Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add https support to apache2 on ICF-CI #22

Draft
wants to merge 17 commits into
base: main
Choose a base branch
from
Draft

Add https support to apache2 on ICF-CI #22

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
b566167
add https support to apache2 on ICF-CI
christian-monch May 30, 2023
a5b38c3
make ssl-activation script executable
christian-monch May 30, 2023
59996b4
add sudo to a2enmod execution
christian-monch May 30, 2023
2124687
add self signed certificate to trusted certs
christian-monch May 30, 2023
c79f04e
add pre-install login option
christian-monch May 30, 2023
a0fe781
put self signed certs into /usr/local/share
christian-monch May 31, 2023
d1c50ce
add a private CA, used to sign ssl-certs
christian-monch May 31, 2023
78b1604
update server keys
christian-monch May 31, 2023
62bcbfd
adapt the data_webserver fixture to "https"
christian-monch May 31, 2023
97ffe0e
add our private CA cert to certifi
christian-monch May 31, 2023
134172f
adapt to singularity
christian-monch May 31, 2023
5fe5d3b
rename root CA file, use this branch in container
christian-monch May 31, 2023
2732615
fix a faulty repository and branch in git clone -b
christian-monch May 31, 2023
55d693b
re-enable get-test
christian-monch May 31, 2023
dd5775b
perform get on study, visit and not on tar
christian-monch May 31, 2023
ff65671
Merge branch 'main' into enh-ci-https
christian-monch May 31, 2023
fe31335
improve comment
christian-monch May 31, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 3 additions & 7 deletions .appveyor.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,10 @@ artifacts:
install:
- curl -sflL 'https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-ssh.sh' | bash -e -;
# Bootstrap ICF-like system installation
- sudo hostname data.inm-icf.de
- sudo .appveyor/install_apt_pkgs
- .appveyor/apache_enable_ssl
- .appveyor/apache_enable_user_dir
# build the singularity image, unless we got it from the cache
- sh: "[ ! -f icf.sif ] && singularity build --fakeroot icf.sif singularity/icf.def || true"
# install image as `icf-utils` (mounting the ICF /data store on-run)
Expand Down Expand Up @@ -124,7 +127,6 @@ build_script:
- git config --global user.email "test@appveyor.land"
- git config --global user.name "Appveyor Almighty"


before_test:
# simple call to see if datalad and git-annex are installed properly
- icf-utils datalad wtf
Expand All @@ -139,12 +141,6 @@ test_script:
curl -sflL 'https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-ssh.sh' | bash -e -;
fi
- icf-utils python3 -m pytest -s -v ../tests
- sh:
if [ X"$ACTIVATE_SSH_LOGIN" == "Xpost-tests" ]; then
curl -sflL 'https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-ssh.sh' | bash -e -;
touch $HOME/build.lock;
while [ -e $HOME/build.lock ]; do sleep 5; done;
fi;


on_finish:
Expand Down
17 changes: 17 additions & 0 deletions .appveyor/apache_enable_ssl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
#!/bin/bash

set -e -u

sudo cp .appveyor/data/ssl-cert-snakeoil.crt /etc/ssl/certs/ssl-cert-snakeoil.pem
sudo cp .appveyor/data/ssl-cert-snakeoil.key /etc/ssl/private/ssl-cert-snakeoil.key
sudo cp .appveyor/data/INM-ICF-TestCA.crt /usr/local/share/ca-certificates/

sudo /sbin/dpkg-reconfigure ca-certificates

sudo a2enmod ssl
sudo systemctl restart apache2

sudo a2ensite default-ssl
sudo systemctl reload apache2

echo "ServerName data.inm-icf.de" | sudo tee -a /etc/apache2/httpd.conf
9 changes: 2 additions & 7 deletions .appveyor/apache_enable_user_dir
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,6 @@

set -e -u

pushd /etc/apache2/mods-enabled
sudo a2enmod userdir
sudo systemctl restart apache2

sudo ln -s ../mods-available/userdir.load
sudo ln -s ../mods-available/userdir.conf

popd

sudo apachectl restart
26 changes: 26 additions & 0 deletions .appveyor/data/INM-ICF-TestCA.crt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
-----BEGIN CERTIFICATE-----
MIIETzCCAzegAwIBAgIUfWwiVV14nSabbj0QEJZYVBgXTfEwDQYJKoZIhvcNAQEL
BQAwgbYxCzAJBgNVBAYTAkRFMQwwCgYDVQQIDANOUlcxEDAOBgNVBAcMB0NvbG9n
bmUxIjAgBgNVBAoMGUNocmlzdGlhbiBNb2VuY2ggU29mdHdhcmUxFDASBgNVBAsM
C0RldmVsb3BtZW50MSUwIwYDVQQDDBxDaHJpc3RpYW4gTW9lbmNoIERldmVsb3Bt
ZW50MSYwJAYJKoZIhvcNAQkBFhdjaHJpc3RpYW4ubW9lbmNoQHdlYi5kZTAeFw0y
MzA1MzEwNjMyMzlaFw0yNDA1MzAwNjMyMzlaMIG2MQswCQYDVQQGEwJERTEMMAoG
A1UECAwDTlJXMRAwDgYDVQQHDAdDb2xvZ25lMSIwIAYDVQQKDBlDaHJpc3RpYW4g
TW9lbmNoIFNvZnR3YXJlMRQwEgYDVQQLDAtEZXZlbG9wbWVudDElMCMGA1UEAwwc
Q2hyaXN0aWFuIE1vZW5jaCBEZXZlbG9wbWVudDEmMCQGCSqGSIb3DQEJARYXY2hy
aXN0aWFuLm1vZW5jaEB3ZWIuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCmeRbS/hi0qlsnbegcdwJlmH/fowvdFncjSxg1Va1hIu6CinrxoYHdUW4T
dElUVOLom0gGy4jgoTNwYn/CqtLpEO/goVPNO7RVU5ALJ1YEq4D9J0w/99s+4x8y
ik0bbvOAT7Dk9pIzN2xp/2HAjy+m4esF+pWY9G1fxKyXMLPZwh51AFmP/+s0JVRI
0qSAPa5QD3Z+1LGc8AlQHo/NUXP+u3LKcqqZ+G7S86cXFpaDCm2Ug19V8VsDZqpd
lNTiGw9STxe8jQ4rOO1+AmqucjIvxhpdhgIxNkMq84e4kHk4pwI2NgYCG30OTQ6L
Ygjg28g1WZ8StLEpAkwzEfvyovIlAgMBAAGjUzBRMB0GA1UdDgQWBBRnWujBTlSd
fg5Omr684f56dS7gpzAfBgNVHSMEGDAWgBRnWujBTlSdfg5Omr684f56dS7gpzAP
BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBPdVr0mA+55Z9VS+ki
uDGx5a5l9nMhWlFIePxhil8Vvkv7feIDrl6xBUVrAIljdoj0+NdzSqg1n+edG/YA
jyXd+VECoN8+uhdnZNfYI2Hc6rKQsi78Gc8vqHyJQ+3TVMx5ZhIBJG0+tpsoTMRf
6FG1nD1g56hzS2SW2vMnEUGmIXv8j/jW7nrLKpPWoih5fIatBQh48R0ZW5OXIg9N
M3dHyXU2uXE1J7wQXmF6wd2lhxdcRzRdLKA/U+Vc3W69G6CxQlpulCI25D0pjs1J
fiXcgxFyTh48SyL4CaPvXV/hkgnu3OM8U8dAIM/8fA9FLT1DHz/KhhtQRPvEKnWr
wFUZ
-----END CERTIFICATE-----
26 changes: 26 additions & 0 deletions .appveyor/data/ssl-cert-snakeoil.crt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
-----BEGIN CERTIFICATE-----
MIIEYDCCA0igAwIBAgIUYIUlxtOdFy8jNrjeZxYjJjj+swEwDQYJKoZIhvcNAQEL
BQAwgbYxCzAJBgNVBAYTAkRFMQwwCgYDVQQIDANOUlcxEDAOBgNVBAcMB0NvbG9n
bmUxIjAgBgNVBAoMGUNocmlzdGlhbiBNb2VuY2ggU29mdHdhcmUxFDASBgNVBAsM
C0RldmVsb3BtZW50MSUwIwYDVQQDDBxDaHJpc3RpYW4gTW9lbmNoIERldmVsb3Bt
ZW50MSYwJAYJKoZIhvcNAQkBFhdjaHJpc3RpYW4ubW9lbmNoQHdlYi5kZTAeFw0y
MzA1MzExMDUxNDZaFw0zMzA1MjgxMDUxNDZaMIGNMQswCQYDVQQGEwJERTEeMBwG
A1UECAwVTm9ydGggUmhpbmUgV2VzdGZhbGlhMRAwDgYDVQQHDAdKdWVsaWNoMSAw
HgYDVQQKDBdSZXNlYXJjaCBDZW50ZXIgSnVlbGljaDEQMA4GA1UECwwHSU5NLUlD
RjEYMBYGA1UEAwwPZGF0YS5pbm0taWNmLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAyU/rVULEz05xVwQfnpK33OX17ponuMWhKYldsenSkKb3gBjp
L0h8yQBKgqjepO8qcLi2rOa9PIpDu67NsSuT4YWLobVi3l5z+2UU3g8c4SYxLvKU
9DTidFBBYVd/GfXZq9plsxMTfAfAXqt++w64/P8/ofILQa56KEjt0Nrn09AwaSBW
f74XOaHMLdXxFyV2YcpDv3sq7/dIn+DOaaY7b5CNuG63U6eRJglSmgsj4J23dyGh
rzjjLym3wULV8CRZDV400/uZ5+BN0VNEWK8eHO12VASviS+ZLrS1ULwXeJEvNEMt
FN1klL9b2YLag6WbP6CFx8ziq5ojWfJB13oWmQIDAQABo4GMMIGJMAsGA1UdDwQE
AwIEMDATBgNVHSUEDDAKBggrBgEFBQcDATAlBgNVHREEHjAcgg9kYXRhLmlubS1p
Y2YuZGWCCWxvY2FsaG9zdDAdBgNVHQ4EFgQUiBt9XUKo2wqJBEq7kba8QfTTnrcw
HwYDVR0jBBgwFoAUZ1rowU5UnX4OTpq+vOH+enUu4KcwDQYJKoZIhvcNAQELBQAD
ggEBABNImL63Hexh9PHUeLCDGMsmswame1ejVy0OXcAtoKfLPHgxaSvvVf2FOHfn
pRsnkhmI1QPf2KWdDY50IMR66rTty+9ovrBR1HAg+r2aoHNAYuiL2gENQnWZ4Rzt
Kl1E/M1WxD5QRxJoly0zhymxEis8aNs7xBLIXTfV30BhuE5uvgnY369eApNlguZE
UqLZPiN36KHl+agvOEXlKd/ZfQqcUzO2P2/rgHuSNFe2IRvolz1fkXJ57sbEU9X/
nm8p7TAff3He1w0K0EzMhpxpyiwTeDvDq4+I+vvR7HJwpQ0doNkQDLxK+ClK25jA
TEwqIKrzt44ueFqeqvLl1OyCi7M=
-----END CERTIFICATE-----
28 changes: 28 additions & 0 deletions .appveyor/data/ssl-cert-snakeoil.key
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDJT+tVQsTPTnFX
BB+ekrfc5fXumie4xaEpiV2x6dKQpveAGOkvSHzJAEqCqN6k7ypwuLas5r08ikO7
rs2xK5PhhYuhtWLeXnP7ZRTeDxzhJjEu8pT0NOJ0UEFhV38Z9dmr2mWzExN8B8Be
q377Drj8/z+h8gtBrnooSO3Q2ufT0DBpIFZ/vhc5ocwt1fEXJXZhykO/eyrv90if
4M5ppjtvkI24brdTp5EmCVKaCyPgnbd3IaGvOOMvKbfBQtXwJFkNXjTT+5nn4E3R
U0RYrx4c7XZUBK+JL5kutLVQvBd4kS80Qy0U3WSUv1vZgtqDpZs/oIXHzOKrmiNZ
8kHXehaZAgMBAAECggEAFWpt+LqjBQI9arI+ul/1lRd2IZlO5ThKACkTuXnsS3Tl
ssADq4LounnQU2TLVay3PTlbPprH0h1L3hcXHPRLtbO/IldxYoJWEI4E6ageLIID
fLD0AWQwXIsOn4A/Plfh/Ycc509d1OWetHuGRUdATPLK9kuRYL4C0w8KFJw7ChRk
3FtfZiQs2JYRR1qVSFIiJpMQ1QtvxRIKv9y7868DGgIKABWzgmFH+JI/JH9MI0sl
u3xHk34LRZ0dXttKpVn3Xivftj+F5HqzRIM6IKBZgVvgutIQyDudhQg9LDXWAX6x
Qa3I0ie8t0in2/qNgV3R4DoI/rMR1U86Jlvk81DMYQKBgQDQInH+n0hQGwkWk4Zo
d9M9LveN9+porOa3nHIkzSAW5N40saE1TTs2czBUZG5QRFdV9M2lEStxZk0HRtyK
eGi8JszVD6N+IjaYAZr2QyaNoMTXHq51bKRY7uC9sO05Gwvpib+mxXmNF1vIRXiJ
z+2yeVE2wYLc/hJH73jdu5q2OQKBgQD3m9Gy5eMdEtcnqfea6XNfXWZjUrTpLw4h
mjgjGoykBSUHqqUA4auyBGNKrUgqhCwW07hEwpoRgZzzTsRU+1o55Y3Ge9kE3S6/
aQIN814HooxNK8BjDSYRM8wxlkUfjo5a/aFV+yLfTjpp8qQH07iGTBpqg4yGCueg
UEc2YHtjYQKBgQCJ3BbnkXdjX9TwOD0R2zR21TIxveFs/gE/4wcT6y5zG5s3CeT+
mi47TabYb0FGN04l6CWCTVIaJamlxUD1EvZEkeqgwWAIfv7sRjvvG+Fgc/mNh4wE
yTY+ldMUsike5xRH1u6ztx9g3fT0PVeu6KPH0GWDwD8+w6c2MJ89NzMtuQKBgQC/
+bOwPMTFueHPAtzS4sVs3wGPaISTdsRCEUwNC3yXftWjCA8+i7mPIA/LymX1cNyu
JiDsTuUdRZzml99o9CiUUwKFLWipeMPR7ByHrHTu/nxBKPbU1VD6bWqX16ZoPSLq
MVNxUnFLKV/o3ROIbgLXPRIOG0hMdQ/5H8TWyB9igQKBgQDLH8j/D2MJMykI9Blg
7fZfwWSLSsssUI2kyd9t2kgBNrGvzkQnDGeYLOOTiZji+R4DeXLqPWx2G9Shncn1
7jd5EBgwZIOwCmH3icUkiJILjeqHhINtpWkga6U4AlUZ2yzc6JNDjgW7MajDNHb+
YUE3ua78lQKCXPSTFdYymtWpuA==
-----END PRIVATE KEY-----
1 change: 1 addition & 0 deletions .appveyor/install_apt_pkgs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ set -e -u

apt-get update -qq
eatmydata apt-get -y install apache2
eatmydata apt-get install ca-certificates
# deploy singularity v2, matching the ICF deployment
# only download when not already cached
[ ! -f singularity-container_3.8.7_amd64.deb ] && wget https://github.com/apptainer/singularity/releases/download/v3.8.7/singularity-container_3.8.7_amd64.deb || true
Expand Down
7 changes: 6 additions & 1 deletion singularity/icf.def
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,14 @@ From: debian:bookworm-slim
# into the final image, move
mv $(cut -d = -f 2 < /tmp/dlinstaller_env.sh | cut -d : -f 1) /git-annex
# the inm-icf-utilities
git clone https://github.com/psychoinformatics-de/inm-icf-utilities.git /inm-icf-utils
# TODO: replace the git clone command below with:
# TODO: "git clone https://github.com/psychoinformatics-de/inm-icf-utilities.git /inm-icf-utils"
# TODO: once the certificates are merged into main
git clone -b enh-ci-https https://github.com/christian-monch/inm-icf-utilities.git /inm-icf-utils
# and the inm-icf-utilities dependencies
python3 -m pip install --break-system-packages -r /inm-icf-utils/requirements-devel.txt
# add the test CA to certifi to allow 'requests' to work with the ssl-server
cat /inm-icf-utils/.appveyor/data/INM-ICF-TestCA.crt >> $(python3 -c "import certifi; print(certifi.where())")
# enable "next" extension for patching datalad core, done inside the image, not
# for a particular user
git config --system datalad.extensions.load next
Expand Down
2 changes: 1 addition & 1 deletion tests/fixtures.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ def test_studies_dir():
def data_webserver(test_studies_dir, dataaccess_credential):
"""Yields a URL to a webserver providing data access"""
if os.environ.get('APPVEYOR', None) == 'true':
yield 'http://data.inm-icf.de/~appveyor'
yield 'https://data.inm-icf.de/~appveyor'
else:
server = HTTPPath(
test_studies_dir,
Expand Down