~moody/rc-gemd

bf0e251a82566f044f228771981a301797e807af — Moody 10 months ago 89c9f20
Remove tlsshim and add proper directions for adding tls key to hostowner's factotum
2 files changed, 6 insertions(+), 11 deletions(-)

M README
D tlsshim
M README => README +6 -7
@@ 10,14 10,13 @@ bind -b /tmp /rc/bin

or one can change the rc_gemd_dir setting in the script.

The serve can be started with a combination of listen(8) and tlssrv(8),
however the requirments of tlssrv to have the tls key be in factotum can be
a bit tricky to deal when running as 'none'. To fix this there is an example
start script, tlsshim, which starts factotum and populates it with the private
key on each listen1 connection.
The service can be started with a combination of listen(8) and tlssrv(8),
tlssrv requires that the tls key be in the hostowners factotum,
this can be done by doing:
cat /lib/ssl/gem.key >> /mnt/factotum/ctl

Using the tlsshim and assuming the tls files are /lib/ssl^(gem.key gem.cert):
aux/listen1 tcp!*!1965 /rc/bin/rc-gemd/tlsshim
Then to start the server you can do:
aux/listen1 tcp!*!1965 tlssrv -c /lib/ssl/gem.cert /rc/bin/rc-gemd/rc-gemd

The tls files can be generated by running the following commands:
mkdir -p /lib/ssl

D tlsshim => tlsshim +0 -4
@@ 1,4 0,0 @@
#!/bin/rc
auth/factotum -n
cat /lib/ssl/gemini.key > /mnt/factotum/ctl
exec tlssrv -c /lib/ssl/gemini.cert /rc/bin/rc-gemd/rc-gemd