diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 49ac7f5..6cd2c5a 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -39,7 +39,6 @@ jobs: fail-fast: false matrix: centos: - - stream8 - stream9 container: image: quay.io/centos/centos:${{ matrix.centos }} @@ -47,3 +46,17 @@ jobs: - uses: actions/checkout@v2 - name: Run tests run: ./test.sh + + almalinux: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + almalinux: + - 8 + container: + image: almalinux:${{ matrix.almalinux }} + steps: + - uses: actions/checkout@v2 + - name: Run tests + run: ./test.sh diff --git a/katello-certs-sign b/katello-certs-sign index 38d6962..e0a3198 100755 --- a/katello-certs-sign +++ b/katello-certs-sign @@ -149,7 +149,6 @@ emailAddress = optional [ usr_cert ] basicConstraints = CA:false extendedKeyUsage = serverAuth,clientAuth -nsCertType = server keyUsage = digitalSignature, keyEncipherment # PKIX recommendations harmless if included in all certificates. diff --git a/katello_certs_tools/sslToolConfig.py b/katello_certs_tools/sslToolConfig.py index bb34fd5..7a1f56a 100644 --- a/katello_certs_tools/sslToolConfig.py +++ b/katello_certs_tools/sslToolConfig.py @@ -369,29 +369,20 @@ def figureDEFS_distinguishing(options): basicConstraints = CA:true keyUsage = digitalSignature, keyEncipherment, keyCertSign, cRLSign extendedKeyUsage = serverAuth, clientAuth -nsCertType = server, sslCA -# PKIX recommendations harmless if included in all certificates. -nsComment = "Katello SSL Tool Generated Certificate" subjectKeyIdentifier = hash authorityKeyIdentifier = keyid, issuer:always [ req_server_x509_extensions ] basicConstraints = CA:false keyUsage = digitalSignature, keyEncipherment -extendedKeyUsage = serverAuth, clientAuth -nsCertType = server -# PKIX recommendations harmless if included in all certificates. -nsComment = "Katello SSL Tool Generated Certificate" +extendedKeyUsage = serverAuth subjectKeyIdentifier = hash authorityKeyIdentifier = keyid, issuer:always [ req_client_x509_extensions ] basicConstraints = CA:false keyUsage = digitalSignature, keyEncipherment -extendedKeyUsage = serverAuth, clientAuth -nsCertType = client -# PKIX recommendations harmless if included in all certificates. -nsComment = "Katello SSL Tool Generated Certificate" +extendedKeyUsage = clientAuth subjectKeyIdentifier = hash authorityKeyIdentifier = keyid, issuer:always #=========================================================================== @@ -416,10 +407,7 @@ def figureDEFS_distinguishing(options): [ req_server_x509_extensions ] basicConstraints = CA:false keyUsage = digitalSignature, keyEncipherment -extendedKeyUsage = serverAuth, clientAuth -nsCertType = %s -# PKIX recommendations harmless if included in all certificates. -nsComment = "Katello SSL Tool Generated Certificate, got it?" +extendedKeyUsage = serverAuth subjectKeyIdentifier = hash authorityKeyIdentifier = keyid, issuer:always @@ -717,7 +705,7 @@ def save(self, d, caYN=0, verbosity=0): ) else: openssl_cnf = CONF_TEMPLATE_SERVER \ - % (gen_req_distinguished_name(rdn), d['--purpose'], gen_req_alt_names(d, rdn['CN'])) + % (gen_req_distinguished_name(rdn), gen_req_alt_names(d, rdn['CN'])) try: rotated = rotateFile(filepath=self.filename, verbosity=verbosity) diff --git a/test.sh b/test.sh index 464b34b..0369396 100755 --- a/test.sh +++ b/test.sh @@ -8,7 +8,7 @@ PYTHON=python3 if [[ -f /etc/redhat-release ]]; then . /etc/os-release - if [[ $VERSION_ID == 8 ]] ; then + if [[ $VERSION_ID == "8.10" ]] ; then REPOS="--enablerepo=powertools" else REPOS=""