jan/cacert-devsetup
1
0
Fork 1
Code Issues Pull requests Releases Wiki Activity

Add GPG support to signer image

Browse source
This commit is contained in:
Jan Dittberner 2020-12-26 08:31:58 +01:00
parent 82f90f7fa2
commit b6bead34ab
3 changed files with 23 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

2
docker-compose.yml
View file

@ -115,6 +115,8 @@ services:
SIGNER_WORKDIR: /srv/ca/work SIGNER_WORKDIR: /srv/ca/work
SIGNER_CA_CONFIG: /srv/caconfig SIGNER_CA_CONFIG: /srv/caconfig
SIGNER_BASEDIR: /srv/ca SIGNER_BASEDIR: /srv/ca
SIGNER_GPG_KEYRING_DIR: /srv/ca/gpg
SIGNER_GPG_ID: gpg@cacert.localhost
volumes: volumes:
- signersockets:/srv/sockets - signersockets:/srv/sockets
- signerdata:/srv/ca - signerdata:/srv/ca

12
docker/run-signer
View file

@ -2,10 +2,6 @@
set -eu set -eu
rm -f /srv/sockets/signer
socat -d -d PTY,link=/dev/ttyUSB0 UNIX-LISTEN:/srv/sockets/signer 2>&1 &
sleep 1
export SERIAL_PORT=/dev/ttyUSB0 export SERIAL_PORT=/dev/ttyUSB0
mkdir -p /srv/ca/CA/certs /srv/ca/CA/private /srv/ca/CA/newcerts mkdir -p /srv/ca/CA/certs /srv/ca/CA/private /srv/ca/CA/newcerts
@ -16,13 +12,19 @@ if [ ! -f /srv/ca/CA/index.txt.attr ]; then cp /srv/testca/root/index.txt.attr /
if [ ! -f /srv/ca/CA/serial ]; then echo -n '00' > /srv/ca/CA/serial; fi if [ ! -f /srv/ca/CA/serial ]; then echo -n '00' > /srv/ca/CA/serial; fi
if [ ! -f /srv/ca/CA/crlnumber ]; then echo 1000 > /srv/ca/CA/crlnumber; fi if [ ! -f /srv/ca/CA/crlnumber ]; then echo 1000 > /srv/ca/CA/crlnumber; fi
mkdir -p /srv/ca/class3/certs /srv/ca/class3/private /srv/ca/class3/newcerts mkdir -p /srv/ca/class3/certs /srv/ca/class3/private /srv/ca/class3/newcerts /srv/ca/gpg/gpg_root_0
cp /srv/testca/class3/ca.crt.pem /srv/ca/class3/ca.crt.pem cp /srv/testca/class3/ca.crt.pem /srv/ca/class3/ca.crt.pem
cp /srv/testca/class3/private/ca.key.pem /srv/ca/class3/private/ca.key.pem cp /srv/testca/class3/private/ca.key.pem /srv/ca/class3/private/ca.key.pem
if [ ! -f /srv/ca/class3/index.txt ]; then cp /srv/testca/class3/index.txt /srv/ca/class3/index.txt; fi if [ ! -f /srv/ca/class3/index.txt ]; then cp /srv/testca/class3/index.txt /srv/ca/class3/index.txt; fi
if [ ! -f /srv/ca/class3/index.txt.attr ]; then cp /srv/testca/class3/index.txt.attr /srv/ca/class3/index.txt.attr; fi if [ ! -f /srv/ca/class3/index.txt.attr ]; then cp /srv/testca/class3/index.txt.attr /srv/ca/class3/index.txt.attr; fi
if [ ! -f /srv/ca/class3/serial ]; then echo -n '00' > /srv/ca/class3/serial; fi if [ ! -f /srv/ca/class3/serial ]; then echo -n '00' > /srv/ca/class3/serial; fi
if [ ! -f /srv/ca/class3/crlnumber ]; then echo 1000 > /srv/ca/class3/crlnumber; fi if [ ! -f /srv/ca/class3/crlnumber ]; then echo 1000 > /srv/ca/class3/crlnumber; fi
if [ ! -f /srv/ca/gpg/gpg_root_0/secring.gpg ]; then cp /srv/testca/gpg/gpg_root_0/secring.gpg /srv/ca/gpg/gpg_root_0/secring.gpg; fi
if [ ! -f /srv/ca/gpg/gpg_root_0/pubring.gpg ]; then cp /srv/testca/gpg/gpg_root_0/secring.gpg /srv/ca/gpg/gpg_root_0/pubring.gpg; fi
rm -f /srv/sockets/signer
socat -d -d PTY,link=/dev/ttyUSB0 UNIX-LISTEN:/srv/sockets/signer 2>&1 &
sleep 1
cd /srv/CommModule/ cd /srv/CommModule/

15
setup_test_ca.sh
View file

@ -9,7 +9,7 @@ COUNTRY_CODE="AU"
if [ ! -d testca/ ]; then if [ ! -d testca/ ]; then
mkdir -p testca/ mkdir -p testca/
cd testca cd testca
mkdir -p root/newcerts class3/newcerts root/private class3/private certs mkdir -p root/newcerts class3/newcerts root/private class3/private certs gpg/gpg_root_0
touch root/index.txt class3/index.txt touch root/index.txt class3/index.txt
else else
cd testca cd testca
@ -223,3 +223,16 @@ if [ ! -f certs/testclient.p12 ]; then
-in certs/testclient.crt.pem \ -in certs/testclient.crt.pem \
-name "${CLIENT_CERT_USERNAME}" -name "${CLIENT_CERT_USERNAME}"
fi fi
if [ ! -f gpg/gpg_root_0/secring.gpg ]; then
gpg --homedir testca/gpg/gpg_root_0 --generate-key --batch <<EOF
Key-Type: RSA
Key-Length: 4096
Key-Usage: cert
Name-Real: CAcert Inc. GnuPG WoT
Name-Email: gpg@cacert.localhost
%no-protection"
EOF
gpg --homedir testca/gpg/gpg_root_0 --export | gpg1 --homedir testca/gpg/gpg_root_0 --import
gpg --homedir testca/gpg/gpg_root_0 --export-secret-keys | gpg1 --homedir testca/gpg/gpg_root_0 --import
fi