cookbook 'cacert', '= 0.4.0'
cacert (6) Versions 0.4.0 Follow4
Installs/Configures cacert
cookbook 'cacert', '= 0.4.0', :supermarket
knife supermarket install cacert
knife supermarket download cacert
cacert Cookbook
This cookbook provides LWRP to install certificate authorities and set the needed hash-symlinks.
Attributes
You can specify the default path were the ssl certificates and symlinks are stored using an attribute
node['cacert']['cert_dir'] # defaults to '/etc/ssl/certs'
Recipes
default
The default recipe will install CA certificates defined in the certs
attributes of the node.
Eg.
{ "cacert": { "certs": { "my.ca.cert.org": { "source": "https://my.ca.cert.org/certs/root.crt", "cert_dir": "/etc/ssl/certs", "cert_hash": "492ffc07" } } } }
cacert.org
This recipe installs the cacert.org root certificate
It automatically sets the correct symlinks on broken systems (like Debian Squeeze), see this gist: https://gist.github.com/chr4/5805334
Providers
To use the providers, add the following to your metadata.rb
depends 'cacert'
cacert
Installs a certificate from a given URL, and calls cacert_hash to create the necessary symlinks.
The following example installs the cacert.org root certificate to /etc/ssl/certs/cacert.org.pem
NOTE On Debian Squeeze (and potentially on other systems), openssl generates the wrong hash. As a workaround, you can specify the hash manually, see the "hash" attribute below.
cacert 'cacert.org.pem' do
cert 'cacert.org.pem' # name attribute
source 'https://www.cacert.org/certs/root.crt' # required
cert_dir '/etc/ssl/certs' # defaults to node['cacert']['cert_dir']
action :create # default :create
# You can specify the hash for the symlink manually.
# Ff not given, this will be generated using openssl x509 -hash
cert_hash '99d0fa06' # correct hash for cacerts root certificate
# Also, a sha256 checksum is supported.
# If the checksum doesn't match, the certificate won't be installed.
checksum 'c0e0773a79dceb622ef6410577c19c1e177fb2eb9c623a49340de3c9f1de2560'
end
cacert_hash
You can use the cacert_hash provider by its own, too
cacert_hash 'cacert.org.pem' do
cert 'cacert.org.pem' # name attribute
cert_dir '/etc/ssl/certs' # defaults to node['cacert']['cert_dir']
# You can specify the hash for the symlink manually.
# Ff not given, this will be generated using openssl x509 -hash
cert_hash '99d0fa06' # correct hash for cacerts root certificate
end
Contributing
e.g.
- Fork the repository on Github
- Create a named feature branch (like
add_component_x
) - Write you change
- Write tests for your change (if applicable)
- Run the tests, ensuring they all pass
- Submit a Pull Request using Github
License and Authors
Author: Chris Aumann me@chr4.org
Contributors: François Lamboley fload@me.com
License: GPLv3
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
CHANGELOG for cacert
This file is used to list changes made in each version of cacert.
0.4.0:
- Rename the
hash
attribute tocert_hash
(used by thecacert
(default) andcacert_hash
provider).
This change is a workaround, as Chef-12.16.42 apparently fails with a hard to
track down error message if an attribute is named hash
. See this Github
issue for details.
0.3.1:
- Add support for checksums
0.3.0:
- Check whether hashes match when it's provided
- Do not use https when fetching cacert.org certificates
- cacert.org recipe now also installs cacert.org class 3 PKI
0.2.0:
- Add default recipe, that installs certificates according to attributes
0.1.0:
- Initial release of cacert
Collaborator Number Metric
0.4.0 failed this metric
Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.
Contributing File Metric
0.4.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.4.0 failed this metric
FC064: Ensure issues_url is set in metadata: cacert/metadata.rb:1
FC065: Ensure source_url is set in metadata: cacert/metadata.rb:1
FC066: Ensure chef_version is set in metadata: cacert/metadata.rb:1
FC069: Ensure standardized license defined in metadata: cacert/metadata.rb:1
Run with Foodcritic Version 11.1.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
License Metric
0.4.0 passed this metric
No Binaries Metric
0.4.0 passed this metric
Testing File Metric
0.4.0 passed this metric
Version Tag Metric
0.4.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.4.0 failed this metric
0.4.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.4.0 failed this metric
FC064: Ensure issues_url is set in metadata: cacert/metadata.rb:1
FC065: Ensure source_url is set in metadata: cacert/metadata.rb:1
FC066: Ensure chef_version is set in metadata: cacert/metadata.rb:1
FC069: Ensure standardized license defined in metadata: cacert/metadata.rb:1
Run with Foodcritic Version 11.1.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
License Metric
0.4.0 passed this metric
No Binaries Metric
0.4.0 passed this metric
Testing File Metric
0.4.0 passed this metric
Version Tag Metric
0.4.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.4.0 failed this metric
FC065: Ensure source_url is set in metadata: cacert/metadata.rb:1
FC066: Ensure chef_version is set in metadata: cacert/metadata.rb:1
FC069: Ensure standardized license defined in metadata: cacert/metadata.rb:1
Run with Foodcritic Version 11.1.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
0.4.0 passed this metric
No Binaries Metric
0.4.0 passed this metric
Testing File Metric
0.4.0 passed this metric
Version Tag Metric
0.4.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.4.0 passed this metric
0.4.0 passed this metric
Version Tag Metric
0.4.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.4.0 failed this metric