smallstep
[Bug]: step-ca --version does not return version
Steps to Reproduce
Following the instructions to install and build STEP-CA here: https://smallstep.com/blog/build-a-tiny-ca-with-raspberry-pi-yubikey/
The build works, but as it starts the first line that is displayed in the terminal is
./.version.sh: 4: Bad substitution ' out of the ' make build GOFLAGS=""
following this the build runs to completion.
But after that the command: step-ca -version responds with:
Smallstep CA/ (linux/arm64) Release Date: 2024-09-25 15:29 UTC
i.e. the version number is not displayed out of the step-ca -version command
Your Environment
- OS - Raspberry OS
-
step-caVersion - 0.27.4
Expected Behavior
the version number should be displayed
Actual Behavior
the version number is not displayed
Additional Context
build was from: https://github.com/smallstep/certificates/releases/download/v0.27.4/step-ca_0.27.4.tar.gz
Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
It looks like it works on macOS:
$ ./bin/step-ca --version
Smallstep CA/0.27.4 (darwin/arm64)
Release Date: 2024-09-27 22:20 UTC
$ sh --version
GNU bash, version ....
Maybe the script should have #!/usr/bin/env bash instead.
Looking through the Makefile and the additional scripts and resources I think we should simplify the process, but that's a different thing 😅
oddly the instructions at https://smallstep.com/blog/build-a-tiny-ca-with-raspberry-pi-yubikey/
say to use: step-ca version
you used: step-ca --version
and I used: step-ca -version
and the help ( step-ca help ) says to use: step-ca -v or step-ca --version
but even if I try all of these I don't get a version number:
@roblatour I ran step-ca --version after make build GOFLAGS="". It's the build target that ultimately sets the version in the binary, based on information from git, or the .VERSION file (useful when building from a source tarball). Apparently on RPi that step fails with the error, and I think that may be because the .version.sh script has sh, which could be behaving differently from macOS.
So, try setting #!/usr/bin/env bash at the start of .version.sh (replacing sh in that line with bash), run make build GOFLAGS="" again, and then step-ca --version. If that works on RPi, we maybe can update it.
step-ca version, step-ca -version and step-ca --version will behave the same, so that's not the issue.
Noting here: changing it (back) to bash might break the process for other environments: https://github.com/smallstep/certificates/issues/1115.
This bug has caught my own installation now. Running step-ca --version gives the same output:
Smallstep CA/ (linux/amd64)
Release Date: 2025-07-22 05:27 UTC
But cat .VERSION:
(HEAD, tag: v0.28.4, origin/master, origin/HEAD)
If I run ./.version.sh directly, it fails:
./.version.sh: 4: Bad substitution
Also confirming that switching the shebang to #!/usr/bin/env bash works.
If you're using automation like Ansible you cannot rely on step-ca --version and similar to determine when to do an upgrade. So you either have to check from .VERSION or patch the .version.sh file before building. Ugly, but works...
# https://github.com/smallstep/certificates/issues/2013
- name: Patch .version.sh
ansible.builtin.replace:
path: /usr/local/step-ca/.version.sh
regexp: '^#!\/usr\/bin\/env sh$'
replace: "#!/usr/bin/env bash"
