From ba89f01861d24e91089cbe82be7fb1cd35d3afd0 Mon Sep 17 00:00:00 2001 From: Arian van Putten Date: Wed, 23 Dec 2020 00:06:27 +0100 Subject: step-ca: 0.13.3 -> 0.15.6 Co-Authored-By: Florian Klink --- pkgs/tools/security/step-ca/default.nix | 30 +++++++++++++++++++++++------- 1 file changed, 23 insertions(+), 7 deletions(-) (limited to 'pkgs/tools/security/step-ca/default.nix') diff --git a/pkgs/tools/security/step-ca/default.nix b/pkgs/tools/security/step-ca/default.nix index e5574be8ab9..f3c9990a3c7 100644 --- a/pkgs/tools/security/step-ca/default.nix +++ b/pkgs/tools/security/step-ca/default.nix @@ -1,19 +1,35 @@ -{ lib, buildGoPackage, fetchFromGitHub }: +{ stdenv +, lib +, fetchFromGitHub +, buildGoModule +, pcsclite +, PCSC +, pkg-config +}: -buildGoPackage rec { +buildGoModule rec { pname = "step-ca"; - version = "0.13.3"; - - goPackagePath = "github.com/smallstep/certificates"; + version = "0.15.6"; src = fetchFromGitHub { owner = "smallstep"; repo = "certificates"; rev = "v${version}"; - sha256 = "1i42j7v5a5qqqb9ng8irblfyzykhyws0394q3zac290ymjijxbnq"; + sha256 = "0n26692ph4q4cmrqammfazmx1k9p2bydwqc57q4hz5ni6jd31zbz"; }; - goDeps = ./deps.nix; + vendorSha256 = "0w0phyqymcg2h2jjasxmkf4ryn4y1bqahcy94rs738cqr5ifyfbg"; + + nativeBuildInputs = [ pkg-config ]; + + buildInputs = + lib.optional stdenv.isLinux (lib.getDev pcsclite) + ++ lib.optional stdenv.isDarwin PCSC; + + # Tests fail on darwin with + # panic: httptest: failed to listen on a port: listen tcp6 [::1]:0: bind: operation not permitted [recovered] + # probably some sandboxing issue + doCheck = stdenv.isLinux; meta = with lib; { description = "A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH"; -- cgit 1.4.1 From 53a17d2a44b3868db2149787dc7f500cbd0ff390 Mon Sep 17 00:00:00 2001 From: "Hedtke, Moritz" Date: Thu, 18 Feb 2021 12:58:41 +0100 Subject: step-ca: 0.15.6 -> 0.15.11 --- pkgs/tools/security/step-ca/default.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'pkgs/tools/security/step-ca/default.nix') diff --git a/pkgs/tools/security/step-ca/default.nix b/pkgs/tools/security/step-ca/default.nix index f3c9990a3c7..7c5adc649be 100644 --- a/pkgs/tools/security/step-ca/default.nix +++ b/pkgs/tools/security/step-ca/default.nix @@ -9,22 +9,22 @@ buildGoModule rec { pname = "step-ca"; - version = "0.15.6"; + version = "0.15.11"; src = fetchFromGitHub { owner = "smallstep"; repo = "certificates"; rev = "v${version}"; - sha256 = "0n26692ph4q4cmrqammfazmx1k9p2bydwqc57q4hz5ni6jd31zbz"; + sha256 = "wFRs3n6V0z2keNVtqFw1q5jpA6BvNK5EftsNhichfsY="; }; - vendorSha256 = "0w0phyqymcg2h2jjasxmkf4ryn4y1bqahcy94rs738cqr5ifyfbg"; + vendorSha256 = "f1NdszqYYx6X1HqwqG26jjfjXq1gDXLOrh64ccKRQ90="; nativeBuildInputs = [ pkg-config ]; buildInputs = - lib.optional stdenv.isLinux (lib.getDev pcsclite) - ++ lib.optional stdenv.isDarwin PCSC; + lib.optionals (stdenv.isLinux) [ pcsclite ] + ++ lib.optionals (stdenv.isDarwin) [ PCSC ]; # Tests fail on darwin with # panic: httptest: failed to listen on a port: listen tcp6 [::1]:0: bind: operation not permitted [recovered] -- cgit 1.4.1 From 106b8616f7c808f1706545dc8f05488986bbbca6 Mon Sep 17 00:00:00 2001 From: "Hedtke, Moritz" Date: Thu, 18 Feb 2021 13:00:22 +0100 Subject: step-ca: Add systemd service file at correct location to get it picked up automatically --- pkgs/tools/security/step-ca/default.nix | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'pkgs/tools/security/step-ca/default.nix') diff --git a/pkgs/tools/security/step-ca/default.nix b/pkgs/tools/security/step-ca/default.nix index 7c5adc649be..584a597d67d 100644 --- a/pkgs/tools/security/step-ca/default.nix +++ b/pkgs/tools/security/step-ca/default.nix @@ -2,6 +2,7 @@ , lib , fetchFromGitHub , buildGoModule +, coreutils , pcsclite , PCSC , pkg-config @@ -26,6 +27,14 @@ buildGoModule rec { lib.optionals (stdenv.isLinux) [ pcsclite ] ++ lib.optionals (stdenv.isDarwin) [ PCSC ]; + postPatch = '' + substituteInPlace systemd/step-ca.service --replace "/bin/kill" "${coreutils}/bin/kill" + ''; + + postInstall = '' + install -Dm444 -t $out/lib/systemd/system systemd/step-ca.service + ''; + # Tests fail on darwin with # panic: httptest: failed to listen on a port: listen tcp6 [::1]:0: bind: operation not permitted [recovered] # probably some sandboxing issue -- cgit 1.4.1 From 2d821cb5c0adb3247d3d3c841f8a6c5431802b75 Mon Sep 17 00:00:00 2001 From: "Hedtke, Moritz" Date: Thu, 18 Feb 2021 13:01:26 +0100 Subject: step-ca: Add option to disable HSM support --- pkgs/tools/security/step-ca/default.nix | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'pkgs/tools/security/step-ca/default.nix') diff --git a/pkgs/tools/security/step-ca/default.nix b/pkgs/tools/security/step-ca/default.nix index 584a597d67d..82afc06e1c5 100644 --- a/pkgs/tools/security/step-ca/default.nix +++ b/pkgs/tools/security/step-ca/default.nix @@ -6,6 +6,7 @@ , pcsclite , PCSC , pkg-config +, hsmSupport ? true }: buildGoModule rec { @@ -21,16 +22,20 @@ buildGoModule rec { vendorSha256 = "f1NdszqYYx6X1HqwqG26jjfjXq1gDXLOrh64ccKRQ90="; - nativeBuildInputs = [ pkg-config ]; + nativeBuildInputs = lib.optionals hsmSupport [ pkg-config ]; buildInputs = - lib.optionals (stdenv.isLinux) [ pcsclite ] - ++ lib.optionals (stdenv.isDarwin) [ PCSC ]; + lib.optionals (hsmSupport && stdenv.isLinux) [ pcsclite ] + ++ lib.optionals (hsmSupport && stdenv.isDarwin) [ PCSC ]; postPatch = '' substituteInPlace systemd/step-ca.service --replace "/bin/kill" "${coreutils}/bin/kill" ''; + preBuild = '' + ${lib.optionalString (!hsmSupport) "export CGO_ENABLED=0"} + ''; + postInstall = '' install -Dm444 -t $out/lib/systemd/system systemd/step-ca.service ''; -- cgit 1.4.1 From 01b1ddfa701914e7eb8a2cba1fcc084cc7aa1404 Mon Sep 17 00:00:00 2001 From: "Hedtke, Moritz" Date: Sat, 20 Mar 2021 23:14:26 +0100 Subject: Add mohe2015 as maintainer to step-ca and nixos/step-ca --- nixos/modules/services/security/step-ca.nix | 2 ++ pkgs/tools/security/step-ca/default.nix | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'pkgs/tools/security/step-ca/default.nix') diff --git a/nixos/modules/services/security/step-ca.nix b/nixos/modules/services/security/step-ca.nix index b749ec6e56d..64eee11f588 100644 --- a/nixos/modules/services/security/step-ca.nix +++ b/nixos/modules/services/security/step-ca.nix @@ -4,6 +4,8 @@ let settingsFormat = (pkgs.formats.json { }); in { + meta.maintainers = with lib.maintainers; [ mohe2015 ]; + options = { services.step-ca = { enable = lib.mkEnableOption "the smallstep certificate authority server"; diff --git a/pkgs/tools/security/step-ca/default.nix b/pkgs/tools/security/step-ca/default.nix index 82afc06e1c5..84fe06e6c19 100644 --- a/pkgs/tools/security/step-ca/default.nix +++ b/pkgs/tools/security/step-ca/default.nix @@ -49,7 +49,7 @@ buildGoModule rec { description = "A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH"; homepage = "https://smallstep.com/certificates/"; license = licenses.asl20; - maintainers = with maintainers; [ cmcdragonkai ]; + maintainers = with maintainers; [ cmcdragonkai mohe2015 ]; platforms = platforms.linux ++ platforms.darwin; }; } -- cgit 1.4.1 From f9eedc34577b5484307e30efa81c6f0521427919 Mon Sep 17 00:00:00 2001 From: David Guibert Date: Sat, 15 May 2021 22:00:20 +0200 Subject: step-ca: 0.15.11 -> 0.15.15 --- pkgs/tools/security/step-ca/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'pkgs/tools/security/step-ca/default.nix') diff --git a/pkgs/tools/security/step-ca/default.nix b/pkgs/tools/security/step-ca/default.nix index 84fe06e6c19..f72f3c978ff 100644 --- a/pkgs/tools/security/step-ca/default.nix +++ b/pkgs/tools/security/step-ca/default.nix @@ -11,16 +11,16 @@ buildGoModule rec { pname = "step-ca"; - version = "0.15.11"; + version = "0.15.15"; src = fetchFromGitHub { owner = "smallstep"; repo = "certificates"; rev = "v${version}"; - sha256 = "wFRs3n6V0z2keNVtqFw1q5jpA6BvNK5EftsNhichfsY="; + sha256 = "sha256-YYYpMHEis/zoRsdwW70X8zn0FMsW+2vMYdlWxr3qqzY=="; }; - vendorSha256 = "f1NdszqYYx6X1HqwqG26jjfjXq1gDXLOrh64ccKRQ90="; + vendorSha256 = "sha256-mjj+70/ioqcchB3X5vZPb0Oa7lA/qKh5zEpidT0jrEs="; nativeBuildInputs = lib.optionals hsmSupport [ pkg-config ]; -- cgit 1.4.1