Mercurial > libervia-backend

annotate docker/backend-dev-e2e/certificates/README @ 4212:5f2d496c633f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
core: get rid of `pickle`: Use of `pickle` to serialise data was a technical legacy that was causing trouble to store in database, to update (if a class was serialised, a change could break update), and to security (pickle can lead to code execution). This patch remove all use of Pickle in favour in JSON, notably: - for caching data, a Pydantic model is now used instead - for SQLAlchemy model, the LegacyPickle is replaced by JSON serialisation - in XEP-0373 a class `PublicKeyMetadata` was serialised. New method `from_dict` and `to_dict` method have been implemented to do serialisation. - new methods to (de)serialise data can now be specified with Identity data types. It is notably used to (de)serialise `path` of avatars. A migration script has been created to convert data (for upgrade or downgrade), with special care for XEP-0373 case. Depending of size of database, this migration script can be long to run. rel 443
author Goffi <goffi@goffi.org>
date Fri, 23 Feb 2024 13:31:04 +0100
parents 73e04040d577
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
3381
127dde80a0a5 docker: dockers images, first draft:
Goffi <goffi@goffi.org>
parents:
diff changeset
1 Those certificates are used to activate TLS for end-2-end testing (to be as
127dde80a0a5 docker: dockers images, first draft:
Goffi <goffi@goffi.org>
parents:
diff changeset
2 close as possible as production environment), they are used in other containers
127dde80a0a5 docker: dockers images, first draft:
Goffi <goffi@goffi.org>
parents:
diff changeset
3 needing TLS certificates (notably Prosody).
127dde80a0a5 docker: dockers images, first draft:
Goffi <goffi@goffi.org>
parents:
diff changeset
4
127dde80a0a5 docker: dockers images, first draft:
Goffi <goffi@goffi.org>
parents:
diff changeset
5 To generate them, minica has been used. Minica can be found at https://github.com/jsha/minica.
127dde80a0a5 docker: dockers images, first draft:
Goffi <goffi@goffi.org>
parents:
diff changeset
6
127dde80a0a5 docker: dockers images, first draft:
Goffi <goffi@goffi.org>
parents:
diff changeset
7 The following commands have been used:
127dde80a0a5 docker: dockers images, first draft:
Goffi <goffi@goffi.org>
parents:
diff changeset
8
3497
73e04040d577 docker: update following name changes:
Goffi <goffi@goffi.org>
parents: 3425
diff changeset
9 $ minica --domains "server1.test,*.server1.test,server2.test,server3.test,libervia-backend.test,libervia-web.test"
3425
829fee174606 docker (e2e): added `libervia` and `libervia.test` in certificates
Goffi <goffi@goffi.org>
parents: 3381
diff changeset
10 $ chmod 0644 minica.pem server1.test/cert.pem && chmod 0640 server1.test/key.pem
3381
127dde80a0a5 docker: dockers images, first draft:
Goffi <goffi@goffi.org>
parents:
diff changeset
11
127dde80a0a5 docker: dockers images, first draft:
Goffi <goffi@goffi.org>
parents:
diff changeset
12 Note that certificates are valid for 2 years and 30 days, so they must be renewed after this delay.