Skip to content

Latest commit

 

History

History
101 lines (74 loc) · 3.31 KB

README.md

File metadata and controls

101 lines (74 loc) · 3.31 KB

Signstar configure build

A commandline tool to configure a Signstar system during build.

The scope of this project is to read a dedicated configuration file, derive system users and their integration from it and create them.

The signstar-configure-build executable must be run as root.

Documentation

Configuration file

By default signstar-configure-build relies on the configuration file /usr/share/signstar/config.toml and will fail if it is not found or not valid.

One of the following configuration files in the following order are used instead, if they exist:

  • /usr/local/share/signstar/config.toml
  • /run/signstar/config.toml
  • /etc/signstar/config.toml

Alternatively, signstar-configure-build can be provided with a custom configuration file location using the --config/ -c option.

System users

Based on configured user mappings in the configuration file, signstar-configure-build:

  • creates unlocked system users
    • without passphrase
    • with a home directory below /var/lib/signstar/home/ (but without creating it)
  • adds tmpfiles.d integration for each user, so that their home directory is created automatically
  • adds a dedicated authorized_keys file and sshd_config drop-in configuration, which defines a ForceCommand option to enforce specific commands for each configured user with SSH access

Examples

Assuming a valid configuration file (such as example.toml) in one of the default locations, the executable is called without any options:

signstar-configure-build

Contributing

Please refer to the contributing guidelines to learn how to contribute to this project.

License

This project may be used under the terms of the Apache-2.0 or MIT license.

Changes to this project - unless stated otherwise - automatically fall under the terms of both of the aforementioned licenses.