Generate self-signed certificate when https is enabled
Currently the self-signed certificate used as the REST API/GUI server certificate for the first time HTTPS is enabled is generate at build time and embedded in the ISO. This will make it expire less than a year from the date the system is installed. This change removed the certificate generation at build time, instead generate it at the first time HTTPS is enabled. Closes-Bug: 1944438 Depends-On: https://review.opendev.org/c/starlingx/config/+/810263 Signed-off-by: Andy Ning <andy.ning@windriver.com> Change-Id: I7835534c11df3b03ea8e6f6ea7e88878386bcc12
This commit is contained in:
parent
ce04afb95e
commit
32b8dfda6f
@ -1,2 +1,2 @@
|
||||
COPY_LIST="$PKG_BASE/files/* $PKG_BASE/LICENSE $PKG_BASE/server-csr.conf"
|
||||
COPY_LIST="$PKG_BASE/files/* $PKG_BASE/LICENSE"
|
||||
TIS_PATCH_VER=PKG_GITREVCOUNT+8
|
||||
|
@ -6,10 +6,8 @@ License: Apache-2.0
|
||||
Group: base
|
||||
Packager: Wind River <info@windriver.com>
|
||||
URL: unknown
|
||||
BuildRequires: openssl
|
||||
|
||||
Source0: LICENSE
|
||||
Source1: server-csr.conf
|
||||
Source2: tpmdevice-setup
|
||||
|
||||
%description
|
||||
@ -20,13 +18,8 @@ rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
RPM_BUILD_DIR_PKG="%{name}-%{version}"
|
||||
mkdir -p $RPM_BUILD_DIR_PKG
|
||||
CSRCONF="$RPM_BUILD_DIR_PKG/server-csr.conf"
|
||||
PEMFILE="$RPM_BUILD_DIR_PKG/self-signed-server-cert.pem"
|
||||
cp %{SOURCE1} $CSRCONF
|
||||
# generate a self signed default certificate
|
||||
/usr/bin/openssl req -new -x509 -sha256 -keyout $PEMFILE -out $PEMFILE -days 365 -nodes -config $CSRCONF
|
||||
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/ssl/private
|
||||
install -m 400 $PEMFILE $RPM_BUILD_ROOT/%{_sysconfdir}/ssl/private/self-signed-server-cert.pem
|
||||
|
||||
mkdir -p $RPM_BUILD_ROOT/%{_sbindir}
|
||||
install -m 700 %{SOURCE2} $RPM_BUILD_ROOT/%{_sbindir}/tpmdevice-setup
|
||||
|
@ -1,8 +0,0 @@
|
||||
[ req ]
|
||||
default_bits = 1024
|
||||
distinguished_name = req_distinguished_name
|
||||
prompt = no
|
||||
|
||||
[ req_distinguished_name ]
|
||||
CN = StarlingX
|
||||
|
Loading…
Reference in New Issue
Block a user