testing/step-certificates: upgrade to 0.18.1

Upgrade to 0.18.1. Modify init.d script to use variables for home/config dir. Modify logrotate file to specify monthly rotation.
2026-05-08 13:56:40 +02:00 · 2022-02-04 21:14:03 +00:00 · 2022-02-04 21:14:03 +00:00 · 407c514e19
commit 407c514e19
parent 82c6d7d5d1
5 changed files with 34 additions and 23 deletions
--- a/testing/step-certificates/APKBUILD
+++ b/testing/step-certificates/APKBUILD
@ -3,7 +3,7 @@
 # Contributor: Dermot Bradley <dermot_bradley@yahoo.com>
 # Maintainer: Dermot Bradley <dermot_bradley@yahoo.com>
 pkgname=step-certificates
-pkgver=0.18.0
+pkgver=0.18.1
 pkgrel=0
 pkgdesc="Online certificate authority and related tools"
 url="https://smallstep.com/certificates/"
@ -50,10 +50,10 @@ package() {
 }

 sha512sums="
-a7c85f999d9f330fe44ee095d2b66e7805ca27cdc02b524bbd9a81f6e0c019762fb497d2c2262b903b825babb2f0df02b0431f4b3cce8fae963b9a1bd85b078b  step-certificates-0.18.0.tar.gz
+5aef84bf0aba4e750cb95b9b53abc24062d8b92650683009c61f58c2f3fe639ec09bf84762f025d652677c9edb251c91f80bf78bb2b26cfda2c17c3ea7ea7396  step-certificates-0.18.1.tar.gz
 fce464b646dfb087da27beed7135c52b2926df8595675ab3117afa9a98ac2c8ac8bed57ddf6567bcccc417dc076321a230a77ef029fad2ab3213c2b3655eb66b  01-Makefile-GOFLAGS.patch
 0b49bda9b0b0df9d9e10ab96405a8eff5b50aaf354b8ce424d4f085ef7b033d98169521f798b27dce3959ea18cf97da365613417c40a3d54779fad7ecc15e3d4  02-Makefile-yubikey-and-pkcs11-binary.patch
-c3a6ac7216643dba6dd54bd709e94e6c2d3ad8c04a342845a8873964e3bbca8f96cf40517628af8a0b8ed861757cf09ccea5a65804ba7849114bc75c3636e5d1  step-ca.confd
-9dd2342434f3330d5ce7a6461a71ac1a40f9e1c17f2fc0599f4882c4ba3497ec09809b84f54828a9db87777e65905aff880f36610b3a157c33b6491cbd7ca82b  step-ca.initd
-0af3914768275d26cd25a36ac4b33218429da00e3c719bdd7841507b6dc4a9d8c4db30e502072accc111d25333888e9f310baf8260f07545a083ba13719eb4ed  step-ca.logrotate
+b207ff9a887389334b624ae5e389379b6ee37bec712dbc075e3c6447f2e542594dbcddc75f0d4b057e1b855fd135a625e6e6c6caff02a9e4de8475318a655836  step-ca.confd
+45a82345ad5906f3eef84df5c71d5b830423d51e1e86447937fac7efbbfd78bfcc93e30dab06d4baf8198223f1cb1e8f5551b70385702b976a30f4aebb0b8963  step-ca.initd
+17740fbe3a72f1c9fe4f90dffb368ad4fe6b98a36512ca58614a4bfbc4b6895ecc6daa4a5a78abcd9b1840eb63ce90523d7fa77a2b42da0cf539bf36330c9f32  step-ca.logrotate
 "
--- a/testing/step-certificates/step-ca.confd
+++ b/testing/step-certificates/step-ca.confd
@ -1,4 +1,4 @@
-# Configuration for /etc/init.d/step-certificates
+# Configuration for /etc/init.d/step-ca

 # The directory where all CA-related files will be stored.
 #
--- a/testing/step-certificates/step-ca.initd
+++ b/testing/step-certificates/step-ca.initd
@ -3,15 +3,16 @@
 description="Step CA"
 description_check="Verify configuration"

+config_dir="${STEPPATH:-/etc/step-ca}"
 pidfile="/run/$RC_SVCNAME.pid"
 command="/usr/bin/step-ca"
-command_args="/etc/step-ca/config/ca.json --password-file=/etc/step-ca/password.txt"
+command_args="${config_dir}/config/ca.json --password-file=${config_dir}/password.txt"
 command_background="yes"
 command_user="step-ca:step-ca"
-start_stop_daemon_args="--stdout /var/log/$RC_SVCNAME/${RC_SVCNAME}.log --stderr /var/log/$RC_SVCNAME/${RC_SVCNAME}.err"
+start_stop_daemon_args="--env STEPPATH=${STEPPATH} --stdout /var/log/$RC_SVCNAME/${RC_SVCNAME}.log --stderr /var/log/$RC_SVCNAME/${RC_SVCNAME}.err"
 extra_commands="checkconfig"

-required_files="/etc/step-ca/config/ca.json /etc/step-ca/password.txt"
+required_files="${config_dir}/config/ca.json ${config_dir}/password.txt"

 depend() {
 	use logger dns
@ -31,15 +32,21 @@ start_pre() {
 checkconfig() {
 	if [ ! -d /var/log/step-ca ]; then
 		mkdir -p /var/log/step-ca
-		chown step-ca:step-ca /var/log/step-ca
-		chmod 700 /var/log/step-ca
+		chown -R step-ca:step-ca /var/log/step-ca
+		chmod -R 700 /var/log/step-ca
 	fi

-	if [ ! -f /etc/step-ca/config/ca.json ]; then
+	if [ ! -d ${config_dir} ]; then
+		mkdir -p ${config_dir}
+		chown -R step-ca:step-ca ${config_dir}
+		chmod -R 700 ${config_dir}
+	fi
+
+	if [ ! -f ${config_dir}/config/ca.json ]; then
 		ewarn "CA configuration file is missing"
 	fi

-	if [ ! -f /etc/step-ca/password.txt ]; then
+	if [ ! -f ${config_dir}/password.txt ]; then
 		ewarn "CA password file is missing"
 	fi
 }
--- a/testing/step-certificates/step-ca.logrotate
+++ b/testing/step-certificates/step-ca.logrotate
@ -2,5 +2,6 @@
 	compress
 	delaycompress
 	missingok
+	monthly
 	notifempty
 }
--- a/testing/step-certificates/step-certificates.pre-install
+++ b/testing/step-certificates/step-certificates.pre-install
@ -1,25 +1,28 @@
 #!/bin/sh

+config_dir="/etc/step-ca"
+log_dir="/var/log/step-ca"
+
 addgroup -S step-ca 2>/dev/null
-adduser -S -D -h /etc/step-ca -s /bin/sh -G step-ca \
+adduser -S -D -h ${config_dir} -s /bin/sh -G step-ca \
 	-g "step-ca user" step-ca 2>/dev/null

 directory_list="config db"
 for directory in $directory_list; do
-	mkdir -p /etc/step-ca/"$directory"
+	mkdir -p ${config_dir}/"$directory"
 done
-mkdir /var/log/step-ca
+mkdir ${log_dir}

-step_path_profile="STEPPATH=\"/etc/step-ca\"; export STEPPATH"
-if [ ! -f /etc/step-ca/.profile ]; then
-	echo "$step_path_profile" > /etc/step-ca/.profile
+step_path_profile="STEPPATH=\"${config_dir}\"; export STEPPATH"
+if [ ! -f ${config_dir}/.profile ]; then
+	echo "$step_path_profile" > ${config_dir}/.profile
 else
-	echo "$step_path_profile" >> /etc/step-ca/.profile
+	echo "$step_path_profile" >> ${config_dir}/.profile
 fi

-chown -R step-ca:step-ca /etc/step-ca
-chmod -R 700 /etc/step-ca
+chown -R step-ca:step-ca ${config_dir}
+chmod -R 700 ${config_dir}

-chown -R step-ca:step-ca /var/log/step-ca
+chown -R step-ca:step-ca ${log_dir}

 exit 0