ACME server #799

tofkamp · 2025-08-16T14:20:18Z

🛑 New scripts must first be submitted to ProxmoxVED for testing.
PRs for new scripts that skip this process will be closed.

✍️ Description

🔗 Related PR / Issue

Link: #

✅ Prerequisites (X in brackets)

Self-review completed – Code follows project standards.
Tested thoroughly – Changes work as expected.
No breaking changes – Existing functionality remains intact.
No security risks – No hardcoded secrets, unnecessary privilege escalations, or permission issues.

🛠️ Type of Change (X in brackets)

🐞 Bug fix – Resolves an issue without breaking functionality.
✨ New feature – Adds new, non-breaking functionality.
💥 Breaking change – Alters existing functionality in a way that may require updates.
🆕 New script – A fully functional and tested script or script set.
🌍 Website update – Changes to website-related JSON files or metadata.
🔧 Refactoring / Code Cleanup – Improves readability or maintainability without changing functionality.
📝 Documentation update – Changes to README, AppName.md, CONTRIBUTING.md, or other docs.

🔍 Code & Security Review (X in brackets)

Follows Code_Audit.md & CONTRIBUTING.md guidelines
Uses correct script structure (AppName.sh, AppName-install.sh, AppName.json)
No hardcoded credentials

📋 Additional Information (optional)

frontend/public/json/stepca.json

install/stepca-install.sh

tremor021 · 2025-08-20T09:41:14Z

install/stepca-install.sh

+chown -R step:step /opt/step-ca
+chmod -R og-rwx /opt/step-ca
+
+cat << EOF | sed -i '/"name": "acme"/ r /dev/stdin' /opt/step-ca/config/ca.json


this doesnt seem right

It does work, but not very readable. I searched the internet to do it in a better way, but found solutions with hardcoded linenumbers (ed), or shell scripts reading every line, or awk scripts do stuff. Because the (cat <<EOF) is an embedded file, there are not many options.
Finding the linenumber, then head,cat and tail, and rename the file back to the original name, is neither a good readable solution.
I am open for good ideas.

install/stepca-install.sh

tremor021 · 2025-08-20T09:49:44Z

install/stepca-install.sh

+{
+  echo "${YW}The public key of the root CA can be found at ${GN}/opt/step-ca/certs/root_ca.crt${CL}"
+  echo "${YW}or at ${BGN}https://$pki_dns/roots.pem${CL}"
+  echo "${YW}Fingerprint of CA ${GN}"`step certificate fingerprint /opt/step-ca/certs/root_ca.crt`"${CL}"
+#  step certificate inspect /opt/step-ca/certs/root_ca.crt --short
+#  cat /opt/step-ca/certs/root_ca.crt
+  echo -e "${CL}"
+  echo "${YW}The ACME directory server URL is ${BGN}https://$pki_dns/acme/acme/directory${CL}"
+  echo "${YW}Documentation on how to connect an ACME client to this server can be found at${CL}"
+  echo "${BGN}https://smallstep.com/docs/tutorials/acme-protocol-acme-clients/${CL}"
+  echo "${YW}An ACME-client test script (${GN}~/test-stepca.sh${YW}) can be found to test this setup.${CL}"
+  echo "${CL}"


This will hardcode colors

ct/stepca.sh

tremor021

Lot's to fix

tofkamp · 2025-08-21T18:56:58Z

install/stepca-install.sh

+  echo "${BGN}https://smallstep.com/docs/tutorials/acme-protocol-acme-clients/${CL}"
+  echo "${YW}An ACME-client test script (${GN}~/test-stepca.sh${YW}) can be found to test this setup.${CL}"
+  echo "${CL}"
+} >$temp_file


Are hardcoded colour codes not wanted ? What is a better way to do this ?

use them from core.func

synced

1fde4b6

tofkamp requested review from a team as code owners August 16, 2025 14:20