diff options
author | Christian Breunig <christian@breunig.cc> | 2024-02-23 15:05:20 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-02-23 15:05:20 +0100 |
commit | 9086748f7a3f83482f5c39ca2d611ec22b329296 (patch) | |
tree | 8e7c5afbf7444bf1d94b0e1b14d58b301410b996 | |
parent | 774b2abc5912ad9479dd4f6f7681ef2cdbfecce4 (diff) | |
parent | 1c7fd8a7635e9a8c87de178fcb0735c6ed83b669 (diff) | |
download | vyos-1x-9086748f7a3f83482f5c39ca2d611ec22b329296.tar.gz vyos-1x-9086748f7a3f83482f5c39ca2d611ec22b329296.zip |
Merge pull request #3041 from vyos/mergify/bp/sagitta/pr-3040
pki: T6055: Cleanup unnecessary sudo, preserve env when sudo is needed (backport #3040)
-rw-r--r-- | interface-definitions/include/pki/cli-private-key-base64.xml.i | 2 | ||||
-rw-r--r-- | interface-definitions/include/pki/cli-public-key-base64.xml.i | 6 | ||||
-rw-r--r-- | op-mode-definitions/pki.xml.in | 106 |
3 files changed, 57 insertions, 57 deletions
diff --git a/interface-definitions/include/pki/cli-private-key-base64.xml.i b/interface-definitions/include/pki/cli-private-key-base64.xml.i index 3a7ee0ce9..f57e9b198 100644 --- a/interface-definitions/include/pki/cli-private-key-base64.xml.i +++ b/interface-definitions/include/pki/cli-private-key-base64.xml.i @@ -1,4 +1,4 @@ -<!-- include start from pki/pki-cli-private-key.xml.i --> +<!-- include start from pki/cli-private-key-base64.xml.i --> <leafNode name="key"> <properties> <help>Private key in PEM format</help> diff --git a/interface-definitions/include/pki/cli-public-key-base64.xml.i b/interface-definitions/include/pki/cli-public-key-base64.xml.i index 3a7ee0ce9..f7cffae55 100644 --- a/interface-definitions/include/pki/cli-public-key-base64.xml.i +++ b/interface-definitions/include/pki/cli-public-key-base64.xml.i @@ -1,11 +1,11 @@ -<!-- include start from pki/pki-cli-private-key.xml.i --> +<!-- include start from pki/cli-public-key-base64.xml.i --> <leafNode name="key"> <properties> - <help>Private key in PEM format</help> + <help>Public key in PEM format</help> <constraint> <validator name="base64"/> </constraint> - <constraintErrorMessage>Private key is not base64-encoded</constraintErrorMessage> + <constraintErrorMessage>Public key is not base64-encoded</constraintErrorMessage> </properties> </leafNode> <!-- include end --> diff --git a/op-mode-definitions/pki.xml.in b/op-mode-definitions/pki.xml.in index 4b8d9c47a..a81c8d4f7 100644 --- a/op-mode-definitions/pki.xml.in +++ b/op-mode-definitions/pki.xml.in @@ -27,7 +27,7 @@ <list><filename></list> </completionHelp> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --ca "$7" --sign "$5" --file</command> + <command>sudo -E ${vyos_op_scripts_dir}/pki.py --action generate --ca "$7" --sign "$5" --file</command> </tagNode> <tagNode name="install"> <properties> @@ -36,10 +36,10 @@ <list><certificate name></list> </completionHelp> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --ca "$7" --sign "$5" --install</command> + <command>${vyos_op_scripts_dir}/pki.py --action generate --ca "$7" --sign "$5" --install</command> </tagNode> </children> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --ca "noname" --sign "$5"</command> + <command>${vyos_op_scripts_dir}/pki.py --action generate --ca "noname" --sign "$5"</command> </tagNode> <tagNode name="file"> <properties> @@ -48,7 +48,7 @@ <list><filename></list> </completionHelp> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --ca "$5" --file</command> + <command>sudo -E ${vyos_op_scripts_dir}/pki.py --action generate --ca "$5" --file</command> </tagNode> <tagNode name="install"> <properties> @@ -57,10 +57,10 @@ <list><CA name></list> </completionHelp> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --ca "$5" --install</command> + <command>${vyos_op_scripts_dir}/pki.py --action generate --ca "$5" --install</command> </tagNode> </children> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --ca "noname"</command> + <command>${vyos_op_scripts_dir}/pki.py --action generate --ca "noname"</command> </node> <node name="certificate"> <properties> @@ -79,7 +79,7 @@ <list><filename></list> </completionHelp> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "$6" --self-sign --file</command> + <command>sudo -E ${vyos_op_scripts_dir}/pki.py --action generate --certificate "$6" --self-sign --file</command> </tagNode> <tagNode name="install"> <properties> @@ -88,10 +88,10 @@ <list><certificate name></list> </completionHelp> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "$6" --self-sign --install</command> + <command>${vyos_op_scripts_dir}/pki.py --action generate --certificate "$6" --self-sign --install</command> </tagNode> </children> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "noname" --self-sign</command> + <command>${vyos_op_scripts_dir}/pki.py --action generate --certificate "noname" --self-sign</command> </node> <tagNode name="sign"> <properties> @@ -108,7 +108,7 @@ <list><filename></list> </completionHelp> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "$7" --sign "$5" --file</command> + <command>sudo -E ${vyos_op_scripts_dir}/pki.py --action generate --certificate "$7" --sign "$5" --file</command> </tagNode> <tagNode name="install"> <properties> @@ -117,10 +117,10 @@ <list><certificate name></list> </completionHelp> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "$7" --sign "$5" --install</command> + <command>${vyos_op_scripts_dir}/pki.py --action generate --certificate "$7" --sign "$5" --install</command> </tagNode> </children> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "noname" --sign "$5"</command> + <command>${vyos_op_scripts_dir}/pki.py --action generate --certificate "noname" --sign "$5"</command> </tagNode> <tagNode name="file"> <properties> @@ -129,7 +129,7 @@ <list><filename></list> </completionHelp> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "$5" --file</command> + <command>sudo -E ${vyos_op_scripts_dir}/pki.py --action generate --certificate "$5" --file</command> </tagNode> <tagNode name="install"> <properties> @@ -138,10 +138,10 @@ <list><certificate name></list> </completionHelp> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "$5" --install</command> + <command>${vyos_op_scripts_dir}/pki.py --action generate --certificate "$5" --install</command> </tagNode> </children> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "noname"</command> + <command>${vyos_op_scripts_dir}/pki.py --action generate --certificate "noname"</command> </node> <tagNode name="crl"> <properties> @@ -158,16 +158,16 @@ <list><filename></list> </completionHelp> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --crl "$4" --file</command> + <command>sudo -E ${vyos_op_scripts_dir}/pki.py --action generate --crl "$4" --file</command> </tagNode> <leafNode name="install"> <properties> <help>Commands for installing generated CRL into running configuration</help> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --crl "$4" --install</command> + <command>${vyos_op_scripts_dir}/pki.py --action generate --crl "$4" --install</command> </leafNode> </children> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --crl "$4"</command> + <command>${vyos_op_scripts_dir}/pki.py --action generate --crl "$4"</command> </tagNode> <node name="dh"> <properties> @@ -181,7 +181,7 @@ <list><filename></list> </completionHelp> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --dh "$5" --file</command> + <command>sudo -E ${vyos_op_scripts_dir}/pki.py --action generate --dh "$5" --file</command> </tagNode> <tagNode name="install"> <properties> @@ -190,10 +190,10 @@ <list><DH name></list> </completionHelp> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --dh "$5" --install</command> + <command>${vyos_op_scripts_dir}/pki.py --action generate --dh "$5" --install</command> </tagNode> </children> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --dh "noname"</command> + <command>${vyos_op_scripts_dir}/pki.py --action generate --dh "noname"</command> </node> <node name="key-pair"> <properties> @@ -207,7 +207,7 @@ <list><filename></list> </completionHelp> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --keypair "$5" --file</command> + <command>sudo -E ${vyos_op_scripts_dir}/pki.py --action generate --keypair "$5" --file</command> </tagNode> <tagNode name="install"> <properties> @@ -216,10 +216,10 @@ <list><key name></list> </completionHelp> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --keypair "$5" --install</command> + <command>${vyos_op_scripts_dir}/pki.py --action generate --keypair "$5" --install</command> </tagNode> </children> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --keypair "noname"</command> + <command>${vyos_op_scripts_dir}/pki.py --action generate --keypair "noname"</command> </node> <node name="openvpn"> <properties> @@ -238,7 +238,7 @@ <list><filename></list> </completionHelp> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --openvpn "$6" --file</command> + <command>sudo -E ${vyos_op_scripts_dir}/pki.py --action generate --openvpn "$6" --file</command> </tagNode> <tagNode name="install"> <properties> @@ -247,10 +247,10 @@ <list><key name></list> </completionHelp> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --openvpn "$6" --install</command> + <command>${vyos_op_scripts_dir}/pki.py --action generate --openvpn "$6" --install</command> </tagNode> </children> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --openvpn "noname"</command> + <command>${vyos_op_scripts_dir}/pki.py --action generate --openvpn "noname"</command> </node> </children> </node> @@ -266,7 +266,7 @@ <list><filename></list> </completionHelp> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --ssh "$5" --file</command> + <command>sudo -E ${vyos_op_scripts_dir}/pki.py --action generate --ssh "$5" --file</command> </tagNode> <tagNode name="install"> <properties> @@ -275,10 +275,10 @@ <list><key name></list> </completionHelp> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --ssh "$5" --install</command> + <command>${vyos_op_scripts_dir}/pki.py --action generate --ssh "$5" --install</command> </tagNode> </children> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --ssh "noname"</command> + <command>${vyos_op_scripts_dir}/pki.py --action generate --ssh "noname"</command> </node> <node name="wireguard"> <properties> @@ -302,12 +302,12 @@ <path>interfaces wireguard</path> </completionHelp> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --wireguard --key --interface "$7" --install</command> + <command>${vyos_op_scripts_dir}/pki.py --action generate --wireguard --key --interface "$7" --install</command> </tagNode> </children> </node> </children> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --wireguard --key</command> + <command>${vyos_op_scripts_dir}/pki.py --action generate --wireguard --key</command> </node> <node name="preshared-key"> <properties> @@ -334,14 +334,14 @@ <path>interfaces wireguard ${COMP_WORDS[COMP_CWORD-2]} peer</path> </completionHelp> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --wireguard --psk --interface "$7" --peer "$9" --install</command> + <command>${vyos_op_scripts_dir}/pki.py --action generate --wireguard --psk --interface "$7" --peer "$9" --install</command> </tagNode> </children> </tagNode> </children> </node> </children> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --wireguard --psk</command> + <command>${vyos_op_scripts_dir}/pki.py --action generate --wireguard --psk</command> </node> </children> </node> @@ -371,13 +371,13 @@ <properties> <help>Path to CA certificate file</help> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action import --ca "$4" --filename "$6"</command> + <command>sudo -E ${vyos_op_scripts_dir}/pki.py --action import --ca "$4" --filename "$6"</command> </tagNode> <tagNode name="key-file"> <properties> <help>Path to private key file</help> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action import --ca "$4" --key-filename "$6"</command> + <command>sudo -E ${vyos_op_scripts_dir}/pki.py --action import --ca "$4" --key-filename "$6"</command> </tagNode> </children> </tagNode> @@ -393,13 +393,13 @@ <properties> <help>Path to certificate file</help> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action import --certificate "$4" --filename "$6"</command> + <command>sudo -E ${vyos_op_scripts_dir}/pki.py --action import --certificate "$4" --filename "$6"</command> </tagNode> <tagNode name="key-file"> <properties> <help>Path to private key file</help> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action import --certificate "$4" --key-filename "$6"</command> + <command>sudo -E ${vyos_op_scripts_dir}/pki.py --action import --certificate "$4" --key-filename "$6"</command> </tagNode> </children> </tagNode> @@ -415,7 +415,7 @@ <properties> <help>Path to CRL file</help> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action import --crl "$4" --filename "$6"</command> + <command>sudo -E ${vyos_op_scripts_dir}/pki.py --action import --crl "$4" --filename "$6"</command> </tagNode> </children> </tagNode> @@ -431,7 +431,7 @@ <properties> <help>Path to DH parameters file</help> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action import --dh "$4" --filename "$6"</command> + <command>sudo -E ${vyos_op_scripts_dir}/pki.py --action import --dh "$4" --filename "$6"</command> </tagNode> </children> </tagNode> @@ -447,13 +447,13 @@ <properties> <help>Path to public key file</help> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action import --keypair "$4" --filename "$6"</command> + <command>sudo -E ${vyos_op_scripts_dir}/pki.py --action import --keypair "$4" --filename "$6"</command> </tagNode> <tagNode name="private-file"> <properties> <help>Path to private key file</help> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action import --keypair "$4" --key-filename "$6"</command> + <command>sudo -E ${vyos_op_scripts_dir}/pki.py --action import --keypair "$4" --key-filename "$6"</command> </tagNode> </children> </tagNode> @@ -474,7 +474,7 @@ <properties> <help>Path to shared secret key file</help> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action import --openvpn "$5" --filename "$7"</command> + <command>sudo -E ${vyos_op_scripts_dir}/pki.py --action import --openvpn "$5" --filename "$7"</command> </tagNode> </children> </tagNode> @@ -495,7 +495,7 @@ <properties> <help>Show x509 CA certificates</help> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action show --ca "all"</command> + <command>${vyos_op_scripts_dir}/pki.py --action show --ca "all"</command> </leafNode> <tagNode name="ca"> <properties> @@ -504,13 +504,13 @@ <path>pki ca</path> </completionHelp> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action show --ca "$4"</command> + <command>${vyos_op_scripts_dir}/pki.py --action show --ca "$4"</command> <children> <leafNode name="pem"> <properties> <help>Show x509 CA certificate in PEM format</help> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action show --ca "$4" --pem</command> + <command>${vyos_op_scripts_dir}/pki.py --action show --ca "$4" --pem</command> </leafNode> </children> </tagNode> @@ -518,7 +518,7 @@ <properties> <help>Show x509 certificates</help> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action show --certificate "all"</command> + <command>${vyos_op_scripts_dir}/pki.py --action show --certificate "all"</command> </leafNode> <tagNode name="certificate"> <properties> @@ -527,7 +527,7 @@ <path>pki certificate</path> </completionHelp> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action show --certificate "$4"</command> + <command>${vyos_op_scripts_dir}/pki.py --action show --certificate "$4"</command> <children> <leafNode name="pem"> <properties> @@ -542,7 +542,7 @@ <list>sha256 sha384 sha512</list> </completionHelp> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action show --certificate "$4" --fingerprint "$6"</command> + <command>${vyos_op_scripts_dir}/pki.py --action show --certificate "$4" --fingerprint "$6"</command> </tagNode> </children> </tagNode> @@ -550,7 +550,7 @@ <properties> <help>Show x509 certificate revocation lists</help> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action show --crl "all"</command> + <command>${vyos_op_scripts_dir}/pki.py --action show --crl "all"</command> </leafNode> <tagNode name="crl"> <properties> @@ -559,18 +559,18 @@ <path>pki ca</path> </completionHelp> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action show --crl "$4"</command> + <command>${vyos_op_scripts_dir}/pki.py --action show --crl "$4"</command> <children> <leafNode name="pem"> <properties> <help>Show x509 certificate revocation lists by CA name in PEM format</help> </properties> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action show --crl "$4" --pem</command> + <command>${vyos_op_scripts_dir}/pki.py --action show --crl "$4" --pem</command> </leafNode> </children> </tagNode> </children> - <command>sudo ${vyos_op_scripts_dir}/pki.py --action show</command> + <command>${vyos_op_scripts_dir}/pki.py --action show</command> </node> </children> </node> |