The Shaka Lab Cert Receiver package creates a service account to receive certificates generated by the Shaka Lab Cert Generator package. This simplifies the scenario that we are in with Shaka, where we need to generate TLS certificates for HTTPS-based testing, but they have to be generated in one place (Google Compute Engine) and consumed elsewhere (in our lab).
For more details, see the
shaka-lab-cert-generator
package.
This package is available for Linux only.
It is assumed that:
- You have installed
shaka-lab-cert-generator
elsewhere. - The device running
shaka-lab-cert-generator
has a way to SSH into the device runningshaka-lab-cert-reciever
. - The device running
shaka-lab-cert-receiver
will host the tests, e.g. withshaka-lab-github-runner
.
curl -L https://shaka-project.github.io/shaka-lab/public.key | \
sudo tee /etc/apt/trusted.gpg.d/shaka-lab.asc
echo deb https://shaka-project.github.io/shaka-lab/ stable main | \
sudo tee /etc/apt/sources.list.d/shaka-lab.list
sudo apt update
sudo apt -y install shaka-lab-cert-receiver
To allow the shaka-lab-cert-generator
package to automatically transfer the
certificates to this device, you must authorize it to do so. After
installation of both packages, as root, edit
/opt/shaka-lab/shaka-lab-cert-receiver/.ssh/authorized_keys
and paste the
contents of the other device's
/opt/shaka-lab/shaka-lab-cert-generator/cert-host-id.pub
.
sudo apt update && sudo apt -y upgrade
sudo apt remove -y shaka-lab-cert-receiver