forked from jan/cacert-devsetup
Merge branch 'master' into old_signer_image
This commit is contained in:
commit
da93c32436
11 changed files with 66 additions and 34 deletions
|
@ -34,9 +34,7 @@ ij_css_use_double_quotes = true
|
|||
ij_css_value_alignment = do_not_align
|
||||
|
||||
[{*.pl,*.pm}]
|
||||
indent_size = 2
|
||||
tab_width = 2
|
||||
ij_continuation_indent_size = 2
|
||||
ij_continuation_indent_size = 4
|
||||
ij_perl5_align_attributes = false
|
||||
ij_perl5_align_comments_on_consequent_lines = true
|
||||
ij_perl5_align_consecutive_assignments = 0
|
||||
|
@ -54,9 +52,9 @@ ij_perl5_assignment_wrap = off
|
|||
ij_perl5_attributes_wrap = 0
|
||||
ij_perl5_binary_operation_sign_on_next_line = false
|
||||
ij_perl5_binary_operation_wrap = off
|
||||
ij_perl5_brace_style_compound = 1
|
||||
ij_perl5_brace_style_namespace = 1
|
||||
ij_perl5_brace_style_sub = 1
|
||||
ij_perl5_brace_style_compound = 0
|
||||
ij_perl5_brace_style_namespace = 0
|
||||
ij_perl5_brace_style_sub = 0
|
||||
ij_perl5_call_parameters_wrap = off
|
||||
ij_perl5_else_on_new_line = true
|
||||
ij_perl5_keep_indents_on_empty_lines = false
|
||||
|
|
|
@ -11,9 +11,10 @@ RUN apt-get update \
|
|||
nullmailer \
|
||||
php5-mysql \
|
||||
&& apt-get clean \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
STOPSIGNAL SIGWINCH
|
||||
&& rm -rf /var/lib/apt/lists/* \
|
||||
&& curl --silent --location --output /usr/local/bin/dumb-init \
|
||||
https://github.com/Yelp/dumb-init/releases/download/v1.2.4/dumb-init_1.2.4_x86_64 \
|
||||
&& chmod +x /usr/local/bin/dumb-init
|
||||
|
||||
COPY docker/apache-cats-foreground /usr/local/bin/
|
||||
COPY testca/root/ca.crt.pem /usr/local/share/ca-certificates/testca_root.crt
|
||||
|
@ -33,10 +34,11 @@ RUN a2ensite cats.cacert.localhost ; \
|
|||
a2enmod rewrite ; \
|
||||
a2enmod ssl ; \
|
||||
cd /usr/local/share/ca-certificates ; \
|
||||
curl -O http://www.cacert.org/certs/root_X0F.crt ; \
|
||||
curl -O http://www.cacert.org/certs/class3_X0E.crt ; \
|
||||
curl --silent --remote-name http://www.cacert.org/certs/root_X0F.crt ; \
|
||||
curl --silent --remote-name http://www.cacert.org/certs/class3_X0E.crt ; \
|
||||
update-ca-certificates
|
||||
|
||||
EXPOSE 443
|
||||
|
||||
ENTRYPOINT ["/usr/local/bin/dumb-init", "--"]
|
||||
CMD ["/usr/local/bin/apache-cats-foreground"]
|
||||
|
|
|
@ -42,7 +42,6 @@ services:
|
|||
CRL_DIRECTORY: /srv/certs/crl
|
||||
DEFAULT_HOSTNAME: www.cacert.localhost
|
||||
SECURE_HOSTNAME: secure.cacert.localhost
|
||||
TVERIFY_HOSTNAME: tverify.cacert.localhost
|
||||
INSECURE_PORT: 8080
|
||||
SECURE_PORT: 8443
|
||||
RETURN_ADDRESS: "returns@cacert.localhost"
|
||||
|
@ -96,7 +95,6 @@ services:
|
|||
environment:
|
||||
MYSQL_WEBDB_HOSTNAME: db
|
||||
MYSQL_WEBDB_DATABASE: cacert
|
||||
CSR_DIRECTORY: /srv/certs/csr
|
||||
CRT_DIRECTORY: /srv/certs/crt
|
||||
CRL_DIRECTORY: /srv/certs/crl
|
||||
SMTP_HOST: smtp
|
||||
|
@ -115,6 +113,10 @@ services:
|
|||
SIGNER_WORKDIR: /srv/ca/work
|
||||
SIGNER_CA_CONFIG: /srv/caconfig
|
||||
SIGNER_BASEDIR: /srv/ca
|
||||
SIGNER_GPG_KEYRING_DIR: /srv/ca/gpg
|
||||
SIGNER_GPG_ID: gpg@cacert.localhost
|
||||
SIGNER_CPS_URL: https://www.cacert.localhost:8443/cps.php
|
||||
SIGNER_OCSP_URL: http://ocsp.cacert.localhost/
|
||||
volumes:
|
||||
- signersockets:/srv/sockets
|
||||
- signerdata:/srv/ca
|
||||
|
|
|
@ -7,4 +7,6 @@ chmod 0640 /etc/dovecot/imap_user.txt
|
|||
chown dovecot.dovecot /etc/dovecot/imap_user.txt
|
||||
echo "log_path = /dev/stderr" > /etc/dovecot/local.conf
|
||||
|
||||
trap "exit 0" TERM INT
|
||||
|
||||
dovecot -F
|
||||
|
|
|
@ -4,4 +4,6 @@ set -eu
|
|||
mkdir -p /home/catchall/Maildir/tmp /home/catchall/Maildir/new /home/catchall/Maildir/cur
|
||||
chown -Rc catchall.catchall /home/catchall/Maildir
|
||||
|
||||
trap "exit 0" INT TERM
|
||||
|
||||
postfix start-fg
|
||||
|
|
|
@ -2,10 +2,6 @@
|
|||
|
||||
set -eu
|
||||
|
||||
rm -f /srv/sockets/signer
|
||||
socat -d -d PTY,link=/dev/ttyUSB0 UNIX-LISTEN:/srv/sockets/signer 2>&1 &
|
||||
sleep 1
|
||||
|
||||
export SERIAL_PORT=/dev/ttyUSB0
|
||||
|
||||
mkdir -p /srv/ca/CA/certs /srv/ca/CA/private /srv/ca/CA/newcerts
|
||||
|
@ -13,16 +9,22 @@ cp /srv/testca/root/ca.crt.pem /srv/ca/CA/ca.crt.pem
|
|||
cp /srv/testca/root/private/ca.key.pem /srv/ca/CA/private/ca.key.pem
|
||||
if [ ! -f /srv/ca/CA/index.txt ]; then cp /srv/testca/root/index.txt /srv/ca/CA/index.txt; fi
|
||||
if [ ! -f /srv/ca/CA/index.txt.attr ]; then cp /srv/testca/root/index.txt.attr /srv/ca/CA/index.txt.attr; fi
|
||||
if [ ! -f /srv/ca/CA/serial ]; then echo -n '00' > /srv/ca/CA/serial; fi
|
||||
if [ ! -f /srv/ca/CA/serial ]; then printf '00' >/srv/ca/CA/serial; fi
|
||||
if [ ! -f /srv/ca/CA/crlnumber ]; then echo 1000 >/srv/ca/CA/crlnumber; fi
|
||||
|
||||
mkdir -p /srv/ca/class3/certs /srv/ca/class3/private /srv/ca/class3/newcerts
|
||||
mkdir -p /srv/ca/class3/certs /srv/ca/class3/private /srv/ca/class3/newcerts /srv/ca/gpg/gpg_root_0
|
||||
cp /srv/testca/class3/ca.crt.pem /srv/ca/class3/ca.crt.pem
|
||||
cp /srv/testca/class3/private/ca.key.pem /srv/ca/class3/private/ca.key.pem
|
||||
if [ ! -f /srv/ca/class3/index.txt ]; then cp /srv/testca/class3/index.txt /srv/ca/class3/index.txt; fi
|
||||
if [ ! -f /srv/ca/class3/index.txt.attr ]; then cp /srv/testca/class3/index.txt.attr /srv/ca/class3/index.txt.attr; fi
|
||||
if [ ! -f /srv/ca/class3/serial ]; then echo -n '00' > /srv/ca/class3/serial; fi
|
||||
if [ ! -f /srv/ca/class3/serial ]; then printf '00' >/srv/ca/class3/serial; fi
|
||||
if [ ! -f /srv/ca/class3/crlnumber ]; then echo 1000 >/srv/ca/class3/crlnumber; fi
|
||||
if [ ! -f /srv/ca/gpg/gpg_root_0/secring.gpg ]; then cp /srv/testca/gpg/gpg_root_0/secring.gpg /srv/ca/gpg/gpg_root_0/secring.gpg; fi
|
||||
if [ ! -f /srv/ca/gpg/gpg_root_0/pubring.gpg ]; then cp /srv/testca/gpg/gpg_root_0/pubring.gpg /srv/ca/gpg/gpg_root_0/pubring.gpg; fi
|
||||
|
||||
rm -f /srv/sockets/signer
|
||||
socat -d -d PTY,link=/dev/ttyUSB0 UNIX-LISTEN:/srv/sockets/signer 2>&1 &
|
||||
sleep 1
|
||||
|
||||
cd /srv/CommModule/
|
||||
|
||||
|
|
|
@ -14,9 +14,10 @@ RUN apt-get update \
|
|||
php5-mysql \
|
||||
zendframework \
|
||||
&& apt-get clean \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
STOPSIGNAL SIGWINCH
|
||||
&& rm -rf /var/lib/apt/lists/* \
|
||||
&& curl --silent --location --output /usr/local/bin/dumb-init \
|
||||
https://github.com/Yelp/dumb-init/releases/download/v1.2.4/dumb-init_1.2.4_x86_64 \
|
||||
&& chmod +x /usr/local/bin/dumb-init
|
||||
|
||||
COPY docker/apache-mgr-foreground /usr/local/bin/
|
||||
COPY testca/root/ca.crt.pem /usr/local/share/ca-certificates/testca_root.crt
|
||||
|
@ -37,10 +38,11 @@ RUN a2ensite mgr.cacert.localhost ; \
|
|||
a2enmod rewrite ; \
|
||||
a2enmod ssl ; \
|
||||
cd /usr/local/share/ca-certificates ; \
|
||||
curl -O http://www.cacert.org/certs/root_X0F.crt ; \
|
||||
curl -O http://www.cacert.org/certs/class3_X0E.crt ; \
|
||||
curl --silent --remote-name http://www.cacert.org/certs/root_X0F.crt ; \
|
||||
curl --silent --remote-name http://www.cacert.org/certs/class3_X0E.crt ; \
|
||||
update-ca-certificates
|
||||
|
||||
EXPOSE 443
|
||||
|
||||
ENTRYPOINT ["/usr/local/bin/dumb-init", "--"]
|
||||
CMD ["/usr/local/bin/apache-mgr-foreground"]
|
||||
|
|
|
@ -4,12 +4,15 @@ set -eu
|
|||
|
||||
ORGANIZATION="CAcert Inc."
|
||||
COUNTRY_CODE="AU"
|
||||
CACERT_GPG_NAME="CA Cert Signing Authority (Root CA)"
|
||||
CACERT_GPG_EMAIL="gpg@cacert.localhost"
|
||||
|
||||
. ./.env
|
||||
|
||||
if [ ! -d testca/ ]; then
|
||||
mkdir -p testca/
|
||||
cd testca
|
||||
mkdir -p root/newcerts class3/newcerts root/private class3/private certs
|
||||
mkdir -p root/newcerts class3/newcerts root/private class3/private certs gpg/gpg_root_0
|
||||
touch root/index.txt class3/index.txt
|
||||
else
|
||||
cd testca
|
||||
|
@ -223,3 +226,17 @@ if [ ! -f certs/testclient.p12 ]; then
|
|||
-in certs/testclient.crt.pem \
|
||||
-name "${CLIENT_CERT_USERNAME}"
|
||||
fi
|
||||
|
||||
if [ ! -f gpg/gpg_root_0/secring.gpg ]; then
|
||||
chmod 0700 gpg/gpg_root_0
|
||||
gpg --homedir gpg/gpg_root_0 --generate-key --batch <<EOF
|
||||
Key-Type: RSA
|
||||
Key-Length: 4096
|
||||
Key-Usage: cert
|
||||
Name-Real: ${CACERT_GPG_NAME}
|
||||
Name-Email: ${CACERT_GPG_EMAIL}
|
||||
%no-protection
|
||||
EOF
|
||||
gpg --homedir gpg/gpg_root_0 --export | gpg1 --homedir gpg/gpg_root_0 --import
|
||||
gpg --homedir gpg/gpg_root_0 --export-secret-keys | gpg1 --homedir gpg/gpg_root_0 --import
|
||||
fi
|
||||
|
|
|
@ -9,6 +9,7 @@ RUN echo "deb http://archive.debian.org/debian squeeze main" > /etc/apt/sources.
|
|||
libdevice-serialport-perl \
|
||||
libdigest-sha-perl \
|
||||
libfile-counterfile-perl \
|
||||
libreadonly-perl \
|
||||
openssl \
|
||||
perl \
|
||||
socat \
|
||||
|
|
|
@ -11,7 +11,9 @@ RUN apt-get update \
|
|||
libdbd-mysql-perl \
|
||||
libdbi-perl \
|
||||
libdevice-serialport-perl \
|
||||
libemail-mime-perl \
|
||||
libfile-counterfile-perl \
|
||||
libreadonly-perl \
|
||||
openssl \
|
||||
perl \
|
||||
socat \
|
||||
|
|
|
@ -37,9 +37,10 @@ RUN apt-get update \
|
|||
wamerican \
|
||||
whois \
|
||||
&& apt-get clean \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
STOPSIGNAL SIGWINCH
|
||||
&& rm -rf /var/lib/apt/lists/* \
|
||||
&& curl --silent --location --output /usr/local/bin/dumb-init \
|
||||
https://github.com/Yelp/dumb-init/releases/download/v1.2.4/dumb-init_1.2.4_x86_64 \
|
||||
&& chmod +x /usr/local/bin/dumb-init
|
||||
|
||||
COPY docker/apache-webdb-foreground /usr/local/bin/
|
||||
COPY testca/root/ca.crt.pem /usr/local/share/ca-certificates/testca_root.crt
|
||||
|
@ -64,11 +65,12 @@ RUN a2ensite www.cacert.localhost ; \
|
|||
a2enmod ssl ; \
|
||||
ln -s /etc/php5/mods-available/cacert.ini /etc/php5/apache2/conf.d/20-cacert.ini ; \
|
||||
cd /usr/local/share/ca-certificates ; \
|
||||
curl -O http://www.cacert.org/certs/root_X0F.crt ; \
|
||||
curl -O http://www.cacert.org/certs/class3_X0E.crt ; \
|
||||
curl --silent --remote-name http://www.cacert.org/certs/root_X0F.crt ; \
|
||||
curl --silent --remote-name http://www.cacert.org/certs/class3_X0E.crt ; \
|
||||
update-ca-certificates
|
||||
|
||||
EXPOSE 80
|
||||
EXPOSE 443
|
||||
|
||||
ENTRYPOINT ["/usr/local/bin/dumb-init", "--"]
|
||||
CMD ["/usr/local/bin/apache-webdb-foreground"]
|
||||
|
|
Loading…
Reference in a new issue