Forbid "default vars in the default PKI" for all commands #1021
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The default 'vars' file MUST be "$PWD/vars", no other file can be default. In order to enforce that, a default 'pki/vars' file MUST be forbidden. This patch: * Disables the recommandation for 'vars' to be moved TO the PKI, './pki/vars. * Forbids the file called './pki/vars'. * Forbids multiple 'vars' files * Recommends ONLY the working directory copy of a 'vars' file. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
TinCanTech
added
development
|
Alternate-of: #1014 |
For 'init-pki, disable creating vars.example, which also disables creating a vars file in the PKI. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
The option 'soft' for 'init-pki' has been found to be flawed, because keeping the 'vars' file in the PKI is now forbidden. The 'soft' option will be removed in due course. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
If '--vars=vars' is used, without specifying a path to 'vars', then sourcing 'vars' fails to find './vars'. POSIX '.' searches the PATH when the file-name does not contain a slash '/'. [man dot(1p)] Since EasyRSA expects the 'vars' file to be within the current working directory, setting 'PATH=./' forces '.' to search ONLY './'. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
TinCanTech
force-pushed
the
only-support-default-cwd-vars
branch
from
f312a1e
to
5a24fa7
Compare
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The default 'vars' file MUST be "$PWD/vars", no other file can be default. In order to enforce that, a default 'pki/vars' file MUST be forbidden.
This patch: