From ae459f442bb33fc558face4dea723652f5dd23f4 Mon Sep 17 00:00:00 2001 From: Adam Shannon Date: Mon, 30 Sep 2024 11:47:05 -0500 Subject: [PATCH] build: capture certs on startup --- database/testdata/gencerts.sh | 11 ++++++----- database/testdata/owncerts.sh | 10 ++++++++++ docker-compose.yml | 1 + 3 files changed, 17 insertions(+), 5 deletions(-) create mode 100644 database/testdata/owncerts.sh diff --git a/database/testdata/gencerts.sh b/database/testdata/gencerts.sh index 78d6e62a..1e70921e 100755 --- a/database/testdata/gencerts.sh +++ b/database/testdata/gencerts.sh @@ -1,4 +1,6 @@ #!/bin/bash +set -e + # This script generates TLS certs for local development: # - Creates a self-signed root CA # - Generates server and client certs signed by the root CA @@ -6,6 +8,7 @@ # Note: These certs are for development/testing only, not for production use. mkdir -p testcerts cd testcerts + echo "STARTING Generating test certificates" openssl genrsa -out root.key 2048 openssl req -new -x509 -days 365 -key root.key -subj "/C=CN/ST=GD/L=SZ/O=Moov, Inc./CN=Moov Root CA" -out root.crt @@ -14,10 +17,8 @@ openssl x509 -req -extfile <(printf "subjectAltName=DNS:localhost,IP:127.0.0.1") openssl req -newkey rsa:2048 -nodes -keyout client.key -subj "/C=CN/ST=GD/L=SZ/O=Moov, Inc./CN=moov" -out client.csr openssl x509 -req -extfile <(printf "subjectAltName=DNS:localhost,IP:127.0.0.1") -days 365 -in client.csr -CA root.crt -CAkey root.key -CAcreateserial -out client.crt -# On Github Actions chmod to match the uid/gid of our container -if [[ "$GITHUB_ACTIONS" != "" ]]; -then - chown 999:999 *.crt *.key -fi +rm -f server.csr client.csr +chmod 600 *.key +chmod 644 *.crt echo "FINIHSED Generating test certificates" diff --git a/database/testdata/owncerts.sh b/database/testdata/owncerts.sh new file mode 100644 index 00000000..a0b79a22 --- /dev/null +++ b/database/testdata/owncerts.sh @@ -0,0 +1,10 @@ +#!/bin/bash +set -e + +chmod 600 /var/lib/postgresql/*.key +chmod 644 /var/lib/postgresql/*.crt + +chown postgres:postgres /var/lib/postgresql/*.key +chown postgres:postgres /var/lib/postgresql/*.crt + +ls -l /var/lib/postgresql/ diff --git a/docker-compose.yml b/docker-compose.yml index 2f9a993d..de76348f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -49,6 +49,7 @@ services: - ./testcerts/root.crt:/var/lib/postgresql/root.crt - ./testcerts/server.crt:/var/lib/postgresql/server.crt - ./testcerts/server.key:/var/lib/postgresql/server.key + - ./database/testdata/owncerts.sh:/docker-entrypoint-initdb.d/owncerts.sh networks: intranet: