diff options
author | Lucas Savva <lucas@m1cr0man.com> | 2020-10-22 14:06:19 +0100 |
---|---|---|
committer | Lucas Savva <lucas@m1cr0man.com> | 2020-10-22 14:06:19 +0100 |
commit | dad06fb922cbfcd00bae255d3fec9d70138e419b (patch) | |
tree | d312d96b5d7c738e43678a426b5f8322bae3bd0d /nixos/tests/common/acme/server/README.md | |
parent | 89d134b3fdcbc4412f5d7cc4e391747b3f578b32 (diff) |
nixos/tests/acme: Hard code test certificates
The added README.md explains why this has been done.
Diffstat (limited to 'nixos/tests/common/acme/server/README.md')
-rw-r--r-- | nixos/tests/common/acme/server/README.md | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/nixos/tests/common/acme/server/README.md b/nixos/tests/common/acme/server/README.md new file mode 100644 index 000000000000..9de2b2c71029 --- /dev/null +++ b/nixos/tests/common/acme/server/README.md @@ -0,0 +1,21 @@ +# Fake Certificate Authority for ACME testing + +This will set up a test node running [pebble](https://github.com/letsencrypt/pebble) +to serve ACME certificate requests. + +## "Snake oil" certs + +The snake oil certs are hard coded into the repo for reasons explained [here](https://github.com/NixOS/nixpkgs/pull/91121#discussion_r505410235). +The root of the issue is that Nix will hash the derivation based on the arguments +to mkDerivation, not the output. [Minica](https://github.com/jsha/minica) will +always generate a random certificate even if the arguments are unchanged. As a +result, it's possible to end up in a situation where the cached and local +generated certs mismatch and cause issues with testing. + +To generate new certificates, run the following commands: + +```bash +nix-build generate-certs.nix +cp result/* . +rm result +``` |