source: mod_gnutls/test/runtests @ 967bf9b

debian/masterdebian/stretch-backportsupstream
Last change on this file since 967bf9b was e00d91a, checked in by Thomas Klute <thomas2.klute@…>, 2 years ago

Test suite: Use TEST_LOCK instead of constant TEST_PID in runtests

Same concept as the lock file changes in the previous commit.

  • Property mode set to 100755
File size: 6.9 KB
Line 
1#!/bin/bash
2
3# Authors:
4# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5# Thomas Klute <thomas2.klute@uni-dortmund.de>
6
7set -e
8. ${srcdir}/common.bash
9netns_reexec ${@}
10
11testid="${1##t-}"
12
13if [ -z "$testid" ] ; then
14    echo -e "No test case selected.\nUsage: ${0} t-N" >&2
15    exit 1
16else
17    testid=${srcdir}/tests/"$(printf "%02d" "$testid")"_*
18fi
19
20BADVARS=0
21for v in APACHE2 TEST_HOST TEST_PORT TEST_QUERY_TIMEOUT TEST_SERVICE_WAIT \
22                 MSVA_PORT; do
23    if [ ! -v "$v" ]; then
24        printf "You need to set the %s environment variable\n" "$v" >&2
25        BADVARS=1
26    fi
27done
28
29if [ 0 != "$BADVARS" ]; then
30    exit 1
31fi
32
33# write script file and line to stderr on error
34function pinpoint_error()
35{
36    echo "Command \"${BASH_COMMAND}\" failed. Call trace:" >&2
37    local stack=0
38    while caller $((stack++)) >&2; do true; done
39}
40trap 'pinpoint_error' ERR
41
42function stop_msva()
43{
44    kill_by_pidfile "${msva_pidfile}"
45    unset msva_pidfile
46}
47
48# Compare expected/actual outputs, filtering out headers from actual
49# output that are expected to change between runs or builds (currently
50# "Date" and "Server"). The headers must be excluded in the expected
51# output.
52#
53# Parameters:
54# $1: path to expected output
55# $2: path to actual output
56# $3: additional options for diff (optional)
57function diff_output_filter_headers()
58{
59    local expected="$1"
60    local actual="$2"
61    diff $3 -u "${expected}" <( cat "${actual}" | \
62        grep -v -P '^Date:\s.*GMT\s?$' | \
63        grep -v -P '^Server:\sApache'  | \
64        tail -n "$(wc -l < ${expected})" )
65}
66
67# Run a command, storing its PID in the given file
68# Usage: run_with_pidfile PIDFILE COMMAND [ARGS]
69function run_with_pidfile()
70{
71    local pidfile=$1
72    local cmd=$2
73    shift 2
74    echo $BASHPID >${pidfile}
75    exec ${cmd} $*
76}
77
78# Kills the process with the PID contained in a given file, then
79# deletes the file.
80# Usage: kill_by_pidfile PIDFILE
81function kill_by_pidfile()
82{
83    local pidfile="${1}"
84    # In some testcases with expected failure, gnutls-cli sometimes
85    # failed before the subshell in front of the pipe (see gnutls-cli
86    # call below) got so far as to write the PID, much less exec
87    # sleep. So we need to check if there actually is anything to
88    # kill.
89    if [ -n "${pidfile}" ]; then
90        local pid=$(cat "${pidfile}")
91        if [ -n "${pid}" ] && ps -p "${pid}"; then
92            kill "${pid}"
93        else
94            echo "No running process with PID ${pid} (${pidfile})."
95        fi
96        rm "${pidfile}"
97    fi
98}
99
100function apache_down_err() {
101    printf "FAILURE: %s\n" "$TEST_NAME"
102    ${APACHE2} -f "${t}/apache.conf" -k stop || true
103    if [ -e output ]; then
104        printf "\ngnutls-cli outputs:\n"
105        diff_output_filter_headers "output" "$output" || true
106    fi
107
108    if [ -n "${sleep_pidfile}" ]; then
109        kill_by_pidfile "${sleep_pidfile}"
110    fi
111
112    local errlog="logs/${TEST_NAME}.error.log"
113    if [ -r "${errlog}" ]; then
114        printf "\nApache error logs:\n"
115        tail "${errlog}"
116    fi
117
118    if [ -n "${USE_MSVA}" ]; then
119        stop_msva
120    fi
121}
122
123if [ -n "${USE_MSVA}" ]; then
124    msva_pidfile="$(mktemp mod_gnutls_test-XXXXXX.pid)"
125    GNUPGHOME=msva.gnupghome MSVA_KEYSERVER_POLICY=never run_with_pidfile "${msva_pidfile}" monkeysphere-validation-agent &
126    trap stop_msva EXIT
127
128    printf "TESTING: initial MSVA verification\n"
129    export MONKEYSPHERE_VALIDATION_AGENT_SOCKET="http://127.0.0.1:$MSVA_PORT"
130
131    msva_test_cmd="msva-query-agent https \"$(cat client.uid)\" x509pem client < client/x509.pem"
132    # check if MSVA is up, fail if not
133    if wait_ready "${msva_test_cmd}"; then
134        printf "\nSUCCESS: initial MSVA verification\n"
135    else
136        printf "\nFAIL: initial MSVA verification\n"
137        exit 1
138    fi
139fi
140
141# configure locking for the Apache process
142if [ -n "${USE_TEST_NAMESPACE}" ]; then
143    echo "Using namespaces to isolate tests, no need for locking."
144    flock_cmd=""
145elif [ -n "${FLOCK}" ]; then
146    flock_cmd="${FLOCK} -w ${TEST_LOCK_WAIT} $(realpath ${TEST_LOCK})"
147else
148    echo "Locking disabled, using wait based on Apache PID file."
149    wait_pid_gone "${TEST_LOCK}"
150    flock_cmd=""
151fi
152
153t="$(realpath ${testid})"
154export srcdir="$(realpath ${srcdir})"
155export TEST_NAME="$(basename "$t")"
156output="outputs/${TEST_NAME}.output"
157rm -f "$output"
158
159if [ -e ${t}/fail.* ]; then
160    EXPECTED_FAILURE="$(printf " (expected: %s)" fail.*)"
161else
162    unset EXPECTED_FAILURE
163fi
164printf "TESTING: %s%s\n" "$TEST_NAME" "$EXPECTED_FAILURE"
165trap apache_down_err EXIT
166if [ -n "${USE_MSVA}" ]; then
167    export MONKEYSPHERE_VALIDATION_AGENT_SOCKET="http://127.0.0.1:$MSVA_PORT"
168fi
169
170# If VERBOSE is enabled, log the HTTPD build configuration
171if [ -n "${VERBOSE}" ]; then
172    ${APACHE2} -f "${srcdir}/base_apache.conf" -V
173fi
174
175if ! ${flock_cmd} ${APACHE2} -f "${t}/apache.conf" -k start; then
176    if [ -e "${t}/fail.server" ]; then
177        echo "Apache HTTPD failed to start as expected."
178        exit 0
179    else
180        echo "Apache HTTPD unexpectedly failed to start."
181        exit 1
182    fi
183fi
184
185# check OCSP server
186if [ -n "${CHECK_OCSP_SERVER}" ]; then
187    if [ -n "${OCSP_RESPONSE_FILE}" ]; then
188        store_ocsp="--outfile ${OCSP_RESPONSE_FILE}"
189    fi
190    echo "---- Testing OCSP server ----"
191    wait_ready "ocsptool --ask --nonce --load-issuer authority/x509.pem --load-cert server/x509.pem ${store_ocsp}"
192    echo "---- OCSP test done ----"
193fi
194
195# PID file for sleep command (explanation below)
196sleep_pidfile="$(mktemp mod_gnutls_test-XXXXXX.pid)"
197
198# The sleep call keeps the pipe from the subshell to gnutls-cli
199# open. Without it gnutls-cli would terminate as soon as sed is
200# done, and not wait for a response from the server, leading to
201# failing tests. Sending sleep to the background allows the test
202# case to proceed instead of waiting for it to return. The sleep
203# process is stopped after gnutls-cli terminates.
204#
205# The line end manipulation in sed guarantees that all header lines
206# end with CRLF as required by RFC 7230, Section 3.1.1 regardless of
207# the line ends in the input file.
208if (sed -r "s/__HOSTNAME__/${TEST_HOST}/;s/\r?$/\r/" <${t}/input && \
209           run_with_pidfile "${sleep_pidfile}" sleep "${TEST_QUERY_TIMEOUT}" &) | \
210       gnutls-cli -p "${TEST_PORT}" $(cat ${t}/gnutls-cli.args) "${TEST_HOST}" \
211       | tee "$output" && test "${PIPESTATUS[1]}" -eq 0;
212then
213    if [ -e ${t}/fail* ]; then
214        printf "%s should have failed but succeeded\n" "$(basename "$t")" >&2
215        exit 1
216    fi
217else
218    if [ ! -e ${t}/fail* ]; then
219        printf "%s should have succeeded but failed\n" "$(basename "$t")" >&2
220        exit 1
221    fi
222fi
223
224kill_by_pidfile "${sleep_pidfile}"
225unset sleep_pidfile
226
227if [ -e ${t}/output ] ; then
228    diff_output_filter_headers "${t}/output" "$output" >&2
229fi
230if [ -n "${USE_MSVA}" ]; then
231    trap stop_msva EXIT
232else
233    trap - EXIT
234fi
235${APACHE2} -f "${t}/apache.conf" -k stop || [ -e ${t}/fail.server ]
236printf "SUCCESS: %s\n" "$TEST_NAME"
237
238if [ -n "${USE_MSVA}" ]; then
239    stop_msva
240    # Without explicitly resetting the trap function, it would be
241    # called again on exit. Of course, we could just not stop MSVA and
242    # let the trap do the work, but I think the code is easier to
243    # understand like this.
244    trap - EXIT
245fi
Note: See TracBrowser for help on using the repository browser.