USER := sshca HOME := /srv/sshca BINDIR := $(HOME)/bin DATADIR := $(HOME)/.local/ssh-ca PKIDIR := $(DATADIR)/pubs CONFDIR := $(HOME)/.config/ssh-ca CONFFILE := $(CONFDIR)/ssh-ca.conf all: ssh-ca.conf help help: @echo "Depends on ruby" @echo "Run `make install` for installation." @echo "If you want to define some default, delete ssh-ca.conf and run `make USER=sshca HOME=/srv/sshca`" @echo "You have to install the user manually:" @echo " useradd -H /srv/sshca sshca" @echo "And needed gems:" @echo " gem install activesupport" install: $(BINDIR)/ssh-ca $(CONFFILE) $(PKIDIR) $(HOME)/.ssh/authorized_keys $(DATADIR)/serial $(HOME): useradd --system --no-user-group --shell /bin/sh --create-home --home-dir /srv/sshca sshca $(BINDIR): $(HOME) install -o $(USER) -m 0755 -d $@ $(BINDIR)/ssh-ca: ssh-ca $(BINDIR) install -o $(USER) -m 0755 $^ $@ $(CONFFILE): ssh-ca.conf $(CONFDIR) if ! test -f $@; then install -o $(USER) -m 0600 $^ $@; fi $(CONFDIR) $(DATADIR) $(HOME)/.ssh: $(HOME) install -o $(USER) -m 0700 -d $@ $(HOME)/.ssh/authorized_keys: $(HOME)/.ssh umask 0177; touch $@; chmod 0600 $@; chown $(USER) $@ $(DATADIR)/serial: $(DATADIR) if ! test -f $@; then echo '0' > $@; chown $(USER) $@; chmod 0600 $@; fi $(DATADIR)/ca: $(DATADIR) if ! test -f $@; then ssh-keygen -t ed25519 -C "CA" -N '' -f $@; chown $(USER) $@ $@.pub; chmod 0400 $@ $@.pub; fi .PHONY: all help install