Merge pull request #45567 from johanot/certmgr-rootca-patch

certmgr: Add patch for optional trust of self-signed certificates at remote cfssl apiserver
This commit is contained in:
Franz Pletz 2019-01-30 17:37:42 +00:00 committed by GitHub
commit 72f324dbc7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 48 additions and 20 deletions

View file

@ -30,13 +30,20 @@ let
preStart = ''
${concatStringsSep " \\\n" (["mkdir -p"] ++ map escapeShellArg specPaths)}
${pkgs.certmgr}/bin/certmgr -f ${certmgrYaml} check
${cfg.package}/bin/certmgr -f ${certmgrYaml} check
'';
in
{
options.services.certmgr = {
enable = mkEnableOption "certmgr";
package = mkOption {
type = types.package;
default = pkgs.certmgr;
defaultText = "pkgs.certmgr";
description = "Which certmgr package to use in the service.";
};
defaultRemote = mkOption {
type = types.str;
default = "127.0.0.1:8888";
@ -187,7 +194,7 @@ in
serviceConfig = {
Restart = "always";
RestartSec = "10s";
ExecStart = "${pkgs.certmgr}/bin/certmgr -f ${certmgrYaml}";
ExecStart = "${cfg.package}/bin/certmgr -f ${certmgrYaml}";
};
};
};

View file

@ -1,23 +1,43 @@
{ stdenv, buildGoPackage, fetchFromGitHub }:
{ stdenv, buildGoPackage, fetchFromGitHub, fetchpatch }:
buildGoPackage rec {
version = "1.6.1";
name = "certmgr-${version}";
let
generic = { patches ? [] }:
buildGoPackage rec {
version = "1.6.1";
name = "certmgr-${version}";
goPackagePath = "github.com/cloudflare/certmgr/";
goPackagePath = "github.com/cloudflare/certmgr/";
src = fetchFromGitHub {
owner = "cloudflare";
repo = "certmgr";
rev = "v${version}";
sha256 = "1ky2pw1wxrb2fxfygg50h0mid5l023x6xz9zj5754a023d01qqr2";
};
src = fetchFromGitHub {
owner = "cloudflare";
repo = "certmgr";
rev = "v${version}";
sha256 = "1ky2pw1wxrb2fxfygg50h0mid5l023x6xz9zj5754a023d01qqr2";
};
meta = with stdenv.lib; {
homepage = https://cfssl.org/;
description = "Cloudflare's certificate manager";
platforms = platforms.linux;
license = licenses.bsd2;
maintainers = with maintainers; [ johanot srhb ];
inherit patches;
meta = with stdenv.lib; {
homepage = https://cfssl.org/;
description = "Cloudflare's certificate manager";
platforms = platforms.linux;
license = licenses.bsd2;
maintainers = with maintainers; [ johanot srhb ];
};
};
in
{
certmgr = generic {};
certmgr-selfsigned = generic {
# The following patch makes it possible to use a self-signed x509 cert
# for the cfssl apiserver.
# TODO: remove patch when PR is merged.
patches = [
(fetchpatch {
url = "https://github.com/cloudflare/certmgr/pull/51.patch";
sha256 = "0jhsw159d2mgybvbbn6pmvj4yqr5cwcal5fjwkcn9m4f4zlb6qrs";
})
];
};
}

View file

@ -1821,7 +1821,8 @@ in
};
ceph-dev = ceph;
certmgr = callPackage ../tools/security/certmgr { };
inherit (callPackages ../tools/security/certmgr { })
certmgr certmgr-selfsigned;
cfdg = callPackage ../tools/graphics/cfdg { };