aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.gitignore3
-rw-r--r--Changelog3
-rw-r--r--Makefile6
-rw-r--r--config/lacme.conf8
-rw-r--r--lacme-accountd.1.md16
-rw-r--r--lacme.8.md (renamed from lacme.1.md)2
6 files changed, 21 insertions, 17 deletions
diff --git a/.gitignore b/.gitignore
index 813d896..21f822a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,4 +2,5 @@
.*.sw[po]
# generated man-pages
-*.1
+/lacme.8
+/lacme-accountd.1
diff --git a/Changelog b/Changelog
index 6aa31e8..a220c83 100644
--- a/Changelog
+++ b/Changelog
@@ -5,6 +5,7 @@ lacme (0.7) UNRELEASED;
/var/run.)
* Makefile: major refactoring, add install and uninstall targets, honor
BUILD_DOCDIR and DESTDIR variables.
+ * Install lacme manual to section 8.
-- Guilhem Moulin <guilhem@debian.org> Thu, 22 Aug 2019 00:31:35 +0200
@@ -15,7 +16,7 @@ lacme (0.6) upstream;
deactivation, see RFC 8555 sec. 7.3.6.
- lacme, client: new dependency Date::Parse, don't parse RFC 3339
datetime strings from X.509 certs manually.
- - lacme: assume that the iptables(1) binaries are under /usr/sbin not
+ - lacme: assume that the iptables(8) binaries are under /usr/sbin not
/sbin. As of Buster this is the case, and the maintainer plans to
drop compatibility symlinks once Bullseye is released.
- Link to RFC 8555 <https://tools.ietf.org/html/rfc8555> instead of the
diff --git a/Makefile b/Makefile
index 6bfa739..06841ee 100644
--- a/Makefile
+++ b/Makefile
@@ -20,19 +20,21 @@ datarootdir ?= $(prefix)/share
sysconfdir ?= $(prefix)/etc
mandir ?= $(datarootdir)/man
man1dir ?= $(mandir)/man1
+man8dir ?= $(mandir)/man8
install: all
install -m0644 -vDt $(sysconfdir)/lacme config/*.conf snippets/*.conf
install -vd $(sysconfdir)/lacme/lacme-certs.conf.d
install -m0644 -vDt $(datarootdir)/lacme certs/lets-encrypt-x[1-4]-cross-signed.pem
install -m0755 -vDt $(libexecdir)/lacme ./client ./webserver
- install -m0644 -vDt $(man1dir) $(BUILD_DOCDIR)/lacme-accountd.1 $(BUILD_DOCDIR)/lacme.1
+ install -m0644 -vDt $(man1dir) $(BUILD_DOCDIR)/lacme-accountd.1
+ install -m0644 -vDt $(man8dir) $(BUILD_DOCDIR)/lacme.8
install -m0644 -vDt $(bindir) ./lacme-accountd
install -m0644 -vDt $(sbindir) ./lacme
uninstall:
rm -vf -- $(bindir)/lacme-accountd $(sbindir)/lacme
- rm -vf -- $(man1dir)/lacme-accountd.1 $(man1dir)/lacme.1
+ rm -vf -- $(man1dir)/lacme-accountd.1 $(man8dir)/lacme.8
rm -rvf -- $(sysconfdir)/lacme $(datarootdir)/lacme $(libexecdir)/lacme
clean:
diff --git a/config/lacme.conf b/config/lacme.conf
index 7c3833d..acafe81 100644
--- a/config/lacme.conf
+++ b/config/lacme.conf
@@ -8,11 +8,11 @@
# The value of "socket" specifies the path to the lacme-accountd(1)
# UNIX-domain socket to connect to for signature requests from the ACME
-# client. lacme(1) aborts if the socket is readable or writable by
+# client. lacme(8) aborts if the socket is readable or writable by
# other users, or if its parent directory is writable by other users.
# Default: "$XDG_RUNTIME_DIR/S.lacme" if the XDG_RUNTIME_DIR environment
# variable is set.
-# This option is ignored when lacme-accountd(1) is spawned by lacme(1),
+# This option is ignored when lacme-accountd(1) is spawned by lacme(8),
# since the two processes communicate through a socket pair. See the
# "accountd" section below for details.
#
@@ -88,14 +88,14 @@
# Whether to automatically install iptables(8) rules to open the
# ADDRESS[:PORT] specified with listen. Theses rules are automatically
-# removed once lacme(1) exits.
+# removed once lacme(8) exits.
#
#iptables = No
[accountd]
# lacme-accound(1) section. Comment out this section (including its
-# header) to make lacme(1) connect to an existing UNIX-domain socket
+# header) to make lacme(8) connect to an existing UNIX-domain socket
# bound by a running acme-accountd(1) process.
# username to drop privileges to (setting both effective and real uid).
diff --git a/lacme-accountd.1.md b/lacme-accountd.1.md
index 403c68c..215adf6 100644
--- a/lacme-accountd.1.md
+++ b/lacme-accountd.1.md
@@ -16,9 +16,9 @@ Synopsis
Description
===========
-`lacme-accountd` is the account key manager component of [`lacme`(1)], a
+`lacme-accountd` is the account key manager component of [`lacme`(8)], a
small [ACME] client written with process isolation and minimal
-privileges in mind. No other [`lacme`(1)] component needs access to the
+privileges in mind. No other [`lacme`(8)] component needs access to the
account key; in fact the account key could as well be stored on another
host or a smartcard.
@@ -26,12 +26,12 @@ host or a smartcard.
`--socket=`), which [ACME] clients can connect to in order to request
data signatures.
As a consequence, `lacme-accountd` needs to be up and running before
-using [`lacme`(1)] to issue [ACME] commands. Also, the process does not
+using [`lacme`(8)] to issue [ACME] commands. Also, the process does not
automatically terminate after the last signature request: instead, one
sends an `INT` or `TERM` [`signal`(7)] to bring the server down.
Furthermore, one can use the UNIX-domain socket forwarding facility of
-[OpenSSH] 6.7 and later to run `lacme-accountd` and [`lacme`(1)] on
+[OpenSSH] 6.7 and later to run `lacme-accountd` and [`lacme`(8)] on
different hosts. For instance one could store the account key on a
machine that is not exposed to the internet. See the
**[examples](#examples)** section below.
@@ -119,13 +119,13 @@ Run `lacme-accountd` in a first terminal:
~$ lacme-accountd --privkey=file:/path/to/account.key --socket=$XDG_RUNTIME_DIR/S.lacme
-Then, while `lacme-accountd` is running, execute locally [`lacme`(1)] in
+Then, while `lacme-accountd` is running, execute locally [`lacme`(8)] in
another terminal:
~$ sudo lacme --socket=$XDG_RUNTIME_DIR/S.lacme newOrder
Alternatively, use [OpenSSH] 6.7 or later to forward the socket and
-execute [`lacme`(1)] remotely:
+execute [`lacme`(8)] remotely:
~$ ssh -oExitOnForwardFailure=yes -tt -R /path/to/remote.sock:$XDG_RUNTIME_DIR/S.lacme user@example.org \
sudo lacme --socket=/path/to/remote.sock newOrder
@@ -133,10 +133,10 @@ execute [`lacme`(1)] remotely:
See also
========
-[`lacme`(1)], [`ssh`(1)]
+[`lacme`(8)], [`ssh`(1)]
[ACME]: https://tools.ietf.org/html/rfc8555
-[`lacme`(1)]: lacme.1.html
+[`lacme`(8)]: lacme.8.html
[`signal`(7)]: http://linux.die.net/man/7/signal
[`gpg`(1)]: https://www.gnupg.org/documentation/manpage.en.html
[OpenSSH]: http://www.openssh.com/
diff --git a/lacme.1.md b/lacme.8.md
index 5d86f40..79fb300 100644
--- a/lacme.1.md
+++ b/lacme.8.md
@@ -1,4 +1,4 @@
-% lacme(1)
+% lacme(8)
% [Guilhem Moulin](mailto:guilhem@fripost.org)
% December 2015