Add scripts for integration test setup and docs generation

* Add an OpenPGP test keypair. * Move script parts of documentation into script, so they can be used on a fresh Ubuntu 20.04 system for within a github action to setup a csaf_provider and upload documents to it for an integration test. * Use dineshsonachalam/markdown-autodocs in github action to automatically insert lines from the scripts into the docs. Co-authored-by: Bernhard Reiter <bernhard@intevation.de>
2025-12-22 18:15:42 +01:00 · 2022-04-08 10:04:34 +02:00 · 2022-04-08 10:04:34 +02:00 · 9bbe3e1eb8
commit 9bbe3e1eb8
parent f0359d982d
19 changed files with 637 additions and 69 deletions
--- a/docs/scripts/TLSConfigsForITest.sh
+++ b/docs/scripts/TLSConfigsForITest.sh
@ -0,0 +1,52 @@
+#!/usr/bin/env bash
+
+# This file is Free Software under the MIT License
+# without warranty, see README.md and LICENSES/MIT.txt for details.
+#
+# SPDX-License-Identifier: MIT
+#
+# SPDX-FileCopyrightText: 2022 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
+# Software-Engineering: 2022 Intevation GmbH <https://intevation.de>
+
+# This script generates webserver cert that is signed with the generated root CA.
+# It sets the right nginx configurations for serving TLS connections.
+# FOLDERNAME and ORGANAME variables must be set.
+# FOLDERNAME: Where to store the CAs and keys.
+# ORGANAME: The organization name used in the CA template.
+# Usage Example: env FOLDERNAME=devca1 ORGANAME="CSAF Tools Development (internal)" ./TLSConfigsForITest.sh
+
+set -e
+
+NGINX_CONFIG_PATH=/etc/nginx/sites-available/default
+
+cd ~/csaf_distribution/docs/scripts/
+## Create Root CA
+./createRootCAForITest.sh
+
+## Create webserver cert
+source ./createWebserverCertForITest.sh
+
+# Configure nginx
+echo '
+        listen 443 ssl default_server; # ipv4
+        listen [::]:443 ssl http2 default_server;  # ipv6
+
+        ssl_certificate  '${SSL_CERTIFICATE}' # e.g. ssl_certificate /etc/ssl/csaf/bundle.crt
+        ssl_certificate_key '${SSL_CERTIFICATE_KEY}' # e.g. ssl_certificate_key /etc/ssl/csaf/testserver-key.pem;
+
+        ssl_protocols TLSv1.2 TLSv1.3;
+' > TLSConfigs.txt
+
+# a second listener port for testing setup where someone wants to tunnel access
+# to an unpriviledged port and still have the same access url
+echo '
+        listen 8443 ssl default_server; # ipv4
+        listen [::]:8443 ssl http2 default_server;  # ipv6
+' > TLS8443Configs.txt
+
+cp $NGINX_CONFIG_PATH $NGINX_CONFIG_PATH.org
+sed -i "/^server {/r ${HOME}/${FOLDERNAME}/TLSConfigs.txt" $NGINX_CONFIG_PATH
+sed -i "/^server {/r ${HOME}/${FOLDERNAME}/TLS8443Configs.txt" $NGINX_CONFIG_PATH
+sed -i "/^\s*listen.*80/d" $NGINX_CONFIG_PATH # Remove configs for listinig on port 80
+systemctl reload nginx
+