generate and use temporary self-signed certs

Author: angelo-v

Makefile

@@ -8,7 +8,7 @@ build: ## build the docker image
 	docker build -t aveltens/solid-server ./src
 
 inspect: build ## run a shell in the docker image
-	docker run --rm -it aveltens/solid-server sh
+	docker run --rm -it --entrypoint sh aveltens/solid-server
 
 start: build ## start solid-server docker container
 	docker run --rm \

src/Dockerfile

@@ -1,17 +1,26 @@
 FROM node:10-alpine
 
+RUN apk add --no-cache openssl
+
 RUN npm install -g solid-server
 
+# image configuration
 ENV SOLID_HOME=/opt/solid
 ENV PROCESS_USER=node
+ENV TEMPORARY_CERT_NAME=solid-temporary
 
 WORKDIR ${SOLID_HOME}
-RUN chown ${PROCESS_USER}:${PROCESS_USER} ${SOLID_HOME}
+COPY ./entrypoint.sh ./entrypoint.sh
+COPY ./create-temporary-cert.sh ./create-temporary-cert.sh
+RUN chown --recursive ${PROCESS_USER}:${PROCESS_USER} ${SOLID_HOME}
 
 USER ${PROCESS_USER}
 
 # solid configuration
 ENV SOLID_ROOT=${SOLID_HOME}/data
+ENV SOLID_SSL_KEY=${SOLID_HOME}/${TEMPORARY_CERT_NAME}.key
+ENV SOLID_SSL_CERT=${SOLID_HOME}/${TEMPORARY_CERT_NAME}.crt
 ENV SOLID_PORT=8443
+ENTRYPOINT ["./entrypoint.sh"]
 
-CMD ["solid", "start"]
+CMD ["start"]

src/create-temporary-cert.sh

@@ -0,0 +1,17 @@
+#!/bin/sh
+set -e
+
+NAME=$1
+
+if [ -z $NAME ]; then
+	echo "Usage: ./create-temporary-cert.sh some-name"
+	exit 1
+fi
+
+openssl req -nodes -x509 -days 3 -newkey rsa:2048 \
+	-keyout ./$NAME.key \
+	-out ./$NAME.crt \
+	-subj "/O=$NAME/OU=$NAME/CN=$NAME"
+
+echo "Finished: SUCCESS"
+exit 0;

src/entrypoint.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+set -e
+
+./create-temporary-cert.sh ${TEMPORARY_CERT_NAME}
+
+solid "$@"

test/test_image_foundations.py

@@ -10,7 +10,8 @@ def container(client, image):
         name="test_container",
         detach=True,
         tty=True,
-        command="sh"
+        entrypoint="sh",
+        command="-"
     )
     yield container
     container.remove(force=True)
@@ -30,3 +31,21 @@ def test_node_command_is_available(host):
 
 def test_node_version_is_10(host):
     assert host.check_output("node --version").startswith('v10')
+
+def test_openssl_command_is_available(host):
+    assert host.exists("openssl")
+
+def test_entrypoint_exist(host):
+    entrypoint = host.file("/opt/solid/entrypoint.sh")
+    assert entrypoint.is_file
+    assert entrypoint.user == "node"
+    assert entrypoint.group == "node"
+
+def test_create_temporary_cert_exist(host):
+    create_temporary_cert = host.file("/opt/solid/create-temporary-cert.sh")
+    assert create_temporary_cert.is_file
+    assert create_temporary_cert.user == "node"
+    assert create_temporary_cert.group == "node"
+
+def test_solid_command_is_available(host):
+    assert host.exists("solid")

test/test_solid_default_config.py

@@ -38,5 +38,30 @@ def test_solid_config_dir_exists_and_owned_by_node(host):
     assert solid_config.user == "node"
     assert solid_config.group == "node"
 
+def test_temporary_tls_cert_exists(host):
+    cert = host.file("/opt/solid/solid-temporary.crt")
+    assert cert.exists
+    assert cert.is_file
+    assert cert.user == "node"
+    assert cert.group == "node"
+
+def test_temporary_tls_key_exists(host):
+    key = host.file("/opt/solid/solid-temporary.key")
+    assert key.exists
+    assert key.is_file
+    assert key.user == "node"
+    assert key.group == "node"
+
+def test_certificate_and_key_are_used(host):
+    env = host.check_output("env")
+    assert "SOLID_SSL_KEY=/opt/solid/solid-temporary.key" in env
+    assert "SOLID_SSL_CERT=/opt/solid/solid-temporary.crt" in env
+
+def test_solid_is_running(host):
+    solid = host.process.get(comm="node")
+    assert solid.args == "node /usr/local/bin/solid start"
+    assert solid.user == "node"
+    assert solid.group == "node"
+
 def test_solid_is_listening_on_port_8443(host):
     assert host.socket("tcp://0.0.0.0:8443").is_listening