Package: easy-rsa
Version: 3.0.8-1
Severity: normal
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
Upgrading to Debian 11
* What exactly did you do (or not do) that was effective (or
ineffective)?
Creating new client cert
* What was the outcome of this action?
New cert whitout option from vars file
* What outcome did you expect instead?
New cert created with option from vars file.
Before upgrade i've created cadir usign "make-cadir" which create some
files and directory including a file named vars. Which i modified to my
needs.
After upgrade, options in this file were not used anymore (and the
message "Note: using Easy-RSA configuration from: " were not displayed
anymore).
I've made some test, using make-cadir on Debian 11, a file named vars
is still created but not used.
I've made some research on vars Autodetection using
/usr/share/doc/easy-rsa/doc/. Informations from EasyRSA-Advanced.md look
identical from Debian 10 and Debian 11 about vars Autodetection :
#### vars Autodetection
A 'vars' file is a file named simply `vars` (without an extension) that
Easy-RSA will source for configuration. This file is specifically designed
*not* to replace variables that have been set with a higher-priority method
such as CLI opts or env-vars.
The following locations are checked, in this order, for a vars file. Only the
first one found is used:
1. The file referenced by the `--vars` CLI option
2. The file referenced by the env-var named `EASYRSA_VARS_FILE`
3. The directory referenced by the `EASYRSA_PKI` env-var
4. The default PKI directory at `$PWD/pki`
4. The directory referenced by the `EASYRSA` env-var
5. The directory containing the easyrsa program
Defining the env-var `EASYRSA_NO_VARS` will override the sourcing of the vars
file in all cases, including defining it subsequently as a global option.
I'm unsure 5. is still effective (or identical to previous version).
Maybe i've missed warning about this change in
https://metadata.ftp-master.debian.org/changelogs//main/e/easy-rsa/easy-rsa_3.0.8-1_changelog
and i apologize for this.
Regards,
m.e.
*** End of the template - remove these template lines ***
-- System Information:
Debian Release: 11.0
APT prefers stable-security
APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-8-cloud-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages easy-rsa depends on:
ii openssl 1.1.1k-1+deb11u1
Versions of packages easy-rsa recommends:
ii opensc 0.21.0-1
easy-rsa suggests no packages.
-- no debconf information
