dasharo/systemd
0
0
Fork 0
mirror of https://github.com/Dasharo/systemd.git synced 2026-03-06 15:02:31 -08:00
Code Issues Packages Projects Releases Wiki Activity

test: make the DDI tests work with older openssl

Browse Source 
Older openssl unfortunately insists on having a config file with certain
fields, so let's reuse the one we already create in previous tests.

Should address following error on C8S:

[  407.812039] testsuite-50.sh[654]: + openssl req -config /dev/null -subj=/CN=waldo -x509 -sha256 -nodes -days 365 -newkey rsa:4096 -keyout /tmp/test-50-privkey.key -out /tmp/test-50-cert.crt
[  407.849089] testsuite-50.sh[2325]: Generating a RSA private key
[  408.947853] testsuite-50.sh[2325]: ..................................++++
[  423.100903] testsuite-50.sh[2325]: ..........++++
[  423.111036] testsuite-50.sh[2325]: writing new private key to '/tmp/test-50-privkey.key'
[  423.115036] testsuite-50.sh[2325]: -----
[  423.117842] testsuite-50.sh[2325]: unable to find 'distinguished_name' in config
[  423.120863] testsuite-50.sh[2325]: problems making Certificate Request
[  423.123448] testsuite-50.sh[2325]: 140737354091984:error:0E06D06C:configuration file routines:NCONF_get_string:no value:crypto/conf/conf_lib.c:273:group=req name=distinguished_name

Follow-up to 99d9edf0bd.
This commit is contained in:
Frantisek Sumsal
2023-10-09 10:35:08 +02:00
committed by Luca Boccassi
parent ace07128ac
commit c4eb888740
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
test/units/testsuite-50.sh
View File

@@ -160,9 +160,11 @@ if systemctl --version | grep -q -- +OPENSSL ; then
echo "openssl missing" >/failed
exit 1
fi
HAVE_OPENSSL=1
OPENSSL_CONFIG="$(mktemp)"
# Unfortunately OpenSSL insists on reading some config file, hence provide one with mostly placeholder contents
cat >>"${image}.openssl.cnf" <<EOF
cat >"${OPENSSL_CONFIG:?}" <<EOF
[ req ]
prompt = no
distinguished_name = req_distinguished_name
@@ -178,7 +180,7 @@ emailAddress = test@email.com
EOF
# Create key pair
openssl req -config "${image}.openssl.cnf" -new -x509 -newkey rsa:1024 -keyout "${image}.key" -out "${image}.crt" -days 365 -nodes
openssl req -config "$OPENSSL_CONFIG" -new -x509 -newkey rsa:1024 -keyout "${image}.key" -out "${image}.crt" -days 365 -nodes
# Sign Verity root hash with it
openssl smime -sign -nocerts -noattr -binary -in "${image}.roothash" -inkey "${image}.key" -signer "${image}.crt" -outform der -out "${image}.roothash.p7s"
# Generate signature partition JSON data
@@ -628,7 +630,7 @@ systemctl status foo.service 2>&1 | grep -v -q -F "Warning"
# Test systemd-repart --make-ddi=:
if command -v mksquashfs >/dev/null 2>&1; then
openssl req -config /dev/null -subj="/CN=waldo" -x509 -sha256 -nodes -days 365 -newkey rsa:4096 -keyout /tmp/test-50-privkey.key -out /tmp/test-50-cert.crt
openssl req -config "$OPENSSL_CONFIG" -subj="/CN=waldo" -x509 -sha256 -nodes -days 365 -newkey rsa:4096 -keyout /tmp/test-50-privkey.key -out /tmp/test-50-cert.crt
mkdir -p /tmp/test-50-confext/etc/extension-release.d/