jandd/cacert-gosigner
1
0
Fork 0
Code Issues Pull requests Projects Releases Activity

Compare commits

base: jandd:c92b0455db62dc08c94372e7542ead3160544f00
Branches Tags
jandd:main
..
compare: jandd:7b6fdbb18aea161c1d3de41e7be783b34df5d5ef
Branches Tags
jandd:main

No commits in common. "c92b0455db62dc08c94372e7542ead3160544f00" and "7b6fdbb18aea161c1d3de41e7be783b34df5d5ef" have entirely different histories.
c92b0455db ... 7b6fdbb18a

2 changed files with 7 additions and 36 deletions
Show stats Expand all files Collapse all files

2
.goreleaser.yaml
View file

@ -1,9 +1,11 @@
# This is an example .goreleaser.yml file with some sensible defaults.
# Make sure to check the documentation at https://goreleaser.com # Make sure to check the documentation at https://goreleaser.com
project_name: cacert-gosigner project_name: cacert-gosigner
env: env:
- CGO_ENABLED=1 - CGO_ENABLED=1
before: before:
hooks: hooks:
# You may remove this if you don't use go modules.
- go mod tidy - go mod tidy
builds: builds:
- id: linux-amd64 - id: linux-amd64

41
README.md
View file

@ -1,37 +1,6 @@
# CAcert signer # Running with softhsm2
This is the CAcert signer reimplementation in Go that implements a more robust wire protocol and has configurable ## Setup HSM keys and certificates
support for hardware security modules (HSMs) for online and offline key pairs.
See [the design document](docs/design.md) for design considerations and architecture diagrams.
## Development preconditions
You will need GNU make to build the application. On Debian systems you can install GNU make and crossbuild tools
for ARM binary builds using:
```shell
sudo apt install make crossbuild-essential-arm64 crossbuild-essential-armhf
```
Install [go](https://go.dev/) >= 1.17, [golangci-lint](https://golangci-lint.run/usage/install/) >= 1.50.0 and
[goreleaser](https://goreleaser.com/install/), as these are used for building and linting the application.
Read the documentation of these tools, to find out how to use them.
## Building the binaries
There is a `Makefile` to automate builds of the signer and clientsim binaries. Run
```shell
make
```
to run linting, tests and binary builds.
## Running with softhsm2
### Setup HSM keys and certificates
```shell ```shell
sudo apt install softhsm2 sudo apt install softhsm2
@ -46,14 +15,14 @@ export PKCS11_PIN_LOCALHSM=123456
go run ./cmd/signer -setup go run ./cmd/signer -setup
``` ```
### Run the signer ## Run the signer
```shell ```shell
export PKCS11_PIN_LOCALHSM=123456 export PKCS11_PIN_LOCALHSM=123456
go run ./cmd/signer go run ./cmd/signer
``` ```
### Run the client simulator with socat ## Run the client simulator with socat
You may run the client simulator that sends commands via `stdout` and reads responses on `stdin` via `socat` to You may run the client simulator that sends commands via `stdout` and reads responses on `stdin` via `socat` to
simulate traffic on an emulated serial device: simulate traffic on an emulated serial device:
@ -63,7 +32,7 @@ sudo apt install socat
``` ```
```shell ```shell
make clientsim go build ./cmd/clientsim
socat -d -d -v pty,rawer,link=$(pwd)/testPty EXEC:./clientsim,pty,rawer socat -d -d -v pty,rawer,link=$(pwd)/testPty EXEC:./clientsim,pty,rawer
``` ```