Fix VARBASE in rc.d and add README with some OpenBSD specific things.

Diff from aisha! Thanks aisha!

security/step-ca/Makefile

@@ -8,6 +8,8 @@ MODGO_MODNAME =	github.com/smallstep/certificates
 MODGO_VERSION =	v${V}
 DISTNAME =	step-ca-${V}
 
+REVISION =	0
+
 CATEGORIES =	security
 
 HOMEPAGE =	https://smallstep.com/certificates

security/step-ca/pkg/PLIST

@@ -13,6 +13,7 @@
 @bin bin/step-cloudkms-init
 @bin bin/step-pkcs11-init
 @bin bin/step-yubikey-init
+share/doc/pkg-readmes/${PKGSTEM}
 share/doc/step-ca/
 share/doc/step-ca/CONTRIBUTING.md
 share/doc/step-ca/GETTING_STARTED.md

security/step-ca/pkg/README

@@ -0,0 +1,28 @@
++-------------------------------------------------------------------------------
+| Running ${PKGSTEM} on OpenBSD
++-------------------------------------------------------------------------------
+
+Initialization
+==============
+
+Step CA needs to be initialized by the _step-ca user in the
+directory ${LOCALSTATEDIR}/step-ca via
+
+# su _step-ca -c "env STEPPATH=${LOCALSTATEDIR}/step-ca step ca init"
+
+Running the service
+===================
+
+Step CA needs to be told which config file to load when starting the rcctl
+service script by setting the appropriate flags
+
+# rcctl enable step_ca
+# rcctl set step_ca flags --config config/ca.json
+
+Add the CA cert to system store
+===============================
+
+The default certificate for Step CA is stored in ${LOCALSTATEDIR}/step-ca/certs/root_ca.crt
+which should be added to the system by appending it to ${SYSCONFDIR}/ssl/cert.pem
+
+# cat ${LOCALSTATEDIR}/step-ca/certs/root_ca.crt >> ${SYSCONFDIR}/ssl/cert.pem

security/step-ca/pkg/step_ca.rc

@@ -4,7 +4,7 @@ daemon="${LOCALBASE}/bin/step-ca"
 daemon_flags="config/ca.json"
 daemon_user="_step-ca"
 daemon_logger=daemon.info
-daemon_execdir="${VARBASE}/step-ca"
+daemon_execdir="${LOCALSTATEDIR}/step-ca"
 
 . /etc/rc.d/rc.subr