diff --git a/osbuild-composer.spec b/osbuild-composer.spec index e9dd74085..74592a614 100644 --- a/osbuild-composer.spec +++ b/osbuild-composer.spec @@ -191,18 +191,6 @@ install -m 0644 -vp test/data/ansible/* %{buildroot}%{_d install -m 0755 -vd %{buildroot}%{_datadir}/tests/osbuild-composer/azure install -m 0644 -vp test/data/azure/* %{buildroot}%{_datadir}/tests/osbuild-composer/azure/ -install -m 0755 -vd %{buildroot}%{_datadir}/tests/osbuild-composer/ca -install -m 0644 -vp test/data/ca/ca-crt.pem %{buildroot}%{_datadir}/tests/osbuild-composer/ca/ -install -m 0600 -vp test/data/ca/ca-key.pem %{buildroot}%{_datadir}/tests/osbuild-composer/ca/ -install -m 0644 -vp test/data/ca/composer-crt.pem %{buildroot}%{_datadir}/tests/osbuild-composer/ca/ -install -m 0600 -vp test/data/ca/composer-key.pem %{buildroot}%{_datadir}/tests/osbuild-composer/ca/ -install -m 0644 -vp test/data/ca/worker-crt.pem %{buildroot}%{_datadir}/tests/osbuild-composer/ca/ -install -m 0600 -vp test/data/ca/worker-key.pem %{buildroot}%{_datadir}/tests/osbuild-composer/ca/ - -# Client keys are used by tests to access the composer APIs. Allow all users access. -install -m 0644 -vp test/data/ca/client-crt.pem %{buildroot}%{_datadir}/tests/osbuild-composer/ca/ -install -m 0644 -vp test/data/ca/client-key.pem %{buildroot}%{_datadir}/tests/osbuild-composer/ca/ - install -m 0755 -vd %{buildroot}%{_datadir}/tests/osbuild-composer/manifests install -m 0644 -vp test/data/manifests/* %{buildroot}%{_datadir}/tests/osbuild-composer/manifests/ @@ -225,6 +213,9 @@ install -m 0600 -vp test/data/keyring/id_rsa %{buildroot}%{_d install -m 0755 -vd %{buildroot}%{_datadir}/tests/osbuild-composer/koji install -m 0644 -vp test/data/koji/* %{buildroot}%{_datadir}/tests/osbuild-composer/koji/ +install -m 0755 -vd %{buildroot}%{_datadir}/tests/osbuild-composer/x509 +install -m 0644 -vp test/data/x509/* %{buildroot}%{_datadir}/tests/osbuild-composer/x509/ + %if 0%{?rhel} install -m 0755 -vd %{buildroot}%{_datadir}/tests/osbuild-composer/vendor install -m 0644 -vp test/data/vendor/87-podman-bridge.conflist %{buildroot}%{_datadir}/tests/osbuild-composer/vendor/ diff --git a/test/data/ca/ca-crt.pem b/test/data/ca/ca-crt.pem deleted file mode 100644 index 4ca50c170..000000000 --- a/test/data/ca/ca-crt.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDDTCCAfWgAwIBAgIUVrgJCBlYNv2uMIP04BH2fOTCPr4wDQYJKoZIhvcNAQEL -BQAwFjEUMBIGA1UEAwwLb3NidWlsZC5vcmcwHhcNMjAxMDA1MDgzODUzWhcNMjEx -MDA1MDgzODUzWjAWMRQwEgYDVQQDDAtvc2J1aWxkLm9yZzCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBAMCii5Z8O+P3HfrYZmUVJAvQFSyxCvarpjSjopUD -J3VCFBa601swg5vDBSnDg0CRiW8r5LHi4seaOULD3OhttabeLZ5a4ESR98Q/XjcE -RWWOx9FdQkx1BXlpFDwbWHPTaKXhFfii35fjjmCoprCX6OVVGLfq95yfU7jj2wme -BfQoN/Xv+yXzYr6vCVOgTdG8Hc2G639xBf0zaZsDoJH5gtfxpD7s3HRLwN/XWy1e -800pHqdBji0Nt1Gz97K3x2HgqzmtX/cUfZN71AHEIt2DzhRjOQbfG0r/W2YztDJb -aZ3CultmJOCwXl5dGkSSmVYjB/y104XzbVMl0Mm0arq714kCAwEAAaNTMFEwHQYD -VR0OBBYEFFNDFT1jOr4HlFrICey0ukYdzq27MB8GA1UdIwQYMBaAFFNDFT1jOr4H -lFrICey0ukYdzq27MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB -AAey3ciGtbfpzRwHL+KR5SqfVfxKI/LtVU74VFxFfMnVzAuFteV/k9CEHGxbCjmZ -nt4Z2vncLzGxJ3wnjm4GfzCCPKCfPdqD6bAwJ5tpDJyFWs0xOe2f9U5i1Yx5UHG+ -lIR1t/vlmPRkcC1lQlV+xhM/8MPJYl+0Bsjt2vjAvEbHEGifb2voJy2k1AabYwks -sDzkfC/0EU1MeHj8tjt98xVsGezdmduZMOee/OyhQ3Z5nuqKvQoiRCUBYVxPbxLV -bwwtECtHqs1DDMZSbc095BPMm4TuSMi1YqSiAcDQm776hff26mbeyEg0NROQ30M8 -8vu25FPz/AlY+0tb2/P7SGI= ------END CERTIFICATE----- diff --git a/test/data/ca/ca-key.pem b/test/data/ca/ca-key.pem deleted file mode 100644 index d991fa7e8..000000000 --- a/test/data/ca/ca-key.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDAoouWfDvj9x36 -2GZlFSQL0BUssQr2q6Y0o6KVAyd1QhQWutNbMIObwwUpw4NAkYlvK+Sx4uLHmjlC -w9zobbWm3i2eWuBEkffEP143BEVljsfRXUJMdQV5aRQ8G1hz02il4RX4ot+X445g -qKawl+jlVRi36vecn1O449sJngX0KDf17/sl82K+rwlToE3RvB3Nhut/cQX9M2mb -A6CR+YLX8aQ+7Nx0S8Df11stXvNNKR6nQY4tDbdRs/eyt8dh4Ks5rV/3FH2Te9QB -xCLdg84UYzkG3xtK/1tmM7QyW2mdwrpbZiTgsF5eXRpEkplWIwf8tdOF821TJdDJ -tGq6u9eJAgMBAAECggEBAJBA6NEPRXYoFu5C4SLvGugxsbme9rvTvIoMw/Jcw06e -5hZDX4UZJmUdPJ+SxpYypj13HDJN2k9o4Vpq++GeTnqgRH8iRHF08ZqnbXE7pJAx -xNa2xLAmravGkZ2VSL6r4ODfVqmzpkbC5Frj0LfLel9KQ1FvBm/mLDb3go6IJKM5 -sg78bfzKWPsDqCD4Wy37xtm53av63Tvqp7K54SWQ/tlGPZDLb0uUGgc5XMilp58o -FaUK4JY6+aH/q5SlhLkKR5TPClZZqUOqB3ccsIQUmx77MNogVi0tZJ9CPs6wGxHt -0/9bW+zaGsnaWaAQz9UVGOndC7MwKGN09wrEky/kiRECgYEA59kvyYZEzt0t6dm3 -0t+71vMMZpqz883WkT4hWIpQdMGSTM68lFBH5EoQhryegMxZ2/9iUAl1IS7+K0CT -57hV4JjNaHgux+sbAb2Kcr0H6GbZ05suksPrM7p9TXfCRizKSJUX8PxIaUOnIkcT -Ek7w4uwkB8k9Ar4LbI/L+bclf3UCgYEA1LOie2LeYDDUl+Qb/DK0RrhsQssfrxZH -McCgeSjsho5ncXumF1+dR7SE/ArgESm0Sw2mTbmKaMex13YFQeB+69RkmHE/C7w8 -L8iRLXcVkBn+AzI7K5zD3eiyZmk6zZS34Ka0DKIfW+RAgs3VqM8zCBVNCB/9Yt6a -oaeXzD1D6UUCgYEA0PEkZeOBY0RlOlihl4NWT1LenCFTh6a7dk2d06Ni+rXwWRP/ -U1I+V/h/iE24Mq73VJKFUUgUrQEiwmwCX1P64NwUUc/tqPGydxEQEnNVCxaVvGQf -xtiVwRqSDhydkoyPCHaFCwLxZxw3JWcUQu2tnXPezL2JJE2NEhtNYhCx1HkCgYA+ -kgV3RJNkOpkfgZQV8ZiEwVXfpD9S0zvoT+ElIzvJLXUStiwa7h6nbFw+hLh7dAg8 -l+xXKwCjaDNRzb8oLPFJULay/YVtX1dZOygx9rkaJftKV2l+n+QikISCiewpc9lP -tdp7aOnOr2umzwROX32EoDeD710ry44zhciq5U7n/QKBgCCLEU2UMUcGSgqP4gAF -5bg+W6vg5ivuajRPc7Kio4+DVWuppd8KZOtR8LaOUzYtCFjT90s5MEduDEbAq6bF -CdlALFkOlF/hJU2XzmSQEy4+UysT0jwEgMGTTaFnWoIJZZsUPzLUjZUrWrsFfnpc -WCxhsvYiBZIsGBgbKqjhfs+e ------END PRIVATE KEY----- diff --git a/test/data/ca/client-crt.pem b/test/data/ca/client-crt.pem deleted file mode 100644 index ddcb1c2f1..000000000 --- a/test/data/ca/client-crt.pem +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICujCCAaICFC4RtelruuDmzcZBjnKYe8QCuenxMA0GCSqGSIb3DQEBCwUAMBYx -FDASBgNVBAMMC29zYnVpbGQub3JnMB4XDTIwMTAwNzIxMDUzNloXDTIwMTEwNjIx -MDUzNlowHTEbMBkGA1UEAwwSY2xpZW50Lm9zYnVpbGQub3JnMIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmIpbWfEt5soZNPUJ3FXZgeJQNvA/i4aCOP0/ -FSWD36dWqYNyeZBrTdxYBSO44158Tzo4L0ETkdoBxXww3tZhN2t79r6KMdBRCHNG -hUY0C5uNmi+cfUvsh6jRg4VDmwk8DOiqVbLQ2rI36GyNfJy7MvDMjD3RbLfhFW7v -SUQQnqMRDi/uu107HrCD/O/YN288yul/2EhFTds0rFYKojybKFQxz9o1eWqW31ca -83NU5WqQUTSZ+NwnBXC/TrpNNIC6kzVgelDElL9NJU/dK++9vPkGZY5YGc44OiaG -wA21hypC2xJpL9FLiQ9jBaN/i935oKyLsQdcqsm4DOllT4TiDwIDAQABMA0GCSqG -SIb3DQEBCwUAA4IBAQBfJStg9ofmJJYWfgZHntkhCftwXlBVQKQKz7UTN9ZM+6Uc -NlAg9nmkFpK8e9u1HknL4JcdyjYdKzURHMPquvaaRAeUaXeg7LmJmO62VK0HIVHe -RtN9XdkJ3YmOC8htMBiIuObq+DMQ20mSEtMpkah812F2gno+lc60G2jYlqi9/oac -frVWGulHjufFdkEpTcLB6tleEKgH0Qj9BZdkk4fCfXTSdWKRXx2j3yRKFjUy2bG3 -jY1Vrbc9lbQhtbvDwnQwVAdNjmdw0TPSBzDiN48vliG3WVAybhMYaxWHkmPz/SS7 -Quq7hcFfV1LPJWzC0H1GTynkT8kJyjmi81XeS7/z ------END CERTIFICATE----- diff --git a/test/data/ca/client-key.pem b/test/data/ca/client-key.pem deleted file mode 100644 index 5b4d4cbe9..000000000 --- a/test/data/ca/client-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAmIpbWfEt5soZNPUJ3FXZgeJQNvA/i4aCOP0/FSWD36dWqYNy -eZBrTdxYBSO44158Tzo4L0ETkdoBxXww3tZhN2t79r6KMdBRCHNGhUY0C5uNmi+c -fUvsh6jRg4VDmwk8DOiqVbLQ2rI36GyNfJy7MvDMjD3RbLfhFW7vSUQQnqMRDi/u -u107HrCD/O/YN288yul/2EhFTds0rFYKojybKFQxz9o1eWqW31ca83NU5WqQUTSZ -+NwnBXC/TrpNNIC6kzVgelDElL9NJU/dK++9vPkGZY5YGc44OiaGwA21hypC2xJp -L9FLiQ9jBaN/i935oKyLsQdcqsm4DOllT4TiDwIDAQABAoIBAAgL3E+9Qh+Xb4b0 -mgWOXb/VMUgEmkWA3eOlsCssZG1qxU6ByYsSDCb6RYZX4QvVUxdWydnsQ90As/E3 -4NgQVOZ4e/yDBoUkKPIaKpEjJ+Go3epRMp8FXz+0rwCSCgPmk81WhI2qtgujNQHE -oB3/onxIaXHIXQCwHmZkCKlDtuC3Qnh5kimTrEOeSZQYBX28UTyIScBDEH7c6FfY -P49FnW1kEsCdEb6kr2eAbjoET8jXrNYWE8Zr9B/QDmf22mPUEJB3mYmcKUOTQabR -WBq3vBL0xw47Jpt5U/CQfNrwe3AyyqN6aP33GnuVTd4I2RaCaK/YwRs0HEIzaLCI -iXPLVXkCgYEAyGVTr9wvET6zrL7whvc5nOSzxDCvb58bvr3HPPlF1onPQkXSIfRY -BtNnv+7giAzOjktO7uGQYHkiZfmSxQvKbVbZuJZ/09L3O9EPLRgqBchlceyyWWym -z2LXQBdrNYA/8OZ+qxfuPNPklTYDsnbRi2y7AXpwe8RtduIcS03Xgo0CgYEAwt27 -GMw8K9pRndK5hDePOvoEZJoiEnw20XqyGLX7+Vgh17epQygtvInWMqBEK8UsbzG+ -Im1KjODcXaBMdTmi8eO0cdDhiZ8DJRh+FU14pSs9AvVApPPOEkgPaVuYU7FxCLKE -v8TK9QjcywvGq2+UAZ9vbtEfBvCasGYGyic83gsCgYAOdQDslv3uSI+9zqiblApb -/0PYy4pciyX9RMOy6mjXaWnCZjcaq/4NwAKkHh+ksQfVzCkNosg/rX2FzdOA07Du -4m0im/js1zNu5U4q+qtNb3+iEGlteiEupPrSbN4XJgF256oLvdY6HS9IdHUf0uKb -JGT5XlPvGeSrxvQzmpIJoQKBgFi8BV2mauQBN1cpxOarMiLGBMgW09sdCw1a1Myh -2grSEh8b+AynuCP5lDtbdY+E6tX7jbw5jlAWeOJ9gzOCOmvxp5KIbptveEwlGgzz -STPVO6QkL/qtNrJmc/YjCntZ+sHeIMr+fvkTvw8K3r3kQj527pREz98mIxqeawsU -0Qe/AoGAU0XRhm/yzsKxHauksqgx+p5qDgoUpiS+KEKU1gCzYkbjI3cg4SNopaCb -DfcRwcblwuLnq7BY4n44F08n94u09s0InJdO2xmGrjY5cw7QqiI50B4FSb/KCXB7 -CnkT7DznceY2guHFT9Rm8j+1Q6EsSwy2BO4/iX6xIaNcKcw5JZk= ------END RSA PRIVATE KEY----- diff --git a/test/data/ca/composer-crt.pem b/test/data/ca/composer-crt.pem deleted file mode 100644 index b6676e089..000000000 --- a/test/data/ca/composer-crt.pem +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICsTCCAZkCFElB9131Tg40vCU0/10eVenAgwa/MA0GCSqGSIb3DQEBCwUAMBYx -FDASBgNVBAMMC29zYnVpbGQub3JnMB4XDTIwMTAwNTA4Mzg1M1oXDTIwMTEwNDA4 -Mzg1M1owFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAxqmrytbO2mOd3x43nIyvX/G5+S5VpDITPs3KeeJEBUbB1nZa -GI7cC36c6bqGV6bnJGv3BdCL9z8L7BPPbSzy3NCvtQ5Q0bGsJgwX0Lkm/H1DzIbP -vmktBBrQJrn9L6h4x2e+wxLTOo7oM5NIROBdIDXzAXiJFR3J5TY0bYQH1WD4+xmX -vHHIIJignsrNl08ODruG0UGn/I9wMKu7pS3wlWbyHvzuPsUUi1cCxZowUp52l1GU -Y7b54R1zMX7yTkiY4rshKfDqkKLQwk0RphXF4SLVjfPM38gA2zTcXecAahn/Si2b -7VNmUD0NTMxf5UtCv0iqdUFLekgFOb8q1J+osQIDAQABMA0GCSqGSIb3DQEBCwUA -A4IBAQCaOtOFXGfjAQRMOrSiy62wigw+D26jml01krRDCch/8MiDtG9agX0qIQnP -hK/lkY4AbRqwMe9MugJmCBEgHDwgOgPX7GH+J8l/DbjOp1NUzD4rxy/bfTXLP+5j -dkUzD7GIedygTm4jGTxFE9P6iYo/Un0GffSIsjIWaXyGf2T6kn1oE8sygXwhNaqm -F1duIXbseNo4brXBwWncw/C0gw8dXZDzlozIKhUzH/Ff6Q3h1Axu/5uNV7Svmkb1 -pHg9faWkZHhLasm40LTGG2B83z3f38R2AwcRRkH5Wque1FwfT886XnF//E9dfGi8 -cr1i2trLhweFMp1w5qbbqojMYs3h ------END CERTIFICATE----- diff --git a/test/data/ca/composer-key.pem b/test/data/ca/composer-key.pem deleted file mode 100644 index 2efcf5b9d..000000000 --- a/test/data/ca/composer-key.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDGqavK1s7aY53f -HjecjK9f8bn5LlWkMhM+zcp54kQFRsHWdloYjtwLfpzpuoZXpucka/cF0Iv3Pwvs -E89tLPLc0K+1DlDRsawmDBfQuSb8fUPMhs++aS0EGtAmuf0vqHjHZ77DEtM6jugz -k0hE4F0gNfMBeIkVHcnlNjRthAfVYPj7GZe8ccggmKCeys2XTw4Ou4bRQaf8j3Aw -q7ulLfCVZvIe/O4+xRSLVwLFmjBSnnaXUZRjtvnhHXMxfvJOSJjiuyEp8OqQotDC -TRGmFcXhItWN88zfyADbNNxd5wBqGf9KLZvtU2ZQPQ1MzF/lS0K/SKp1QUt6SAU5 -vyrUn6ixAgMBAAECggEARR3o4ARGKWL5HRQ1QukLZvUBv/jn4N1vJq2QYUFgavmI -HOZGSD8DvZgKXaMAdGRkDJ7nbYV1/MpZioQF6bT2te6BAxv88EfBXeddLcgNEVE/ -klvg0R1khQYTHzYcKUWS58VncBUPmlL35GG8hgINRFSgvAVEpC0d/foS2XtTAmBC -IxJUr6C9TewK4R1psFMqUOhUJUwoAAN1HVN/zRQttOK9P5JYc4nl4UuaeQ0AYIro -OSvseKBCgD9fGFpeT0lM/rB5qBh+/25faUs3hhF6kQZcvVqDVfUi2FbkSeoqV5BB -Gr1LKzxK3TBsKzZIsJt/ZTcVlfXNho2F+WqWDADHQQKBgQD1ezi+8ItR8SE0j/1q -5jpevjFQWipzwCBjZFtJBYutlw76MbGV0YAPgNNXzTFi35N5b5FB0cvfQlD0bG1c -25xZw16hSiBh8uVpEpWcB2FQbtMg3N81T5TD/gVoZZpOSW9G0zdeRkQYPf+aNgaA -/bCI60Bnz7oqMCfAp9m1plplSQKBgQDPLOD5HCOS+gqyS7hHpb4aDetgKErHuxki -l9/jzWLt6QR3q7rVwvc91tbvJejQh+aL+vw5xfjyN8DnjHQ7qjV0pPyW86bpd1Cf -b2AlBnKc9kI2ghcWirod6lu3Xwm+LYboh6++cCyYuq8lsKzslMPluzbEZzi+r1p0 -WAuo9KnwKQKBgQCiZe5YgxHoF7l76HYiLkUXQIOnQL8s7EGA/3dUi5KoOHL0GcP9 -9SbfGr62K00st/P8Nk7GWGCjRmAAE2sWL0L0L0d/NGbP5bzXEjBflJJQf8C00Onp -fshQENDLC8xVVkeDd1/9wkZyMzHRd0Q+OZZ8PgXRp57lIg5qaaChh3ft4QKBgBKL -J8/kTuLW8qIm2OXA1hUq7ch7ksXx3zwTb/zJ43L8CmRTwLNlcg/c7PwW3pHbuC0L -WAwrxi6YAvI2xiiZAZPhOKKiSGxZO6QpqedmflfCSwbp+fsQi7wlv/PX091r4clq -a7aV/8fj3c131OKQJkCn0y0dOB0JQQVs5A5JZ/SRAoGBAO4JCRa7OGNYEd+C2XkK -JbZ7HFgnvFcdPVnH4AikrtJ2tujvz9npVpLHAgfbxxxqo3GTw/5hlY4MWftXrorf -FWwuO/dBeVWWN9P0tIp2IGuw+lXgUqgr3UPSJmxurlKNtQvggjxM55WT/mV6cYYi -dHkErd2bkiUF0KjuNz5VZD94 ------END PRIVATE KEY----- diff --git a/test/data/ca/worker-crt.pem b/test/data/ca/worker-crt.pem deleted file mode 100644 index 36e5e43e2..000000000 --- a/test/data/ca/worker-crt.pem +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICsTCCAZkCFElB9131Tg40vCU0/10eVenAgwbAMA0GCSqGSIb3DQEBCwUAMBYx -FDASBgNVBAMMC29zYnVpbGQub3JnMB4XDTIwMTAwNTA4Mzg1N1oXDTIwMTEwNDA4 -Mzg1N1owFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAwJ0dIkgyH0Vq82Xnuez6Y30AAUg8BmVdWhEXW07XBUYdjnqG -XoDDk2hyqSKlCo4wtOgajS9j08eZG09b/JuQOIzoOP39HkmMFYW2ocJFcNM07h5Z -X248ANyG4XorIQPk6HiJJd+hCKm6Pta5HgRC6MBy9RRl+DOxJRfyMxSmI3LaH52d -GvsjhSGWAp57ksappadLAcYhnMQDwqgUcG9mtRXcewo5r6ypDDDnv0DL8qs9H9uN -Bw46LeE8zrfS6fVOOMly0GWPjcTCk2AWKRnSFJo5eoVue1NYm1lwAtVXMeZ21IQp -tEVi/vl1CSo3j/wyp95cApCoTQkqt0zjng/uEQIDAQABMA0GCSqGSIb3DQEBCwUA -A4IBAQBV1IhkPMGhYVvomI/rvb+wXjUNnEZyg6VTfOxjVWdZfCisfTqk3uw4ar0t -43b4QExm2dl1IFFtrfnRlx3uN1MQ4biH2A1p8go6mWILRjo3zLA78RzA//BG05UZ -DN98VP6VdCjFDMpwvhfUXFZzWfenUIjACnqY/VaURI+iT92M9jG1qFS9s50dmDn3 -lK3prS+HSKNdHc3KDfYoFzPoTfpuwJv10tkQd4jSt2FJevlQpcuXyytW5UGJrTgN -UVHVevYJhOjMuLMZ77QvDJvF4XEkap1FPP/tGwbhMEIPnD3qWCjD3+HA/PXcHMRq -hk4DBD+WNpxL6zMgMqUwRdfsBzec ------END CERTIFICATE----- diff --git a/test/data/ca/worker-key.pem b/test/data/ca/worker-key.pem deleted file mode 100644 index 73a6f2ede..000000000 --- a/test/data/ca/worker-key.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDAnR0iSDIfRWrz -Zee57PpjfQABSDwGZV1aERdbTtcFRh2OeoZegMOTaHKpIqUKjjC06BqNL2PTx5kb -T1v8m5A4jOg4/f0eSYwVhbahwkVw0zTuHllfbjwA3IbheishA+ToeIkl36EIqbo+ -1rkeBELowHL1FGX4M7ElF/IzFKYjctofnZ0a+yOFIZYCnnuSxqmlp0sBxiGcxAPC -qBRwb2a1Fdx7CjmvrKkMMOe/QMvyqz0f240HDjot4TzOt9Lp9U44yXLQZY+NxMKT -YBYpGdIUmjl6hW57U1ibWXAC1Vcx5nbUhCm0RWL++XUJKjeP/DKn3lwCkKhNCSq3 -TOOeD+4RAgMBAAECggEBAI6J9oxvJwBzS7Fx4Wl7ENTdJUrNnPYSv2Gusj00+/SA -LdFJpPR8j78flXLLG53TGgJWnYeL4XFRDWHjeaxXpwPiatv6Qf3O6abnu/67GM5k -zo/Ez9jKaAcvK3XjBdW53wWWZdAsTSxvBlAIcRfgiW9bM/dgMBHclyRfMzJP/p7N -z+l2yKrizImojL/CXEG6BjkjpcS5l5hr8/DGCMCEes9CcQamFb281wPXdktICOHG -tkyR8+E571rr+nzDYdaTLFa5jLiFDbNdCk378c8T5eOWCGQayEwBUfd06h7Fqn95 -Jt6TdFbWz1bXykUyKAkmniqgRNDol/wR6WjlnBEejV0CgYEA5vhX0IEwLoqIJww8 -sttGDkVJXjwAHOb9FQy5uWcz0b7QeLS8pJaGbact0nveMM3HXl3A/uVWvMtpnrEk -vEfE2ZktxwFIiYbrqjTbDp2s0yvjDde/FHJD2UkP0mGnzLas/NwV+pljZ7iAev4q -GlpcSBrxaeFabxENWfx6NY75QwsCgYEA1XysqOzmUXiPCxTwOnz+k9/4E9d8cg79 -nuQo8vJ8lEAzKAxic434GX4ijsu7OE5SqMotrpUtwtruNOVliDnpyxRz4TdTwo+A -4MgZG3BkG2OZNGsg3VaTpMtdkLWnd3Zato2AwQrUhUGMDW+kf/vRGsCJOmVsVWg/ -1hlWxgekhNMCgYAxG3AgRrdlzdJw6usk4/YbJqQYww0LGBmLFi+OueCModNVNqg9 -HjvqqHbXn7p4CehvqeNUzpIIhf8o3GUBGwlBco4HF8DCbMtCXwaMLv4Fz/jwgoR/ -5mOCmUQh6N1yawyQnoKVy3MVJGc8vzlYbQnd0sytRFqj7q42CbY6GPHqTQKBgHoF -1956Aa8hfIk1/5U+qng1NOOKcEv1O4udF7a9WO2XwGWspn0r8VoI2ZHK6wjk46Qs -Y239QHm2jx7W23DAwVvdJdrdt9dmFKDmXktrsxxgkkn+zXsVqDAyORmkasMCeBkN -ykEMgqpj67wmSt0IPt3OnOEu5XvvqUUjmJB5/9QXAoGBALLyTFgqiJdQwhlDCmMD -eUpd4OW6NAmsOke+udhjcXMF+WNieDI6z4TWhwpoFjtdRsrMHmB5VXZFwkvh7L53 -hEis0a9DX+ltNdHysMyrDBww7DyAC3gesf+N9iblPERn1G7lukNU2JcvpeCrwgtf -gM0xvSJPc+eNOmM3aKQsA/l9 ------END PRIVATE KEY----- diff --git a/test/data/x509/openssl.cnf b/test/data/x509/openssl.cnf new file mode 100644 index 000000000..7ff0d5cca --- /dev/null +++ b/test/data/x509/openssl.cnf @@ -0,0 +1,85 @@ +# +# ca options +# + +[ca] +default_ca = osbuild_ca + +[osbuild_ca] +database = ./index.txt +new_certs_dir = ./certs +rand_serial = yes + +certificate = ca.cert.pem +private_key = private/ca.key.pem + +default_days = 3650 +default_md = sha256 + +x509_extensions = osbuild_ca_ext + +# See WARNINGS in `man openssl ca`. This is ok, becasue it only copies +# extensions that are not already specified in `osbuild_ca_ext`. +copy_extensions = copy + +preserve = no +policy = osbuild_ca_policy + +# We want to issue multiple certificates with the same subject in the +# testing environment. +unique_subject = no + + +[osbuild_ca_ext] +basicConstraints = critical, CA:TRUE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always, issuer:always +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + + +[osbuild_ca_policy] +commonName = supplied +emailAddress = supplied + + +# +# Extensions for server certificates +# + +[osbuild_server_ext] +basicConstraints = critical, CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid, issuer:always +keyUsage = critical, digitalSignature, keyEncipherment +extendedKeyUsage = serverAuth + + +# +# Extensions for client certificates +# + +[osbuild_client_ext] +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = clientAuth + + +# +# req options +# + +[req] +default_md = sha256 +default_bits = 2048 +distinguished_name = osbuild_distinguished_name + + +# +# Only prompt for CN +# + +[osbuild_distinguished_name] +CN = Common Name +emailAddress = E-Mail Address diff --git a/tools/provision.sh b/tools/provision.sh index b942aa178..d5d273849 100755 --- a/tools/provision.sh +++ b/tools/provision.sh @@ -12,14 +12,86 @@ sudo mkdir -p /etc/osbuild-composer/repositories sudo cp -a /usr/share/tests/osbuild-composer/repositories/fedora-*.json \ /etc/osbuild-composer/repositories/ -sudo cp -a /usr/share/tests/osbuild-composer/ca/* \ - /etc/osbuild-composer/ -sudo chown _osbuild-composer /etc/osbuild-composer/composer-*.pem +# Generate all X.509 certificates for the tests +# The whole generation is done in a $CADIR to better represent how osbuild-ca +# it. +CERTDIR=/etc/osbuild-composer +OPENSSL_CONFIG=/usr/share/tests/osbuild-composer/x509/openssl.cnf +CADIR=/etc/osbuild-composer-test/ca + +# The $CADIR might exist from a previous test (current Schutzbot's imperfection) +sudo rm -rf $CADIR || true +sudo mkdir -p $CADIR + +pushd $CADIR + sudo mkdir certs private + sudo touch index.txt + + # Generate a CA. + sudo openssl req -config $OPENSSL_CONFIG \ + -keyout private/ca.key.pem \ + -new -nodes -x509 -extensions osbuild_ca_ext \ + -out ca.cert.pem -subj "/CN=osbuild.org" + + # Copy the private key to the location expected by the tests + sudo cp ca.cert.pem "$CERTDIR"/ca-crt.pem + + # Generate a composer certificate. + sudo openssl req -config $OPENSSL_CONFIG \ + -keyout "$CERTDIR"/composer-key.pem \ + -new -nodes \ + -out /tmp/composer-csr.pem \ + -subj "/CN=localhost/emailAddress=osbuild@example.com" \ + -addext "subjectAltName=DNS:localhost" + + sudo openssl ca -batch -config $OPENSSL_CONFIG \ + -extensions osbuild_server_ext \ + -in /tmp/composer-csr.pem \ + -out "$CERTDIR"/composer-crt.pem + + sudo chown _osbuild-composer "$CERTDIR"/composer-*.pem + + # Generate a worker certificate. + sudo openssl req -config $OPENSSL_CONFIG \ + -keyout "$CERTDIR"/worker-key.pem \ + -new -nodes \ + -out /tmp/worker-csr.pem \ + -subj "/CN=localhost/emailAddress=osbuild@example.com" \ + -addext "subjectAltName=DNS:localhost" + + sudo openssl ca -batch -config $OPENSSL_CONFIG \ + -extensions osbuild_client_ext \ + -in /tmp/worker-csr.pem \ + -out "$CERTDIR"/worker-crt.pem + + # Generate a client certificate. + sudo openssl req -config $OPENSSL_CONFIG \ + -keyout "$CERTDIR"/client-key.pem \ + -new -nodes \ + -out /tmp/client-csr.pem \ + -subj "/CN=client.osbuild.org/emailAddress=osbuild@example.com" \ + -addext "subjectAltName=DNS:client.osbuild.org" + + sudo openssl ca -batch -config $OPENSSL_CONFIG \ + -extensions osbuild_client_ext \ + -in /tmp/client-csr.pem \ + -out "$CERTDIR"/client-crt.pem + + # Client keys are used by tests to access the composer APIs. Allow all users access. + sudo chmod 644 "$CERTDIR"/client-key.pem + +popd sudo systemctl start osbuild-remote-worker.socket sudo systemctl start osbuild-composer.socket sudo systemctl start osbuild-composer-api.socket +# The keys were regenerated but osbuild-composer might be already running. +# Let's try to restart it. In ideal world, this shouldn't be needed as every +# test case is supposed to run on a pristine machine. However, this is +# currently not true on Schutzbot +sudo systemctl try-restart osbuild-composer + # Basic verification sudo composer-cli status show sudo composer-cli sources list