From 4494fbb0b97f4e61c74289fe13e5a1cde45293ca Mon Sep 17 00:00:00 2001
From: fwiegerinck <github@fwiegerinck.nl>
Date: Wed, 15 Jan 2025 23:26:57 +0100
Subject: [PATCH] - Update motd - Disable policy update due to issues - Small
 updates

---
 install/alpine-step-ca-install.sh | 29 +++++++++++++++--------------
 1 file changed, 15 insertions(+), 14 deletions(-)

diff --git a/install/alpine-step-ca-install.sh b/install/alpine-step-ca-install.sh
index 1ecd697b..b1dce8b3 100644
--- a/install/alpine-step-ca-install.sh
+++ b/install/alpine-step-ca-install.sh
@@ -41,31 +41,27 @@ msg_ok "Installed Alpine Step-CA"
 config_dir="/etc/step-ca"
 passwd_file="${config_dir}/password.txt"
 
-msg_info "Generate CA secret"
+msg_info "Generate CA secrets"
 CA_PASS="$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13)"
 $STD cat <<EOF >${passwd_file}
 ${CA_PASS}
 EOF
-msg_ok "Generated CA secret stored in ${passwd_file}"
+msg_ok "Generated CA secrets"
 
 
 msg_info "Initialize base CA"
-$STD step ca init --name "${CA_NAME}" $CA_DNS --password-file /etc/step-ca/password.txt --deployment-type standalone --address ":443" --provisioner admin
+$STD step ca init --name "${CA_NAME}" $CA_DNS --password-file ${passwd_file} --deployment-type standalone --address ":443" --provisioner admin
 
-for dns_entry in "${x509_policy_dns[@]}"; do
-  $STD step ca policy authority x509 allow dns "${dns_entry}"
-done
-for ip_entry in "${x509_policy_ips[@]}"; do
-  $STD step ca policy authority x509 allow ip ${ip_entry}
-done
+#for dns_entry in "${x509_policy_dns[@]}"; do
+#  $STD step ca policy authority x509 allow dns "${dns_entry}"
+#done
+#for ip_entry in "${x509_policy_ips[@]}"; do
+#  $STD step ca policy authority x509 allow ip ${ip_entry}
+#done
 
 if [ "${CA_ACME}" = "yes" ]; then
   msg_info "Initialize ACME for CA"
-  $STD step ca provisioner add ${CA_ACME_NAME} --type ACME
-  $STD step ca provisioner update ${CA_ACME_NAME} --x509-min-dur=20m --x509-max-dur=32h --x509-default-dur=24h
-fi
-if [ "${CA_SSH}" = "yes" ]; then
-  msg_info "Inititialize CA for SSH"
+  $STD step ca provisioner add ${CA_ACME_NAME} --type ACME --x509-min-dur=20m --x509-max-dur=32h --x509-default-dur=24h
 fi
 msg_ok "Finished initialization of CA"
 
@@ -76,4 +72,9 @@ $STD rc-update add step-ca default
 msg_ok "Started Alpine Step-CA"
 
 motd_ssh
+
+# add fingerprint to motd
+ca_root_fingerprint=${step certificate fingerprint root_${STEPPATH}/certs/ca.crt}
+echo -e "${TAB}${DEFAULT}${YW} Fingerprint CA Root Certificate: ${GN}${ca_root_fingerprint}${CL}" >> /etc/motd
+
 customize