Skip to content

Commit 723c4c1

Browse files
committed
Merge branch 'master' into herman/allow-deny
2 parents 77893ea + 88a1bf1 commit 723c4c1

File tree

4 files changed

+61
-7
lines changed

4 files changed

+61
-7
lines changed

.github/PULL_REQUEST_TEMPLATE

Lines changed: 18 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,20 @@
1-
### Description
2-
Please describe your pull request.
1+
<!---
2+
Please provide answers in the spaces below each prompt, where applicable.
3+
Not every PR requires responses for each prompt.
4+
Use your discretion.
5+
-->
6+
#### Name of feature:
7+
8+
#### Pain or issue this feature alleviates:
9+
10+
#### Why is this important to the project (if not answered above):
11+
12+
#### Is there documentation on how to use this feature? If so, where?
13+
14+
#### In what environments or workflows is this feature supported?
15+
16+
#### In what environments or workflows is this feature explicitly NOT supported (if any)?
17+
18+
#### Supporting links/other PRs/issues:
319

420
💔Thank you!

docker/Dockerfile.step-ca

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -3,15 +3,15 @@ FROM golang:alpine AS builder
33
WORKDIR /src
44
COPY . .
55

6-
RUN apk add --no-cache \
7-
curl \
8-
git \
9-
make && \
10-
make V=1 bin/step-ca
6+
RUN apk add --no-cache curl git make
7+
RUN make V=1 bin/step-ca bin/step-awskms-init bin/step-cloudkms-init
8+
119

1210
FROM smallstep/step-cli:latest
1311

1412
COPY --from=builder /src/bin/step-ca /usr/local/bin/step-ca
13+
COPY --from=builder /src/bin/step-awskms-init /usr/local/bin/step-awskms-init
14+
COPY --from=builder /src/bin/step-cloudkms-init /usr/local/bin/step-cloudkms-init
1515

1616
USER root
1717
RUN apk add --no-cache libcap && setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/step-ca

docker/Dockerfile.step-ca.hsm

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
FROM golang:alpine AS builder
2+
3+
WORKDIR /src
4+
COPY . .
5+
6+
RUN apk add --no-cache curl git make
7+
RUN apk add --no-cache gcc musl-dev pkgconf pcsc-lite-dev
8+
RUN make V=1 GOFLAGS="" build
9+
10+
11+
FROM smallstep/step-cli:latest
12+
13+
COPY --from=builder /src/bin/step-ca /usr/local/bin/step-ca
14+
COPY --from=builder /src/bin/step-awskms-init /usr/local/bin/step-awskms-init
15+
COPY --from=builder /src/bin/step-cloudkms-init /usr/local/bin/step-cloudkms-init
16+
COPY --from=builder /src/bin/step-pkcs11-init /usr/local/bin/step-pkcs11-init
17+
COPY --from=builder /src/bin/step-yubikey-init /usr/local/bin/step-yubikey-init
18+
19+
USER root
20+
RUN apk add --no-cache libcap && setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/step-ca
21+
RUN apk add --no-cache pcsc-lite pcsc-lite-libs
22+
USER step
23+
24+
ENV CONFIGPATH="/home/step/config/ca.json"
25+
ENV PWDPATH="/home/step/secrets/password"
26+
27+
VOLUME ["/home/step"]
28+
STOPSIGNAL SIGTERM
29+
HEALTHCHECK CMD step ca health 2>/dev/null | grep "^ok" >/dev/null
30+
31+
COPY docker/entrypoint.sh /entrypoint.sh
32+
33+
ENTRYPOINT ["/bin/bash", "/entrypoint.sh"]
34+
CMD exec /usr/local/bin/step-ca --password-file $PWDPATH $CONFIGPATH

docker/entrypoint.sh

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,10 @@ function step_ca_init () {
5353
mv $STEPPATH/password $PWDPATH
5454
}
5555

56+
if [ -f /usr/sbin/pcscd ]; then
57+
/usr/sbin/pcscd
58+
fi
59+
5660
if [ ! -f "${STEPPATH}/config/ca.json" ]; then
5761
init_if_possible
5862
fi

0 commit comments

Comments
 (0)