From 094cb08092466e290a0e786b542f9873fb2b8a9b Mon Sep 17 00:00:00 2001 From: Richard T Bonhomme Date: Mon, 20 May 2024 23:56:15 +0100 Subject: [PATCH] easyrsa_mkdir(): Remove use of 'mkdir -p', use only 'mkdir' Windows 11 fails to execute 'mkdir.exe -p $foo' and fails to return an error. easyrsa_mkdir() is a simple wrapper function for 'mkdir', which specifically checks that the requested directory is created, without relying on the exit status of 'mkdir.exe'. easyrsa_mkdir() does not support the '-p' (Parent) switch. Instead, `easyrsa` is tasked with creating the parent dirs as required. The old easyrsa_mkdir_p() is removed and replaced. This is not a fix for Windows 11, it is addressing a known issue by ensuring the failure is captured correctly. Signed-off-by: Richard T Bonhomme --- easyrsa3/easyrsa | 66 ++++++++++++++++++++---------------------------- 1 file changed, 28 insertions(+), 38 deletions(-) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index 464a0378e..6d4a8b3d6 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -825,24 +825,14 @@ remove_secure_session: DELETED: $secured_session" die "remove_secure_session: $secured_session" } # => remove_secure_session() -# Replace 'mkdir -p', broken by win11 -easyrsa_mkdir_p() { - [ "$#" = 2 ] || die "easyrsa_mkdir_p: input" - if [ -d "$1" ]; then - : # ok - else - mkdir "$1" - [ -d "$1" ] || die "(1) easyrsa_mkdir_p: $1" - fi - - if [ -d "$1/$2" ]; then - return 0 # Exists ok - else - mkdir "$1/$2" - [ -d "$1/$2" ] && return 0 # Exists now - fi - die "(2) easyrsa_mkdir_p: $1/$2" -} # => easyrsa_mkdir_p() +# 'mkdir' wrapper, broken by win11, which fails without error +easyrsa_mkdir() { + [ "$1" ] || die "easyrsa_mkdir - input" + [ -d "$1" ] && return + mkdir "$1" 2>/dev/null + [ -d "$1" ] && return + die "easyrsa_mkdir - FAIL: $1" +} # => easyrsa_mkdir() # Create temp-file atomically or fail # WARNING: Running easyrsa_openssl in a subshell @@ -955,8 +945,8 @@ Temporary session not preserved." else # create temp-snapshot keep_tmp="$EASYRSA_TEMP_DIR/tmp/$EASYRSA_KEEP_TEMP" - easyrsa_mkdir_p \ - "$EASYRSA_TEMP_DIR/tmp" "$EASYRSA_KEEP_TEMP" + easyrsa_mkdir "$EASYRSA_TEMP_DIR"/tmp + easyrsa_mkdir "$keep_tmp" rm -rf "$keep_tmp" mv -f "$secured_session" "$keep_tmp" information "Temp session preserved: $keep_tmp" @@ -1429,10 +1419,10 @@ and initialize a fresh PKI here." fi # new dirs: + easyrsa_mkdir "$EASYRSA_PKI" + for i in issued private reqs inline; do - easyrsa_mkdir_p "$EASYRSA_PKI" "$i" || \ - die "\ -Failed to create PKI file structure (permissions?)" + easyrsa_mkdir "${EASYRSA_PKI}/$i" done # pki/vars.example @@ -1617,11 +1607,12 @@ current CA. To start a new CA, run init-pki first." err_msg="\ Unable to create necessary PKI files (permissions?)" - for i in revoked certs_by_serial \ - revoked/certs_by_serial revoked/private_by_serial \ - revoked/reqs_by_serial + for i in certs_by_serial \ + revoked \ + revoked/certs_by_serial \ + revoked/private_by_serial do - easyrsa_mkdir_p "$EASYRSA_PKI" "$i" || die "$err_msg" + easyrsa_mkdir "${EASYRSA_PKI}/$i" done # create necessary files: @@ -2727,9 +2718,7 @@ Conflicting file found at: unset -v err_exists # Make inline directory - [ -d "$EASYRSA_PKI/inline" ] || \ - easyrsa_mkdir_p "$EASYRSA_PKI" inline || \ - die "Failed to create inline directoy." + easyrsa_mkdir "$EASYRSA_PKI"/inline # Confirm over write inline file inline_out="$EASYRSA_PKI/inline/$name.inline" @@ -3043,15 +3032,17 @@ certificate from being accepted." # moves revoked certificates to the 'revoked' folder # allows reissuing certificates with the same name revoke_move() { - for target in certs_by_serial private_by_serial reqs_by_serial + parent_dir="$EASYRSA_PKI"/revoked + easyrsa_mkdir "$parent_dir" + for i in certs_by_serial private_by_serial do - easyrsa_mkdir_p "$out_dir" "$target" || - die "Failed to mkdir: $target" + easyrsa_mkdir "${parent_dir}/$i" done + parent_dir= # do NOT move the req - can be signed again - # move crt to renewed_then_revoked folders + # move crt to revoked folder mv "$crt_in" "$crt_out" || die "Failed to move: $crt_in" # only move the key if we have it @@ -3133,7 +3124,7 @@ Run easyrsa without commands for usage and command help." crt_out="$out_dir/$file_name_base.crt" # make output folder - easyrsa_mkdir_p "$EASYRSA_PKI" expired + easyrsa_mkdir "$EASYRSA_PKI"/expired # Do not over write existing cert if [ -e "$crt_out" ]; then @@ -4561,8 +4552,7 @@ Legacy files: openssl-easyrsa.cnf and x509-types/ directory." if write ssl-cnf "$legacy_out_d" then x509_d="$legacy_out_d"/x509-types - easyrsa_mkdir_p "$legacy_out_d" x509-types || \ - die "legacy_files - x509_d" + easyrsa_mkdir "$x509_d" write COMMON "$x509_d" write ca "$x509_d" @@ -4576,8 +4566,8 @@ Legacy files: openssl-easyrsa.cnf and x509-types/ directory." user_error "legacy_files - write ssl-cnf" fi - unset -v legacy_out_d x509_dir verbose "legacy_files: OK $x509_d" + unset -v legacy_out_d x509_d } # => legacy_files() # write legacy files to stdout or to $folder