Merge branch 'TinCanTech-v325-326-minor-touches'

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>

Author: TinCanTech

ChangeLog

@@ -2,6 +2,7 @@ Easy-RSA 3 ChangeLog
 
 3.2.6 (TBD)
 
+   * set_no_clobber(): Try shell long option 'set -o noclobber' first (87e31ce) (#1421)
    * CI: Enable shell switch errexit, set by env-var $EASYRSA_SET_ERREXIT (772d6f6) (#1417)
 
 3.2.5 (2025-12-13)

easyrsa3/easyrsa

@@ -21,16 +21,16 @@ NOTE: Global options MUST be provided before the command.
 Global options:
 
 --version       : Prints EasyRSA version and build information
---verbose|-v    : Enable verbose output
 --batch|-b      : Set automatic (no-prompts when possible) mode
 --silent|-s     : Disable all warnings, notices and information
 --silent-ssl|-S : Silence SSL output (Requires batch mode)
+--verbose|-v    : Enable verbose output
 
---nopass|no-pass: Do not use passwords
+--nopass        : Do not use passwords
                   Can NOT be used with --passin or --passout
 --passin=ARG    : Set -passin ARG for openssl (eg: pass:xEasyRSAy)
 --passout=ARG   : Set -passout ARG for openssl (eg: pass:xEasyRSAy)
---rawca|raw-ca  : Build CA with password via RAW SSL input
+--rawca         : Build CA with password via RAW SSL input
 
 --pki=DIR       : Declare the PKI directory
                   (Default PKI directory is sub-directory 'pki')
@@ -39,14 +39,14 @@ Global options:
                   (Default vars file is in the current working PKI)
 
 --umask=ARG     : Define a UMASK (Default 077)
---no-umask      : Do not use a UMASK, fall back to file system default.
+--noumask       : Do not use a UMASK, fall back to file system default.
 --ssl-cnf=FILE  : Define a specific OpenSSL config file for Easy-RSA to use
                   (Default config file is in the EasyRSA PKI directory)
 --force-safe-ssl: Always generate a safe SSL config file
                   (Default: Generate Safe SSL config once per instance)
 --force-vars    : Ignore known errors in 'vars' file
---no-lockfile   : Disable lock-file (Useful for read-only PKI)
---no-inline     : Disable inline file creation
+--nolockfile    : Disable lock-file (Useful for read-only PKI)
+--noinline      : Disable inline file creation
 --tmp-dir=DIR   : Declare the temporary directory
                   (Default temporary directory is the EasyRSA PKI directory)
 --keep-tmp=NAME : Keep the original temporary session by name: NAME
@@ -56,15 +56,15 @@ Global options:
 Certificate & Request options: (these impact cert/req field values)
 
 --text          : Create certificate requests with human readable text
---notext|no-text: Create certificates without human readable text
+--notext        : Create certificates without human readable text
 --days=#        : Sets the signing validity to the specified number of days
                   Applies to other commands. For details, see: 'help days'
 --startdate=DATE: Sets the SSL option '-startdate' (Format '[YY]YYMMDDhhmmssZ')
 --enddate=DATE  : Sets the SSL option '-enddate' (Format '[YY]YYMMDDhhmmssZ')
 
 --digest=ALG    : Digest to use in the requests & certificates
 --keysize=#     : Size in bits of keypair to generate (RSA Only)
---use-algo=ALG  : Crypto alg to use: choose rsa (default), ec or ed
+--algo=ALG      : Crypto algorithm to use: choose rsa (default), ec or ed
 --curve=NAME    : For elliptic curve, sets the named curve
                   (Default: algo ec: secp384r1, algo ed: ed25519)
                   (--use-algo and --curve can be used to configure 'init-pki')
@@ -838,22 +838,17 @@ easyrsa_random() {
 	die "easyrsa_random failed"
 } # => easyrsa_random()
 
-# Set clobber on|off
+# Set noclobber on|off
 set_no_clobber() {
+	verbose "set_no_clobber; $1"
 	case "$1" in
 		on)
-			if [ "$easyrsa_host_os" = win ]; then
-				set -o noclobber && return
-			else
-				set -C && return
-			fi
+			set -o noclobber && return
+			set -C && return
 		;;
 		off)
-			if [ "$easyrsa_host_os" = win ]; then
-				set +o noclobber && return
-			else
-				set +C && return
-			fi
+			set +o noclobber && return
+			set +C && return
 		;;
 		*)
 			: # drop to error
@@ -937,14 +932,14 @@ easyrsa_mktemp() {
 	[ -d "$secured_session" ] || die "\
 easyrsa_mktemp - Temporary session undefined (--tmp-dir)"
 
+	# Force noclobber
+	set_no_clobber on
+
 	# Create shotfile
 	for high in 0 1; do
 		for low in 0 1 2 3 4 5 6 7 8 9; do
 			shotfile="${secured_session}/temp.${high}${low}"
 
-			# Force noclobber
-			set_no_clobber on
-
 			# atomic:
 			printf "" 2>/dev/null 1>"$shotfile" || continue
 
@@ -6782,6 +6777,7 @@ detect_host
 # Allow selective use of 'set -e'
 if [ "$EASYRSA_SET_ERREXIT" ]; then
 	set -e || die "Cannot set -e"
+	print "  # ENABLED: shell option errexit"
 fi
 
 # Protect variables from alteration by sourcing vars file
@@ -6824,11 +6820,11 @@ while :; do
 		--pki-dir|--pki)
 			export EASYRSA_PKI="$val"
 			;;
-		--no-lockfile)
+		--nolockfile|--no-lockfile)
 			empty_ok=1
 			export EASYRSA_NO_LOCKFILE=1
 			;;
-		--no-inline)
+		--noinline|--no-inline)
 			empty_ok=1
 			export EASYRSA_NO_INLINE=1
 			;;
@@ -6838,7 +6834,7 @@ while :; do
 		--umask)
 			export EASYRSA_UMASK="$val"
 			;;
-		--no-umask)
+		--noumask|--no-umask)
 			empty_ok=1
 			export EASYRSA_NO_UMASK=1
 			;;
@@ -6848,7 +6844,7 @@ while :; do
 		--keep-tmp)
 			export EASYRSA_KEEP_TEMP="$val"
 			;;
-		--use-algo)
+		--algo|--use-algo)
 			export EASYRSA_ALGO="$val"
 			;;
 		--keysize)
@@ -6916,7 +6912,7 @@ while :; do
 			empty_ok=1
 			export EASYRSA_SILENT=1
 			;;
-		--sbatch|--silent-batch)
+		--sb|--sbatch|--silent-batch)
 			empty_ok=1
 			export EASYRSA_SILENT=1
 			export EASYRSA_BATCH=1