diff --git a/CMakeLists.txt b/CMakeLists.txt index bf404ff..821c7d9 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -15,7 +15,7 @@ if(NOT CMAKE_BUILD_TYPE) endif() if (CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT) - set (CMAKE_INSTALL_PREFIX "/home/tsg/certstore" CACHE PATH "default install path" FORCE ) + set (CMAKE_INSTALL_PREFIX "/opt/tsg/certstore" CACHE PATH "default install path" FORCE ) endif() # Global compile options diff --git a/cmake/Package.cmake b/cmake/Package.cmake index a4183e7..86fc9bc 100644 --- a/cmake/Package.cmake +++ b/cmake/Package.cmake @@ -5,6 +5,7 @@ else() endif() set(CPACK_PACKAGE_VENDOR "MESASOFT") +set(CMAKE_INSTALL_PREFIX "/opt/tsg/certstore") set(CPACK_PACKAGE_VERSION_MAJOR "${TARGET_MAJOR}") set(CPACK_PACKAGE_VERSION_MINOR "${TARGET_MINOR}") set(CPACK_PACKAGE_VERSION_PATCH "${TARGET_PATCH}.${TARGET_DESCRIBE}") @@ -17,24 +18,22 @@ set(CPACK_RPM_FILE_NAME "RPM-DEFAULT") set(CPACK_RPM_PACKAGE_AUTOREQPROV "no") set(CPACK_RPM_PACKAGE_RELEASE_DIST on) set(CPACK_RPM_DEBUGINFO_PACKAGE on) -set(CPACK_RPM_PRE_INSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/cmake/PreInstall.in) -#set(CPACK_RPM_POST_INSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/cmake/PostInstall.in) -#set(CPACK_RPM_POST_UNINSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/cmake/PostUninstall.in) -#set(CPACK_RPM_PRE_UNINSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/cmake/PreUninstall.in) +set(CPACK_RPM_POST_INSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/cmake/PostInstall.in) +set(CPACK_RPM_POST_UNINSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/cmake/PostUninstall.in) +set(CPACK_RPM_PRE_UNINSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/cmake/PreUninstall.in) + -set(CMAKE_INSTALL_PREFIX "/home/tsg/certstore") set(CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX /home/tsg) -install(PROGRAMS build/program/certstore DESTINATION ./) +install(PROGRAMS build/program/certstore DESTINATION ./bin) install(DIRECTORY resource/cert DESTINATION ./) install(DIRECTORY resource/conf DESTINATION ./) -#install(FILES resource/package/r2_certstore DESTINATION ./) -#install(FILES resource/package/r3_certstore DESTINATION ./) -#install(FILES resource/package/Makefile DESTINATION ./) -install(FILES script/signssl.sh DESTINATION ./tool) -install(FILES script/x509 DESTINATION ./tool) -install(FILES script/certstore.service DESTINATION /usr/lib/systemd/system/) +install(FILES script/tool/signssl.sh DESTINATION ./tool) +install(FILES script/tool/x509 DESTINATION ./tool) + +install(FILES script/service/certstore.service DESTINATION /usr/lib/systemd/system/) +install(FILES script/tmpfiles/cert_store.conf DESTINATION /usr/lib/tmpfiles.d/) # Must uninstall the debug package before install release package if(CMAKE_BUILD_TYPE STREQUAL "Debug") diff --git a/cmake/PostInstall.in b/cmake/PostInstall.in new file mode 100644 index 0000000..00d79b7 --- /dev/null +++ b/cmake/PostInstall.in @@ -0,0 +1,3 @@ +%sysctl_apply +%tmpfiles_create +/sbin/ldconfig diff --git a/cmake/PostUninstall.in b/cmake/PostUninstall.in new file mode 100644 index 0000000..00d79b7 --- /dev/null +++ b/cmake/PostUninstall.in @@ -0,0 +1,3 @@ +%sysctl_apply +%tmpfiles_create +/sbin/ldconfig diff --git a/cmake/PreInstall.in b/cmake/PreInstall.in deleted file mode 100644 index e69de29..0000000 diff --git a/cmake/PreUninstall.in b/cmake/PreUninstall.in new file mode 100644 index 0000000..a3325d5 --- /dev/null +++ b/cmake/PreUninstall.in @@ -0,0 +1,2 @@ +%sysctl_apply +%tmpfiles_create diff --git a/resource/conf/cert_store.ini b/resource/conf/cert_store.ini index ef0b2ee..cf49563 100644 --- a/resource/conf/cert_store.ini +++ b/resource/conf/cert_store.ini @@ -15,7 +15,8 @@ expire_after = 30 #Local default root certificate path local_debug = 0 ca_path = ./cert/tango-ca-v3-trust-ca.pem -untrusted_ca_path = ./cert/mesalab-ca-untrust.pem +untrusted_ca_path = ./cert/tango-ca-v3-untrust-ca.pem + [MAAT] #Configure the load mode, #0: using the configuration distribution network @@ -32,18 +33,22 @@ inc_cfg_dir=./rule/inc/index full_cfg_dir=./rule/full/index #Json file path when json schema is used pxy_obj_keyring=./conf/pxy_obj_keyring.json + [LIBEVENT] #Local monitor port number, default is 9991 port = 9991 + [CERTSTORE_REDIS] #The Redis server IP address and port number where the certificate is stored locally ip = 127.0.0.1 port = 6379 + [MAAT_REDIS] #Maat monitors the Redsi server IP address and port number ip = 192.168.11.243 port = 6379 dbindex = 4 + [stat] statsd_server=192.168.10.72 statsd_port=8126 diff --git a/script/certstore.service b/script/service/certstore.service similarity index 64% rename from script/certstore.service rename to script/service/certstore.service index 280d2b9..71a6e5c 100644 --- a/script/certstore.service +++ b/script/service/certstore.service @@ -3,8 +3,8 @@ Description=Certificate Signing Engine After=redis.service [Service] -WorkingDirectory=/home/tsg/certstore -ExecStart=/home/tsg/certstore/certstore +WorkingDirectory=/opt/tsg/certstore +ExecStart=/opt/tsg/certstore/bin/certstore Restart=always RestartSec=5s diff --git a/script/tarball.sh b/script/tarball/tarball.sh similarity index 100% rename from script/tarball.sh rename to script/tarball/tarball.sh diff --git a/script/tmpfiles/cert_store.conf b/script/tmpfiles/cert_store.conf new file mode 100644 index 0000000..f084a44 --- /dev/null +++ b/script/tmpfiles/cert_store.conf @@ -0,0 +1,5 @@ +#Type Path Mode User Group Age Argument +d /var/log/certstore/ 0755 - - 7d - +d /run/certstore/foreign_files 0755 - - - - +L /opt/tsg/certstore/logs - - - - /var/log/certstore +L /opt/tsg/certstore/foreign_files - - - - /run/certstore/foreign_files diff --git a/script/signssl.sh b/script/tool/signssl.sh similarity index 100% rename from script/signssl.sh rename to script/tool/signssl.sh diff --git a/script/x509 b/script/tool/x509 similarity index 100% rename from script/x509 rename to script/tool/x509