Skip to content

New script: Local Certificate Authority based upon Smallstep's step-ca #7367

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 6 commits into from
Closed

New script: Local Certificate Authority based upon Smallstep's step-ca #7367

wants to merge 6 commits into from
+244 −0

Conversation

reelsense
Copy link

✍️ Description

Thanks to @fwiegerinck: This pull request refactors and fixes the previously closed PR #1655 for the Smallstep step-ca script. The original submission was not merged due to non-compliance with the project's contribution standards.

This new version addresses all feedback from the original PR thread:

  • Correct Script Structure: The interactive whiptail setup dialogs have been moved from ct/alpine-step-ca.sh into install/alpine-step-ca-install.sh, as requested. The ct script now correctly serves only to define container variables and initiate the build.
  • Safe Update Handling: The previous, unsafe update_script has been replaced with the standard "no-update" function. This aligns with updateable: false in the JSON file and prevents users from accidentally breaking their CA with a simple package upgrade.
  • Code Standardization: The installation script has been overhauled to use the project's standard functions (msg_info, msg_ok) and variables ($STD) for consistent output and behavior.
  • Improved User Experience: The final MOTD message now correctly displays the CA fingerprint and ACME URL (if enabled) to guide the user on how to start using their new CA.

These changes bring the script set into full compliance with the contribution guidelines, making it safe, maintainable, and ready for merging.

🔗 Related PR / Issue

Fixes and supersedes #1655

✅ Prerequisites (X in brackets)

  • Self-review completed – Code follows project standards.
  • Tested thoroughly – Changes work as expected.
  • No security risks – No hardcoded secrets, unnecessary privilege escalations, or permission issues.

🛠️ Type of Change (X in brackets)

  • 🐞 Bug fix – Resolves an issue without breaking functionality.
  • New feature – Adds new, non-breaking functionality.
  • 💥 Breaking change – Alters existing functionality in a way that may require updates.
  • 🆕 New script – A fully functional and tested script or script set.
  • 🌍 Website update – Changes to website-related JSON files or metadata.
  • 🔧 Refactoring / Code Cleanup – Improves readability or maintainability without changing functionality.
  • 📝 Documentation update – Changes to README, AppName.md, CONTRIBUTING.md, or other docs.

@reelsense
Create alpine-step-ca.sh
daf39ed 
community-scripts#1655
This script has been simplified significantly. The ca_settings function has been removed, and the update_script has been replaced with a standard "no update" message
@reelsense
Create alpine-step-ca-install.sh
033fce3 
community-scripts#1655

This is now the main script containing all installation and configuration logic, including the interactive setup
@reelsense
Create step-ca.json
99ca754 
community-scripts#1655

The updateable flag is set to false, and the disk size in resources is increased to 2GB to provide more space for generated certificates and keys over time
@reelsense
alpine 3.22
81884a8
@reelsense
alpine 3.22
be5a321
@reelsense
fix(step-ca): Use correct DNS name for initial policy
a594aa2
@reelsense reelsense requested review from a team as code owners September 3, 2025 03:34
@github-actions github-actions bot added bugfix new script A change that adds a new script refactor labels Sep 3, 2025
@MickLesk
Copy link
Member

MickLesk commented Sep 3, 2025

There is an First-Line Message: "🛑 New scripts must be submitted to ProxmoxVED for testing.
PRs without prior testing will be closed."

=> So create there an PR, not in the LiveRepo
Or increase this one: community-scripts/ProxmoxVED#799

@MickLesk MickLesk closed this Sep 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bugfix new script A change that adds a new script refactor
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@reelsense @MickLesk