After updating to 3.1.0 I have two issues: 1. init-pki now requires the EASYRSA environment variable to be set, otherwise it operates on /usr/local/share/easy-rsa/pki (at least I could swear that this behavior is different from the past) 2. Operations fail due to /usr/local/share/easy-rsa/vars existing Example (in /tmp): # EASYRSA=. easyrsa init-pki # easyrsa build-ca nopass Found: /tmp/pki/vars Found: /usr/local/share/easy-rsa/vars Found: /usr/local/share/easy-rsa/vars Easy-RSA error: Conflicting 'vars' files found. Priority should be given to your PKI vars file: * /tmp/pki/vars Host: nix | FreeBSD | /bin/csh This can be worked around be manually deleting /usr/local/share/easy-rsa/vars
forwarded upstream, as I've heard there have been some fixes made already and 3.1.1 is in the pipeline, but just to be sure.
after some IRC discussion on the #openvpn-devel package, as interim status message: the upstream expectation would be to have one definitive vars file (which might mean that I remove the @sample on the vars.example and let the user handle that, and possibly add pkg-message instructions), but we can expect some assessment in the Github issue <https://github.com/OpenVPN/easy-rsa/issues/589> very soon
(In reply to Matthias Andree from comment #2) s/package/IRC channel/ (on the libera.chat IRC network)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=0a0dd568d8ab0a5598b7d0ccc6d560102418f512 commit 0a0dd568d8ab0a5598b7d0ccc6d560102418f512 Author: Matthias Andree <mandree@FreeBSD.org> AuthorDate: 2022-06-02 21:26:24 +0000 Commit: Matthias Andree <mandree@FreeBSD.org> CommitDate: 2022-06-02 21:29:43 +0000 security/easy-rsa: fix confusion of vars file ...and no longer package it as @sample. It is per-PKI, and easyrsa init-pki will copy vars.example from the distribution, and create a PKI-local copy named vars. Should fix grembo@'s bug report [1] add a new pkg-message file to explain this. while here, add a convenience hardlink easy-rsa to the easyrsa wrapper, to have an executable matching the package name. PR: 264415 Reported by: grembo@ (Michael Gmelin) security/easy-rsa/Makefile | 2 ++ security/easy-rsa/pkg-message (new) | 15 +++++++++++++++ security/easy-rsa/pkg-plist | 3 ++- 3 files changed, 19 insertions(+), 1 deletion(-)
Hi Michael, please let me know if 3.1.0_1 fixes the issue for you. According to your workaround, it should. If it really does, can I ask you to close this PR? TIA.
Let's clean up Bugzilla right away. Michael, if the issue were to persist after the commit in a previous comment aka in version 3.1.0_1, please provide new findings and reopen this PR. As a remark, I found the newly-linked https://github.com/OpenVPN/easy-rsa/issues/566 (from their ticket #589 under See Also) quite elucidating.
(In reply to Matthias Andree from comment #6) Hi Matthias, Thanks for the lightning fast response, this fix corrects my problem. One more question: I seem to remember, that `easyrsa init-pki` used to initialize a PKI in the current folder. Now it always initializes the global PKI, unless "EASYRSA" is set in the environment. Is this really new behavior, or is my memory playing tricks on me? Thanks Michael
Michael, thanks forwarded via IRC; the thing is that easy-rsa is meant to operate on a local copy of "everything", and to that end, see the shiny new pkg-message -- copy from https://cgit.freebsd.org/ports/tree/security/easy-rsa/pkg-message which basically suggests: easyrsa --pki-dir=~/my_new_pki init-pki Where the --pki-dir specifies where you want the new structure. However it seems I need to rethink our FreeBSD-local wrapper which stomps all over EASYRSA if unset, and the script is not really prepared for that. I will look into that, and then let's do a _2.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=32877d0369a1bf4ac1cbd0a6c11ac3347bb5653b commit 32877d0369a1bf4ac1cbd0a6c11ac3347bb5653b Author: Matthias Andree <mandree@FreeBSD.org> AuthorDate: 2022-06-05 12:55:34 +0000 Commit: Matthias Andree <mandree@FreeBSD.org> CommitDate: 2022-06-05 12:57:25 +0000 security/easy-rsa: fix EASYRSA override and locale * remove our own wrapper, overriding the EASYRSA folder is no longer working since 3.1.0. * patch EasyRSA to unset LC_ALL and override LC_TIME, to avoid date command failures * bump PORTREVISION=2 see comment #7 ff. of PR: 264415 security/easy-rsa/Makefile | 7 ++----- security/easy-rsa/files/easyrsa.in (gone) | 4 ---- security/easy-rsa/files/patch-easyrsa (new) | 14 ++++++++++++++ security/easy-rsa/pkg-plist | 1 - 4 files changed, 16 insertions(+), 10 deletions(-)