particle-os/debian-koji-osbuild
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
debian-koji-osbuild/test/make-certs.sh
Christian Kellner 481243e628 test: add make-certs script to generate SSL certs 
This will create the a certificate authority (CA) and then create
a cert for composer and another one for the worker. The worker
one can also be used by the koji plugin.
The configuration file is needed to get subjectAltName working.
2020-09-17 10:48:37 +02:00

54 lines
1.5 KiB
Bash
Executable file
Raw Blame History

#!/bin/bash
set -euo pipefail
# this script must be run as root
if [ $UID != 0 ]; then
echo This script must be run as root.
exit 1
fi
TEST_DATA=${TEST_DATA:-test/data}
CA_DIR="/etc/osbuild-composer"
echo "Generating certificates"
mkdir -p ${CA_DIR}
# The CA
openssl req -new -nodes -x509 -days 365 \
-keyout "${CA_DIR}/ca-key.pem" \
-out "${CA_DIR}/ca-crt.pem" \
-subj "/CN=osbuild.org"
openssl genrsa -out "${CA_DIR}/key.pem" 2048
# composer
ALT_NAMES="DNS:localhost,DNS:org.osbuild.koji.composer,DNS:composer"
openssl genrsa -out ${CA_DIR}/composer-key.pem 2048
openssl req -new -sha256 \
-key ${CA_DIR}/composer-key.pem \
-out ${CA_DIR}/composer-csr.pem \
-config ${TEST_DATA}/composer.ssl.conf
openssl x509 -req \
-in ${CA_DIR}/composer-csr.pem \
-CA ${CA_DIR}/ca-crt.pem \
-CAkey ${CA_DIR}/ca-key.pem \
-CAcreateserial \
-out ${CA_DIR}/composer-crt.pem \
-extfile ${TEST_DATA}/composer.ssl.conf \
-extensions v3_req
# worker
openssl genrsa -out ${CA_DIR}/worker-key.pem 2048
openssl req -new -sha256 \
-key ${CA_DIR}/worker-key.pem \
-out ${CA_DIR}/worker-csr.pem \
-subj "/CN=localhost"
openssl x509 -req \
-in ${CA_DIR}/worker-csr.pem \
-CA ${CA_DIR}/ca-crt.pem \
-CAkey ${CA_DIR}/ca-key.pem \
-CAcreateserial \
-out ${CA_DIR}/worker-crt.pem
# fix permissions for composer
chown _osbuild-composer:_osbuild-composer ${CA_DIR}/composer-*
Reference in a new issue View git blame Copy permalink