Merge branch 'master' into hs/scep

.github/workflows/release.yml

@@ -20,7 +20,7 @@ jobs:
         name: Setup Go
         uses: actions/setup-go@v2
         with:
-          go-version: '^1.15.8'
+          go-version: '1.15.8'
       -
         name: Install Deps
         id: install-deps
@@ -105,7 +105,7 @@ jobs:
         name: Set up Go
         uses: actions/setup-go@v2
         with:
-          go-version: '^1.15.8'
+          go-version: '1.15.8'
       -
         name: APT Install
         id: aptInstall
@@ -135,7 +135,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v2
         with:
-          go-version: '^1.15.8'
+          go-version: '1.15.8'
       - name: Build
         id: build
         run: |

.github/workflows/test.yml

@@ -18,7 +18,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v2
         with:
-          go-version: '^1.15.6'
+          go-version: '1.15.6'
       - name: Install Deps
         id: install-deps
         run: sudo apt-get -y install libpcsclite-dev

Makefile

@@ -215,15 +215,15 @@ run:
 #########################################
 
 changelog:
-	$Q echo "step-certificates ($(DEB_VERSION)) unstable; urgency=medium" > debian/changelog
+	$Q echo "step-ca ($(DEB_VERSION)) unstable; urgency=medium" > debian/changelog
 	$Q echo >> debian/changelog
 	$Q echo "  * See https://github.com/smallstep/certificates/releases" >> debian/changelog
 	$Q echo >> debian/changelog
 	$Q echo " -- Smallstep Labs, Inc. <techadmin@smallstep.com>  $(shell date -uR)" >> debian/changelog
 
 debian: changelog
 	$Q mkdir -p $(RELEASE); \
-	OUTPUT=../step-certificates_*.deb; \
+	OUTPUT=../step-ca*.deb; \
 	rm $$OUTPUT; \
 	dpkg-buildpackage -b -rfakeroot -us -uc && cp $$OUTPUT $(RELEASE)/
 
@@ -236,7 +236,7 @@ distclean: clean
 #################################################
 
 BINARY_OUTPUT=$(OUTPUT_ROOT)binary/
-RELEASE=./.travis-releases
+RELEASE=./.releases
 
 define BUNDLE_MAKE
 	# $(1) -- Go Operating System (e.g. linux, darwin, windows, etc.)
@@ -258,23 +258,7 @@ binary-linux-armv7:
 binary-darwin:
 	$(call BUNDLE_MAKE,darwin,amd64,,$(BINARY_OUTPUT)darwin/)
 
-define BUNDLE
-    # $(1) -- Binary Output Dir Name
-	# $(2) -- Step Platform Name
-	# $(3) -- Step Binary Architecture
-	# $(4) -- Step Binary Name (For Windows Comaptibility)
-	$(q) ./make/bundle.sh "$(BINARY_OUTPUT)$(1)" "$(RELEASE)" "$(VERSION)" "$(2)" "$(3)" "$(4)" "$(5)" "$(6)"
-endef
-
-bundle-linux: binary-linux binary-linux-arm64 binary-linux-armv7
-	$(call BUNDLE,linux,linux,amd64,$(BINNAME),$(CLOUDKMS_BINNAME),$(AWSKMS_BINNAME))
-	$(call BUNDLE,linux.arm64,linux,arm64,$(BINNAME),$(CLOUDKMS_BINNAME),$(AWSKMS_BINNAME))
-	$(call BUNDLE,linux.armv7,linux,armv7,$(BINNAME),$(CLOUDKMS_BINNAME),$(AWSKMS_BINNAME))
-
-bundle-darwin: binary-darwin
-	$(call BUNDLE,darwin,darwin,amd64,$(BINNAME),$(CLOUDKMS_BINNAME),$(AWSKMS_BINNAME))
-
-.PHONY: binary-linux binary-darwin bundle-linux bundle-darwin
+.PHONY: binary-linux binary-linux-arm64 binary-linux-armv7 binary-darwin
 
 #################################################
 # Targets for creating step artifacts

README.md

@@ -142,13 +142,13 @@ $ brew install step
     Download the Debian package from the [latest `step-ca` release](https://github.com/smallstep/certificates/releases/latest):
 
     ```
-    $ wget https://github.com/smallstep/certificates/releases/download/vX.Y.Z/step-certificates_X.Y.Z_amd64.deb
+    $ wget https://github.com/smallstep/certificates/releases/download/vX.Y.Z/step-ca_X.Y.Z_amd64.deb
     ```
 
     Install the Debian package:
 
     ```
-    $ sudo dpkg -i step-certificates_X.Y.Z_amd64.deb
+    $ sudo dpkg -i step-ca_X.Y.Z_amd64.deb
     ```
 
 #### Arch Linux
@@ -184,14 +184,14 @@ You can use [pacman](https://www.archlinux.org/pacman/) to install the packages.
     Download the Linux package from the [latest `step-ca` release](https://github.com/smallstep/certificates/releases/latest):
 
     ```
-    $ wget -O step-ca.tar.gz https://github.com/smallstep/certificates/releases/download/vX.Y.Z/step-certificates_linux_X.Y.Z_amd64.tar.gz
+    $ wget -O step-ca.tar.gz https://github.com/smallstep/certificates/releases/download/vX.Y.Z/step-ca_linux_X.Y.Z_amd64.tar.gz
     ```
 
     Install `step-ca` by unzipping and copying the executable over to `/usr/bin`:
 
     ```
     $ tar -xf step-ca.tar.gz
-    $ sudo cp step-certificates_X.Y.Z/bin/step-ca /usr/bin
+    $ sudo cp step-ca_X.Y.Z/bin/step-ca /usr/bin
     ```
 
 See the [`systemctl` setup section](https://smallstep.com/docs/step-ca/certificate-authority-server-production#running-step-ca-as-a-daemon) for a

debian/changelog

@@ -1,4 +1,4 @@
-step-certificates (0.8.4-14-ge72f087-dev) unstable; urgency=medium
+step-ca (0.8.4-14-ge72f087-dev) unstable; urgency=medium
 
   * See https://github.com/smallstep/certificates/releases
 

debian/control

@@ -1,4 +1,4 @@
-Source: step-certificates
+Source: step-ca
 Section: utils
 Priority: optional
 Maintainer: Smallstep Labs, Inc. <techadmin@smallstep.com>
@@ -8,8 +8,8 @@ Homepage: https://github.com/smallstep/certificates
 Vcs-Browser: https://github.com/smallstep/certificates.git
 Vcs-Git: https://github.com/smallstep/certificates.git
 
-Package: step-certificates
+Package: step-ca
 Architecture: any
 Depends: ${misc:Depends}
 Description: Smallstep Certificate Authority
-   step-certificates is the Smallstep Certificate Authority.
+   step-ca is the Smallstep Certificate Authority.

debian/copyright

@@ -1,13 +1,13 @@
 Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
-Upstream-Name: step-certificates
+Upstream-Name: step-ca
 Source: https://github.com/smallstep/certificates
 
 Files: *
-Copyright: 2020 Smallstep Labs, Inc.
+Copyright: 2021 Smallstep Labs, Inc.
 License: Apache 2.0
 
 License: Apache 2.0
- Copyright (c) 2019 Smallstep Labs, Inc.
+ Copyright (c) 2021 Smallstep Labs, Inc.
  .
  Licensed under the Apache License, Version 2.0 (the "License");
  you may not use this file except in compliance with the License.

distribution.md

@@ -77,10 +77,10 @@ e.g. `v1.0.2`
 
     Travis will build and upload the following artifacts:
 
-    * **step-certificates_1.0.3_amd64.deb**: debian package for installation on linux.
-    * **step-certificates_1.0.3_linux_amd64.tar.gz**: tarball containing a statically compiled linux binary.
-    * **step-certificates_1.0.3_darwin_amd64.tar.gz**: tarball containing a statically compiled darwin binary.
-    * **step-certificates.tar.gz**: tarball containing a git archive of the full repo.
+    * **step-ca_1.0.3_amd64.deb**: debian package for installation on linux.
+    * **step-ca_linux_1.0.3_amd64.tar.gz**: tarball containing a statically compiled linux binary.
+    * **step-ca_darwin_1.0.3_amd64.tar.gz**: tarball containing a statically compiled darwin binary.
+    * **step-ca_1.0.3.tar.gz**: tarball containing a git archive of the full repo.
 
 3. **Update the AUR Arch Linux package**
 

docs/kms.md

@@ -5,8 +5,8 @@ private keys and sign certificates.
 
 Support for multiple KMS are planned, but currently the only Google's Cloud KMS,
 and Amazon's AWS KMS are supported. A still experimental version for YubiKeys is
-also available if you compile
-[step-certificates](https://github.com/smallstep/certificates) yourself.
+also available if you compile [step-ca](https://github.com/smallstep/certificates) 
+yourself.
 
 ## Google's Cloud KMS
 

systemd/step-ca.service

@@ -15,7 +15,7 @@ User=step
 Group=step
 Environment=STEPPATH=/etc/step-ca
 WorkingDirectory=/etc/step-ca
-ExecStart=/usr/local/bin/step-ca config/ca.json --password-file password.txt
+ExecStart=/usr/bin/step-ca config/ca.json --password-file password.txt
 ExecReload=/bin/kill --signal HUP $MAINPID
 Restart=on-failure
 RestartSec=5
@@ -32,6 +32,8 @@ NoNewPrivileges=yes
 ; Sandboxing
 ; This sandboxing works with YubiKey PIV (via pcscd HTTP API), but it is likely
 ; too restrictive for PKCS#11 HSMs.
+;
+; NOTE: Comment out the rest of this section for troubleshooting.
 ProtectSystem=full
 ProtectHome=true
 RestrictNamespaces=true