cacert-devsetup/README.md

# CAcert local development setup

This repository contains a local development environment setup for the CAcert
software.

It runs multiple Docker containers using docker-compose the provide different
parts of the CAcert software. This includes CATS (CAcert automated testing
system), the test manager software and the WebDB software as well as supporting
server components (database, SMTP and IMAP).

## Prerequisites

* Linux system (tested on Debian Bullseye)
* [Docker](https://tracker.debian.org/pkg/docker.io)
* [docker-compose](https://pypi.org/project/docker-compose/)
* [openssl](https://tracker.debian.org/pkg/openssl)
* [myrepos](https://tracker.debian.org/pkg/myrepos)

```shell
sudo apt-get update
sudo apt-get install docker.io openssl myrepos
sudo adduser $USER docker
newgrp docker
python3 -m pip install --user -U docker-compose
# make sure that ~/.local/bin is in $PATH 
```

## Usage


```shell
git clone https://git.dittberner.info/jan/cacert-devsetup.git
cd cacert-devsetup
mr checkout
```

Create a .env file that defines the following variables

Variable | Usage
--- | ---
`CATCHALL_MAILBOX_PASSWORD` | The password of the IMAP mailbox used by the test manager software
`CLIENT_CERT_EMAIL` | email address for client certificate generated by `setup_test_ca.sh`
`CLIENT_CERT_EMAIL` | email address that should be included in the test client certificate that is generated in `testca/certs/testclient.crt.pem` and included in `testca/certs/testclient.p12`
`CLIENT_CERT_PASSWORD` | PKCS#12 keystore password for client certificate generated by `setup_test_ca.sh`
`CLIENT_CERT_PASSWORD` | password used to encrypt `testca/certs/testclient.p12`
`CLIENT_CERT_USERNAME` | full name for a user that is included in the CN field of the subject distinguished name in the test client certificate
`CLIENT_CERT_USERNAME` | user name for client certificate generated by `setup_test_ca.sh`
`MYSQL_CATS_PASSWORD` | Database password for cats
`MYSQL_CATS_USER` | Database user for cats
`MYSQL_MGR_PASSWORD` | Database password for the test manager
`MYSQL_MGR_USER` | Database user for the test manager
`MYSQL_ROOT_PASSWORD` | Database root password
`MYSQL_WEBDB_PASSWORD` | Database password for webdb
`MYSQL_WEBDB_USER` | Database user for webdb


```shell
echo "CATCHALL_MAILBOX_PASSWORD='$(openssl rand -base64 18)'
CLIENT_CERT_EMAIL=user@example.org
CLIENT_CERT_PASSWORD='$(openssl rand -base64 18)'
CLIENT_CERT_USERNAME='John Doe'
MYSQL_WEBDB_PASSWORD='$(openssl rand -base64 18)'
MYSQL_WEBDB_USER=cacert_dev
MYSQL_CATS_PASSWORD='$(openssl rand -base64 18)'
MYSQL_CATS_USER=cats
MYSQL_MGR_PASSWORD='$(openssl rand -base64 18)'
MYSQL_MGR_USER=cacert_mgr
MYSQL_ROOT_PASSWORD='$(openssl rand -base64 18)'" | sed 's@/@_@g' > .env
./setup_test_ca.sh
docker-compose up
```

After these steps you should be able to reach the CAcert application at
https://www.cacert.localhost:8443/. The test manager application is reachable
at https://mgr.cacert.localhost:9443/. CATS is reachable at
https://cats.cacert.localhost:7443/. The magic hostname resolution works on
systems using systemd's nss module for host resolution. If you do not have that
on your system you might need a set of entries in your `/etc/hosts` or its
equivalent for your operating system.

A client certificate is created by `setup_test_ca.sh` and is placed in
`testca/certs/clientcert.p12` which can be imported in a browser to support
client certificate authentication. You may also wish to add the CA certificates
in `testca/root/ca.crt.pem` and `testca/class3/ca.crt.pem` to your browser's
trusted CA certificate list.
Add README, move URLs to cacert.localhost 2020-12-20 15:28:19 +01:00			`# CAcert local development setup`

Improve documentation 2020-12-23 06:30:43 +01:00			`This repository contains a local development environment setup for the CAcert`
			`software.`

			`It runs multiple Docker containers using docker-compose the provide different`
			`parts of the CAcert software. This includes CATS (CAcert automated testing`
			`system), the test manager software and the WebDB software as well as supporting`
			`server components (database, SMTP and IMAP).`
Add README, move URLs to cacert.localhost 2020-12-20 15:28:19 +01:00
			`## Prerequisites`

			`* Linux system (tested on Debian Bullseye)`
			`* [Docker](https://tracker.debian.org/pkg/docker.io)`
			`* [docker-compose](https://pypi.org/project/docker-compose/)`
			`* [openssl](https://tracker.debian.org/pkg/openssl)`
			`* [myrepos](https://tracker.debian.org/pkg/myrepos)`

			```shell
			`sudo apt-get update`
			`sudo apt-get install docker.io openssl myrepos`
			`sudo adduser $USER docker`
			`newgrp docker`
			`python3 -m pip install --user -U docker-compose`
			`# make sure that ~/.local/bin is in $PATH`
			```

			`## Usage`

Add instructions for creating .env file 2020-12-22 05:57:51 +01:00
			```shell
			`git clone https://git.dittberner.info/jan/cacert-devsetup.git`
			`cd cacert-devsetup`
			`mr checkout`
			```

Add README, move URLs to cacert.localhost 2020-12-20 15:28:19 +01:00			`Create a .env file that defines the following variables`

			`Variable \| Usage`
			`--- \| ---`
Improve documentation 2020-12-23 06:30:43 +01:00			`CATCHALL_MAILBOX_PASSWORD` \| The password of the IMAP mailbox used by the test manager software
Add test mgr setup 2020-12-22 08:49:18 +01:00			`CLIENT_CERT_EMAIL` \| email address for client certificate generated by `setup_test_ca.sh`
Improve documentation 2020-12-23 06:30:43 +01:00			`CLIENT_CERT_EMAIL` \| email address that should be included in the test client certificate that is generated in `testca/certs/testclient.crt.pem` and included in `testca/certs/testclient.p12`
Add test mgr setup 2020-12-22 08:49:18 +01:00			`CLIENT_CERT_PASSWORD` \| PKCS#12 keystore password for client certificate generated by `setup_test_ca.sh`
Improve documentation 2020-12-23 06:30:43 +01:00			`CLIENT_CERT_PASSWORD` \| password used to encrypt `testca/certs/testclient.p12`
			`CLIENT_CERT_USERNAME` \| full name for a user that is included in the CN field of the subject distinguished name in the test client certificate
			`CLIENT_CERT_USERNAME` \| user name for client certificate generated by `setup_test_ca.sh`
			`MYSQL_CATS_PASSWORD` \| Database password for cats
			`MYSQL_CATS_USER` \| Database user for cats
			`MYSQL_MGR_PASSWORD` \| Database password for the test manager
			`MYSQL_MGR_USER` \| Database user for the test manager
			`MYSQL_ROOT_PASSWORD` \| Database root password
Rename application to webdb This commit renames the application container to webdb and drops the test suffix in favour of using www.cacert.localhost directly. The server certificate for www.cacert.localhost got an additional subjectAlternativeName secure.cacert.localhost and is used for both hostnames now. Environment variables containing _APP have been renamed to _WEBDB to keep consistency. 2020-12-23 07:17:06 +01:00			`MYSQL_WEBDB_PASSWORD` \| Database password for webdb
			`MYSQL_WEBDB_USER` \| Database user for webdb
Improve documentation 2020-12-23 06:30:43 +01:00
Add README, move URLs to cacert.localhost 2020-12-20 15:28:19 +01:00
			```shell
Add proper quotes to .env file 2021-04-23 17:01:12 +02:00			`echo "CATCHALL_MAILBOX_PASSWORD='$(openssl rand -base64 18)'`
Improve documentation 2020-12-23 06:30:43 +01:00			`CLIENT_CERT_EMAIL=user@example.org`
Add proper quotes to .env file 2021-04-23 17:01:12 +02:00			`CLIENT_CERT_PASSWORD='$(openssl rand -base64 18)'`
			`CLIENT_CERT_USERNAME='John Doe'`
			`MYSQL_WEBDB_PASSWORD='$(openssl rand -base64 18)'`
Rename application to webdb This commit renames the application container to webdb and drops the test suffix in favour of using www.cacert.localhost directly. The server certificate for www.cacert.localhost got an additional subjectAlternativeName secure.cacert.localhost and is used for both hostnames now. Environment variables containing _APP have been renamed to _WEBDB to keep consistency. 2020-12-23 07:17:06 +01:00			`MYSQL_WEBDB_USER=cacert_dev`
Add proper quotes to .env file 2021-04-23 17:01:12 +02:00			`MYSQL_CATS_PASSWORD='$(openssl rand -base64 18)'`
Improve documentation 2020-12-23 06:30:43 +01:00			`MYSQL_CATS_USER=cats`
Add proper quotes to .env file 2021-04-23 17:01:12 +02:00			`MYSQL_MGR_PASSWORD='$(openssl rand -base64 18)'`
Improve documentation 2020-12-23 06:30:43 +01:00			`MYSQL_MGR_USER=cacert_mgr`
Add proper quotes to .env file 2021-04-23 17:01:12 +02:00			`MYSQL_ROOT_PASSWORD='$(openssl rand -base64 18)'" \| sed 's@/@_@g' > .env`
Add README, move URLs to cacert.localhost 2020-12-20 15:28:19 +01:00			`./setup_test_ca.sh`
			`docker-compose up`
			```

Improve documentation 2020-12-23 06:30:43 +01:00			`After these steps you should be able to reach the CAcert application at`
Rename application to webdb This commit renames the application container to webdb and drops the test suffix in favour of using www.cacert.localhost directly. The server certificate for www.cacert.localhost got an additional subjectAlternativeName secure.cacert.localhost and is used for both hostnames now. Environment variables containing _APP have been renamed to _WEBDB to keep consistency. 2020-12-23 07:17:06 +01:00			`https://www.cacert.localhost:8443/. The test manager application is reachable`
Improve documentation 2020-12-23 06:30:43 +01:00			`at https://mgr.cacert.localhost:9443/. CATS is reachable at`
			`https://cats.cacert.localhost:7443/. The magic hostname resolution works on`
			`systems using systemd's nss module for host resolution. If you do not have that`
			on your system you might need a set of entries in your `/etc/hosts` or its
			`equivalent for your operating system.`
Add test mgr setup 2020-12-22 08:49:18 +01:00
Improve documentation 2020-12-23 06:30:43 +01:00			A client certificate is created by `setup_test_ca.sh` and is placed in
			`testca/certs/clientcert.p12` which can be imported in a browser to support
			`client certificate authentication. You may also wish to add the CA certificates`
			in `testca/root/ca.crt.pem` and `testca/class3/ca.crt.pem` to your browser's
			`trusted CA certificate list.`