Big migration.

74d83b5e · nimrod · 9b209994 · 74d83b5e · 74d83b5e · 9b209994
Commit 74d83b5e authored 4 years ago by nimrod
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
+---
+include:
+  - project: shore/ci-templates
+    file: templates/bats.yml
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
-   repo: git://github.com/pre-commit/pre-commit-hooks
+---
-    sha: v0.9.1
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks.git
+    rev: v3.4.0
    hooks:
      - id: check-added-large-files
-    -   id: check-yaml
+      - id: check-executables-have-shebangs
      - id: check-merge-conflict
-   repo: https://www.shore.co.il/git/shell-pre-commit/
+      - id: check-symlinks
-    sha: v0.5.4
+      - id: trailing-whitespace
+  - repo: https://github.com/Yelp/detect-secrets
+    rev: v0.14.3
+    hooks:
+      - id: detect-secrets
+  - repo: https://github.com/adrienverge/yamllint
+    rev: v1.25.0
+    hooks:
+      - id: yamllint
+  - repo: https://github.com/amperser/proselint/
+    rev: 0.10.2
+    hooks:
+      - id: proselint
+        types: [plain-text]
+        exclude: LICENSE
+  - repo: https://github.com/executablebooks/mdformat.git
+    rev: 0.5.3
+    hooks:
+      - id: mdformat
+  - repo: https://git.shore.co.il/nimrod/shell-pre-commit.git
+    rev: v0.6.0
    hooks:
      - id: shell-lint
-        files: &shellscripts ^ssl-ca$
+  - repo: https://github.com/shellcheck-py/shellcheck-py.git
+    rev: v0.7.1.1
+    hooks:
      - id: shellcheck
-        files: *shellscripts
--- a/.travis.yml
+++ b/.travis.yml
---
-language: python
-python: "2.7"
-dist: trusty
-sudo: false
-group: beta
-cache:
-  - pip
-  - directories:
-      - $HOME/.pre-commit
-      - $HOME/.cabal
-      - $HOME/.ghc
-addons:
-  apt:
-    packages:
-      - mawk
-      - openssl
-      - curl
-      - build-essential
-      - cabal-install
-      - ghc
-env:
-  PATH: $PATH:$HOME/.cabal/bin
-install:
-  - cabal update && cabal install shellcheck
-  - pip install pre_commit | cat
-script:
-  - make pre-commit
-  - make test
-notifications:
-  on_failure: never
-  email: false
--- a/Makefile
+++ b/Makefile
 .PHONY: install test clean pre-commit
 install:
-	cp ssl-ca /usr/local/bin/ssl-ca
+	install -m 755 ssl-ca /usr/local/bin/ssl-ca
-	chmod 755 /usr/local/bin/ssl-ca
-test: clean
-	bats --tap tests/
-pre-commit:
-	pre-commit run --all-files
 clean:
-	[ ! -f .server.pid ] || kill "$$(cat .server.pid)"
+	- kill "$$(cat .server.pid)"
 	git clean -Xdf
--- a/README.md
+++ b/README.md
+# SSL-CA
+[![pipeline status](https://git.shore.co.il/nimrod/ssl-ca/badges/master/pipeline.svg)](https://git.shore.co.il/nimrod/ssl-ca/-/commits/master)
+This utility automates generating an SSL certificate authority, keys and
+signed certificates. The only dependency is OpenSSL (and base utils).
+Make and Git are needed for installation (although one can just download
+and copy `ssl-ca`{.sourceCode}). The use case in mind is testing and
+internal environments, therefore some security measures (like
+revocation) are not available in the current implementation.
+## Installation
+```shell
+git clone https://www.shore.co.il/cgit/ssl-ca
+cd ssl-ca
+sudo make install
+```
+## Usage
+This will generate, inside the new directory, the directory structure, a
+starting configuration for starting work and a new CA key and
+certificate. :
+```
+$ mkdir domain.tld
+$ cd domain.tld
+$ ssl-ca init
+Generating RSA private key, 512 bit long modulus
+.++++++++++++
+......++++++++++++
+e is 65537 (0x10001)
+```
+To generate a new key and certificate for the www host, the key will at
+`keys/www` and the certificate at `certs/www` :
+```
+$ ssl-ca gen www
+Generating RSA private key, 512 bit long modulus
+................................++++++++++++
+..++++++++++++
+e is 65537 (0x10001)
+Signature ok
+subject=/CN=*.*.www.domain.tld
+Getting CA Private Key
+```
+To sign existing keys, copy them to the `keys/` folder. All keys that
+don't have a matching certificate under `certs/` will be signed when
+running :
+```
+$ openssl genrsa -out keys/smtp #Generate a key for smtp.domain.tld
+$ ssl-ca sign
+Signature ok
+subject=/CN=*.*.smtp.domain.tld
+Getting CA Private Key
+```
+To resign **ALL** existing keys (regardless of existing certificates) :
+```
+$ ssl-ca resign
+Signature ok
+subject=/CN=*.*.smtp.domain.tld
+Getting CA Private Key
+Signature ok
+subject=/CN=*.*.www.smtp.domain.tld
+Getting CA Private Key
+```
+The certs by themselves are the same as self-signed certs, but once you
+add `CA.crt`{.sourceCode} to your browser (or OS), then the certs will
+be valid as any other cert on the internet.
+## Development
+Requirements are:
+- Python (2.7 or 3.5 or later).
+- Make.
+- Git.
+- Bats.
+Tests are written using [Bats](https://github.com/sstephenson/bats) and
+some linters are used with [pre-commit](http://pre-commit.com/). The
+`clean`{.sourceCode}, `test`{.sourceCode} and `pre-commit`{.sourceCode}
+Make targets are provided. Installing the pre-commit Git hooks is
+recommended.
+## License
+This software is licensed under the MIT license (see `LICENSE.txt`).
+## Author Information
+Nimrod Adar, [contact me](mailto:nimrod@shore.co.il) or visit my
+[website](https://www.shore.co.il/). Patches are welcome via
+[`git send-email`](http://git-scm.com/book/en/v2/Git-Commands-Email). The repository
+is located at: <https://git.shore.co.il/expore/>.
--- a/README.rst
+++ b/README.rst
-SSL-CA
-######
-.. image:: https://travis-ci.org/adarnimrod/ssl-ca.svg?branch=master
-    :target: https://travis-ci.org/adarnimrod/ssl-ca
-This utility automates generating an SSL certificate authority, keys and
-signed certificates. The only dependency is OpenSSL (and base utils). Make 
-and Git are needed for installation (although one can just download and copy
-:code:`ssl-ca`). The use case in mind is testing and internal environments,
-therefore some security measures (like revocation) are not available in the
-current implementation.
-Installation
------------
-.. code:: shell
-    git clone https://www.shore.co.il/cgit/ssl-ca
-    cd ssl-ca
-    sudo make install
-Usage
-----
-This will generate, inside the new directory, the directory structure, a starting
-configuration for starting work and a new CA key and certificate. ::
-    $ mkdir domain.tld
-    $ cd domain.tld
-    $ ssl-ca init
-    Generating RSA private key, 512 bit long modulus
-    .++++++++++++
-    ......++++++++++++
-    e is 65537 (0x10001)
-To generate a new key and certificate for the www host, the key will at
-``keys/www`` and the certificate at ``certs/www`` ::
-    $ ssl-ca gen www
-    Generating RSA private key, 512 bit long modulus
-    ................................++++++++++++
-    ..++++++++++++
-    e is 65537 (0x10001)
-    Signature ok
-    subject=/CN=*.*.www.domain.tld
-    Getting CA Private Key
-To sign existing keys, copy them to the ``keys/`` folder. All keys that don't
-have a matching certificate under ``certs/`` will be signed when running ::
-    $ openssl genrsa -out keys/smtp #Generate a key for smtp.domain.tld
-    $ ssl-ca sign
-    Signature ok
-    subject=/CN=*.*.smtp.domain.tld
-    Getting CA Private Key
-To resign **ALL** existing keys (regardless of existing certificates) ::
-    $ ssl-ca resign
-    Signature ok
-    subject=/CN=*.*.smtp.domain.tld
-    Getting CA Private Key
-    Signature ok
-    subject=/CN=*.*.www.smtp.domain.tld
-    Getting CA Private Key
-The certs by themselves are the same as self-signed certs, but once you add
-:code:`CA.crt` to your browser (or OS), then the certs will be valid as any
-other cert on the internet.
-Development
-----------
-Requirements are:
- Python (2.7 or 3.5 or later).
- Make.
- Git.
- Bats.
-Tests are written using `Bats <https://github.com/sstephenson/bats>`_ and some
-linters are used with `pre-commit <http://pre-commit.com/>`_. The :code:`clean`,
-:code:`test` and :code:`pre-commit` Make targets are provided. Installing the
-pre-commit Git hooks is recommended.
-License
-------
-This software is licensed under the MIT license (see the :code:`LICENSE.txt`
-file).
-Author
------
-Nimrod Adar, `contact me <nimrod@shore.co.il>`_ or visit my `website
-<https://www.shore.co.il/>`_. Patches are welcome via `git send-email
-<http://git-scm.com/book/en/v2/Git-Commands-Email>`_. The repository is located
-at: https://www.shore.co.il/cgit/.
--- a/ssl-ca
+++ b/ssl-ca
@@ -16,7 +16,7 @@ default_ca = CA_default
 dir = $PWD
 certs = \$dir/certs
 certificate = \$dir/CA.crt
-private_key = \$dir/CA.key
+private_key = \$dir/CA.key  # pragma: allowlist secret
 default_md = sha256
 email_in_dn = no
 RANDFILE = /dev/urandom

--- a/tests/ssl-ca.bats
+++ b/tests/ssl-ca.bats
-#!/usr/bin/env bats
 export PATH="$BATS_TEST_DIRNAME/../:$PATH"
 setup () {