particle-os/debian-koji-osbuild
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
debian-koji-osbuild/test/make-certs.sh
Lars Karlitski 16f762c2ed test: move to koji-osbuild-tests package 
This is similar to how other osbuild packages are testing: everything
that's needed for testing is included in the tests package or a
dependency of it. The test runner then runs every executable in
/usr/libexec/tests/<packagename>. This gives a simple test API to
projects depending on this package (notably osbuild-composer).

The local development workflow described in HACKING.md is meant to
continue to work. To ensure this, all relevant scripts gained a
TEST_DATA variable, which defaults to `./test`, but is set from $1 to
the installed path from integration.sh.
2020-11-19 09:28:28 +01:00

81 lines
2.2 KiB
Bash
Executable file
Raw Blame History

#!/bin/bash
set -euo pipefail
# this script must be run as root
if [ $UID != 0 ]; then
echo This script must be run as root.
exit 1
fi
TEST_PATH=${1:-test}
TEST_DATA=${TEST_PATH}/data
CA_DIR="/etc/osbuild-composer"
echo "Generating certificates"
mkdir -p ${CA_DIR}
CONFIG="${TEST_DATA}/openssl.conf"
# The CA
echo "-=[ CA"
touch "${CA_DIR}/index.txt"
openssl req -new -nodes -x509 \
-config "${CONFIG}" \
-extensions osbuild_ca_ext \
-keyout "${CA_DIR}/ca-key.pem" \
-out "${CA_DIR}/ca-crt.pem" \
-subj "/CN=osbuild.org"
# composer
echo "-=[ composer"
openssl genrsa -out ${CA_DIR}/composer-key.pem 2048
openssl req -new -sha256 \
-config "${CONFIG}" \
-key ${CA_DIR}/composer-key.pem \
-out ${CA_DIR}/composer-csr.pem \
-subj "/CN=composer" \
-addext "subjectAltName=DNS.1:localhost,DNS.2:composer"
openssl ca -config "$CONFIG" -batch \
-extensions osbuild_server_ext \
-in "${CA_DIR}/composer-csr.pem" \
-out "${CA_DIR}/composer-crt.pem"
# koji
echo "-=[ koji"
openssl genrsa -out ${CA_DIR}/koji-key.pem 2048
openssl req -new -sha256 \
-config "${CONFIG}" \
-key ${CA_DIR}/koji-key.pem \
-out ${CA_DIR}/koji-csr.pem \
-subj "/CN=localhost" \
-addext "subjectAltName=DNS.1:localhost,DNS.2:org.osbuild.koji.koji"
openssl ca -config "$CONFIG" -batch \
-extensions osbuild_server_ext \
-in "${CA_DIR}/koji-csr.pem" \
-out "${CA_DIR}/koji-crt.pem"
# client
echo "-=[ client"
openssl genrsa -out ${CA_DIR}/client-key.pem 2048
openssl req -new -sha256 \
-config "${CONFIG}" \
-key ${CA_DIR}/client-key.pem \
-out ${CA_DIR}/client-csr.pem \
-subj "/CN=client.osbuild.local" \
-addext "subjectAltName=DNS:client.osbuild.local"
openssl ca -config "$CONFIG" -batch \
-extensions osbuild_client_ext \
-in "${CA_DIR}/client-csr.pem" \
-out "${CA_DIR}/client-crt.pem"
# fix permissions for composer
chown _osbuild-composer:_osbuild-composer ${CA_DIR}/composer-*
echo "-=[ Updating system trust chain"
cp ${CA_DIR}/ca-crt.pem \
/etc/pki/ca-trust/source/anchors/osbuild-ca-crt.pem
update-ca-trust
Reference in a new issue View git blame Copy permalink