From c4b94369cd7bed5e2e0d9dd96809b82b7fa1d525 Mon Sep 17 00:00:00 2001
From: Kyle Manna <kyle.manna@ouster.io>
Date: Mon, 30 Nov 2020 23:38:36 -0800
Subject: [PATCH 1/2] README: Drop log-driver argument

* This is overly verbose.
---
 README.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 32939649..a9106737 100644
--- a/README.md
+++ b/README.md
@@ -31,8 +31,8 @@ a corresponding [Digital Ocean Community Tutorial](http://bit.ly/1AGUZkq).
   private key used by the newly generated certificate authority.
 
       docker volume create --name $OVPN_DATA
-      docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_genconfig -u udp://VPN.SERVERNAME.COM
-      docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn ovpn_initpki
+      docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig -u udp://VPN.SERVERNAME.COM
+      docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn ovpn_initpki
 
 * Start OpenVPN server process
 
@@ -40,11 +40,11 @@ a corresponding [Digital Ocean Community Tutorial](http://bit.ly/1AGUZkq).
 
 * Generate a client certificate without a passphrase
 
-      docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn easyrsa build-client-full CLIENTNAME nopass
+      docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn easyrsa build-client-full CLIENTNAME nopass
 
 * Retrieve the client configuration with embedded certificates
 
-      docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_getclient CLIENTNAME > CLIENTNAME.ovpn
+      docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_getclient CLIENTNAME > CLIENTNAME.ovpn
 
 ## Next Steps
 

From 6ad931090bf76b6d17824c5429a66933d0063662 Mon Sep 17 00:00:00 2001
From: Kyle Manna <kyle.manna@ouster.io>
Date: Thu, 3 Dec 2020 19:21:40 -0800
Subject: [PATCH 2/2] easy-rsa: Drop all mention of the vars file

* This exists to import/export a number of easy-rsa default values but
  creates headaches for old volumes due to changes where easy-rsa
  insists on loading the var file if the environment variable is set.
* Going forward people should pass the variables via:
    `docker run -e EASYRSA_var ...`
* Closes #608
---
 Dockerfile         |  3 +--
 Dockerfile.aarch64 |  1 -
 bin/easyrsa_vars   | 39 ---------------------------------------
 bin/ovpn_initpki   |  4 ----
 4 files changed, 1 insertion(+), 46 deletions(-)
 delete mode 100755 bin/easyrsa_vars

diff --git a/Dockerfile b/Dockerfile
index 6fb30ec2..4ece3147 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -15,8 +15,7 @@ RUN echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing/" >> /etc/apk/reposi
 ENV OPENVPN=/etc/openvpn
 ENV EASYRSA=/usr/share/easy-rsa \
     EASYRSA_CRL_DAYS=3650 \
-    EASYRSA_PKI=$OPENVPN/pki \
-    EASYRSA_VARS_FILE=$OPENVPN/vars
+    EASYRSA_PKI=$OPENVPN/pki
 
 VOLUME ["/etc/openvpn"]
 
diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64
index 7207a09e..324b8363 100644
--- a/Dockerfile.aarch64
+++ b/Dockerfile.aarch64
@@ -15,7 +15,6 @@ RUN echo "http://dl-4.alpinelinux.org/alpine/edge/community/" >> /etc/apk/reposi
 ENV OPENVPN /etc/openvpn
 ENV EASYRSA /usr/share/easy-rsa
 ENV EASYRSA_PKI $OPENVPN/pki
-ENV EASYRSA_VARS_FILE $OPENVPN/vars
 
 # Prevents refused client connection because of an expired CRL
 ENV EASYRSA_CRL_DAYS 3650
diff --git a/bin/easyrsa_vars b/bin/easyrsa_vars
deleted file mode 100755
index e2fb56f2..00000000
--- a/bin/easyrsa_vars
+++ /dev/null
@@ -1,39 +0,0 @@
-#!/bin/sh
-
-#
-# Import/export EasyRSA default settings
-#
-
-if [ "$DEBUG" == "1" ]; then
-  set -x
-fi
-
-set -e
-
-if [ $# -lt 1 ]; then
-    echo "No command provided"
-    echo
-    echo "$0 export > /path/to/file"
-    echo "$0 import < /path/to/file"
-    exit 1
-fi
-
-cmd=$1
-shift
-
-case "$cmd" in
-    export)
-        if [ -f "$EASYRSA_VARS_FILE" ]; then
-            cat "$EASYRSA_VARS_FILE"
-        else
-            cat "$EASYRSA/vars.example"
-        fi
-        ;;
-    import)
-        cat > "$EASYRSA_VARS_FILE"
-        ;;
-    *)
-        echo "Unknown cmd \"$cmd\""
-        exit 2
-        ;;
-esac
diff --git a/bin/ovpn_initpki b/bin/ovpn_initpki
index c7029d2e..14b8ec9e 100755
--- a/bin/ovpn_initpki
+++ b/bin/ovpn_initpki
@@ -15,10 +15,6 @@ source "$OPENVPN/ovpn_env.sh"
 # Specify "nopass" as arg[2] to make the CA insecure (not recommended!)
 nopass=$1
 
-# EasyRSA 3.0.7 introduced checks for $EASYRSA_VARS_FILE existence
-# in the init-pki script
-touch $EASYRSA_VARS_FILE
-
 # Provides a sufficient warning before erasing pre-existing files
 easyrsa init-pki