Copy certs to /tmp to ensure they are readable

may as well enable security on Travis CI

2.0.7 support

Author: Luke Bakken

.travis.yml

@@ -6,7 +6,8 @@ env:
   - RIAK_DOWNLOAD_URL=http://s3.amazonaws.com/downloads.basho.com/riak/2.1/2.1.4/ubuntu/trusty/riak_2.1.4-1_amd64.deb
 script:
   - sudo ./travis-ci/riak-install -d "$RIAK_DOWNLOAD_URL"
-  - sudo ./setup-riak
+  - sudo ./setup-riak -s
+  - sudo riak-admin security disable
   - curl -4vvv localhost:8098/stats
 notifications:
   slack:

lib/common.bash

@@ -3,9 +3,19 @@ set -o nounset
 
 declare -r debug='false'
 
+function make_temp_dir
+{
+    local template="${1:-tmp-$$}"
+    if [[ $template != *XXXXXX ]]
+    then
+        template="$template.XXXXXX"
+    fi
+    mktemp -d -t "$template"
+}
+
 function make_temp_file
 {
-    local template="$1"
+    local template="${1:-tmp-$$}"
     if [[ $template != *XXXXXX ]]
     then
         template="$template.XXXXXX"

lib/riak_cluster_config.bash

@@ -55,6 +55,9 @@ function riak_cluster_config
 
     if [[ $use_security == 'true' ]]
     then
+        # NB: don't exit on error due to 2.0.7
+        # TODO: set -o errexit when all Riak versions >= 2.1.4
+        set +o errexit
         $riak_admin security enable
         $riak_admin security add-group test
 
@@ -78,7 +81,6 @@ function riak_cluster_config
         $riak_admin security grant riak_core.get_bucket,riak_core.set_bucket,riak_core.get_bucket_type,riak_core.set_bucket_type on any to all
         $riak_admin security grant search.admin,search.query on any to all
 
-        set +o errexit
         $riak_admin security grant riak_ts.get on any to all
         $riak_admin security grant riak_ts.put on any to all
         $riak_admin security grant riak_ts.delete on any to all

setup-riak

@@ -160,7 +160,6 @@ function setup_cluster
         local -i https_port=0
     fi
 
-
     local adv_conf=''
     local riak_conf=''
     local riak_conf_orig=''
@@ -465,14 +464,29 @@ then
         security_cacert_file="$ca_path/certs/cacert.pem"
         security_cert_file="$ca_path/certs/riak-test-cert.pem"
         security_key_file="$ca_path/private/riak-test-key.pem"
+
         for file in $security_cacert_file $security_cert_file $security_key_file
         do
             if [[ ! -f $file  ]]
             then
                 errexit "missing security file: $file"
             fi
         done
-        pinfo "Using certificates in $ca_path"
+
+        declare -r tmp_ca_path="$(make_temp_dir)"
+
+        cp -f "$security_cacert_file" "$tmp_ca_path"
+        security_cacert_file="$tmp_ca_path/cacert.pem"
+
+        cp -f "$security_cert_file" "$tmp_ca_path"
+        security_cert_file="$tmp_ca_path/riak-test-cert.pem"
+
+        cp -f "$security_key_file" "$tmp_ca_path"
+        security_key_file="$tmp_ca_path/riak-test-key.pem"
+
+        chmod 755 "$tmp_ca_path"
+        chmod 644 "$tmp_ca_path"/*
+        pinfo "Using certificates in $tmp_ca_path"
     else
         errexit 'missing CA directory'
     fi