diff options
author | Mx Kookie <kookie@spacekookie.de> | 2020-12-09 18:55:19 +0000 |
---|---|---|
committer | Mx Kookie <kookie@spacekookie.de> | 2020-12-09 18:55:19 +0000 |
commit | 80d90d9b204f7c17912740f9f414fe5d59f293ba (patch) | |
tree | 5f2065a06e724270610760d59d01c6888b375a46 /infra/libkookie/nixpkgs/nixos/tests/common/acme/server/README.md | |
parent | 3a31a84c7d3e589035ad08499206aac44a81f424 (diff) | |
parent | 83cbad92d73216bb0d9187c56cce0b91f9121d5a (diff) |
Merge commit '83cbad92d73216bb0d9187c56cce0b91f9121d5a' into main
Diffstat (limited to 'infra/libkookie/nixpkgs/nixos/tests/common/acme/server/README.md')
-rw-r--r-- | infra/libkookie/nixpkgs/nixos/tests/common/acme/server/README.md | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/infra/libkookie/nixpkgs/nixos/tests/common/acme/server/README.md b/infra/libkookie/nixpkgs/nixos/tests/common/acme/server/README.md new file mode 100644 index 000000000000..9de2b2c71029 --- /dev/null +++ b/infra/libkookie/nixpkgs/nixos/tests/common/acme/server/README.md @@ -0,0 +1,21 @@ +# Fake Certificate Authority for ACME testing + +This will set up a test node running [pebble](https://github.com/letsencrypt/pebble) +to serve ACME certificate requests. + +## "Snake oil" certs + +The snake oil certs are hard coded into the repo for reasons explained [here](https://github.com/NixOS/nixpkgs/pull/91121#discussion_r505410235). +The root of the issue is that Nix will hash the derivation based on the arguments +to mkDerivation, not the output. [Minica](https://github.com/jsha/minica) will +always generate a random certificate even if the arguments are unchanged. As a +result, it's possible to end up in a situation where the cached and local +generated certs mismatch and cause issues with testing. + +To generate new certificates, run the following commands: + +```bash +nix-build generate-certs.nix +cp result/* . +rm result +``` |