gothenburgbitfactory / taskserver-setup Goto Github PK
View Code? Open in Web Editor NEWA guide on how to setup the Taskserver.
License: MIT License
A guide on how to setup the Taskserver.
License: MIT License
Most taskwarrior things have great installation and getting started instructions, but the for some reason the taskserver ones are in the form of a slideshow. Why? Nobody wants to read installation instructions in a form where section headers take up an entire browser window.
I'd very much like to setup a taskserver instance, and consider myself to reasonably adept with pki (have managed certificates / for smbs). I have to confess being completely confused by the server guide. I think it would be really useful to have a concise statement on how pki is used and what role each option in the config plays in that.
I think taskserver has a really standard setup of mutual tls, and server authentication of client certificates consists of checking if the client certificate is signed by our ca. A cursory reading of the TLSTransaction code seems to confirm this. Using self-signed client certificates is both sensible and secure. The docs don't make this clear at all and spend far more time lecturing on not switching off verification rather giving them the information they need to generate a proper pki setup. There is also no explanation of what the purpose of the client.{cert,key} options are. I had a quick scan of some of the server code and they don't seem to be read on startup, they aren't mentioned in the man pages. Mystery.
I am going to have a go at setting this up in the next few days and if I can get to a decent place, I'll be happy to try and write some words.
Hello,
My first attempt on generating certificates failed with ERROR: No certtool found
.
Installing gnutls-utils
is not possible, the package became gnutls-bin
.
Screenshot, note the certtool
in package description of gnutls-bin
.
stappers@hc4:/usr/src/taskserver/pki
$ sudo apt install gnutls-utils
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package gnutls-utils
stappers@hc4:/usr/src/taskserver/pki
$ apt show gnutls-bin
Package: gnutls-bin
Version: 3.7.1-5
Priority: optional
Section: net
Source: gnutls28
Maintainer: Debian GnuTLS Maintainers <[email protected]>
Installed-Size: 1,747 kB
Depends: libc6 (>= 2.25), libgnutls-dane0 (>= 3.7.0), libgnutls30 (>= 3.7.0-0+private+1), libopts25 (>= 1:5.18.16), libtasn1-6 (>= 4.14)
Homepage: https://www.gnutls.org/
Tag: implemented-in::c, interface::commandline, network::client,
network::server, protocol::ssl, role::program, security::cryptography,
suite::gnu
Download-Size: 631 kB
APT-Sources: http://deb.debian.org/debian bullseye/main arm64 Packages
Description: GNU TLS library - commandline utilities
GnuTLS is a portable library which implements the Transport Layer
Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram
Transport Layer Security (DTLS 1.0, 1.2) protocols.
.
GnuTLS features support for:
- certificate path validation, as well as DANE and trust on first use.
- the Online Certificate Status Protocol (OCSP).
- public key methods, including RSA and Elliptic curves, as well as password
and key authentication methods such as SRP and PSK protocols.
- all the strong encryption algorithms, including AES and Camellia.
- CPU-assisted cryptography with VIA padlock and AES-NI instruction sets.
- HSMs and cryptographic tokens, via PKCS #11.
.
This package contains a commandline interface to the GNU TLS library, which
can be used to set up secure connections from e.g. shell scripts, debugging
connection issues or managing certificates.
.
Useful utilities include:
- TLS termination: gnutls-cli, gnutls-serv
- key and certificate management: certtool, ocsptool, p11tool
- credential management: srptool, psktool
stappers@hc4:/usr/src/taskserver/pki
$
I'll provide a patch.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.