diff options
author | Franz Pletz <fpletz@fnordicwalking.de> | 2019-01-30 17:37:42 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-01-30 17:37:42 +0000 |
commit | 72f324dbc76f57728c5ae20a82bda1fc195c28c5 (patch) | |
tree | c97e11323cd96e31ec312abedbf5b2446f86aa7e | |
parent | 5b622c115d132772dc9739d35561e184d3375a5d (diff) | |
parent | 4602b43a33a98d31f29a2928da58559444ebfdb6 (diff) | |
download | nixlib-72f324dbc76f57728c5ae20a82bda1fc195c28c5.tar nixlib-72f324dbc76f57728c5ae20a82bda1fc195c28c5.tar.gz nixlib-72f324dbc76f57728c5ae20a82bda1fc195c28c5.tar.bz2 nixlib-72f324dbc76f57728c5ae20a82bda1fc195c28c5.tar.lz nixlib-72f324dbc76f57728c5ae20a82bda1fc195c28c5.tar.xz nixlib-72f324dbc76f57728c5ae20a82bda1fc195c28c5.tar.zst nixlib-72f324dbc76f57728c5ae20a82bda1fc195c28c5.zip |
Merge pull request #45567 from johanot/certmgr-rootca-patch
certmgr: Add patch for optional trust of self-signed certificates at remote cfssl apiserver
-rw-r--r-- | nixos/modules/services/security/certmgr.nix | 11 | ||||
-rw-r--r-- | pkgs/tools/security/certmgr/default.nix | 54 | ||||
-rw-r--r-- | pkgs/top-level/all-packages.nix | 3 |
3 files changed, 48 insertions, 20 deletions
diff --git a/nixos/modules/services/security/certmgr.nix b/nixos/modules/services/security/certmgr.nix index 22d5817ec4f0..e89078883ebe 100644 --- a/nixos/modules/services/security/certmgr.nix +++ b/nixos/modules/services/security/certmgr.nix @@ -30,13 +30,20 @@ let preStart = '' ${concatStringsSep " \\\n" (["mkdir -p"] ++ map escapeShellArg specPaths)} - ${pkgs.certmgr}/bin/certmgr -f ${certmgrYaml} check + ${cfg.package}/bin/certmgr -f ${certmgrYaml} check ''; in { options.services.certmgr = { enable = mkEnableOption "certmgr"; + package = mkOption { + type = types.package; + default = pkgs.certmgr; + defaultText = "pkgs.certmgr"; + description = "Which certmgr package to use in the service."; + }; + defaultRemote = mkOption { type = types.str; default = "127.0.0.1:8888"; @@ -187,7 +194,7 @@ in serviceConfig = { Restart = "always"; RestartSec = "10s"; - ExecStart = "${pkgs.certmgr}/bin/certmgr -f ${certmgrYaml}"; + ExecStart = "${cfg.package}/bin/certmgr -f ${certmgrYaml}"; }; }; }; diff --git a/pkgs/tools/security/certmgr/default.nix b/pkgs/tools/security/certmgr/default.nix index fa3076e8b593..4a9cd4867da6 100644 --- a/pkgs/tools/security/certmgr/default.nix +++ b/pkgs/tools/security/certmgr/default.nix @@ -1,23 +1,43 @@ -{ stdenv, buildGoPackage, fetchFromGitHub }: +{ stdenv, buildGoPackage, fetchFromGitHub, fetchpatch }: -buildGoPackage rec { - version = "1.6.1"; - name = "certmgr-${version}"; +let + generic = { patches ? [] }: + buildGoPackage rec { + version = "1.6.1"; + name = "certmgr-${version}"; - goPackagePath = "github.com/cloudflare/certmgr/"; + goPackagePath = "github.com/cloudflare/certmgr/"; - src = fetchFromGitHub { - owner = "cloudflare"; - repo = "certmgr"; - rev = "v${version}"; - sha256 = "1ky2pw1wxrb2fxfygg50h0mid5l023x6xz9zj5754a023d01qqr2"; - }; + src = fetchFromGitHub { + owner = "cloudflare"; + repo = "certmgr"; + rev = "v${version}"; + sha256 = "1ky2pw1wxrb2fxfygg50h0mid5l023x6xz9zj5754a023d01qqr2"; + }; + + inherit patches; + + meta = with stdenv.lib; { + homepage = https://cfssl.org/; + description = "Cloudflare's certificate manager"; + platforms = platforms.linux; + license = licenses.bsd2; + maintainers = with maintainers; [ johanot srhb ]; + }; + }; +in +{ + certmgr = generic {}; - meta = with stdenv.lib; { - homepage = https://cfssl.org/; - description = "Cloudflare's certificate manager"; - platforms = platforms.linux; - license = licenses.bsd2; - maintainers = with maintainers; [ johanot srhb ]; + certmgr-selfsigned = generic { + # The following patch makes it possible to use a self-signed x509 cert + # for the cfssl apiserver. + # TODO: remove patch when PR is merged. + patches = [ + (fetchpatch { + url = "https://github.com/cloudflare/certmgr/pull/51.patch"; + sha256 = "0jhsw159d2mgybvbbn6pmvj4yqr5cwcal5fjwkcn9m4f4zlb6qrs"; + }) + ]; }; } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 4d6ac1fe71be..9603ffa704b1 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -1821,7 +1821,8 @@ in }; ceph-dev = ceph; - certmgr = callPackage ../tools/security/certmgr { }; + inherit (callPackages ../tools/security/certmgr { }) + certmgr certmgr-selfsigned; cfdg = callPackage ../tools/graphics/cfdg { }; |