1
0
Fork 0
Local docker-compose based development Setup for CAcert software
Find a file
2021-01-05 08:11:18 +01:00
docker Start work for using the go based signer 2021-01-04 08:11:23 +01:00
.dockerignore Start work for using the go based signer 2021-01-04 08:11:23 +01:00
.editorconfig Fix Perl::Critic warnings in server.pl 2020-12-27 20:07:19 +01:00
.gitignore Start work for using the go based signer 2021-01-04 08:11:23 +01:00
.mrconfig Start work for using the go based signer 2021-01-04 08:11:23 +01:00
cats.Dockerfile Implement signal handling 2020-12-26 17:10:15 +01:00
docker-compose.yml Start work for using the go based signer 2021-01-04 08:11:23 +01:00
gosigner.Dockerfile Use buster-slim for go signer and smtp 2021-01-04 20:40:51 +01:00
mail.Dockerfile Use buster-slim for go signer and smtp 2021-01-04 20:40:51 +01:00
mariadb.Dockerfile Add cats to the docker-compose setup 2020-12-22 15:51:13 +01:00
mgr.Dockerfile Implement signal handling 2020-12-26 17:10:15 +01:00
README.md Rename application to webdb 2020-12-23 07:17:06 +01:00
setup_test_ca.sh Fix gpg setup for signer 2020-12-26 15:53:03 +01:00
signer.Dockerfile Fix Perl::Critic warnings in server.pl 2020-12-27 20:07:19 +01:00
signer_client.Dockerfile Install libemail-mime-perl in signer_client image 2020-12-28 20:12:15 +01:00
smtp.Dockerfile Switch imap and smtp to debian:buster-slim 2021-01-05 08:11:18 +01:00
webdb.Dockerfile Implement signal handling 2020-12-26 17:10:15 +01:00

CAcert local development setup

This repository contains a local development environment setup for the CAcert software.

It runs multiple Docker containers using docker-compose the provide different parts of the CAcert software. This includes CATS (CAcert automated testing system), the test manager software and the WebDB software as well as supporting server components (database, SMTP and IMAP).

Prerequisites

sudo apt-get update
sudo apt-get install docker.io openssl myrepos
sudo adduser $USER docker
newgrp docker
python3 -m pip install --user -U docker-compose
# make sure that ~/.local/bin is in $PATH 

Usage

git clone https://git.dittberner.info/jan/cacert-devsetup.git
cd cacert-devsetup
mr checkout

Create a .env file that defines the following variables

Variable Usage
CATCHALL_MAILBOX_PASSWORD The password of the IMAP mailbox used by the test manager software
CLIENT_CERT_EMAIL email address for client certificate generated by setup_test_ca.sh
CLIENT_CERT_EMAIL email address that should be included in the test client certificate that is generated in testca/certs/testclient.crt.pem and included in testca/certs/testclient.p12
CLIENT_CERT_PASSWORD PKCS#12 keystore password for client certificate generated by setup_test_ca.sh
CLIENT_CERT_PASSWORD password used to encrypt testca/certs/testclient.p12
CLIENT_CERT_USERNAME full name for a user that is included in the CN field of the subject distinguished name in the test client certificate
CLIENT_CERT_USERNAME user name for client certificate generated by setup_test_ca.sh
MYSQL_CATS_PASSWORD Database password for cats
MYSQL_CATS_USER Database user for cats
MYSQL_MGR_PASSWORD Database password for the test manager
MYSQL_MGR_USER Database user for the test manager
MYSQL_ROOT_PASSWORD Database root password
MYSQL_WEBDB_PASSWORD Database password for webdb
MYSQL_WEBDB_USER Database user for webdb
echo "CATCHALL_MAILBOX_PASSWORD=$(openssl rand -base64 18)
CLIENT_CERT_EMAIL=user@example.org
CLIENT_CERT_PASSWORD=$(openssl rand -base64 18)
CLIENT_CERT_USERNAME="John Doe"
MYSQL_WEBDB_PASSWORD=$(openssl rand -base64 18)
MYSQL_WEBDB_USER=cacert_dev
MYSQL_CATS_PASSWORD=$(openssl rand -base64 18)
MYSQL_CATS_USER=cats
MYSQL_MGR_PASSWORD=$(openssl rand -base64 18)
MYSQL_MGR_USER=cacert_mgr
MYSQL_ROOT_PASSWORD=$(openssl rand -base64 18)" > .env
./setup_test_ca.sh
docker-compose up

After these steps you should be able to reach the CAcert application at https://www.cacert.localhost:8443/. The test manager application is reachable at https://mgr.cacert.localhost:9443/. CATS is reachable at https://cats.cacert.localhost:7443/. The magic hostname resolution works on systems using systemd's nss module for host resolution. If you do not have that on your system you might need a set of entries in your /etc/hosts or its equivalent for your operating system.

A client certificate is created by setup_test_ca.sh and is placed in testca/certs/clientcert.p12 which can be imported in a browser to support client certificate authentication. You may also wish to add the CA certificates in testca/root/ca.crt.pem and testca/class3/ca.crt.pem to your browser's trusted CA certificate list.