Compare commits
2 commits
7b6fdbb18a
...
c92b0455db
| Author | SHA1 | Date | |
|---|---|---|---|
| c92b0455db | |||
| c5f436b4d0 |
2 changed files with 36 additions and 7 deletions
|
|
@ -1,11 +1,9 @@
|
||||||
# This is an example .goreleaser.yml file with some sensible defaults.
|
|
||||||
# Make sure to check the documentation at https://goreleaser.com
|
# Make sure to check the documentation at https://goreleaser.com
|
||||||
project_name: cacert-gosigner
|
project_name: cacert-gosigner
|
||||||
env:
|
env:
|
||||||
- CGO_ENABLED=1
|
- CGO_ENABLED=1
|
||||||
before:
|
before:
|
||||||
hooks:
|
hooks:
|
||||||
# You may remove this if you don't use go modules.
|
|
||||||
- go mod tidy
|
- go mod tidy
|
||||||
builds:
|
builds:
|
||||||
- id: linux-amd64
|
- id: linux-amd64
|
||||||
|
|
|
||||||
41
README.md
41
README.md
|
|
@ -1,6 +1,37 @@
|
||||||
# Running with softhsm2
|
# CAcert signer
|
||||||
|
|
||||||
## Setup HSM keys and certificates
|
This is the CAcert signer reimplementation in Go that implements a more robust wire protocol and has configurable
|
||||||
|
support for hardware security modules (HSMs) for online and offline key pairs.
|
||||||
|
|
||||||
|
See [the design document](docs/design.md) for design considerations and architecture diagrams.
|
||||||
|
|
||||||
|
## Development preconditions
|
||||||
|
|
||||||
|
You will need GNU make to build the application. On Debian systems you can install GNU make and crossbuild tools
|
||||||
|
for ARM binary builds using:
|
||||||
|
|
||||||
|
```shell
|
||||||
|
sudo apt install make crossbuild-essential-arm64 crossbuild-essential-armhf
|
||||||
|
```
|
||||||
|
|
||||||
|
Install [go](https://go.dev/) >= 1.17, [golangci-lint](https://golangci-lint.run/usage/install/) >= 1.50.0 and
|
||||||
|
[goreleaser](https://goreleaser.com/install/), as these are used for building and linting the application.
|
||||||
|
|
||||||
|
Read the documentation of these tools, to find out how to use them.
|
||||||
|
|
||||||
|
## Building the binaries
|
||||||
|
|
||||||
|
There is a `Makefile` to automate builds of the signer and clientsim binaries. Run
|
||||||
|
|
||||||
|
```shell
|
||||||
|
make
|
||||||
|
```
|
||||||
|
|
||||||
|
to run linting, tests and binary builds.
|
||||||
|
|
||||||
|
## Running with softhsm2
|
||||||
|
|
||||||
|
### Setup HSM keys and certificates
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
sudo apt install softhsm2
|
sudo apt install softhsm2
|
||||||
|
|
@ -15,14 +46,14 @@ export PKCS11_PIN_LOCALHSM=123456
|
||||||
go run ./cmd/signer -setup
|
go run ./cmd/signer -setup
|
||||||
```
|
```
|
||||||
|
|
||||||
## Run the signer
|
### Run the signer
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
export PKCS11_PIN_LOCALHSM=123456
|
export PKCS11_PIN_LOCALHSM=123456
|
||||||
go run ./cmd/signer
|
go run ./cmd/signer
|
||||||
```
|
```
|
||||||
|
|
||||||
## Run the client simulator with socat
|
### Run the client simulator with socat
|
||||||
|
|
||||||
You may run the client simulator that sends commands via `stdout` and reads responses on `stdin` via `socat` to
|
You may run the client simulator that sends commands via `stdout` and reads responses on `stdin` via `socat` to
|
||||||
simulate traffic on an emulated serial device:
|
simulate traffic on an emulated serial device:
|
||||||
|
|
@ -32,7 +63,7 @@ sudo apt install socat
|
||||||
```
|
```
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
go build ./cmd/clientsim
|
make clientsim
|
||||||
socat -d -d -v pty,rawer,link=$(pwd)/testPty EXEC:./clientsim,pty,rawer
|
socat -d -d -v pty,rawer,link=$(pwd)/testPty EXEC:./clientsim,pty,rawer
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue