Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dev/easyrsa-tools.lib missing in release build #1144

Open
freddebacker opened this issue May 20, 2024 · 3 comments
Open

dev/easyrsa-tools.lib missing in release build #1144

freddebacker opened this issue May 20, 2024 · 3 comments
Assignees
@TinCanTech
Labels
easyrsa-tools.lib question answered Version 3.2.0-Release Version 3.2.1-Release

Comments

@freddebacker
Copy link

Hi,

dev/easyrsa-tools.lib seems to be missing in the release file.
I downloaded EasyRSA-3.2.0.tgz and command ./easyrsa show-expire does not work complaining missing file.

I worked around by downloading it directly from github.

Fred
@TinCanTech
Copy link
Collaborator

TinCanTech commented May 20, 2024
edited
Loading

worked around by downloading it directly from github

For the time being, downloading is the correct solution.

Includes: Easy-RSA version 3.2.0 and 3.2.1

The rational is:
easyrsa v3.1.7 carries around a lot of old code, including the status reports you mentioned, certificate renewal and the upgrade procedure:

  • Status reports are still a work in progress; while they work, they are cumbersome. Development can continue without disturbing easyrsa code.
  • Command renew has been replaced by better code. The renew command did not work properly; it would drop some certificate attributes during renewal and the work required to make renew work correctly is an unnecessary maintenance burden. Now, if a certificate is expiring/expired, it can be replaced with a new certificate with all the same attributes as the original, via sign-req command.
  • Upgrading the CA/PKI is now considered to be obsoleted. The code was removed.

easyrsa v3.2.0 is the start of a new version, that will not be overly burdened by old code.

This does not effect the core functionality of Easy-RSA; Building a secure Public Key Infrastructure.

@TinCanTech TinCanTech self-assigned this May 20, 2024
@marek22k
Copy link

Arch Linux issue: https://gitlab.archlinux.org/archlinux/packaging/packages/easy-rsa/-/issues/1

Is there a workaround (-> what is a standard system location)?

@TinCanTech
Copy link
Collaborator

For Easy-RSA Standard system location:

  • The Easy-RSA pki directory, specified by $EASYRSA_PKI env-var.
  • The directory specified by $EASYRSA env-var.
  • The current working directory, specified by $PWD env-var.
  • The directory specified by the easyrsa script location $0 env-var.
  • The directory /usr/local/share/easy-rsa.
  • The directory /usr/share/easy-rsa.
  • The directory /etc/easy-rsa.
  • Any preferred directory, specified by --tools=<PATH/FILE-NAME>.

freebsd-git pushed a commit to freebsd/freebsd-ports that referenced this issue Oct 2, 2024
@mandree
security/easy-rsa: download & install easyrsa-tools.lib
1fc19df 
to support, for instance, easyrsa show-expire

Reported by:	avg@ (Andriy Gapon, by e-mail)

For upstream bug report,
see also:	OpenVPN/easy-rsa#1144
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TinCanTech TinCanTech

Labels
easyrsa-tools.lib question answered Version 3.2.0-Release Version 3.2.1-Release
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@TinCanTech @freddebacker @marek22k