particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

test/koji: use the same X.509 generation logic as for other purposes

Browse source 
There's no reason to have 2 CAs and 2 places where we generate certificates,
this commit merges them together.
This commit is contained in:
Ondřej Budai 2020-11-02 13:37:22 +01:00
parent 765f599753
commit 3583399f4e
3 changed files with 20 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

8
tools/run-koji-container.sh
View file

@ -47,11 +47,9 @@ koji_start() {
# create a share directory which is used to share files between the host and containers
mkdir "${SHARE_DIR}"
# generate self-signed certificates in the share directory
openssl req -new -nodes -x509 -days 365 -keyout "${SHARE_DIR}/ca-key.pem" -out "${SHARE_DIR}/ca-crt.pem" -subj "/CN=osbuild.org"
openssl genrsa -out "${SHARE_DIR}/key.pem" 2048
openssl req -new -sha256 -key "${SHARE_DIR}/key.pem" -out "${SHARE_DIR}/csr.pem" -subj "/CN=localhost"
openssl x509 -req -in "${SHARE_DIR}/csr.pem" -CA "${SHARE_DIR}/ca-crt.pem" -CAkey "${SHARE_DIR}/ca-key.pem" -CAcreateserial -out "${SHARE_DIR}/crt.pem"
cp /etc/osbuild-composer/kojihub-key.pem "${SHARE_DIR}/key.pem"
cp /etc/osbuild-composer/kojihub-crt.pem "${SHARE_DIR}/crt.pem"
cp /etc/osbuild-composer/ca-crt.pem "${SHARE_DIR}/ca-crt.pem"
${CONTAINER_RUNTIME} network create org.osbuild.koji