Merge branch 'master' into hs/scep

2021-03-06 22:47:36 +01:00 · 2021-03-06 22:47:36 +01:00 · 99654f0efe
commit 99654f0efe
parent 9df5f513e7 94a895994f
11 changed files with 28 additions and 74 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -20,7 +20,7 @@ jobs:
        name: Setup Go
        uses: actions/setup-go@v2
        with:
-          go-version: '^1.15.8'
+          go-version: '1.15.8'
      -
        name: Install Deps
        id: install-deps
@ -105,7 +105,7 @@ jobs:
        name: Set up Go
        uses: actions/setup-go@v2
        with:
-          go-version: '^1.15.8'
+          go-version: '1.15.8'
      -
        name: APT Install
        id: aptInstall
@ -135,7 +135,7 @@ jobs:
      - name: Setup Go
        uses: actions/setup-go@v2
        with:
-          go-version: '^1.15.8'
+          go-version: '1.15.8'
      - name: Build
        id: build
        run: |
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -18,7 +18,7 @@ jobs:
      - name: Setup Go
        uses: actions/setup-go@v2
        with:
-          go-version: '^1.15.6'
+          go-version: '1.15.6'
      - name: Install Deps
        id: install-deps
        run: sudo apt-get -y install libpcsclite-dev
--- a/24
+++ b/24
@ -215,7 +215,7 @@ run:
 #########################################

 changelog:
-	$Q echo "step-certificates ($(DEB_VERSION)) unstable; urgency=medium" > debian/changelog
+	$Q echo "step-ca ($(DEB_VERSION)) unstable; urgency=medium" > debian/changelog
 	$Q echo >> debian/changelog
 	$Q echo "  * See https://github.com/smallstep/certificates/releases" >> debian/changelog
 	$Q echo >> debian/changelog
@ -223,7 +223,7 @@ changelog:

 debian: changelog
 	$Q mkdir -p $(RELEASE); \
-	OUTPUT=../step-certificates_*.deb; \
+	OUTPUT=../step-ca*.deb; \
 	rm $$OUTPUT; \
 	dpkg-buildpackage -b -rfakeroot -us -uc && cp $$OUTPUT $(RELEASE)/

@ -236,7 +236,7 @@ distclean: clean
 #################################################

 BINARY_OUTPUT=$(OUTPUT_ROOT)binary/
-RELEASE=./.travis-releases
+RELEASE=./.releases

 define BUNDLE_MAKE
 	# $(1) -- Go Operating System (e.g. linux, darwin, windows, etc.)
@ -258,23 +258,7 @@ binary-linux-armv7:
 binary-darwin:
 	$(call BUNDLE_MAKE,darwin,amd64,,$(BINARY_OUTPUT)darwin/)

-define BUNDLE
-    # $(1) -- Binary Output Dir Name
-	# $(2) -- Step Platform Name
-	# $(3) -- Step Binary Architecture
-	# $(4) -- Step Binary Name (For Windows Comaptibility)
-	$(q) ./make/bundle.sh "$(BINARY_OUTPUT)$(1)" "$(RELEASE)" "$(VERSION)" "$(2)" "$(3)" "$(4)" "$(5)" "$(6)"
-endef
-
-bundle-linux: binary-linux binary-linux-arm64 binary-linux-armv7
-	$(call BUNDLE,linux,linux,amd64,$(BINNAME),$(CLOUDKMS_BINNAME),$(AWSKMS_BINNAME))
-	$(call BUNDLE,linux.arm64,linux,arm64,$(BINNAME),$(CLOUDKMS_BINNAME),$(AWSKMS_BINNAME))
-	$(call BUNDLE,linux.armv7,linux,armv7,$(BINNAME),$(CLOUDKMS_BINNAME),$(AWSKMS_BINNAME))
-
-bundle-darwin: binary-darwin
-	$(call BUNDLE,darwin,darwin,amd64,$(BINNAME),$(CLOUDKMS_BINNAME),$(AWSKMS_BINNAME))
-
-.PHONY: binary-linux binary-darwin bundle-linux bundle-darwin
+.PHONY: binary-linux binary-linux-arm64 binary-linux-armv7 binary-darwin

 #################################################
 # Targets for creating step artifacts
--- a/README.md
+++ b/README.md
@ -142,13 +142,13 @@ $ brew install step
    Download the Debian package from the [latest `step-ca` release](https://github.com/smallstep/certificates/releases/latest):

    ```
-    $ wget https://github.com/smallstep/certificates/releases/download/vX.Y.Z/step-certificates_X.Y.Z_amd64.deb
+    $ wget https://github.com/smallstep/certificates/releases/download/vX.Y.Z/step-ca_X.Y.Z_amd64.deb
    ```

    Install the Debian package:

    ```
-    $ sudo dpkg -i step-certificates_X.Y.Z_amd64.deb
+    $ sudo dpkg -i step-ca_X.Y.Z_amd64.deb
    ```

 #### Arch Linux
@ -184,14 +184,14 @@ You can use [pacman](https://www.archlinux.org/pacman/) to install the packages.
    Download the Linux package from the [latest `step-ca` release](https://github.com/smallstep/certificates/releases/latest):

    ```
-    $ wget -O step-ca.tar.gz https://github.com/smallstep/certificates/releases/download/vX.Y.Z/step-certificates_linux_X.Y.Z_amd64.tar.gz
+    $ wget -O step-ca.tar.gz https://github.com/smallstep/certificates/releases/download/vX.Y.Z/step-ca_linux_X.Y.Z_amd64.tar.gz
    ```

    Install `step-ca` by unzipping and copying the executable over to `/usr/bin`:

    ```
    $ tar -xf step-ca.tar.gz
-    $ sudo cp step-certificates_X.Y.Z/bin/step-ca /usr/bin
+    $ sudo cp step-ca_X.Y.Z/bin/step-ca /usr/bin
    ```

 See the [`systemctl` setup section](https://smallstep.com/docs/step-ca/certificate-authority-server-production#running-step-ca-as-a-daemon) for a
--- a/debian/changelog
+++ b/debian/changelog
@ -1,4 +1,4 @@
-step-certificates (0.8.4-14-ge72f087-dev) unstable; urgency=medium
+step-ca (0.8.4-14-ge72f087-dev) unstable; urgency=medium

  * See https://github.com/smallstep/certificates/releases

--- a/debian/control
+++ b/debian/control
@ -1,4 +1,4 @@
-Source: step-certificates
+Source: step-ca
 Section: utils
 Priority: optional
 Maintainer: Smallstep Labs, Inc. <techadmin@smallstep.com>
@ -8,8 +8,8 @@ Homepage: https://github.com/smallstep/certificates
 Vcs-Browser: https://github.com/smallstep/certificates.git
 Vcs-Git: https://github.com/smallstep/certificates.git

-Package: step-certificates
+Package: step-ca
 Architecture: any
 Depends: ${misc:Depends}
 Description: Smallstep Certificate Authority
-   step-certificates is the Smallstep Certificate Authority.
+   step-ca is the Smallstep Certificate Authority.
--- a/debian/copyright
+++ b/debian/copyright
@ -1,13 +1,13 @@
 Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
-Upstream-Name: step-certificates
+Upstream-Name: step-ca
 Source: https://github.com/smallstep/certificates

 Files: *
-Copyright: 2020 Smallstep Labs, Inc.
+Copyright: 2021 Smallstep Labs, Inc.
 License: Apache 2.0

 License: Apache 2.0
- Copyright (c) 2019 Smallstep Labs, Inc.
+ Copyright (c) 2021 Smallstep Labs, Inc.
 .
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
--- a/distribution.md
+++ b/distribution.md
@ -77,10 +77,10 @@ e.g. `v1.0.2`

    Travis will build and upload the following artifacts:

-    * **step-certificates_1.0.3_amd64.deb**: debian package for installation on linux.
-    * **step-certificates_1.0.3_linux_amd64.tar.gz**: tarball containing a statically compiled linux binary.
-    * **step-certificates_1.0.3_darwin_amd64.tar.gz**: tarball containing a statically compiled darwin binary.
-    * **step-certificates.tar.gz**: tarball containing a git archive of the full repo.
+    * **step-ca_1.0.3_amd64.deb**: debian package for installation on linux.
+    * **step-ca_linux_1.0.3_amd64.tar.gz**: tarball containing a statically compiled linux binary.
+    * **step-ca_darwin_1.0.3_amd64.tar.gz**: tarball containing a statically compiled darwin binary.
+    * **step-ca_1.0.3.tar.gz**: tarball containing a git archive of the full repo.

 3. **Update the AUR Arch Linux package**

--- a/docs/kms.md
+++ b/docs/kms.md
@ -5,8 +5,8 @@ private keys and sign certificates.

 Support for multiple KMS are planned, but currently the only Google's Cloud KMS,
 and Amazon's AWS KMS are supported. A still experimental version for YubiKeys is
-also available if you compile
-[step-certificates](https://github.com/smallstep/certificates) yourself.
+also available if you compile [step-ca](https://github.com/smallstep/certificates) 
+yourself.

 ## Google's Cloud KMS

--- a/make/bundle.sh
+++ b/make/bundle.sh
@ -1,32 +0,0 @@
-#/bin/sh
-set -ex;
-
-OUTPUT_DIR=$1
-RELEASE_DIR=$2
-
-STEP_VERSION=$3
-STEP_PLATFORM=$4
-STEP_ARCH=$5
-STEP_EXEC_NAME=$6
-STEP_CLOUDKMS_EXEC_NAME=$7
-STEP_AWSKMS_EXEC_NAME=$8
-
-BUNDLE_DIR=${OUTPUT_DIR}/bundle
-
-mkdir -p "$BUNDLE_DIR" "$RELEASE_DIR"
-TMP=$(mktemp -d "$BUNDLE_DIR/tmp.XXXX")
-trap "rm -rf $TMP" EXIT INT QUIT TERM
-
-stepName=step-certificates_${STEP_VERSION}
-newdir="$TMP/${stepName}"
-mkdir -p "$newdir/bin"
-
-cp "$OUTPUT_DIR/bin/${STEP_EXEC_NAME}" "$newdir/bin/${STEP_EXEC_NAME}"
-cp "$OUTPUT_DIR/bin/${STEP_CLOUDKMS_EXEC_NAME}" "$newdir/bin/${STEP_CLOUDKMS_EXEC_NAME}"
-cp "$OUTPUT_DIR/bin/${STEP_AWSKMS_EXEC_NAME}" "$newdir/bin/${STEP_AWSKMS_EXEC_NAME}"
-
-cp README.md "$newdir"
-NEW_BUNDLE="${RELEASE_DIR}/step-certificates_${STEP_PLATFORM}_${STEP_VERSION}_${STEP_ARCH}.tar.gz"
-
-rm -f "$NEW_BUNDLE"
-tar -zcvf "$NEW_BUNDLE" -C "$TMP" "${stepName}"
--- a/systemd/step-ca.service
+++ b/systemd/step-ca.service
@ -15,7 +15,7 @@ User=step
 Group=step
 Environment=STEPPATH=/etc/step-ca
 WorkingDirectory=/etc/step-ca
-ExecStart=/usr/local/bin/step-ca config/ca.json --password-file password.txt
+ExecStart=/usr/bin/step-ca config/ca.json --password-file password.txt
 ExecReload=/bin/kill --signal HUP $MAINPID
 Restart=on-failure
 RestartSec=5
@ -32,6 +32,8 @@ NoNewPrivileges=yes
 ; Sandboxing
 ; This sandboxing works with YubiKey PIV (via pcscd HTTP API), but it is likely
 ; too restrictive for PKCS#11 HSMs.
+;
+; NOTE: Comment out the rest of this section for troubleshooting.
 ProtectSystem=full
 ProtectHome=true
 RestrictNamespaces=true