Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status

RSS

cacert (6) Versions 0.5.0

Installs/Configures cacert

Policyfile
Berkshelf
Knife
cookbook 'cacert', '~> 0.5.0', :supermarket
cookbook 'cacert', '~> 0.5.0'
knife supermarket install cacert
knife supermarket download cacert
README
Dependencies
Changelog
Quality 17%

cacert Cookbook

This cookbook provides LWRP to install certificate authorities and set the needed hash-symlinks.

Attributes

You can specify the default path were the ssl certificates and symlinks are stored using an attribute

node['cacert']['cert_dir'] # defaults to '/etc/ssl/certs'

Recipes

default

The default recipe will install CA certificates defined in the certs attributes of the node.

Eg.

{
  "cacert": {
    "certs": {
      "my.ca.cert.org": {
        "source": "https://my.ca.cert.org/certs/root.crt",
        "cert_dir": "/etc/ssl/certs",
        "cert_hash": "492ffc07"
      }
    }
  }
}

cacert.org

This recipe installs the cacert.org root certificate

It automatically sets the correct symlinks on broken systems (like Debian Squeeze), see this gist: https://gist.github.com/chr4/5805334

Providers

To use the providers, add the following to your metadata.rb

depends 'cacert'

cacert

Installs a certificate from a given URL, and calls cacert_hash to create the necessary symlinks.
The following example installs the cacert.org root certificate to /etc/ssl/certs/cacert.org.pem

NOTE On Debian Squeeze (and potentially on other systems), openssl generates the wrong hash. As a workaround, you can specify the hash manually, see the "hash" attribute below.

cacert 'cacert.org.pem' do
  cert     'cacert.org.pem'                        # name attribute
  source   'https://www.cacert.org/certs/root.crt' # required
  cert_dir '/etc/ssl/certs'                        # defaults to node['cacert']['cert_dir']
  action   :create                                 # default :create

  # You can specify the hash for the symlink manually.
  # Ff not given, this will be generated using openssl x509 -hash
  cert_hash '99d0fa06' # correct hash for cacerts root certificate

  # Also, a sha256 checksum is supported.
  # If the checksum doesn't match, the certificate won't be installed.
  checksum 'c0e0773a79dceb622ef6410577c19c1e177fb2eb9c623a49340de3c9f1de2560'
end

cacert_hash

You can use the cacert_hash provider by its own, too

cacert_hash 'cacert.org.pem' do
  cert     'cacert.org.pem'                        # name attribute
  cert_dir '/etc/ssl/certs'                        # defaults to node['cacert']['cert_dir']

  # You can specify the hash for the symlink manually.
  # Ff not given, this will be generated using openssl x509 -hash
  cert_hash '99d0fa06' # correct hash for cacerts root certificate
end

Contributing

e.g.

  1. Fork the repository on Github
  2. Create a named feature branch (like add_component_x)
  3. Write you change
  4. Write tests for your change (if applicable)
  5. Run the tests, ensuring they all pass
  6. Submit a Pull Request using Github

License and Authors

Author: Chris Aumann me@chr4.org
Contributors: François Lamboley fload@me.com

License: GPLv3

Dependent cookbooks

This cookbook has no specified dependencies.

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

CHANGELOG for cacert

This file is used to list changes made in each version of cacert.

0.5.0:

  • Fix errors to ensure compatibility with Chef-13

0.4.0:

  • Rename the hash attribute to cert_hash (used by the cacert (default) and cacert_hash provider).

This change is a workaround, as Chef-12.16.42 apparently fails with a hard to
track down error message if an attribute is named hash. See this Github
issue
for details.

0.3.1:

  • Add support for checksums

0.3.0:

  • Check whether hashes match when it's provided
  • Do not use https when fetching cacert.org certificates
  • cacert.org recipe now also installs cacert.org class 3 PKI

0.2.0:

  • Add default recipe, that installs certificates according to attributes

0.1.0:

  • Initial release of cacert

Collaborator Number Metric
            

0.5.0 failed this metric

Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Contributing File Metric
            

0.5.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file

Foodcritic Metric
            

0.5.0 failed this metric

FC064: Ensure issues_url is set in metadata: cacert/metadata.rb:1
FC065: Ensure source_url is set in metadata: cacert/metadata.rb:1
FC066: Ensure chef_version is set in metadata: cacert/metadata.rb:1
FC069: Ensure standardized license defined in metadata: cacert/metadata.rb:1
FC085: Resource using new_resource.updated_by_last_action to converge resource: cacert/providers/default.rb:29
FC085: Resource using new_resource.updated_by_last_action to converge resource: cacert/providers/default.rb:37
FC085: Resource using new_resource.updated_by_last_action to converge resource: cacert/providers/default.rb:43
FC085: Resource using new_resource.updated_by_last_action to converge resource: cacert/providers/hash.rb:39
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any

No Binaries Metric
            

0.5.0 passed this metric

Testing File Metric
            

0.5.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file

Version Tag Metric
            

0.5.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number