fd39d4adce
The production signer is using a really old base OS (Debian 4.0 Etch or 5.0 Lenny) with some packages like openssl from Debian 6.0 Stretch. This commit uses the oldest available Docker base image to make a somewhat reproducible variant of this OS. |
||
---|---|---|
docker | ||
.dockerignore | ||
.editorconfig | ||
.gitignore | ||
.mrconfig | ||
cats.Dockerfile | ||
docker-compose.yml | ||
imap.Dockerfile | ||
mail.Dockerfile | ||
mariadb.Dockerfile | ||
mgr.Dockerfile | ||
README.md | ||
setup_test_ca.sh | ||
signer.Dockerfile | ||
signer_client.Dockerfile | ||
smtp.Dockerfile | ||
webdb.Dockerfile |
CAcert local development setup
This repository contains a local development environment setup for the CAcert software.
It runs multiple Docker containers using docker-compose the provide different parts of the CAcert software. This includes CATS (CAcert automated testing system), the test manager software and the WebDB software as well as supporting server components (database, SMTP and IMAP).
Prerequisites
- Linux system (tested on Debian Bullseye)
- Docker
- docker-compose
- openssl
- myrepos
sudo apt-get update
sudo apt-get install docker.io openssl myrepos
sudo adduser $USER docker
newgrp docker
python3 -m pip install --user -U docker-compose
# make sure that ~/.local/bin is in $PATH
Usage
git clone https://git.dittberner.info/jan/cacert-devsetup.git
cd cacert-devsetup
mr checkout
Create a .env file that defines the following variables
Variable | Usage |
---|---|
CATCHALL_MAILBOX_PASSWORD |
The password of the IMAP mailbox used by the test manager software |
CLIENT_CERT_EMAIL |
email address for client certificate generated by setup_test_ca.sh |
CLIENT_CERT_EMAIL |
email address that should be included in the test client certificate that is generated in testca/certs/testclient.crt.pem and included in testca/certs/testclient.p12 |
CLIENT_CERT_PASSWORD |
PKCS#12 keystore password for client certificate generated by setup_test_ca.sh |
CLIENT_CERT_PASSWORD |
password used to encrypt testca/certs/testclient.p12 |
CLIENT_CERT_USERNAME |
full name for a user that is included in the CN field of the subject distinguished name in the test client certificate |
CLIENT_CERT_USERNAME |
user name for client certificate generated by setup_test_ca.sh |
MYSQL_CATS_PASSWORD |
Database password for cats |
MYSQL_CATS_USER |
Database user for cats |
MYSQL_MGR_PASSWORD |
Database password for the test manager |
MYSQL_MGR_USER |
Database user for the test manager |
MYSQL_ROOT_PASSWORD |
Database root password |
MYSQL_WEBDB_PASSWORD |
Database password for webdb |
MYSQL_WEBDB_USER |
Database user for webdb |
echo "CATCHALL_MAILBOX_PASSWORD=$(openssl rand -base64 18)
CLIENT_CERT_EMAIL=user@example.org
CLIENT_CERT_PASSWORD=$(openssl rand -base64 18)
CLIENT_CERT_USERNAME="John Doe"
MYSQL_WEBDB_PASSWORD=$(openssl rand -base64 18)
MYSQL_WEBDB_USER=cacert_dev
MYSQL_CATS_PASSWORD=$(openssl rand -base64 18)
MYSQL_CATS_USER=cats
MYSQL_MGR_PASSWORD=$(openssl rand -base64 18)
MYSQL_MGR_USER=cacert_mgr
MYSQL_ROOT_PASSWORD=$(openssl rand -base64 18)" > .env
./setup_test_ca.sh
docker-compose up
After these steps you should be able to reach the CAcert application at
https://www.cacert.localhost:8443/. The test manager application is reachable
at https://mgr.cacert.localhost:9443/. CATS is reachable at
https://cats.cacert.localhost:7443/. The magic hostname resolution works on
systems using systemd's nss module for host resolution. If you do not have that
on your system you might need a set of entries in your /etc/hosts
or its
equivalent for your operating system.
A client certificate is created by setup_test_ca.sh
and is placed in
testca/certs/clientcert.p12
which can be imported in a browser to support
client certificate authentication. You may also wish to add the CA certificates
in testca/root/ca.crt.pem
and testca/class3/ca.crt.pem
to your browser's
trusted CA certificate list.