diff options
-rw-r--r-- | .gitignore | 3 | ||||
-rw-r--r-- | Changelog | 3 | ||||
-rw-r--r-- | Makefile | 6 | ||||
-rw-r--r-- | config/lacme.conf | 8 | ||||
-rw-r--r-- | lacme-accountd.1.md | 16 | ||||
-rw-r--r-- | lacme.8.md (renamed from lacme.1.md) | 2 |
6 files changed, 21 insertions, 17 deletions
@@ -2,4 +2,5 @@ .*.sw[po] # generated man-pages -*.1 +/lacme.8 +/lacme-accountd.1 @@ -5,6 +5,7 @@ lacme (0.7) UNRELEASED; /var/run.) * Makefile: major refactoring, add install and uninstall targets, honor BUILD_DOCDIR and DESTDIR variables. + * Install lacme manual to section 8. -- Guilhem Moulin <guilhem@debian.org> Thu, 22 Aug 2019 00:31:35 +0200 @@ -15,7 +16,7 @@ lacme (0.6) upstream; deactivation, see RFC 8555 sec. 7.3.6. - lacme, client: new dependency Date::Parse, don't parse RFC 3339 datetime strings from X.509 certs manually. - - lacme: assume that the iptables(1) binaries are under /usr/sbin not + - lacme: assume that the iptables(8) binaries are under /usr/sbin not /sbin. As of Buster this is the case, and the maintainer plans to drop compatibility symlinks once Bullseye is released. - Link to RFC 8555 <https://tools.ietf.org/html/rfc8555> instead of the @@ -20,19 +20,21 @@ datarootdir ?= $(prefix)/share sysconfdir ?= $(prefix)/etc mandir ?= $(datarootdir)/man man1dir ?= $(mandir)/man1 +man8dir ?= $(mandir)/man8 install: all install -m0644 -vDt $(sysconfdir)/lacme config/*.conf snippets/*.conf install -vd $(sysconfdir)/lacme/lacme-certs.conf.d install -m0644 -vDt $(datarootdir)/lacme certs/lets-encrypt-x[1-4]-cross-signed.pem install -m0755 -vDt $(libexecdir)/lacme ./client ./webserver - install -m0644 -vDt $(man1dir) $(BUILD_DOCDIR)/lacme-accountd.1 $(BUILD_DOCDIR)/lacme.1 + install -m0644 -vDt $(man1dir) $(BUILD_DOCDIR)/lacme-accountd.1 + install -m0644 -vDt $(man8dir) $(BUILD_DOCDIR)/lacme.8 install -m0644 -vDt $(bindir) ./lacme-accountd install -m0644 -vDt $(sbindir) ./lacme uninstall: rm -vf -- $(bindir)/lacme-accountd $(sbindir)/lacme - rm -vf -- $(man1dir)/lacme-accountd.1 $(man1dir)/lacme.1 + rm -vf -- $(man1dir)/lacme-accountd.1 $(man8dir)/lacme.8 rm -rvf -- $(sysconfdir)/lacme $(datarootdir)/lacme $(libexecdir)/lacme clean: diff --git a/config/lacme.conf b/config/lacme.conf index 7c3833d..acafe81 100644 --- a/config/lacme.conf +++ b/config/lacme.conf @@ -8,11 +8,11 @@ # The value of "socket" specifies the path to the lacme-accountd(1) # UNIX-domain socket to connect to for signature requests from the ACME -# client. lacme(1) aborts if the socket is readable or writable by +# client. lacme(8) aborts if the socket is readable or writable by # other users, or if its parent directory is writable by other users. # Default: "$XDG_RUNTIME_DIR/S.lacme" if the XDG_RUNTIME_DIR environment # variable is set. -# This option is ignored when lacme-accountd(1) is spawned by lacme(1), +# This option is ignored when lacme-accountd(1) is spawned by lacme(8), # since the two processes communicate through a socket pair. See the # "accountd" section below for details. # @@ -88,14 +88,14 @@ # Whether to automatically install iptables(8) rules to open the # ADDRESS[:PORT] specified with listen. Theses rules are automatically -# removed once lacme(1) exits. +# removed once lacme(8) exits. # #iptables = No [accountd] # lacme-accound(1) section. Comment out this section (including its -# header) to make lacme(1) connect to an existing UNIX-domain socket +# header) to make lacme(8) connect to an existing UNIX-domain socket # bound by a running acme-accountd(1) process. # username to drop privileges to (setting both effective and real uid). diff --git a/lacme-accountd.1.md b/lacme-accountd.1.md index 403c68c..215adf6 100644 --- a/lacme-accountd.1.md +++ b/lacme-accountd.1.md @@ -16,9 +16,9 @@ Synopsis Description =========== -`lacme-accountd` is the account key manager component of [`lacme`(1)], a +`lacme-accountd` is the account key manager component of [`lacme`(8)], a small [ACME] client written with process isolation and minimal -privileges in mind. No other [`lacme`(1)] component needs access to the +privileges in mind. No other [`lacme`(8)] component needs access to the account key; in fact the account key could as well be stored on another host or a smartcard. @@ -26,12 +26,12 @@ host or a smartcard. `--socket=`), which [ACME] clients can connect to in order to request data signatures. As a consequence, `lacme-accountd` needs to be up and running before -using [`lacme`(1)] to issue [ACME] commands. Also, the process does not +using [`lacme`(8)] to issue [ACME] commands. Also, the process does not automatically terminate after the last signature request: instead, one sends an `INT` or `TERM` [`signal`(7)] to bring the server down. Furthermore, one can use the UNIX-domain socket forwarding facility of -[OpenSSH] 6.7 and later to run `lacme-accountd` and [`lacme`(1)] on +[OpenSSH] 6.7 and later to run `lacme-accountd` and [`lacme`(8)] on different hosts. For instance one could store the account key on a machine that is not exposed to the internet. See the **[examples](#examples)** section below. @@ -119,13 +119,13 @@ Run `lacme-accountd` in a first terminal: ~$ lacme-accountd --privkey=file:/path/to/account.key --socket=$XDG_RUNTIME_DIR/S.lacme -Then, while `lacme-accountd` is running, execute locally [`lacme`(1)] in +Then, while `lacme-accountd` is running, execute locally [`lacme`(8)] in another terminal: ~$ sudo lacme --socket=$XDG_RUNTIME_DIR/S.lacme newOrder Alternatively, use [OpenSSH] 6.7 or later to forward the socket and -execute [`lacme`(1)] remotely: +execute [`lacme`(8)] remotely: ~$ ssh -oExitOnForwardFailure=yes -tt -R /path/to/remote.sock:$XDG_RUNTIME_DIR/S.lacme user@example.org \ sudo lacme --socket=/path/to/remote.sock newOrder @@ -133,10 +133,10 @@ execute [`lacme`(1)] remotely: See also ======== -[`lacme`(1)], [`ssh`(1)] +[`lacme`(8)], [`ssh`(1)] [ACME]: https://tools.ietf.org/html/rfc8555 -[`lacme`(1)]: lacme.1.html +[`lacme`(8)]: lacme.8.html [`signal`(7)]: http://linux.die.net/man/7/signal [`gpg`(1)]: https://www.gnupg.org/documentation/manpage.en.html [OpenSSH]: http://www.openssh.com/ @@ -1,4 +1,4 @@ -% lacme(1) +% lacme(8) % [Guilhem Moulin](mailto:guilhem@fripost.org) % December 2015 |