mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-09-11 07:15:54 +03:00
nixosTests.matrix-synapse: fix requests certificate validation by using minica instead of openssl
This commit is contained in:
parent
2594adc657
commit
fd522b612d
@ -1,31 +1,15 @@
|
||||
import ../make-test-python.nix ({ pkgs, ... } : let
|
||||
|
||||
ca_key = mailerCerts.ca.key;
|
||||
ca_pem = mailerCerts.ca.cert;
|
||||
|
||||
runWithOpenSSL = file: cmd: pkgs.runCommand file {
|
||||
buildInputs = [ pkgs.openssl ];
|
||||
} cmd;
|
||||
|
||||
|
||||
ca_key = runWithOpenSSL "ca-key.pem" "openssl genrsa -out $out 2048";
|
||||
ca_pem = runWithOpenSSL "ca.pem" ''
|
||||
openssl req \
|
||||
-x509 -new -nodes -key ${ca_key} \
|
||||
-days 10000 -out $out -subj "/CN=snakeoil-ca"
|
||||
bundle = pkgs.runCommand "bundle" {
|
||||
nativeBuildInputs = [ pkgs.minica ];
|
||||
} ''
|
||||
minica -ca-cert ${ca_pem} -ca-key ${ca_key} \
|
||||
-domains localhost
|
||||
install -Dm444 -t $out localhost/{key,cert}.pem
|
||||
'';
|
||||
key = runWithOpenSSL "matrix_key.pem" "openssl genrsa -out $out 2048";
|
||||
csr = runWithOpenSSL "matrix.csr" ''
|
||||
openssl req \
|
||||
-new -key ${key} \
|
||||
-out $out -subj "/CN=localhost" \
|
||||
'';
|
||||
cert = runWithOpenSSL "matrix_cert.pem" ''
|
||||
openssl x509 \
|
||||
-req -in ${csr} \
|
||||
-CA ${ca_pem} -CAkey ${ca_key} \
|
||||
-CAcreateserial -out $out \
|
||||
-days 365
|
||||
'';
|
||||
|
||||
|
||||
mailerCerts = import ../common/acme/server/snakeoil-certs.nix;
|
||||
mailerDomain = mailerCerts.domain;
|
||||
@ -82,8 +66,8 @@ in {
|
||||
host = "localhost";
|
||||
port = config.services.redis.servers.matrix-synapse.port;
|
||||
};
|
||||
tls_certificate_path = "${cert}";
|
||||
tls_private_key_path = "${key}";
|
||||
tls_certificate_path = "${bundle}/cert.pem";
|
||||
tls_private_key_path = "${bundle}/key.pem";
|
||||
registration_shared_secret = registrationSharedSecret;
|
||||
public_baseurl = "https://example.com";
|
||||
email = {
|
||||
@ -203,8 +187,8 @@ in {
|
||||
settings = {
|
||||
inherit listeners;
|
||||
database.name = "sqlite3";
|
||||
tls_certificate_path = "${cert}";
|
||||
tls_private_key_path = "${key}";
|
||||
tls_certificate_path = "${bundle}/cert.pem";
|
||||
tls_private_key_path = "${bundle}/key.pem";
|
||||
};
|
||||
};
|
||||
};
|
||||
@ -222,7 +206,7 @@ in {
|
||||
"journalctl -u matrix-synapse.service | grep -q 'Connected to redis'"
|
||||
)
|
||||
serverpostgres.require_unit_state("postgresql.service")
|
||||
serverpostgres.succeed("register_new_matrix_user -u ${testUser} -p ${testPassword} -a -k ${registrationSharedSecret} https://localhost:8448/")
|
||||
serverpostgres.succeed("REQUESTS_CA_BUNDLE=${ca_pem} register_new_matrix_user -u ${testUser} -p ${testPassword} -a -k ${registrationSharedSecret} https://localhost:8448/")
|
||||
serverpostgres.succeed("obtain-token-and-register-email")
|
||||
serversqlite.wait_for_unit("matrix-synapse.service")
|
||||
serversqlite.wait_until_succeeds(
|
||||
|
Loading…
Reference in New Issue
Block a user