forked from jan/cacert-devsetup
Merge branch 'master' into old_signer_image
This commit is contained in:
commit
da93c32436
11 changed files with 66 additions and 34 deletions
|
@ -34,9 +34,7 @@ ij_css_use_double_quotes = true
|
||||||
ij_css_value_alignment = do_not_align
|
ij_css_value_alignment = do_not_align
|
||||||
|
|
||||||
[{*.pl,*.pm}]
|
[{*.pl,*.pm}]
|
||||||
indent_size = 2
|
ij_continuation_indent_size = 4
|
||||||
tab_width = 2
|
|
||||||
ij_continuation_indent_size = 2
|
|
||||||
ij_perl5_align_attributes = false
|
ij_perl5_align_attributes = false
|
||||||
ij_perl5_align_comments_on_consequent_lines = true
|
ij_perl5_align_comments_on_consequent_lines = true
|
||||||
ij_perl5_align_consecutive_assignments = 0
|
ij_perl5_align_consecutive_assignments = 0
|
||||||
|
@ -54,9 +52,9 @@ ij_perl5_assignment_wrap = off
|
||||||
ij_perl5_attributes_wrap = 0
|
ij_perl5_attributes_wrap = 0
|
||||||
ij_perl5_binary_operation_sign_on_next_line = false
|
ij_perl5_binary_operation_sign_on_next_line = false
|
||||||
ij_perl5_binary_operation_wrap = off
|
ij_perl5_binary_operation_wrap = off
|
||||||
ij_perl5_brace_style_compound = 1
|
ij_perl5_brace_style_compound = 0
|
||||||
ij_perl5_brace_style_namespace = 1
|
ij_perl5_brace_style_namespace = 0
|
||||||
ij_perl5_brace_style_sub = 1
|
ij_perl5_brace_style_sub = 0
|
||||||
ij_perl5_call_parameters_wrap = off
|
ij_perl5_call_parameters_wrap = off
|
||||||
ij_perl5_else_on_new_line = true
|
ij_perl5_else_on_new_line = true
|
||||||
ij_perl5_keep_indents_on_empty_lines = false
|
ij_perl5_keep_indents_on_empty_lines = false
|
||||||
|
|
|
@ -11,9 +11,10 @@ RUN apt-get update \
|
||||||
nullmailer \
|
nullmailer \
|
||||||
php5-mysql \
|
php5-mysql \
|
||||||
&& apt-get clean \
|
&& apt-get clean \
|
||||||
&& rm -rf /var/lib/apt/lists/*
|
&& rm -rf /var/lib/apt/lists/* \
|
||||||
|
&& curl --silent --location --output /usr/local/bin/dumb-init \
|
||||||
STOPSIGNAL SIGWINCH
|
https://github.com/Yelp/dumb-init/releases/download/v1.2.4/dumb-init_1.2.4_x86_64 \
|
||||||
|
&& chmod +x /usr/local/bin/dumb-init
|
||||||
|
|
||||||
COPY docker/apache-cats-foreground /usr/local/bin/
|
COPY docker/apache-cats-foreground /usr/local/bin/
|
||||||
COPY testca/root/ca.crt.pem /usr/local/share/ca-certificates/testca_root.crt
|
COPY testca/root/ca.crt.pem /usr/local/share/ca-certificates/testca_root.crt
|
||||||
|
@ -33,10 +34,11 @@ RUN a2ensite cats.cacert.localhost ; \
|
||||||
a2enmod rewrite ; \
|
a2enmod rewrite ; \
|
||||||
a2enmod ssl ; \
|
a2enmod ssl ; \
|
||||||
cd /usr/local/share/ca-certificates ; \
|
cd /usr/local/share/ca-certificates ; \
|
||||||
curl -O http://www.cacert.org/certs/root_X0F.crt ; \
|
curl --silent --remote-name http://www.cacert.org/certs/root_X0F.crt ; \
|
||||||
curl -O http://www.cacert.org/certs/class3_X0E.crt ; \
|
curl --silent --remote-name http://www.cacert.org/certs/class3_X0E.crt ; \
|
||||||
update-ca-certificates
|
update-ca-certificates
|
||||||
|
|
||||||
EXPOSE 443
|
EXPOSE 443
|
||||||
|
|
||||||
|
ENTRYPOINT ["/usr/local/bin/dumb-init", "--"]
|
||||||
CMD ["/usr/local/bin/apache-cats-foreground"]
|
CMD ["/usr/local/bin/apache-cats-foreground"]
|
||||||
|
|
|
@ -42,7 +42,6 @@ services:
|
||||||
CRL_DIRECTORY: /srv/certs/crl
|
CRL_DIRECTORY: /srv/certs/crl
|
||||||
DEFAULT_HOSTNAME: www.cacert.localhost
|
DEFAULT_HOSTNAME: www.cacert.localhost
|
||||||
SECURE_HOSTNAME: secure.cacert.localhost
|
SECURE_HOSTNAME: secure.cacert.localhost
|
||||||
TVERIFY_HOSTNAME: tverify.cacert.localhost
|
|
||||||
INSECURE_PORT: 8080
|
INSECURE_PORT: 8080
|
||||||
SECURE_PORT: 8443
|
SECURE_PORT: 8443
|
||||||
RETURN_ADDRESS: "returns@cacert.localhost"
|
RETURN_ADDRESS: "returns@cacert.localhost"
|
||||||
|
@ -96,7 +95,6 @@ services:
|
||||||
environment:
|
environment:
|
||||||
MYSQL_WEBDB_HOSTNAME: db
|
MYSQL_WEBDB_HOSTNAME: db
|
||||||
MYSQL_WEBDB_DATABASE: cacert
|
MYSQL_WEBDB_DATABASE: cacert
|
||||||
CSR_DIRECTORY: /srv/certs/csr
|
|
||||||
CRT_DIRECTORY: /srv/certs/crt
|
CRT_DIRECTORY: /srv/certs/crt
|
||||||
CRL_DIRECTORY: /srv/certs/crl
|
CRL_DIRECTORY: /srv/certs/crl
|
||||||
SMTP_HOST: smtp
|
SMTP_HOST: smtp
|
||||||
|
@ -115,6 +113,10 @@ services:
|
||||||
SIGNER_WORKDIR: /srv/ca/work
|
SIGNER_WORKDIR: /srv/ca/work
|
||||||
SIGNER_CA_CONFIG: /srv/caconfig
|
SIGNER_CA_CONFIG: /srv/caconfig
|
||||||
SIGNER_BASEDIR: /srv/ca
|
SIGNER_BASEDIR: /srv/ca
|
||||||
|
SIGNER_GPG_KEYRING_DIR: /srv/ca/gpg
|
||||||
|
SIGNER_GPG_ID: gpg@cacert.localhost
|
||||||
|
SIGNER_CPS_URL: https://www.cacert.localhost:8443/cps.php
|
||||||
|
SIGNER_OCSP_URL: http://ocsp.cacert.localhost/
|
||||||
volumes:
|
volumes:
|
||||||
- signersockets:/srv/sockets
|
- signersockets:/srv/sockets
|
||||||
- signerdata:/srv/ca
|
- signerdata:/srv/ca
|
||||||
|
|
|
@ -7,4 +7,6 @@ chmod 0640 /etc/dovecot/imap_user.txt
|
||||||
chown dovecot.dovecot /etc/dovecot/imap_user.txt
|
chown dovecot.dovecot /etc/dovecot/imap_user.txt
|
||||||
echo "log_path = /dev/stderr" > /etc/dovecot/local.conf
|
echo "log_path = /dev/stderr" > /etc/dovecot/local.conf
|
||||||
|
|
||||||
|
trap "exit 0" TERM INT
|
||||||
|
|
||||||
dovecot -F
|
dovecot -F
|
||||||
|
|
|
@ -4,4 +4,6 @@ set -eu
|
||||||
mkdir -p /home/catchall/Maildir/tmp /home/catchall/Maildir/new /home/catchall/Maildir/cur
|
mkdir -p /home/catchall/Maildir/tmp /home/catchall/Maildir/new /home/catchall/Maildir/cur
|
||||||
chown -Rc catchall.catchall /home/catchall/Maildir
|
chown -Rc catchall.catchall /home/catchall/Maildir
|
||||||
|
|
||||||
|
trap "exit 0" INT TERM
|
||||||
|
|
||||||
postfix start-fg
|
postfix start-fg
|
||||||
|
|
|
@ -2,10 +2,6 @@
|
||||||
|
|
||||||
set -eu
|
set -eu
|
||||||
|
|
||||||
rm -f /srv/sockets/signer
|
|
||||||
socat -d -d PTY,link=/dev/ttyUSB0 UNIX-LISTEN:/srv/sockets/signer 2>&1 &
|
|
||||||
sleep 1
|
|
||||||
|
|
||||||
export SERIAL_PORT=/dev/ttyUSB0
|
export SERIAL_PORT=/dev/ttyUSB0
|
||||||
|
|
||||||
mkdir -p /srv/ca/CA/certs /srv/ca/CA/private /srv/ca/CA/newcerts
|
mkdir -p /srv/ca/CA/certs /srv/ca/CA/private /srv/ca/CA/newcerts
|
||||||
|
@ -13,16 +9,22 @@ cp /srv/testca/root/ca.crt.pem /srv/ca/CA/ca.crt.pem
|
||||||
cp /srv/testca/root/private/ca.key.pem /srv/ca/CA/private/ca.key.pem
|
cp /srv/testca/root/private/ca.key.pem /srv/ca/CA/private/ca.key.pem
|
||||||
if [ ! -f /srv/ca/CA/index.txt ]; then cp /srv/testca/root/index.txt /srv/ca/CA/index.txt; fi
|
if [ ! -f /srv/ca/CA/index.txt ]; then cp /srv/testca/root/index.txt /srv/ca/CA/index.txt; fi
|
||||||
if [ ! -f /srv/ca/CA/index.txt.attr ]; then cp /srv/testca/root/index.txt.attr /srv/ca/CA/index.txt.attr; fi
|
if [ ! -f /srv/ca/CA/index.txt.attr ]; then cp /srv/testca/root/index.txt.attr /srv/ca/CA/index.txt.attr; fi
|
||||||
if [ ! -f /srv/ca/CA/serial ]; then echo -n '00' > /srv/ca/CA/serial; fi
|
if [ ! -f /srv/ca/CA/serial ]; then printf '00' >/srv/ca/CA/serial; fi
|
||||||
if [ ! -f /srv/ca/CA/crlnumber ]; then echo 1000 > /srv/ca/CA/crlnumber; fi
|
if [ ! -f /srv/ca/CA/crlnumber ]; then echo 1000 >/srv/ca/CA/crlnumber; fi
|
||||||
|
|
||||||
mkdir -p /srv/ca/class3/certs /srv/ca/class3/private /srv/ca/class3/newcerts
|
mkdir -p /srv/ca/class3/certs /srv/ca/class3/private /srv/ca/class3/newcerts /srv/ca/gpg/gpg_root_0
|
||||||
cp /srv/testca/class3/ca.crt.pem /srv/ca/class3/ca.crt.pem
|
cp /srv/testca/class3/ca.crt.pem /srv/ca/class3/ca.crt.pem
|
||||||
cp /srv/testca/class3/private/ca.key.pem /srv/ca/class3/private/ca.key.pem
|
cp /srv/testca/class3/private/ca.key.pem /srv/ca/class3/private/ca.key.pem
|
||||||
if [ ! -f /srv/ca/class3/index.txt ]; then cp /srv/testca/class3/index.txt /srv/ca/class3/index.txt; fi
|
if [ ! -f /srv/ca/class3/index.txt ]; then cp /srv/testca/class3/index.txt /srv/ca/class3/index.txt; fi
|
||||||
if [ ! -f /srv/ca/class3/index.txt.attr ]; then cp /srv/testca/class3/index.txt.attr /srv/ca/class3/index.txt.attr; fi
|
if [ ! -f /srv/ca/class3/index.txt.attr ]; then cp /srv/testca/class3/index.txt.attr /srv/ca/class3/index.txt.attr; fi
|
||||||
if [ ! -f /srv/ca/class3/serial ]; then echo -n '00' > /srv/ca/class3/serial; fi
|
if [ ! -f /srv/ca/class3/serial ]; then printf '00' >/srv/ca/class3/serial; fi
|
||||||
if [ ! -f /srv/ca/class3/crlnumber ]; then echo 1000 > /srv/ca/class3/crlnumber; fi
|
if [ ! -f /srv/ca/class3/crlnumber ]; then echo 1000 >/srv/ca/class3/crlnumber; fi
|
||||||
|
if [ ! -f /srv/ca/gpg/gpg_root_0/secring.gpg ]; then cp /srv/testca/gpg/gpg_root_0/secring.gpg /srv/ca/gpg/gpg_root_0/secring.gpg; fi
|
||||||
|
if [ ! -f /srv/ca/gpg/gpg_root_0/pubring.gpg ]; then cp /srv/testca/gpg/gpg_root_0/pubring.gpg /srv/ca/gpg/gpg_root_0/pubring.gpg; fi
|
||||||
|
|
||||||
|
rm -f /srv/sockets/signer
|
||||||
|
socat -d -d PTY,link=/dev/ttyUSB0 UNIX-LISTEN:/srv/sockets/signer 2>&1 &
|
||||||
|
sleep 1
|
||||||
|
|
||||||
cd /srv/CommModule/
|
cd /srv/CommModule/
|
||||||
|
|
||||||
|
|
|
@ -14,9 +14,10 @@ RUN apt-get update \
|
||||||
php5-mysql \
|
php5-mysql \
|
||||||
zendframework \
|
zendframework \
|
||||||
&& apt-get clean \
|
&& apt-get clean \
|
||||||
&& rm -rf /var/lib/apt/lists/*
|
&& rm -rf /var/lib/apt/lists/* \
|
||||||
|
&& curl --silent --location --output /usr/local/bin/dumb-init \
|
||||||
STOPSIGNAL SIGWINCH
|
https://github.com/Yelp/dumb-init/releases/download/v1.2.4/dumb-init_1.2.4_x86_64 \
|
||||||
|
&& chmod +x /usr/local/bin/dumb-init
|
||||||
|
|
||||||
COPY docker/apache-mgr-foreground /usr/local/bin/
|
COPY docker/apache-mgr-foreground /usr/local/bin/
|
||||||
COPY testca/root/ca.crt.pem /usr/local/share/ca-certificates/testca_root.crt
|
COPY testca/root/ca.crt.pem /usr/local/share/ca-certificates/testca_root.crt
|
||||||
|
@ -37,10 +38,11 @@ RUN a2ensite mgr.cacert.localhost ; \
|
||||||
a2enmod rewrite ; \
|
a2enmod rewrite ; \
|
||||||
a2enmod ssl ; \
|
a2enmod ssl ; \
|
||||||
cd /usr/local/share/ca-certificates ; \
|
cd /usr/local/share/ca-certificates ; \
|
||||||
curl -O http://www.cacert.org/certs/root_X0F.crt ; \
|
curl --silent --remote-name http://www.cacert.org/certs/root_X0F.crt ; \
|
||||||
curl -O http://www.cacert.org/certs/class3_X0E.crt ; \
|
curl --silent --remote-name http://www.cacert.org/certs/class3_X0E.crt ; \
|
||||||
update-ca-certificates
|
update-ca-certificates
|
||||||
|
|
||||||
EXPOSE 443
|
EXPOSE 443
|
||||||
|
|
||||||
|
ENTRYPOINT ["/usr/local/bin/dumb-init", "--"]
|
||||||
CMD ["/usr/local/bin/apache-mgr-foreground"]
|
CMD ["/usr/local/bin/apache-mgr-foreground"]
|
||||||
|
|
|
@ -4,12 +4,15 @@ set -eu
|
||||||
|
|
||||||
ORGANIZATION="CAcert Inc."
|
ORGANIZATION="CAcert Inc."
|
||||||
COUNTRY_CODE="AU"
|
COUNTRY_CODE="AU"
|
||||||
|
CACERT_GPG_NAME="CA Cert Signing Authority (Root CA)"
|
||||||
|
CACERT_GPG_EMAIL="gpg@cacert.localhost"
|
||||||
|
|
||||||
. ./.env
|
. ./.env
|
||||||
|
|
||||||
if [ ! -d testca/ ]; then
|
if [ ! -d testca/ ]; then
|
||||||
mkdir -p testca/
|
mkdir -p testca/
|
||||||
cd testca
|
cd testca
|
||||||
mkdir -p root/newcerts class3/newcerts root/private class3/private certs
|
mkdir -p root/newcerts class3/newcerts root/private class3/private certs gpg/gpg_root_0
|
||||||
touch root/index.txt class3/index.txt
|
touch root/index.txt class3/index.txt
|
||||||
else
|
else
|
||||||
cd testca
|
cd testca
|
||||||
|
@ -223,3 +226,17 @@ if [ ! -f certs/testclient.p12 ]; then
|
||||||
-in certs/testclient.crt.pem \
|
-in certs/testclient.crt.pem \
|
||||||
-name "${CLIENT_CERT_USERNAME}"
|
-name "${CLIENT_CERT_USERNAME}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ ! -f gpg/gpg_root_0/secring.gpg ]; then
|
||||||
|
chmod 0700 gpg/gpg_root_0
|
||||||
|
gpg --homedir gpg/gpg_root_0 --generate-key --batch <<EOF
|
||||||
|
Key-Type: RSA
|
||||||
|
Key-Length: 4096
|
||||||
|
Key-Usage: cert
|
||||||
|
Name-Real: ${CACERT_GPG_NAME}
|
||||||
|
Name-Email: ${CACERT_GPG_EMAIL}
|
||||||
|
%no-protection
|
||||||
|
EOF
|
||||||
|
gpg --homedir gpg/gpg_root_0 --export | gpg1 --homedir gpg/gpg_root_0 --import
|
||||||
|
gpg --homedir gpg/gpg_root_0 --export-secret-keys | gpg1 --homedir gpg/gpg_root_0 --import
|
||||||
|
fi
|
||||||
|
|
|
@ -9,6 +9,7 @@ RUN echo "deb http://archive.debian.org/debian squeeze main" > /etc/apt/sources.
|
||||||
libdevice-serialport-perl \
|
libdevice-serialport-perl \
|
||||||
libdigest-sha-perl \
|
libdigest-sha-perl \
|
||||||
libfile-counterfile-perl \
|
libfile-counterfile-perl \
|
||||||
|
libreadonly-perl \
|
||||||
openssl \
|
openssl \
|
||||||
perl \
|
perl \
|
||||||
socat \
|
socat \
|
||||||
|
|
|
@ -11,7 +11,9 @@ RUN apt-get update \
|
||||||
libdbd-mysql-perl \
|
libdbd-mysql-perl \
|
||||||
libdbi-perl \
|
libdbi-perl \
|
||||||
libdevice-serialport-perl \
|
libdevice-serialport-perl \
|
||||||
|
libemail-mime-perl \
|
||||||
libfile-counterfile-perl \
|
libfile-counterfile-perl \
|
||||||
|
libreadonly-perl \
|
||||||
openssl \
|
openssl \
|
||||||
perl \
|
perl \
|
||||||
socat \
|
socat \
|
||||||
|
|
|
@ -37,9 +37,10 @@ RUN apt-get update \
|
||||||
wamerican \
|
wamerican \
|
||||||
whois \
|
whois \
|
||||||
&& apt-get clean \
|
&& apt-get clean \
|
||||||
&& rm -rf /var/lib/apt/lists/*
|
&& rm -rf /var/lib/apt/lists/* \
|
||||||
|
&& curl --silent --location --output /usr/local/bin/dumb-init \
|
||||||
STOPSIGNAL SIGWINCH
|
https://github.com/Yelp/dumb-init/releases/download/v1.2.4/dumb-init_1.2.4_x86_64 \
|
||||||
|
&& chmod +x /usr/local/bin/dumb-init
|
||||||
|
|
||||||
COPY docker/apache-webdb-foreground /usr/local/bin/
|
COPY docker/apache-webdb-foreground /usr/local/bin/
|
||||||
COPY testca/root/ca.crt.pem /usr/local/share/ca-certificates/testca_root.crt
|
COPY testca/root/ca.crt.pem /usr/local/share/ca-certificates/testca_root.crt
|
||||||
|
@ -64,11 +65,12 @@ RUN a2ensite www.cacert.localhost ; \
|
||||||
a2enmod ssl ; \
|
a2enmod ssl ; \
|
||||||
ln -s /etc/php5/mods-available/cacert.ini /etc/php5/apache2/conf.d/20-cacert.ini ; \
|
ln -s /etc/php5/mods-available/cacert.ini /etc/php5/apache2/conf.d/20-cacert.ini ; \
|
||||||
cd /usr/local/share/ca-certificates ; \
|
cd /usr/local/share/ca-certificates ; \
|
||||||
curl -O http://www.cacert.org/certs/root_X0F.crt ; \
|
curl --silent --remote-name http://www.cacert.org/certs/root_X0F.crt ; \
|
||||||
curl -O http://www.cacert.org/certs/class3_X0E.crt ; \
|
curl --silent --remote-name http://www.cacert.org/certs/class3_X0E.crt ; \
|
||||||
update-ca-certificates
|
update-ca-certificates
|
||||||
|
|
||||||
EXPOSE 80
|
EXPOSE 80
|
||||||
EXPOSE 443
|
EXPOSE 443
|
||||||
|
|
||||||
|
ENTRYPOINT ["/usr/local/bin/dumb-init", "--"]
|
||||||
CMD ["/usr/local/bin/apache-webdb-foreground"]
|
CMD ["/usr/local/bin/apache-webdb-foreground"]
|
||||||
|
|
Loading…
Reference in a new issue