nixos/taskserver: Fix manual PKI management

The helper tool had a very early check whether the automatically created CA key/cert are available and thus it would abort if the key was unavailable even though we don't need or even want to have the CA key. Unfortunately our NixOS test didn't catch this, because it was just switching from a configuration with an automatically created CA to a manual configuration without deleting the generated keys and certs. This is done now in the tests and it's also fixed in the helper tool. Reported-by: @jpotier Signed-off-by: aszlig <aszlig@redmoonstudios.org>
author: aszlig <aszlig@redmoonstudios.org> 2017-07-16 18:57:38 +0200
committer: aszlig <aszlig@redmoonstudios.org> 2017-07-16 20:38:15 +0200
commit: b6188438607bbb817d17db31b061870379a8faf6 (patch)
tree: 431951225bacad7092fa8ef5165e75756c57ab65 /nixos/tests/taskserver.nix
parent: 5d29744f4dc2c8d62fc5a99f896aa96ea440874d (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/nixos/tests/taskserver.nix b/nixos/tests/taskserver.nix
index cdccb11d88878..75be97a507d01 100644
--- a/nixos/tests/taskserver.nix
+++ b/nixos/tests/taskserver.nix
@@ -246,6 +246,10 @@ in {
     };
 
     subtest "check manual configuration", sub {
+      # Remove the keys from automatic CA creation, to make sure the new
+      # generation doesn't use keys from before.
+      $server->succeed('rm -rf ${cfg.dataDir}/keys/* >&2');
+
       $server->succeed('${switchToNewServer} >&2');
       $server->waitForUnit("taskserver.service");
       $server->waitForOpenPort(${portStr});
author	aszlig <aszlig@redmoonstudios.org>	2017-07-16 18:57:38 +0200
committer	aszlig <aszlig@redmoonstudios.org>	2017-07-16 20:38:15 +0200
commit	b6188438607bbb817d17db31b061870379a8faf6 (patch)
tree	431951225bacad7092fa8ef5165e75756c57ab65 /nixos/tests/taskserver.nix
parent	5d29744f4dc2c8d62fc5a99f896aa96ea440874d (diff)