Merge branch 'master' of /TinCanTech/easy-rsa into TinCanTech-master
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This commit is contained in:
Richard T Bonhomme
parent
6bdbc8ef97
commit
dc2da4ed45
@ -583,26 +583,28 @@ Your newly created PKI dir is: $EASYRSA_PKI"
|
||||
# Copy data-files from various sources
|
||||
install_data_to_pki () {
|
||||
#
|
||||
# This function is here to explicitly copy data-files to the PKI.
|
||||
# This function will explicitly find and optionally copy data-files to the PKI.
|
||||
# During 'init-pki' this is the new default.
|
||||
# During all other functions these requirements are tested for and
|
||||
# files will be copied to the PKI, if they do not already exist there.
|
||||
#
|
||||
# One of the reasons for this change is to make packing EasyRSA work.
|
||||
# This function searches favoured and then common 'areas' for the
|
||||
# EasyRSA data-files(A):
|
||||
# 'openssl-easyrsa.cnf' 'x509-types':(folder).
|
||||
# One of the reasons for this change is to make packaging EasyRSA work.
|
||||
#
|
||||
# These files MUST be found in at least one location and will be copied
|
||||
# to the current PKI, if they do not already exist there.
|
||||
# First: search favoured and then common 'areas' for the EasyRSA data-files(A):
|
||||
# * 'openssl-easyrsa.cnf' and 'x509-types' (folder).
|
||||
#
|
||||
# These files MUST be found in at least one location.
|
||||
# * 'openssl-easyrsa.cnf' will be copied to the PKI.
|
||||
# A warning will be issued if this file cannot be found.
|
||||
#
|
||||
# * 'x509-types' will set EASYRSA_EXT_DIR to the found location.
|
||||
# If x509-types cannot be found then that is a FATAL error.
|
||||
#
|
||||
# Other EasyRSA data-files(B): it is not crucial that these are found
|
||||
# but if they are then they are also copied to the PKI.
|
||||
# 'vars' 'vars.example'
|
||||
# but if they are then they are copied to the PKI. (Note: 1)
|
||||
# * 'vars' and 'vars.example'
|
||||
#
|
||||
#
|
||||
# For 'vars' consideration must be given to:
|
||||
# Note 1: For 'vars' consideration must be given to:
|
||||
# "Where the user expects to find vars!"
|
||||
#
|
||||
# Currently, *if* 'vars' is copied to the PKI then the PKI 'vars' will take
|
||||
@ -616,19 +618,9 @@ install_data_to_pki () {
|
||||
ssl_cnf_file='openssl-easyrsa.cnf'
|
||||
x509_types_dir='x509-types'
|
||||
|
||||
# Only use if required
|
||||
# Omit 'vars' - [ -e "${EASYRSA_PKI}/${vars_file}" ] &&
|
||||
if [ -e "$EASYRSA_SAFE_CONF" ] && \
|
||||
[ -e "${EASYRSA_PKI}/${vars_file_example}" ] && \
|
||||
[ -e "${EASYRSA_PKI}/${ssl_cnf_file}" ] && \
|
||||
[ -e "${EASYRSA_PKI}/${x509_types_dir}" ]
|
||||
then
|
||||
return 0
|
||||
fi
|
||||
|
||||
# PWD - Covers EasyRSA-Windows installed by OpenVPN, and git forks
|
||||
# "prog_dir" - Old way
|
||||
# /etc/easy-rsa - Sensible default - Includes: Arch, hopefully others agree..
|
||||
# "prog_dir" - Old way (Who installs data files in /usr/bin ?)
|
||||
# /etc/easy-rsa - possible default
|
||||
# /usr/share/easy-rsa - usr
|
||||
# /usr/local/share/easy-rsa - usr/local
|
||||
|
||||
@ -661,14 +653,19 @@ install_data_to_pki () {
|
||||
# Find x509-types
|
||||
[ -e "${area}/${x509_types_dir}" ] || continue
|
||||
|
||||
# If x509-types does not exist in the PKI then copy it.
|
||||
if [ -e "${EASYRSA_PKI}/${x509_types_dir}" ]; then
|
||||
continue
|
||||
else
|
||||
copy_data_to_pki "${area}/${x509_types_dir}" recurse || return
|
||||
# Declare in preferred order, first wins, beaten by command line.
|
||||
# Only set if not in PKI; Same condition made in vars_setup()
|
||||
if [ ! -d "$EASYRSA_PKI/x509-types" ]; then
|
||||
set_var EASYRSA_EXT_DIR "${area}/${x509_types_dir}"
|
||||
fi
|
||||
done
|
||||
|
||||
# if PKI/x509-types exists then it wins, except command line
|
||||
# Same condition made in vars_setup()
|
||||
if [ -d "$EASYRSA_PKI/x509-types" ]; then
|
||||
set_var EASYRSA_EXT_DIR "$EASYRSA_PKI/x509-types"
|
||||
fi
|
||||
|
||||
# If this is init-pki then create PKI/vars from PKI/example
|
||||
case "$1" in
|
||||
init-pki)
|
||||
@ -677,7 +674,7 @@ install_data_to_pki () {
|
||||
[ ! -e "${EASYRSA_PKI}/${vars_file}" ]
|
||||
then
|
||||
cp -f "${EASYRSA_PKI}/${vars_file_example}" \
|
||||
"${EASYRSA_PKI}/${vars_file}"
|
||||
"${EASYRSA_PKI}/${vars_file}" || return
|
||||
fi
|
||||
;;
|
||||
vars-setup)
|
||||
@ -688,11 +685,15 @@ install_data_to_pki () {
|
||||
die "install_data_to_pki - unknown context: $1"
|
||||
esac
|
||||
|
||||
# Check PKI is updated - Omit 'vars' and example.
|
||||
# Check PKI is updated - Omit unnecessary checks
|
||||
#[ -e "${EASYRSA_PKI}/${vars_file}" ] || return
|
||||
#[ -e "${EASYRSA_PKI}/${vars_file_example}" ] || return
|
||||
[ -e "${EASYRSA_PKI}/${ssl_cnf_file}" ] || return
|
||||
[ -e "${EASYRSA_PKI}/${x509_types_dir}" ] || return
|
||||
#[ -e "${EASYRSA_PKI}/${x509_types_dir}" ] || return
|
||||
|
||||
# EASYRSA_EXT_DIR must be found! No exceptions!
|
||||
[ -n "$EASYRSA_EXT_DIR" ] && [ -e "$EASYRSA_EXT_DIR" ] || \
|
||||
die "x509-types folder cannot be found"
|
||||
|
||||
# Complete or error
|
||||
[ -e "$EASYRSA_SAFE_CONF" ] || easyrsa_openssl makesafeconf
|
||||
@ -700,8 +701,8 @@ install_data_to_pki () {
|
||||
|
||||
# Copy the source to the PKI
|
||||
copy_data_to_pki () {
|
||||
cp ${2:+-R} "$1" "$EASYRSA_PKI" || return
|
||||
shift # Clear recurse
|
||||
cp "$1" "$EASYRSA_PKI" || return
|
||||
shift
|
||||
} # => copy_data_to_pki ()
|
||||
|
||||
# Disable terminal echo, if possible, otherwise warn
|
||||
@ -2004,31 +2005,23 @@ Note: using Easy-RSA configuration from: $vars"
|
||||
mktemp -du "$EASYRSA_TEMP_DIR/easy-rsa-$$.XXXXXX"
|
||||
)"
|
||||
|
||||
# Same as above for the x509-types extensions dir
|
||||
if [ -d "$EASYRSA_PKI/x509-types" ]; then
|
||||
set_var EASYRSA_EXT_DIR "$EASYRSA_PKI/x509-types"
|
||||
else
|
||||
|
||||
#TODO: This should be removed. Not really suitable for packaging.
|
||||
#set_var EASYRSA_EXT_DIR "$EASYRSA/x509-types"
|
||||
|
||||
# Hard break from 'old' Easy-RSA, see obsolete comment above.
|
||||
# Install data-files into ALL PKIs
|
||||
install_data_to_pki vars-setup || \
|
||||
warn "Failed to install new required data-dir to PKI. (x509)"
|
||||
set_var EASYRSA_EXT_DIR "$EASYRSA_PKI/x509-types"
|
||||
fi
|
||||
# Install data-files into ALL PKIs
|
||||
# This will find x509-types and export EASYRSA_EXT_DIR or die.
|
||||
# Other errors only require warning.
|
||||
install_data_to_pki vars-setup || \
|
||||
warn "Failed to install new required data-dir to PKI. (setup)"
|
||||
|
||||
# EASYRSA_SAFE_CONF is output by 'install_data_to_pki()'
|
||||
# via 'easyrsa_openssl() makesafeconf' above.
|
||||
# Setting EasyRSA specific OPENSSL_CONF to sanatized safe conf
|
||||
if [ -e "$EASYRSA_SAFE_CONF" ]; then
|
||||
export OPENSSL_CONF="$EASYRSA_SAFE_CONF"
|
||||
else
|
||||
# Install data-files into ALL PKIs
|
||||
install_data_to_pki vars-setup || \
|
||||
warn "Failed to install new required data-files to PKI. (SSL)"
|
||||
# EASYRSA_SAFE_CONF is output by
|
||||
# 'install_data_to_pki()' via 'easyrsa_openssl() makesafeconf'
|
||||
export OPENSSL_CONF="$EASYRSA_SAFE_CONF"
|
||||
die "Failed to find Safe-SSL config file."
|
||||
fi
|
||||
|
||||
# Upgrade to 306: Create $EASYRSA_SSL_CONF if it does not exist
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user