1
0
mirror of https://github.com/pgbackrest/pgbackrest.git synced 2025-01-06 03:53:59 +02:00

New test containers with static test certificates.

Test certificates were generated dynamically but there are advantages to using static certificates.  For example, it possible to use the same certificate between container versions.  Mostly, it is easier to document the certificates if they are not buried deep in the container code.

The new test certificates are initially intended to be used with the C unit tests but they will eventually be used for integration tests as well.

Two new certificates have been defined. See test/certificate/README.md for details.

The old dynamic certificates will be retained until they are replaced.
This commit is contained in:
David Steele 2018-11-21 18:13:37 -05:00
parent 53e3651cca
commit ac426bc456
12 changed files with 348 additions and 10 deletions

View File

@ -43,6 +43,10 @@
<release-test-list> <release-test-list>
<release-development-list> <release-development-list>
<release-item>
<p>New test containers with static test certificates.</p>
</release-item>
<release-item> <release-item>
<p>Add <code>testRepoPath()</code> to let C unit tests know where the code repository is located.</p> <p>Add <code>testRepoPath()</code> to let C unit tests know where the code repository is located.</p>
</release-item> </release-item>

2
test/certificate/.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
*.csr
*.srl

View File

@ -0,0 +1,48 @@
# pgBackRest Test Certificates
The certificates in this directory are used for testing purposes only and are not used for actual services. They are used only by the unit and integration tests and there should be no reason to modify them unless new tests are required.
## Generating the Test CA (pgbackrest-test-ca.crt/key)
This is a self-signed CA that is used to sign all server certificates. No intermediate CAs will be generated since they are not needed for testing.
```
cd [pgbackrest-root]/test/certificate
openssl genrsa -out pgbackrest-test-ca.key 4096
openssl req -new -x509 -extensions v3_ca -key pgbackrest-test-ca.key -out pgbackrest-test-ca.crt -days 99999 \
-subj "/C=US/ST=All/L=All/O=pgBackRest/CN=test.pgbackrest.org"
openssl x509 -in pgbackrest-test-ca.crt -text -noout
```
## Generating the Test Key (pgbackrest-test.key)
This key will be used for all server certificates to keep things simple.
```
cd [pgbackrest-root]/test/certificate
openssl genrsa -out pgbackrest-test.key 4096
```
## Generating the Alt Name Test Certificate (pgbackrest-test-alt-name.crt)
This certificate will include alternate names and will only be used in unit tests to check alternate name verification functionality.
```
cd [pgbackrest-root]/test/certificate
openssl req -new -sha256 -nodes -out pgbackrest-test-alt-name.csr -key pgbackrest-test.key -config pgbackrest-test-alt-name.cnf
openssl x509 -req -in pgbackrest-test-alt-name.csr -CA pgbackrest-test-ca.crt -CAkey pgbackrest-test-ca.key -CAcreateserial \
-out pgbackrest-test-alt-name.crt -days 99999 -extensions v3_req -extfile pgbackrest-test-alt-name.cnf
openssl x509 -in pgbackrest-test-alt-name.crt -text -noout
```
## Generating the Test Certificate (pgbackrest-test.crt)
This certificate will be used in unit and integration tests. It is expected to pass verification but won't be subjected to extensive testing.
```
cd [pgbackrest-root]/test/certificate
openssl req -new -sha256 -nodes -out pgbackrest-test.csr -key pgbackrest-test.key -config pgbackrest-test.cnf
openssl x509 -req -in pgbackrest-test.csr -CA pgbackrest-test-ca.crt -CAkey pgbackrest-test-ca.key -CAcreateserial \
-out pgbackrest-test.crt -days 99999 -extensions v3_req -extfile pgbackrest-test.cnf
openssl x509 -in pgbackrest-test.crt -text -noout
```

View File

@ -0,0 +1,26 @@
[req]
default_bits = 4096
prompt = no
default_md = sha256
req_extensions = v3_req
distinguished_name = dn
[ dn ]
C=US
ST=All
L=All
O=pgBackRest
OU=Unit Testing Domain
CN = test.pgbackrest.org
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = test.pgbackrest.org
DNS.2 = *.test.pgbackrest.org
IP.1 = 127.0.0.1
DNS.3 = test2.pgbackrest.org
DNS.4 = *.test2.pgbackrest.org

View File

@ -0,0 +1,34 @@
-----BEGIN CERTIFICATE-----
MIIF4jCCA8qgAwIBAgIJAN+gSjwW7yR+MA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV
BAYTAlVTMQwwCgYDVQQIDANBbGwxDDAKBgNVBAcMA0FsbDETMBEGA1UECgwKcGdC
YWNrUmVzdDEcMBoGA1UEAwwTdGVzdC5wZ2JhY2tyZXN0Lm9yZzAgFw0xODExMjAx
MzU2MjlaGA8yMjkyMDkwMzEzNTYyOVowejELMAkGA1UEBhMCVVMxDDAKBgNVBAgM
A0FsbDEMMAoGA1UEBwwDQWxsMRMwEQYDVQQKDApwZ0JhY2tSZXN0MRwwGgYDVQQL
DBNVbml0IFRlc3RpbmcgRG9tYWluMRwwGgYDVQQDDBN0ZXN0LnBnYmFja3Jlc3Qu
b3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwzNZDX/VhTA6lALX
DZ4AOHv4OQH5wTZipa97XdTrI2TIfMGEffLmv5wzN85pku5HXBuHGJUaUENXt1Ss
GwdfBx/gZZEA8oONqkrxOoJTrABWIAs5k6TTUd+f3Y39rlsyQj076f1sw6Mw9qoC
h+JKXDDqw8kGwQHifXdtCrxL9OfV4eq+gYKrqdlyFM08WfKxe0Js8bB5cZ4Bt/GC
2JhQzQ9bMjYJlxSXIXivP/FFunVT5hZ8gsUVAH+/sm8xlQ4sedW7mIBKkjT3tgL0
FvchB3XyoZ6Sr0JKVaMOcQjIsTzOqdgawgArO541ZwUWHdJH+DODr/gBWXSnnzhH
ED5DAvRMPdO/t353qS/ihpacTqQ91B4UKxK1pVNC84ch3spCLnQncl7kn7RhcdCc
b5g4ZfahRmq79QSoMDvN4+7MtyERLXtSttSWiBzQVVj/jcFNDeGeDjKp6Z55xoso
tMZ3yVajl4IbuQS1pfTLjp7WdJ58y5hQ+8O/ebjUYIxOo5kZhRZV/jxqoR7Ga9MG
bAQ7BPcTuItpfGqiWcdYU+ZdyyFwvpXov6qNoCYt58nj7s+FAbed7EzRHa2Z3RVG
kcqv2iX5EddydHmqKip+QUUR4cPLUXn+kvOHtJEOgAWDURh0DVfhrMD5dX1d+9de
BUwZ89gYvxkkErPL1o8OPRxyiucCAwEAAaOBhjCBgzAJBgNVHRMEAjAAMAsGA1Ud
DwQEAwIF4DBpBgNVHREEYjBgghN0ZXN0LnBnYmFja3Jlc3Qub3JnghUqLnRlc3Qu
cGdiYWNrcmVzdC5vcmeHBH8AAAGCFHRlc3QyLnBnYmFja3Jlc3Qub3JnghYqLnRl
c3QyLnBnYmFja3Jlc3Qub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQABqorGy+U2CBBl
ei2Q0zTccJVPqz3xL6UpZVh0X/SoZFisZNyLPskxAh070q8C11g4uqyPoXPp2eJt
smwop2pY6glzO+7b9kEUo2527s8BJejlIzAe9bQ8eZ1Hbqlh52B+wzEE7Ci22KDC
O3RZCya6WiMHXxFCjPR7m4qaoodU4XtRefepg/bs0qUq5rrsHDRfvaitISUOeXnj
NSsLyiVLbwkCW3mL7bEFAG1Th8GWa809zpw8fJiUkhavtDe35UesHM5fOZ8oqY28
BIcSc5yVgOxDAHDQI9lf9umAN5ZakT9lo5WdndG9eUZGOK72s8Vy1ReiKH+vX2qw
3cI69akD+UBLqvO9NFMJPurDLdM82B453EaBqDhm1oPPwHsXc8wiNG6jYmIAHlvN
qX1qXcdJjp54PSv6RFm/ZxcS6CCRRzPv46Zi86cynY32qmEYU5Et3tGVwx6KywRx
HKF206NUzyHYW8cuDywTpQZSYuAHrjcWGzS/Fg1aTIGULRffFLTvmt6URHjpfFwJ
bRkMcw+k1xdV01rTA2jnDbFAC5f6V7QOGwcqSzc25cz1PDHWweCw4oDwpAxRFx14
X98jbWjo6YYsc9wWpcQt5NICO5wHoaJfhawf7suJmuluQTzOsH2ZS6O0zVJmbsVs
KveXMVBWdJoaJjUqEBy6tJHB5uRxJg==
-----END CERTIFICATE-----

View File

@ -0,0 +1,32 @@
-----BEGIN CERTIFICATE-----
MIIFkDCCA3igAwIBAgIJAKfL57w5QrmFMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV
BAYTAlVTMQwwCgYDVQQIDANBbGwxDDAKBgNVBAcMA0FsbDETMBEGA1UECgwKcGdC
YWNrUmVzdDEcMBoGA1UEAwwTdGVzdC5wZ2JhY2tyZXN0Lm9yZzAgFw0xODExMTky
MjI2MjNaGA8yMjkyMDkwMjIyMjYyM1owXDELMAkGA1UEBhMCVVMxDDAKBgNVBAgM
A0FsbDEMMAoGA1UEBwwDQWxsMRMwEQYDVQQKDApwZ0JhY2tSZXN0MRwwGgYDVQQD
DBN0ZXN0LnBnYmFja3Jlc3Qub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
CgKCAgEA363DCLQblcgOjA3qZAJfxameJrRZFvs2xxGNX6IhpLv1uWSr5V6t47lG
IUORf/Jol/lj/Y8jN3BuW3eSnsAjeMTVC1t9kE3fmZ5Rvnyugkl+t1hV2Vgxhuc5
wrn3W2YTjW06miWkuSgyfFC1zxfcCa13Lj/WVfVh/VM17z/TgPCsH+UbAzheRVK7
CLE5P4SdSVmmEeUB6CQaFuKxQ4tuEgR2YBsaI9LblgTsr28nIJLmJugxMcy7KVQm
dVhMPb8oX4VgWxUDHUn2oCQakBOgOXio3gcVyUrcz1oA8S6QxOJO5s2R0ArGZRSW
BPN5c9rAY5+gE6CJwH5oTU8GgtykQn34F4EpXS6CR+tlFMVNPdYmocV7ybn5zJ3b
6k1DpUF2prEbycImPwsDmvGjSoaO6UfELZuGQt9dh8B/zgzbdWMM6MSyaPSKV4VN
yUeM6OI1KwJrTqGK8mJ+fOxgwY2yjsjPE3ZJQ3m2V38I8BdiudfFrFFOQc2en3Na
cI2B7VRiC0ldjQG8y6YfikcCeJCRXa7pKdNqRX8OkcfT83NXUn2HvdjGpQyHI0c3
VgV3cm5exULatz6liUjskBbTAzer/39j8xjNkTctNzel7X6eHdFLWgR1qWjx9vAi
gYFXErzDO9aQ0MTLHGH81rIzpch8fO5rB5sCM9F2lw352+8CgKsCAwEAAaNTMFEw
HQYDVR0OBBYEFGo+OwmNN1QFNDAOYpuySZSYdNZ2MB8GA1UdIwQYMBaAFGo+OwmN
N1QFNDAOYpuySZSYdNZ2MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD
ggIBAL/q0d9FFFWRD6ldCVUcarcZX/mWcchtGGO1xHIesvdAZHd7dZx2ZlJ2OmpN
KwC+9+jXv7h6EqeVuxqPYFlXUdHSXNqrZecFmmXwqa8hqn08ZCZqYJ5CVFjhw+jE
IMvclt5NpessLVKn6Xs75OogbtN69pJdxYnh28l/yoG1gu+41DtDXZjVeIFXCPo3
oLm+ARwG33z1QD66YBnpRmW57M8j+fHiPFtONqCMSk2dt/PEOYDCPhimA5G1lJzw
qyrEiMX9+oyYkfpxmQrGjOVswQvvN/XhSgaMrIoa/cZZwUTe+EtY+jQMXWqk7/F2
ufalTU9x1uZElh94YOsOREq34Ef4lJC/9K0ayfoQY+2qyBPKwGISUUJUY/dPGVd+
cz91fCmy12X3jsw1vmyJ9UU/hC2Nr4LGxDlcRq88/ev7eGAvsOHwgRYJzLfwaJF6
XMeKZfxq1uvFlJyAyYszu9BL5n26eDunBsQbH9R2avE7deVOwxWMUkX2nX7QEENp
dGL3q/3ar/uaMFrAkk5JGUpfozsiXs4BLYKcXRKGy9oBoRuR3lGk+t163qBHh/Rw
M8+tsCo6j4ReSgq2ew+sHfxj4rQ4Bly+965RRPjZPu20QMlbWzD6kEB+F2II537e
R1KzQRet3Mqf+IY98aAWRfRW9sefkeYrD9BP9jhbSaoh7E0n
-----END CERTIFICATE-----

View File

@ -0,0 +1,51 @@
-----BEGIN RSA PRIVATE KEY-----
MIIJKgIBAAKCAgEA363DCLQblcgOjA3qZAJfxameJrRZFvs2xxGNX6IhpLv1uWSr
5V6t47lGIUORf/Jol/lj/Y8jN3BuW3eSnsAjeMTVC1t9kE3fmZ5Rvnyugkl+t1hV
2Vgxhuc5wrn3W2YTjW06miWkuSgyfFC1zxfcCa13Lj/WVfVh/VM17z/TgPCsH+Ub
AzheRVK7CLE5P4SdSVmmEeUB6CQaFuKxQ4tuEgR2YBsaI9LblgTsr28nIJLmJugx
Mcy7KVQmdVhMPb8oX4VgWxUDHUn2oCQakBOgOXio3gcVyUrcz1oA8S6QxOJO5s2R
0ArGZRSWBPN5c9rAY5+gE6CJwH5oTU8GgtykQn34F4EpXS6CR+tlFMVNPdYmocV7
ybn5zJ3b6k1DpUF2prEbycImPwsDmvGjSoaO6UfELZuGQt9dh8B/zgzbdWMM6MSy
aPSKV4VNyUeM6OI1KwJrTqGK8mJ+fOxgwY2yjsjPE3ZJQ3m2V38I8BdiudfFrFFO
Qc2en3NacI2B7VRiC0ldjQG8y6YfikcCeJCRXa7pKdNqRX8OkcfT83NXUn2HvdjG
pQyHI0c3VgV3cm5exULatz6liUjskBbTAzer/39j8xjNkTctNzel7X6eHdFLWgR1
qWjx9vAigYFXErzDO9aQ0MTLHGH81rIzpch8fO5rB5sCM9F2lw352+8CgKsCAwEA
AQKCAgEAsZ3glqO2l+zBqHNQYdQEywgSvrdNW1NmvxLwCTXMs2xSBsKrQTs6p+8y
gi2Od2Q9rBhsTyd/loFgEJ/VvNvkDv12E0u2XIWJ/gla7gFB7dGAnwS1Px6qTW6F
Tlyv0FMxSYeoFkm4EROba14H0QgoQUMOtZoZkC6Hfkq6NF6hi+0RMU6Tca4sJa45
OQDJ7edXoqxelC0eo4EvembOzk0EvafvfAdpbXL9zZXhgLmp/1LHEbQlhF8HbB0X
YO0ZtZp668cUqZ741yQphCbHNQtwmtJ2fcBwi2Q4DStyPhJ1APKYJuysUeCMhC2h
pxLTqazWQwW5bnx3hnSaTHFpQTcF8w7brT3YTxMAe6Eo2efFDILZYQlTTMz7zM7+
QUlg8utQNB+p5T1qaXk5hcyRVdfUrfx1+ionEL9M/hisNKrQlIsC7AzX+90y1Cng
idjwgOTcFRC7CutHFBj6+OpDAizm2eVSpklTDn16hMzwQe5QrMxV2y0SVrQ9+mUI
98VqvUZaE4bm6CMsR4xJpxTDAfN4uck5wNSZ++9vMMcZysfC+pAuD3hOzNCtPKrG
v/n5+nDC606oBJ3vY2XKDm1tVmxPiY/QXBvyNbiul8ZR75B1OdnOFpUTGg6rrwbs
fAHRrYTjsRlTcVbx4t+HJnJINFj8udJM6f3xk8vOUqBYgOB9TJkCggEBAPBbpyUJ
dSY+AOj8124CeEbchuo4EDdHaUaOcW//YHvHGe9o3AyV/AHGGop4w/0Js5X3LGDw
AjEsX2TiZi/m4X1H0wltCjlOAbLBEa6BpJ29EcC+S1qkJwTUGlQCahPXBqI3XUXj
7mXjcCZBIFKPWCjKZEs19gtQa3YAG2+eIU17QVTlQNzD5sIXbHIKMTr4Pn6btAvr
B2gqsKbXkn3ix/9pR+MKCIdOMOvjecIR+nMEwtMVRCFc76iI7QyEIAPfJzXygH43
nuZAFP1G+CxO2yblfOqnAm9szIeBxiDTqX8YWSt6Z9hQt+6TSCkiBmunkDdFtdaJ
mSIJMbPazpmZ8j8CggEBAO48O9C6ArAaIuyGM77YqiP/VCginOdsnr3J9LtGG2F7
Jz6lf+a/VEyiHmW5YIVTnYN2TkcSGpMUJGtTRtIcvH4mSvkhNeBllfrnQF+weU3x
kZxOffwa6pe4uuODuvohY+9MU66meSg5RVXumF71/NH6e17p1dA+Pfh8aeTANog1
9EKatQBs63C5ho4ACGBIwrK6QLbSZiEvd34X+Jrp5Y5arGnjNjVkuJDhfsPx8HMJ
8b4xCT5evqSCXvdNMO1qnnM8r0pd5hovFUk5MbUpdHFdcezpSL0dGz6nnT7UBTTJ
joK1Raf2XzCu7CpSZnxkmIDnMEDwVDdCtHlbiZZy/pUCggEBALLARr7ZmMEXDZA4
MXLD7XUtnjxj81NZDWcGmkBjmPqUqKoOvs+xX1hmXuiqRX9SjrcxulRhShAN4ufh
I4PuXbXRC5aP/DF/3O12flLcYXNZ3/EK1HmVaNtDbk0Z+o/Es09Cg2Bt0ab+jTI1
7vbXWgYD9rCkcdYaOcDo9X5+CGBaEM01LZbBLkUcLG9nOxOS+M8ptq3CXaDPVs7N
tUlftcMyJd8oYA1YTjOv2aZFvo95c/aNczyopCcfpcNQI4sdk0igj4TOkqLD95gh
BoHVJ1B3DP5ps/rv2+/OyG0zXHODxRT7lG0gIpoP+HN2tXWsiSlB86iYbkUMt2T9
jfZXsfsCggEBAIpcNSkePt1j8JCJyJe4YegSLCA7KgFGFlOHbTkumExfKAW8PLIY
wK7ZIOpXZXVJgJuPJBsmqoRtGFG0xdbVlat2NejGnvG6TgawM7TfWzQnbjfnZkf6
ofCH+xKTuQ34QoACRj+Ss57m1Bv6PEg6eSDCZtBS4jjVTUx5hU6zS3iETV45V5Ht
sDeBqGHkJvk0iM8gWOFVBLeVR8LVzS67VPT+OFAvA5ay7nZGYEcQxmMpjVq2Q/YT
NIl6pgjereHVID0xK2T3b+IZIjWqn/HlJ5mHedjsC7C5rM8QrcSFgpiLztaezNul
vNcbYFGcFaV9Dw0eN+ofKeoGNaadwSS9mJkCggEAZz41LQSJYxF8nMc1Cx+ROC59
7InZLZBpYFgvkJBMgpabRW3P33SjrF1vOOb8QKHEawmGVICg6y6fDWdUJkuL9PJK
KUhM6f6+RrOAmTLEX0nBc/Qu7vn5xWdfU4IaGYyon+J290GlzZv+C31wQyhAfMc4
LffXr9aXDNXF9C6RJiDP07pcgzu295B00KqiRaim8ZG1Ab+FOg+ZrFbvYxE1DdNC
UX5iVgVo1T8sOy/An1ACNy5xzCkiEUk3stCKMMCnUiw3Y0fHvxFc9se786JVwejY
Pecz4yaqRJDn97WrFvqI/Nwi1W/pOtaOJfsLnsO6S/uZTAW+vXwi9l82ETNjbw==
-----END RSA PRIVATE KEY-----

View File

@ -0,0 +1,18 @@
[req]
default_bits = 4096
prompt = no
default_md = sha256
req_extensions = v3_req
distinguished_name = dn
[ dn ]
C=US
ST=All
L=All
O=pgBackRest
OU=Unit Testing Domain
CN = *.test.pgbackrest.org
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment

View File

@ -0,0 +1,32 @@
-----BEGIN CERTIFICATE-----
MIIFdzCCA1+gAwIBAgIJAN+gSjwW7yR/MA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV
BAYTAlVTMQwwCgYDVQQIDANBbGwxDDAKBgNVBAcMA0FsbDETMBEGA1UECgwKcGdC
YWNrUmVzdDEcMBoGA1UEAwwTdGVzdC5wZ2JhY2tyZXN0Lm9yZzAgFw0xODExMjAx
MzU2NDJaGA8yMjkyMDkwMzEzNTY0MlowfDELMAkGA1UEBhMCVVMxDDAKBgNVBAgM
A0FsbDEMMAoGA1UEBwwDQWxsMRMwEQYDVQQKDApwZ0JhY2tSZXN0MRwwGgYDVQQL
DBNVbml0IFRlc3RpbmcgRG9tYWluMR4wHAYDVQQDDBUqLnRlc3QucGdiYWNrcmVz
dC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDDM1kNf9WFMDqU
AtcNngA4e/g5AfnBNmKlr3td1OsjZMh8wYR98ua/nDM3zmmS7kdcG4cYlRpQQ1e3
VKwbB18HH+BlkQDyg42qSvE6glOsAFYgCzmTpNNR35/djf2uWzJCPTvp/WzDozD2
qgKH4kpcMOrDyQbBAeJ9d20KvEv059Xh6r6Bgqup2XIUzTxZ8rF7QmzxsHlxngG3
8YLYmFDND1syNgmXFJcheK8/8UW6dVPmFnyCxRUAf7+ybzGVDix51buYgEqSNPe2
AvQW9yEHdfKhnpKvQkpVow5xCMixPM6p2BrCACs7njVnBRYd0kf4M4Ov+AFZdKef
OEcQPkMC9Ew907+3fnepL+KGlpxOpD3UHhQrErWlU0LzhyHeykIudCdyXuSftGFx
0JxvmDhl9qFGarv1BKgwO83j7sy3IREte1K21JaIHNBVWP+NwU0N4Z4OMqnpnnnG
iyi0xnfJVqOXghu5BLWl9MuOntZ0nnzLmFD7w795uNRgjE6jmRmFFlX+PGqhHsZr
0wZsBDsE9xO4i2l8aqJZx1hT5l3LIXC+lei/qo2gJi3nyePuz4UBt53sTNEdrZnd
FUaRyq/aJfkR13J0eaoqKn5BRRHhw8tRef6S84e0kQ6ABYNRGHQNV+GswPl1fV37
114FTBnz2Bi/GSQSs8vWjw49HHKK5wIDAQABoxowGDAJBgNVHRMEAjAAMAsGA1Ud
DwQEAwIF4DANBgkqhkiG9w0BAQsFAAOCAgEAsjmEXx1dc2bbQHUOZTqfTNZ38/ux
O4V8uXGcKER7bR7TKP6NYwYmgUqcwA50FJkBQ8wULF2C/tLsp1AyAu3wlhn+yVsP
zeZL+p/fOzXDhTyz0Ggx19tyol4o2q+bxyd+KS8rrcSvzC9Jz7Wjuhs9/M5r2gWr
WJydwYbGo4MbAcdPWWJdYRf93vlUqG3Qh3oBnwDntGr0xrBPRBbfcIg+f1c/fnAb
S94rkrmRCtCGqf09IKjVgnlNhXERM2YLoiLcMIwJCLPU8TWoar+paDBgevqIzMvD
k+WYc/NuHpwkDv2e7iVuWarB5r7BAB0olu4qOC8jyGeD8vrJgLah8qyW1slOAH9h
7h0vGQ6+Gjp14ZVWQUwjvnINyX2xUc3gkkQvaons+Ny7xtyu3tOy6v4Ukl/ryT87
IbgkoCj8T+9whp4PqHBDNUmEicJs18q/VRYa4yTE5hh2ecKaveb++YtdZxwJxZR4
Le1+GHj4wQJzQR+Hv42G7C444FIx0G266RIMRoNgbroRPN5mNwdiAg2oejB6qWlX
IOi4+eWbpQk2AM0tvB+eSY/JxHn+5XiVyXiN4hO7ndsAwT7Jj3VNKEjRZyZhTwM9
YO7FOaKbDLnn4IswCgw2iz916fghgBfKLLcjpe/Y9kJvY1g/Fd77zXMHMPs1Zbv3
4MleZ146f1S0En0=
-----END CERTIFICATE-----

View File

@ -0,0 +1,51 @@
-----BEGIN RSA PRIVATE KEY-----
MIIJKAIBAAKCAgEAwzNZDX/VhTA6lALXDZ4AOHv4OQH5wTZipa97XdTrI2TIfMGE
ffLmv5wzN85pku5HXBuHGJUaUENXt1SsGwdfBx/gZZEA8oONqkrxOoJTrABWIAs5
k6TTUd+f3Y39rlsyQj076f1sw6Mw9qoCh+JKXDDqw8kGwQHifXdtCrxL9OfV4eq+
gYKrqdlyFM08WfKxe0Js8bB5cZ4Bt/GC2JhQzQ9bMjYJlxSXIXivP/FFunVT5hZ8
gsUVAH+/sm8xlQ4sedW7mIBKkjT3tgL0FvchB3XyoZ6Sr0JKVaMOcQjIsTzOqdga
wgArO541ZwUWHdJH+DODr/gBWXSnnzhHED5DAvRMPdO/t353qS/ihpacTqQ91B4U
KxK1pVNC84ch3spCLnQncl7kn7RhcdCcb5g4ZfahRmq79QSoMDvN4+7MtyERLXtS
ttSWiBzQVVj/jcFNDeGeDjKp6Z55xosotMZ3yVajl4IbuQS1pfTLjp7WdJ58y5hQ
+8O/ebjUYIxOo5kZhRZV/jxqoR7Ga9MGbAQ7BPcTuItpfGqiWcdYU+ZdyyFwvpXo
v6qNoCYt58nj7s+FAbed7EzRHa2Z3RVGkcqv2iX5EddydHmqKip+QUUR4cPLUXn+
kvOHtJEOgAWDURh0DVfhrMD5dX1d+9deBUwZ89gYvxkkErPL1o8OPRxyiucCAwEA
AQKCAgA5JquIHElzuW8tLrewMPZ3kzRV3JI3U6kGQZ6pFlHSBwv8Gtyj055js2P7
jt+yOTmDajvfoqgVn+Hqt0u8jifwehDFK/NPDd1IYrDGJKpCzcZpk1/ELpoAeqzf
vVbs2Z6ZbjxAggZ6MSmAzr328vY6j8fsksr7b4XUnka6we6rQcWJY6VrXcrM6/FO
zdhBraDxKb2j9btY3J48MOXSbKYbo8dbqB6esVSeZCtLWWTE9t0dnK/PycwgXUbP
A2dM8N1svnsyZz1uGTv9elfk8W4mNQ5Y64ie75W8BQWRarT3z4niiHctHceKqQOR
qheTm6GetdZ0ivQ6MMFzCJMl2lTb4LKPAAP0lsTK+tjbw29D+LKcDY71SYY18gQW
AygQhlId5Ms7M9vgp6FPKF8fROvPGtOoMPLv+bnHHf3P8fVHT/n6pywtklC0heY6
2jkYatvihy5WU7OIvfKdQ7dZeD/Y+eYRsXpcTgzVe3DDDVgDB6Wjhk5b+q9KtHsN
XToXH8MtV4YLwCxcYI6TRXjqq6ma72AvTEpYomDo3WcvkoyOF431WGtwl/Gqu61F
KEQ1QMVwQAPlg9BGSkCAVWf9Ii4PK1V9p9RS50oj9xzKeDqW/2lVLneRElM+UXUV
+q/gw0Uo6zATr2fJa6J70MqjYpAvcmbSwbp3tmaN7l3MduQ54QKCAQEA/JEmuH9N
8M16ea/wt/ZbKOflaS8KJfVAmPGJT2JFRzPph7q52Sg2ekDBkKkL3dj/kjjXynk+
NGNWRSfgUwZjQ7Bz3NfTFAW38AmYCommwZPALFM6mXXtTfZeWkkpptHRWJr6uSoR
fQlWHqraz7WZrKB2O9o9lN8Lsp5oqYzJ3CvFnImfjn7mR0acG8QIlbbLv5UydAup
tGd50Je4JTv2BOxKDhF7k6u6luPb9x3Bofjqr5lPZGA8YAwK+8A0JQGkz70k3/2a
iEmlIYX35qWctYv/Yu9kMIkvGqpUt/+kwgb+HnH960l6olESZhs1j32xnl0uMQcB
/dKPEudUIIALYwKCAQEAxdqUpNhJLUQfPXv7sH+/nB8rD+X/dRww9YcnoFHGd93q
iO8mJlQgLLTZvyWBc+M3IKYVcTPrUUlFBSbeajvuSoyBCPZRHuM6ErJX51tYB7mN
R8W1vUEN9YgdIFJEGREPLvvPVEieSsQ589KzTPq/F4dU1AiQRhnVc7IgwsxAmrCg
3FJGy3wGqeJ9GoTT+W0iaoZHl7ECaXfUZ+OanE60jma3y1baKivGG9tn6erECFCS
jklh1b0c7uXJshiOgIxNcKRMNWOGKY7nvydVvH6IDrkmHlxNvhSNnkOffC93yGRA
XtVBOfhw22zfXaSGBXYucgEWXpI9QqvkozhSv2uTrQKCAQEAz1yhDNNAe5dImgYQ
vgke+SvDl6NOUrHUUn3kfW+yb244qv5svdUdPSxTf+C65G7YDgZrbUoz/zEb0HWX
4LKa5yVFSylLnOHBDevij6xKZB5ZpkrDDuHabqr69mehMdyMY5ICjenzJ9R1h4JB
Wk3AGRI5YJSjAMpLwV/7kFEOHp01hnsbrBOWHyji3I0Le1f0Wpw1Kz+0GnDme5NF
VhSvvYT+nCRQcIKLFH2JyI7+vmwuyvM1UrUMfNMGZYF9jnCWDxU85EZEDOdiE275
hL2uNwP1LxZbDNpk+SClo9fZPpAdLYPrtLTEYeXsFDb8t428OchJN2mIggvQ+fVB
hdl6/wKCAQABn8u8lrHzFy4SeSQVzNar122pEcBJG9QjD9r5a/JvJXk5ao0rn2Es
PMfU09/+LY1UTUi7xytVXX6djjYhNSC9p+2fPzZnRIJDiQdDtPJCDfnk7vCQ/ym4
LEfg7gv1ELjJL/QBwx7ZikbXg5FJPn23GbtOikt0591it8GhF8AoBO8tH9fI79m2
J0/TmeeLkqPHsBaCXkegygUKXUn1oofE637ywmHEGtvjeqedufml/9NUK7IL6SOF
qok/VwhEceJo3FBr18dQLAYnAZGonHlNdaOkeCmDN/P5qqByiok3Met9W87PRQTY
KEqlICahgNjcwrmGSTkLhRG5bUrwm1d5AoIBAAxE6SBTn9gmqJhJWRD+8eQGvnAu
CSgg/YTF3Hp2HTFCTa1tRa/b+ZXsj7hjhl6txB0FpulqXo+LSq2cKqzgKguz8XVQ
rdDLsFdMWZHoN3qLXR6gKGosV0QGCCbiBpSpcrgvtm5sV6MyyExtbVb8a86QC0Gd
HIDUfQfyaymM35OoVXRvZtnCb6MDwZryoK6F4HfB9Gme9CvdKvdzAOSjGhvnCKHU
O31qnBui9odatFyoFc1/9xDOe2vgPsPLd929xFCz9vA7j1tf7TzLmhY38ynhWaor
MyjIeM1oEZzhIdMSxt3kCp8vDykUP1caXc92g7jyyVwC1l03HzvXNHkTFSQ=
-----END RSA PRIVATE KEY-----

View File

@ -13,8 +13,8 @@
# - docker tag pgbackrest/test:{vm}-base pgbackrest/test:{vm}-base-YYYYMMDDA # - docker tag pgbackrest/test:{vm}-base pgbackrest/test:{vm}-base-YYYYMMDDA
# - docker push pgbackrest/test:{vm}-base-YYYYMMDDA # - docker push pgbackrest/test:{vm}-base-YYYYMMDDA
# ********************************************************************************************************************************** # **********************************************************************************************************************************
20181108A: 20181121A:
u18: 06d378758d6e2f797457578039201a27c9344979 u18: e62cd73d8e20f0bc25a1b3c4fd2bd3520ee196b3
co6: ea59b548f8590edf6873f6c1b32d6a232bf7e1ee co6: a7836f34b8053bc7656676c0b188b1893bc41186
co7: 7ce2337eeddd433b6ca9400a9c99ce444981c938 co7: 72b99963f7bdf7b1b9d617239149d9c583819887
u12: 60f8591b9dd33a25720d3eefe3e9f39bf2884bc4 u12: d36f0ea1ff557524bc80e02d2a25daf287ebce64

View File

@ -130,7 +130,7 @@ sub containerWrite
$strScript = $strScript =
"# ${strTitle} Container\n" . "# ${strTitle} Container\n" .
"FROM ${strImageParent}" . "FROM ${strImageParent}" .
(defined($strCopy) ? "\n\n${strCopy}\n\n" : '') . (defined($strCopy) ? "\n\n${strCopy}" : '') .
(defined($strScript) && $strScript ne ''? (defined($strScript) && $strScript ne ''?
"\n\nRUN echo '" . (CONTAINER_DEBUG ? 'DEBUG' : 'OPTIMIZED') . " BUILD'" . $strScript : ''); "\n\nRUN echo '" . (CONTAINER_DEBUG ? 'DEBUG' : 'OPTIMIZED') . " BUILD'" . $strScript : '');
@ -259,7 +259,9 @@ sub sshSetup
#################################################################################################################################### ####################################################################################################################################
sub certSetup sub certSetup
{ {
return my $strOS = shift;
my $strScript =
sectionHeader() . sectionHeader() .
"# Generate fake certs\n" . "# Generate fake certs\n" .
" mkdir -p -m 755 /etc/fake-cert && \\\n" . " mkdir -p -m 755 /etc/fake-cert && \\\n" .
@ -272,7 +274,34 @@ sub certSetup
" -subj \"/C=US/ST=Country/L=City/O=Organization/CN=*.pgbackrest.org\" && \\\n" . " -subj \"/C=US/ST=Country/L=City/O=Organization/CN=*.pgbackrest.org\" && \\\n" .
" openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 99999 \\\n" . " openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 99999 \\\n" .
" -sha256 && \\\n" . " -sha256 && \\\n" .
" chmod 644 /etc/fake-cert/*"; " chmod 644 /etc/fake-cert/* && \\\n";
my $rhVm = vmGet();
if ($rhVm->{$strOS}{&VM_OS_BASE} eq VM_OS_BASE_RHEL)
{
if ($strOS eq VM_CO6)
{
$strScript .=
" update-ca-trust enable && \\\n";
}
$strScript .=
" cp /etc/fake-cert/pgbackrest-test-ca.crt /etc/pki/ca-trust/source/anchors && \\\n" .
" update-ca-trust extract";
}
elsif ($rhVm->{$strOS}{&VM_OS_BASE} eq VM_OS_BASE_DEBIAN)
{
$strScript .=
" cp /etc/fake-cert/pgbackrest-test-ca.crt /usr/local/share/ca-certificates && \\\n" .
" update-ca-certificates";
}
else
{
confess &log(ERROR, "unable to install certificate for $rhVm->{$strOS}{&VM_OS_BASE}");
}
return $strScript;
} }
#################################################################################################################################### ####################################################################################################################################
@ -478,7 +507,18 @@ sub containerBuild
} }
#--------------------------------------------------------------------------------------------------------------------------- #---------------------------------------------------------------------------------------------------------------------------
$strScript .= certSetup(); my $strCertPath = 'test/certificate';
my $strCertName = 'pgbackrest-test';
$strCopy = '# Copy Test Certificates';
foreach my $strFile ('-ca.crt', '.crt', '.key')
{
$oStorageDocker->copy("${strCertPath}/${strCertName}${strFile}", "${strTempPath}/${strCertName}${strFile}");
$strCopy .= "\nCOPY ${strCertName}${strFile} " . CERT_FAKE_PATH . "/${strCertName}${strFile}";
}
$strScript .= certSetup($strOS);
#--------------------------------------------------------------------------------------------------------------------------- #---------------------------------------------------------------------------------------------------------------------------
if (!$bDeprecated) if (!$bDeprecated)
@ -629,7 +669,7 @@ sub containerBuild
$strScript .= entryPointSetup($strOS); $strScript .= entryPointSetup($strOS);
containerWrite($oStorageDocker, $strTempPath, $strOS, 'Build', $strImageParent, $strImage, $strCopy,$strScript, $bVmForce); containerWrite($oStorageDocker, $strTempPath, $strOS, 'Build', $strImageParent, $strImage, $strCopy, $strScript, $bVmForce);
# Copy Devel::Cover to host so it can be installed in other containers (if it doesn't already exist) # Copy Devel::Cover to host so it can be installed in other containers (if it doesn't already exist)
if ($bPkgDevelCoverBuild) if ($bPkgDevelCoverBuild)