| author | Maximiliano Curia
<maxy@gnuservers.com.ar> 2014-07-13 12:31:07 UTC |
| committer | Maximiliano Curia
<maxy@gnuservers.com.ar> 2014-07-13 12:31:07 UTC |
| parent | 16ff15d24e560f359ba486e218b236123c4a8e06 |
| Makefile | +4 | -0 |
| README | +1 | -1 |
| doc/quick_start.rst | +4 | -3 |
| kxd/kxd.go | +1 | -0 |
| scripts/create-kxd-config | +1 | -1 |
| scripts/kxc-add-key | +1 | -1 |
| scripts/upstart/kxd.conf | +14 | -0 |
| tests/run_tests | +0 | -2 |
diff --git a/Makefile b/Makefile index 7b0f602..5186d6c 100644 --- a/Makefile +++ b/Makefile @@ -49,6 +49,10 @@ install-systemd: install-kxd $(INSTALL) -m 0644 scripts/default/kxd $(ETCDIR)/default/kxd $(INSTALL) -m 0644 scripts/systemd/kxd.service $(SYSTEMDDIR) +install-upstart: install-kxd + $(INSTALL) -m 0644 scripts/default/kxd $(ETCDIR)/default/kxd + $(INSTALL) -m 0644 scripts/upstart/kxd.conf $(ETCDIR)/init/ + install-kxc: kxc $(INSTALL) -m 0755 out/kxc $(PREFIX)/bin/ $(INSTALL) -m 0755 cryptsetup/kxc-cryptsetup $(PREFIX)/bin/ diff --git a/README b/README index fff2d53..c9706fd 100644 --- a/README +++ b/README @@ -75,7 +75,7 @@ Dependencies There are no runtime dependencies for the kxd and kxc binaries. -Building requires Go 1.2. +Building requires Go 1.3. The configuration helper scripts (create-kxd-config, kxc-add-key, etc.) depend on: bash, openssl (the binary), and core utilities (mkdir, dd, etc.). diff --git a/doc/quick_start.rst b/doc/quick_start.rst index 648e146..4127719 100644 --- a/doc/quick_start.rst +++ b/doc/quick_start.rst @@ -23,7 +23,8 @@ First of all, install kxd_ on the server, usually via your distribution packages, or directly from source. Then, run ``create-kxd-config``, which will create the configuration -directories, and generate a self-signed_ key/cert pair for the server. +directories, and generate a self-signed_ key/cert pair for the server (valid +for 10 years). Everything is in ``/etc/kxd/``. @@ -35,8 +36,8 @@ directly from source. Then, run ``kxc-add-key server sda2``, which will create the configuration -directories, and generate the client key/cert pair, and also create an entry -for an ``client/sda2`` key to be fetched from the server. +directories, generate the client key/cert pair (valid for 10 years), and also +create an entry for an ``client/sda2`` key to be fetched from the server. Everything is in ``/etc/kxc/``. Finally, copy the server public certificate over, using diff --git a/kxd/kxd.go b/kxd/kxd.go index f5521e7..db235a9 100644 --- a/kxd/kxd.go +++ b/kxd/kxd.go @@ -228,6 +228,7 @@ func main() { server := http.Server{ Addr: listenAddr, TLSConfig: &tlsConfig, + ErrorLog: logging, } http.HandleFunc("/v1/", HandlerV1) diff --git a/scripts/create-kxd-config b/scripts/create-kxd-config index d73ee0a..3f1c6f0 100755 --- a/scripts/create-kxd-config +++ b/scripts/create-kxd-config @@ -28,7 +28,7 @@ fi # And a self-signed certificate. if ! [ -e /etc/kxd/cert.pem ]; then echo "Generating certificate (/etc/kxd/cert.pem)" - openssl req -new -x509 -batch \ + openssl req -new -x509 -batch -days 3650 \ -subj "/commonName=*/organizationalUnitName=kxd@$HOSTNAME/" \ -key /etc/kxd/key.pem -out /etc/kxd/cert.pem else diff --git a/scripts/kxc-add-key b/scripts/kxc-add-key index 1606e1c..0e62e43 100755 --- a/scripts/kxc-add-key +++ b/scripts/kxc-add-key @@ -39,7 +39,7 @@ fi # And a self-signed certificate. if ! [ -e /etc/kxc/cert.pem ]; then echo "Generating certificate (/etc/kxc/cert.pem)" - openssl req -new -x509 -batch \ + openssl req -new -x509 -batch -days 3650 \ -subj "/commonName=*/organizationalUnitName=kxc@$HOSTNAME/" \ -key /etc/kxc/key.pem -out /etc/kxc/cert.pem else diff --git a/scripts/upstart/kxd.conf b/scripts/upstart/kxd.conf new file mode 100644 index 0000000..d5a41eb --- /dev/null +++ b/scripts/upstart/kxd.conf @@ -0,0 +1,14 @@ +description "kxd - Key exchange daemon" + +start on filesystem +stop on runlevel [016] + +respawn + +pre-start exec test -x /usr/bin/kxd || { stop; exit 0; } + +script + test ! -r /etc/default/kxd || . /etc/default/kxd + exec /usr/bin/kxd $OPTS +end script + diff --git a/tests/run_tests b/tests/run_tests index 149380a..a967b3e 100755 --- a/tests/run_tests +++ b/tests/run_tests @@ -114,8 +114,6 @@ class Config(object): class CA(object): def __init__(self): - # TODO: This works because of Debian's default config; it needs to be - # generalized, probably by including an openssl config to use. self.path = tempfile.mkdtemp(prefix="config-ca-", dir=TEMPDIR) os.makedirs(self.path + "/kxd-ca/newcerts/")