mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-08 05:26:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
cbc51a0929
flatcar-scripts/mod_for_test_scripts/710enableAuthTesting
Chris Masone 9953aa3faf [crosutils] Make auth-testing cert CN be *.google.com 
It seems that the intermittent failure we see on the login screen
is due to a sort of mixed-content error, where there's a failure
within the page to load some embedded resource due to a cert error.

Make the SSL cert we inject work for any google.com server to
work around this.

BUG=chromium-os:20323
TEST=login_CryptohomeMounted 50x, suite_Smoke

Change-Id: Ic8e5b9bec799cd19cccfeddd2990fe3a494d2184
Reviewed-on: http://gerrit.chromium.org/gerrit/8818
Reviewed-by: Chris Sosa <sosa@chromium.org>
Commit-Ready: Chris Masone <cmasone@chromium.org>
Tested-by: Chris Masone <cmasone@chromium.org>
2011-10-05 15:29:20 -07:00

66 lines
2.1 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
echo "Adding mock Google Accounts server certs."
case "${ARCH}" in
arm*)
QEMU="/tmp/qemu-arm"
cp "/usr/bin/qemu-arm" "${ROOT_FS_DIR}/${QEMU}"
;;
*86)
QEMU=""
;;
*)
error "Invalid ARCH: ${ARCH}"
exit 1
esac
CERT_NAME="mock_server"
FAKE_CA_DIR="/etc/fake_root_ca"
FAKE_NSSDB="${FAKE_CA_DIR}/nssdb"
TMP_KEY=$(mktemp -p /tmp "${CERT_NAME}.key.XXXXX")
TMP_CERT=$(mktemp -p /tmp "${CERT_NAME}.pem.XXXXX")
mv -f "${TMP_KEY}" "${ROOT_FS_DIR}/${TMP_KEY}"
mv -f "${TMP_CERT}" "${ROOT_FS_DIR}/${TMP_CERT}"
# We need access to /dev/random and /dev/self/fd (which is /proc/self/fd)
# within the chrooted image
sudo mount --bind /dev "${ROOT_FS_DIR}"/dev
sudo mount --bind /proc "${ROOT_FS_DIR}"/proc
# Generate testing root cert on the fly.
sudo chroot "${ROOT_FS_DIR}" ${QEMU} /usr/bin/openssl req -x509 -days 21 \
-subj "/CN=*.google.com" \
-newkey rsa:1024 -nodes -keyout "${TMP_KEY}" -out "${TMP_CERT}"
mkdir -m 0755 -p "${ROOT_FS_DIR}/${FAKE_NSSDB}"
# Both bash and nsscertutil must be run under qemu-arm
sudo chroot "${ROOT_FS_DIR}" ${QEMU} /bin/bash -c "${QEMU} \
/usr/local/bin/nsscertutil -d sql:${FAKE_NSSDB} -N -f <(echo '')"
cp "${ROOT_FS_DIR}/${TMP_KEY}" "${ROOT_FS_DIR}/${FAKE_CA_DIR}/${CERT_NAME}.key"
cp "${ROOT_FS_DIR}/${TMP_CERT}" "${ROOT_FS_DIR}/${FAKE_CA_DIR}/${CERT_NAME}.pem"
echo "DO NOT MOVE THIS DATA OFF OF THE ROOTFS!" > "${ROOT_FS_DIR}/${FAKE_CA_DIR}/README"
sudo chroot "${ROOT_FS_DIR}" ${QEMU} \
/usr/local/bin/nsscertutil -d sql:"${FAKE_NSSDB}" -A \
-n FakeCert -t "C,," -a -i "${FAKE_CA_DIR}/${CERT_NAME}.pem"
chmod 0644 "${ROOT_FS_DIR}/${FAKE_NSSDB}"/*
CERT_FILE="${ROOT_FS_DIR}/etc/login_trust_root.pem"
mv -f "${ROOT_FS_DIR}/${TMP_CERT}" "${CERT_FILE}"
chmod 0644 "${CERT_FILE}"
if [ -n "${QEMU}" ] ; then
rm "${ROOT_FS_DIR}/${QEMU}"
fi
rm -f "${ROOT_FS_DIR}/${TMP_KEY}"
rm -f "${ROOT_FS_DIR}/${TMP_CERT}"
sudo umount "${ROOT_FS_DIR}"/dev
sudo umount "${ROOT_FS_DIR}"/proc
Reference in New Issue View Git Blame Copy Permalink