-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vars hierarchy v2 #1029
Merged
Merged
Vars hierarchy v2 #1029
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Correct auto-load order: The previous order was to search the default PKI before EASYRSA. Change: EASYRSA is moved to a higher priority than a default PKI. Remove 'program location' as a valid target for auto-loading vars. Keeping writable data files in the same folder as executable code is not necessary. If it is required then use of other options is preferred. eg: --vars=<FILE> or $EASYRSA Add additional information regarding use of default PKI. Add section to advise the preferred use of --pki over --vars. Signed-off-by: Richard T Bonhomme <[email protected]>
vars_setup was trying to do more work than only setting up vars. These tasks have been broken down as follows: select_vars: * Choose only ONE vars file to source by priority specified in Advanced.md * Apply restrictions to default vars changing EASYRSA or EASYRSA_PKI. source_vars: * Verify and source a vars file. default_vars: * Set all default values as expected. Note: Also disable use of vars_setup. Signed-off-by: Richard T Bonhomme <[email protected]>
Check that sourcing default pki/vars has NOT changed EASYRSA or EASYRSA_PKI. This will be resolved in v3.2.0 - See #comment for details. Refactor select_vars(): To: single if/elif/else/fi. From: separate if/fi statements. Always set EASYRSA_VARS_FILE to the used vars-file. (Required for 'help' status) Signed-off-by: Richard T Bonhomme <[email protected]>
Signed-off-by: Richard T Bonhomme <[email protected]>
Signed-off-by: Richard T Bonhomme <[email protected]>
All candidate vars-files are searched for and EASYRSA_VARS_FILE is set to the first valid vars-file found. According to Advanced.md Signed-off-by: Richard T Bonhomme <[email protected]>
Replaced by: select_vars(), source_vars() and default_vars(). Signed-off-by: Richard T Bonhomme <[email protected]>
Signed-off-by: Richard T Bonhomme <[email protected]>
Also, remove unused variable $expected_pki. Signed-off-by: Richard T Bonhomme <[email protected]>
Additional: Caveat: The default '$PWD/pki/vars' file is forbidden to change either EASYRSA or EASYRSA_PKI, which are both implied by default. NOTICE: vars-auto-detect no longer searches easyrsa program directory. Signed-off-by: Richard T Bonhomme <[email protected]>
Bug: Default Fix: 29bd64c below |
Vars 'expected_EASYRSA' and 'expected_EASYRSA_PKI' must only be set when "$PWD/pki/vars" is used. This is the only file which can set the PKI to an "unexpected" location. Signed-off-by: Richard T Bonhomme <[email protected]>
TinCanTech
force-pushed
the
vars-hierarchy-v2
branch
from
September 29, 2023 02:09
d2d26be
to
29bd64c
Compare
Signed-off-by: Richard T Bonhomme <[email protected]>
If either EASYRSA or EASYRSA_PKI is already defined when searching for default "$PWD/pki/var" then ignore this default vars file. If EASYRSA_PKI is defined then do not load a vars file from a different PKI. If EASYRSA is defined then do not load a vars file from any PKI. Signed-off-by: Richard T Bonhomme <[email protected]>
This looks ready. FTR: |
Signed-off-by: Richard T Bonhomme <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Replace over used
vars_setup()
with three separate functions:select_vars
: Choose the correctvars
file. And restrict defaultpki/vars
from changingEASYRSA
andEASYRSA_PKI
, which are implied by the location of the defaultpki/vars
file.source_vars
: Verify and source a givenvars
file.default_vars
: Set the expected defaults.Additional:
verify_default_vars
: Check that defaultpki/vars
does not changeEASYRSA
and/orEASYRSA_PKI
(Could be moved tomutual_exclusions()
)