Skip to content

Commit

Permalink
easyrsa_mkdir(): Remove use of 'mkdir -p', use only 'mkdir'
Browse files Browse the repository at this point in the history
Windows 11 fails to execute 'mkdir.exe -p $foo' and fails
to return an error.

easyrsa_mkdir() is a simple wrapper function for 'mkdir',
which specifically checks that the requested directory is
created, without relying on the exit status of 'mkdir.exe'.

easyrsa_mkdir() does not support the '-p' (Parent) switch.
Instead, `easyrsa` is tasked with creating the parent dirs
as required.

The old easyrsa_mkdir_p() is removed and replaced.

This is not a fix for Windows 11, it is addressing a known
issue by ensuring the failure is captured correctly.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
  • Loading branch information
TinCanTech committed May 20, 2024
1 parent 15bb7e2 commit bbe8688
Showing 1 changed file with 28 additions and 38 deletions.
66 changes: 28 additions & 38 deletions easyrsa3/easyrsa
Original file line number Diff line number Diff line change
Expand Up @@ -825,24 +825,14 @@ remove_secure_session: DELETED: $secured_session"
die "remove_secure_session: $secured_session"
} # => remove_secure_session()

# Replace 'mkdir -p', broken by win11
easyrsa_mkdir_p() {
[ "$#" = 2 ] || die "easyrsa_mkdir_p: input"
if [ -d "$1" ]; then
: # ok
else
mkdir "$1"
[ -d "$1" ] || die "(1) easyrsa_mkdir_p: $1"
fi

if [ -d "$1/$2" ]; then
return 0 # Exists ok
else
mkdir "$1/$2"
[ -d "$1/$2" ] && return 0 # Exists now
fi
die "(2) easyrsa_mkdir_p: $1/$2"
} # => easyrsa_mkdir_p()
# 'mkdir' wrapper, broken by win11, which fails without error
easyrsa_mkdir() {
[ -z "$1" ] && die "easyrsa_mkdir - input"
[ -d "$1" ] && return
mkdir "$1" 2>/dev/null
[ -d "$1" ] && return
die "easyrsa_mkdir - FAIL: $1"
} # => easyrsa_mkdir()

# Create temp-file atomically or fail
# WARNING: Running easyrsa_openssl in a subshell
Expand Down Expand Up @@ -955,8 +945,8 @@ Temporary session not preserved."
else
# create temp-snapshot
keep_tmp="$EASYRSA_TEMP_DIR/tmp/$EASYRSA_KEEP_TEMP"
easyrsa_mkdir_p \
"$EASYRSA_TEMP_DIR/tmp" "$EASYRSA_KEEP_TEMP"
easyrsa_mkdir "$EASYRSA_TEMP_DIR"/tmp
easyrsa_mkdir "$keep_tmp"
rm -rf "$keep_tmp"
mv -f "$secured_session" "$keep_tmp"
information "Temp session preserved: $keep_tmp"
Expand Down Expand Up @@ -1429,10 +1419,10 @@ and initialize a fresh PKI here."
fi

# new dirs:
easyrsa_mkdir "$EASYRSA_PKI"

for i in issued private reqs inline; do
easyrsa_mkdir_p "$EASYRSA_PKI" "$i" || \
die "\
Failed to create PKI file structure (permissions?)"
easyrsa_mkdir "${EASYRSA_PKI}/$i"
done

# pki/vars.example
Expand Down Expand Up @@ -1617,11 +1607,12 @@ current CA. To start a new CA, run init-pki first."
err_msg="\
Unable to create necessary PKI files (permissions?)"

for i in revoked certs_by_serial \
revoked/certs_by_serial revoked/private_by_serial \
revoked/reqs_by_serial
for i in certs_by_serial \
revoked \
revoked/certs_by_serial \
revoked/private_by_serial
do
easyrsa_mkdir_p "$EASYRSA_PKI" "$i" || die "$err_msg"
easyrsa_mkdir "${EASYRSA_PKI}/$i"
done

# create necessary files:
Expand Down Expand Up @@ -2727,9 +2718,7 @@ Conflicting file found at:
unset -v err_exists

# Make inline directory
[ -d "$EASYRSA_PKI/inline" ] || \
easyrsa_mkdir_p "$EASYRSA_PKI" inline || \
die "Failed to create inline directoy."
easyrsa_mkdir "$EASYRSA_PKI"/inline

# Confirm over write inline file
inline_out="$EASYRSA_PKI/inline/$name.inline"
Expand Down Expand Up @@ -3043,15 +3032,17 @@ certificate from being accepted."
# moves revoked certificates to the 'revoked' folder
# allows reissuing certificates with the same name
revoke_move() {
for target in certs_by_serial private_by_serial reqs_by_serial
parent_dir="$EASYRSA_PKI"/revoked
easyrsa_mkdir "$parent_dir"
for i in certs_by_serial private_by_serial
do
easyrsa_mkdir_p "$out_dir" "$target" ||
die "Failed to mkdir: $target"
easyrsa_mkdir "${parent_dir}/$i"
done
parent_dir=

# do NOT move the req - can be signed again

# move crt to renewed_then_revoked folders
# move crt to revoked folder
mv "$crt_in" "$crt_out" || die "Failed to move: $crt_in"

# only move the key if we have it
Expand Down Expand Up @@ -3133,7 +3124,7 @@ Run easyrsa without commands for usage and command help."
crt_out="$out_dir/$file_name_base.crt"

# make output folder
easyrsa_mkdir_p "$EASYRSA_PKI" expired
easyrsa_mkdir "$EASYRSA_PKI"/expired

# Do not over write existing cert
if [ -e "$crt_out" ]; then
Expand Down Expand Up @@ -4561,8 +4552,7 @@ Legacy files: openssl-easyrsa.cnf and x509-types/ directory."
if write ssl-cnf "$legacy_out_d"
then
x509_d="$legacy_out_d"/x509-types
easyrsa_mkdir_p "$legacy_out_d" x509-types || \
die "legacy_files - x509_d"
easyrsa_mkdir "$x509_d"

write COMMON "$x509_d"
write ca "$x509_d"
Expand All @@ -4576,8 +4566,8 @@ Legacy files: openssl-easyrsa.cnf and x509-types/ directory."
user_error "legacy_files - write ssl-cnf"
fi

unset -v legacy_out_d x509_dir
verbose "legacy_files: OK $x509_d"
unset -v legacy_out_d x509_d
} # => legacy_files()

# write legacy files to stdout or to $folder
Expand Down

0 comments on commit bbe8688

Please sign in to comment.