[Slackbuilds-users] Best place to install the EasyRSA scripts?
Thomas Szteliga
ts at websafe.pl
Fri Nov 4 22:23:06 UTC 2016
On 11/04/2016 12:02 PM, Sebastian Arcus wrote:
> I am making the SBo scripts for EasyRSA, and I need to decide where they
> will be installed. Before they were removed from Slackware - when they
> were part of Openvpn, I think they used to go under
> /usr/share/doc/openvpn. However, it seems a bit strange to install a
> package in the directory of another package. Maybe
> /usr/share/doc/easyrsa instead? However, they are sample scripts - not
> really documentation. According to Linux filesystem standards, would
> there be a better place? Maybe /usr/share directly, or /us/lib or
> something?
It was very handy to have them in /etc/openvpn/...
EasyRSA scripts will create keys in the `keys` subdir,
so /usr/share and /usr/doc are probably not the best location
without patching KEY_DIR in easyrsa/*/vars to point
to a more reasonable location
export KEY_DIR="$EASY_RSA/keys"
But this still should not be an absolute path,
because when you're running multiple openvpn servers
you would normally have something like:
/etc/openvpn/server/server1/easyrsa/*/keys
/etc/openvpn/server/server2/easyrsa/*/keys
/etc/openvpn/server/server3/easyrsa/*/keys
and a patched KEY_DIR would place all keys by default
in one directory. That's not what you want (with multiple servers).
So after rethinking this my suggestion is:
/usr/share/easyrsa without patching KEY_DIR (keys placed in subdir)
and users will have to copy the contents of /usr/share/easyrsa
to a writable location like /etc/openvpn/server/server1/easyrsa
--
Thomas Szteliga
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3719 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.slackbuilds.org/pipermail/slackbuilds-users/attachments/20161104/d03ec406/attachment.p7s>
More information about the SlackBuilds-users
mailing list