add option, improve error handling

[vpn-setup] / client-cert-helper

diff --git a/client-cert-helper b/client-cert-helper
index 40078aad9562c5a84ac0f6e6f422e2fcca7dee5d..d5bdcdce2aee363eaaf9dc2f19647873c95a7d5b 100755 (executable)
--- a/client-cert-helper
+++ b/client-cert-helper
@@ -6,13 +6,18 @@ set -eE -o pipefail
 rm -f /tmp/vpn-mk-client-cert.log
 exec 2>/tmp/vpn-mk-client-cert.log
 
+
+if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
+shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?. PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR
+
 date >&2
+set -x
 
 name=$1
 common_name=$2
 
-echo common_name=$common_name >&2
-
 server_dir=/etc/openvpn
 if [[ -e /etc/openvpn/server ]]; then
   server_dir=/etc/openvpn/server
@@ -37,7 +42,7 @@ fi
 ### end section roughly copied from vpn-server-setup
 
 if [[ ! -e $cafile ]]; then
-  echo error: no cafile found at $cafile >/tmp/errors
+  echo error: no cafile found at $cafile >&2
   exit 1
 fi