Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
There was a problem hiding this comment.
Pull request overview
This PR extends the container-based test environment for RDK-61060 by adding (1) optional PKCS#11 support to the native-platform mTLS certificate flow and (2) a new mock XPKI Certifier HTTPS service in the mock-xconf container, exposed via docker-compose.
Changes:
- Add
ENABLE_PKCS11plumbing and PKCS#11 setup steps to native-platform startup + certificate generation flow. - Add a new
xpki-certifier.jsservice to mock-xconf (port 50054) and generate a dedicated Test-RDK-xpki CA hierarchy for signing CSRs. - Update Dockerfiles/compose to include required scripts/deps and expose the new service port.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| native-platform/entrypoint.sh | Exports ENABLE_PKCS11 and documents PKCS#11-aware cert setup. |
| native-platform/certs.sh | Improves server CA import and adds PKCS#11 OpenSSL/token setup + reference P12 handling. |
| native-platform/Dockerfile | Pins rdk-cert-config and installs PKCS#11 dependencies + symlinks setup scripts. |
| mock-xconf/xpki-certifier.js | New HTTPS mock XPKI certifier service that signs CSRs using an XPKI ICA. |
| mock-xconf/entrypoint.sh | Starts the new XPKI certifier service. |
| mock-xconf/certs.sh | Generates a Test-RDK-xpki root/ICA for the XPKI certifier. |
| mock-xconf/Dockerfile | Copies the new service into the image and documents port 50054. |
| compose.yaml | Publishes port 50054 to the host for the new service. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 8 out of 8 changed files in this pull request and generated 7 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
|
b'## WARNING: A Blackduck scan failure has been waived A prior failure has been upvoted
|
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 8 out of 8 changed files in this pull request and generated 12 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 8 out of 8 changed files in this pull request and generated 10 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 8 out of 8 changed files in this pull request and generated 6 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 8 out of 8 changed files in this pull request and generated 7 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 8 out of 8 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 8 out of 8 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 8 out of 8 changed files in this pull request and generated 1 comment.
Comments suppressed due to low confidence (1)
mock-xconf/entrypoint.sh:66
- The entrypoint backgrounds multiple Node processes and then PID 1 becomes an infinite
while trueloop, but there’s notrapto forward SIGTERM/SIGINT and gracefully stop child processes (including xpki-certifier). This can cause slow/unclean container shutdowns and orphaned processes. Add a trap that kills/waits for background jobs before exiting.
## Keep the container running . Running an independent process will help in simulating scenarios of webservices going down and coming up
while true ; do echo "Mocked webservice heartbeat ..." && sleep 5 ; done
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 8 out of 8 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 8 out of 8 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Remove 30s wait loop for xPKI seed certificate - Seed cert check/copy moved to test execution (ci-run-pkcs11-tests.sh) - Faster container startup - no blocking on test-specific files
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 7 out of 7 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Remove unnecessary cert copying to /etc/xconf/xpki-certs/ - Use original cert paths from /etc/pki/Test-RDK-root/ directly - Change seed cert validity: 30 days → 1 day - Change operational cert validity: 90 days → 1 day (default fallback) - All tests complete within seconds, 1-day validity is sufficient
|
b'## WARNING: A Blackduck scan failure has been waived A prior failure has been upvoted
|
No description provided.