A commandline tool to configure a Signstar system during build.
The scope of this project is to read a dedicated configuration file, derive system users and their integration from it and create them.
The signstar-configure-build executable must be run as root.
- https://signstar.archlinux.page/rustdoc/signstar_configure_build/ for development version of the crate
- https://docs.rs/signstar_configure_build/latest/signstar_configure_build/ for released versions of the crate
By default signstar-configure-build relies on the configuration file /usr/share/signstar/config.toml and will fail if it is not found or not valid.
One of the following configuration files in the following order are used instead, if they exist:
/usr/local/share/signstar/config.toml/run/signstar/config.toml/etc/signstar/config.toml
Alternatively, signstar-configure-build can be provided with a custom configuration file location using the --config/ -c option.
Based on configured user mappings in the configuration file, signstar-configure-build:
- creates unlocked system users
- without passphrase
- with a home directory below
/var/lib/signstar/home/(but without creating it)
- adds tmpfiles.d integration for each user, so that their home directory is created automatically
- adds a dedicated authorized_keys file and sshd_config drop-in configuration, which defines a ForceCommand option to enforce specific commands for each configured user with SSH access
Assuming a valid configuration file (such as example.toml) in one of the default locations, the executable is called without any options:
signstar-configure-buildPlease refer to the contributing guidelines to learn how to contribute to this project.
This project may be used under the terms of the Apache-2.0 or MIT license.
Changes to this project - unless stated otherwise - automatically fall under the terms of both of the aforementioned licenses.