@@ -810,6 +810,38 @@ easyrsa_random() {
810810 die "easyrsa_random failed"
811811} # => easyrsa_random()
812812
813+ # Create lock-file
814+ create_lock_file() {
815+ # Force noclobber
816+ if [ "$easyrsa_host_os" = win ]; then
817+ set -o noclobber
818+ else
819+ set -C
820+ fi
821+
822+ # Create lock-file from PID
823+ [ "$1" ] || die "create_lock_file - input"
824+ print "$$" 2>/dev/null 1>"$1" || return 1
825+
826+ # unset noclobber
827+ if [ "$easyrsa_host_os" = win ]; then
828+ set +o noclobber
829+ else
830+ set +C
831+ fi
832+ } # => create_lock_file()
833+
834+ # Remove lock-file, if lock_data matches PID
835+ remove_lock_file() {
836+ if [ "$2" = "$$" ]; then
837+ rm "$1" 2>/dev/null || return 1
838+ elif [ "$2" = FORCE ]; then
839+ rm "$1" 2>/dev/null || return 1
840+ else
841+ return 1
842+ fi
843+ } # => remove_lock_file()
844+
813845# Create session directory atomically or fail
814846secure_session() {
815847 # Session must not be defined
@@ -1039,14 +1071,46 @@ Temporary session not preserved."
10391071 # Clear traps
10401072 trap - 0 1 2 3 6 15
10411073
1074+ # Remove lock-file
1075+ if [ -f "$lock_file" ] || [ "$create_lock_file_error" ]
1076+ then
1077+ # Too test this, create a lock-file
1078+ # and uncomment the following line
1079+ #read -r -p "Continue.." keypress
1080+
1081+ lock_data="$(cat "$lock_file" 2>/dev/null)" || \
1082+ lock_data=error
1083+
1084+ if remove_lock_file "$lock_file" "$lock_data"; then
1085+ verbose "cleanup: lock-file REMOVED OK"
1086+ else
1087+ if [ "$lock_data" = error ]; then
1088+ error_description=READ
1089+ else
1090+ error_description=REMOVE
1091+ fi
1092+
1093+ # Print error message and set error code
1094+ print "\
1095+ cleanup: Failed to ${error_description} lock-file!
1096+
1097+ Please check that easyrsa is not being used by another process
1098+ and then try running the easyrsa command again."
1099+ # Reserve exit-code 17 for lock-file error
1100+ easyrsa_exit_with_error=17
1101+ fi
1102+ else
1103+ verbose "cleanup: lock-file does not exist."
1104+ fi
1105+
10421106 # Exit: Known errors
10431107 # -> confirm(): aborted
10441108 # -> verify_cert(): verify failed --batch mode
10451109 # -> check_serial_unique(): not unique --batch mode
10461110 # -> user_error(): User errors but not die()
10471111 if [ "$easyrsa_exit_with_error" ]; then
1048- verbose "Exit: Known errors = true"
1049- exit 1
1112+ verbose "Exit: Known errors = true ($easyrsa_exit_with_error) "
1113+ exit "$easyrsa_exit_with_error"
10501114 elif [ "$1" = 2 ]; then
10511115 verbose "exit SIGINT = true"
10521116 kill -2 "$$" # Exit: SIGINT
@@ -5830,6 +5894,53 @@ ${unexpected_error}"
58305894# Verify working environment
58315895verify_working_env() {
58325896 verbose "verify_working_env: BEGIN"
5897+
5898+ # Create lock-file
5899+ create_lock_file_error=
5900+ if [ -d "${EASYRSA_PKI}" ]; then
5901+
5902+ lock_file="${EASYRSA_PKI}"/lock.file
5903+ if create_lock_file "$lock_file"; then
5904+ verbose "verify_working_env: lock-file CREATED OK"
5905+ else
5906+ easyrsa_exit_with_error=17
5907+ if [ -f "$lock_file" ]; then
5908+ # Do not remove existing lock-file in batch mode
5909+ if [ "$EASYRSA_BATCH" ]; then
5910+ create_lock_file_error=1
5911+ cleanup
5912+ fi
5913+
5914+ # Allow user to remove lock-file
5915+ confirm "Remove existing lock-file ? " yes "
5916+ ERROR: lock-file exists!
5917+
5918+ If you are certain that easyrsa is not being used by another
5919+ process then you can safely delete the existing lock-file
5920+ and try running the easyrsa command again."
5921+
5922+ confirm "
5923+ *** SECOND WARNING ***
5924+
5925+ Remove existing lock-file ? " yes "
5926+ ========================================${NL}"
5927+
5928+ # remove_lock_file by FORCE
5929+ remove_lock_file "$lock_file" FORCE || \
5930+ die "Failed to FORCE remove lock-file!"
5931+
5932+ # quit now, force retry
5933+ notice "\
5934+ lock-file removed - Please try running the easyrsa command again."
5935+ cleanup
5936+ else
5937+ die "Failed to create lock-file (permissions?)"
5938+ fi
5939+ fi
5940+ else
5941+ verbose "verify_working_env: lock-file not required."
5942+ fi
5943+
58335944 # For commands which 'require a PKI' and PKI exists
58345945 if [ "$require_pki" ]; then
58355946 # Verify PKI is initialised
0 commit comments