Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v3.2.0-beta1 #1046

Merged
merged 26 commits into from
Dec 15, 2023
Merged

v3.2.0-beta1 #1046

merged 26 commits into from
Dec 15, 2023

Conversation

TinCanTech
Copy link
Collaborator

@TinCanTech TinCanTech commented Dec 8, 2023
edited
Loading

The essential change here is to make all support file redundant; If they are not found then they are created on demand.

Currently does not work for x509-types/ email and kdc

The most significant change is new command write <type> <DIR> c814e0a

@TinCanTech TinCanTech self-assigned this Dec 8, 2023
@TinCanTech TinCanTech added this to the v3.2.0 milestone Dec 8, 2023
@TinCanTech
New Command 'rand': 'Expose easyrsa_random() to the command line
6131cbf 
Usage: 'easyrsa rand <decimal_number>'

Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech
Correct 'trap' command for 'SIGTERM'
3a4dcd2 
Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech
Remove unsupported option --fix-offset from option parsing
ac8407d 
Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech
Reorder initial setup commands
81b381f 
Place selecting and sourcing vars-file before assigning PKI and CA
requirements to the command to be executed.

This is more logical because the command requirements are assigned
directly before handing off to the requested command, while external
variables have already been assigned.

Move 'make-vars' to the standard 'case' command selection list.

Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech
Introduce write_easyrsa_ssl_cnf_tmp(): Verify/create EASYRSA_SSL_CONF
e1a0655 
Replace use of copy_data_to_pki(), which copies an existing file to the
PKI, by verifying that EASYRSA_SSL_CONF points to a file or create a
temp-file to be used in place.

This allows removing openssl-easyrsa.cnf file from the repository.

Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech
Replace copy_data_to_pki() with locate_support_files()
66e39c8 
locate_support_files() will find the support files and assign
variables accordingly:
* openssl_easyrsa.cnf - Assigned to EASYRSA_SSL_CONF
* /x509-types - Assigned to EASYRSA_EXT_DIR

If the files are not found then no variables are assigned and
the files are created seprately as temp-files, when required.

Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech
Move call to locate_support_files() to invocation layer (Simplify)
75cbe03 
Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech
Move call to verify_ssl_lib() to invocation layer (Simplify)
1756e7a 
Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech
Move call to write_easyrsa_ssl_cnf_tmp() to secure_session()
dcb19b2 
This is necessary for status reports read_db(), which recreates the
secure session for each record.

Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech
Move check for $working_safe_ssl_conf to invocation layer (Simplify)
6b6568d 
Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech
Move OpenSSL Version message to verify_ssl_lib() at verbose level
a617f79 
Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech
verify_working_env(): Minor clean up
ca62e66 
Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech
Make shellcheck directives searchable, add function name to comment
a8503dd 
Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech TinCanTech changed the title V3.2.0-beta1 v3.2.0-beta1 Dec 9, 2023
@TinCanTech
Add 'email' and 'kdc' to create_x509_type()
0d68ccb 
Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech
Introduce command 'write' - Write support files
c814e0a 
This allows creating all support files.

Usage: 'easyrsa write <type> <DIR>'
* <type> must be specified.
* <DIR>  is optional. If specified then files are created.
         Otherwise, data is sent to stdout.

Types:
* ssl-cnf  - Write openssl-easyrsa.cnf file.
* COMMON|ca|server|serverCleint|client|codeSigning|email|kdc
           - Write x509-type <type> file.
* lecacy   - Write ALL files above to <DIR>.
             Default <DIR> is EASYRSA_PKI or EASYRSA.
             Will create <DIR>/x509-types directory.
* safe-ssl - Expand Easy-RSA SSL config for LibreSSL.
* vars     - Write vars.example file.

Replaces command 'make-safe-ssl' and 'make-vars'.

Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech
ChangeLog: Add new command 'write'
058d3eb 
Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech
Add command option 'legacy-hard' (Over-write files) to command 'write'
fbd8a45 
Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech
Update doc/EasyRSA-Advanced.md: Add 'Advanced configuration files'
468a9e0 
New section 'Advanced configuration files' gives further details on
how to use command 'write'.

Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech
build-ca: Do not export CA password to environment
009ea1f 
In default mode, build-ca exports the CA password to the environment,
via function force_set_var().

Replace use of force_set_var() with a here-doc.

Also, make verbose openssl command output debug only.

Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech
ChangeLog: Remove duplicated information
3c3423b 
Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech
ChangeLog: Rename X509-type file 'code-signing' to 'codeSigning'
1c6b31a 
Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech
write: Use verify_working_env(), require a PKI
8fc2f89 
Command 'write' requires a PKI for 'legacy' and 'safe-ssl'.

Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech
cleanup(): Only print a clean line after restoring a hidden prompt
01ede8a 
Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech TinCanTech merged commit 7120876 into master Dec 15, 2023
3 checks passed
@BrewTestBot BrewTestBot mentioned this pull request May 18, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@TinCanTech TinCanTech

Labels
Version 3.2.0-beta1 Version 3.2.0-Release
Projects
None yet
Milestone
v3.2.0
Development

Successfully merging this pull request may close these issues.
1 participant
@TinCanTech