From 2a67a2fe3a8a96b6adf06514001f2fa9f9ee9714 Mon Sep 17 00:00:00 2001 From: Markus Wipp Date: Fri, 29 Mar 2024 19:51:42 +0100 Subject: security/step-certificates: Update to version 0.26.0 * Add configure target to rc script * Adjusted pkg-message * Pet portclippy PR: 278035 --- security/step-certificates/Makefile | 7 ++--- security/step-certificates/distinfo | 10 +++---- security/step-certificates/files/step-ca.in | 45 +++++++++++++++++++++++++---- security/step-certificates/pkg-message | 5 ++-- 4 files changed, 50 insertions(+), 17 deletions(-) diff --git a/security/step-certificates/Makefile b/security/step-certificates/Makefile index 41ddcf4e6809..a903de9e8408 100644 --- a/security/step-certificates/Makefile +++ b/security/step-certificates/Makefile @@ -1,7 +1,6 @@ PORTNAME= step-certificates DISTVERSIONPREFIX= v -DISTVERSION= 0.25.2 -PORTREVISION= 2 +DISTVERSION= 0.26.0 CATEGORIES= security MAINTAINER= mw@wipp.bayern @@ -17,10 +16,10 @@ RUN_DEPENDS= step:security/step-cli USES= go:modules -GO_MODULE= github.com/smallstep/certificates - USE_RC_SUBR= step-ca +GO_MODULE= github.com/smallstep/certificates + GO_TARGET= ./cmd/step-ca:${PREFIX}/sbin/step-ca GO_BUILDFLAGS= -ldflags "-w -X main.Version=${PORTVERSION}" diff --git a/security/step-certificates/distinfo b/security/step-certificates/distinfo index af645bfe812a..2d510b73e2b7 100644 --- a/security/step-certificates/distinfo +++ b/security/step-certificates/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1701460797 -SHA256 (go/security_step-certificates/step-certificates-v0.25.2/v0.25.2.mod) = 7b8d9e8b5f35b5467da9bb0b5cb2997217cb6343cf4c707ab76566501d374cfb -SIZE (go/security_step-certificates/step-certificates-v0.25.2/v0.25.2.mod) = 6667 -SHA256 (go/security_step-certificates/step-certificates-v0.25.2/v0.25.2.zip) = 9bdffcb28b1ec1a03f8f1d3f49fde9ffb77e1e46d904b88bacecaea8adcb9764 -SIZE (go/security_step-certificates/step-certificates-v0.25.2/v0.25.2.zip) = 1049591 +TIMESTAMP = 1711731230 +SHA256 (go/security_step-certificates/step-certificates-v0.26.0/v0.26.0.mod) = 8c6fa479a3353e3388f2d2b22eae55f02fec0c627449eebd547aaf6b3dd6116a +SIZE (go/security_step-certificates/step-certificates-v0.26.0/v0.26.0.mod) = 8136 +SHA256 (go/security_step-certificates/step-certificates-v0.26.0/v0.26.0.zip) = a630dbbff154f0fb75ae9ced250df488becf2592d1840c44425d06ead197a161 +SIZE (go/security_step-certificates/step-certificates-v0.26.0/v0.26.0.zip) = 1069995 diff --git a/security/step-certificates/files/step-ca.in b/security/step-certificates/files/step-ca.in index 03946767ff2b..59e8e33c5164 100644 --- a/security/step-certificates/files/step-ca.in +++ b/security/step-certificates/files/step-ca.in @@ -49,19 +49,54 @@ command_args="-S -c \ start_precmd=step_ca_startprecmd start_postcmd=step_ca_postcmd +extra_commands="configure" +configure_cmd="step_ca_configure" + step_ca_startprecmd() { if [ ! -e ${pidfile} ]; then install -o ${step_ca_user} -g ${step_ca_group} /dev/null ${pidfile}; fi + if [ ! -e ${step_ca_steppath} ]; then + echo "No configured Step CA found." + echo "Please run service step-ca configure" + exit 1 + else + export STEPPATH=${step_ca_steppath} + fi + + if [ ! -e ${step_ca_password} ]; then + echo "Step CA Password file for auto-start not found" + echo "Please run service step-ca configure" + exit 1 + fi + + if [ -e ${step_ca_steppath}/config/ca.json ]; then + configured_port=$(sed -n -e '/"address"/ s/.*:\(.*\)".*/\1/p' ${step_ca_steppath}/config/ca.json) + if [ ${configured_port} -lt 1024 ]; then + echo "Privileged Port (${configured_port}) configured: cannot run as ${step_ca_user}" + exit 1 + fi + fi +} + +step_ca_postcmd() { + sleep 2 + run_rc_command status +} + +step_ca_configure() { if [ ! -e ${step_ca_steppath} ]; then echo "No configured Step CA found." echo "Creating new one...." + install -m 600 -o ${step_ca_user} -g ${step_ca_group} /dev/null ${step_ca_steppath} export STEPPATH=${step_ca_steppath} %%PREFIX%%/bin/step ca init --ssh - chown -R ${step_ca_user}:${step_ca_group} ${step_ca_steppath} + chown -R ${step_ca_user}:${step_ca_group} ${step_ca_stepdir} else + echo "Configured Step CA found at ${step_ca_steppath}." + echo "Please remove the directory and its contents manually if you really want to reconfigure." export STEPPATH=${step_ca_steppath} fi @@ -72,6 +107,9 @@ step_ca_startprecmd() echo "Please enter the Step CA Password:" stty -echo; read passwd; stty echo; echo echo $passwd > ${step_ca_password} + else + echo "Configured Step CA password file found at ${step_ca_password}." + echo "Please remove the file manually if you really want to reconfigure." fi if [ -e ${step_ca_steppath}/config/ca.json ]; then @@ -82,9 +120,4 @@ step_ca_startprecmd() fi } -step_ca_postcmd() { - sleep 2 - run_rc_command status -} - run_rc_command "$1" diff --git a/security/step-certificates/pkg-message b/security/step-certificates/pkg-message index 7b616c50a4bd..2e595b5f19ae 100644 --- a/security/step-certificates/pkg-message +++ b/security/step-certificates/pkg-message @@ -4,10 +4,11 @@ ================================================================================ Step Certificates requires additional configuration: -The simple way is via the service start script step_ca. +The simple way is via the service start script step_ca with: +service step_ca configure When there is no configuration it will be created. User input is required!!! -The hard way would be via the step command. +The hard way would be manually via the step command. Ensure to set the STEPPATH environment variable. This makes using the commands much simpler. -- cgit v1.2.3