bdmc/cacert-devsetup
1
0
Fork 0
forked from jan/cacert-devsetup
Code Activity

Merge branch 'master' into old_signer_image

Browse source
This commit is contained in:
Jan Dittberner 2020-12-28 21:20:00 +01:00
commit da93c32436
11 changed files with 66 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

10
.editorconfig
View file

@ -34,9 +34,7 @@ ij_css_use_double_quotes = true
ij_css_value_alignment = do_not_align ij_css_value_alignment = do_not_align
[{*.pl,*.pm}] [{*.pl,*.pm}]
indent_size = 2 ij_continuation_indent_size = 4
tab_width = 2
ij_continuation_indent_size = 2
ij_perl5_align_attributes = false ij_perl5_align_attributes = false
ij_perl5_align_comments_on_consequent_lines = true ij_perl5_align_comments_on_consequent_lines = true
ij_perl5_align_consecutive_assignments = 0 ij_perl5_align_consecutive_assignments = 0
@ -54,9 +52,9 @@ ij_perl5_assignment_wrap = off
ij_perl5_attributes_wrap = 0 ij_perl5_attributes_wrap = 0
ij_perl5_binary_operation_sign_on_next_line = false ij_perl5_binary_operation_sign_on_next_line = false
ij_perl5_binary_operation_wrap = off ij_perl5_binary_operation_wrap = off
ij_perl5_brace_style_compound = 1 ij_perl5_brace_style_compound = 0
ij_perl5_brace_style_namespace = 1 ij_perl5_brace_style_namespace = 0
ij_perl5_brace_style_sub = 1 ij_perl5_brace_style_sub = 0
ij_perl5_call_parameters_wrap = off ij_perl5_call_parameters_wrap = off
ij_perl5_else_on_new_line = true ij_perl5_else_on_new_line = true
ij_perl5_keep_indents_on_empty_lines = false ij_perl5_keep_indents_on_empty_lines = false

12
cats.Dockerfile
View file

@ -11,9 +11,10 @@ RUN apt-get update \
nullmailer \ nullmailer \
php5-mysql \ php5-mysql \
&& apt-get clean \ && apt-get clean \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/* \
&& curl --silent --location --output /usr/local/bin/dumb-init \
STOPSIGNAL SIGWINCH https://github.com/Yelp/dumb-init/releases/download/v1.2.4/dumb-init_1.2.4_x86_64 \
&& chmod +x /usr/local/bin/dumb-init
COPY docker/apache-cats-foreground /usr/local/bin/ COPY docker/apache-cats-foreground /usr/local/bin/
COPY testca/root/ca.crt.pem /usr/local/share/ca-certificates/testca_root.crt COPY testca/root/ca.crt.pem /usr/local/share/ca-certificates/testca_root.crt
@ -33,10 +34,11 @@ RUN a2ensite cats.cacert.localhost ; \
a2enmod rewrite ; \ a2enmod rewrite ; \
a2enmod ssl ; \ a2enmod ssl ; \
cd /usr/local/share/ca-certificates ; \ cd /usr/local/share/ca-certificates ; \
curl -O http://www.cacert.org/certs/root_X0F.crt ; \ curl --silent --remote-name http://www.cacert.org/certs/root_X0F.crt ; \
curl -O http://www.cacert.org/certs/class3_X0E.crt ; \ curl --silent --remote-name http://www.cacert.org/certs/class3_X0E.crt ; \
update-ca-certificates update-ca-certificates
EXPOSE 443 EXPOSE 443
ENTRYPOINT ["/usr/local/bin/dumb-init", "--"]
CMD ["/usr/local/bin/apache-cats-foreground"] CMD ["/usr/local/bin/apache-cats-foreground"]

6
docker-compose.yml
View file

@ -42,7 +42,6 @@ services:
CRL_DIRECTORY: /srv/certs/crl CRL_DIRECTORY: /srv/certs/crl
DEFAULT_HOSTNAME: www.cacert.localhost DEFAULT_HOSTNAME: www.cacert.localhost
SECURE_HOSTNAME: secure.cacert.localhost SECURE_HOSTNAME: secure.cacert.localhost
TVERIFY_HOSTNAME: tverify.cacert.localhost
INSECURE_PORT: 8080 INSECURE_PORT: 8080
SECURE_PORT: 8443 SECURE_PORT: 8443
RETURN_ADDRESS: "returns@cacert.localhost" RETURN_ADDRESS: "returns@cacert.localhost"
@ -96,7 +95,6 @@ services:
environment: environment:
MYSQL_WEBDB_HOSTNAME: db MYSQL_WEBDB_HOSTNAME: db
MYSQL_WEBDB_DATABASE: cacert MYSQL_WEBDB_DATABASE: cacert
CSR_DIRECTORY: /srv/certs/csr
CRT_DIRECTORY: /srv/certs/crt CRT_DIRECTORY: /srv/certs/crt
CRL_DIRECTORY: /srv/certs/crl CRL_DIRECTORY: /srv/certs/crl
SMTP_HOST: smtp SMTP_HOST: smtp
@ -115,6 +113,10 @@ services:
SIGNER_WORKDIR: /srv/ca/work SIGNER_WORKDIR: /srv/ca/work
SIGNER_CA_CONFIG: /srv/caconfig SIGNER_CA_CONFIG: /srv/caconfig
SIGNER_BASEDIR: /srv/ca SIGNER_BASEDIR: /srv/ca
SIGNER_GPG_KEYRING_DIR: /srv/ca/gpg
SIGNER_GPG_ID: gpg@cacert.localhost
SIGNER_CPS_URL: https://www.cacert.localhost:8443/cps.php
SIGNER_OCSP_URL: http://ocsp.cacert.localhost/
volumes: volumes:
- signersockets:/srv/sockets - signersockets:/srv/sockets
- signerdata:/srv/ca - signerdata:/srv/ca

2
docker/run-dovecot
View file

@ -7,4 +7,6 @@ chmod 0640 /etc/dovecot/imap_user.txt
chown dovecot.dovecot /etc/dovecot/imap_user.txt chown dovecot.dovecot /etc/dovecot/imap_user.txt
echo "log_path = /dev/stderr" > /etc/dovecot/local.conf echo "log_path = /dev/stderr" > /etc/dovecot/local.conf
trap "exit 0" TERM INT
dovecot -F dovecot -F

2
docker/run-postfix
View file

@ -4,4 +4,6 @@ set -eu
mkdir -p /home/catchall/Maildir/tmp /home/catchall/Maildir/new /home/catchall/Maildir/cur mkdir -p /home/catchall/Maildir/tmp /home/catchall/Maildir/new /home/catchall/Maildir/cur
chown -Rc catchall.catchall /home/catchall/Maildir chown -Rc catchall.catchall /home/catchall/Maildir
trap "exit 0" INT TERM
postfix start-fg postfix start-fg

22
docker/run-signer
View file

@ -2,10 +2,6 @@
set -eu set -eu
rm -f /srv/sockets/signer
socat -d -d PTY,link=/dev/ttyUSB0 UNIX-LISTEN:/srv/sockets/signer 2>&1 &
sleep 1
export SERIAL_PORT=/dev/ttyUSB0 export SERIAL_PORT=/dev/ttyUSB0
mkdir -p /srv/ca/CA/certs /srv/ca/CA/private /srv/ca/CA/newcerts mkdir -p /srv/ca/CA/certs /srv/ca/CA/private /srv/ca/CA/newcerts
@ -13,18 +9,24 @@ cp /srv/testca/root/ca.crt.pem /srv/ca/CA/ca.crt.pem
cp /srv/testca/root/private/ca.key.pem /srv/ca/CA/private/ca.key.pem cp /srv/testca/root/private/ca.key.pem /srv/ca/CA/private/ca.key.pem
if [ ! -f /srv/ca/CA/index.txt ]; then cp /srv/testca/root/index.txt /srv/ca/CA/index.txt; fi if [ ! -f /srv/ca/CA/index.txt ]; then cp /srv/testca/root/index.txt /srv/ca/CA/index.txt; fi
if [ ! -f /srv/ca/CA/index.txt.attr ]; then cp /srv/testca/root/index.txt.attr /srv/ca/CA/index.txt.attr; fi if [ ! -f /srv/ca/CA/index.txt.attr ]; then cp /srv/testca/root/index.txt.attr /srv/ca/CA/index.txt.attr; fi
if [ ! -f /srv/ca/CA/serial ]; then echo -n '00' > /srv/ca/CA/serial; fi if [ ! -f /srv/ca/CA/serial ]; then printf '00' >/srv/ca/CA/serial; fi
if [ ! -f /srv/ca/CA/crlnumber ]; then echo 1000 > /srv/ca/CA/crlnumber; fi if [ ! -f /srv/ca/CA/crlnumber ]; then echo 1000 >/srv/ca/CA/crlnumber; fi
mkdir -p /srv/ca/class3/certs /srv/ca/class3/private /srv/ca/class3/newcerts mkdir -p /srv/ca/class3/certs /srv/ca/class3/private /srv/ca/class3/newcerts /srv/ca/gpg/gpg_root_0
cp /srv/testca/class3/ca.crt.pem /srv/ca/class3/ca.crt.pem cp /srv/testca/class3/ca.crt.pem /srv/ca/class3/ca.crt.pem
cp /srv/testca/class3/private/ca.key.pem /srv/ca/class3/private/ca.key.pem cp /srv/testca/class3/private/ca.key.pem /srv/ca/class3/private/ca.key.pem
if [ ! -f /srv/ca/class3/index.txt ]; then cp /srv/testca/class3/index.txt /srv/ca/class3/index.txt; fi if [ ! -f /srv/ca/class3/index.txt ]; then cp /srv/testca/class3/index.txt /srv/ca/class3/index.txt; fi
if [ ! -f /srv/ca/class3/index.txt.attr ]; then cp /srv/testca/class3/index.txt.attr /srv/ca/class3/index.txt.attr; fi if [ ! -f /srv/ca/class3/index.txt.attr ]; then cp /srv/testca/class3/index.txt.attr /srv/ca/class3/index.txt.attr; fi
if [ ! -f /srv/ca/class3/serial ]; then echo -n '00' > /srv/ca/class3/serial; fi if [ ! -f /srv/ca/class3/serial ]; then printf '00' >/srv/ca/class3/serial; fi
if [ ! -f /srv/ca/class3/crlnumber ]; then echo 1000 > /srv/ca/class3/crlnumber; fi if [ ! -f /srv/ca/class3/crlnumber ]; then echo 1000 >/srv/ca/class3/crlnumber; fi
if [ ! -f /srv/ca/gpg/gpg_root_0/secring.gpg ]; then cp /srv/testca/gpg/gpg_root_0/secring.gpg /srv/ca/gpg/gpg_root_0/secring.gpg; fi
if [ ! -f /srv/ca/gpg/gpg_root_0/pubring.gpg ]; then cp /srv/testca/gpg/gpg_root_0/pubring.gpg /srv/ca/gpg/gpg_root_0/pubring.gpg; fi
rm -f /srv/sockets/signer
socat -d -d PTY,link=/dev/ttyUSB0 UNIX-LISTEN:/srv/sockets/signer 2>&1 &
sleep 1
cd /srv/CommModule/ cd /srv/CommModule/
touch server.pl-active touch server.pl-active
exec perl -w server.pl exec perl -w server.pl

12
mgr.Dockerfile
View file

@ -14,9 +14,10 @@ RUN apt-get update \
php5-mysql \ php5-mysql \
zendframework \ zendframework \
&& apt-get clean \ && apt-get clean \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/* \
&& curl --silent --location --output /usr/local/bin/dumb-init \
STOPSIGNAL SIGWINCH https://github.com/Yelp/dumb-init/releases/download/v1.2.4/dumb-init_1.2.4_x86_64 \
&& chmod +x /usr/local/bin/dumb-init
COPY docker/apache-mgr-foreground /usr/local/bin/ COPY docker/apache-mgr-foreground /usr/local/bin/
COPY testca/root/ca.crt.pem /usr/local/share/ca-certificates/testca_root.crt COPY testca/root/ca.crt.pem /usr/local/share/ca-certificates/testca_root.crt
@ -37,10 +38,11 @@ RUN a2ensite mgr.cacert.localhost ; \
a2enmod rewrite ; \ a2enmod rewrite ; \
a2enmod ssl ; \ a2enmod ssl ; \
cd /usr/local/share/ca-certificates ; \ cd /usr/local/share/ca-certificates ; \
curl -O http://www.cacert.org/certs/root_X0F.crt ; \ curl --silent --remote-name http://www.cacert.org/certs/root_X0F.crt ; \
curl -O http://www.cacert.org/certs/class3_X0E.crt ; \ curl --silent --remote-name http://www.cacert.org/certs/class3_X0E.crt ; \
update-ca-certificates update-ca-certificates
EXPOSE 443 EXPOSE 443
ENTRYPOINT ["/usr/local/bin/dumb-init", "--"]
CMD ["/usr/local/bin/apache-mgr-foreground"] CMD ["/usr/local/bin/apache-mgr-foreground"]

19
setup_test_ca.sh
View file

@ -4,12 +4,15 @@ set -eu
ORGANIZATION="CAcert Inc." ORGANIZATION="CAcert Inc."
COUNTRY_CODE="AU" COUNTRY_CODE="AU"
CACERT_GPG_NAME="CA Cert Signing Authority (Root CA)"
CACERT_GPG_EMAIL="gpg@cacert.localhost"
. ./.env . ./.env
if [ ! -d testca/ ]; then if [ ! -d testca/ ]; then
mkdir -p testca/ mkdir -p testca/
cd testca cd testca
mkdir -p root/newcerts class3/newcerts root/private class3/private certs mkdir -p root/newcerts class3/newcerts root/private class3/private certs gpg/gpg_root_0
touch root/index.txt class3/index.txt touch root/index.txt class3/index.txt
else else
cd testca cd testca
@ -223,3 +226,17 @@ if [ ! -f certs/testclient.p12 ]; then
-in certs/testclient.crt.pem \ -in certs/testclient.crt.pem \
-name "${CLIENT_CERT_USERNAME}" -name "${CLIENT_CERT_USERNAME}"
fi fi
if [ ! -f gpg/gpg_root_0/secring.gpg ]; then
chmod 0700 gpg/gpg_root_0
gpg --homedir gpg/gpg_root_0 --generate-key --batch <<EOF
Key-Type: RSA
Key-Length: 4096
Key-Usage: cert
Name-Real: ${CACERT_GPG_NAME}
Name-Email: ${CACERT_GPG_EMAIL}
%no-protection
EOF
gpg --homedir gpg/gpg_root_0 --export | gpg1 --homedir gpg/gpg_root_0 --import
gpg --homedir gpg/gpg_root_0 --export-secret-keys | gpg1 --homedir gpg/gpg_root_0 --import
fi

1
signer.Dockerfile
View file

@ -9,6 +9,7 @@ RUN echo "deb http://archive.debian.org/debian squeeze main" > /etc/apt/sources.
libdevice-serialport-perl \ libdevice-serialport-perl \
libdigest-sha-perl \ libdigest-sha-perl \
libfile-counterfile-perl \ libfile-counterfile-perl \
libreadonly-perl \
openssl \ openssl \
perl \ perl \
socat \ socat \

2
signer_client.Dockerfile
View file

@ -11,7 +11,9 @@ RUN apt-get update \
libdbd-mysql-perl \ libdbd-mysql-perl \
libdbi-perl \ libdbi-perl \
libdevice-serialport-perl \ libdevice-serialport-perl \
libemail-mime-perl \
libfile-counterfile-perl \ libfile-counterfile-perl \
libreadonly-perl \
openssl \ openssl \
perl \ perl \
socat \ socat \

12
webdb.Dockerfile
View file

@ -37,9 +37,10 @@ RUN apt-get update \
wamerican \ wamerican \
whois \ whois \
&& apt-get clean \ && apt-get clean \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/* \
&& curl --silent --location --output /usr/local/bin/dumb-init \
STOPSIGNAL SIGWINCH https://github.com/Yelp/dumb-init/releases/download/v1.2.4/dumb-init_1.2.4_x86_64 \
&& chmod +x /usr/local/bin/dumb-init
COPY docker/apache-webdb-foreground /usr/local/bin/ COPY docker/apache-webdb-foreground /usr/local/bin/
COPY testca/root/ca.crt.pem /usr/local/share/ca-certificates/testca_root.crt COPY testca/root/ca.crt.pem /usr/local/share/ca-certificates/testca_root.crt
@ -64,11 +65,12 @@ RUN a2ensite www.cacert.localhost ; \
a2enmod ssl ; \ a2enmod ssl ; \
ln -s /etc/php5/mods-available/cacert.ini /etc/php5/apache2/conf.d/20-cacert.ini ; \ ln -s /etc/php5/mods-available/cacert.ini /etc/php5/apache2/conf.d/20-cacert.ini ; \
cd /usr/local/share/ca-certificates ; \ cd /usr/local/share/ca-certificates ; \
curl -O http://www.cacert.org/certs/root_X0F.crt ; \ curl --silent --remote-name http://www.cacert.org/certs/root_X0F.crt ; \
curl -O http://www.cacert.org/certs/class3_X0E.crt ; \ curl --silent --remote-name http://www.cacert.org/certs/class3_X0E.crt ; \
update-ca-certificates update-ca-certificates
EXPOSE 80 EXPOSE 80
EXPOSE 443 EXPOSE 443
ENTRYPOINT ["/usr/local/bin/dumb-init", "--"]
CMD ["/usr/local/bin/apache-webdb-foreground"] CMD ["/usr/local/bin/apache-webdb-foreground"]