From b7199ec19ac4f9c53695d87527f1af468ea524de Mon Sep 17 00:00:00 2001
From: Richard T Bonhomme <tincantech@protonmail.com>
Date: Sat, 8 Oct 2022 20:58:22 +0100
Subject: [PATCH] init-pki soft: Include delete of revoked and renewed
 sub-directories

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
---
 easyrsa3/easyrsa | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index 64c51fd..71f7110 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -990,20 +990,26 @@ and initialize a fresh PKI here."
 		# now remove it:
 		case "$reset" in
 		hard)
-			rm -rf "$EASYRSA_PKI" || \
-				die "Removal of PKI dir failed. Check/correct errors above"
+				# # # shellcheck disable=SC2115 # Use "${var:?}" to ensure
+				rm -rf "$EASYRSA_PKI" || \
+					die "init-pki hard reset failed."
 		;;
 		soft)
-			for i in ca.crt certs_by_serial ecparams index.txt index.txt.attr \
-						index.txt.old issued private reqs serial serial.old; do
-				rm -rf "${EASYRSA_PKI:?}/$i" || \
-					die "Removal of PKI dir failed. Check/correct errors above"
+		# There is no unit test for a soft reset
+			for i in ca.crt \
+					issued private reqs certs_by_serial revoked renewed \
+					serial serial.old ecparams index.txt index.txt.old \
+					index.txt.attr index.txt.attr.old
+			do
+				# # # shellcheck disable=SC2115 # Use "${var:?}" to ensure
+				rm -rf "$EASYRSA_PKI/${i}" || \
+					die "init-pki soft reset failed."
 			done
 		;;
 		# More modes could be added here, e.g. only remove
 		# issued certs (and clean database), but keep CA intact.
 		*)
-			die "Removal of PKI dir failed. Unknown reset type: $reset"
+			die "Unknown reset type: $reset"
 		esac
 
 		# If vars was in the old pki then it has been removed