Add systemd service, support dynamic configuration

This commit provides examples for both CRL and openssl index.txt based configurations. README.md is added to the generated Debian packages. A systemd service unit file has been added. The configuration file can now be specified using the -configFile command line flag.
2 years ago · c5c8150883
parent 4cd384b69c
commit c5c8150883
5 changed files with 48 additions and 6 deletions
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@ -63,12 +63,14 @@ nfpms:
    maintainer: Jan Dittberner <jandd@cacert.org>
    formats:
      - deb
-    dependencies:
-      - adduser
    priority: optional
-    bindir: /srv/cacert-goocsp
+    bindir: /usr/bin
    contents:
-      - src: docs/config.yaml.example
-        dst: /usr/share/doc/cacert-goocsp/examples/config.yaml.example
+      - src: README.md
+        dst: /usr/share/doc/cacert-goocsp/README.md
+      - src: docs/config-example-crl.yaml
+        dst: /usr/share/doc/cacert-goocsp/examples/config-example-crl.yaml
+      - src: docs/config-example-openssl-index.yaml
+        dst: /usr/share/doc/cacert-goocsp/examples/config-example-openssl-index.yaml
      - src: docs/cacert-goocsp.service
        dst: /lib/systemd/system/cacert-goocsp.service
--- a/cmd/cacertocsp/main.go
+++ b/cmd/cacertocsp/main.go
@ -59,11 +59,14 @@ const (
 func main() {
 	var (
 		serverAddr = flag.String("serverAddr", ":8080", "Server ip addr and port")
+		configFile = flag.String("configFile", "config.yaml", "Configuration file")
 		config     = koanf.New(".")
 		opts       []ocspsource.Option
 	)

-	err := config.Load(file.Provider("config.yaml"), yaml.Parser())
+	flag.Parse()
+
+	err := config.Load(file.Provider(*configFile), yaml.Parser())
 	if err != nil {
 		logrus.Panicf("could not load configuration: %v", err)
 	}
--- a/docs/cacert-goocsp.service
+++ b/docs/cacert-goocsp.service
@ -0,0 +1,11 @@
+[Unit]
+Description=CAcert OCSP responder service
+After=network.target
+
+[Service]
+ExecCondition=/bin/sh -c 'test -f /etc/goocsp-config.yaml'
+ExecStart=/usr/bin/cacert-goocsp -serverAddr ":80" -configFile /etc/goocsp-config.yaml
+StateDirectory=goocsp
+
+[Install]
+WantedBy=multi-user.target
--- a/docs/config-example-crl.yaml
+++ b/docs/config-example-crl.yaml
@ -0,0 +1,13 @@
+# example configuration for an OCSP responder using CRL files
+---
+issuers:
+  - caCertificate: root/ca.pem
+    responderCertificate: root-resp.crt.pem
+    responderKey: root-resp.key.pem
+    dbType: crl
+    dbFile: root/revoked.crl
+  - caCertificate: sub1/ca.pem
+    responderCertificate: sub1-resp.crt.pem
+    responderKey: sub1-resp.key.pem
+    dbType: crl
+    dbFile: sub1/revoked.crl
--- a/docs/config-example-openssl-index.yaml
+++ b/docs/config-example-openssl-index.yaml
@ -0,0 +1,13 @@
+# example configuration for an OCSP responder using openssl index.txt database files
+---
+issuers:
+  - caCertificate: root/ca.pem
+    responderCertificate: root-resp.crt.pem
+    responderKey: root-resp.key.pem
+    dbType: openssl
+    dbFile: root/index.txt
+  - caCertificate: sub1/ca.pem
+    responderCertificate: sub1-resp.crt.pem
+    responderKey: sub1-resp.key.pem
+    dbType: openssl
+    dbFile: sub1/index.txt