test: make the DDI tests work with older openssl

Older openssl unfortunately insists on having a config file with certain
fields, so let's reuse the one we already create in previous tests.

Should address following error on C8S:

[  407.812039] testsuite-50.sh[654]: + openssl req -config /dev/null -subj=/CN=waldo -x509 -sha256 -nodes -days 365 -newkey rsa:4096 -keyout /tmp/test-50-privkey.key -out /tmp/test-50-cert.crt
[  407.849089] testsuite-50.sh[2325]: Generating a RSA private key
[  408.947853] testsuite-50.sh[2325]: ..................................++++
[  423.100903] testsuite-50.sh[2325]: ..........++++
[  423.111036] testsuite-50.sh[2325]: writing new private key to '/tmp/test-50-privkey.key'
[  423.115036] testsuite-50.sh[2325]: -----
[  423.117842] testsuite-50.sh[2325]: unable to find 'distinguished_name' in config
[  423.120863] testsuite-50.sh[2325]: problems making Certificate Request
[  423.123448] testsuite-50.sh[2325]: 140737354091984:error:0E06D06C:configuration file routines:NCONF_get_string:no value:crypto/conf/conf_lib.c:273:group=req name=distinguished_name

Follow-up to 99d9edf0bde.

diff --git a/test/units/testsuite-50.sh b/test/units/testsuite-50.sh
index 58be950d5f9b17e541760df022838107f1dedc8d..b7943397c4c07c4b1f3823a1a0b59893ed4437df 100755 (executable)
--- a/test/units/testsuite-50.sh
+++ b/test/units/testsuite-50.sh
@@ -160,9 +160,11 @@ if systemctl --version | grep -q -- +OPENSSL ; then
         echo "openssl missing" >/failed
         exit 1
     fi
+
     HAVE_OPENSSL=1
+    OPENSSL_CONFIG="$(mktemp)"
     # Unfortunately OpenSSL insists on reading some config file, hence provide one with mostly placeholder contents
-    cat >>"${image}.openssl.cnf" <<EOF
+    cat >"${OPENSSL_CONFIG:?}" <<EOF
 [ req ]
 prompt = no
 distinguished_name = req_distinguished_name
@@ -178,7 +180,7 @@ emailAddress = test@email.com
 EOF
 
     # Create key pair
-    openssl req -config "${image}.openssl.cnf" -new -x509 -newkey rsa:1024 -keyout "${image}.key" -out "${image}.crt" -days 365 -nodes
+    openssl req -config "$OPENSSL_CONFIG" -new -x509 -newkey rsa:1024 -keyout "${image}.key" -out "${image}.crt" -days 365 -nodes
     # Sign Verity root hash with it
     openssl smime -sign -nocerts -noattr -binary -in "${image}.roothash" -inkey "${image}.key" -signer "${image}.crt" -outform der -out "${image}.roothash.p7s"
     # Generate signature partition JSON data
@@ -628,7 +630,7 @@ systemctl status foo.service 2>&1 | grep -v -q -F "Warning"
 # Test systemd-repart --make-ddi=:
 if command -v mksquashfs >/dev/null 2>&1; then
 
-    openssl req -config /dev/null -subj="/CN=waldo" -x509 -sha256 -nodes -days 365 -newkey rsa:4096 -keyout /tmp/test-50-privkey.key -out /tmp/test-50-cert.crt
+    openssl req -config "$OPENSSL_CONFIG" -subj="/CN=waldo" -x509 -sha256 -nodes -days 365 -newkey rsa:4096 -keyout /tmp/test-50-privkey.key -out /tmp/test-50-cert.crt
 
     mkdir -p /tmp/test-50-confext/etc/extension-release.d/