nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove "local" keyword from variable assignment

Browse Source 
Resolves #165

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
This commit is contained in:
Eric F Crist 2017-12-07 19:59:14 -06:00
parent 288a0e248d
commit d3502a9d85
2 changed files with 65 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -1,7 +1,9 @@
Easy-RSA 3 ChangeLog Easy-RSA 3 ChangeLog
3.0.4 (TBD) 3.0.x (TBD)
* Remove use of egrep (#154) * Remove use of egrep (#154)
* Integrate with Travis-CI (#165)
* Remove "local" from variable assignment (#165)
3.0.3 (2017-08-22) 3.0.3 (2017-08-22)

124
easyrsa3/easyrsa
View File

@ -46,9 +46,9 @@ Here is the list of commands available with a short syntax reminder. Use the
" "
# collect/show dir status: # collect/show dir status:
local err_source="Not defined: vars autodetect failed and no value provided" err_source="Not defined: vars autodetect failed and no value provided"
local work_dir="${EASYRSA:-$err_source}" work_dir="${EASYRSA:-$err_source}"
local pki_dir="${EASYRSA_PKI:-$err_source}" pki_dir="${EASYRSA_PKI:-$err_source}"
print "\ print "\
DIRECTORY STATUS (commands would take effect on these locations) DIRECTORY STATUS (commands would take effect on these locations)
EASYRSA: $work_dir EASYRSA: $work_dir
@ -59,7 +59,7 @@ DIRECTORY STATUS (commands would take effect on these locations)
# Detailed command help # Detailed command help
# When called with no args, calls usage(), otherwise shows help for a command # When called with no args, calls usage(), otherwise shows help for a command
cmd_help() { cmd_help() {
local text opts text opts
case "$1" in case "$1" in
init-pki|clean-all) text=" init-pki|clean-all) text="
init-pki [ cmd-opts ] init-pki [ cmd-opts ]
@ -249,7 +249,7 @@ $1"
# Returns 0 when input contains yes, 1 for no, 2 for no match # Returns 0 when input contains yes, 1 for no, 2 for no match
# If both strings are present, returns 1; first matching line returns. # If both strings are present, returns 1; first matching line returns.
awk_yesno() { awk_yesno() {
local awkscript=' awkscript='
BEGIN {IGNORECASE=1; r=2} BEGIN {IGNORECASE=1; r=2}
{ if(match($0,"no")) {r=1; exit} { if(match($0,"no")) {r=1; exit}
if(match($0,"yes")) {r=0; exit} if(match($0,"yes")) {r=0; exit}
@ -261,7 +261,7 @@ BEGIN {IGNORECASE=1; r=2}
# returns without prompting in EASYRSA_BATCH # returns without prompting in EASYRSA_BATCH
confirm() { confirm() {
[ $EASYRSA_BATCH ] && return [ $EASYRSA_BATCH ] && return
local prompt="$1" value="$2" msg="$3" input prompt="$1" value="$2" msg="$3" input
print " print "
$msg $msg
@ -287,7 +287,7 @@ EASYRSA_PKI env-var undefined"
# Verify EASYRSA_OPENSSL command gives expected output # Verify EASYRSA_OPENSSL command gives expected output
if [ -z "$EASYRSA_SSL_OK" ]; then if [ -z "$EASYRSA_SSL_OK" ]; then
local val="$("$EASYRSA_OPENSSL" version)" val="$("$EASYRSA_OPENSSL" version)"
case "${val%% *}" in case "${val%% *}" in
OpenSSL|LibreSSL) ;; OpenSSL|LibreSSL) ;;
*) die "\ *) die "\
@ -317,7 +317,7 @@ Failed creating ecparams dir (permissions?) at:
$EASYRSA_EC_DIR" $EASYRSA_EC_DIR"
# Check that the required ecparams file exists # Check that the required ecparams file exists
local out="$EASYRSA_EC_DIR/${EASYRSA_CURVE}.pem" out="$EASYRSA_EC_DIR/${EASYRSA_CURVE}.pem"
[ -f "$out" ] && return 0 [ -f "$out" ] && return 0
"$EASYRSA_OPENSSL" ecparam -name "$EASYRSA_CURVE" -out "$out" || die "\ "$EASYRSA_OPENSSL" ecparam -name "$EASYRSA_CURVE" -out "$out" || die "\
Failed to generate ecparam file (permissions?) when writing to: Failed to generate ecparam file (permissions?) when writing to:
@ -329,7 +329,7 @@ $out"
# Basic sanity-check of PKI init and complain if missing # Basic sanity-check of PKI init and complain if missing
verify_pki_init() { verify_pki_init() {
local help_note="Run easyrsa without commands for usage and command help." help_note="Run easyrsa without commands for usage and command help."
# check that the pki dir exists # check that the pki dir exists
vars_source_check vars_source_check
@ -348,7 +348,7 @@ $help_note"
# Verify core CA files present # Verify core CA files present
verify_ca_init() { verify_ca_init() {
local help_note="Run without commands for usage and command help." help_note="Run without commands for usage and command help."
# First check the PKI has been initialized # First check the PKI has been initialized
verify_pki_init verify_pki_init
@ -408,7 +408,7 @@ Your newly created PKI dir is: $EASYRSA_PKI
# build-ca backend: # build-ca backend:
build_ca() { build_ca() {
local opts= sub_ca= opts= sub_ca=
while [ -n "$1" ]; do while [ -n "$1" ]; do
case "$1" in case "$1" in
nopass) opts="$opts -nodes" ;; nopass) opts="$opts -nodes" ;;
@ -422,8 +422,8 @@ build_ca() {
[ "$EASYRSA_ALGO" = "ec" ] && verify_curve [ "$EASYRSA_ALGO" = "ec" ] && verify_curve
# setup for the simpler sub-CA situation and overwrite with root-CA if needed: # setup for the simpler sub-CA situation and overwrite with root-CA if needed:
local out_file="$EASYRSA_PKI/reqs/ca.req" out_file="$EASYRSA_PKI/reqs/ca.req"
local out_key="$EASYRSA_PKI/private/ca.key" out_key="$EASYRSA_PKI/private/ca.key"
if [ ! $sub_ca ]; then if [ ! $sub_ca ]; then
out_file="$EASYRSA_PKI/ca.crt" out_file="$EASYRSA_PKI/ca.crt"
opts="$opts -x509 -days $EASYRSA_CA_EXPIRE" opts="$opts -x509 -days $EASYRSA_CA_EXPIRE"
@ -445,7 +445,7 @@ Refusing to create a new CA keypair as this operation would overwrite your
current CA keypair. If you intended to start a new CA, run init-pki first." current CA keypair. If you intended to start a new CA, run init-pki first."
# create necessary files and dirs: # create necessary files and dirs:
local err_file="Unable to create necessary PKI files (permissions?)" err_file="Unable to create necessary PKI files (permissions?)"
for i in issued certs_by_serial; do for i in issued certs_by_serial; do
mkdir -p "$EASYRSA_PKI/$i" || die "$err_file" mkdir -p "$EASYRSA_PKI/$i" || die "$err_file"
done done
@ -484,7 +484,7 @@ $out_file
gen_dh() { gen_dh() {
verify_pki_init verify_pki_init
local out_file="$EASYRSA_PKI/dh.pem" out_file="$EASYRSA_PKI/dh.pem"
"$EASYRSA_OPENSSL" dhparam -out "$out_file" $EASYRSA_KEY_SIZE || \ "$EASYRSA_OPENSSL" dhparam -out "$out_file" $EASYRSA_KEY_SIZE || \
die "Failed to build DH params" die "Failed to build DH params"
notice "\ notice "\
@ -499,18 +499,18 @@ gen_req() {
[ -n "$1" ] || die "\ [ -n "$1" ] || die "\
Error: gen-req must have a file base as the first argument. Error: gen-req must have a file base as the first argument.
Run easyrsa without commands for usage and commands." Run easyrsa without commands for usage and commands."
local key_out="$EASYRSA_PKI/private/$1.key" key_out="$EASYRSA_PKI/private/$1.key"
local req_out="$EASYRSA_PKI/reqs/$1.req" req_out="$EASYRSA_PKI/reqs/$1.req"
[ ! $EASYRSA_BATCH ] && EASYRSA_REQ_CN="$1" [ ! $EASYRSA_BATCH ] && EASYRSA_REQ_CN="$1"
shift shift
# function opts support # function opts support
local opts= opts=
while [ -n "$1" ]; do while [ -n "$1" ]; do
case "$1" in case "$1" in
nopass) opts="$opts -nodes" ;; nopass) opts="$opts -nodes" ;;
# batch flag supports internal callers needing silent operation # batch flag supports internal callers needing silent operation
batch) local EASYRSA_BATCH=1 ;; batch) EASYRSA_BATCH=1 ;;
*) warn "Ignoring unknown command option: '$1'" ;; *) warn "Ignoring unknown command option: '$1'" ;;
esac esac
shift shift
@ -530,11 +530,11 @@ Continuing with key generation will replace this key."
# When EASYRSA_EXTRA_EXTS is defined, append it to openssl's [req] section: # When EASYRSA_EXTRA_EXTS is defined, append it to openssl's [req] section:
if [ -n "$EASYRSA_EXTRA_EXTS" ]; then if [ -n "$EASYRSA_EXTRA_EXTS" ]; then
# Setup & insert the extra ext data keyed by a magic line # Setup & insert the extra ext data keyed by a magic line
local extra_exts=" extra_exts="
req_extensions = req_extra req_extensions = req_extra
[ req_extra ] [ req_extra ]
$EASYRSA_EXTRA_EXTS" $EASYRSA_EXTRA_EXTS"
local awkscript=' awkscript='
{if ( match($0, "^#%EXTRA_EXTS%") ) {if ( match($0, "^#%EXTRA_EXTS%") )
{ while ( getline<"/dev/stdin" ) {print} next } { while ( getline<"/dev/stdin" ) {print} next }
{print} {print}
@ -544,7 +544,7 @@ $EASYRSA_EXTRA_EXTS"
> "$EASYRSA_TEMP_FILE" \ > "$EASYRSA_TEMP_FILE" \
|| die "Copying SSL config to temp file failed" || die "Copying SSL config to temp file failed"
# Use this new SSL config for the rest of this function # Use this new SSL config for the rest of this function
local EASYRSA_SSL_CONF="$EASYRSA_TEMP_FILE" EASYRSA_SSL_CONF="$EASYRSA_TEMP_FILE"
fi fi
key_out_tmp="$(mktemp "$key_out.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_2="$key_out_tmp" key_out_tmp="$(mktemp "$key_out.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_2="$key_out_tmp"
@ -566,12 +566,12 @@ key: $key_out
# common signing backend # common signing backend
sign_req() { sign_req() {
local crt_type="$1" opts= crt_type="$1" opts=
local req_in="$EASYRSA_PKI/reqs/$2.req" req_in="$EASYRSA_PKI/reqs/$2.req"
local crt_out="$EASYRSA_PKI/issued/$2.crt" crt_out="$EASYRSA_PKI/issued/$2.crt"
# Randomize Serial number # Randomize Serial number
local i= serial= check_serial= i= serial= check_serial=
for i in 1 2 3 4 5; do for i in 1 2 3 4 5; do
"$EASYRSA_OPENSSL" rand -hex -out "$EASYRSA_PKI/serial" 16 "$EASYRSA_OPENSSL" rand -hex -out "$EASYRSA_PKI/serial" 16
serial="$(cat "$EASYRSA_PKI/serial")" serial="$(cat "$EASYRSA_PKI/serial")"
@ -583,7 +583,7 @@ sign_req() {
done done
# Support batch by internal caller: # Support batch by internal caller:
[ "$3" = "batch" ] && local EASYRSA_BATCH=1 [ "$3" = "batch" ] && EASYRSA_BATCH=1
verify_ca_init verify_ca_init
@ -679,14 +679,14 @@ build_full() {
[ -n "$2" ] || die "\ [ -n "$2" ] || die "\
Error: didn't find a file base name as the first argument. Error: didn't find a file base name as the first argument.
Run easyrsa without commands for usage and commands." Run easyrsa without commands for usage and commands."
local crt_type="$1" name="$2" crt_type="$1" name="$2"
local req_out="$EASYRSA_PKI/reqs/$2.req" req_out="$EASYRSA_PKI/reqs/$2.req"
local key_out="$EASYRSA_PKI/private/$2.key" key_out="$EASYRSA_PKI/private/$2.key"
local crt_out="$EASYRSA_PKI/issued/$2.crt" crt_out="$EASYRSA_PKI/issued/$2.crt"
shift 2 shift 2
# function opts support # function opts support
local req_opts= req_opts=
while [ -n "$1" ]; do while [ -n "$1" ]; do
case "$1" in case "$1" in
nopass) req_opts="$req_opts nopass" ;; nopass) req_opts="$req_opts nopass" ;;
@ -696,7 +696,7 @@ Run easyrsa without commands for usage and commands."
done done
# abort on existing req/key/crt files # abort on existing req/key/crt files
local err_exists="\ err_exists="\
file already exists. Aborting build to avoid overwriting this file. file already exists. Aborting build to avoid overwriting this file.
If you wish to continue, please use a different name or remove the file. If you wish to continue, please use a different name or remove the file.
Matching file found at: " Matching file found at: "
@ -721,7 +721,7 @@ revoke() {
[ -n "$1" ] || die "\ [ -n "$1" ] || die "\
Error: didn't find a file base name as the first argument. Error: didn't find a file base name as the first argument.
Run easyrsa without commands for usage and command help." Run easyrsa without commands for usage and command help."
local crt_in="$EASYRSA_PKI/issued/$1.crt" crt_in="$EASYRSA_PKI/issued/$1.crt"
verify_file x509 "$crt_in" || die "\ verify_file x509 "$crt_in" || die "\
Unable to revoke as the input file is not a valid certificate. Unexpected Unable to revoke as the input file is not a valid certificate. Unexpected
@ -755,7 +755,7 @@ infrastructure in order to prevent the revoked cert from being accepted.
gen_crl() { gen_crl() {
verify_ca_init verify_ca_init
local out_file="$EASYRSA_PKI/crl.pem" out_file="$EASYRSA_PKI/crl.pem"
out_file_tmp="$(mktemp "$out_file.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_2="$out_file_tmp" out_file_tmp="$(mktemp "$out_file.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_2="$out_file_tmp"
"$EASYRSA_OPENSSL" ca -utf8 -gencrl -out "$out_file_tmp" -config "$EASYRSA_SSL_CONF" || die "\ "$EASYRSA_OPENSSL" ca -utf8 -gencrl -out "$out_file_tmp" -config "$EASYRSA_SSL_CONF" || die "\
CRL Generation failed. CRL Generation failed.
@ -774,8 +774,8 @@ import_req() {
verify_pki_init verify_pki_init
# pull passed paths # pull passed paths
local in_req="$1" short_name="$2" in_req="$1" short_name="$2"
local out_req="$EASYRSA_PKI/reqs/$2.req" out_req="$EASYRSA_PKI/reqs/$2.req"
[ -n "$short_name" ] || die "\ [ -n "$short_name" ] || die "\
Unable to import: incorrect command syntax. Unable to import: incorrect command syntax.
@ -803,24 +803,24 @@ You may now use this name to perform signing operations on this request.
# export pkcs#12 or pkcs#7 # export pkcs#12 or pkcs#7
export_pkcs() { export_pkcs() {
local pkcs_type="$1" pkcs_type="$1"
shift shift
[ -n "$1" ] || die "\ [ -n "$1" ] || die "\
Unable to export p12: incorrect command syntax. Unable to export p12: incorrect command syntax.
Run easyrsa without commands for usage and command help." Run easyrsa without commands for usage and command help."
local short_name="$1" short_name="$1"
local crt_in="$EASYRSA_PKI/issued/$1.crt" crt_in="$EASYRSA_PKI/issued/$1.crt"
local key_in="$EASYRSA_PKI/private/$1.key" key_in="$EASYRSA_PKI/private/$1.key"
local crt_ca="$EASYRSA_PKI/ca.crt" crt_ca="$EASYRSA_PKI/ca.crt"
shift shift
verify_pki_init verify_pki_init
# opts support # opts support
local want_ca=1 want_ca=1
local want_key=1 want_key=1
while [ -n "$1" ]; do while [ -n "$1" ]; do
case "$1" in case "$1" in
noca) want_ca= ;; noca) want_ca= ;;
@ -830,7 +830,7 @@ Run easyrsa without commands for usage and command help."
shift shift
done done
local pkcs_opts= pkcs_opts=
if [ $want_ca ]; then if [ $want_ca ]; then
verify_file x509 "$crt_ca" || die "\ verify_file x509 "$crt_ca" || die "\
Unable to include CA cert in the $pkcs_type output (missing file, or use noca option.) Unable to include CA cert in the $pkcs_type output (missing file, or use noca option.)
@ -845,7 +845,7 @@ Missing cert expected at: $crt_in"
case "$pkcs_type" in case "$pkcs_type" in
p12) p12)
local pkcs_out="$EASYRSA_PKI/private/$short_name.p12" pkcs_out="$EASYRSA_PKI/private/$short_name.p12"
if [ $want_key ]; then if [ $want_key ]; then
[ -f "$key_in" ] || die "\ [ -f "$key_in" ] || die "\
@ -862,7 +862,7 @@ Missing key expected at: $key_in"
Export of p12 failed: see above for related openssl errors." Export of p12 failed: see above for related openssl errors."
;; ;;
p7) p7)
local pkcs_out="$EASYRSA_PKI/issued/$short_name.p7b" pkcs_out="$EASYRSA_PKI/issued/$short_name.p7b"
# export the p7: # export the p7:
"$EASYRSA_OPENSSL" crl2pkcs7 -nocrl -certfile "$crt_in" \ "$EASYRSA_OPENSSL" crl2pkcs7 -nocrl -certfile "$crt_in" \
@ -883,18 +883,18 @@ set_pass() {
verify_pki_init verify_pki_init
# key type, supplied internally from frontend command call (rsa/ec) # key type, supplied internally from frontend command call (rsa/ec)
local key_type="$1" key_type="$1"
# values supplied by the user: # values supplied by the user:
local raw_file="$2" raw_file="$2"
local file="$EASYRSA_PKI/private/$raw_file.key" file="$EASYRSA_PKI/private/$raw_file.key"
[ -n "$raw_file" ] || die "\ [ -n "$raw_file" ] || die "\
Missing argument to 'set-$key_type-pass' command: no name/file supplied. Missing argument to 'set-$key_type-pass' command: no name/file supplied.
See help output for usage details." See help output for usage details."
# parse command options # parse command options
shift 2 shift 2
local crypto="-aes256" crypto="-aes256"
while [ -n "$1" ]; do while [ -n "$1" ]; do
case "$1" in case "$1" in
nopass) crypto= ;; nopass) crypto= ;;
@ -931,14 +931,14 @@ Failed to perform update-db: see above for related openssl errors."
# display cert DN info on a req/X509, passed by full pathname # display cert DN info on a req/X509, passed by full pathname
display_dn() { display_dn() {
local format="$1" path="$2" format="$1" path="$2"
print "$("$EASYRSA_OPENSSL" $format -in "$path" -noout -subject -nameopt multiline)" print "$("$EASYRSA_OPENSSL" $format -in "$path" -noout -subject -nameopt multiline)"
} # => display_dn() } # => display_dn()
# generate default SAN from req/X509, passed by full pathname # generate default SAN from req/X509, passed by full pathname
default_server_san() { default_server_san() {
local path="$1" path="$1"
local cn=$( cn=$(
"$EASYRSA_OPENSSL" req -in "$path" -noout -subject -nameopt sep_multiline | "$EASYRSA_OPENSSL" req -in "$path" -noout -subject -nameopt sep_multiline |
awk -F'=' '/^ *CN=/{print $2}' awk -F'=' '/^ *CN=/{print $2}'
) )
@ -952,7 +952,7 @@ default_server_san() {
# verify a file seems to be a valid req/X509 # verify a file seems to be a valid req/X509
verify_file() { verify_file() {
local format="$1" path="$2" format="$1" path="$2"
"$EASYRSA_OPENSSL" $format -in "$path" -noout 2>/dev/null || return 1 "$EASYRSA_OPENSSL" $format -in "$path" -noout 2>/dev/null || return 1
return 0 return 0
} # => verify_file() } # => verify_file()
@ -960,14 +960,14 @@ verify_file() {
# show-* command backend # show-* command backend
# Prints req/cert details in a readable format # Prints req/cert details in a readable format
show() { show() {
local type="$1" name="$2" in_file format type="$1" name="$2" in_file format
[ -n "$name" ] || die "\ [ -n "$name" ] || die "\
Missing expected filename_base argument. Missing expected filename_base argument.
Run easyrsa without commands for usage help." Run easyrsa without commands for usage help."
shift 2 shift 2
# opts support # opts support
local opts="-${type}opt no_pubkey,no_sigdump" opts="-${type}opt no_pubkey,no_sigdump"
while [ -n "$1" ]; do while [ -n "$1" ]; do
case "$1" in case "$1" in
full) opts= ;; full) opts= ;;
@ -1012,12 +1012,12 @@ OpenSSL failure to process the input"
vars_setup() { vars_setup() {
# Try to locate a 'vars' file in order of location preference. # Try to locate a 'vars' file in order of location preference.
# If one is found, source it # If one is found, source it
local vars= vars=
# set up program path # set up program path
local prog_vars="${0%/*}/vars" prog_vars="${0%/*}/vars"
# set up PKI path # set up PKI path
local pki_vars="${EASYRSA_PKI:-$PWD/pki}/vars" pki_vars="${EASYRSA_PKI:-$PWD/pki}/vars"
# command-line path: # command-line path:
if [ -f "$EASYRSA_VARS_FILE" ]; then if [ -f "$EASYRSA_VARS_FILE" ]; then
@ -1096,9 +1096,9 @@ Note: using Easy-RSA configuration from: $vars"
# the variable when it is already defined (even if currently null) # the variable when it is already defined (even if currently null)
# Sets $1 as the value contained in $2 and exports (may be blank) # Sets $1 as the value contained in $2 and exports (may be blank)
set_var() { set_var() {
local var=$1 var=$1
shift shift
local value="$*" value="$*"
eval "export $var=\"\${$var-$value}\"" eval "export $var=\"\${$var-$value}\""
} #=> set_var() } #=> set_var()