cacert-devsetup/README.md

# CAcert local development setup

This repository contains a local development environment setup for the CAcert
software.

It runs multiple Docker containers using docker-compose the provide different
parts of the CAcert software. This includes CATS (CAcert automated testing
system), the test manager software and the WebDB software as well as supporting
server components (database, SMTP and IMAP).

## Prerequisites

* Linux system (tested on Debian Bullseye)
* [Docker](https://tracker.debian.org/pkg/docker.io)
* [docker-compose](https://pypi.org/project/docker-compose/)
* [openssl](https://tracker.debian.org/pkg/openssl)
* [myrepos](https://tracker.debian.org/pkg/myrepos)

```shell
sudo apt-get update
sudo apt-get install docker.io openssl myrepos
sudo adduser $USER docker
newgrp docker
python3 -m pip install --user -U docker-compose
# make sure that ~/.local/bin is in $PATH 
```

## Usage


```shell
git clone https://git.dittberner.info/jan/cacert-devsetup.git
cd cacert-devsetup
mr checkout
```

Create a .env file that defines the following variables

Variable | Usage
--- | ---
`CATCHALL_MAILBOX_PASSWORD` | The password of the IMAP mailbox used by the test manager software
`CLIENT_CERT_EMAIL` | email address for client certificate generated by `setup_test_ca.sh`
`CLIENT_CERT_EMAIL` | email address that should be included in the test client certificate that is generated in `testca/certs/testclient.crt.pem` and included in `testca/certs/testclient.p12`
`CLIENT_CERT_PASSWORD` | PKCS#12 keystore password for client certificate generated by `setup_test_ca.sh`
`CLIENT_CERT_PASSWORD` | password used to encrypt `testca/certs/testclient.p12`
`CLIENT_CERT_USERNAME` | full name for a user that is included in the CN field of the subject distinguished name in the test client certificate
`CLIENT_CERT_USERNAME` | user name for client certificate generated by `setup_test_ca.sh`
`MYSQL_CATS_PASSWORD` | Database password for cats
`MYSQL_CATS_USER` | Database user for cats
`MYSQL_MGR_PASSWORD` | Database password for the test manager
`MYSQL_MGR_USER` | Database user for the test manager
`MYSQL_ROOT_PASSWORD` | Database root password
`MYSQL_WEBDB_PASSWORD` | Database password for webdb
`MYSQL_WEBDB_USER` | Database user for webdb


```shell
echo "CATCHALL_MAILBOX_PASSWORD=$(openssl rand -base64 18)
CLIENT_CERT_EMAIL=user@example.org
CLIENT_CERT_PASSWORD=$(openssl rand -base64 18)
CLIENT_CERT_USERNAME="John Doe"
MYSQL_WEBDB_PASSWORD=$(openssl rand -base64 18)
MYSQL_WEBDB_USER=cacert_dev
MYSQL_CATS_PASSWORD=$(openssl rand -base64 18)
MYSQL_CATS_USER=cats
MYSQL_MGR_PASSWORD=$(openssl rand -base64 18)
MYSQL_MGR_USER=cacert_mgr
MYSQL_ROOT_PASSWORD=$(openssl rand -base64 18)" > .env
./setup_test_ca.sh
docker-compose up
```

After these steps you should be able to reach the CAcert application at
https://www.cacert.localhost:8443/. The test manager application is reachable
at https://mgr.cacert.localhost:9443/. CATS is reachable at
https://cats.cacert.localhost:7443/. The magic hostname resolution works on
systems using systemd's nss module for host resolution. If you do not have that
on your system you might need a set of entries in your `/etc/hosts` or its
equivalent for your operating system.

A client certificate is created by `setup_test_ca.sh` and is placed in
`testca/certs/clientcert.p12` which can be imported in a browser to support
client certificate authentication. You may also wish to add the CA certificates
in `testca/root/ca.crt.pem` and `testca/class3/ca.crt.pem` to your browser's
trusted CA certificate list.