cookbook 'cacert', '= 0.3.1'
cacert (6) Versions 0.3.1 Follow4
Installs/Configures cacert
cookbook 'cacert', '= 0.3.1', :supermarket
knife supermarket install cacert
knife supermarket download cacert
cacert Cookbook
This cookbook provides LWRP to install certificate authorities and set the needed hash-symlinks.
Attributes
You can specify the default path were the ssl certificates and symlinks are stored using an attribute
node['cacert']['cert_dir'] # defaults to '/etc/ssl/certs'
Recipes
default
The default recipe will install CA certificates defined in the certs
attributes of the node.
Eg.
{ "cacert": { "certs": { "my.ca.cert.org": { "source": "https://my.ca.cert.org/certs/root.crt", "cert_dir": "/etc/ssl/certs", "hash": "492ffc07" } } } }
cacert.org
This recipe installs the cacert.org root certificate
It automatically sets the correct symlinks on broken systems (like Debian Squeeze), see this gist: https://gist.github.com/chr4/5805334
Providers
To use the providers, add the following to your metadata.rb
depends 'cacert'
cacert
Installs a certificate from a given URL, and calls cacert_hash to create the necessary symlinks.
The following example installs the cacert.org root certificate to /etc/ssl/certs/cacert.org.pem
NOTE On Debian Squeeze (and potentially on other systems), openssl generates the wrong hash. As a workaround, you can specify the hash manually, see the "hash" attribute below.
cacert 'cacert.org.pem' do
cert 'cacert.org.pem' # name attribute
source 'https://www.cacert.org/certs/root.crt' # required
cert_dir '/etc/ssl/certs' # defaults to node['cacert']['cert_dir']
action :create # default :create
# You can specify the hash for the symlink manually.
# Ff not given, this will be generated using openssl x509 -hash
hash '99d0fa06' # correct hash for cacerts root certificate
# Also, a sha256 checksum is supported.
# If the checksum doesn't match, the certificate won't be installed.
checksum 'c0e0773a79dceb622ef6410577c19c1e177fb2eb9c623a49340de3c9f1de2560'
end
cacert_hash
You can use the cacert_hash provider by its own, too
cacert_hash 'cacert.org.pem' do
cert 'cacert.org.pem' # name attribute
cert_dir '/etc/ssl/certs' # defaults to node['cacert']['cert_dir']
# You can specify the hash for the symlink manually.
# Ff not given, this will be generated using openssl x509 -hash
hash '99d0fa06' # correct hash for cacerts root certificate
end
Contributing
e.g.
- Fork the repository on Github
- Create a named feature branch (like
add_component_x
) - Write you change
- Write tests for your change (if applicable)
- Run the tests, ensuring they all pass
- Submit a Pull Request using Github
License and Authors
Author: Chris Aumann me@chr4.org
Contributors: François Lamboley fload@me.com
License: GPLv3
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
CHANGELOG for cacert
This file is used to list changes made in each version of cacert.
0.3.1:
- Add support for checksums
0.3.0:
- Check whether hashes match when it's provided
- Do not use https when fetching cacert.org certificates
- cacert.org recipe now also installs cacert.org class 3 PKI
0.2.0:
- Add default recipe, that installs certificates according to attributes
0.1.0:
- Initial release of cacert
Foodcritic Metric
0.3.1 failed this metric
FC002: Avoid string interpolation where not required: /tmp/cook/83f1b7d3e6df599931162c5b/cacert/providers/default.rb:22
FC002: Avoid string interpolation where not required: /tmp/cook/83f1b7d3e6df599931162c5b/cacert/providers/default.rb:25
0.3.1 failed this metric
FC002: Avoid string interpolation where not required: /tmp/cook/83f1b7d3e6df599931162c5b/cacert/providers/default.rb:25