Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Forbid "default vars in the default PKI" for all commands #1021

Merged
merged 8 commits into from
Sep 15, 2023

Conversation

TinCanTech
Copy link
Collaborator

The default 'vars' file MUST be "$PWD/vars", no other file can be default. In order to enforce that, a default 'pki/vars' file MUST be forbidden.

This patch:

  • Disables the recommandation for 'vars' to be moved TO the PKI, './pki/vars.
  • Forbids the file called './pki/vars'.
  • Forbids multiple 'vars' files
  • Recommends ONLY the working directory copy of a 'vars' file.

The default 'vars' file MUST be "$PWD/vars", no other file can be default.
In order to enforce that, a default 'pki/vars' file MUST be forbidden.

This patch:
* Disables the recommandation for 'vars' to be moved TO the PKI, './pki/vars.
* Forbids the file called './pki/vars'.
* Forbids multiple 'vars' files
* Recommends ONLY the working directory copy of a 'vars' file.

Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech
Copy link
Collaborator Author

TinCanTech commented Sep 14, 2023

Alternate-of: #1014

For 'init-pki, disable creating vars.example, which also disables
creating a vars file in the PKI.

Signed-off-by: Richard T Bonhomme <[email protected]>
The option 'soft' for 'init-pki' has been found to be flawed, because
keeping the 'vars' file in the PKI is now forbidden. The 'soft' option
will be removed in due course.

Signed-off-by: Richard T Bonhomme <[email protected]>
If '--vars=vars' is used, without specifying a path to 'vars', then
sourcing 'vars' fails to find './vars'. POSIX '.' searches the PATH
when the file-name does not contain a slash '/'. [man dot(1p)]

Since EasyRSA expects the 'vars' file to be within the current working
directory, setting 'PATH=./' forces '.' to search ONLY './'.

Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech TinCanTech force-pushed the only-support-default-cwd-vars branch from f312a1e to 5a24fa7 Compare September 14, 2023 22:17
@TinCanTech TinCanTech merged commit 301534d into OpenVPN:master Sep 15, 2023
3 checks passed
@TinCanTech TinCanTech linked an issue Sep 15, 2023 that may be closed by this pull request
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

The default vars file problem
1 participant