[Slackbuilds-users] Best place to install the EasyRSA scripts?

Thomas Szteliga ts at websafe.pl
Fri Nov 4 22:23:06 UTC 2016


On 11/04/2016 12:02 PM, Sebastian Arcus wrote:
> I am making the SBo scripts for EasyRSA, and I need to decide where they
> will be installed. Before they were removed from Slackware - when they
> were part of Openvpn, I think they used to go under
> /usr/share/doc/openvpn. However, it seems a bit strange to install a
> package in the directory of another package. Maybe
> /usr/share/doc/easyrsa instead? However, they are sample scripts - not
> really documentation. According to Linux filesystem standards, would
> there be a better place? Maybe /usr/share directly, or /us/lib or
> something?


It was very handy to have them in /etc/openvpn/...

EasyRSA scripts will create keys in the `keys` subdir,
so /usr/share and /usr/doc are probably not the best location
without patching KEY_DIR in easyrsa/*/vars to point
to a more reasonable location

	export KEY_DIR="$EASY_RSA/keys"

But this still should not be an absolute path,
because when you're running multiple openvpn servers
you would normally have something like:

/etc/openvpn/server/server1/easyrsa/*/keys
/etc/openvpn/server/server2/easyrsa/*/keys
/etc/openvpn/server/server3/easyrsa/*/keys

and a patched KEY_DIR would place all keys by default
in one directory. That's not what you want (with multiple servers).


So after rethinking this my suggestion is:


 /usr/share/easyrsa without patching KEY_DIR (keys placed in subdir)


and users will have to copy the contents of /usr/share/easyrsa
to a writable location like /etc/openvpn/server/server1/easyrsa



-- 
Thomas Szteliga


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3719 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.slackbuilds.org/pipermail/slackbuilds-users/attachments/20161104/d03ec406/attachment.p7s>


More information about the SlackBuilds-users mailing list