Start adding signer containers

This is work in progress to add the signer components
2020-12-23 09:53:52 +01:00 · 2020-12-23 09:53:52 +01:00 · e8ad6b9ba7
commit e8ad6b9ba7
parent f9b0eb5195
8 changed files with 189 additions and 3 deletions
--- a/docker/run-signer
+++ b/docker/run-signer
@ -0,0 +1,14 @@
+#!/bin/sh
+
+set -eu
+
+rm -f /srv/sockets/signer
+socat -d -d PTY,link=/dev/ttyUSB0 UNIX-LISTEN:/srv/sockets/signer 2>&1 &
+sleep 1
+
+export SERIAL_PORT=/dev/ttyUSB0
+
+cd /srv/CommModule/
+
+touch server.pl-active
+exec perl -w server.pl
--- a/docker/run-signer_client
+++ b/docker/run-signer_client
@ -0,0 +1,13 @@
+#!/bin/sh
+
+set -eu
+
+socat -d -d UNIX:/srv/sockets/signer PTY,link=/dev/ttyS0 2>&1 &
+sleep 1
+
+export SERIAL_PORT=/dev/ttyS0
+
+cd /srv/CommModule/
+
+touch client.pl-active
+exec perl -w client.pl
--- a/docker/signer-config/class3-client.cnf
+++ b/docker/signer-config/class3-client.cnf
@ -0,0 +1,39 @@
+[ ca ]
+default_ca             = CA_default         # The default ca section
+
+[ CA_default ]
+dir                    = /srv/ca/class3      # Where everything is kept
+certs                  = $dir/certs          # Where the issued certs are kept
+crl_dir                = $dir/crl            # Where the issued crl are kept
+crlnumber              = $dir/crlnumber      # bug-1438
+database               = $dir/index.txt      # database index file.
+new_certs_dir          = $dir/newcerts       # default place for new certs.
+certificate            = $dir/ca.crt.pem     # The CA certificate
+serial                 = $dir/serial         # The current serial number
+crl                    = $dir/crl.pem        # The current CRL
+private_key            = $dir/ca.key.pem     # The private key
+RANDFILE               = $dir/private/.rand  # private random number file
+x509_extensions        = usr_cert            # The extentions to add to the cert
+default_days           = 200                 # how long to certify for
+default_crl_days       = 30                  # how long before next CRL
+default_md             = sha512              # which md to use.
+preserve               = no                  # keep passed DN ordering
+policy                 = policy_anything
+
+[ policy_anything ]
+countryName            = optional
+stateOrProvinceName    = optional
+localityName           = optional
+organizationName       = optional
+organizationalUnitName = optional
+commonName             = optional
+emailAddress           = optional
+
+[ usr_cert ]
+basicConstraints       = critical, CA:FALSE
+nsComment              = "To get your own certificate for FREE head over to http://www.CAcert.org"
+keyUsage               = critical, digitalSignature, keyEncipherment, keyAgreement
+extendedKeyUsage       = emailProtection, clientAuth, msEFS, msSGC, nsSGC
+authorityInfoAccess    = OCSP;URI:http://ocsp.cacert.org
+crlDistributionPoints  = URI:http://crl.cacert.localhost/class3-revoke.crl
+subjectAltName         = email:copy
--- a/docker/signer-config/openssl-client.cnf
+++ b/docker/signer-config/openssl-client.cnf
@ -0,0 +1,39 @@
+[ ca ]
+default_ca             = CA_default         # The default ca section
+
+[ CA_default ]
+dir                    = /srv/ca/CA          # Where everything is kept
+certs                  = $dir/certs          # Where the issued certs are kept
+crl_dir                = $dir/crl            # Where the issued crl are kept
+crlnumber              = $dir/crlnumber      # bug-1438
+database               = $dir/index.txt      # database index file.
+new_certs_dir          = $dir/newcerts       # default place for new certs.
+certificate            = $dir/ca.crt.pem     # The CA certificate
+serial                 = $dir/serial         # The current serial number
+crl                    = $dir/crl.pem        # The current CRL
+private_key            = $dir/ca.key.pem     # The private key
+RANDFILE               = $dir/private/.rand  # private random number file
+x509_extensions        = usr_cert            # The extentions to add to the cert
+default_days           = 200                 # how long to certify for
+default_crl_days       = 30                  # how long before next CRL
+default_md             = sha512              # which md to use.
+preserve               = no                  # keep passed DN ordering
+policy                 = policy_anything
+
+[ policy_anything ]
+countryName            = optional
+stateOrProvinceName    = optional
+localityName           = optional
+organizationName       = optional
+organizationalUnitName = optional
+commonName             = optional
+emailAddress           = optional
+
+[ usr_cert ]
+basicConstraints       = critical, CA:FALSE
+nsComment              = "To get your own certificate for FREE head over to http://www.CAcert.org"
+keyUsage               = critical, digitalSignature, keyEncipherment, keyAgreement
+extendedKeyUsage       = emailProtection, clientAuth, msEFS, msSGC, nsSGC
+authorityInfoAccess    = OCSP;URI:http://ocsp.cacert.org
+crlDistributionPoints  = URI:http://crl.cacert.localhost/revoke.crl
+subjectAltName         = email:copy