Style improvements to vars_setup()
Make detecting all vars files more simple and robust. Improve warning and error messages. Favour PKI/vars, wiith bias. * Minor changes to output format for warn() and notice() Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This commit is contained in:
Richard T Bonhomme
parent
f06871cf03
commit
fe47eba2c0
121
easyrsa3/easyrsa
121
easyrsa3/easyrsa
@ -286,17 +286,17 @@ $1" 1>&2
|
|||||||
# non-fatal warning output
|
# non-fatal warning output
|
||||||
warn() {
|
warn() {
|
||||||
[ "$EASYRSA_SILENT" ] && return
|
[ "$EASYRSA_SILENT" ] && return
|
||||||
print "* Warning:
|
print "* WARNING:
|
||||||
|
|
||||||
$1" 1>&2
|
$1
|
||||||
|
" 1>&2
|
||||||
} # => warn()
|
} # => warn()
|
||||||
|
|
||||||
# informational notices to stdout
|
# informational notices to stdout
|
||||||
notice() {
|
notice() {
|
||||||
[ "$EASYRSA_SILENT" ] && return
|
[ "$EASYRSA_SILENT" ] && return
|
||||||
[ "$EASYRSA_BATCH" ] && return
|
[ "$EASYRSA_BATCH" ] && return
|
||||||
print "
|
print "* Notice: $1"
|
||||||
$1"
|
|
||||||
} # => notice()
|
} # => notice()
|
||||||
|
|
||||||
# yes/no case-insensitive match (operates on stdin pipe)
|
# yes/no case-insensitive match (operates on stdin pipe)
|
||||||
@ -475,9 +475,8 @@ verify_ssl_lib () {
|
|||||||
3) no_password='-noenc' ;;
|
3) no_password='-noenc' ;;
|
||||||
*) die "Unsupported SSL library: $osslv_major"
|
*) die "Unsupported SSL library: $osslv_major"
|
||||||
esac
|
esac
|
||||||
print "\
|
notice "Using SSL: $EASYRSA_OPENSSL $("$EASYRSA_OPENSSL" version)" ;;
|
||||||
Using SSL: $EASYRSA_OPENSSL $("$EASYRSA_OPENSSL" version)" ;;
|
*) die "
|
||||||
*) die "\
|
|
||||||
Missing or invalid OpenSSL
|
Missing or invalid OpenSSL
|
||||||
Expected to find openssl command at: $EASYRSA_OPENSSL" ;;
|
Expected to find openssl command at: $EASYRSA_OPENSSL" ;;
|
||||||
esac
|
esac
|
||||||
@ -485,7 +484,7 @@ Expected to find openssl command at: $EASYRSA_OPENSSL" ;;
|
|||||||
EASYRSA_SSL_OK=1
|
EASYRSA_SSL_OK=1
|
||||||
|
|
||||||
# Verify EASYRSA_SSL_CONF file exists
|
# Verify EASYRSA_SSL_CONF file exists
|
||||||
[ -f "$EASYRSA_SSL_CONF" ] || die "\
|
[ -f "$EASYRSA_SSL_CONF" ] || die "
|
||||||
The OpenSSL config file cannot be found.
|
The OpenSSL config file cannot be found.
|
||||||
Expected location: $EASYRSA_SSL_CONF"
|
Expected location: $EASYRSA_SSL_CONF"
|
||||||
} # => verify_ssl_lib ()
|
} # => verify_ssl_lib ()
|
||||||
@ -2014,10 +2013,10 @@ $in_file"
|
|||||||
This file is not a valid $type file:
|
This file is not a valid $type file:
|
||||||
$in_file"
|
$in_file"
|
||||||
|
|
||||||
notice "\
|
notice "
|
||||||
Showing $type details for 'ca'.
|
Showing $type details for 'ca'.
|
||||||
This file is stored at:
|
This file is stored at:
|
||||||
$in_file
|
$in_file
|
||||||
"
|
"
|
||||||
|
|
||||||
# shellcheck disable=SC2086 # Ignore unquoted variables
|
# shellcheck disable=SC2086 # Ignore unquoted variables
|
||||||
@ -2046,15 +2045,18 @@ vars_setup() {
|
|||||||
|
|
||||||
# Program dir vars - This location is least wanted.
|
# Program dir vars - This location is least wanted.
|
||||||
prog_vars="${prog_dir}/vars"
|
prog_vars="${prog_dir}/vars"
|
||||||
|
|
||||||
# set up PKI path vars - Top preference
|
# set up PKI path vars - Top preference
|
||||||
pki_vars="${EASYRSA_PKI:-$PWD/pki}/vars"
|
pki_vars="${EASYRSA_PKI:-$PWD/pki}/vars"
|
||||||
keep_pki_vars="$pki_vars"
|
expected_pki_vars="$pki_vars"
|
||||||
|
|
||||||
# Some other place vars, out of scope.
|
# Some other place vars, out of scope.
|
||||||
if [ "$EASYRSA" ]; then
|
if [ "$EASYRSA" ]; then
|
||||||
easy_vars="${EASYRSA}/vars"
|
easy_vars="${EASYRSA}/vars"
|
||||||
else
|
else
|
||||||
unset -v easy_vars
|
unset -v easy_vars
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# vars of last resort - Eventually this file must be removed from EasyRSA
|
# vars of last resort - Eventually this file must be removed from EasyRSA
|
||||||
pwd_vars="$PWD/vars"
|
pwd_vars="$PWD/vars"
|
||||||
|
|
||||||
@ -2072,53 +2074,58 @@ vars_setup() {
|
|||||||
else
|
else
|
||||||
# if NOT $want_init_pki
|
# if NOT $want_init_pki
|
||||||
if [ -z "$want_init_pki" ]; then
|
if [ -z "$want_init_pki" ]; then
|
||||||
|
|
||||||
|
# Clear flags - This is the preferred order to find:
|
||||||
|
unset -v e_pki_vars e_easy_vars e_pwd_vars e_prog_vars found_vars
|
||||||
|
|
||||||
# PKI location, if present:
|
# PKI location, if present:
|
||||||
[ -e "$pki_vars" ] || unset -v pki_vars
|
{ [ -e "$pki_vars" ] && e_pki_vars=1; } || unset -v pki_vars
|
||||||
# program location:
|
|
||||||
[ -e "$prog_vars" ] || unset -v prog_vars
|
|
||||||
# EASYRSA, if defined:
|
# EASYRSA, if defined:
|
||||||
[ -e "$easy_vars" ] || unset -v easy_vars
|
{ [ -e "$easy_vars" ] && e_easy_vars=1; } || unset -v easy_vars
|
||||||
# vars of last resort - Eventually this file must be removed from EasyRSA
|
|
||||||
[ -e "$pwd_vars" ] || unset -v pwd_vars
|
# Eventually the file below must be removed from EasyRSA
|
||||||
|
# vars of last resort
|
||||||
|
{ [ -e "$pwd_vars" ] && e_pwd_vars=1; } || unset -v pwd_vars
|
||||||
|
|
||||||
|
# program location:
|
||||||
|
{ [ -e "$prog_vars" ] && e_prog_vars=1; } || unset -v prog_vars
|
||||||
|
|
||||||
# Allow only one vars to be found, No exceptions!
|
# Allow only one vars to be found, No exceptions!
|
||||||
too_many_vars=
|
found_vars="$((e_pki_vars + e_easy_vars + e_pwd_vars + e_prog_vars))"
|
||||||
if [ "$pki_vars" ]; then
|
|
||||||
if [ "$pwd_vars" ] || [ "$easy_vars" ] || [ "$prog_vars" ]; then
|
|
||||||
too_many_vars=1
|
|
||||||
fi
|
|
||||||
elif [ "$prog_vars" ]; then
|
|
||||||
if [ "$pwd_vars" ] || [ "$easy_vars" ]; then
|
|
||||||
too_many_vars=1
|
|
||||||
fi
|
|
||||||
elif [ "$easy_vars" ]; then
|
|
||||||
if [ "$pwd_vars" ]; then
|
|
||||||
too_many_vars=1
|
|
||||||
fi
|
|
||||||
elif [ "$pwd_vars" ]; then
|
|
||||||
warn "Move your vars file to your PKI folder, where it is safe!"
|
|
||||||
else
|
|
||||||
warn "No vars file found! Please create one in your PKI folder."
|
|
||||||
fi
|
|
||||||
|
|
||||||
# If too_many_vars then output user info and exit
|
# If found_vars greater than 1 then output user info and exit
|
||||||
if [ "$too_many_vars" ]; then
|
case "$found_vars" in
|
||||||
[ "$pki_vars" ] && print "Found: $pki_vars"
|
0)
|
||||||
[ "$prog_vars" ] && print "Found: $prog_vars"
|
unset -v found_vars
|
||||||
[ "$easy_vars" ] && print "Found: $easy_vars"
|
;;
|
||||||
[ "$pwd_vars" ] && print "Found: $pwd_vars"
|
1) : ;; #ok
|
||||||
|
*)
|
||||||
|
[ "$e_pki_vars" ] && print "Found: $pki_vars"
|
||||||
|
[ "$e_easy_vars" ] && print "Found: $easy_vars"
|
||||||
|
[ "$e_pwd_vars" ] && print "Found: $pwd_vars"
|
||||||
|
[ "$e_prog_vars" ] && print "Found: $prog_vars"
|
||||||
die "Conflicting 'vars' files found.
|
die "Conflicting 'vars' files found.
|
||||||
|
|
||||||
Priority should be given to your PKI vars file:
|
Priority should be given to your PKI vars file:
|
||||||
* $keep_pki_vars
|
|
||||||
|
* $expected_pki_vars
|
||||||
"
|
"
|
||||||
fi
|
esac
|
||||||
|
|
||||||
# If a SINGLE vars file is found then assign $vars
|
# If a SINGLE vars file is found then assign $vars
|
||||||
[ "$pwd_vars" ] && vars="$pwd_vars"
|
if [ "$found_vars" ] && [ "$e_pki_vars" ]; then
|
||||||
[ "$easy_vars" ] && vars="$easy_vars"
|
vars="${pki_vars}"
|
||||||
[ "$prog_vars" ] && vars="$prog_vars"
|
# Final warnings
|
||||||
[ "$pki_vars" ] && vars="$pki_vars"
|
elif [ -z "$found_vars" ]; then
|
||||||
|
vars=
|
||||||
|
warn "No vars file found! Please create one in your PKI folder."
|
||||||
|
else
|
||||||
|
# This can only be one:
|
||||||
|
vars="${easy_vars}${pwd_vars}${prog_vars}"
|
||||||
|
[ -e "$vars" ] || die "undefined state, vars: $vars"
|
||||||
|
warn "Move your vars file to your PKI folder, where it is safe!"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# If $EASYRSA_NO_VARS is defined (not blank) then do not use vars
|
# If $EASYRSA_NO_VARS is defined (not blank) then do not use vars
|
||||||
@ -2127,24 +2134,20 @@ Priority should be given to your PKI vars file:
|
|||||||
# If a vars file was located then source it
|
# If a vars file was located then source it
|
||||||
if [ "$vars" ]; then
|
if [ "$vars" ]; then
|
||||||
if grep -Eq 'EASYRSA_PASSIN|EASYRSA_PASSOUT' "$vars"; then
|
if grep -Eq 'EASYRSA_PASSIN|EASYRSA_PASSOUT' "$vars"; then
|
||||||
die "\
|
die "
|
||||||
Variable EASYRSA_PASSIN or EASYRSA_PASSOUT has been found in the configuration \
|
Variable EASYRSA_PASSIN or EASYRSA_PASSOUT has been found in the configuration
|
||||||
file. Storing sensitive information in the configuration file is not \
|
file. Storing sensitive information in the configuration file is not
|
||||||
recommended - please remove it from there before continuing."
|
recommended - please remove it from there before continuing."
|
||||||
fi
|
fi
|
||||||
# shellcheck disable=SC2034 # EASYRSA_CALLER appears unused.
|
# shellcheck disable=SC2034 # EASYRSA_CALLER appears unused.
|
||||||
EASYRSA_CALLER=1
|
EASYRSA_CALLER=1
|
||||||
# shellcheck disable=1090 # can't follow non-constant source. vars
|
# shellcheck disable=1090 # can't follow non-constant source. vars
|
||||||
. "$vars"
|
. "$vars"
|
||||||
notice "\
|
notice "Note: using Easy-RSA configuration from: $vars"
|
||||||
Note: using Easy-RSA configuration from: $vars"
|
|
||||||
else
|
else
|
||||||
# $vars remains undefined .. no vars found
|
# $vars remains undefined .. no vars found
|
||||||
[ "$want_init_pki" ] || warn " No vars file defined!
|
# Warning already issued!
|
||||||
|
: # ok
|
||||||
Expected to find 'vars' file:
|
|
||||||
* $keep_pki_vars
|
|
||||||
"
|
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
# EASYRSA_NO_VARS is defined or want_init_pki, no vars is required.
|
# EASYRSA_NO_VARS is defined or want_init_pki, no vars is required.
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user