-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Disable prefer_vars_in_pki_msg(), until further notice #1014
Commits on Aug 29, 2023
-
Disable prefer_vars_in_pki_msg(), until further notice
Signed-off-by: Richard T Bonhomme <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 4cb05fe - Browse repository at this point
Copy the full SHA 4cb05feView commit details -
install_data_to_pki: Disable creating new vars file
Signed-off-by: Richard T Bonhomme <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2e5865a - Browse repository at this point
Copy the full SHA 2e5865aView commit details
Commits on Aug 30, 2023
-
Disable creating a vars file and only allow one vars file to exist
intall_data_to_pki init-pki: Never create a vars file. Creating a vars file in the PKI is not recommended due to the possibility of defining use of a different PKI via EASYRSA_PKI variable. vars_setup: Never allow multiple vars files to exist for any commands. If there are multiple vars file found then EasyRSA has no way to prioritise one over another. Remove unused variable: expected_pki_vars Standardise some verbose messages. Correct some comments related to 'vars in PKI', no longer suitable. Signed-off-by: Richard T Bonhomme <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f18c9a0 - Browse repository at this point
Copy the full SHA f18c9a0View commit details -
install_data_to_pki: Never create a pki/vars.example file
Having a pki/vars.example file exist, leads to the incorrect conclusion that a pki/vars file is suitable. Therefore, never create an example file. Signed-off-by: Richard T Bonhomme <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for d05a89e - Browse repository at this point
Copy the full SHA d05a89eView commit details -
ChangeLog: Disable code which requests vars be moved to the PKI
Signed-off-by: Richard T Bonhomme <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8d55b9f - Browse repository at this point
Copy the full SHA 8d55b9fView commit details
Commits on Aug 31, 2023
-
vars_setup: Downgrade warning to info for "no vars file exists"
Signed-off-by: Richard T Bonhomme <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 53f443c - Browse repository at this point
Copy the full SHA 53f443cView commit details
Commits on Sep 1, 2023
-
install_data_to_pki: Correct error message "text" only
Signed-off-by: Richard T Bonhomme <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 3b4ac2e - Browse repository at this point
Copy the full SHA 3b4ac2eView commit details
Commits on Sep 3, 2023
-
vars_setup: Multiple vars files, downgrade FATAL error to WARNING
Finding multiple vars files will result in a WARNING instead of a FATAL error, then a vars file is selected. If --vars=<FILE> is used or EASYRSA_VARS_FILE is defined then only the vars file defined is used, all other vars files are ignored without warning. If multiple vars files are found then select in the following order: * EASYRSA/vars - User has preset EASYRSA, highest priority. * PWD/vars - The expected default. * Program directory - This is essentially the same as PWD/vars However, it is explicitly listed due to code history. * pki/vars - This is least wanted. See note below. Note: The pki/vars was an attempt to change the default expected location of the vars file. After extensive testing, this change has proven to be fraught with misuse. Specifically, setting EASYRSA_PKI from with in a different PKI, an obvious conflict of inerests. If a single vars file is found then select it with the same priority as multiple vars files. Signed-off-by: Richard T Bonhomme <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b19beb2 - Browse repository at this point
Copy the full SHA b19beb2View commit details
Commits on Sep 4, 2023
-
vars_setup: Prioritise pre-defined EASYRSA/vars over standard search
There is no built-in way to set EASYRSA as a variable, it must be set externally by the user. Therefore, when EASYRSA is set allow ONLY "$EASYRSA/vars". Allow "$EASYRSA/vars" to NOT exist. Command option --vars=<FILE> has priority. Signed-off-by: Richard T Bonhomme <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 1c0228b - Browse repository at this point
Copy the full SHA 1c0228bView commit details -
vars_setup: Prohibit specifying vars as a directory. eg: ./
Signed-off-by: Richard T Bonhomme <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b75c8b0 - Browse repository at this point
Copy the full SHA b75c8b0View commit details -
vars_setup: Split into setup_vars() and source_vars()
setup_vars: Determine which vars file to use. source_vars: Validate and source accepted vars file. Signed-off-by: Richard T Bonhomme <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 4a80b21 - Browse repository at this point
Copy the full SHA 4a80b21View commit details -
Repurpose prefer_vars_in_pki_msg() to "warn against vars in PKI"
Use the same logic as "prefer vars in pki" but change the message to "warn against vars in the pki". Signed-off-by: Richard T Bonhomme <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b9914c6 - Browse repository at this point
Copy the full SHA b9914c6View commit details -
Add explicit confirmation for default 'pki/vars' setting a different PKI
If the default 'pki/vars' exists and sets EASYRSA_PKI to a different PKI, anything other than "$PWD/pki", then issue a warning with an explicit user confirmation to proceed with this invalid configuration. This is a left-over by-product of trying to move the vars file to the PKI. Problem: 'pki/vars' sets EASYRSA_PKI to a different PKI. Conclusion: Easy-RSA v3.1.7 does NOT support a vars file in the PKI. Signed-off-by: Richard T Bonhomme <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 92a6341 - Browse repository at this point
Copy the full SHA 92a6341View commit details
Commits on Sep 5, 2023
-
ChangeLog: Retract "preference for vars in the PKI"
Signed-off-by: Richard T Bonhomme <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a68edb3 - Browse repository at this point
Copy the full SHA a68edb3View commit details -
source_vars: FATAL error when default 'pki/vars' sets a different PKI
Previously, this was a warning and confirmation to continue. Changed to, NEVER allow this invalid configuration. Signed-off-by: Richard T Bonhomme <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for bb1adae - Browse repository at this point
Copy the full SHA bb1adaeView commit details -
init-pki: Remove unnecessary user information concerning vars
Remove second warning on hard-reset which promotes soft-reset, soft-reset will be removed. Remove information concerning 'vars' file. 'init-pki' does not create a 'vars' file in the PKI, therefore, the information is no longer relevant. Signed-off-by: Richard T Bonhomme <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for fab09e6 - Browse repository at this point
Copy the full SHA fab09e6View commit details -
install_data_to_pki() init-pki: Remove code to create a 'pki/vars' file
Signed-off-by: Richard T Bonhomme <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 0e53ae1 - Browse repository at this point
Copy the full SHA 0e53ae1View commit details
Commits on Sep 6, 2023
-
Insert required errors and warning to control vars location
Error-1: For multiple vars files when 'pki/vars' is true. Not thrown for multiple vars if 'pki/vars' is not true. When multiple vars are found one is selected based on priority. Priority is: "$PWD/vars" (default); Program folder; 'pki/vars' Not thrown if user specifies 'vars' by either specifying * EASYRSA, can only be set externally. * --vars=<FILE>, user set vars is respected. Error-2: When the default 'pki/vars' sets EASYRSA_PKI, causing the PKI to be changed during setup proceedure. This is a rare error but must be caught, otherwise it is very easy to use 'init-pki' to remove the wrong PKI. Warning: When 'pki/vars' is true. After completing any command, this warning will be issued, if the sourced 'vars' file is in the default 'pki' AND if the user did not specifically select a vars file. Allow commands 'version', 'upgrade' and 'show-host' to complete without using any 'vars' file. Upgrade warning to error for 'export' or 'unset' used in the 'vars' file. Downgrade die to user_error for simple 'vars' file problems. Signed-off-by: Richard T Bonhomme <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6f88df3 - Browse repository at this point
Copy the full SHA 6f88df3View commit details
Commits on Sep 11, 2023
-
source_vars(): Forbid 'pki/vars' setting PKI for command 'init-pki'
Forbid default 'pki/vars', if it exists, from setting EASYRSA_PKI to any other value except "$PWD/pki", for command 'init-pki'. When 'init-pki' is called with all default options then it will load a dafault 'pki/vars' file, if it exists. This EXPECTS the PKI to be 'pki' ONLY. For 'init-pki'; This 'pki/vars' file MUST NOT be allowed to set EASYRSA_PKI. This MUST include setting EASYRSA_PKI to 'pki'. Otherwise, this allows default command 'init-pki' to delete a non-default PKI. This change also forbids using command line settings for --vars and --pki-dir, to set the expected vars file or PKI, when a default 'pki/vars' exists AND changes the expected PKI, to anything other than "$PWD/pki". Example of the problem: If 'easyrsa' is executed with all default settings then the expected value for EASYRSA_PKI is "$PWD/pki" and if 'pki/vars' file exists, it IS loaded. If 'pki/vars' sets EASYRSA_PKI to a different PKI, 'bad-pki', then this would allow 'init-pki' to delete 'bad-pki' not 'pki'. For the record: All of these changes have been extensively tested. Signed-off-by: Richard T Bonhomme <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for d2c25de - Browse repository at this point
Copy the full SHA d2c25deView commit details
Commits on Sep 12, 2023
-
source_vars(): 'init-pki', prioritise USER set EASYRSA_PKI and EASYRSA
When souring 'vars' file, allow user set EASYRSA_PKI and EASYRSA to take priority over default settings. This will still error out when default 'pki/vars' sets EASYRSA_PKI to a non-default PKI. Signed-off-by: Richard T Bonhomme <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for dc15f35 - Browse repository at this point
Copy the full SHA dc15f35View commit details
Commits on Sep 13, 2023
-
Move "Setup: catch vars file changing PKI unexpectedly"
This setup assigns values for '$expected_pki' to before sourcing the vars file. This prioritises command line options above 'vars' file assignments. Minor improvement to error message given when subshell testing of sourcing 'vars' fails. On user_error(), exit_with_error via cleanup(). Minor improvements to error and verbose messages. Signed-off-by: Richard T Bonhomme <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 0c8fd82 - Browse repository at this point
Copy the full SHA 0c8fd82View commit details