Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status

RSS

cacert (6) Versions 0.3.1

Installs/Configures cacert

Policyfile
Berkshelf
Knife
cookbook 'cacert', '= 0.3.1', :supermarket
cookbook 'cacert', '= 0.3.1'
knife supermarket install cacert
knife supermarket download cacert
README
Dependencies
Changelog
Quality 0%

cacert Cookbook

This cookbook provides LWRP to install certificate authorities and set the needed hash-symlinks.

Attributes

You can specify the default path were the ssl certificates and symlinks are stored using an attribute

node['cacert']['cert_dir'] # defaults to '/etc/ssl/certs'

Recipes

default

The default recipe will install CA certificates defined in the certs attributes of the node.

Eg.

{
  "cacert": {
    "certs": {
      "my.ca.cert.org": {
        "source": "https://my.ca.cert.org/certs/root.crt",
        "cert_dir": "/etc/ssl/certs",
        "hash": "492ffc07"
      }
    }
  }
}

cacert.org

This recipe installs the cacert.org root certificate

It automatically sets the correct symlinks on broken systems (like Debian Squeeze), see this gist: https://gist.github.com/chr4/5805334

Providers

To use the providers, add the following to your metadata.rb

depends 'cacert'

cacert

Installs a certificate from a given URL, and calls cacert_hash to create the necessary symlinks.
The following example installs the cacert.org root certificate to /etc/ssl/certs/cacert.org.pem

NOTE On Debian Squeeze (and potentially on other systems), openssl generates the wrong hash. As a workaround, you can specify the hash manually, see the "hash" attribute below.

cacert 'cacert.org.pem' do
  cert     'cacert.org.pem'                        # name attribute
  source   'https://www.cacert.org/certs/root.crt' # required
  cert_dir '/etc/ssl/certs'                        # defaults to node['cacert']['cert_dir']
  action   :create                                 # default :create

  # You can specify the hash for the symlink manually.
  # Ff not given, this will be generated using openssl x509 -hash
  hash     '99d0fa06' # correct hash for cacerts root certificate

  # Also, a sha256 checksum is supported.
  # If the checksum doesn't match, the certificate won't be installed.
  checksum 'c0e0773a79dceb622ef6410577c19c1e177fb2eb9c623a49340de3c9f1de2560'
end

cacert_hash

You can use the cacert_hash provider by its own, too

cacert_hash 'cacert.org.pem' do
  cert     'cacert.org.pem'                        # name attribute
  cert_dir '/etc/ssl/certs'                        # defaults to node['cacert']['cert_dir']

  # You can specify the hash for the symlink manually.
  # Ff not given, this will be generated using openssl x509 -hash
  hash     '99d0fa06' # correct hash for cacerts root certificate
end

Contributing

e.g.

  1. Fork the repository on Github
  2. Create a named feature branch (like add_component_x)
  3. Write you change
  4. Write tests for your change (if applicable)
  5. Run the tests, ensuring they all pass
  6. Submit a Pull Request using Github

License and Authors

Author: Chris Aumann me@chr4.org
Contributors: François Lamboley fload@me.com

License: GPLv3

Dependent cookbooks

This cookbook has no specified dependencies.

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

CHANGELOG for cacert

This file is used to list changes made in each version of cacert.

0.3.1:

  • Add support for checksums

0.3.0:

  • Check whether hashes match when it's provided
  • Do not use https when fetching cacert.org certificates
  • cacert.org recipe now also installs cacert.org class 3 PKI

0.2.0:

  • Add default recipe, that installs certificates according to attributes

0.1.0:

  • Initial release of cacert

Foodcritic Metric
            

0.3.1 failed this metric

FC002: Avoid string interpolation where not required: /tmp/cook/83f1b7d3e6df599931162c5b/cacert/providers/default.rb:22
FC002: Avoid string interpolation where not required: /tmp/cook/83f1b7d3e6df599931162c5b/cacert/providers/default.rb:25