diff --git a/.editorconfig b/.editorconfig index a3971e1..ef61af0 100644 --- a/.editorconfig +++ b/.editorconfig @@ -34,9 +34,7 @@ ij_css_use_double_quotes = true ij_css_value_alignment = do_not_align [{*.pl,*.pm}] -indent_size = 2 -tab_width = 2 -ij_continuation_indent_size = 2 +ij_continuation_indent_size = 4 ij_perl5_align_attributes = false ij_perl5_align_comments_on_consequent_lines = true ij_perl5_align_consecutive_assignments = 0 @@ -54,9 +52,9 @@ ij_perl5_assignment_wrap = off ij_perl5_attributes_wrap = 0 ij_perl5_binary_operation_sign_on_next_line = false ij_perl5_binary_operation_wrap = off -ij_perl5_brace_style_compound = 1 -ij_perl5_brace_style_namespace = 1 -ij_perl5_brace_style_sub = 1 +ij_perl5_brace_style_compound = 0 +ij_perl5_brace_style_namespace = 0 +ij_perl5_brace_style_sub = 0 ij_perl5_call_parameters_wrap = off ij_perl5_else_on_new_line = true ij_perl5_keep_indents_on_empty_lines = false diff --git a/cats.Dockerfile b/cats.Dockerfile index 870ce48..3958ac8 100644 --- a/cats.Dockerfile +++ b/cats.Dockerfile @@ -11,9 +11,10 @@ RUN apt-get update \ nullmailer \ php5-mysql \ && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -STOPSIGNAL SIGWINCH + && rm -rf /var/lib/apt/lists/* \ + && curl --silent --location --output /usr/local/bin/dumb-init \ + https://github.com/Yelp/dumb-init/releases/download/v1.2.4/dumb-init_1.2.4_x86_64 \ + && chmod +x /usr/local/bin/dumb-init COPY docker/apache-cats-foreground /usr/local/bin/ COPY testca/root/ca.crt.pem /usr/local/share/ca-certificates/testca_root.crt @@ -33,10 +34,11 @@ RUN a2ensite cats.cacert.localhost ; \ a2enmod rewrite ; \ a2enmod ssl ; \ cd /usr/local/share/ca-certificates ; \ - curl -O http://www.cacert.org/certs/root_X0F.crt ; \ - curl -O http://www.cacert.org/certs/class3_X0E.crt ; \ + curl --silent --remote-name http://www.cacert.org/certs/root_X0F.crt ; \ + curl --silent --remote-name http://www.cacert.org/certs/class3_X0E.crt ; \ update-ca-certificates EXPOSE 443 +ENTRYPOINT ["/usr/local/bin/dumb-init", "--"] CMD ["/usr/local/bin/apache-cats-foreground"] diff --git a/docker-compose.yml b/docker-compose.yml index a560efb..67cab0e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -42,7 +42,6 @@ services: CRL_DIRECTORY: /srv/certs/crl DEFAULT_HOSTNAME: www.cacert.localhost SECURE_HOSTNAME: secure.cacert.localhost - TVERIFY_HOSTNAME: tverify.cacert.localhost INSECURE_PORT: 8080 SECURE_PORT: 8443 RETURN_ADDRESS: "returns@cacert.localhost" @@ -96,7 +95,6 @@ services: environment: MYSQL_WEBDB_HOSTNAME: db MYSQL_WEBDB_DATABASE: cacert - CSR_DIRECTORY: /srv/certs/csr CRT_DIRECTORY: /srv/certs/crt CRL_DIRECTORY: /srv/certs/crl SMTP_HOST: smtp @@ -115,6 +113,10 @@ services: SIGNER_WORKDIR: /srv/ca/work SIGNER_CA_CONFIG: /srv/caconfig SIGNER_BASEDIR: /srv/ca + SIGNER_GPG_KEYRING_DIR: /srv/ca/gpg + SIGNER_GPG_ID: gpg@cacert.localhost + SIGNER_CPS_URL: https://www.cacert.localhost:8443/cps.php + SIGNER_OCSP_URL: http://ocsp.cacert.localhost/ volumes: - signersockets:/srv/sockets - signerdata:/srv/ca diff --git a/docker/run-dovecot b/docker/run-dovecot index 31b9b37..bcabcf8 100755 --- a/docker/run-dovecot +++ b/docker/run-dovecot @@ -7,4 +7,6 @@ chmod 0640 /etc/dovecot/imap_user.txt chown dovecot.dovecot /etc/dovecot/imap_user.txt echo "log_path = /dev/stderr" > /etc/dovecot/local.conf +trap "exit 0" TERM INT + dovecot -F diff --git a/docker/run-postfix b/docker/run-postfix index b9836f8..dba3653 100755 --- a/docker/run-postfix +++ b/docker/run-postfix @@ -4,4 +4,6 @@ set -eu mkdir -p /home/catchall/Maildir/tmp /home/catchall/Maildir/new /home/catchall/Maildir/cur chown -Rc catchall.catchall /home/catchall/Maildir +trap "exit 0" INT TERM + postfix start-fg diff --git a/docker/run-signer b/docker/run-signer index edf1ca0..c145ea5 100755 --- a/docker/run-signer +++ b/docker/run-signer @@ -2,10 +2,6 @@ set -eu -rm -f /srv/sockets/signer -socat -d -d PTY,link=/dev/ttyUSB0 UNIX-LISTEN:/srv/sockets/signer 2>&1 & -sleep 1 - export SERIAL_PORT=/dev/ttyUSB0 mkdir -p /srv/ca/CA/certs /srv/ca/CA/private /srv/ca/CA/newcerts @@ -13,18 +9,24 @@ cp /srv/testca/root/ca.crt.pem /srv/ca/CA/ca.crt.pem cp /srv/testca/root/private/ca.key.pem /srv/ca/CA/private/ca.key.pem if [ ! -f /srv/ca/CA/index.txt ]; then cp /srv/testca/root/index.txt /srv/ca/CA/index.txt; fi if [ ! -f /srv/ca/CA/index.txt.attr ]; then cp /srv/testca/root/index.txt.attr /srv/ca/CA/index.txt.attr; fi -if [ ! -f /srv/ca/CA/serial ]; then echo -n '00' > /srv/ca/CA/serial; fi -if [ ! -f /srv/ca/CA/crlnumber ]; then echo 1000 > /srv/ca/CA/crlnumber; fi +if [ ! -f /srv/ca/CA/serial ]; then printf '00' >/srv/ca/CA/serial; fi +if [ ! -f /srv/ca/CA/crlnumber ]; then echo 1000 >/srv/ca/CA/crlnumber; fi -mkdir -p /srv/ca/class3/certs /srv/ca/class3/private /srv/ca/class3/newcerts +mkdir -p /srv/ca/class3/certs /srv/ca/class3/private /srv/ca/class3/newcerts /srv/ca/gpg/gpg_root_0 cp /srv/testca/class3/ca.crt.pem /srv/ca/class3/ca.crt.pem cp /srv/testca/class3/private/ca.key.pem /srv/ca/class3/private/ca.key.pem if [ ! -f /srv/ca/class3/index.txt ]; then cp /srv/testca/class3/index.txt /srv/ca/class3/index.txt; fi if [ ! -f /srv/ca/class3/index.txt.attr ]; then cp /srv/testca/class3/index.txt.attr /srv/ca/class3/index.txt.attr; fi -if [ ! -f /srv/ca/class3/serial ]; then echo -n '00' > /srv/ca/class3/serial; fi -if [ ! -f /srv/ca/class3/crlnumber ]; then echo 1000 > /srv/ca/class3/crlnumber; fi +if [ ! -f /srv/ca/class3/serial ]; then printf '00' >/srv/ca/class3/serial; fi +if [ ! -f /srv/ca/class3/crlnumber ]; then echo 1000 >/srv/ca/class3/crlnumber; fi +if [ ! -f /srv/ca/gpg/gpg_root_0/secring.gpg ]; then cp /srv/testca/gpg/gpg_root_0/secring.gpg /srv/ca/gpg/gpg_root_0/secring.gpg; fi +if [ ! -f /srv/ca/gpg/gpg_root_0/pubring.gpg ]; then cp /srv/testca/gpg/gpg_root_0/pubring.gpg /srv/ca/gpg/gpg_root_0/pubring.gpg; fi + +rm -f /srv/sockets/signer +socat -d -d PTY,link=/dev/ttyUSB0 UNIX-LISTEN:/srv/sockets/signer 2>&1 & +sleep 1 cd /srv/CommModule/ touch server.pl-active -exec perl -w server.pl \ No newline at end of file +exec perl -w server.pl diff --git a/mgr.Dockerfile b/mgr.Dockerfile index e258fc3..46151f9 100644 --- a/mgr.Dockerfile +++ b/mgr.Dockerfile @@ -14,9 +14,10 @@ RUN apt-get update \ php5-mysql \ zendframework \ && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -STOPSIGNAL SIGWINCH + && rm -rf /var/lib/apt/lists/* \ + && curl --silent --location --output /usr/local/bin/dumb-init \ + https://github.com/Yelp/dumb-init/releases/download/v1.2.4/dumb-init_1.2.4_x86_64 \ + && chmod +x /usr/local/bin/dumb-init COPY docker/apache-mgr-foreground /usr/local/bin/ COPY testca/root/ca.crt.pem /usr/local/share/ca-certificates/testca_root.crt @@ -37,10 +38,11 @@ RUN a2ensite mgr.cacert.localhost ; \ a2enmod rewrite ; \ a2enmod ssl ; \ cd /usr/local/share/ca-certificates ; \ - curl -O http://www.cacert.org/certs/root_X0F.crt ; \ - curl -O http://www.cacert.org/certs/class3_X0E.crt ; \ + curl --silent --remote-name http://www.cacert.org/certs/root_X0F.crt ; \ + curl --silent --remote-name http://www.cacert.org/certs/class3_X0E.crt ; \ update-ca-certificates EXPOSE 443 +ENTRYPOINT ["/usr/local/bin/dumb-init", "--"] CMD ["/usr/local/bin/apache-mgr-foreground"] diff --git a/setup_test_ca.sh b/setup_test_ca.sh index 6b9a5fc..9a9a3b3 100755 --- a/setup_test_ca.sh +++ b/setup_test_ca.sh @@ -4,12 +4,15 @@ set -eu ORGANIZATION="CAcert Inc." COUNTRY_CODE="AU" +CACERT_GPG_NAME="CA Cert Signing Authority (Root CA)" +CACERT_GPG_EMAIL="gpg@cacert.localhost" + . ./.env if [ ! -d testca/ ]; then mkdir -p testca/ cd testca - mkdir -p root/newcerts class3/newcerts root/private class3/private certs + mkdir -p root/newcerts class3/newcerts root/private class3/private certs gpg/gpg_root_0 touch root/index.txt class3/index.txt else cd testca @@ -223,3 +226,17 @@ if [ ! -f certs/testclient.p12 ]; then -in certs/testclient.crt.pem \ -name "${CLIENT_CERT_USERNAME}" fi + +if [ ! -f gpg/gpg_root_0/secring.gpg ]; then + chmod 0700 gpg/gpg_root_0 + gpg --homedir gpg/gpg_root_0 --generate-key --batch < /etc/apt/sources. libdevice-serialport-perl \ libdigest-sha-perl \ libfile-counterfile-perl \ + libreadonly-perl \ openssl \ perl \ socat \ diff --git a/signer_client.Dockerfile b/signer_client.Dockerfile index b0d4ab3..577c018 100644 --- a/signer_client.Dockerfile +++ b/signer_client.Dockerfile @@ -11,7 +11,9 @@ RUN apt-get update \ libdbd-mysql-perl \ libdbi-perl \ libdevice-serialport-perl \ + libemail-mime-perl \ libfile-counterfile-perl \ + libreadonly-perl \ openssl \ perl \ socat \ diff --git a/webdb.Dockerfile b/webdb.Dockerfile index 5e3e5bd..fd3ff3d 100644 --- a/webdb.Dockerfile +++ b/webdb.Dockerfile @@ -37,9 +37,10 @@ RUN apt-get update \ wamerican \ whois \ && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -STOPSIGNAL SIGWINCH + && rm -rf /var/lib/apt/lists/* \ + && curl --silent --location --output /usr/local/bin/dumb-init \ + https://github.com/Yelp/dumb-init/releases/download/v1.2.4/dumb-init_1.2.4_x86_64 \ + && chmod +x /usr/local/bin/dumb-init COPY docker/apache-webdb-foreground /usr/local/bin/ COPY testca/root/ca.crt.pem /usr/local/share/ca-certificates/testca_root.crt @@ -64,11 +65,12 @@ RUN a2ensite www.cacert.localhost ; \ a2enmod ssl ; \ ln -s /etc/php5/mods-available/cacert.ini /etc/php5/apache2/conf.d/20-cacert.ini ; \ cd /usr/local/share/ca-certificates ; \ - curl -O http://www.cacert.org/certs/root_X0F.crt ; \ - curl -O http://www.cacert.org/certs/class3_X0E.crt ; \ + curl --silent --remote-name http://www.cacert.org/certs/root_X0F.crt ; \ + curl --silent --remote-name http://www.cacert.org/certs/class3_X0E.crt ; \ update-ca-certificates EXPOSE 80 EXPOSE 443 +ENTRYPOINT ["/usr/local/bin/dumb-init", "--"] CMD ["/usr/local/bin/apache-webdb-foreground"]