Re: [OpenXPKI-users] directory /etc/openxpki/contrib/local missing
Hi, just as a follow up... contrib/local holds templates/boilerplates for the "sensitive" files and should go into the repository, it is in this case empty as Martin lined out as we have no such files in the community sample code. The real files including the passwords should be in /etc/openxpki/local and not be checked in. Thank you anyway for the hint that this is misleading, I will add the directory with a README. Oliver Am 09.09.21 um 12:51 schrieb hvli01538: > Hi, > > That is understood. I will even try to relocate and symlink some of > the standard config files to keep any credentials out of revision > control. > > However, the documentation speeks of template files in contrib/local > which are missing. These may not only tell the structure of these > files but also which files OpenXPKI may automatically check for in > this location. > > Best regards, > Andreas > > > On 08/09/2021 13:27, Martin Bartosch via OpenXPKI-users wrote: >> Hi, >> >>> While working through the steps for a productive setup on Debian I came >>> across the following instruction in >>> https://github.com/openxpki/openxpki-config/tree/community#credentials--local-users >>> >>> The files are already linked into the configuration layer and must be created before the system can be used. Templates for those files are provided in contrib/local, copy the directory cp -a /etc/openxpki/contrib/local /etc/openxpki and adjust the files as needed. >>> >>> However, the directory "/etc/openxpki/contrib/local" is missing in both >>> the package deployed config and the config from GitHub. >>> >>> Is this instruction a leftover of an abandoned approach or is the >>> directory just missing because of a build error? >>> If the latter is true, where can I get the directory from? >> >> We use the local directory in our deployments to store files which >> may contain sensitive information such as the database or LDAP server >> password. It also may contain the CA private keys if you do not use a >> HSM and choose not to store the CA key in the database. >> These files are not checked into a revision control system for >> obvious reason, hence they are not in the upstream config repository. >> >> Best regards, >> >> Martin >> >> >> >> >> ___ >> OpenXPKI-users mailing list >> OpenXPKI-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/openxpki-users >> > > > ___ > OpenXPKI-users mailing list > OpenXPKI-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openxpki-users > -- Protect your environment - close windows and adopt a penguin! ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
Re: [OpenXPKI-users] directory /etc/openxpki/contrib/local missing
Hi, That is understood. I will even try to relocate and symlink some of the standard config files to keep any credentials out of revision control. However, the documentation speeks of template files in contrib/local which are missing. These may not only tell the structure of these files but also which files OpenXPKI may automatically check for in this location. Best regards, Andreas On 08/09/2021 13:27, Martin Bartosch via OpenXPKI-users wrote: Hi, While working through the steps for a productive setup on Debian I came across the following instruction in https://github.com/openxpki/openxpki-config/tree/community#credentials--local-users The files are already linked into the configuration layer and must be created before the system can be used. Templates for those files are provided in contrib/local, copy the directory cp -a /etc/openxpki/contrib/local /etc/openxpki and adjust the files as needed. However, the directory "/etc/openxpki/contrib/local" is missing in both the package deployed config and the config from GitHub. Is this instruction a leftover of an abandoned approach or is the directory just missing because of a build error? If the latter is true, where can I get the directory from? We use the local directory in our deployments to store files which may contain sensitive information such as the database or LDAP server password. It also may contain the CA private keys if you do not use a HSM and choose not to store the CA key in the database. These files are not checked into a revision control system for obvious reason, hence they are not in the upstream config repository. Best regards, Martin ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
Re: [OpenXPKI-users] directory /etc/openxpki/contrib/local missing
Hi, > While working through the steps for a productive setup on Debian I came > across the following instruction in > https://github.com/openxpki/openxpki-config/tree/community#credentials--local-users > >> The files are already linked into the configuration layer and must >> be created before the system can be used. Templates for those files >> are provided in contrib/local, copy the directory cp -a >> /etc/openxpki/contrib/local /etc/openxpki and adjust the files as needed. > > However, the directory "/etc/openxpki/contrib/local" is missing in both > the package deployed config and the config from GitHub. > > Is this instruction a leftover of an abandoned approach or is the > directory just missing because of a build error? > If the latter is true, where can I get the directory from? We use the local directory in our deployments to store files which may contain sensitive information such as the database or LDAP server password. It also may contain the CA private keys if you do not use a HSM and choose not to store the CA key in the database. These files are not checked into a revision control system for obvious reason, hence they are not in the upstream config repository. Best regards, Martin ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
[OpenXPKI-users] directory /etc/openxpki/contrib/local missing
Hi, While working through the steps for a productive setup on Debian I came across the following instruction in https://github.com/openxpki/openxpki-config/tree/community#credentials--local-users The files are already linked into the configuration layer and must be created before the system can be used. Templates for those files are provided in contrib/local, copy the directory cp -a /etc/openxpki/contrib/local /etc/openxpki and adjust the files as needed. However, the directory "/etc/openxpki/contrib/local" is missing in both the package deployed config and the config from GitHub. Is this instruction a leftover of an abandoned approach or is the directory just missing because of a build error? If the latter is true, where can I get the directory from? Thanks -- Best regards, Andreas Melcher ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users