diff --git a/CHANGELOG.md b/CHANGELOG.md index f6481dd..e15046c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Added - Allow the configuration of some default values at compile time using environment variables. +### Changed +- The default account directory now is `/var/lib/acmed/accounts`. +- The default certificates and private keys directory now is `/var/lib/acmed/certs`. + ## [0.16.0] - 2020-11-11 diff --git a/Makefile b/Makefile index 5e1c36f..8f35a60 100644 --- a/Makefile +++ b/Makefile @@ -6,6 +6,8 @@ DATADIR = $(DATAROOTDIR) MAN5DIR = $(DATADIR)/man/man5 MAN8DIR = $(DATADIR)/man/man8 SYSCONFDIR = /etc +VARLIBDIR = /var/lib +RUNSTATEDIR = /var/run TARGET_DIR = ./target/$(TARGET)/release MAN_SRC_DIR = ./man/en MAN_DST_DIR = $(TARGET_DIR)/man @@ -19,9 +21,9 @@ update: acmed: man_dir if test -n "$(TARGET)"; then \ - cargo build --release --manifest-path "acmed/Cargo.toml" --no-default-features --features "$(FEATURES)" --target "$(TARGET)"; \ + VARLIBDIR="$(VARLIBDIR)" SYSCONFDIR="$(SYSCONFDIR)" RUNSTATEDIR="$(RUNSTATEDIR)" cargo build --release --manifest-path "acmed/Cargo.toml" --no-default-features --features "$(FEATURES)" --target "$(TARGET)"; \ else \ - cargo build --release --manifest-path "acmed/Cargo.toml" --no-default-features --features "$(FEATURES)"; \ + VARLIBDIR="$(VARLIBDIR)" SYSCONFDIR="$(SYSCONFDIR)" RUNSTATEDIR="$(RUNSTATEDIR)" cargo build --release --manifest-path "acmed/Cargo.toml" --no-default-features --features "$(FEATURES)"; \ fi strip "$(TARGET_DIR)/acmed" gzip <"$(MAN_SRC_DIR)/acmed.8" >"$(MAN_DST_DIR)/acmed.8.gz" @@ -29,9 +31,9 @@ acmed: man_dir tacd: man_dir if test -n "$(TARGET)"; then \ - cargo build --release --manifest-path "tacd/Cargo.toml" --no-default-features --features "$(FEATURES)" --target "$(TARGET)"; \ + VARLIBDIR="$(VARLIBDIR)" SYSCONFDIR="$(SYSCONFDIR)" RUNSTATEDIR="$(RUNSTATEDIR)" cargo build --release --manifest-path "tacd/Cargo.toml" --no-default-features --features "$(FEATURES)" --target "$(TARGET)"; \ else \ - cargo build --release --manifest-path "tacd/Cargo.toml" --no-default-features --features "$(FEATURES)"; \ + VARLIBDIR="$(VARLIBDIR)" SYSCONFDIR="$(SYSCONFDIR)" RUNSTATEDIR="$(RUNSTATEDIR)" cargo build --release --manifest-path "tacd/Cargo.toml" --no-default-features --features "$(FEATURES)"; \ fi strip "$(TARGET_DIR)/tacd" gzip <"$(MAN_SRC_DIR)/tacd.8" >"$(MAN_DST_DIR)/tacd.8.gz" @@ -44,8 +46,8 @@ install: install -d -m 0755 $(DESTDIR)$(MAN8DIR) if test -f "$(TARGET_DIR)/acmed"; then \ install -d -m 0755 $(DESTDIR)$(MAN5DIR); \ - install -d -m 0755 $(DESTDIR)$(SYSCONFDIR)/acmed/certs; \ - install -d -m 0700 $(DESTDIR)$(SYSCONFDIR)/acmed/accounts; \ + install -d -m 0755 $(DESTDIR)$(VARLIBDIR)/acmed/certs; \ + install -d -m 0700 $(DESTDIR)$(VARLIBDIR)/acmed/accounts; \ install -m 0755 $(TARGET_DIR)/acmed $(DESTDIR)$(BINDIR)/acmed; \ install -m 0644 $(TARGET_DIR)/man/acmed.8.gz $(DESTDIR)$(MAN8DIR)/acmed.8.gz; \ install -m 0644 $(TARGET_DIR)/man/acmed.toml.5.gz $(DESTDIR)$(MAN5DIR)/acmed.toml.5.gz; \ diff --git a/README.md b/README.md index 4ab4b18..b768ebe 100644 --- a/README.md +++ b/README.md @@ -110,13 +110,29 @@ For example, you can build statically linked binaries using the `openssl_vendore make FEATURES="openssl_vendored" TARGET="x86_64-unknown-linux-musl" ``` -The following environment variables can be used to change default values at compile time: +The following environment variables can be used to change default values at compile and/or install time: + +- `PREFIX` (install): system user prefix (default to `/usr`) +- `BINDIR` (install): system binary directory (default to `$PREFIX/bin`) +- `DATADIR` (install): system data directory (default to `$PREFIX/share`) +- `MAN5DIR` (install): system directory where pages 5 manuals are located (default to `$DATADIR/man/man5`) +- `MAN8DIR` (install): system directory where pages 8 manuals are located (default to `$DATADIR/man/man8`) +- `SYSCONFDIR` (compile and install): system configuration directory (default to `/etc`) +- `VARLIBDIR` (compile and install): directory for persistent data modified by ACMEd (default to `/var/lib`) +- `RUNSTATEDIR` (compile): system run-time variable data (default to `/var/run`) +- `ACMED_DEFAULT_ACCOUNTS_DIR` (compile): directory where account files are stored (default to `$VARLIBDIR/acmed/accounts`) +- `ACMED_DEFAULT_CERT_DIR` (compile): directory where certificates and private keys are stored (default to `$VARLIBDIR/acmed/certs`) +- `ACMED_DEFAULT_CERT_FORMAT` (compile): format for certificates and private keys files names (default to `{{name}}_{{key_type}}.{{file_type}}.{{ext}}`) +- `ACMED_DEFAULT_CONFIG_FILE` (compile): main configuration file (default to `$SYSCONFDIR/acmed/acmed.toml`) +- `ACMED_DEFAULT_PID_FILE` (compile): PID file for the main acmed process (default to `$RUNSTATEDIR/acmed.pid`) +- `TACD_DEFAULT_PID_FILE` (compile): PID file for the tacd process (default to `$RUNSTATEDIR/tacd.pid`) + +For example, the following will compile a binary that will use the `/usr/share/etc/acmed/acmed.toml` configuration file and will be installed in the `/usr/local/bin` directory : -- `ACMED_DEFAULT_ACCOUNTS_DIR`: directory where account files are stored (default to `/etc/acmed/accounts`) -- `ACMED_DEFAULT_CERT_DIR`: directory where certificates and private keys are stored (default to `/etc/acmed/certs`) -- `ACMED_DEFAULT_CERT_FORMAT`: format for certificates and private keys files names (default to `{{name}}_{{key_type}}.{{file_type}}.{{ext}}`) -- `ACMED_DEFAULT_CONFIG_FILE`: main configuration file (default to `/etc/acmed/acmed.toml`) -- `ACMED_DEFAULT_PID_FILE`: main process PID file (default to `/var/run/acmed.pid`) +``` +make SYSCONFDIR="/usr/share/etc" +make BINDIR="/usr/local/bin" install +``` ### Packaging diff --git a/acmed/build.rs b/acmed/build.rs index 157b511..188c993 100644 --- a/acmed/build.rs +++ b/acmed/build.rs @@ -7,6 +7,12 @@ use std::fs::File; use std::io::prelude::*; use std::path::PathBuf; +macro_rules! set_rustc_env_var { + ($name: expr, $value: expr) => {{ + println!("cargo:rustc-env={}={}", $name, $value); + }}; +} + macro_rules! set_env_var_if_absent { ($name: expr, $default_value: expr) => {{ if let Err(_) = env::var($name) { @@ -15,9 +21,34 @@ macro_rules! set_env_var_if_absent { }}; } -macro_rules! set_rustc_env_var { - ($name: expr, $value: expr) => {{ - println!("cargo:rustc-env={}={}", $name, $value); +macro_rules! set_specific_path_if_absent { + ($env_name: expr, $env_default: expr, $with_dir: expr, $name: expr, $default_value: expr) => {{ + let prefix = env::var($env_name).unwrap_or(String::from($env_default)); + let mut value = PathBuf::new(); + value.push(prefix); + if ($with_dir) { + value.push("acmed"); + } + value.push($default_value); + set_env_var_if_absent!($name, value.to_str().unwrap()); + }}; +} + +macro_rules! set_data_path_if_absent { + ($name: expr, $default_value: expr) => {{ + set_specific_path_if_absent!("VARLIBDIR", "/var/lib", true, $name, $default_value); + }}; +} + +macro_rules! set_cfg_path_if_absent { + ($name: expr, $default_value: expr) => {{ + set_specific_path_if_absent!("SYSCONFDIR", "/etc", true, $name, $default_value); + }}; +} + +macro_rules! set_runstate_path_if_absent { + ($name: expr, $default_value: expr) => {{ + set_specific_path_if_absent!("RUNSTATEDIR", "/var/run", false, $name, $default_value); }}; } @@ -82,14 +113,14 @@ fn set_target() { } fn set_default_values() { - set_env_var_if_absent!("ACMED_DEFAULT_ACCOUNTS_DIR", "/etc/acmed/accounts"); - set_env_var_if_absent!("ACMED_DEFAULT_CERT_DIR", "/etc/acmed/certs"); + set_data_path_if_absent!("ACMED_DEFAULT_ACCOUNTS_DIR", "accounts"); + set_data_path_if_absent!("ACMED_DEFAULT_CERT_DIR", "certs"); set_env_var_if_absent!( "ACMED_DEFAULT_CERT_FORMAT", "{{name}}_{{key_type}}.{{file_type}}.{{ext}}" ); - set_env_var_if_absent!("ACMED_DEFAULT_CONFIG_FILE", "/etc/acmed/acmed.toml"); - set_env_var_if_absent!("ACMED_DEFAULT_PID_FILE", "/var/run/acmed.pid"); + set_cfg_path_if_absent!("ACMED_DEFAULT_CONFIG_FILE", "acmed.toml"); + set_runstate_path_if_absent!("ACMED_DEFAULT_PID_FILE", "acmed.pid"); } fn main() { diff --git a/man/en/acmed.toml.5 b/man/en/acmed.toml.5 index be0290b..abb7460 100644 --- a/man/en/acmed.toml.5 +++ b/man/en/acmed.toml.5 @@ -671,13 +671,13 @@ and both represents a period of one day and forty-two seconds. .Sh FILES .Bl -tag -.It Pa /etc/acmed/accounts +.It Pa /var/lib/acmed/accounts Default accounts private and public keys directory. .It Pa /etc/acmed/acmed.toml Default .Xr acmed 8 configuration file. -.It Pa /etc/acmed/certs +.It Pa /var/lib/acmed/certs Default certificates and associated private keys directory. .El .Sh EXAMPLES diff --git a/tacd/build.rs b/tacd/build.rs index 8773cee..d27e56c 100644 --- a/tacd/build.rs +++ b/tacd/build.rs @@ -1,7 +1,40 @@ use std::env; +use std::path::PathBuf; + +macro_rules! set_rustc_env_var { + ($name: expr, $value: expr) => {{ + println!("cargo:rustc-env={}={}", $name, $value); + }}; +} + +macro_rules! set_env_var_if_absent { + ($name: expr, $default_value: expr) => {{ + if let Err(_) = env::var($name) { + set_rustc_env_var!($name, $default_value); + } + }}; +} + +macro_rules! set_specific_path_if_absent { + ($env_name: expr, $env_default: expr, $name: expr, $default_value: expr) => {{ + let prefix = env::var($env_name).unwrap_or(String::from($env_default)); + let mut value = PathBuf::new(); + value.push(prefix); + value.push($default_value); + set_env_var_if_absent!($name, value.to_str().unwrap()); + }}; +} + +macro_rules! set_runstate_path_if_absent { + ($name: expr, $default_value: expr) => {{ + set_specific_path_if_absent!("RUNSTATEDIR", "/var/run", $name, $default_value); + }}; +} fn main() { if let Ok(target) = env::var("TARGET") { println!("cargo:rustc-env=TACD_TARGET={}", target); }; + + set_runstate_path_if_absent!("TACD_DEFAULT_PID_FILE", "tacd.pid"); } diff --git a/tacd/src/main.rs b/tacd/src/main.rs index c7557b2..a9aed1e 100644 --- a/tacd/src/main.rs +++ b/tacd/src/main.rs @@ -14,7 +14,7 @@ use std::io::{self, Read}; const APP_NAME: &str = env!("CARGO_PKG_NAME"); const APP_VERSION: &str = env!("CARGO_PKG_VERSION"); -const DEFAULT_PID_FILE: &str = "/var/run/tacd.pid"; +const DEFAULT_PID_FILE: &str = env!("TACD_DEFAULT_PID_FILE"); const DEFAULT_LISTEN_ADDR: &str = "127.0.0.1:5001"; const DEFAULT_CRT_KEY_TYPE: KeyType = KeyType::EcdsaP256; const DEFAULT_CRT_DIGEST: HashFunction = HashFunction::Sha256;