diff options
| author | Wojtek Kosior <koszko@koszko.org> | 2023-09-08 17:04:38 +0200 |
|---|---|---|
| committer | Wojtek Kosior <koszko@koszko.org> | 2023-09-09 15:54:48 +0200 |
| commit | 7276d8e6ae494bb7ab85c1cdfa2917e3b889468d (patch) | |
| tree | 6fea20b60ce604555335f977713d9ac0b3bd6299 /Makefile | |
| parent | 18da556c5cb0234a4c1ad3df0b263a452db2ebf1 (diff) | |
| download | koszko-org-server-7276d8e6ae494bb7ab85c1cdfa2917e3b889468d.tar.gz koszko-org-server-7276d8e6ae494bb7ab85c1cdfa2917e3b889468d.zip | |
Make TLS functional
Enable letsencrypt certificates in httpd while making all daemons fall back to
self-issued certs when /etc/letsencrypt/live is unpopulated.
Diffstat (limited to 'Makefile')
| -rw-r--r-- | Makefile | 20 |
1 files changed, 17 insertions, 3 deletions
@@ -28,6 +28,8 @@ GUIX_SYS_CONTAINER = $(GUIX_TM) system container $(GUIX_LOAD_PATHS) GUIX_SHELL = $(GUIX_TM) shell +GUIX_OPENSSL = $(GUIX_SHELL) openssl -- openssl + KOSZKO_ORG_WEBSITE_INFO = \ subrepos/koszko-org-website/src/koszko_org_website.egg-info/PKG-INFO HYDRILLA_WEBSITE_INFO = \ @@ -40,7 +42,7 @@ ALL_EGG_INFOS = \ $(HYDRILLA_INFO) CONTAINER_PREREQUISITES = container.scm $(ALL_EGG_INFOS) hydrilla-wsgi.py \ - exim.conf Makefile.local + exim.conf Makefile.local test-ca-key.pem test-ca-cert.pem PWD_DERIVED_DIRECTORY_NAME != pwd | sed 's|[/'\'']|!|g' TEST_ROOT_DIR = '/tmp/$(PWD_DERIVED_DIRECTORY_NAME)!!test-root/current' @@ -57,6 +59,17 @@ $(HYDRILLA_INFO): Makefile.local: touch $@ +test-ca-key.pem: + $(GUIX_OPENSSL) genrsa -out $@ 4096 + +test-ca-cert.pem: test-ca-key.pem + $(GUIX_OPENSSL) req -x509 -new -nodes -key $< -sha256 -days 3650 \ + -out $@ -subj '/CN=Self-signed CA/C=PL/ST=PL/L=Krakow/O=Koszko' + +test-ca-certificates.crt: /etc/ssl/certs/ca-certificates.crt \ + test-ca-cert.pem + cat $^ > $@ + container-runner: | $(CONTAINER_PREREQUISITES) container-runner.touchfile: $(CONTAINER_PREREQUISITES) @@ -197,7 +210,7 @@ enter-container: pidfile nsenter -a -t "$$(cat pidfile)" \ /run/current-system/profile/bin/bash --login -fake-client: fake-client-setup-mounts.sh hosts +fake-client: fake-client-setup-mounts.sh hosts test-ca-certificates.crt unshare --map-root-user --mount ./$< "$${SHELL:-/bin/sh}" install: $(CONTAINER_PREREQUISITES) @@ -223,7 +236,8 @@ clean: clean-runner for SUBREPO in $(SUBREPOS_WITH_MAKEFILE); do \ $(MAKE) -C subrepos/"$$SUBREPO" clean; \ done - rm -rf log test-root hosts schemas sample-malcontent + rm -rf log test-root hosts test-ca-key.pem test-ca-cert.pem \ + test-ca-certificates.crt schemas sample-malcontent .PHONY: all \ clean-runner clean \ |