Merge branch 'master' into hs/scep

smallstep · May 20, 2021 · bc2bb53 · bc2bb53
2 parents 375687c + f84c8f8
commit bc2bb53
Show file tree

Hide file tree

Showing 8 changed files with 76 additions and 104 deletions.
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -20,10 +20,15 @@ builds:
       - arm64
       - 386
     goarm:
+      - 6
       - 7
     ignore:
      - goos: windows
        goarch: 386
+     - goos: windows
+       goarm: 6
+     - goos: windows
+       goarm: 7
     flags:
       - -trimpath
     main: ./cmd/step-ca/main.go
@@ -44,10 +49,15 @@ builds:
       - arm64
       - 386
     goarm:
+      - 6
       - 7
     ignore:
      - goos: windows
        goarch: 386
+     - goos: windows
+       goarm: 6
+     - goos: windows
+       goarm: 7
     flags:
       - -trimpath
     main: ./cmd/step-cloudkms-init/main.go
@@ -68,10 +78,15 @@ builds:
       - arm64
       - 386
     goarm:
+      - 6
       - 7
     ignore:
      - goos: windows
        goarch: 386
+     - goos: windows
+       goarm: 6
+     - goos: windows
+       goarm: 7
     flags:
       - -trimpath
     main: ./cmd/step-awskms-init/main.go
@@ -84,6 +99,9 @@ archives:
     # Most common use case is to archive as zip on Windows.
     # Default is empty.
     name_template: "{{ .ProjectName }}_{{ .Os }}_{{ .Version }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ if .Mips }}_{{ .Mips }}{{ end }}"
+    format_overrides:
+      - goos: windows
+        format: zip
     wrap_in_directory: "{{ .ProjectName }}_{{ .Version }}"
     files:
       - README.md

diff --git a/Makefile b/Makefile
@@ -231,35 +231,6 @@ distclean: clean
 
 .PHONY: changelog debian distclean
 
-#################################################
-# Build statically compiled step binary for various operating systems
-#################################################
-
-BINARY_OUTPUT=$(OUTPUT_ROOT)binary/
-RELEASE=./.releases
-
-define BUNDLE_MAKE
-	# $(1) -- Go Operating System (e.g. linux, darwin, windows, etc.)
-	# $(2) -- Go Architecture (e.g. amd64, arm, arm64, etc.)
-	# $(3) -- Go ARM architectural family (e.g. 7, 8, etc.)
-	# $(4) -- Parent directory for executables generated by 'make'.
-	$(q) GOOS_OVERRIDE='GOOS=$(1) GOARCH=$(2) GOARM=$(3)' PREFIX=$(4) make $(4)bin/$(BINNAME) $(4)bin/$(CLOUDKMS_BINNAME) $(4)bin/$(AWSKMS_BINNAME)
-endef
-
-binary-linux:
-	$(call BUNDLE_MAKE,linux,amd64,,$(BINARY_OUTPUT)linux/)
-
-binary-linux-arm64:
-	$(call BUNDLE_MAKE,linux,arm64,,$(BINARY_OUTPUT)linux.arm64/)
-
-binary-linux-armv7:
-	$(call BUNDLE_MAKE,linux,arm,7,$(BINARY_OUTPUT)linux.armv7/)
-
-binary-darwin:
-	$(call BUNDLE_MAKE,darwin,amd64,,$(BINARY_OUTPUT)darwin/)
-
-.PHONY: binary-linux binary-linux-arm64 binary-linux-armv7 binary-darwin
-
 #################################################
 # Targets for creating step artifacts
 #################################################

diff --git a/api/api.go b/api/api.go
@@ -5,6 +5,7 @@ import (
 	"crypto"
 	"crypto/dsa" //nolint
 	"crypto/ecdsa"
+	"crypto/ed25519"
 	"crypto/rsa"
 	"crypto/x509"
 	"encoding/asn1"
@@ -437,14 +438,15 @@ func parseCursor(r *http.Request) (cursor string, limit int, err error) {
 	return
 }
 
-// TODO: add support for Ed25519 once it's supported
 func fmtPublicKey(cert *x509.Certificate) string {
 	var params string
 	switch pk := cert.PublicKey.(type) {
 	case *ecdsa.PublicKey:
 		params = pk.Curve.Params().Name
 	case *rsa.PublicKey:
 		params = strconv.Itoa(pk.Size() * 8)
+	case ed25519.PublicKey:
+		return cert.PublicKeyAlgorithm.String()
 	case *dsa.PublicKey:
 		params = strconv.Itoa(pk.Q.BitLen() * 8)
 	default:

diff --git a/api/api_test.go b/api/api_test.go
@@ -6,6 +6,7 @@ import (
 	"crypto"
 	"crypto/dsa" //nolint
 	"crypto/ecdsa"
+	"crypto/ed25519"
 	"crypto/elliptic"
 	"crypto/rand"
 	"crypto/rsa"
@@ -1285,6 +1286,10 @@ func Test_fmtPublicKey(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
+	edPub, edPriv, err := ed25519.GenerateKey(rand.Reader)
+	if err != nil {
+		t.Fatal(err)
+	}
 	var dsa2048 dsa.PrivateKey
 	if err := dsa.GenerateParameters(&dsa2048.Parameters, rand.Reader, dsa.L2048N256); err != nil {
 		t.Fatal(err)
@@ -1304,6 +1309,7 @@ func Test_fmtPublicKey(t *testing.T) {
 	}{
 		{"p256", args{p256.Public(), p256, nil}, "ECDSA P-256"},
 		{"rsa1024", args{rsa1024.Public(), rsa1024, nil}, "RSA 1024"},
+		{"ed25519", args{edPub, edPriv, nil}, "Ed25519"},
 		{"dsa2048", args{cert: &x509.Certificate{PublicKeyAlgorithm: x509.DSA, PublicKey: &dsa2048.PublicKey}}, "DSA 2048"},
 		{"unknown", args{cert: &x509.Certificate{PublicKeyAlgorithm: x509.ECDSA, PublicKey: []byte("12345678")}}, "ECDSA unknown"},
 	}

diff --git a/ca/tls.go b/ca/tls.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"crypto"
 	"crypto/ecdsa"
+	"crypto/ed25519"
 	"crypto/rsa"
 	"crypto/tls"
 	"crypto/x509"
@@ -325,6 +326,13 @@ func getPEM(i interface{}) ([]byte, error) {
 		if err != nil {
 			return nil, errors.Wrap(err, "error marshaling private key")
 		}
+	case ed25519.PrivateKey:
+		var err error
+		block.Type = "PRIVATE KEY"
+		block.Bytes, err = x509.MarshalPKCS8PrivateKey(i)
+		if err != nil {
+			return nil, errors.Wrap(err, "error marshaling private key")
+		}
 	default:
 		return nil, errors.Errorf("unsupported key type %T", i)
 	}

diff --git a/docs/docker.md b/docs/docker.md
@@ -1,4 +1,6 @@
-# Getting started with docker
+# Getting started with Docker
+
+## NOTE: This guide is deprecated. Please see [smallstep/step-ca](https://hub.docker.com/r/smallstep/step-ca) on Docker Hub for instructions.
 
 This guide shows how to set up [step certificates](https://github.com/smallstep/certificates) using docker.
 
@@ -101,6 +103,35 @@ HTTPS-proxy has similar options --proxy-cacert and --proxy-insecure.
 It's working but curl complains because the certificate is not signed by an
 accepted certificate authority.
 
+### Notes for running on a Raspberry Pi
+
+When you run step-ca on a Raspberry Pi, you might get the following error in
+your continaer logs:
+
+```sh
+step-ca  | badger 2021/05/08 20:13:12 INFO: All 0 tables opened in 0s
+step-ca  | Error opening database of Type badger with source /home/step/db: error opening Badger database: Mmap value log file. Path=/home/step/db/000000.vlog. Error=cannot allocate memory
+```
+
+To fix it, adjust the `db` configuration in the file `config/ca.json`.
+Change the value of `badgerFileLoadingMode` from `""` to `"FileIO"`.
+
+```sh
+docker run -it -v step:/home/step smallstep/step-ca sh
+
+~ $ vi config/ca.json
+```
+
+You will end up with this:
+
+```json
+    "db": {
+          "type": "badger",
+          "dataSource": "/root/.step/db",
+          "badgerFileLoadingMode": "FileIO"
+    },
+```
+
 ## Dev environment bootstrap
 
 To initialize the development environment we need to grab the Root fingerprint

diff --git a/go.mod b/go.mod
@@ -24,9 +24,9 @@ require (
 	github.com/urfave/cli v1.22.4
 	go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1
 	go.step.sm/cli-utils v0.2.0
-	go.step.sm/crypto v0.8.0
-	golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897
-	golang.org/x/net v0.0.0-20210119194325-5f4716e94777
+	go.step.sm/crypto v0.8.3
+	golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a
+	golang.org/x/net v0.0.0-20210226172049-e18ecbb05110
 	google.golang.org/api v0.33.0
 	google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154
 	google.golang.org/grpc v1.32.0