particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

blueprint: add cacert customization

Browse source
This commit is contained in:
Lukas Zapletal 2024-11-21 12:47:20 +01:00 committed by Tomáš Hozza
parent f41c764ca7
commit d531f62488
13 changed files with 273 additions and 191 deletions
Download patch file Download diff file Expand all files Collapse all files

2
test/cases/api/aws.sh
View file

@ -64,7 +64,7 @@ function createReqFile() {
"key": "$(cat "${WORKDIR}/usertest.pub")"
}
]${SUBSCRIPTION_BLOCK}${DIR_FILES_CUSTOMIZATION_BLOCK}${REPOSITORY_CUSTOMIZATION_BLOCK}${OPENSCAP_CUSTOMIZATION_BLOCK}
${TIMEZONE_CUSTOMIZATION_BLOCK}${RPM_CUSTOMIZATION_BLOCK}${RHSM_CUSTOMIZATION_BLOCK}
${TIMEZONE_CUSTOMIZATION_BLOCK}${RPM_CUSTOMIZATION_BLOCK}${RHSM_CUSTOMIZATION_BLOCK}${CACERTS_CUSTOMIZATION_BLOCK}
},
"image_request": {
"architecture": "$ARCH",

2
test/cases/api/azure.sh
View file

@ -85,7 +85,7 @@ function createReqFile() {
"postgresql",
"dummy"
]${SUBSCRIPTION_BLOCK}${DIR_FILES_CUSTOMIZATION_BLOCK}${REPOSITORY_CUSTOMIZATION_BLOCK}${OPENSCAP_CUSTOMIZATION_BLOCK}
${TIMEZONE_CUSTOMIZATION_BLOCK}${FIREWALL_CUSTOMIZATION_BLOCK}${RPM_CUSTOMIZATION_BLOCK}${RHSM_CUSTOMIZATION_BLOCK}
${TIMEZONE_CUSTOMIZATION_BLOCK}${FIREWALL_CUSTOMIZATION_BLOCK}${RPM_CUSTOMIZATION_BLOCK}${RHSM_CUSTOMIZATION_BLOCK}${CACERTS_CUSTOMIZATION_BLOCK}
},
"image_request": {
"architecture": "$ARCH",

22
test/cases/api/common/common.sh
View file

@ -1,4 +1,5 @@
#!/usr/bin/bash
# vim: sw=2:et:
# Reusable function, which waits for a given host to respond to SSH
function _instanceWaitSSH() {
@ -83,6 +84,7 @@ function _instanceCheck() {
verify_repository_customization "$_ssh"
verify_openscap_customization "$_ssh"
verify_cacert_customization "$_ssh"
echo "✔️ Checking timezone customization"
TZ=$($_ssh timedatectl show -p Timezone --value)
@ -243,3 +245,23 @@ function verify_openscap_customization {
exit 1
fi
}
# Verify that CA cert file was extracted
function verify_cacert_customization {
echo "✔️ Checking CA cert extration"
local _ssh="$1"
local _serial="27894af897dd2423607045716438a725f28a6d0b"
local _cn="Test CA for osbuild"
if ! $_ssh "test -e /etc/pki/ca-trust/source/anchors/${_serial}.pem"; then
echo "Anchor CA file does not exist, directory contents:"
$_ssh "find /etc/pki/ca-trust/source/anchors"
exit 1
fi
if ! $_ssh "grep -q \"${_cn}\" /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem"; then
echo "Extracted CA file is not present, bundle contents:"
$_ssh "grep '^#' /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem"
exit 1
fi
}

2
test/cases/api/common/s3.sh
View file

@ -84,7 +84,7 @@ function createReqFileGuest() {
"key": "$(cat "${WORKDIR}/usertest.pub")"
}
]${SUBSCRIPTION_BLOCK}${DIR_FILES_CUSTOMIZATION_BLOCK}${REPOSITORY_CUSTOMIZATION_BLOCK}${OPENSCAP_CUSTOMIZATION_BLOCK}
${TIMEZONE_CUSTOMIZATION_BLOCK}${FIREWALL_CUSTOMIZATION_BLOCK}${RPM_CUSTOMIZATION_BLOCK}${RHSM_CUSTOMIZATION_BLOCK}
${TIMEZONE_CUSTOMIZATION_BLOCK}${FIREWALL_CUSTOMIZATION_BLOCK}${RPM_CUSTOMIZATION_BLOCK}${RHSM_CUSTOMIZATION_BLOCK}${CACERTS_CUSTOMIZATION_BLOCK}
},
"image_request": {
"architecture": "$ARCH",

2
test/cases/api/gcp.sh
View file

@ -72,7 +72,7 @@ function createReqFile() {
"postgresql",
"dummy"
]${SUBSCRIPTION_BLOCK}${DIR_FILES_CUSTOMIZATION_BLOCK}${REPOSITORY_CUSTOMIZATION_BLOCK}${OPENSCAP_CUSTOMIZATION_BLOCK}
${TIMEZONE_CUSTOMIZATION_BLOCK}${FIREWALL_CUSTOMIZATION_BLOCK}${RPM_CUSTOMIZATION_BLOCK}${RHSM_CUSTOMIZATION_BLOCK}
${TIMEZONE_CUSTOMIZATION_BLOCK}${FIREWALL_CUSTOMIZATION_BLOCK}${RPM_CUSTOMIZATION_BLOCK}${RHSM_CUSTOMIZATION_BLOCK}${CACERTS_CUSTOMIZATION_BLOCK}
},
"image_request": {
"architecture": "$ARCH",

2
test/cases/api/oci.sh
View file

@ -77,7 +77,7 @@ function createReqFile() {
"postgresql",
"dummy"
]${SUBSCRIPTION_BLOCK}${DIR_FILES_CUSTOMIZATION_BLOCK}${REPOSITORY_CUSTOMIZATION_BLOCK}${OPENSCAP_CUSTOMIZATION_BLOCK}
${TIMEZONE_CUSTOMIZATION_BLOCK}
${TIMEZONE_CUSTOMIZATION_BLOCK}${CACERTS_CUSTOMIZATION_BLOCK}
},
"image_request": {
"architecture": "$ARCH",