Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New script: Local Certificate Authority based upon Smallstep's step-ca #1655

Open
wants to merge 36 commits into
base: main
Choose a base branch
from
Open

New script: Local Certificate Authority based upon Smallstep's step-ca #1655

wants to merge 36 commits into from
+289 −0

Conversation

fwiegerinck
Copy link

✍️ Description

New script to create an Alpine-based container running a local Certificate Authority based upon Smallstep's OS "step-ca" (url: https://smallstep.com/docs/step-ca/).

This release provides - next to the default config GUI - a GUI to configure:

  • name of the CA
  • DNS hostnames to access the CA
  • X509 policies for the allowed DNS and IP addresses
  • optionally enable ACME service (at port 443)
  • Related Issue: #
  • Related PR: #
  • Related Discussion: #

✅ Prerequisites

The following steps must be completed for the pull request to be considered:

  • Self-review performed (I have reviewed my code to ensure it follows established patterns and conventions.)
  • Testing performed (I have thoroughly tested my changes and verified expected functionality.)

🛠️ Type of Change

Please check the relevant options:

  • [] Bug fix (non-breaking change that resolves an issue)
  • [] New feature (non-breaking change that adds functionality)
  • [] Breaking change (fix or feature that would cause existing functionality to change unexpectedly)
  • New script (a fully functional and thoroughly tested script or set of scripts)

📋 Additional Information (optional)

Provide any extra context or screenshots about the feature or fix here.

@fwiegerinck
Initial skeleton for step-ca script
b6a78dd
@fwiegerinck
Fix name of file and update flow
a8f4997
@fwiegerinck
Fix filename
5a8a1c2
@fwiegerinck
Set default password
58616c9
@fwiegerinck
Fix dependency path
dde9dcc
@fwiegerinck
Fix build paths
67be6ae
@fwiegerinck
Fix variables and names
7fa9aad
@fwiegerinck
Added dependencies
0ca441e
@fwiegerinck
Add more comments
b31d88b
@fwiegerinck
Remove wrong ENV-var
4ea7e25
@fwiegerinck
Request additional attributes
55447b0
@fwiegerinck
Initialize CA
6703755
@fwiegerinck
debug environment details
a64d440
@fwiegerinck
Use flat environment variables exported
9759a00
@fwiegerinck
Fix callout to ca-settings
915971b
@fwiegerinck
fix syntax
7cb5ebf
@fwiegerinck
Remove quotes from the parameters
a81592d
@fwiegerinck
Make ACM optional and allow X509 policies
07d1d22
@fwiegerinck
Small fixes
17b7756
@fwiegerinck
Remove obsolete line
c1f48e9
@fwiegerinck
- Update motd
4494fbb 
- Disable policy update due to issues
- Small updates
@fwiegerinck
Fix inclusion of command output
3ddc5bf
@fwiegerinck
Fix name of file
0e1f064
@fwiegerinck
Setup remote management for policies
8769ebc
@fwiegerinck
Improve order of actions
265ae98
@fwiegerinck
- Fixed defaults
98dcab2 
- Wait for service to be completed
- Cleanup old code
- Added documentation
@fwiegerinck
Attempt to fix validation
9fa583d
@fwiegerinck
Use other command to increase value
8681fa7
@fwiegerinck
Fix name of variable
01107a6
@fwiegerinck
Revert build.func
55e3ee6
@fwiegerinck fwiegerinck requested a review from a team as a code owner January 21, 2025 20:38
@github-actions github-actions bot added new script A change that adds a new script website A change to the website labels Jan 21, 2025
michelroegl-brunner
michelroegl-brunner reviewed Jan 21, 2025
View reviewed changes
Copy link
Member

@michelroegl-brunner michelroegl-brunner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This script breaks a few standards. First, why have you divided the installation in two parts?
Then remove the comments.
and you can remove the part with motd file. This is no longer used this way.

@github-actions github-actions bot added maintenance Code maintenance or general upkeep of the project high risk A change that can affect many scripts labels Jan 21, 2025
@fwiegerinck
Copy link
Author

fwiegerinck commented Jan 21, 2025
edited
Loading

@michelroegl-brunner Thanks for the feedback.

First, why have you divided the installation in two parts?

Assuming you refer to alpine-step-ca-install.sh, during troubleshooting I found it more stable /easier to complete the steps of the OS first (incl customizations) and amend with the installation and configuration of step-ca. in case the configuration fails, at least the OS is accessible.

Then remove the comments

Done

and you can remove the part with motd file. This is no longer used this way.

I switched to .profile avoiding motd, while the user can still quickly access the fingerprint to onboard new clients to the ACME service.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michelroegl-brunner michelroegl-brunner michelroegl-brunner left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
high risk A change that can affect many scripts maintenance Code maintenance or general upkeep of the project new script A change that adds a new script website A change to the website
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@fwiegerinck @michelroegl-brunner