Local docker-compose based development Setup for CAcert software
Find a file
2020-12-26 15:53:11 +01:00
docker Fix gpg setup for signer 2020-12-26 15:53:03 +01:00
.dockerignore Implement docker-compose setup for CAcert software 2020-12-20 14:52:15 +01:00
.editorconfig Align Perl brace formatting with perltidy 2020-12-26 07:01:39 +01:00
.gitignore Implement docker-compose setup for CAcert software 2020-12-20 14:52:15 +01:00
.mrconfig Implement docker-compose setup for CAcert software 2020-12-20 14:52:15 +01:00
cats.Dockerfile Add cats to the docker-compose setup 2020-12-22 15:51:13 +01:00
docker-compose.yml Configure OCSP and CPS URLs for local signer 2020-12-26 15:53:11 +01:00
imap.Dockerfile Implement docker-compose setup for CAcert software 2020-12-20 14:52:15 +01:00
mail.Dockerfile Configure mgr and mail containers 2020-12-22 14:19:31 +01:00
mariadb.Dockerfile Add cats to the docker-compose setup 2020-12-22 15:51:13 +01:00
mgr.Dockerfile Add signer configuration 2020-12-23 22:14:13 +01:00
README.md Rename application to webdb 2020-12-23 07:17:06 +01:00
setup_test_ca.sh Fix gpg setup for signer 2020-12-26 15:53:03 +01:00
signer.Dockerfile Add signer configuration 2020-12-23 22:14:13 +01:00
signer_client.Dockerfile Improve signer and signer_client setup 2020-12-24 08:03:24 +01:00
smtp.Dockerfile Implement docker-compose setup for CAcert software 2020-12-20 14:52:15 +01:00
webdb.Dockerfile Add signer configuration 2020-12-23 22:14:13 +01:00

CAcert local development setup

This repository contains a local development environment setup for the CAcert software.

It runs multiple Docker containers using docker-compose the provide different parts of the CAcert software. This includes CATS (CAcert automated testing system), the test manager software and the WebDB software as well as supporting server components (database, SMTP and IMAP).

Prerequisites

sudo apt-get update
sudo apt-get install docker.io openssl myrepos
sudo adduser $USER docker
newgrp docker
python3 -m pip install --user -U docker-compose
# make sure that ~/.local/bin is in $PATH 

Usage

git clone https://git.dittberner.info/jan/cacert-devsetup.git
cd cacert-devsetup
mr checkout

Create a .env file that defines the following variables

Variable Usage
CATCHALL_MAILBOX_PASSWORD The password of the IMAP mailbox used by the test manager software
CLIENT_CERT_EMAIL email address for client certificate generated by setup_test_ca.sh
CLIENT_CERT_EMAIL email address that should be included in the test client certificate that is generated in testca/certs/testclient.crt.pem and included in testca/certs/testclient.p12
CLIENT_CERT_PASSWORD PKCS#12 keystore password for client certificate generated by setup_test_ca.sh
CLIENT_CERT_PASSWORD password used to encrypt testca/certs/testclient.p12
CLIENT_CERT_USERNAME full name for a user that is included in the CN field of the subject distinguished name in the test client certificate
CLIENT_CERT_USERNAME user name for client certificate generated by setup_test_ca.sh
MYSQL_CATS_PASSWORD Database password for cats
MYSQL_CATS_USER Database user for cats
MYSQL_MGR_PASSWORD Database password for the test manager
MYSQL_MGR_USER Database user for the test manager
MYSQL_ROOT_PASSWORD Database root password
MYSQL_WEBDB_PASSWORD Database password for webdb
MYSQL_WEBDB_USER Database user for webdb
echo "CATCHALL_MAILBOX_PASSWORD=$(openssl rand -base64 18)
CLIENT_CERT_EMAIL=user@example.org
CLIENT_CERT_PASSWORD=$(openssl rand -base64 18)
CLIENT_CERT_USERNAME="John Doe"
MYSQL_WEBDB_PASSWORD=$(openssl rand -base64 18)
MYSQL_WEBDB_USER=cacert_dev
MYSQL_CATS_PASSWORD=$(openssl rand -base64 18)
MYSQL_CATS_USER=cats
MYSQL_MGR_PASSWORD=$(openssl rand -base64 18)
MYSQL_MGR_USER=cacert_mgr
MYSQL_ROOT_PASSWORD=$(openssl rand -base64 18)" > .env
./setup_test_ca.sh
docker-compose up

After these steps you should be able to reach the CAcert application at https://www.cacert.localhost:8443/. The test manager application is reachable at https://mgr.cacert.localhost:9443/. CATS is reachable at https://cats.cacert.localhost:7443/. The magic hostname resolution works on systems using systemd's nss module for host resolution. If you do not have that on your system you might need a set of entries in your /etc/hosts or its equivalent for your operating system.

A client certificate is created by setup_test_ca.sh and is placed in testca/certs/clientcert.p12 which can be imported in a browser to support client certificate authentication. You may also wish to add the CA certificates in testca/root/ca.crt.pem and testca/class3/ca.crt.pem to your browser's trusted CA certificate list.