Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

The default vars file problem #1015

Closed
TinCanTech opened this issue Sep 1, 2023 · 4 comments · Fixed by #1021 or #1025
Closed

The default vars file problem #1015

TinCanTech opened this issue Sep 1, 2023 · 4 comments · Fixed by #1021 or #1025
Assignees
Milestone

Comments

@TinCanTech
Copy link
Collaborator

TinCanTech commented Sep 1, 2023

The problem with vars is that it allows setting EASYRSA.

This is a simple problem of authority, who is in charge ?

The solution is simple:

  • EASYRSA default IS $PWD
  • vars default MUST, therefore, be $PWD/vars

All other vars can be ignored, unless user specified.

The problem of authority is resolved by putting $PWD in charge of defaults.


As an easy to understand example of the problem, consider that:

# Set EASYRSA_VARS_FILE to your preferred vars file
set_var EASYRSA_VARS_FILE "$The_Moon"

is set inside the vars file.

@TinCanTech
Copy link
Collaborator Author

TinCanTech commented Sep 1, 2023

For version 3.1.x, easyrsa can still search for duplicates and issue a warning, instead of the current error.

The vars file in use is already shown to the user.

@TinCanTech
Copy link
Collaborator Author

TinCanTech commented Sep 4, 2023

Reminder: Remove init-pki soft.

@TinCanTech
Copy link
Collaborator Author

TinCanTech commented Sep 18, 2023

User confirmation confirm() seems less heavy handed than forbidden.

@TinCanTech TinCanTech linked a pull request Sep 19, 2023 that will close this issue
@TinCanTech
Copy link
Collaborator Author

Follow-up: #1027

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant