Merge pull request #491 from srvrco/check_awk_version

Show error and exit if awk too old for ACMEv2

docker-compose.yml

@@ -77,6 +77,23 @@ services:
           - i.centos6.getssl.test
           - j.centos6.getssl.test
           - k.centos6.getssl.test
+  getssl-ubuntu18-no-gawk:
+    build:
+      context: .
+      dockerfile: test/Dockerfile-ubuntu18-no-gawk
+    container_name: getssl-ubuntu18-no-gawk
+    volumes:
+      - .:/getssl
+    environment:
+      GETSSL_HOST: ubuntu18-no-gawk.getssl.test
+      GETSSL_IP: 10.30.50.6
+      NGINX_CONFIG: /etc/nginx/sites-enabled/default
+      TEST_AWK: "yes"
+    networks:
+      acmenet:
+        ipv4_address: 10.30.50.6
+        aliases:
+          - ubuntu18-no-gawk.getssl.test
 
 networks:
   acmenet:

getssl

@@ -15,6 +15,8 @@
 
 # For usage, run "getssl -h" or see https://github.com/srvrco/getssl
 
+# ACMEv2 process is documented at https://tools.ietf.org/html/rfc8555#section-7.4
+
 # Revision history:
 # 2016-01-08 Created (v0.1)
 # 2016-01-11 type correction and upload to github (v0.2)
@@ -202,6 +204,7 @@
 # 2020-01-24 allow file transfer using WebDAV over HTTPS
 # 2020-01-26 Use urlbase64_decode() instead of base64 -d
 # 2020-01-26 Fix "already verified" error for ACMEv2
+# 2020-01-29 Check awk new enough to support json_awk
 # ----------------------------------------------------------------------------------------
 
 PROGNAME=${0##*/}
@@ -1982,6 +1985,14 @@ else
 fi
 debug "Using API v$API"
 
+# Check if awk supports json_awk (required for ACMEv2)
+if [[ $API -eq 2 ]]; then
+    json_awk_test=$(json_awk '{ "test": "1" }' 2>/dev/null)
+    if [[ "${json_awk_test}" == "" ]]; then
+        error_exit "Your version of awk does not work with json_awk (see http://github.com/step-/JSON.awk/issues/6), please install a newer version of mawk or gawk"
+    fi
+fi
+
 # if check_remote is true then connect and obtain the current certificate (if not forcing renewal)
 if [[ "${CHECK_REMOTE}" == "true" ]] && [[ $_FORCE_RENEW -eq 0 ]]; then
   debug "getting certificate for $DOMAIN from remote server"

test/5-old-awk-error.bats

@@ -0,0 +1,24 @@
+#! /usr/bin/env bats
+
+load '/bats-support/load.bash'
+load '/bats-assert/load.bash'
+load '/getssl/test/test_helper.bash'
+
+
+# This is run for every test
+setup() {
+    export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
+}
+
+
+@test "Check getssl fails if an old version of awk is installed" {
+    CONFIG_FILE="getssl-http01.cfg"
+    # Make sure this test only runs on an image running an old version of awk
+    if [[ "$TEST_AWK" != "" ]]; then
+        setup_environment
+        init_getssl
+        create_certificate
+        assert_failure
+        assert_output "getssl: Your version of awk does not work with json_awk (see http://github.com/step-/JSON.awk/issues/6), please install a newer version of mawk or gawk"
+    fi
+}

test/Dockerfile-ubuntu18-no-gawk

@@ -0,0 +1,17 @@
+FROM ubuntu:bionic
+# bionic = latest 18 version
+
+# Update and install required software
+RUN apt-get update --fix-missing
+RUN apt-get install -y git curl dnsutils wget nginx-light
+
+WORKDIR /root
+
+# BATS (Bash Automated Testings)
+RUN git clone https://github.com/bats-core/bats-core.git /bats-core
+RUN git clone https://github.com/jasonkarns/bats-support /bats-support
+RUN git clone https://github.com/jasonkarns/bats-assert-1 /bats-assert
+RUN /bats-core/install.sh /usr/local
+
+# Run eternal loop - for testing
+CMD ["/bin/bash", "-c", "while :; do sleep 10; done"]

test/run-all-tests.sh

@@ -2,3 +2,4 @@
 
 docker exec -it getssl-centos6 bats /getssl/test
 docker exec -it getssl-ubuntu18 bats /getssl/test
+docker exec -it getssl-ubuntu18-no-gawk bats /getssl/test/5-old-awk-error.bats