diff --git a/testing/step-certificates/APKBUILD b/testing/step-certificates/APKBUILD index ef941ccc059..00dcee4136e 100644 --- a/testing/step-certificates/APKBUILD +++ b/testing/step-certificates/APKBUILD @@ -3,7 +3,7 @@ # Contributor: Dermot Bradley # Maintainer: Dermot Bradley pkgname=step-certificates -pkgver=0.18.0 +pkgver=0.18.1 pkgrel=0 pkgdesc="Online certificate authority and related tools" url="https://smallstep.com/certificates/" @@ -50,10 +50,10 @@ package() { } sha512sums=" -a7c85f999d9f330fe44ee095d2b66e7805ca27cdc02b524bbd9a81f6e0c019762fb497d2c2262b903b825babb2f0df02b0431f4b3cce8fae963b9a1bd85b078b step-certificates-0.18.0.tar.gz +5aef84bf0aba4e750cb95b9b53abc24062d8b92650683009c61f58c2f3fe639ec09bf84762f025d652677c9edb251c91f80bf78bb2b26cfda2c17c3ea7ea7396 step-certificates-0.18.1.tar.gz fce464b646dfb087da27beed7135c52b2926df8595675ab3117afa9a98ac2c8ac8bed57ddf6567bcccc417dc076321a230a77ef029fad2ab3213c2b3655eb66b 01-Makefile-GOFLAGS.patch 0b49bda9b0b0df9d9e10ab96405a8eff5b50aaf354b8ce424d4f085ef7b033d98169521f798b27dce3959ea18cf97da365613417c40a3d54779fad7ecc15e3d4 02-Makefile-yubikey-and-pkcs11-binary.patch -c3a6ac7216643dba6dd54bd709e94e6c2d3ad8c04a342845a8873964e3bbca8f96cf40517628af8a0b8ed861757cf09ccea5a65804ba7849114bc75c3636e5d1 step-ca.confd -9dd2342434f3330d5ce7a6461a71ac1a40f9e1c17f2fc0599f4882c4ba3497ec09809b84f54828a9db87777e65905aff880f36610b3a157c33b6491cbd7ca82b step-ca.initd -0af3914768275d26cd25a36ac4b33218429da00e3c719bdd7841507b6dc4a9d8c4db30e502072accc111d25333888e9f310baf8260f07545a083ba13719eb4ed step-ca.logrotate +b207ff9a887389334b624ae5e389379b6ee37bec712dbc075e3c6447f2e542594dbcddc75f0d4b057e1b855fd135a625e6e6c6caff02a9e4de8475318a655836 step-ca.confd +45a82345ad5906f3eef84df5c71d5b830423d51e1e86447937fac7efbbfd78bfcc93e30dab06d4baf8198223f1cb1e8f5551b70385702b976a30f4aebb0b8963 step-ca.initd +17740fbe3a72f1c9fe4f90dffb368ad4fe6b98a36512ca58614a4bfbc4b6895ecc6daa4a5a78abcd9b1840eb63ce90523d7fa77a2b42da0cf539bf36330c9f32 step-ca.logrotate " diff --git a/testing/step-certificates/step-ca.confd b/testing/step-certificates/step-ca.confd index 271811d88ab..61c946188f6 100644 --- a/testing/step-certificates/step-ca.confd +++ b/testing/step-certificates/step-ca.confd @@ -1,4 +1,4 @@ -# Configuration for /etc/init.d/step-certificates +# Configuration for /etc/init.d/step-ca # The directory where all CA-related files will be stored. # diff --git a/testing/step-certificates/step-ca.initd b/testing/step-certificates/step-ca.initd index e8188674733..43b8b81e702 100644 --- a/testing/step-certificates/step-ca.initd +++ b/testing/step-certificates/step-ca.initd @@ -3,15 +3,16 @@ description="Step CA" description_check="Verify configuration" +config_dir="${STEPPATH:-/etc/step-ca}" pidfile="/run/$RC_SVCNAME.pid" command="/usr/bin/step-ca" -command_args="/etc/step-ca/config/ca.json --password-file=/etc/step-ca/password.txt" +command_args="${config_dir}/config/ca.json --password-file=${config_dir}/password.txt" command_background="yes" command_user="step-ca:step-ca" -start_stop_daemon_args="--stdout /var/log/$RC_SVCNAME/${RC_SVCNAME}.log --stderr /var/log/$RC_SVCNAME/${RC_SVCNAME}.err" +start_stop_daemon_args="--env STEPPATH=${STEPPATH} --stdout /var/log/$RC_SVCNAME/${RC_SVCNAME}.log --stderr /var/log/$RC_SVCNAME/${RC_SVCNAME}.err" extra_commands="checkconfig" -required_files="/etc/step-ca/config/ca.json /etc/step-ca/password.txt" +required_files="${config_dir}/config/ca.json ${config_dir}/password.txt" depend() { use logger dns @@ -31,15 +32,21 @@ start_pre() { checkconfig() { if [ ! -d /var/log/step-ca ]; then mkdir -p /var/log/step-ca - chown step-ca:step-ca /var/log/step-ca - chmod 700 /var/log/step-ca + chown -R step-ca:step-ca /var/log/step-ca + chmod -R 700 /var/log/step-ca fi - if [ ! -f /etc/step-ca/config/ca.json ]; then + if [ ! -d ${config_dir} ]; then + mkdir -p ${config_dir} + chown -R step-ca:step-ca ${config_dir} + chmod -R 700 ${config_dir} + fi + + if [ ! -f ${config_dir}/config/ca.json ]; then ewarn "CA configuration file is missing" fi - if [ ! -f /etc/step-ca/password.txt ]; then + if [ ! -f ${config_dir}/password.txt ]; then ewarn "CA password file is missing" fi } diff --git a/testing/step-certificates/step-ca.logrotate b/testing/step-certificates/step-ca.logrotate index 1f4ac1277d1..c0a8a02d025 100644 --- a/testing/step-certificates/step-ca.logrotate +++ b/testing/step-certificates/step-ca.logrotate @@ -2,5 +2,6 @@ compress delaycompress missingok + monthly notifempty } diff --git a/testing/step-certificates/step-certificates.pre-install b/testing/step-certificates/step-certificates.pre-install index a1fcb30dbaf..59ae6fc2bbe 100644 --- a/testing/step-certificates/step-certificates.pre-install +++ b/testing/step-certificates/step-certificates.pre-install @@ -1,25 +1,28 @@ #!/bin/sh +config_dir="/etc/step-ca" +log_dir="/var/log/step-ca" + addgroup -S step-ca 2>/dev/null -adduser -S -D -h /etc/step-ca -s /bin/sh -G step-ca \ +adduser -S -D -h ${config_dir} -s /bin/sh -G step-ca \ -g "step-ca user" step-ca 2>/dev/null directory_list="config db" for directory in $directory_list; do - mkdir -p /etc/step-ca/"$directory" + mkdir -p ${config_dir}/"$directory" done -mkdir /var/log/step-ca +mkdir ${log_dir} -step_path_profile="STEPPATH=\"/etc/step-ca\"; export STEPPATH" -if [ ! -f /etc/step-ca/.profile ]; then - echo "$step_path_profile" > /etc/step-ca/.profile +step_path_profile="STEPPATH=\"${config_dir}\"; export STEPPATH" +if [ ! -f ${config_dir}/.profile ]; then + echo "$step_path_profile" > ${config_dir}/.profile else - echo "$step_path_profile" >> /etc/step-ca/.profile + echo "$step_path_profile" >> ${config_dir}/.profile fi -chown -R step-ca:step-ca /etc/step-ca -chmod -R 700 /etc/step-ca +chown -R step-ca:step-ca ${config_dir} +chmod -R 700 ${config_dir} -chown -R step-ca:step-ca /var/log/step-ca +chown -R step-ca:step-ca ${log_dir} exit 0