mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-06-13 05:05:29 +03:00
ef176dcf7e
conversions were done using https://github.com/pennae/nix-doc-munge using (probably) rev f34e145 running nix-doc-munge nixos/**/*.nix nix-doc-munge --import nixos/**/*.nix the tool ensures that only changes that could affect the generated manual *but don't* are committed, other changes require manual review and are discarded. |
||
|---|---|---|
| .. | ||
| acme.test.cert.pem | ||
| acme.test.key.pem | ||
| ca.cert.pem | ||
| ca.key.pem | ||
| default.nix | ||
| generate-certs.nix | ||
| README.md | ||
| snakeoil-certs.nix | ||
Fake Certificate Authority for ACME testing
This will set up a test node running pebble to serve ACME certificate requests.
"Snake oil" certs
The snake oil certs are hard coded into the repo for reasons explained here. The root of the issue is that Nix will hash the derivation based on the arguments to mkDerivation, not the output. Minica will always generate a random certificate even if the arguments are unchanged. As a result, it's possible to end up in a situation where the cached and local generated certs mismatch and cause issues with testing.
To generate new certificates, run the following commands:
nix-build generate-certs.nix
cp result/* .
rm result