From 0ab0817fae4bc96e12cc2ce0562131c966ff0481 Mon Sep 17 00:00:00 2001 From: Lukas Zapletal Date: Mon, 9 Dec 2024 12:00:32 +0100 Subject: [PATCH] blueprint: fix CA cert testing --- test/config-map.json | 2 +- test/scripts/base-host-check.sh | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/test/config-map.json b/test/config-map.json index e97d02ee45..a94641243e 100644 --- a/test/config-map.json +++ b/test/config-map.json @@ -8,7 +8,7 @@ "fedora*" ], "image-types": [ - "qcow2" + "ami" ] }, "./configs/all-with-fips.json": { diff --git a/test/scripts/base-host-check.sh b/test/scripts/base-host-check.sh index 0c3de336c3..b94257a91d 100755 --- a/test/scripts/base-host-check.sh +++ b/test/scripts/base-host-check.sh @@ -80,16 +80,17 @@ get_oscap_score() { } check_ca_cert() { - serial=$(jq -r '.blueprint.customizations.cacerts.pem_certs[0]' "${config}" | openssl x509 -noout -serial | cut -d= -f 2-) + serial=$(jq -r '.blueprint.customizations.cacerts.pem_certs[0]' "${config}" | openssl x509 -noout -serial | cut -d= -f 2- | tr '[:upper:]' '[:lower:]') + cn=$(jq -r '.blueprint.customizations.cacerts.pem_certs[0]' "${config}" | openssl x509 -noout -subject | sed 's/.*CN=//' | sed 's/ /_/g') - echo "📗 Checking CA cert anchor file" + echo "📗 Checking CA cert anchor file serial $serial" if ! [ -e "/etc/pki/ca-trust/source/anchors/${serial}.pem" ]; then echo "Anchor CA file does not exist" exit 1 fi echo "📗 Checking extracted CA cert file" - if ! [ -e "/etc/pki/ca-trust/source/extracted/pem/directory-hash/Test_CA_for_osbuild.pem.pem" ]; then + if ! [ -e "/etc/pki/ca-trust/source/extracted/pem/directory-hash/${cn}.pem" ]; then echo "Extracted CA file does not exist" exit 1 fi