646b892680
Some checks failed
Periodic Merges (6h) / master → staging-nixos (push) Failing after 12m50s
Periodic Merges (6h) / master → staging-next (push) Failing after 12m54s
Periodic Merges (24h) / merge-base(master,staging) → haskell-updates (push) Failing after 11m54s
Periodic Merges (6h) / staging-next → staging (push) Failing after 12m13s
Periodic Merges (24h) / staging-next-25.05 → staging-25.05 (push) Failing after 13m24s
Periodic Merges (24h) / release-25.05 → staging-next-25.05 (push) Failing after 14m28s
35 lines
888 B
Nix
35 lines
888 B
Nix
# Minica can provide a CA key and cert, plus a key
|
|
# and cert for our fake CA server's Web Front End (WFE).
|
|
{
|
|
pkgs ? import <nixpkgs> { },
|
|
minica ? pkgs.minica,
|
|
runCommandCC ? pkgs.runCommandCC,
|
|
}:
|
|
let
|
|
conf = import ./snakeoil-certs.nix;
|
|
domain = conf.domain;
|
|
domainSanitized = pkgs.lib.replaceStrings [ "*" ] [ "_" ] domain;
|
|
in
|
|
runCommandCC "generate-tests-certs"
|
|
{
|
|
buildInputs = [
|
|
(minica.overrideAttrs (old: {
|
|
postPatch = ''
|
|
sed -i 's_NotAfter: time.Now().AddDate(2, 0, 30),_NotAfter: time.Now().AddDate(20, 0, 0),_' main.go
|
|
'';
|
|
}))
|
|
];
|
|
|
|
}
|
|
''
|
|
minica \
|
|
--ca-key ca.key.pem \
|
|
--ca-cert ca.cert.pem \
|
|
--domains "${domain}"
|
|
|
|
mkdir -p $out
|
|
mv ca.*.pem $out/
|
|
mv ${domainSanitized}/key.pem $out/${domainSanitized}.key.pem
|
|
mv ${domainSanitized}/cert.pem $out/${domainSanitized}.cert.pem
|
|
''
|