Hi,
On Mon, 27 Sep 2021 08:50:53 +0000 Mathieu Espagnacq
<mathieu.espagn...@replay-software.com> wrote:
Package: easy-rsa
Version: 3.0.8-1
Severity: normal
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
Upgrading to Debian 11
* What exactly did you do (or not do) that was effective (or
ineffective)?
Creating new client cert
* What was the outcome of this action?
New cert whitout option from vars file
* What outcome did you expect instead?
New cert created with option from vars file.
Before upgrade i've created cadir usign "make-cadir" which create some
files and directory including a file named vars. Which i modified to my
needs.
After upgrade, options in this file were not used anymore (and the
message "Note: using Easy-RSA configuration from: " were not displayed
anymore).
I've made some test, using make-cadir on Debian 11, a file named vars
is still created but not used.
I've made some research on vars Autodetection using
/usr/share/doc/easy-rsa/doc/. Informations from EasyRSA-Advanced.md look
identical from Debian 10 and Debian 11 about vars Autodetection :
#### vars Autodetection
A 'vars' file is a file named simply `vars` (without an extension) that
Easy-RSA will source for configuration. This file is specifically designed
*not* to replace variables that have been set with a higher-priority method
such as CLI opts or env-vars.
The following locations are checked, in this order, for a vars file. Only the
first one found is used:
1. The file referenced by the `--vars` CLI option
2. The file referenced by the env-var named `EASYRSA_VARS_FILE`
3. The directory referenced by the `EASYRSA_PKI` env-var
4. The default PKI directory at `$PWD/pki`
4. The directory referenced by the `EASYRSA` env-var
5. The directory containing the easyrsa program
Defining the env-var `EASYRSA_NO_VARS` will override the sourcing of the vars
file in all cases, including defining it subsequently as a global option.
I ran into the same issue and found the culprit: a commit [1] which
intended to fix the problem with easyrsa in $PATH, due to pattern
matching in the shell variable that tries to detect the $EASYRSA value.
Please find attached my patch to fix this regression:
--- a/easyrsa 2021-11-05 10:21:02.783260266 +0100
+++ b/easyrsa 2021-11-05 10:22:12.591259497 +0100
@@ -1664,9 +1664,8 @@
vars=
# set up program path
- prog_file="$0"
+ prog_file="$(dirname $0)/$(basename $0)"
prog_file2="$(which -- "$prog_file" 2>/dev/null)" &&
prog_file="$prog_file2"
- prog_file2="$(readlink -f "$prog_file" 2>/dev/null)" &&
prog_file="$prog_file2"
prog_dir="${prog_file%/*}"
prog_vars="${prog_dir}/vars"
# set up PKI path
Otherwise, "$prog_file" ends up being empty and subsequently, the vars
file is not being sourced.
Cheers
Christoph
[1]
https://github.com/OpenVPN/easy-rsa/commit/52befc623fbf6fc9c1fbd29bfe32af2503e65b24
--- a/easyrsa 2021-11-05 10:21:02.783260266 +0100
+++ b/easyrsa 2021-11-05 10:22:12.591259497 +0100
@@ -1664,9 +1664,8 @@
vars=
# set up program path
- prog_file="$0"
+ prog_file="$(dirname $0)/$(basename $0)"
prog_file2="$(which -- "$prog_file" 2>/dev/null)" && prog_file="$prog_file2"
- prog_file2="$(readlink -f "$prog_file" 2>/dev/null)" && prog_file="$prog_file2"
prog_dir="${prog_file%/*}"
prog_vars="${prog_dir}/vars"
# set up PKI path
