From b13332c991ce2695626eaca367dd8208b174c9ca Mon Sep 17 00:00:00 2001 From: Karen Arutyunov Date: Thu, 14 Apr 2016 17:59:24 +0300 Subject: Add support for repository authentication --- tests/cert.sh | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100755 tests/cert.sh (limited to 'tests/cert.sh') diff --git a/tests/cert.sh b/tests/cert.sh new file mode 100755 index 0000000..156f588 --- /dev/null +++ b/tests/cert.sh @@ -0,0 +1,46 @@ +#! /bin/sh + +# Normally, you don't need to regenerate the private key. +# +# openssl genrsa 4096 > key.pem + +# Copy default-cert.pem content to the certificate value of the following +# manifest files: +# pkg/1/build2.org/auth/mismatched/signature/repositories +# pkg/1/build2.org/auth/mismatched/sha256sum/repositories +# pkg/1/build2.org/auth/signed/repositories +# pkg/1/build2.org/common/hello/repositories +# +openssl req -x509 -new -key key.pem -days 365 -config default-openssl.cnf > \ + default-cert.pem + +# Copy mismatch-cert.pem content to the certificate value of +# pkg/1/build2.org/auth/mismatched/name/repositories manifest file. +# +openssl req -x509 -new -key key.pem -days 365 -config mismatch-openssl.cnf > \ + mismatch-cert.pem + +# Copy noemail-cert.pem content to the certificate value of +# pkg/1/faulty/auth/noemail/repositories manifest file. +# +openssl req -x509 -new -key key.pem -days 365 -config noemail-openssl.cnf > \ + noemail-cert.pem + +# Normally, you have no reason to regenerate expired-cert.pem, as need to keep +# it expired for the testing purposes. But if you do, copy expired-cert.pem +# content to the certificate value of the following manifest files: +# pkg/1/build2.org/auth/expired/repositories +# pkg/1/faulty/auth/expired/repositories +# +# To regenerate the packages and signature manifest files run: +# +# ../bpkg/bpkg rep-create pkg/1/build2.org/auth/expired --key key.pem +# +# We cannot do it in test.sh since the certificate has expired. This is also +# the reason why we store these auto-generated manifests in git. +# +# Will have to wait 1 day until the certificate expires. Until then test.sh +# will be failing. +# +# openssl req -x509 -new -key key.pem -days 1 -config default-openssl.cnf > \ +# expired-cert.pem -- cgit v1.1