Improve signer and signer_client setup

This commit is contained in:
Jan Dittberner 2020-12-24 08:03:24 +01:00
parent 774c6b0e9c
commit d0d7ba64d9
4 changed files with 22 additions and 11 deletions

View file

@ -33,8 +33,10 @@ ij_css_space_before_opening_brace = true
ij_css_use_double_quotes = true ij_css_use_double_quotes = true
ij_css_value_alignment = do_not_align ij_css_value_alignment = do_not_align
[*.pm] [{*.pl,*.pm}]
ij_continuation_indent_size = 4 indent_size = 2
tab_width = 2
ij_continuation_indent_size = 2
ij_perl5_align_attributes = false ij_perl5_align_attributes = false
ij_perl5_align_comments_on_consequent_lines = true ij_perl5_align_comments_on_consequent_lines = true
ij_perl5_align_consecutive_assignments = 0 ij_perl5_align_consecutive_assignments = 0
@ -52,9 +54,9 @@ ij_perl5_assignment_wrap = off
ij_perl5_attributes_wrap = 0 ij_perl5_attributes_wrap = 0
ij_perl5_binary_operation_sign_on_next_line = false ij_perl5_binary_operation_sign_on_next_line = false
ij_perl5_binary_operation_wrap = off ij_perl5_binary_operation_wrap = off
ij_perl5_brace_style_compound = 0 ij_perl5_brace_style_compound = 1
ij_perl5_brace_style_namespace = 0 ij_perl5_brace_style_namespace = 1
ij_perl5_brace_style_sub = 0 ij_perl5_brace_style_sub = 1
ij_perl5_call_parameters_wrap = off ij_perl5_call_parameters_wrap = off
ij_perl5_else_on_new_line = true ij_perl5_else_on_new_line = true
ij_perl5_keep_indents_on_empty_lines = false ij_perl5_keep_indents_on_empty_lines = false

View file

@ -37,9 +37,9 @@ services:
DEPLOYMENT_NAME: "CAcert.org Website (local development)" DEPLOYMENT_NAME: "CAcert.org Website (local development)"
MYSQL_WEBDB_HOSTNAME: db MYSQL_WEBDB_HOSTNAME: db
MYSQL_WEBDB_DATABASE: cacert MYSQL_WEBDB_DATABASE: cacert
CSR_DIRECTORY: /certs/csr CSR_DIRECTORY: /srv/certs/csr
CRT_DIRECTORY: /certs/crt CRT_DIRECTORY: /srv/certs/crt
CRL_DIRECTORY: /certs/crl CRL_DIRECTORY: /srv/certs/crl
DEFAULT_HOSTNAME: www.cacert.localhost DEFAULT_HOSTNAME: www.cacert.localhost
SECURE_HOSTNAME: secure.cacert.localhost SECURE_HOSTNAME: secure.cacert.localhost
TVERIFY_HOSTNAME: tverify.cacert.localhost TVERIFY_HOSTNAME: tverify.cacert.localhost
@ -57,7 +57,7 @@ services:
- smtp - smtp
volumes: volumes:
- ./cacert-software:/www - ./cacert-software:/www
- certstaging:/certs - certstaging:/srv/certs
mgr: mgr:
build: build:
context: . context: .
@ -99,11 +99,14 @@ services:
CSR_DIRECTORY: /srv/certs/csr CSR_DIRECTORY: /srv/certs/csr
CRT_DIRECTORY: /srv/certs/crt CRT_DIRECTORY: /srv/certs/crt
CRL_DIRECTORY: /srv/certs/crl CRL_DIRECTORY: /srv/certs/crl
SMTP_HOST: smtp
volumes: volumes:
- certstaging:/srv/certs - certstaging:/srv/certs
- signersockets:/srv/sockets - signersockets:/srv/sockets
depends_on: depends_on:
- db - db
- smtp
- signer
signer: signer:
build: build:
context: . context: .

View file

@ -12,14 +12,16 @@ mkdir -p /srv/ca/CA/certs /srv/ca/CA/private /srv/ca/CA/newcerts
cp /srv/testca/root/ca.crt.pem /srv/ca/CA/ca.crt.pem cp /srv/testca/root/ca.crt.pem /srv/ca/CA/ca.crt.pem
cp /srv/testca/root/private/ca.key.pem /srv/ca/CA/private/ca.key.pem cp /srv/testca/root/private/ca.key.pem /srv/ca/CA/private/ca.key.pem
if [ ! -f /srv/ca/CA/index.txt ]; then cp /srv/testca/root/index.txt /srv/ca/CA/index.txt; fi if [ ! -f /srv/ca/CA/index.txt ]; then cp /srv/testca/root/index.txt /srv/ca/CA/index.txt; fi
if [ ! -f /srv/ca/CA/serial ]; then echo 1 > /srv/ca/CA/serial; fi if [ ! -f /srv/ca/CA/index.txt.attr ]; then cp /srv/testca/root/index.txt.attr /srv/ca/CA/index.txt.attr; fi
if [ ! -f /srv/ca/CA/serial ]; then echo -n '00' > /srv/ca/CA/serial; fi
if [ ! -f /srv/ca/CA/crlnumber ]; then echo 1000 > /srv/ca/CA/crlnumber; fi if [ ! -f /srv/ca/CA/crlnumber ]; then echo 1000 > /srv/ca/CA/crlnumber; fi
mkdir -p /srv/ca/class3/certs /srv/ca/class3/private /srv/ca/class3/newcerts mkdir -p /srv/ca/class3/certs /srv/ca/class3/private /srv/ca/class3/newcerts
cp /srv/testca/class3/ca.crt.pem /srv/ca/class3/ca.crt.pem cp /srv/testca/class3/ca.crt.pem /srv/ca/class3/ca.crt.pem
cp /srv/testca/class3/private/ca.key.pem /srv/ca/class3/private/ca.key.pem cp /srv/testca/class3/private/ca.key.pem /srv/ca/class3/private/ca.key.pem
if [ ! -f /srv/ca/class3/index.txt ]; then cp /srv/testca/class3/index.txt /srv/ca/class3/index.txt; fi if [ ! -f /srv/ca/class3/index.txt ]; then cp /srv/testca/class3/index.txt /srv/ca/class3/index.txt; fi
if [ ! -f /srv/ca/class3/serial ]; then echo 1 > /srv/ca/class3/serial; fi if [ ! -f /srv/ca/class3/index.txt.attr ]; then cp /srv/testca/class3/index.txt.attr /srv/ca/class3/index.txt.attr; fi
if [ ! -f /srv/ca/class3/serial ]; then echo -n '00' > /srv/ca/class3/serial; fi
if [ ! -f /srv/ca/class3/crlnumber ]; then echo 1000 > /srv/ca/class3/crlnumber; fi if [ ! -f /srv/ca/class3/crlnumber ]; then echo 1000 > /srv/ca/class3/crlnumber; fi
cd /srv/CommModule/ cd /srv/CommModule/

View file

@ -1,8 +1,12 @@
FROM debian:jessie FROM debian:jessie
COPY testca/root/ca.crt.pem /usr/local/share/ca-certificates/testca_root.crt
COPY testca/class3/ca.crt.pem /usr/local/share/ca-certificates/testca_class3.crt
RUN apt-get update \ RUN apt-get update \
&& DEBIAN_FRONTEND=noninteractive \ && DEBIAN_FRONTEND=noninteractive \
apt-get install -y --no-install-recommends \ apt-get install -y --no-install-recommends \
ca-certificates \
gnupg \ gnupg \
libdbd-mysql-perl \ libdbd-mysql-perl \
libdbi-perl \ libdbi-perl \