try to locate a 'vars' file in order of location preference.
 	# If one is found, source it
-	local vars=
+	vars=
 
 	# set up program path
-	local prog_vars="${0%/*}/vars"
+	prog_vars="${0%/*}/vars"
 	# set up PKI path
-	local pki_vars="${EASYRSA_PKI:-$PWD/pki}/vars"
+	pki_vars="${EASYRSA_PKI:-$PWD/pki}/vars"
 
 	# command-line path:
 	if [ -f "$EASYRSA_VARS_FILE" ]; then
@@ -1096,9 +1096,9 @@ Note: using Easy-RSA configuration from: $vars"
 # the variable when it is already defined (even if currently null)
 # Sets $1 as the value contained in $2 and exports (may be blank)
 set_var() {
-	local var=$1
+	var=$1
 	shift
-	local value="$*"
+	value="$*"
 	eval "export $var=\"\${$var-$value}\""
 } #=> set_var()