diff --git a/getssl b/getssl index a6fc1dc..f877ed5 100755 --- a/getssl +++ b/getssl @@ -224,11 +224,13 @@ # 2020-04-16 Add -i|--install command line option (2.23) # 2020-04-19 Remove dependency on seq, ensure clean_up doesn't try to delete /tmp (2.24) # 2020-04-20 Check for domain using all DNS utilities (2.25) +# 2020-04-22 Fix HAS_HOST and HAS_NSLOOKUP checks - wolfaba +# 2020-04-22 Fix domain case conversion for different locales (2.26) - glynge # ---------------------------------------------------------------------------------------- PROGNAME=${0##*/} PROGDIR="$(cd "$(dirname "$0")" || exit; pwd -P;)" -VERSION="2.25" +VERSION="2.26" # defaults ACCOUNT_KEY_LENGTH=4096 @@ -532,14 +534,14 @@ check_config() { # check the config files for all obvious errors fi fi - if [[ "$HAS_HOST" == true ]]; then + if [[ "$HAS_HOST" == "true" ]]; then debug "DNS lookup using host ${d}" if [[ "$(host "${d}" |grep -c -i "^${d}")" -ge 1 ]]; then found_ip=true fi fi - if [[ "$HAS_NSLOOKUP" == true ]]; then + if [[ "$HAS_NSLOOKUP" == "true" ]]; then debug "DNS lookup using nslookup -query AAAA ${d}" if [[ "$(nslookup -query=AAAA "${d}"|grep -c -i "^${d}.*has AAAA address")" -ge 1 ]]; then debug "found IPv6 record for ${d}" @@ -863,8 +865,7 @@ create_order() { dn=0 for d in $alldomains; do # Convert domain to lowercase as response from server will be in lowercase - # shellcheck disable=SC2018,SC2019 - d=$(echo "$d" | tr A-Z a-z) + d=$(echo "$d" | tr "[:upper:]" "[:lower:]") if [ "$d" == "$authdomain" ]; then debug "Saving authorization response for $authdomain for domain alldomains[$dn]" AuthLinkResponse[$dn]=$response @@ -1260,7 +1261,7 @@ get_auth_dns() { # get the authoritative dns server for a domain (sets primary_n fi fi - if [[ "$HAS_HOST" == true ]]; then + if [[ "$HAS_HOST" == "true" ]]; then gad_d="$orig_gad_d" debug Using "host -t NS" to find primary name server for "$gad_d" if [[ -z "$gad_s" ]]; then @@ -1279,7 +1280,7 @@ get_auth_dns() { # get the authoritative dns server for a domain (sets primary_n fi fi - if [[ "$HAS_NSLOOKUP" == true ]]; then + if [[ "$HAS_NSLOOKUP" == "true" ]]; then gad_d="$orig_gad_d" debug Using "nslookup -debug -type=soa -type=ns $gad_d $gad_s" to find primary name server res=$(nslookup -debug -type=soa -type=ns "$gad_d" ${gad_s}) diff --git a/test/1-simple-http01.bats b/test/1-simple-http01.bats index fd96a8a..6b37f86 100644 --- a/test/1-simple-http01.bats +++ b/test/1-simple-http01.bats @@ -20,9 +20,7 @@ setup() { init_getssl create_certificate assert_success - refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]' - refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]' - refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]' + check_output_for_errors } @@ -32,8 +30,6 @@ setup() { fi run ${CODE_DIR}/getssl -f $GETSSL_HOST assert_success - refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]' - refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]' - refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]' + check_output_for_errors cleanup_environment } diff --git a/test/10-mixed-case-staging.bats b/test/10-mixed-case-staging.bats index c1bac0d..ea622f7 100644 --- a/test/10-mixed-case-staging.bats +++ b/test/10-mixed-case-staging.bats @@ -18,7 +18,5 @@ load '/getssl/test/test_helper.bash' create_certificate assert_success - refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]' - refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]' - refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]' + check_output_for_errors } diff --git a/test/10-mixed-case.bats b/test/10-mixed-case.bats index 2a4d6f3..b1d8f07 100644 --- a/test/10-mixed-case.bats +++ b/test/10-mixed-case.bats @@ -23,9 +23,7 @@ setup() { create_certificate assert_success - refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]' - refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]' - refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]' + check_output_for_errors } @test "Check that DNS-01 verification works if the domain is not lowercase" { @@ -39,7 +37,5 @@ setup() { init_getssl create_certificate assert_success - refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]' - refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]' - refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]' + check_output_for_errors } diff --git a/test/11-test--install.bats b/test/11-test--install.bats index 6949d25..e034326 100644 --- a/test/11-test--install.bats +++ b/test/11-test--install.bats @@ -32,9 +32,7 @@ setup() { run ${CODE_DIR}/getssl "$GETSSL_CMD_HOST" assert_success - refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]' - refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]' - refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]' + check_output_for_errors assert_line 'Verification completed, obtaining certificate.' assert_line 'Requesting certificate' refute [ -d '$HOME/.getssl' ] @@ -53,9 +51,7 @@ setup() { run ${CODE_DIR}/getssl --install "$GETSSL_CMD_HOST" assert_success - refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]' - refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]' - refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]' + check_output_for_errors refute_line 'Verification completed, obtaining certificate.' refute_line 'Requesting certificate' assert_line --partial 'copying domain certificate to' diff --git a/test/11-test-no-domain-storage.bats b/test/11-test-no-domain-storage.bats index cefac3f..3be0be5 100644 --- a/test/11-test-no-domain-storage.bats +++ b/test/11-test-no-domain-storage.bats @@ -15,5 +15,6 @@ load '/getssl/test/test_helper.bash' cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/getssl.cfg" run ${CODE_DIR}/getssl -a assert_success + check_output_for_errors assert_line 'Not going to delete TEMP_DIR ///tmp as it appears to be /tmp' } diff --git a/test/2-simple-dns01-dig.bats b/test/2-simple-dns01-dig.bats index cbac598..6803f15 100644 --- a/test/2-simple-dns01-dig.bats +++ b/test/2-simple-dns01-dig.bats @@ -22,9 +22,7 @@ setup() { create_certificate -d assert_success assert_output --partial "dig" - refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]' - refute_output --regexp '[^:][Ee][Rr][Rr][Oo][Rr][^:]' # don't fail for :error:badNonce - refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]' + check_output_for_errors "debug" } @@ -35,8 +33,6 @@ setup() { run ${CODE_DIR}/getssl -d -f $GETSSL_HOST assert_success assert_output --partial "dig" - refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]' - refute_output --regexp '[^:][Ee][Rr][Rr][Oo][Rr][^:]' # don't fail for :error:badNonce - refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]' + check_output_for_errors "debug" cleanup_environment } diff --git a/test/2-simple-dns01-nslookup.bats b/test/2-simple-dns01-nslookup.bats index 482be2a..7e675a8 100644 --- a/test/2-simple-dns01-nslookup.bats +++ b/test/2-simple-dns01-nslookup.bats @@ -32,8 +32,5 @@ teardown() { create_certificate -d assert_success assert_output --partial "nslookup" - refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]' - refute_output --regexp '[^:][Ee][Rr][Rr][Oo][Rr][^:]' # don't fail for :error:badNonce - # don't check for "Warnings:" as there might be a warning message if nslookup doesn't support -debug (alpine/ubuntu) - refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg][^:]' + check_output_for_errors "debug" } diff --git a/test/3-dual-rsa-ecdsa.bats b/test/3-dual-rsa-ecdsa.bats index 7820a96..d5c58f7 100644 --- a/test/3-dual-rsa-ecdsa.bats +++ b/test/3-dual-rsa-ecdsa.bats @@ -20,6 +20,7 @@ setup() { init_getssl create_certificate assert_success + check_output_for_errors } @@ -29,6 +30,7 @@ setup() { fi run ${CODE_DIR}/getssl -f $GETSSL_HOST assert_success + check_output_for_errors } @test "Create dual certificates using DNS-01 verification" { @@ -40,6 +42,7 @@ setup() { init_getssl create_certificate assert_success + check_output_for_errors } @@ -49,5 +52,6 @@ setup() { fi run ${CODE_DIR}/getssl -f $GETSSL_HOST assert_success + check_output_for_errors cleanup_environment } diff --git a/test/4-more-than-10-hosts.bats b/test/4-more-than-10-hosts.bats index bd93adc..f4eb95c 100644 --- a/test/4-more-than-10-hosts.bats +++ b/test/4-more-than-10-hosts.bats @@ -26,9 +26,7 @@ setup() { init_getssl create_certificate assert_success - refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]' - refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]' - refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]' + check_output_for_errors } @@ -38,9 +36,7 @@ setup() { fi run ${CODE_DIR}/getssl -f $GETSSL_HOST assert_success - refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]' - refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]' - refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]' + check_output_for_errors # Remove all the dns aliases cleanup_environment for prefix in a b c d e f g h i j k; do diff --git a/test/5-secp384-http01.bats b/test/5-secp384-http01.bats index 29da2da..3d05159 100644 --- a/test/5-secp384-http01.bats +++ b/test/5-secp384-http01.bats @@ -20,6 +20,7 @@ setup() { init_getssl create_certificate assert_success + check_output_for_errors } @@ -29,6 +30,7 @@ setup() { fi run ${CODE_DIR}/getssl -f $GETSSL_HOST assert_success + check_output_for_errors } @@ -41,6 +43,7 @@ setup() { init_getssl create_certificate assert_success + check_output_for_errors } @@ -50,4 +53,5 @@ setup() { fi run ${CODE_DIR}/getssl -f $GETSSL_HOST assert_success + check_output_for_errors } diff --git a/test/6-dual-rsa-ecdsa-copy-2-locations.bats b/test/6-dual-rsa-ecdsa-copy-2-locations.bats index 73363ec..394e8d6 100644 --- a/test/6-dual-rsa-ecdsa-copy-2-locations.bats +++ b/test/6-dual-rsa-ecdsa-copy-2-locations.bats @@ -32,6 +32,7 @@ teardown() { init_getssl create_certificate assert_success + check_output_for_errors # Check that the RSA chain and key have been copied to both locations assert [ -e "/etc/nginx/pki/domain-chain.crt" ] diff --git a/test/7-staging-dns01-dig.bats b/test/7-staging-dns01-dig.bats index 8c0d7f1..7e21124 100644 --- a/test/7-staging-dns01-dig.bats +++ b/test/7-staging-dns01-dig.bats @@ -16,9 +16,7 @@ load '/getssl/test/test_helper.bash' init_getssl create_certificate assert_success - refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]' - refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]' - refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]' + check_output_for_errors } @test "Force renewal of certificate using staging server, dig and DuckDNS" { @@ -27,8 +25,6 @@ load '/getssl/test/test_helper.bash' fi run ${CODE_DIR}/getssl -f $GETSSL_HOST assert_success - refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]' - refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]' - refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]' + check_output_for_errors cleanup_environment } diff --git a/test/7-staging-dns01-nslookup.bats b/test/7-staging-dns01-nslookup.bats index 027a210..bd8d9da 100644 --- a/test/7-staging-dns01-nslookup.bats +++ b/test/7-staging-dns01-nslookup.bats @@ -30,9 +30,7 @@ teardown() { init_getssl create_certificate assert_success - refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]' - refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]' - refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg][^:]' # ignore nslookup warnings + check_output_for_errors "debug" } @@ -42,8 +40,6 @@ teardown() { fi run ${CODE_DIR}/getssl -f $GETSSL_HOST assert_success - refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]' - refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]' - refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg][^:]' # ignore nslookup warnings + check_output_for_errors "debug" cleanup_environment } diff --git a/test/8-staging-ecdsa.bats b/test/8-staging-ecdsa.bats index 92c694a..127e989 100644 --- a/test/8-staging-ecdsa.bats +++ b/test/8-staging-ecdsa.bats @@ -18,9 +18,7 @@ load '/getssl/test/test_helper.bash' sed -e 's/rsa/prime256v1/g' < "${CODE_DIR}/test/test-config/${CONFIG_FILE}" > "${INSTALL_DIR}/.getssl/${GETSSL_HOST}/getssl.cfg" run ${CODE_DIR}/getssl -d "$GETSSL_HOST" assert_success - refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]' - refute_output --regexp '[^:][Ee][Rr][Rr][Oo][Rr][^:]' - refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg][^:]' # ignore nslookup warnings + check_output_for_errors "debug" } @@ -30,9 +28,7 @@ load '/getssl/test/test_helper.bash' fi run ${CODE_DIR}/getssl -d -f $GETSSL_HOST assert_success - refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]' - refute_output --regexp '[^:][Ee][Rr][Rr][Oo][Rr][^:]' - refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg][^:]' # ignore nslookup warnings + check_output_for_errors "debug" cleanup_environment } @@ -48,9 +44,7 @@ load '/getssl/test/test_helper.bash' sed -e 's/rsa/secp384r1/g' < "${CODE_DIR}/test/test-config/${CONFIG_FILE}" > "${INSTALL_DIR}/.getssl/${GETSSL_HOST}/getssl.cfg" run ${CODE_DIR}/getssl -d "$GETSSL_HOST" assert_success - refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]' - refute_output --regexp '[^:][Ee][Rr][Rr][Oo][Rr][^:]' - refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg][^:]' + check_output_for_errors "debug" } @@ -60,9 +54,7 @@ load '/getssl/test/test_helper.bash' fi run ${CODE_DIR}/getssl -d -f $GETSSL_HOST assert_success - refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]' - refute_output --regexp '[^:][Ee][Rr][Rr][Oo][Rr][^:]' - refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg][^:]' + check_output_for_errors "debug" cleanup_environment } diff --git a/test/9-multiple-domains-dns01.bats b/test/9-multiple-domains-dns01.bats index 2a9344f..c1de91c 100644 --- a/test/9-multiple-domains-dns01.bats +++ b/test/9-multiple-domains-dns01.bats @@ -25,9 +25,7 @@ setup() { init_getssl create_certificate assert_success - refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]' - refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]' - refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]' + check_output_for_errors } @@ -38,9 +36,7 @@ setup() { fi run ${CODE_DIR}/getssl -f $GETSSL_HOST assert_success - refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]' - refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]' - refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]' + check_output_for_errors # Remove all the dns aliases cleanup_environment curl --silent -X POST -d '{"host":"getssl.tst"}' http://10.30.50.3:8055/clear-a @@ -60,7 +56,5 @@ setup() { init_getssl create_certificate assert_success - refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]' - refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]' - refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]' + check_output_for_errors } diff --git a/test/9-test--all.bats b/test/9-test--all.bats index 94a2c28..cb043a5 100644 --- a/test/9-test--all.bats +++ b/test/9-test--all.bats @@ -28,7 +28,5 @@ setup() { # Check success conditions assert_success - refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]' - refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]' - refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]' + check_output_for_errors } diff --git a/test/Dockerfile-ubuntu b/test/Dockerfile-ubuntu index 720f0b0..66d7a35 100644 --- a/test/Dockerfile-ubuntu +++ b/test/Dockerfile-ubuntu @@ -2,6 +2,9 @@ FROM ubuntu:latest # Note this image uses mawk1.3 +# Set noninteractive otherwise tzdata hangs +ENV DEBIAN_FRONTEND noninteractive + # Update and install required software RUN apt-get update --fix-missing RUN apt-get install -y git curl dnsutils wget nginx-light diff --git a/test/Dockerfile-ubuntu-staging b/test/Dockerfile-ubuntu-staging index 552f096..58762d0 100644 --- a/test/Dockerfile-ubuntu-staging +++ b/test/Dockerfile-ubuntu-staging @@ -2,8 +2,13 @@ FROM ubuntu:latest # Note this image uses mawk1.3 +# Set noninteractive otherwise tzdata hangs +ENV DEBIAN_FRONTEND noninteractive + +# Ensure tests in this image use the staging server ENV staging "true" ENV DUCKDNS_TOKEN 1d616aa9-b8e4-4bb4-b312-3289de82badb + # Update and install required software RUN apt-get update --fix-missing RUN apt-get install -y git curl dnsutils wget nginx-light diff --git a/test/test_helper.bash b/test/test_helper.bash index f4c62af..0aafa93 100644 --- a/test/test_helper.bash +++ b/test/test_helper.bash @@ -1,23 +1,31 @@ INSTALL_DIR=/root CODE_DIR=/getssl - -setup_environment() { - # One-off test setup - if [[ -d ${INSTALL_DIR}/.getssl ]]; then - rm -r ${INSTALL_DIR}/.getssl +check_output_for_errors() { + refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]' + # less strict tests if running with debug output + if [ -n "$1" ]; then + # don't fail for :error:badNonce + refute_output --regexp '[^:][Ee][Rr][Rr][Oo][Rr][^:]' + # don't check for "Warnings:" as there might be a warning message if nslookup doesn't support -debug (alpine/ubuntu) + refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg][^:]' + else + refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]' + refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]' fi - - curl --silent -X POST -d '{"host":"'"$GETSSL_HOST"'", "addresses":["'"$GETSSL_IP"'"]}' http://10.30.50.3:8055/add-a - cp ${CODE_DIR}/test/test-config/nginx-ubuntu-no-ssl "${NGINX_CONFIG}" - /getssl/test/restart-nginx + refute_line --partial 'command not found' } - cleanup_environment() { curl --silent -X POST -d '{"host":"'"$GETSSL_HOST"'"}' http://10.30.50.3:8055/clear-a } +create_certificate() { + # Create certificate + cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl.cfg" + # shellcheck disable=SC2086 + run ${CODE_DIR}/getssl $1 "$GETSSL_CMD_HOST" +} init_getssl() { # Run initialisation (create account key, etc) @@ -26,12 +34,15 @@ init_getssl() { [ -d "$INSTALL_DIR/.getssl" ] } +setup_environment() { + # One-off test setup + if [[ -d ${INSTALL_DIR}/.getssl ]]; then + rm -r ${INSTALL_DIR}/.getssl + fi -create_certificate() { - # Create certificate - cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl.cfg" - # shellcheck disable=SC2086 - run ${CODE_DIR}/getssl $1 "$GETSSL_CMD_HOST" + curl --silent -X POST -d '{"host":"'"$GETSSL_HOST"'", "addresses":["'"$GETSSL_IP"'"]}' http://10.30.50.3:8055/add-a + cp ${CODE_DIR}/test/test-config/nginx-ubuntu-no-ssl "${NGINX_CONFIG}" + /getssl/test/restart-nginx } # start nginx in background on alpine via supervisord