From dad06fb922cbfcd00bae255d3fec9d70138e419b Mon Sep 17 00:00:00 2001 From: Lucas Savva Date: Thu, 22 Oct 2020 14:06:19 +0100 Subject: nixos/tests/acme: Hard code test certificates The added README.md explains why this has been done. --- nixos/tests/common/acme/server/generate-certs.nix | 29 +++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 nixos/tests/common/acme/server/generate-certs.nix (limited to 'nixos/tests/common/acme/server/generate-certs.nix') diff --git a/nixos/tests/common/acme/server/generate-certs.nix b/nixos/tests/common/acme/server/generate-certs.nix new file mode 100644 index 00000000000..cd8fe0dffca --- /dev/null +++ b/nixos/tests/common/acme/server/generate-certs.nix @@ -0,0 +1,29 @@ +# Minica can provide a CA key and cert, plus a key +# and cert for our fake CA server's Web Front End (WFE). +{ + pkgs ? import {}, + minica ? pkgs.minica, + mkDerivation ? pkgs.stdenv.mkDerivation +}: +let + conf = import ./snakeoil-certs.nix; + domain = conf.domain; +in mkDerivation { + name = "test-certs"; + buildInputs = [ minica ]; + phases = [ "buildPhase" "installPhase" ]; + + buildPhase = '' + minica \ + --ca-key ca.key.pem \ + --ca-cert ca.cert.pem \ + --domains ${domain} + ''; + + installPhase = '' + mkdir -p $out + mv ca.*.pem $out/ + mv ${domain}/key.pem $out/${domain}.key.pem + mv ${domain}/cert.pem $out/${domain}.cert.pem + ''; +} -- cgit 1.4.1