diff options
| -rw-r--r-- | .gitignore | 3 | ||||
| -rw-r--r-- | Changelog | 3 | ||||
| -rw-r--r-- | Makefile | 6 | ||||
| -rw-r--r-- | config/lacme.conf | 8 | ||||
| -rw-r--r-- | lacme-accountd.1.md | 16 | ||||
| -rw-r--r-- | lacme.8.md (renamed from lacme.1.md) | 2 | 
6 files changed, 21 insertions, 17 deletions
| @@ -2,4 +2,5 @@  .*.sw[po]  # generated man-pages -*.1 +/lacme.8 +/lacme-accountd.1 @@ -5,6 +5,7 @@ lacme (0.7) UNRELEASED;     /var/run.)   * Makefile: major refactoring, add install and uninstall targets, honor     BUILD_DOCDIR and DESTDIR variables. + * Install lacme manual to section 8.   -- Guilhem Moulin <guilhem@debian.org>  Thu, 22 Aug 2019 00:31:35 +0200 @@ -15,7 +16,7 @@ lacme (0.6) upstream;     deactivation, see RFC 8555 sec. 7.3.6.   - lacme, client: new dependency Date::Parse, don't parse RFC 3339     datetime strings from X.509 certs manually. - - lacme: assume that the iptables(1) binaries are under /usr/sbin not + - lacme: assume that the iptables(8) binaries are under /usr/sbin not     /sbin.  As of Buster this is the case, and the maintainer plans to     drop compatibility symlinks once Bullseye is released.   - Link to RFC 8555 <https://tools.ietf.org/html/rfc8555> instead of the @@ -20,19 +20,21 @@ datarootdir ?= $(prefix)/share  sysconfdir ?= $(prefix)/etc  mandir ?= $(datarootdir)/man  man1dir ?= $(mandir)/man1 +man8dir ?= $(mandir)/man8  install: all  	install -m0644 -vDt $(sysconfdir)/lacme config/*.conf snippets/*.conf  	install -vd $(sysconfdir)/lacme/lacme-certs.conf.d  	install -m0644 -vDt $(datarootdir)/lacme certs/lets-encrypt-x[1-4]-cross-signed.pem  	install -m0755 -vDt $(libexecdir)/lacme ./client ./webserver -	install -m0644 -vDt $(man1dir) $(BUILD_DOCDIR)/lacme-accountd.1 $(BUILD_DOCDIR)/lacme.1 +	install -m0644 -vDt $(man1dir) $(BUILD_DOCDIR)/lacme-accountd.1 +	install -m0644 -vDt $(man8dir) $(BUILD_DOCDIR)/lacme.8  	install -m0644 -vDt $(bindir) ./lacme-accountd  	install -m0644 -vDt $(sbindir) ./lacme  uninstall:  	rm -vf -- $(bindir)/lacme-accountd $(sbindir)/lacme -	rm -vf -- $(man1dir)/lacme-accountd.1 $(man1dir)/lacme.1 +	rm -vf -- $(man1dir)/lacme-accountd.1 $(man8dir)/lacme.8  	rm -rvf -- $(sysconfdir)/lacme $(datarootdir)/lacme $(libexecdir)/lacme  clean: diff --git a/config/lacme.conf b/config/lacme.conf index 7c3833d..acafe81 100644 --- a/config/lacme.conf +++ b/config/lacme.conf @@ -8,11 +8,11 @@  # The value of "socket" specifies the path to the lacme-accountd(1)  # UNIX-domain socket to connect to for signature requests from the ACME -# client.  lacme(1) aborts if the socket is readable or writable by +# client.  lacme(8) aborts if the socket is readable or writable by  # other users, or if its parent directory is writable by other users.  # Default: "$XDG_RUNTIME_DIR/S.lacme" if the XDG_RUNTIME_DIR environment  # variable is set. -# This option is ignored when lacme-accountd(1) is spawned by lacme(1), +# This option is ignored when lacme-accountd(1) is spawned by lacme(8),  # since the two processes communicate through a socket pair.  See the  # "accountd" section below for details.  # @@ -88,14 +88,14 @@  # Whether to automatically install iptables(8) rules to open the  # ADDRESS[:PORT] specified with listen.  Theses rules are automatically -# removed once lacme(1) exits. +# removed once lacme(8) exits.  #  #iptables = No  [accountd]  # lacme-accound(1) section.  Comment out this section (including its -# header) to make lacme(1) connect to an existing UNIX-domain socket +# header) to make lacme(8) connect to an existing UNIX-domain socket  # bound by a running acme-accountd(1) process.  # username to drop privileges to (setting both effective and real uid). diff --git a/lacme-accountd.1.md b/lacme-accountd.1.md index 403c68c..215adf6 100644 --- a/lacme-accountd.1.md +++ b/lacme-accountd.1.md @@ -16,9 +16,9 @@ Synopsis  Description  =========== -`lacme-accountd` is the account key manager component of [`lacme`(1)], a +`lacme-accountd` is the account key manager component of [`lacme`(8)], a  small [ACME] client written with process isolation and minimal -privileges in mind.  No other [`lacme`(1)] component needs access to the +privileges in mind.  No other [`lacme`(8)] component needs access to the  account key; in fact the account key could as well be stored on another  host or a smartcard. @@ -26,12 +26,12 @@ host or a smartcard.  `--socket=`), which [ACME] clients can connect to in order to request  data signatures.  As a consequence, `lacme-accountd` needs to be up and running before -using [`lacme`(1)] to issue [ACME] commands.  Also, the process does not +using [`lacme`(8)] to issue [ACME] commands.  Also, the process does not  automatically terminate after the last signature request: instead, one  sends an `INT` or `TERM` [`signal`(7)] to bring the server down.  Furthermore, one can use the UNIX-domain socket forwarding facility of -[OpenSSH] 6.7 and later to run `lacme-accountd` and [`lacme`(1)] on +[OpenSSH] 6.7 and later to run `lacme-accountd` and [`lacme`(8)] on  different hosts.  For instance one could store the account key on a  machine that is not exposed to the internet.  See the  **[examples](#examples)** section below. @@ -119,13 +119,13 @@ Run `lacme-accountd` in a first terminal:      ~$ lacme-accountd --privkey=file:/path/to/account.key --socket=$XDG_RUNTIME_DIR/S.lacme -Then, while `lacme-accountd` is running, execute locally [`lacme`(1)] in +Then, while `lacme-accountd` is running, execute locally [`lacme`(8)] in  another terminal:      ~$ sudo lacme --socket=$XDG_RUNTIME_DIR/S.lacme newOrder  Alternatively, use [OpenSSH] 6.7 or later to forward the socket and -execute [`lacme`(1)] remotely: +execute [`lacme`(8)] remotely:      ~$ ssh -oExitOnForwardFailure=yes -tt -R /path/to/remote.sock:$XDG_RUNTIME_DIR/S.lacme user@example.org \         sudo lacme --socket=/path/to/remote.sock newOrder @@ -133,10 +133,10 @@ execute [`lacme`(1)] remotely:  See also  ======== -[`lacme`(1)], [`ssh`(1)] +[`lacme`(8)], [`ssh`(1)]  [ACME]: https://tools.ietf.org/html/rfc8555 -[`lacme`(1)]: lacme.1.html +[`lacme`(8)]: lacme.8.html  [`signal`(7)]: http://linux.die.net/man/7/signal  [`gpg`(1)]: https://www.gnupg.org/documentation/manpage.en.html  [OpenSSH]: http://www.openssh.com/ @@ -1,4 +1,4 @@ -% lacme(1) +% lacme(8)  % [Guilhem Moulin](mailto:guilhem@fripost.org)  % December 2015 | 
