starred/ProxmoxVE

Fork

You've already forked ProxmoxVE

mirror of https://github.com/community-scripts/ProxmoxVE.git synced 2026-04-25 01:06:06 +03:00

Code Issues 12 Projects Releases 10 Packages Wiki Activity

[PR #7367] [CLOSED] New script: Local Certificate Authority based upon Smallstep's step-ca #6784

New issue

Closed

opened 2026-02-26 15:33:02 +03:00 by kerem · 0 comments

kerem commented

2026-02-26 15:33:02 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/community-scripts/ProxmoxVE/pull/7367
Author: @reelsense
Created: 9/3/2025
Status: ❌ Closed

Base: main ← Head: step-ca

📝 Commits (6)

daf39ed Create alpine-step-ca.sh
033fce3 Create alpine-step-ca-install.sh
99ca754 Create step-ca.json
81884a8 alpine 3.22
be5a321 alpine 3.22
a594aa2 fix(step-ca): Use correct DNS name for initial policy

📊 Changes

3 files changed (+244 additions, -0 deletions)

View changed files

➕ ct/alpine-step-ca.sh (+48 -0)
➕ frontend/public/json/step-ca.json (+36 -0)
➕ install/alpine-step-ca-install.sh (+160 -0)

📄 Description

✍️ Description

Thanks to @fwiegerinck: This pull request refactors and fixes the previously closed PR #1655 for the Smallstep step-ca script. The original submission was not merged due to non-compliance with the project's contribution standards.

This new version addresses all feedback from the original PR thread:

Correct Script Structure: The interactive whiptail setup dialogs have been moved from ct/alpine-step-ca.sh into install/alpine-step-ca-install.sh, as requested. The ct script now correctly serves only to define container variables and initiate the build.
Safe Update Handling: The previous, unsafe update_script has been replaced with the standard "no-update" function. This aligns with updateable: false in the JSON file and prevents users from accidentally breaking their CA with a simple package upgrade.
Code Standardization: The installation script has been overhauled to use the project's standard functions (msg_info, msg_ok) and variables ($STD) for consistent output and behavior.
Improved User Experience: The final MOTD message now correctly displays the CA fingerprint and ACME URL (if enabled) to guide the user on how to start using their new CA.

These changes bring the script set into full compliance with the contribution guidelines, making it safe, maintainable, and ready for merging.

🔗 Related PR / Issue

Fixes and supersedes #1655

✅ Prerequisites (X in brackets)

Self-review completed – Code follows project standards.
Tested thoroughly – Changes work as expected.
No security risks – No hardcoded secrets, unnecessary privilege escalations, or permission issues.

🛠️ Type of Change (X in brackets)

🐞 Bug fix – Resolves an issue without breaking functionality.
✨ New feature – Adds new, non-breaking functionality.
💥 Breaking change – Alters existing functionality in a way that may require updates.
🆕 New script – A fully functional and tested script or script set.
🌍 Website update – Changes to website-related JSON files or metadata.
🔧 Refactoring / Code Cleanup – Improves readability or maintainability without changing functionality.
📝 Documentation update – Changes to README, AppName.md, CONTRIBUTING.md, or other docs.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/community-scripts/ProxmoxVE/pull/7367 **Author:** [@reelsense](https://github.com/reelsense) **Created:** 9/3/2025 **Status:** ❌ Closed **Base:** `main` ← **Head:** `step-ca` --- ### 📝 Commits (6) - [`daf39ed`](https://github.com/community-scripts/ProxmoxVE/commit/daf39edb1f4f22d92902205191dfcb8d9637e447) Create alpine-step-ca.sh - [`033fce3`](https://github.com/community-scripts/ProxmoxVE/commit/033fce377b402f8f9b7a5ef47c600515419f95fa) Create alpine-step-ca-install.sh - [`99ca754`](https://github.com/community-scripts/ProxmoxVE/commit/99ca7546c977972222d0f56734e866e325eb192c) Create step-ca.json - [`81884a8`](https://github.com/community-scripts/ProxmoxVE/commit/81884a8fd2223195891151417e34aa8db754f39c) alpine 3.22 - [`be5a321`](https://github.com/community-scripts/ProxmoxVE/commit/be5a321f76703dacfaf9e6822e544f2803f48528) alpine 3.22 - [`a594aa2`](https://github.com/community-scripts/ProxmoxVE/commit/a594aa2b55d41c1ac3718547aeb5f5419f7b5b1a) fix(step-ca): Use correct DNS name for initial policy ### 📊 Changes **3 files changed** (+244 additions, -0 deletions) <details> <summary>View changed files</summary> ➕ `ct/alpine-step-ca.sh` (+48 -0) ➕ `frontend/public/json/step-ca.json` (+36 -0) ➕ `install/alpine-step-ca-install.sh` (+160 -0) </details> ### 📄 Description  ## ✍️ Description Thanks to @fwiegerinck: This pull request refactors and fixes the previously closed PR #1655 for the Smallstep `step-ca` script. The original submission was not merged due to non-compliance with the project's contribution standards. This new version addresses all feedback from the original PR thread: - **Correct Script Structure:** The interactive `whiptail` setup dialogs have been moved from `ct/alpine-step-ca.sh` into `install/alpine-step-ca-install.sh`, as requested. The `ct` script now correctly serves only to define container variables and initiate the build. - **Safe Update Handling:** The previous, unsafe `update_script` has been replaced with the standard "no-update" function. This aligns with `updateable: false` in the JSON file and prevents users from accidentally breaking their CA with a simple package upgrade. - **Code Standardization:** The installation script has been overhauled to use the project's standard functions (`msg_info`, `msg_ok`) and variables (`$STD`) for consistent output and behavior. - **Improved User Experience:** The final MOTD message now correctly displays the CA fingerprint and ACME URL (if enabled) to guide the user on how to start using their new CA. These changes bring the script set into full compliance with the contribution guidelines, making it safe, maintainable, and ready for merging. ## 🔗 Related PR / Issue Fixes and supersedes #1655 ## ✅ Prerequisites (**X** in brackets) - [X] **Self-review completed** – Code follows project standards. - [X] **Tested thoroughly** – Changes work as expected. - [X] **No security risks** – No hardcoded secrets, unnecessary privilege escalations, or permission issues. --- ## 🛠️ Type of Change (**X** in brackets) - [X] 🐞 **Bug fix** – Resolves an issue without breaking functionality. - [ ] ✨ **New feature** – Adds new, non-breaking functionality. - [ ] 💥 **Breaking change** – Alters existing functionality in a way that may require updates. - [X] 🆕 **New script** – A fully functional and tested script or script set. - [ ] 🌍 **Website update** – Changes to website-related JSON files or metadata. - [X] 🔧 **Refactoring / Code Cleanup** – Improves readability or maintainability without changing functionality. - [ ] 📝 **Documentation update** – Changes to `README`, `AppName.md`, `CONTRIBUTING.md`, or other docs. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

kerem

2026-02-26 15:33:02 +03:00

closed this issue
added the
pull-request
label

No Branch/Tag specified

main

github-action-update-changelog

pr-update-app-files

add-script-fireshare-1777034879

refactor_ghostfolio

add-script-jitsi-meet-1776754982

add-script-apprise-api-1776844606

add-script-transmute-1776844620

fix/update-motd-profile-terminal-500

revert-13797-phs-verbose

revert-13951-hotfix_core_motd

fix/node-options-auto-heap-termix

fix/twingate-connector-real-update

fix/mealie-startsh-missing-after-failed-update

fix/setup-nodejs-upgrade-minor-patch

hotfix_core_motd

fix/uv-venv-clear-update-scripts

add-script-ownfoil-1776758482

add-script-mini-qr-1776757900

add-script-dashy-1776446840

add-script-erpnext-1776807942

add-script-minthcm-1776758021

add-script-anchor-1776753635

add-script-foldergram-1776755549

add-script-gogs-1776754912

copilot/fix-homelable-installation-error

add-script-whodb-1776695185

fix/lxc-stack-upgrade-and-storage-validation

fix/node-version-drift

fix/pangolin-migration-user-roles

fix/pmg-post-install-detection

fix/pangolin-safe-migration

fix/wanderer-pocketbase-wrapper

fix/slskd-config-migration

fix-actualbudget-warnings

add-script-nametag-1776613576

github-action-archive-changelog

fix/litellm-prisma-generate

fix/clean-orphaned-lvm-cluster-aware

fix/babybuddy-django-settings-module

fix/yamtrack-nginx-update-config

add-script-dagu-1776530655

fix/intel-igc-version-pinning

fix/build-func-pct-create-audit

add-script-igotify-1776263238

add-script-step-ca-1776263572

cleanup_docs_and_co

add-script-github-runner-1776088530

revert-13570-remove_unused_scripts

fix/lyrion-service-name

fix/mealie-v3.15-nuxt4

fix/reitti-v4-refactor

copilot/fix-mealie-version-update

copilot/fix-git-command-not-found

fix/slskd-soularr-lockfile

fix/build-func-tmpdir-leak

refactor/bytestash-data-backup

copilot/fix-bambuddy-update-issue

MickLesk-patch-2

fix/ironclaw-keychain

fix/alpine-wakapi-busybox-df

fix/bentopdf-wasm-coep-headers

fix/crafty-controller-creds-wait

feat/elementsynapse-element-call

fix/metube-pnpm-builds

fix/romm-dynamic-base-path

fix/immich-env-newline

copilot/fix-homarr-update-script

fix/github-token-attempt-zero-crash

fix/filebrowser-quantum-host-warning

fix/homarr-redis-bind-localhost

CrazyWolf13-patch-3

fix/dynamic-os-detection

fix/checkmk-release-security-suffix

fix/bambuddy-ffmpeg-updateable

fix/immich-helmet-csp

core_add_scriptsite_donation_url

add-script-ironclaw-1775649518

fix/proxmox-error-resilience

remove_unused_scripts

CrazyWolf13-patch-1

fix/papra-env-backup-fallback

CrazyWolf13-patch-2

add-script-homelable-1775421958

add-script-openthread-br-1775416012

fix/silent-return-instead-of-exit

fix/nvidia-glx-fallback

fix/npm-ensure-nginx-dirs

fix/motioneye-run-as-root

fix/grist-remove-ee

fix/openwrt-vm-shutdown

fix/core-func-profiled-sourcing

fix/crafty-controller-java25

fix/lxc-updater-apt-pager

fix/npm-openresty-user-config

add-script-netboot-xyz-1775157692

copilot/fix-zigbee2mqtt-update-error

feat/apt-proxy-url-support

fix/cron-updater-path

fix/grist-backup-empty-docs

fix/filebrowser-noauth

feat/core-hardening-proxmoxve

add-script-drawdb-1775060927

fix/build-func-empty-gateway

fix/graylog-max-map-count

fix/koillection-envlocal-newline

add-script-bambuddy-1774853250

MickLesk-patch-1

fix/immich-maintenance-mode-redis-error

fix/npm-unmask-openresty-on-migration

fix/ollama-intel-gpg-error-handling

add-script-yourls-1774732133

add-script-matter-server-1774638379

fix/dispatcharr-pg-port

cron_update_lxc

chore/immich-v2.6.3

add-script-geopulse-1774548387

cdn_improvements

add-script-birdnet-1774535320

fix/tools-func-exit-codes

fix/immich-update-db-hostname

update/frigate-0.17.1

fix/use-absolute-path-for-install

fix/pin-npm-version

shell_safe_fixes

remove_booklore

chore/update-url-community-scripts

komodov2

refactor/turnkey-modernize

add-script-nextexplorer-1774344421

add-script-homebrew-1774342032

fix/shell-security-hardening-v2

improve/build-func-performance-cleanup

fix/build-dns-prefix

fix/anytype-mongodb-wait

fix/frigate-cpu-model-path

copilot/fix-installation-failure-isponsorblocktv

fix/reactive-resume-add-git

copilot/scanopy-fix-apt-configuration-error

add-script-isponsorblocktv-1774009652

add-script-alpine-wakapi-1774008954

fix/coder-code-server-existing-config-and-reachability

add-script-teleport-1773928044

CrazyWolf13-patch-wealthfolio-1

refactor/tools-func-qol

fix/stirling-pdf-jdk-reinstall

fix/pinned-version-wording

MickLesk-patch-10

fix/reactive-resume-v5013

fix/tracearr-update-version-oom

copilot/fix-hdd-space-for-owncast

tremor021-patch-6

pocketbase_bot

disp_fix

fix/tdarr-binary-check-curl-retry

MickLesk-patch-9

refactor/podman-quadlets

alpine-ntfy

refactor/jellyfin

CrazyWolf13-patch-11

feature/autousermod_hwaccell

add-script-split-pro-1773677692

fix/frigate-openvino-fallback

fix/paperless-ngx-default-ram

fix/plex-restart-after-update

fix/gluetun-openvpn-env

MickLesk-patch-8

termix_add_guacd

MickLesk-patch-7

fix/tududi-nodejs-in-update

fix/sparkyfitness-npm-peer-deps

docs/website-metadata-workflow

fix-pbs_microcode

remove_jsons

michelroegl-brunner-patch-4

add-script-test-1773325265

cleanup_workflows

feat/remove-frontend

automated/update-github-versions

feat/mode-generated

fix/n8n-build-essential

fix/sparkyfitness-shared-deps

fix/rocm-path-escaping

fix/storage-validation-cross-node

fix/frigate-nvidia-version-regex

arm64-build-support

readme

michelroegl-brunner-patch-3

fix/coder-code-server-backup

copilot/fix-immich-update-dependency-issue

rust

fix/linkwarden-update-playwright

fix/powerdns-sqlite-permissions

fix/duplicate-nameserver-searchdomain

CrazyWolf13-patch-7

feat/ollama-rocm-support

fix/seerr-migration-update-script

preflight_tests

adgu_fix

2026-04-23

2026-04-22

2026-04-21

2026-04-20

2026-04-19

2026-04-18

2026-04-17

2026-04-16

2026-04-15

2026-04-14

2026-04-13

2026-04-12

2026-04-11

2026-04-10

2026-04-09

2026-04-08

2026-04-07

2026-04-06

2026-04-05

2026-04-04

2026-04-03

2026-04-02

2026-04-01

2026-03-31

2026-03-30

2026-03-29

2026-03-28

2026-03-27

2026-03-26

2026-03-25

2026-03-24

2026-03-23

2026-03-22

2026-03-21

2026-03-20

2026-03-19

2026-03-18

2026-03-17

2026-03-16

2026-03-15

2026-03-14

2026-03-13

2026-03-12

2026-03-11

2026-03-10

2026-03-09

2026-03-08

2026-03-07

2026-03-06

2026-03-05

2026-03-04

2026-03-03

2026-03-02

2026-03-01

2026-02-28

2026-02-27

2026-02-26

2026-02-25

2026-02-24

2026-02-23

2026-02-22

2026-02-21

2026-02-20

2026-02-19

2026-02-18

2026-02-17

2026-02-16

2026-02-15

2026-02-14

2026-02-13

2026-02-12

2026-02-11

2026-02-10

2026-02-09

2026-02-08

2026-02-07

2026-02-06

2026-02-05

2026-02-04

2026-02-03

2026-02-02

2026-02-01

2026-01-31

2026-01-30

2026-01-29

2026-01-28

2026-01-27

2026-01-26

2026-01-25

2026-01-24

2026-01-23

2026-01-22

2026-01-21

2026-01-20

2026-01-19

2026-01-18

2026-01-17

2026-01-16

2026-01-15

2026-01-14

2026-01-13

2026-01-12

2026-01-11

2026-01-10

2026-01-09

2026-01-08

2026-01-07

2026-01-06

2026-01-05

2026-01-04

2026-01-03

2026-01-02

2026-01-01

2025-12-31

2025-12-30

2025-12-29

2025-12-28

2025-12-27

2025-12-26

2025-12-25

2025-12-24

2025-12-23

2025-12-22

2025-12-21

2025-12-20

2025-12-19

2025-12-18

2025-12-17

2025-12-16

2025-12-15

2025-12-14

2025-12-13

2025-12-12

2025-12-11

2025-12-10

2025-12-09

2025-12-08

2025-12-07

2025-12-06

2025-12-05

2025-12-04

2025-12-03

2025-12-02

2025-12-01

2025-11-30

2025-11-29

2025-11-28

2025-11-27

2025-11-26

2025-11-25

2025-11-24

2025-11-23

2025-11-22

2025-11-21

2025-11-20

2025-11-19

2025-11-18

2025-11-17

2025-11-16

2025-11-15

2025-11-14

2025-11-13

2025-11-12

2025-11-11

2025-11-10

2025-11-09

2025-11-08

2025-11-07

2025-11-06

2025-11-05

2025-11-04

2025-11-03

2025-11-02

2025-11-01

2025-10-31

2025-10-30

2025-10-29

2025-10-28

2025-10-27

2025-10-26

2025-10-25

2025-10-24

2025-10-23

2025-10-22

2025-10-21

2025-10-20

2025-10-19

2025-10-18

2025-10-17

2025-10-16

2025-10-15

2025-10-14

2025-10-13

2025-10-12

2025-10-11

2025-10-10

2025-10-09

2025-10-08

2025-10-07

2025-10-06

2025-10-05

2025-10-04

2025-10-03

2025-10-02

2025-10-01

2025-09-30

2025-09-29

2025-09-28

2025-09-27

2025-09-26

2025-09-25

2025-09-24

2025-09-23

2025-09-22

2025-09-21

2025-09-20

2025-09-19

2025-09-18

2025-09-17

2025-09-16

2025-09-15

2025-09-14

2025-09-13

2025-09-12

2025-09-11

2025-09-10

2025-09-09

2025-09-08

2025-09-07

2025-09-06

2025-09-05

2025-09-04

2025-09-03

2025-09-02

2025-09-01

2025-08-31

2025-08-30

2025-08-29

2025-08-28

2025-08-27

2025-08-26

2025-08-25

2025-08-24

2025-08-23

2025-08-22

2025-08-21

2025-08-20

2025-08-19

2025-08-18

2025-08-17

2025-08-16

2025-08-15

2025-08-14

2025-08-13

2025-08-12

2025-08-11

2025-08-10

2025-08-09

2025-08-08

2025-08-07

2025-08-06

2025-08-05

2025-08-04

2025-08-03

2025-08-02

2025-08-01

2025-07-31

2025-07-30

2025-07-29

2025-07-28

2025-07-27

2025-07-26

2025-07-25

2025-07-24

2025-07-23

2025-07-22

2025-07-21

2025-07-20

2025-07-19

2025-07-18

2025-07-17

2025-07-16

2025-07-15

2025-07-14

2025-07-11

2025-07-10

2025-07-09

2025-07-08

2025-07-07

2025-07-06

2025-07-05

2025-07-04

2025-07-03

2025-07-02

2025-07-01

2025-06-30

2025-06-29

2025-06-28

2025-06-27

2025-06-26

2025-06-25

2025-06-24

2025-06-23

2025-06-22

2025-06-21

2025-06-20

2025-06-19

2025-06-18

2025-06-17

2025-06-16

2025-06-15

2025-06-14

2025-06-13

2025-06-12

2025-06-11

2025-06-10

2025-06-09

2025-06-08

2025-06-07

2025-06-06

2025-06-05

2025-06-04

2025-06-03

2025-06-02

2025-06-01

2025-05-31

2025-05-30

2025-05-29

2025-05-28

2025-05-27

2025-05-26

2025-05-25

2025-05-24

2025-05-23

2025-05-22

2025-05-21

2025-05-20

2025-05-19

2025-05-18

2025-05-17

2025-05-16

2025-05-15

2025-05-14

2025-05-13

2025-05-12

2025-05-11

2025-05-10

2025-05-09

2025-05-08

2025-05-07

2025-05-06

2025-05-05

2025-05-04

2025-05-03

2025-05-02

2025-05-01

2025-04-30

2025-04-29

2025-04-28

2025-04-27

2025-04-26

2025-04-25

2025-04-24

2025-04-23

2025-04-22

2025-04-20

2025-04-21

2025-04-19

2025-04-18

2025-04-17

2025-04-15

2025-04-16

2025-04-14

2025-04-13

2025-04-12

2025-04-11

2025-04-10

2025-04-09

2025-04-08

2025-04-07

2025-04-06

2025-04-05

2025-04-04

2025-04-03

2025-04-02

2025-04-01

2025-03-31

2025-03-30

2025-03-29

2025-03-28

2025-03-27

2025-03-26

2025-03-25

2025-03-24

2025-03-23

2025-03-22

2025-03-21

2025-03-20

2025-03-19

2025-03-18

2025-03-17

2025-03-16

2025-03-15

2025-03-14

2025-03-13

2025-03-12

2025-03-11

2025-03-10

2025-03-09

2025-03-08

2025-03-07

2025-03-06

2025-03-05

2025-03-04

2025-03-03

2025-03-02

2025-03-01

2025-02-28

2025-02-27

2025-02-26

2025-02-25

2025-02-24

2025-02-23

2025-02-21

2025-02-20

2025-02-19

2025-02-18

2025-02-17

2025-02-16

2025-02-15

2025-02-14

2025-02-13

2025-02-12

2025-02-11

2025-02-10

2025-02-09

2025-02-08

2025-02-07

2025-02-06

2025-02-05

2025-02-04

2025-02-03

2025-02-02

2025-02-01

2025-01-31

2025-01-30

2025-01-29

2025-01-28

2025-01-27

2025-01-26

2025-01-24

2025-01-23

2025-01-22

2025-01-21

2025-01-20

2025-01-19

2025-01-18

2025-01-17

2025-01-16

2025-01-15

2025-01-14

2025-01-13

2025-01-11

2025-01-10

2025-01-09

2025-01-08

2025-01-07

2025-01-06

2025-01-05

2025-01-04

2025-01-03

2025-01-02

2025-01-01

2024-12-31

2024-12-30

2024-12-29

2024-12-28

2024-12-27

2024-12-26

2024-12-25

2024-12-23

2024-12-21

2024-12-20

2024-12-19

2024-12-18

2024-12-17

2024-12-16

2024-12-13

2024-12-12

2024-12-09

2024-12-08

2024-12-07

2024-12-06

2024-12-05

2024-12-04

2024-12-03

2024-12-02

2024-11-30

2024-11-29

2024-11-28

2024-11-27

2024-11-26

2024-11-25

2024-11-24

2024-11-23

Labels

Clear labels

Implemented in VED waiting push to Main

Mirrored from GitHub Pull Request

🛑 Failure to comply with the guidelines

No labels

Implemented in VED waiting push to Main

🛑 Failure to comply with the guidelines

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/ProxmoxVE#6784

Reference in a new issue

Repository

starred/ProxmoxVE

Title

Body

No description provided.

Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?

Rows
Columns