cleanup(): General improvements - Create KNOWN error exit
Where errors are known, exit via 'Known' branch. Allow preset error number to propagate. Long line wrapping. Shorten associated variable names. Move clearing traps to within cleanup(). Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This commit is contained in:
Richard T Bonhomme
parent
97fec2de61
commit
fc4bcb6184
@ -585,9 +585,9 @@ Type the word '$value' to continue, or any other input to abort."
|
|||||||
read input
|
read input
|
||||||
printf '\n'
|
printf '\n'
|
||||||
[ "$input" = "$value" ] && return
|
[ "$input" = "$value" ] && return
|
||||||
confirm_aborted=1
|
easyrsa_error_exit=1
|
||||||
notice "Aborting without confirmation."
|
notice "Aborting without confirmation."
|
||||||
exit 9
|
cleanup 9
|
||||||
} # => confirm()
|
} # => confirm()
|
||||||
|
|
||||||
# Generate random hex
|
# Generate random hex
|
||||||
@ -698,15 +698,16 @@ Temporary session not preserved."
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# Remove files when build_full()->sign_req() is interrupted
|
# Remove files when build_full()->sign_req() is interrupted
|
||||||
[ "$on_error_build_full_cleanup" ] && \
|
[ "$error_build_full_cleanup" ] && \
|
||||||
rm -f "$crt_out" "$req_out" "$key_out"
|
rm -f "$crt_out" "$req_out" "$key_out"
|
||||||
|
|
||||||
# Restore files when renew is interrupted
|
# Restore files when renew is interrupted
|
||||||
[ "$on_error_undo_renew_move" ] && renew_restore_move; :
|
[ "$error_undo_renew_move" ] && renew_restore_move
|
||||||
# Restore files when rebuild is interrupted
|
# Restore files when rebuild is interrupted
|
||||||
[ "$on_error_undo_rebuild_move" ] && rebuild_restore_move; :
|
[ "$error_undo_rebuild_move" ] && rebuild_restore_move
|
||||||
|
|
||||||
# shellcheck disable=SC3040 # In POSIX sh, set option [name] is undefined
|
# shellcheck disable=SC3040
|
||||||
|
# In POSIX sh, set option [name] is undefined
|
||||||
case "$easyrsa_host_os" in
|
case "$easyrsa_host_os" in
|
||||||
nix) [ -t 1 ] && stty echo ;;
|
nix) [ -t 1 ] && stty echo ;;
|
||||||
win)
|
win)
|
||||||
@ -719,27 +720,34 @@ Temporary session not preserved."
|
|||||||
*) warn "Host OS undefined."
|
*) warn "Host OS undefined."
|
||||||
esac
|
esac
|
||||||
|
|
||||||
if [ "$EASYRSA_BATCH" ] || [ "$EASYRSA_SILENT" ]; then
|
if [ "$EASYRSA_BATCH" ] || [ "$EASYRSA_SILENT" ]
|
||||||
|
then
|
||||||
: # ok
|
: # ok
|
||||||
else
|
else
|
||||||
print # To get a clean line after terminal echo is disabled
|
print # To get a clean line
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Exit with error 1, if an error ocured...
|
# Clear traps
|
||||||
|
trap - 0 1 2 3 6 15
|
||||||
|
|
||||||
|
# Final exit
|
||||||
if [ "$easyrsa_error_exit" ]; then
|
if [ "$easyrsa_error_exit" ]; then
|
||||||
# Set by verify_cert() for full error-out
|
# Known errors:
|
||||||
exit 1
|
# -> confirm(): aborted
|
||||||
|
# -> verify_cert(): verify failed
|
||||||
|
exit "${1:-1}"
|
||||||
elif [ "$1" = ok ]; then
|
elif [ "$1" = ok ]; then
|
||||||
# if there is no error then 'cleanup ok' is called
|
# if there is no error
|
||||||
|
# then 'cleanup ok' is called
|
||||||
exit 0
|
exit 0
|
||||||
elif [ "$1" = 2 ]; then
|
elif [ "$1" = 2 ]; then
|
||||||
# SIGINT
|
# SIGINT
|
||||||
kill -2 "$$"
|
kill -2 "$$"
|
||||||
else
|
else
|
||||||
# if 'cleanup' is called without 'ok' then an error occurred
|
# if 'cleanup' is called without 'ok'
|
||||||
# Do not show_host() for confirm() aborted exit
|
# then an error occurred
|
||||||
[ "$confirm_aborted" ] || show_host
|
show_host
|
||||||
exit 1
|
exit "${1:-1}"
|
||||||
fi
|
fi
|
||||||
} # => cleanup()
|
} # => cleanup()
|
||||||
|
|
||||||
@ -1922,9 +1930,9 @@ Option conflict: '$cmd' does not support setting an external commonName"
|
|||||||
gen_req "$name" batch
|
gen_req "$name" batch
|
||||||
|
|
||||||
# Sign it
|
# Sign it
|
||||||
on_error_build_full_cleanup=1
|
error_build_full_cleanup=1
|
||||||
if sign_req "$crt_type" "$name"; then
|
if sign_req "$crt_type" "$name"; then
|
||||||
unset -v on_error_build_full_cleanup
|
unset -v error_build_full_cleanup
|
||||||
else
|
else
|
||||||
die "Failed to sign '$name' - See error messages above for details."
|
die "Failed to sign '$name' - See error messages above for details."
|
||||||
fi
|
fi
|
||||||
@ -2270,11 +2278,11 @@ with the following subject:
|
|||||||
|
|
||||||
# move renewed files so we can reissue certificate with the same name
|
# move renewed files so we can reissue certificate with the same name
|
||||||
renew_move
|
renew_move
|
||||||
on_error_undo_renew_move=1
|
error_undo_renew_move=1
|
||||||
|
|
||||||
# renew certificate
|
# renew certificate
|
||||||
if EASYRSA_BATCH=1 sign_req "$cert_type" "$file_name_base"; then
|
if EASYRSA_BATCH=1 sign_req "$cert_type" "$file_name_base"; then
|
||||||
unset -v on_error_undo_renew_move
|
unset -v error_undo_renew_move
|
||||||
else
|
else
|
||||||
# If renew failed then restore cert. Otherwise, issue a warning
|
# If renew failed then restore cert. Otherwise, issue a warning
|
||||||
renew_restore_move
|
renew_restore_move
|
||||||
@ -2297,7 +2305,7 @@ use: 'revoke-renewed $file_name_base reason' ('reason' is optional)"
|
|||||||
|
|
||||||
# Restore files on failure to renew
|
# Restore files on failure to renew
|
||||||
renew_restore_move() {
|
renew_restore_move() {
|
||||||
unset -v rrm_err on_error_undo_renew_move
|
unset -v rrm_err error_undo_renew_move
|
||||||
# restore crt file to PKI folders
|
# restore crt file to PKI folders
|
||||||
if mv "$restore_crt_out" "$restore_crt_in"; then
|
if mv "$restore_crt_out" "$restore_crt_in"; then
|
||||||
: # ok
|
: # ok
|
||||||
@ -2766,11 +2774,11 @@ with the following subject:
|
|||||||
|
|
||||||
# move renewed files so we can reissue certificate with the same name
|
# move renewed files so we can reissue certificate with the same name
|
||||||
rebuild_move
|
rebuild_move
|
||||||
on_error_undo_rebuild_move=1
|
error_undo_rebuild_move=1
|
||||||
|
|
||||||
# rebuild certificate
|
# rebuild certificate
|
||||||
if EASYRSA_BATCH=1 build_full "$cert_type" "$file_name_base"; then
|
if EASYRSA_BATCH=1 build_full "$cert_type" "$file_name_base"; then
|
||||||
unset -v on_error_undo_rebuild_move
|
unset -v error_undo_rebuild_move
|
||||||
else
|
else
|
||||||
# If rebuild failed then restore cert, key and req. Otherwise,
|
# If rebuild failed then restore cert, key and req. Otherwise,
|
||||||
# issue a warning. If *restore* fails then at least the file-names
|
# issue a warning. If *restore* fails then at least the file-names
|
||||||
@ -2795,7 +2803,7 @@ use: 'revoke-renewed $file_name_base reason' ('reason' is optional)"
|
|||||||
|
|
||||||
# Restore files on failure to rebuild
|
# Restore files on failure to rebuild
|
||||||
rebuild_restore_move() {
|
rebuild_restore_move() {
|
||||||
unset -v rrm_err on_error_undo_renew_move
|
unset -v rrm_err error_undo_renew_move
|
||||||
# restore crt, key and req file to PKI folders
|
# restore crt, key and req file to PKI folders
|
||||||
if mv "$restore_crt_out" "$restore_crt_in"; then
|
if mv "$restore_crt_out" "$restore_crt_in"; then
|
||||||
: # ok
|
: # ok
|
||||||
@ -5092,7 +5100,7 @@ trap "exit 14" 15
|
|||||||
detect_host
|
detect_host
|
||||||
|
|
||||||
# Initialisation requirements
|
# Initialisation requirements
|
||||||
unset -v confirm_aborted easyrsa_error_exit \
|
unset -v easyrsa_error_exit \
|
||||||
user_san_true user_vars_true alias_days
|
user_san_true user_vars_true alias_days
|
||||||
|
|
||||||
# Parse options
|
# Parse options
|
||||||
@ -5424,8 +5432,7 @@ esac
|
|||||||
# shellcheck disable=SC2181
|
# shellcheck disable=SC2181
|
||||||
[ $? = 0 ] || warn "Untrapped error detected!"
|
[ $? = 0 ] || warn "Untrapped error detected!"
|
||||||
|
|
||||||
# Clear traps and do 'cleanup ok' on successful completion
|
# Do 'cleanup ok' on successful completion
|
||||||
trap - 0 1 2 3 6 15
|
|
||||||
cleanup ok
|
cleanup ok
|
||||||
|
|
||||||
# vim: ft=sh nu ai sw=8 ts=8 noet
|
# vim: ft=sh nu ai sw=8 ts=8 noet
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user