blob: 59e8e33c516430478fc77e109e30f94780690be2 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
#!/bin/sh
# PROVIDE: step-ca
# REQUIRE: LOGIN networking
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
# to enable or customize this service:
#
# step_ca_enable (bool): Set to NO by default.
# Set to YES to enable step_ca.
# step_ca_user (user): Set user to run step_ca.
# Default is "step"
# step_ca_group (group): Set group to run step_ca.
# Default is "step"
# step_ca_stepdir (dir): Set dir to run step_ca in.
# Default is "%%PREFIX%%/etc/step"
# step_ca_steppath (dir): Set dir to run hold step_ca CA information in.
# Default is "${step_ca_stepdir}/ca"
# step_ca_password (path): step_ca CA Password file path
# Default is "${step_ca_stepdir}/password.txt"
. /etc/rc.subr
name="step_ca"
rcvar="step_ca_enable"
load_rc_config $name
: ${step_ca_enable:=no}
: ${step_ca_user:=step}
: ${step_ca_group:=step}
: ${step_ca_stepdir:=%%PREFIX%%/etc/step}
: ${step_ca_steppath:=${step_ca_stepdir}/ca}
: ${step_ca_password:=${step_ca_stepdir}/password.txt}
pidfile="/var/run/${name}.pid"
step_ca_command="%%PREFIX%%/sbin/step-ca"
step_ca_config="\
${step_ca_steppath}/config/ca.json \
--password-file ${step_ca_password}"
command="/usr/sbin/daemon"
command_args="-S -c \
-P $pidfile \
-t $name \
-T $name \
$step_ca_command $step_ca_config"
start_precmd=step_ca_startprecmd
start_postcmd=step_ca_postcmd
extra_commands="configure"
configure_cmd="step_ca_configure"
step_ca_startprecmd()
{
if [ ! -e ${pidfile} ]; then
install -o ${step_ca_user} -g ${step_ca_group} /dev/null ${pidfile};
fi
if [ ! -e ${step_ca_steppath} ]; then
echo "No configured Step CA found."
echo "Please run service step-ca configure"
exit 1
else
export STEPPATH=${step_ca_steppath}
fi
if [ ! -e ${step_ca_password} ]; then
echo "Step CA Password file for auto-start not found"
echo "Please run service step-ca configure"
exit 1
fi
if [ -e ${step_ca_steppath}/config/ca.json ]; then
configured_port=$(sed -n -e '/"address"/ s/.*:\(.*\)".*/\1/p' ${step_ca_steppath}/config/ca.json)
if [ ${configured_port} -lt 1024 ]; then
echo "Privileged Port (${configured_port}) configured: cannot run as ${step_ca_user}"
exit 1
fi
fi
}
step_ca_postcmd() {
sleep 2
run_rc_command status
}
step_ca_configure() {
if [ ! -e ${step_ca_steppath} ]; then
echo "No configured Step CA found."
echo "Creating new one...."
install -m 600 -o ${step_ca_user} -g ${step_ca_group} /dev/null ${step_ca_steppath}
export STEPPATH=${step_ca_steppath}
%%PREFIX%%/bin/step ca init --ssh
chown -R ${step_ca_user}:${step_ca_group} ${step_ca_stepdir}
else
echo "Configured Step CA found at ${step_ca_steppath}."
echo "Please remove the directory and its contents manually if you really want to reconfigure."
export STEPPATH=${step_ca_steppath}
fi
if [ ! -e ${step_ca_password} ]; then
echo "Step CA Password file for auto-start not found"
echo "Creating it...."
install -m 600 -o ${step_ca_user} -g ${step_ca_group} /dev/null ${step_ca_password}
echo "Please enter the Step CA Password:"
stty -echo; read passwd; stty echo; echo
echo $passwd > ${step_ca_password}
else
echo "Configured Step CA password file found at ${step_ca_password}."
echo "Please remove the file manually if you really want to reconfigure."
fi
if [ -e ${step_ca_steppath}/config/ca.json ]; then
configured_port=$(sed -n -e '/"address"/ s/.*:\(.*\)".*/\1/p' ${step_ca_steppath}/config/ca.json)
if [ ${configured_port} -lt 1024 ]; then
echo "Privileged Port (${configured_port}) configured: cannot run as ${step_ca_user}"
fi
fi
}
run_rc_command "$1"
|