From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on sa.local.altlinux.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=unavailable autolearn_force=no version=3.4.1 From: Aleksei Nikiforov To: devel@lists.altlinux.org Date: Tue, 10 Dec 2019 18:23:41 +0300 Message-Id: <20191210152343.33867-37-darktemplar@altlinux.org> X-Mailer: git-send-email 2.24.0 In-Reply-To: <20191210152343.33867-1-darktemplar@altlinux.org> References: <20191210152343.33867-1-darktemplar@altlinux.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Cc: Aleksei Nikiforov Subject: [devel] [PATCH for apt 36/38] Add http and https methods tests X-BeenThere: devel@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: ALT Linux Team development discussions List-Id: ALT Linux Team development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Dec 2019 15:25:57 -0000 Archived-At: List-Archive: List-Post: --- apt/test/integration/framework | 104 +++++++++++++++++- apt/test/integration/test-apt-method-http | 29 +++++ apt/test/integration/test-apt-method-https | 56 ++++++++++ ...est-apt-method-https-invalid-cert-hostname | 41 +++++++ 4 files changed, 229 insertions(+), 1 deletion(-) create mode 100755 apt/test/integration/test-apt-method-http create mode 100755 apt/test/integration/test-apt-method-https create mode 100755 apt/test/integration/test-apt-method-https-invalid-cert-hostname diff --git a/apt/test/integration/framework b/apt/test/integration/framework index fa9672d..6098089 100644 --- a/apt/test/integration/framework +++ b/apt/test/integration/framework @@ -519,7 +519,7 @@ generaterepository() { --suite="${GB_REPO_SUITE:-$label}" \ --version="${GB_REPO_VERSION:-$date_s}" \ --topdir="$REPO_DIR" \ - --flat --no-oldhashfile --no-bz2 --no-xz --mapi \ + --flat --no-oldhashfile --bz2 --xz --mapi \ $dir $comps if [ -n "$REPO_DATE" ] ; then @@ -552,3 +552,105 @@ ENDSCRIPT chmod +x $TMPWORKINGDIRECTORY/bash/scripts/${SCRIPTFILENAME}.sh } + +nginxsetuphttp() { + mkdir -p $TMPWORKINGDIRECTORY/nginx ||: + mkdir -p $TMPWORKINGDIRECTORY/nginx/tmp ||: + +cat >> $TMPWORKINGDIRECTORY/nginx/nginx.conf << ENDCONFIG +worker_processes 1; +error_log $TMPWORKINGDIRECTORY/nginx/error.log; +daemon off; +pid $TMPWORKINGDIRECTORY/nginx/nginx.pid; + +events { + worker_connections 1024; +} + +http { + client_body_temp_path $TMPWORKINGDIRECTORY/nginx/tmp/client_body; + fastcgi_temp_path $TMPWORKINGDIRECTORY/nginx/tmp/fastcgi_temp; + proxy_temp_path $TMPWORKINGDIRECTORY/nginx/tmp/proxy_temp; + scgi_temp_path $TMPWORKINGDIRECTORY/nginx/tmp/scgi_temp; + uwsgi_temp_path $TMPWORKINGDIRECTORY/nginx/tmp/uwsgi_temp; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + sendfile on; + + keepalive_timeout 65; + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + access_log $TMPWORKINGDIRECTORY/nginx/http.access.log; + error_log $TMPWORKINGDIRECTORY/nginx/http.error.log; + + server { + listen 8080; + server_name localhost localhost.localdomain; + + location / { + root $TMPWORKINGDIRECTORY/nginx/repo; + autoindex on; + } + } +} +ENDCONFIG +} + +nginxsetuphttps() { + mkdir -p $TMPWORKINGDIRECTORY/nginx ||: + mkdir -p $TMPWORKINGDIRECTORY/nginx/tmp ||: + + cat >> $TMPWORKINGDIRECTORY/nginx/nginx.conf << ENDCONFIG +worker_processes 1; +error_log $TMPWORKINGDIRECTORY/nginx/error.log; +daemon off; +pid $TMPWORKINGDIRECTORY/nginx/nginx.pid; + +events { + worker_connections 1024; +} + +http { + client_body_temp_path $TMPWORKINGDIRECTORY/nginx/tmp/client_body; + fastcgi_temp_path $TMPWORKINGDIRECTORY/nginx/tmp/fastcgi_temp; + proxy_temp_path $TMPWORKINGDIRECTORY/nginx/tmp/proxy_temp; + scgi_temp_path $TMPWORKINGDIRECTORY/nginx/tmp/scgi_temp; + uwsgi_temp_path $TMPWORKINGDIRECTORY/nginx/tmp/uwsgi_temp; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + sendfile on; + + keepalive_timeout 65; + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + access_log $TMPWORKINGDIRECTORY/nginx/http.access.log; + error_log $TMPWORKINGDIRECTORY/nginx/http.error.log; + + server { + listen 8080; + server_name localhost localhost.localdomain; + + ssl_certificate $TMPWORKINGDIRECTORY/nginx/cert.crt; + ssl_certificate_key $TMPWORKINGDIRECTORY/nginx/cert.key; + + ssl on; + + ssl_session_cache builtin:1000 shared:SSL:10m; + ssl_protocols TLSv1.2; + ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; + ssl_prefer_server_ciphers on; + + location / { + root $TMPWORKINGDIRECTORY/nginx/repo; + autoindex on; + } + } +} +ENDCONFIG +} diff --git a/apt/test/integration/test-apt-method-http b/apt/test/integration/test-apt-method-http new file mode 100755 index 0000000..0872c99 --- /dev/null +++ b/apt/test/integration/test-apt-method-http @@ -0,0 +1,29 @@ +#!/bin/bash +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework + +setupenvironment + +nginxsetuphttp + +buildpackage "simple-package" + +generaterepository "$TMPWORKINGDIRECTORY/usr/src/RPM/RPMS" "$TMPWORKINGDIRECTORY/nginx/repo" + +cat > $TMPWORKINGDIRECTORY/rootdir/etc/apt/sources.list << END +rpm http://localhost:8080/ $(getarchitecture) apt-tests +rpm http://localhost:8080/ noarch apt-tests +END + +/usr/sbin/nginx -c $TMPWORKINGDIRECTORY/nginx/nginx.conf -p $TMPWORKINGDIRECTORY &>> $TMPWORKINGDIRECTORY/nginx/process-stderr.log & +NGINXPID=$! + +addtrap 'prefix' "kill -SIGTERM $NGINXPID; [ \"$EXIT_CODE\" = '0' ] || cat $TMPWORKINGDIRECTORY/nginx/process-stderr.log;" + +testsuccess aptget update + +testpkgnotinstalled "simple-package" +testsuccess aptget install simple-package +testpkginstalled "simple-package" diff --git a/apt/test/integration/test-apt-method-https b/apt/test/integration/test-apt-method-https new file mode 100755 index 0000000..29e4d2d --- /dev/null +++ b/apt/test/integration/test-apt-method-https @@ -0,0 +1,56 @@ +#!/bin/bash +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework + +setupenvironment + +nginxsetuphttps + +# generate key +openssl req -x509 -newkey rsa:4096 -keyout $TMPWORKINGDIRECTORY/nginx/cert.key -out $TMPWORKINGDIRECTORY/nginx/cert.crt -nodes -days 365 -subj '/CN=localhost' &>/dev/null + +# add key to apt's config. Also pin the key +cat > $TMPWORKINGDIRECTORY/rootdir/etc/apt/apt.conf.d/80https.conf << END +Acquire::https::CaInfo "$TMPWORKINGDIRECTORY/nginx/cert.crt"; +END + +cat > $TMPWORKINGDIRECTORY/rootdir/etc/apt/apt.conf.d/81https-pinning.conf << END +Acquire::https::PinnedCert "$TMPWORKINGDIRECTORY/nginx/cert.crt"; +END + +buildpackage "simple-package" +buildpackage "conflicting-package-one" + +generaterepository "$TMPWORKINGDIRECTORY/usr/src/RPM/RPMS" "$TMPWORKINGDIRECTORY/nginx/repo" + +cat > $TMPWORKINGDIRECTORY/rootdir/etc/apt/sources.list << END +rpm https://localhost:8080/ $(getarchitecture) apt-tests +rpm https://localhost:8080/ noarch apt-tests +END + +/usr/sbin/nginx -c $TMPWORKINGDIRECTORY/nginx/nginx.conf -p $TMPWORKINGDIRECTORY &>> $TMPWORKINGDIRECTORY/nginx/process-stderr.log & +NGINXPID=$! + +addtrap 'prefix' "kill -SIGTERM $NGINXPID; [ \"$EXIT_CODE\" = '0' ] || cat $TMPWORKINGDIRECTORY/nginx/process-stderr.log;" + +testsuccess aptget update + +testpkgnotinstalled "simple-package" +testsuccess aptget install simple-package +testpkginstalled "simple-package" + +# generate another key, and pin apt to it. Check key pinning +msgmsg "Pinning invalid key in apt" +openssl req -x509 -newkey rsa:4096 -keyout $TMPWORKINGDIRECTORY/nginx/cert.invalid.key -out $TMPWORKINGDIRECTORY/nginx/cert.invalid.crt -nodes -days 365 -subj '/CN=localhost' &>/dev/null + +cat > $TMPWORKINGDIRECTORY/rootdir/etc/apt/apt.conf.d/81https-pinning.conf << END +Acquire::https::PinnedCert "$TMPWORKINGDIRECTORY/nginx/cert.invalid.crt"; +END + +testfailure aptget update + +testpkgnotinstalled "conflicting-package-one" +testfailure aptget install conflicting-package-one +testpkgnotinstalled "conflicting-package-one" diff --git a/apt/test/integration/test-apt-method-https-invalid-cert-hostname b/apt/test/integration/test-apt-method-https-invalid-cert-hostname new file mode 100755 index 0000000..33e80b6 --- /dev/null +++ b/apt/test/integration/test-apt-method-https-invalid-cert-hostname @@ -0,0 +1,41 @@ +#!/bin/bash +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework + +setupenvironment + +nginxsetuphttps + +# generate key +openssl req -x509 -newkey rsa:4096 -keyout $TMPWORKINGDIRECTORY/nginx/cert.key -out $TMPWORKINGDIRECTORY/nginx/cert.crt -nodes -days 365 -subj '/CN=wronghost' &>/dev/null + +# add key to apt's config. Also pin the key +cat > $TMPWORKINGDIRECTORY/rootdir/etc/apt/apt.conf.d/80https.conf << END +Acquire::https::CaInfo "$TMPWORKINGDIRECTORY/nginx/cert.crt"; +END + +cat > $TMPWORKINGDIRECTORY/rootdir/etc/apt/apt.conf.d/81https-pinning.conf << END +Acquire::https::PinnedCert "$TMPWORKINGDIRECTORY/nginx/cert.crt"; +END + +buildpackage "simple-package" + +generaterepository "$TMPWORKINGDIRECTORY/usr/src/RPM/RPMS" "$TMPWORKINGDIRECTORY/nginx/repo" + +cat > $TMPWORKINGDIRECTORY/rootdir/etc/apt/sources.list << END +rpm https://localhost:8080/ $(getarchitecture) apt-tests +rpm https://localhost:8080/ noarch apt-tests +END + +/usr/sbin/nginx -c $TMPWORKINGDIRECTORY/nginx/nginx.conf -p $TMPWORKINGDIRECTORY &>> $TMPWORKINGDIRECTORY/nginx/process-stderr.log & +NGINXPID=$! + +addtrap 'prefix' "kill -SIGTERM $NGINXPID; [ \"$EXIT_CODE\" = '0' ] || cat $TMPWORKINGDIRECTORY/nginx/process-stderr.log;" + +testfailure aptget update + +testpkgnotinstalled "conflicting-package-one" +testfailure aptget install conflicting-package-one +testpkgnotinstalled "conflicting-package-one" -- 2.24.0