diff --git a/README.md b/README.md index 454a388..42dd5a9 100644 --- a/README.md +++ b/README.md @@ -92,7 +92,7 @@ sftp or ftp access to the remote server). getssl ver. 2.36 Obtain SSL certificates from the letsencrypt.org ACME server -Usage: getssl [-h|--help] [-d|--debug] [-c|--create] [-f|--force] [-a|--all] [-q|--quiet] [-Q|--mute] [-u|--upgrade] [-k|--keep #] [-U|--nocheck] [-r|--revoke cert key] [-w working_dir] [--preferred-chain chain] domain +Usage: getssl [-h|--help] [-d|--debug] [-c|--create] [-f|--force] [-a|--all] [-q|--quiet] [-Q|--mute] [-u|--upgrade] [-X|--experimental tag] [-U|--nocheck] [-r|--revoke cert key] [-w working_dir] [--preferred-chain chain] domain Options: -a, --all Check all certificates @@ -105,7 +105,7 @@ Options: -Q, --mute Like -q, but also mute notification about successful upgrade -r, --revoke "cert" "key" [CA_server] Revoke a certificate (the cert and key are required) -u, --upgrade Upgrade getssl if a more recent version is available - can be used with or without domain(s) - -k, --keep "#" Maximum number of old getssl versions to keep when upgrading + -X --experimental tag Allow upgrade to a specified version of getssl -U, --nocheck Do not check if a more recent version is available -v --version Display current version of getssl -w working_dir "Working directory" diff --git a/getssl b/getssl index 3bb6272..f7a58b9 100755 --- a/getssl +++ b/getssl @@ -268,6 +268,7 @@ # 2021-07-27 Support ftps://, FTPS_OPTIONS, remove default --insecure parameter to ftpes. Report caller(s) of error_exit in debug and test modes (tlhackque)(#687)(2.39) # 2021-07-30 Prefer API V2 when both offered (tlhackque) (#690) (2.40) # 2021-07-30 Run tests with -d to catch intermittent failures, Use fork's repo for upgrade tests. (tlhackque) (#692) (2.41) +# 2021-08-26 Improve upgrade check & make upgrade do a full install when possible (tlhackque) (#694) (2.42) # ---------------------------------------------------------------------------------------- case :$SHELLOPTS: in @@ -276,7 +277,7 @@ esac PROGNAME=${0##*/} PROGDIR="$(cd "$(dirname "$0")" || exit; pwd -P;)" -VERSION="2.41" +VERSION="2.42" # defaults ACCOUNT_KEY_LENGTH=4096 @@ -286,10 +287,11 @@ CA="https://acme-staging-v02.api.letsencrypt.org/directory" CHALLENGE_CHECK_TYPE="http" CHECK_REMOTE_WAIT=0 CHECK_REMOTE="true" +LIMIT_API="https://api.github.com/rate_limit" if [[ -n "${GITHUB_REPOSITORY}" ]] ; then - CODE_LOCATION="https://raw.githubusercontent.com/${GITHUB_REPOSITORY}/master/getssl" + RELEASE_API="https://api.github.com/repos/${GITHUB_REPOSITORY}/releases/latest" else - CODE_LOCATION="https://raw.githubusercontent.com/srvrco/getssl/master/getssl" + RELEASE_API="https://api.github.com/repos/srvrco/getssl/releases/latest" fi CSR_SUBJECT="/" CURL_USERAGENT="${PROGNAME}/${VERSION}" @@ -314,7 +316,7 @@ REUSE_PRIVATE_KEY="true" SERVER_TYPE="https" SKIP_HTTP_TOKEN_CHECK="false" SSLCONF="$(openssl version -d 2>/dev/null| cut -d\" -f2)/openssl.cnf" -TEMP_UPGRADE_FILE="" +TEMP_UPGRADE_DIR="" TOKEN_USER_ID="" USE_SINGLE_ACL="false" WORKING_DIR_CANDIDATES=("/etc/getssl" "${PROGDIR}/conf" "${PROGDIR}/.getssl" "${HOME}/.getssl") @@ -338,7 +340,6 @@ _CHECK_ALL=0 _CREATE_CONFIG=0 _CURL_VERSION="" _FORCE_RENEW=0 -_KEEP_VERSIONS="" _MUTE=0 _NOTIFY_VALID=0 _NOMETER="" @@ -351,6 +352,7 @@ _TEST_SKIP_CNAME_CALL=0 _TEST_SKIP_SOA_CALL=0 _UPGRADE=0 _UPGRADE_CHECK=1 +_UPGRADE_TO_TAG="" _USE_DEBUG=0 _ONLY_CHECK_CONFIG=0 config_errors="false" @@ -761,71 +763,165 @@ check_config() { # check the config files for all obvious errors debug "${DOMAIN}: check_config completed - all OK" } -check_getssl_upgrade() { # check if a more recent version of code is available available - TEMP_UPGRADE_FILE="$(mktemp 2>/dev/null || mktemp -t getssl.XXXXXX)" - if [ "$TEMP_UPGRADE_FILE" == "" ]; then - error_exit "mktemp failed" - fi - curl ${_NOMETER} --user-agent "$CURL_USERAGENT" --silent "$CODE_LOCATION" --output "$TEMP_UPGRADE_FILE" +# Quota generally shouldn't be an issue - except for tests +# Rate limits are per-IP address +check_github_quota() { + local need remaining reset limits now + need="$1" + while true ; do + limits="$(curl ${_NOMETER:---silent} --user-agent "$CURL_USERAGENT" -H 'Accept: application/vnd.github.v3+json' "$LIMIT_API" | sed -e's/\("[^:]*": *\("[^""]*",\|[^,]*[,}]\)\)/\r\n\1/g' | sed -ne'/"core":/,/}/p')" + errcode=$? + if [[ $errcode -eq 60 ]]; then + error_exit "curl needs updating, your version does not support SNI (multiple SSL domains on a single IP)" + elif [[ $errcode -gt 0 ]]; then + error_exit "curl error checking releases: $errcode" + fi + limits="$(sed -e's/^ *//g' <<<"${limits}")" + remaining="$(sed -e'/^"remaining": *[0-9]/!d;s/^"remaining": *\([0-9][0-9]*\).*$/\1/' <<<"${limits}")" + reset="$(sed -e'/^"reset": *[0-9]/!d;s/^"reset": *\([0-9][0-9]*\).*$/\1/' <<<"${limits}")" + if [[ "$remaining" -ge "$need" ]] ; then return 0 ; fi + limit="$(sed -e'/^"limit": *[0-9]/!d;s/^"limit": *\([0-9][0-9]*\).*$/\1/' <<<"${limits}")" + if [[ "$limit" -lt "$need" ]] ; then + error_exit "GitHub API request $need exceeds limit $limit" + fi + now="$(date +%s)" + while [[ "$now" -lt "$reset" ]] ; do + info "sleeping $(( "$reset" - "$now" )) seconds for GitHub quota" + sleep "$(( "$reset" - "$now" ))" + now="$(date +%s)" + done + done +} +check_getssl_upgrade() { # check if a more recent release is available + check_github_quota 2 + # Check GitHub for latest stable release, or a specified tag + if [[ -n "$_UPGRADE_TO_TAG" ]]; then + RELEASE_API="$RELEASE_API/tags/$_UPGRADE_TO_TAG" + fi + local release_data release_tag release_ver local_ver release_desc release_url release_tar NEWCMD + debug "Checking for releases at $RELEASE_API" + # Sometimes the json is pretty-printed, sometimes not. Loosely tied to --user-agent, but not + # always. Normalize it enough to get the 3 elements necessary. Oh, for jq... + release_data="$(curl ${_NOMETER:---silent} --user-agent "$CURL_USERAGENT" -H 'Accept: application/vnd.github.v3+json' "$RELEASE_API" | sed -e's/\("[^:]*": *\("[^""]*",\|[^,]*[,}]\)\)/\r\n\1/g')" errcode=$? if [[ $errcode -eq 60 ]]; then error_exit "curl needs updating, your version does not support SNI (multiple SSL domains on a single IP)" elif [[ $errcode -gt 0 ]]; then - error_exit "curl error : $errcode" + error_exit "curl error checking releases: $errcode" + fi + debug "$release_data" + release_data="$(sed -e's/^ *//g' <<<"${release_data}")" + release_tag="$(sed -e'/^"tag_name": *"/!d;s/^"tag_name": *"\([^""]*\).*$/\1/' <<<"${release_data}")" + if [[ "${release_tag:0:1}" != 'v' ]] ; then + if [[ ${_MUTE} -eq 0 ]]; then + info "The current repository has no releases or is improperly tagged; can't check for upgrades: '$release_tag'" + fi + return 0 fi - latestversion=$(awk -F '"' '$1 == "VERSION=" {print $2}' "$TEMP_UPGRADE_FILE") - latestvdec=$(echo "$latestversion"| tr -d '.') - localvdec=$(echo "$VERSION"| tr -d '.' ) + release_ver="$( tr -d '.v' <<<"${release_tag}")" + local_ver="$( tr -d '.' <<<"${VERSION}")" debug "current code is version ${VERSION}" - debug "Most recent version is ${latestversion}" - # use a default of 0 for cases where the latest code has not been obtained. - if [[ "${latestvdec:-0}" -gt "$localvdec" ]]; then - if [[ ${_UPGRADE} -eq 1 ]]; then - if ! install "$0" "${0}.v${VERSION}"; then - error_exit "problem renaming old version while updating, check permissions" - fi - if ! install -m 700 "$TEMP_UPGRADE_FILE" "$0"; then - error_exit "problem installing new version while updating, check permissions" - fi - if [[ ${_MUTE} -eq 0 ]]; then - echo "Updated getssl from v${VERSION} to v${latestversion}" - echo "These update notifications can be turned off using the -Q option" - echo "" - echo "Updates are;" - awk "/\(${VERSION}\)$/ {s=1} s; /\(${latestversion}\)$/ || /^# ----/ {s=0}" "$TEMP_UPGRADE_FILE" | awk '{if(NR>1)print}' - echo "" - fi - if [[ -n "$_KEEP_VERSIONS" ]] && [[ "$_KEEP_VERSIONS" =~ ^[0-9]+$ ]]; then - # Obtain all locally stored old versions in getssl_versions - declare -a getssl_versions - shopt -s nullglob - for getssl_version in "$0".v*; do - getssl_versions[${#getssl_versions[@]}]="$getssl_version" - done - shopt -u nullglob - # Explicitly sort the getssl_versions array to make sure - shopt -s -o noglob - # shellcheck disable=SC2207 - IFS=$'\n' getssl_versions=($(sort <<< "${getssl_versions[*]}")) - shopt -u -o noglob - # Remove entries until given number of old versions to keep is reached - while [[ ${#getssl_versions[@]} -gt $_KEEP_VERSIONS ]]; do - debug "removing old version ${getssl_versions[0]}" - rm "${getssl_versions[0]}" - getssl_versions=("${getssl_versions[@]:1}") - done - fi - if ! eval "$ORIGCMD"; then - error_exit "Running upgraded getssl failed" - fi - graceful_exit - else + debug "Most recent version is ${release_tag:1}" + if [[ -z "$_UPGRADE_TO_TAG" ]] ; then + if [[ "$local_ver" -ge "$release_ver" ]] ; then return 0; fi + else + if [[ "$local_ver" -eq "$release_ver" ]] ; then return 0; fi + fi + if [[ ${_UPGRADE} -ne 1 ]]; then + if [[ ${_MUTE} -eq 0 ]]; then + release_desc="$(sed -e'/^"body": *"/!d;s/^"body": *"\([^""]*\).*$/\1/;s/\\r/\r/g;s/\\n/\n/g' <<<"$release_data")" info "" - info "A more recent version (v${latestversion}) of getssl is available, please update" + info "A more recent version (${release_tag}) than $VERSION of getssl is available, please update" info "The easiest way is to use the -u or --upgrade flag" info "" + info "Release ${release_tag} summary" + info "$release_desc" + info "" fi + return 0; + fi + # Find, download, and unpack the tarball containing the selected release + release_url="$(sed -e'/^"tarball_url": *"/!d;s/^"tarball_url": *"\([^""]*\).*$/\1/' <<<"${release_data}")" + debug "Release url '$release_url'" + requires tar + TEMP_UPGRADE_DIR="$(mktemp -d 2>/dev/null || mktemp -d -t getssl.XXXXXXXX)" + if [ "$TEMP_UPGRADE_DIR" == "" ]; then + error_exit "mktemp failed" + fi + release_tar="$TEMP_UPGRADE_DIR/getssl-${release_tag}.tgz" + debug "Downloading release to $release_tar" + check_github_quota 1 + curl ${_NOMETER:---silent} -L --user-agent "$CURL_USERAGENT" -H 'Accept: application/vnd.github.v3+json' "$release_url" --output "$release_tar" + errcode=$? + if [[ $errcode -eq 60 ]]; then + error_exit "curl needs updating, your version does not support SNI (multiple SSL domains on a single IP)" + elif [[ $errcode -gt 0 ]]; then + error_exit "curl error downloading release: $errcode" + fi + if ! tar -C "${TEMP_UPGRADE_DIR}" --strip-components 1 -xzf "$release_tar" ; then + error_exit "failed to unpack release: $?" fi + # Inhibit check for upgrades when running the new version + NEWCMD="$(sed -e's/ -\(u\|-upgrade\|U\|-nocheck\)//g;s/^\([^ ]* \)/\1--nocheck /' <<<"$ORIGCMD")" + # Install everything with make - if it's available + if [ -n "$(command -v 'make' 2>/dev/null)" ]; then + if [[ "${0%/usr/bin/getssl}" != "$0" ]] ; then + export DESTDIR="${0%/usr/bin/getssl}" + fi + if [[ ${_MUTE} -eq 0 ]]; then + if ! make -C "${TEMP_UPGRADE_DIR}" "install" ; then + error_exit "Installation failed: $?" + fi + else + if ! make -s -C "${TEMP_UPGRADE_DIR}" "install" >/dev/null ; then + error_exit "Installation failed: $?" + fi + fi + clean_up + if [[ ${_MUTE} -eq 0 ]]; then + info "Installed $release_tag, restarting with $NEWCMD" + fi + if ! eval "$NEWCMD"; then + error_exit "Running upgraded getssl failed" + fi + graceful_exit + fi + # Fall back to 'install' and just the main script. + if [[ ${_MUTE} -eq 0 ]]; then + info "'make' is not available. getssl will be installed, but support scripts will not be upgraded" + info "To stay completely up-to-date, please install make" + fi + if ! install "$0" "${0}.v${VERSION}"; then + error_exit "problem renaming old version while updating, check permissions" + fi + if ! install -m 700 "$TEMP_UPGRADE_DIR/getssl" "$0"; then + error_exit "problem installing new version while updating, check permissions" + fi + if [[ ${_MUTE} -eq 0 ]]; then + echo "Updated getssl from v${VERSION} to $release_tag" + echo "The old version remains as ${0}.v${VERSION} and should be removed" + echo "" + fi + # This version can't be removed since disappearing can confuse bash. + declare -a getssl_versions + shopt -s nullglob + for getssl_version in "$0".v*; do + if [[ "$getssl_version" != "${0}.v${VERSION}" ]] ; then + getssl_versions[${#getssl_versions[@]}]="$getssl_version" + fi + done + shopt -u nullglob + if [[ -n "${getssl_versions[*]}" ]] ; then + rm "${getssl_versions[@]}" + fi + clean_up + if [[ ${_MUTE} -eq 0 ]]; then + info "Installed $release_tag, restarting with $NEWCMD" + fi + if ! eval "$NEWCMD"; then + error_exit "Running upgraded getssl failed" + fi + graceful_exit } clean_up() { # Perform pre-exit housekeeping @@ -848,8 +944,12 @@ clean_up() { # Perform pre-exit housekeeping rm -rf "${TEMP_DIR:?}" fi fi - if [[ -n "$TEMP_UPGRADE_FILE" ]] && [[ -f "$TEMP_UPGRADE_FILE" ]]; then - rm -f "$TEMP_UPGRADE_FILE" + if [[ -n "$TEMP_UPGRADE_DIR" ]] && [[ -d "$TEMP_UPGRADE_DIR" ]]; then + if [ "${TEMP_UPGRADE_DIR}" -ef "/tmp" ]; then + info "Not going to delete TEMP_UPGRADE_DIR ${TEMP_UPGRADE_DIR} as it appears to be /tmp" + else + rm -rf "${TEMP_UPGRADE_DIR:?}" + fi fi } @@ -1829,7 +1929,7 @@ help_message() { # print out the help message -Q, --mute Like -q, but also mute notification about successful upgrade -r, --revoke "cert" "key" [CA_server] Revoke a certificate (the cert and key are required) -u, --upgrade Upgrade getssl if a more recent version is available - can be used with or without domain(s) - -k, --keep "#" Maximum number of old getssl versions to keep when upgrading + -X, --experimental tag Upgrade to experimental releases, specified by tag (e.g. v9.43) -U, --nocheck Do not check if a more recent version is available -v --version Display current version of $PROGNAME -w working_dir "Working directory" @@ -2451,7 +2551,7 @@ urlbase64_decode() { usage() { # echos out the program usage echo "Usage: $PROGNAME [-h|--help] [-d|--debug] [-c|--create] [-f|--force] [-a|--all] [-q|--quiet]"\ - "[-Q|--mute] [-u|--upgrade] [-k|--keep #] [-U|--nocheck] [-r|--revoke cert key] [-w working_dir]"\ + "[-Q|--mute] [-u|--upgrade] [-X|--experimental tag] [-U|--nocheck] [-r|--revoke cert key] [-w working_dir]"\ "[--preferred-chain chain] domain" } @@ -2660,7 +2760,8 @@ while [[ -n ${1+defined} ]]; do -a | --all) _CHECK_ALL=1 ;; -k | --keep) - shift; _KEEP_VERSIONS="$1";; + shift; + echo "--keep has no effect" ;; -q | --quiet) _QUIET=1 ;; -Q | --mute) @@ -2678,6 +2779,9 @@ while [[ -n ${1+defined} ]]; do REVOKE_REASON=0 ;; -u | --upgrade) _UPGRADE=1 ;; + -X | --experimental) + _UPGRADE_TO_TAG="$1" + shift ;; -U | --nocheck) _UPGRADE_CHECK=0 ;; -i | --install) @@ -2747,6 +2851,15 @@ if [[ ! "${_CURL_VERSION}" < "7.67" ]]; then _NOMETER="--no-progress-meter" fi +# Make sure mktemp works before going too far +MKDIR_TEST_FILE="$(mktemp 2>/dev/null || mktemp -t getssl.XXXXXX)" +if [ "$MKDIR_TEST_FILE" == "" ]; then + error_exit "mktemp failed" +else + rm "$MKDIR_TEST_FILE" +fi +unset MKDIR_TEST_FILE + # Check if upgrades are available (unless they have specified -U to ignore Upgrade checks) if [[ $_UPGRADE_CHECK -eq 1 ]]; then check_getssl_upgrade diff --git a/test/1-simple-http01.bats b/test/1-simple-http01.bats index 518f734..15205e1 100644 --- a/test/1-simple-http01.bats +++ b/test/1-simple-http01.bats @@ -33,7 +33,7 @@ setup() { if [ -n "$STAGING" ]; then skip "Using staging server, skipping internal test" fi - run ${CODE_DIR}/getssl -f $GETSSL_HOST + run ${CODE_DIR}/getssl -U -d -f $GETSSL_HOST assert_success check_output_for_errors cleanup_environment diff --git a/test/11-test--install.bats b/test/11-test--install.bats index 1ab1ca4..186e8c6 100644 --- a/test/11-test--install.bats +++ b/test/11-test--install.bats @@ -34,7 +34,7 @@ setup() { cp "${CODE_DIR}/test/test-config/getssl-etc-template.cfg" "/etc/getssl/getssl.cfg" # Run getssl - run ${CODE_DIR}/getssl "$GETSSL_CMD_HOST" + run ${CODE_DIR}/getssl -U -d "$GETSSL_CMD_HOST" assert_success check_output_for_errors @@ -53,7 +53,7 @@ setup() { CONFIG_FILE="getssl-http01.cfg" # Run getssl - run ${CODE_DIR}/getssl --install "$GETSSL_CMD_HOST" + run ${CODE_DIR}/getssl -U -d --install "$GETSSL_CMD_HOST" assert_success check_output_for_errors diff --git a/test/11-test-no-domain-storage.bats b/test/11-test-no-domain-storage.bats index 9ad4aa4..f61db28 100644 --- a/test/11-test-no-domain-storage.bats +++ b/test/11-test-no-domain-storage.bats @@ -20,7 +20,7 @@ teardown() { setup_environment mkdir ${INSTALL_DIR}/.getssl cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/getssl.cfg" - run ${CODE_DIR}/getssl -a + run ${CODE_DIR}/getssl -U -d -a assert_success check_output_for_errors assert_line 'Not going to delete TEMP_DIR ///tmp as it appears to be /tmp' diff --git a/test/12-auto-upgrade-v1.bats b/test/12-auto-upgrade-v1.bats index 7554561..1dc5139 100644 --- a/test/12-auto-upgrade-v1.bats +++ b/test/12-auto-upgrade-v1.bats @@ -20,7 +20,7 @@ teardown() { setup_environment mkdir ${INSTALL_DIR}/.getssl cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/getssl.cfg" - run ${CODE_DIR}/getssl -d --check-config "$GETSSL_CMD_HOST" + run ${CODE_DIR}/getssl -U -d --check-config "$GETSSL_CMD_HOST" assert_success assert_line 'Using certificate issuer: https://pebble:14000/dir' } @@ -41,7 +41,7 @@ teardown() { setup_environment mkdir ${INSTALL_DIR}/.getssl cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/getssl.cfg" - run ${CODE_DIR}/getssl -d --check-config "$GETSSL_CMD_HOST" + run ${CODE_DIR}/getssl -U -d --check-config "$GETSSL_CMD_HOST" assert_success assert_line 'Using certificate issuer: https://acme-staging-v02.api.letsencrypt.org/directory' } @@ -62,7 +62,7 @@ teardown() { setup_environment mkdir ${INSTALL_DIR}/.getssl cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/getssl.cfg" - run ${CODE_DIR}/getssl -d --check-config "$GETSSL_CMD_HOST" + run ${CODE_DIR}/getssl -U -d --check-config "$GETSSL_CMD_HOST" assert_success assert_line 'Using certificate issuer: https://acme-v02.api.letsencrypt.org/directory' } @@ -83,7 +83,7 @@ teardown() { setup_environment mkdir ${INSTALL_DIR}/.getssl cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/getssl.cfg" - run ${CODE_DIR}/getssl -d --check-config "$GETSSL_CMD_HOST" + run ${CODE_DIR}/getssl -U -d --check-config "$GETSSL_CMD_HOST" assert_success assert_line 'Using certificate issuer: https://acme-staging-v02.api.letsencrypt.org/directory' } @@ -104,7 +104,7 @@ teardown() { setup_environment mkdir ${INSTALL_DIR}/.getssl cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/getssl.cfg" - run ${CODE_DIR}/getssl -d --check-config "$GETSSL_CMD_HOST" + run ${CODE_DIR}/getssl -U -d --check-config "$GETSSL_CMD_HOST" assert_success assert_line 'Using certificate issuer: https://acme-v02.api.letsencrypt.org/directory' } diff --git a/test/13-notify-valid.bats b/test/13-notify-valid.bats index 6b66927..6c06123 100644 --- a/test/13-notify-valid.bats +++ b/test/13-notify-valid.bats @@ -33,7 +33,7 @@ setup() { if [ -n "$STAGING" ]; then skip "Using staging server, skipping internal test" fi - run ${CODE_DIR}/getssl $GETSSL_HOST + run ${CODE_DIR}/getssl -U -d $GETSSL_HOST assert_success check_output_for_errors } @@ -43,7 +43,7 @@ setup() { if [ -n "$STAGING" ]; then skip "Using staging server, skipping internal test" fi - run ${CODE_DIR}/getssl --notify-valid $GETSSL_HOST + run ${CODE_DIR}/getssl -U -d --notify-valid $GETSSL_HOST assert [ $status == 2 ] check_output_for_errors cleanup_environment diff --git a/test/14-test-revoke.bats b/test/14-test-revoke.bats index fffe300..abc33cd 100644 --- a/test/14-test-revoke.bats +++ b/test/14-test-revoke.bats @@ -43,7 +43,7 @@ setup() { CERT=${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/${GETSSL_CMD_HOST}.crt KEY=${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/${GETSSL_CMD_HOST}.key - run ${CODE_DIR}/getssl -d --revoke $CERT $KEY $CA + run ${CODE_DIR}/getssl -U -d --revoke $CERT $KEY $CA assert_success check_output_for_errors "debug" } diff --git a/test/15-test-revoke-no-suffix.bats b/test/15-test-revoke-no-suffix.bats index 3eb273c..1eaa060 100644 --- a/test/15-test-revoke-no-suffix.bats +++ b/test/15-test-revoke-no-suffix.bats @@ -49,7 +49,7 @@ setup() { CERT=${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/${GETSSL_CMD_HOST}.crt KEY=${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/${GETSSL_CMD_HOST}.key - run ${CODE_DIR}/getssl -d --revoke $CERT $KEY $CA + run ${CODE_DIR}/getssl -U -d --revoke $CERT $KEY $CA assert_success check_output_for_errors "debug" } diff --git a/test/17-test-spaces-in-sans-dns01.bats b/test/17-test-spaces-in-sans-dns01.bats index 574866d..cc9efc7 100644 --- a/test/17-test-spaces-in-sans-dns01.bats +++ b/test/17-test-spaces-in-sans-dns01.bats @@ -41,7 +41,7 @@ setup() { if [ -n "$STAGING" ]; then skip "Using staging server, skipping internal test" fi - run ${CODE_DIR}/getssl -f $GETSSL_HOST + run ${CODE_DIR}/getssl -U -d -f $GETSSL_HOST assert_success check_output_for_errors cleanup_environment @@ -66,7 +66,7 @@ setup() { if [ -n "$STAGING" ]; then skip "Using staging server, skipping internal test" fi - run ${CODE_DIR}/getssl -f $GETSSL_HOST + run ${CODE_DIR}/getssl -U -d -f $GETSSL_HOST assert_success check_output_for_errors cleanup_environment diff --git a/test/17-test-spaces-in-sans-http01.bats b/test/17-test-spaces-in-sans-http01.bats index 0947e06..86df5dc 100644 --- a/test/17-test-spaces-in-sans-http01.bats +++ b/test/17-test-spaces-in-sans-http01.bats @@ -42,7 +42,7 @@ setup() { if [ -n "$STAGING" ]; then skip "Using staging server, skipping internal test" fi - run ${CODE_DIR}/getssl -f $GETSSL_HOST + run ${CODE_DIR}/getssl -U -d -f $GETSSL_HOST assert_success check_output_for_errors cleanup_environment @@ -67,7 +67,7 @@ setup() { if [ -n "$STAGING" ]; then skip "Using staging server, skipping internal test" fi - run ${CODE_DIR}/getssl -f $GETSSL_HOST + run ${CODE_DIR}/getssl -U -d -f $GETSSL_HOST assert_success check_output_for_errors cleanup_environment diff --git a/test/2-simple-dns01-dig.bats b/test/2-simple-dns01-dig.bats index c0edf7b..2e8199e 100644 --- a/test/2-simple-dns01-dig.bats +++ b/test/2-simple-dns01-dig.bats @@ -55,7 +55,7 @@ teardown() { } @test "Force renewal of certificate using DNS-01 (dig)" { - run ${CODE_DIR}/getssl -d -f $GETSSL_HOST + run ${CODE_DIR}/getssl -U -d -f $GETSSL_HOST assert_success assert_output --partial "dig" check_output_for_errors "debug" diff --git a/test/20-wildcard-simple.bats b/test/20-wildcard-simple.bats index eb0544f..7b69f1f 100644 --- a/test/20-wildcard-simple.bats +++ b/test/20-wildcard-simple.bats @@ -35,7 +35,7 @@ setup() { skip "Using staging server, skipping internal test" fi - run ${CODE_DIR}/getssl "*.$GETSSL_HOST" + run ${CODE_DIR}/getssl -U -d "*.$GETSSL_HOST" assert_success assert_line --partial "certificate is valid for more than" check_output_for_errors @@ -47,7 +47,7 @@ setup() { skip "Using staging server, skipping internal test" fi - run ${CODE_DIR}/getssl -f "*.$GETSSL_HOST" + run ${CODE_DIR}/getssl -U -d -f "*.$GETSSL_HOST" assert_success refute_line --partial "certificate is valid for more than" check_output_for_errors @@ -61,7 +61,7 @@ setup() { echo "RENEW_ALLOW=2000" >> "${INSTALL_DIR}/.getssl/*.${GETSSL_HOST}/getssl.cfg" - run ${CODE_DIR}/getssl "*.$GETSSL_HOST" + run ${CODE_DIR}/getssl -U -d "*.$GETSSL_HOST" assert_success refute_line --partial "certificate is valid for more than" check_output_for_errors diff --git a/test/23-wildcard-check-globbing.bats b/test/23-wildcard-check-globbing.bats index bf74230..a075f5d 100644 --- a/test/23-wildcard-check-globbing.bats +++ b/test/23-wildcard-check-globbing.bats @@ -44,7 +44,7 @@ setup() { skip "Not trying on staging server yet" fi - run ${CODE_DIR}/getssl -f "*.$GETSSL_HOST" + run ${CODE_DIR}/getssl -U -d -f "*.$GETSSL_HOST" assert_success refute_line --partial "certificate is valid for more than" check_output_for_errors diff --git a/test/25-wildcard-all.bats b/test/25-wildcard-all.bats index 4a74912..a5e1c13 100644 --- a/test/25-wildcard-all.bats +++ b/test/25-wildcard-all.bats @@ -32,13 +32,13 @@ setup() { cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/*.${GETSSL_HOST}/getssl.cfg" # create another domain in the .getssl directory - run ${CODE_DIR}/getssl -c "a.${GETSSL_HOST}" + run ${CODE_DIR}/getssl -U -d -c "a.${GETSSL_HOST}" cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/a.${GETSSL_HOST}/getssl.cfg" # Create a directory in /root which looks like a domain so that if glob expansion is performed the wildcard certificate won't be created mkdir -p "${INSTALL_DIR}/a.${GETSSL_HOST}" - run ${CODE_DIR}/getssl --all + run ${CODE_DIR}/getssl -U -d --all assert_success assert_line --partial "Certificate saved in /root/.getssl/*.${GETSSL_HOST}/*.${GETSSL_HOST}" diff --git a/test/26-wildcard-revoke.bats b/test/26-wildcard-revoke.bats index e613c1e..5709cc7 100644 --- a/test/26-wildcard-revoke.bats +++ b/test/26-wildcard-revoke.bats @@ -39,7 +39,7 @@ setup() { CERT=${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/${GETSSL_CMD_HOST}.crt KEY=${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/${GETSSL_CMD_HOST}.key - run ${CODE_DIR}/getssl -d --revoke $CERT $KEY $CA + run ${CODE_DIR}/getssl -U -d --revoke $CERT $KEY $CA assert_line "certificate revoked" assert_success check_output_for_errors "debug" diff --git a/test/27-wildcard-existing-cert.bats b/test/27-wildcard-existing-cert.bats index a9e83be..98c97e4 100644 --- a/test/27-wildcard-existing-cert.bats +++ b/test/27-wildcard-existing-cert.bats @@ -40,7 +40,7 @@ setup() { rm -r ${INSTALL_DIR}/.getssl # Create configuration - run ${CODE_DIR}/getssl -c "${GETSSL_CMD_HOST}" + run ${CODE_DIR}/getssl -U -d -c "${GETSSL_CMD_HOST}" # Assert that the newly created configuration contains the additional domain in SANS # if this fails then error in tests will be "grep failed" - this means SANS did not hold the expected value diff --git a/test/29-check-mktemp-failure.bats b/test/29-check-mktemp-failure.bats index 81b9ae4..1a00929 100644 --- a/test/29-check-mktemp-failure.bats +++ b/test/29-check-mktemp-failure.bats @@ -28,7 +28,7 @@ setup() { # set TMPDIR to an invalid directory and check for failure export TMPDIR=/getssl.invalid.directory setup_environment - run ${CODE_DIR}/getssl -c "$GETSSL_CMD_HOST" + run ${CODE_DIR}/getssl -U -d -c "$GETSSL_CMD_HOST" assert_failure assert_line --partial "mktemp failed" } diff --git a/test/3-dual-rsa-ecdsa.bats b/test/3-dual-rsa-ecdsa.bats index df8a8fc..5babf8f 100644 --- a/test/3-dual-rsa-ecdsa.bats +++ b/test/3-dual-rsa-ecdsa.bats @@ -45,7 +45,7 @@ setup() { skip "Using staging server, skipping internal test" fi check_nginx - run ${CODE_DIR}/getssl -d $GETSSL_HOST + run ${CODE_DIR}/getssl -U -d $GETSSL_HOST if [ "$OLD_NGINX" = "false" ]; then assert_line "certificate on server is same as the local cert" @@ -60,7 +60,7 @@ setup() { if [ -n "$STAGING" ]; then skip "Using staging server, skipping internal test" fi - run ${CODE_DIR}/getssl -f $GETSSL_HOST + run ${CODE_DIR}/getssl -U -f $GETSSL_HOST assert_success check_output_for_errors } @@ -94,7 +94,7 @@ setup() { if [ -n "$STAGING" ]; then skip "Using staging server, skipping internal test" fi - run ${CODE_DIR}/getssl -f $GETSSL_HOST + run ${CODE_DIR}/getssl -U -f $GETSSL_HOST assert_success check_output_for_errors cleanup_environment diff --git a/test/31-test-posix-error.bats b/test/31-test-posix-error.bats index 7623cae..87879b5 100644 --- a/test/31-test-posix-error.bats +++ b/test/31-test-posix-error.bats @@ -23,7 +23,7 @@ setup() { skip "Using staging server, skipping internal test" fi - run bash --posix "${CODE_DIR}/getssl" + run bash --posix "${CODE_DIR}/getssl" -U -d assert_failure assert_line "getssl: Running with POSIX mode enabled is not supported" check_output_for_errors diff --git a/test/32-test-upgrade.bats b/test/32-test-upgrade.bats index 1a311d7..fa000bb 100644 --- a/test/32-test-upgrade.bats +++ b/test/32-test-upgrade.bats @@ -5,9 +5,52 @@ load '/bats-assert/load.bash' load '/getssl/test/test_helper.bash' +setup_file() { + if [ -f $BATS_TMPDIR/failed.skip ]; then + echo "# Skipping setup due to previous test failure" >&3 + return 0 + fi + local n + # Not every tag reflects a stable release. Ask GitHub for the releases & identify the last two. + # This is sorted by creation date of the release tag, not the publication date. This matches + # GitHub's releases/latest, which is how getssl determines what's available. + # This is expensive, so do it only once + + . "${CODE_DIR}/getssl" -U --source + check_github_quota 1 + export RELEASES="$(mktemp 2>/dev/null || mktemp -t getssl.XXXXXX)" + if [ -z "$RELEASES" ]; then + echo "# mktemp failed" >&3 + return 1 + fi + if ! curl ${_NOMETER:---silent} --user-agent "$CURL_USERAGENT" \ + -H 'Accept: application/vnd.github.v3+json' "${RELEASE_API%/latest}" | \ + jq 'map(select((.draft or .prerelease)|not))|sort_by(.created_at)|reverse' >"$RELEASES" ; then + errcode="$?" + echo "# Failed to download release information from ${RELEASE_API%/latest} $errcode" >&3 + return "$errcode" + fi + n="$(jq '.|length' <$RELEASES)" + if [[ "$n" < 2 ]]; then + echo "# Fewer than 2 ($n) stable releases detected in ${RELEASE_API%/latest}, can not run upgrade tests" >&3 + return 0 + fi + CURRENT_TAG="$(jq -r '.[0].tag_name' <"$RELEASES")" + export CURRENT_TAG="${CURRENT_TAG:1}" + PREVIOUS_TAG="$(jq -r '.[1].tag_name' <"$RELEASES")" + export PREVIOUS_TAG="${PREVIOUS_TAG:1}" +} + +teardown_file() { + [ -n "$RELEASES" ] && rm -f "$RELEASES" + true +} + # This is run for every test setup() { [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ -z "$PREVIOUS_TAG" ] && skip "Skipping upgrade test because no previous release detected" + export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt # Turn off warning about detached head @@ -19,13 +62,9 @@ setup() { fi run git clone "${_REPO}" "$INSTALL_DIR/upgrade-getssl" - # Don't do version arithmetics any longer, look what was the previous version by getting the last - # line (starting with v) and the one before that from the list of tags. + cd "$INSTALL_DIR/upgrade-getssl" - # This sets CURRENT_TAG and PREVIOUS_TAG bash variables - eval $(git tag -l | awk 'BEGIN {cur="?.??"};/^v/{prv=cur;cur=substr($1,2)};END{ printf("CURRENT_TAG=\"%s\";PREVIOUS_TAG=\"%s\"\n",cur,prv)}') - # The version in the file, which we will overwrite FILE_VERSION=$(awk -F'"' '/^VERSION=/{print $2}' "$CODE_DIR/getssl") # If FILE_VERSION > CURRENT_TAG then either we are testing a push to master or the last version wasn't released @@ -57,11 +96,11 @@ teardown() { cp "$CODE_DIR/getssl" "$INSTALL_DIR/upgrade-getssl/" sed -i -e "s/VERSION=\"${FILE_VERSION}\"/VERSION=\"${PREVIOUS_TAG}\"/" "$INSTALL_DIR/upgrade-getssl/getssl" - run "$INSTALL_DIR/upgrade-getssl/getssl" --check-config ${GETSSL_CMD_HOST} + run "$INSTALL_DIR/upgrade-getssl/getssl" -d --check-config ${GETSSL_CMD_HOST} assert_success # Check for current tag or file version otherwise push to master fails on a new version (or if the tag hasn't been updated) - assert_line --regexp "A more recent version \(v(${CURRENT_TAG}|${FILE_VERSION})\) of getssl is available, please update" + assert_line --regexp "A more recent version \(v(${CURRENT_TAG}|${FILE_VERSION})\) than .* of getssl is available, please update" check_output_for_errors } @@ -84,15 +123,17 @@ teardown() { cp "$CODE_DIR/getssl" "$INSTALL_DIR/upgrade-getssl/" sed -i -e "s/VERSION=\"${FILE_VERSION}\"/VERSION=\"${PREVIOUS_TAG}\"/" "$INSTALL_DIR/upgrade-getssl/getssl" - run "$INSTALL_DIR/upgrade-getssl/getssl" --check-config --upgrade ${GETSSL_CMD_HOST} + run "$INSTALL_DIR/upgrade-getssl/getssl" -d --check-config --upgrade ${GETSSL_CMD_HOST} assert_success # Check for current tag or file version otherwise push to master fails on a new version (or if the tag hasn't been updated) - assert_line --regexp "Updated getssl from v${PREVIOUS_TAG} to v(${CURRENT_TAG}|${FILE_VERSION})" + assert_line --regexp "Installed v(${CURRENT_TAG}|${FILE_VERSION}), restarting" } @test "Test that we can upgrade to the newer version when invoking as \"bash ./getssl\"" { + skip "Makefile doesn't support bash ./getssl" + # Note that `bash getssl` will fail if the CWD isn't in the PATH and an upgrade occurs if [ -n "$STAGING" ]; then skip "Using staging server, skipping internal test" @@ -111,9 +152,9 @@ teardown() { cp "$CODE_DIR/getssl" "$INSTALL_DIR/upgrade-getssl/" sed -i -e "s/VERSION=\"${FILE_VERSION}\"/VERSION=\"${PREVIOUS_TAG}\"/" "$INSTALL_DIR/upgrade-getssl/getssl" - run bash ./getssl --check-config --upgrade ${GETSSL_CMD_HOST} + run bash ./getssl -d --check-config --upgrade ${GETSSL_CMD_HOST} assert_success # Check for current tag or file version otherwise push to master fails on a new version (or if the tag hasn't been updated) - assert_line --regexp "Updated getssl from v${PREVIOUS_TAG} to v(${CURRENT_TAG}|${FILE_VERSION})" + assert_line --regexp "Installed v(${CURRENT_TAG}|${FILE_VERSION}), restarting" } diff --git a/test/4-more-than-10-hosts.bats b/test/4-more-than-10-hosts.bats index f62d2e6..143afb4 100644 --- a/test/4-more-than-10-hosts.bats +++ b/test/4-more-than-10-hosts.bats @@ -39,7 +39,7 @@ setup() { if [ -n "$STAGING" ]; then skip "Using staging server, skipping internal test" fi - run ${CODE_DIR}/getssl -f $GETSSL_HOST + run ${CODE_DIR}/getssl -U -d -f $GETSSL_HOST assert_success check_output_for_errors # Remove all the dns aliases diff --git a/test/5-secp384-http01.bats b/test/5-secp384-http01.bats index 5ddf0d6..a108c27 100644 --- a/test/5-secp384-http01.bats +++ b/test/5-secp384-http01.bats @@ -33,7 +33,7 @@ setup() { if [ -n "$STAGING" ]; then skip "Using staging server, skipping internal test" fi - run ${CODE_DIR}/getssl -f $GETSSL_HOST + run ${CODE_DIR}/getssl -U -d -f $GETSSL_HOST assert_success check_output_for_errors } @@ -56,7 +56,7 @@ setup() { if [ -n "$STAGING" ]; then skip "Using staging server, skipping internal test" fi - run ${CODE_DIR}/getssl -f $GETSSL_HOST + run ${CODE_DIR}/getssl -U -d -f $GETSSL_HOST assert_success check_output_for_errors } diff --git a/test/8-staging-ecdsa.bats b/test/8-staging-ecdsa.bats index 67e657a..797ce04 100644 --- a/test/8-staging-ecdsa.bats +++ b/test/8-staging-ecdsa.bats @@ -23,7 +23,7 @@ teardown() { setup_environment init_getssl sed -e 's/rsa/prime256v1/g' < "${CODE_DIR}/test/test-config/${CONFIG_FILE}" > "${INSTALL_DIR}/.getssl/${GETSSL_HOST}/getssl.cfg" - run ${CODE_DIR}/getssl -d "$GETSSL_HOST" + run ${CODE_DIR}/getssl -U -d "$GETSSL_HOST" assert_success check_output_for_errors "debug" } @@ -40,7 +40,7 @@ teardown() { if [ -z "$STAGING" ]; then skip "Running internal tests, skipping external test" fi - run ${CODE_DIR}/getssl -d -f $GETSSL_HOST + run ${CODE_DIR}/getssl -U -d -f $GETSSL_HOST assert_success check_output_for_errors "debug" cleanup_environment @@ -63,7 +63,7 @@ teardown() { setup_environment init_getssl sed -e 's/rsa/secp384r1/g' < "${CODE_DIR}/test/test-config/${CONFIG_FILE}" > "${INSTALL_DIR}/.getssl/${GETSSL_HOST}/getssl.cfg" - run ${CODE_DIR}/getssl -d "$GETSSL_HOST" + run ${CODE_DIR}/getssl -U -d "$GETSSL_HOST" assert_success check_output_for_errors "debug" } @@ -80,7 +80,7 @@ teardown() { if [ -z "$STAGING" ]; then skip "Running internal tests, skipping external test" fi - run ${CODE_DIR}/getssl -d -f $GETSSL_HOST + run ${CODE_DIR}/getssl -U -d -f $GETSSL_HOST assert_success check_output_for_errors "debug" cleanup_environment diff --git a/test/9-multiple-domains-dns01.bats b/test/9-multiple-domains-dns01.bats index 12bb2e1..c540d9a 100644 --- a/test/9-multiple-domains-dns01.bats +++ b/test/9-multiple-domains-dns01.bats @@ -39,7 +39,7 @@ setup() { if [ -n "$STAGING" ]; then skip "Using staging server, skipping internal test" fi - run ${CODE_DIR}/getssl -f $GETSSL_HOST + run ${CODE_DIR}/getssl -U -d -f $GETSSL_HOST assert_success check_output_for_errors # Remove all the dns aliases diff --git a/test/9-test--all.bats b/test/9-test--all.bats index 35697fd..bab1ced 100644 --- a/test/9-test--all.bats +++ b/test/9-test--all.bats @@ -29,7 +29,7 @@ setup() { cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/${GETSSL_HOST}/getssl.cfg" # Run test - run ${CODE_DIR}/getssl --all + run ${CODE_DIR}/getssl -U -d --all # Check success conditions assert_success diff --git a/test/Dockerfile-alpine b/test/Dockerfile-alpine index b0a0ae1..667512e 100644 --- a/test/Dockerfile-alpine +++ b/test/Dockerfile-alpine @@ -2,7 +2,7 @@ FROM alpine:latest # Note this image uses busybox awk instead of gawk -RUN apk --no-cache add supervisor openssl git curl bind-tools drill wget nginx bash lftp vsftpd openssh-server +RUN apk --no-cache add supervisor openssl git curl bind-tools drill wget nginx bash lftp vsftpd openssh-server jq WORKDIR /root diff --git a/test/Dockerfile-bash4-0 b/test/Dockerfile-bash4-0 index 0dae149..8c92f8e 100644 --- a/test/Dockerfile-bash4-0 +++ b/test/Dockerfile-bash4-0 @@ -2,7 +2,7 @@ FROM bash:4.0 # https://hub.docker.com/_/bash -RUN apk --no-cache add supervisor openssl git curl bind-tools drill wget nginx lftp vsftpd openssh-server +RUN apk --no-cache add supervisor openssl git curl bind-tools drill wget nginx lftp vsftpd openssh-server jq WORKDIR /root diff --git a/test/Dockerfile-bash4-2 b/test/Dockerfile-bash4-2 index dd1cb11..1f0f7f3 100644 --- a/test/Dockerfile-bash4-2 +++ b/test/Dockerfile-bash4-2 @@ -2,7 +2,7 @@ FROM bash:4.2 # https://hub.docker.com/_/bash -RUN apk --no-cache add supervisor openssl git curl bind-tools drill wget nginx lftp vsftpd openssh-server +RUN apk --no-cache add supervisor openssl git curl bind-tools drill wget nginx lftp vsftpd openssh-server jq WORKDIR /root diff --git a/test/Dockerfile-bash5-0 b/test/Dockerfile-bash5-0 index 260290d..a437388 100644 --- a/test/Dockerfile-bash5-0 +++ b/test/Dockerfile-bash5-0 @@ -2,7 +2,7 @@ FROM bash:5.0 # https://hub.docker.com/_/bash -RUN apk --no-cache add supervisor openssl git curl bind-tools drill wget nginx lftp vsftpd openssh-server +RUN apk --no-cache add supervisor openssl git curl bind-tools drill wget nginx lftp vsftpd openssh-server jq WORKDIR /root diff --git a/test/Dockerfile-centos6 b/test/Dockerfile-centos6 index e16388f..f8d08b2 100644 --- a/test/Dockerfile-centos6 +++ b/test/Dockerfile-centos6 @@ -12,7 +12,7 @@ RUN sed -i 's/enabled=1/enabled=0/g' /etc/yum/pluginconf.d/fastestmirror.conf && # Update and install required software RUN yum -y install epel-release -RUN yum -y install git curl dnsutils ldns wget nginx +RUN yum -y install git curl dnsutils ldns wget nginx jq RUN yum -y install ftp vsftpd RUN yum -y install openssh-server diff --git a/test/Dockerfile-centos7 b/test/Dockerfile-centos7 index 56dff7d..400dcea 100644 --- a/test/Dockerfile-centos7 +++ b/test/Dockerfile-centos7 @@ -3,7 +3,7 @@ FROM centos:centos7 # Update and install required software RUN yum -y update RUN yum -y install epel-release -RUN yum -y install git curl ldns bind-utils wget which nginx +RUN yum -y install git curl ldns bind-utils wget which nginx jq RUN yum -y install ftp vsftpd RUN yum -y install openssh-server diff --git a/test/Dockerfile-centos7-duckdns b/test/Dockerfile-centos7-duckdns index 96a5fab..46bd254 100644 --- a/test/Dockerfile-centos7-duckdns +++ b/test/Dockerfile-centos7-duckdns @@ -5,7 +5,7 @@ FROM centos:centos7 # Update and install required software RUN yum -y update RUN yum -y install epel-release -RUN yum -y install git curl bind-utils ldns wget which nginx +RUN yum -y install git curl bind-utils ldns wget which nginx jq # Set locale ENV LANG en_US.UTF-8 diff --git a/test/Dockerfile-centos7-dynu b/test/Dockerfile-centos7-dynu index cabd7eb..f196c5d 100644 --- a/test/Dockerfile-centos7-dynu +++ b/test/Dockerfile-centos7-dynu @@ -5,7 +5,7 @@ FROM centos:centos7 # Update and install required software RUN yum -y update RUN yum -y install epel-release -RUN yum -y install git curl bind-utils ldns wget which nginx +RUN yum -y install git curl bind-utils ldns wget which nginx jq # Set locale ENV LANG en_US.UTF-8 diff --git a/test/Dockerfile-centos8 b/test/Dockerfile-centos8 index 4ac3114..552e1d9 100644 --- a/test/Dockerfile-centos8 +++ b/test/Dockerfile-centos8 @@ -5,7 +5,7 @@ FROM centos:centos8 # Update and install required software RUN yum -y update RUN yum -y install epel-release -RUN yum -y install git curl bind-utils wget which nginx +RUN yum -y install git curl bind-utils wget which nginx jq RUN yum -y install ftp vsftpd RUN yum -y install openssh-server diff --git a/test/Dockerfile-debian b/test/Dockerfile-debian index 1a57107..0deedff 100644 --- a/test/Dockerfile-debian +++ b/test/Dockerfile-debian @@ -4,7 +4,7 @@ FROM debian:latest # Update and install required software RUN apt-get update --fix-missing -RUN apt-get install -y git curl dnsutils ldnsutils wget nginx-light +RUN apt-get install -y git curl dnsutils ldnsutils wget nginx-light jq RUN apt-get install -y ftp vsftpd RUN apt-get install -y openssh-server RUN apt-get install -y locales # for idn testing diff --git a/test/Dockerfile-rockylinux8 b/test/Dockerfile-rockylinux8 index 4b7a135..37bff04 100644 --- a/test/Dockerfile-rockylinux8 +++ b/test/Dockerfile-rockylinux8 @@ -3,7 +3,7 @@ FROM rockylinux/rockylinux:8 # Update and install required software RUN yum -y update RUN yum -y install epel-release -RUN yum -y install git curl bind-utils wget which nginx +RUN yum -y install git curl bind-utils wget which nginx jq RUN yum -y install ftp vsftpd RUN yum -y install openssh-server RUN yum -y install glibc-locale-source glibc-langpack-en # for en_US.UTF-8 support diff --git a/test/Dockerfile-ubuntu b/test/Dockerfile-ubuntu index 5dee554..9ee83c6 100644 --- a/test/Dockerfile-ubuntu +++ b/test/Dockerfile-ubuntu @@ -7,7 +7,7 @@ ENV DEBIAN_FRONTEND noninteractive # Update and install required software RUN apt-get update --fix-missing -RUN apt-get install -y git curl dnsutils ldnsutils wget nginx-light +RUN apt-get install -y git curl dnsutils ldnsutils wget nginx-light jq RUN apt-get install -y vim dos2unix # for debugging RUN apt-get install -y ftp vsftpd RUN apt-get install -y openssh-server diff --git a/test/Dockerfile-ubuntu-duckdns b/test/Dockerfile-ubuntu-duckdns index c4fdc6a..783a151 100644 --- a/test/Dockerfile-ubuntu-duckdns +++ b/test/Dockerfile-ubuntu-duckdns @@ -12,7 +12,7 @@ ENV dynamic_dns "duckdns" # Update and install required software RUN apt-get update --fix-missing -RUN apt-get install -y git curl dnsutils ldnsutils wget nginx-light +RUN apt-get install -y git curl dnsutils ldnsutils wget nginx-light jq RUN apt-get install -y vim dos2unix # for debugging RUN apt-get install -y locales # for idn testing diff --git a/test/Dockerfile-ubuntu-dynu b/test/Dockerfile-ubuntu-dynu index 68f5c06..a84dc08 100644 --- a/test/Dockerfile-ubuntu-dynu +++ b/test/Dockerfile-ubuntu-dynu @@ -12,7 +12,7 @@ ENV dynamic_dns "dynu" # Update and install required software RUN apt-get update --fix-missing -RUN apt-get install -y git curl dnsutils ldnsutils wget nginx-light +RUN apt-get install -y git curl dnsutils ldnsutils wget nginx-light jq RUN apt-get install -y vim dos2unix # for debugging RUN apt-get install -y locales # for idn testing diff --git a/test/Dockerfile-ubuntu16 b/test/Dockerfile-ubuntu16 index 8e4ecae..396d13d 100644 --- a/test/Dockerfile-ubuntu16 +++ b/test/Dockerfile-ubuntu16 @@ -5,7 +5,7 @@ FROM ubuntu:xenial # Update and install required software RUN apt-get update --fix-missing -RUN apt-get install -y git curl dnsutils ldnsutils wget nginx-light +RUN apt-get install -y git curl dnsutils ldnsutils wget nginx-light jq RUN apt-get install -y ftp vsftpd RUN apt-get install -y openssh-server RUN apt-get install -y locales # for idn testing diff --git a/test/Dockerfile-ubuntu18 b/test/Dockerfile-ubuntu18 index 98b62d5..76ce362 100644 --- a/test/Dockerfile-ubuntu18 +++ b/test/Dockerfile-ubuntu18 @@ -5,7 +5,7 @@ FROM ubuntu:bionic # Update and install required software RUN apt-get update --fix-missing -RUN apt-get install -y git curl dnsutils ldnsutils wget gawk nginx-light +RUN apt-get install -y git curl dnsutils ldnsutils wget gawk nginx-light jq RUN apt-get install -y ftp vsftpd RUN apt-get install -y openssh-server RUN apt-get install -y locales # for idn testing diff --git a/test/debug-test.sh b/test/debug-test.sh index ac94b53..07e6cd6 100755 --- a/test/debug-test.sh +++ b/test/debug-test.sh @@ -24,7 +24,7 @@ if grep -q pebble "${CONFIG_FILE}"; then export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt fi -"${CODE_DIR}/getssl" -c "$GETSSL_HOST" 3>&1 +"${CODE_DIR}/getssl" -U -c "$GETSSL_HOST" 3>&1 cp "${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/${GETSSL_HOST}/getssl.cfg" # shellcheck disable=SC2086 -"${CODE_DIR}/getssl" ${DEBUG} -f "$GETSSL_HOST" 3>&1 +"${CODE_DIR}/getssl" -U ${DEBUG} -f "$GETSSL_HOST" 3>&1 diff --git a/test/test_helper.bash b/test/test_helper.bash index 0827adf..37f77cd 100644 --- a/test/test_helper.bash +++ b/test/test_helper.bash @@ -47,12 +47,12 @@ create_certificate() { # Create certificate cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl.cfg" # shellcheck disable=SC2086 - run ${CODE_DIR}/getssl -d "$@" "$GETSSL_CMD_HOST" + run ${CODE_DIR}/getssl -U -d "$@" "$GETSSL_CMD_HOST" } init_getssl() { # Run initialisation (create account key, etc) - run ${CODE_DIR}/getssl -d -c "$GETSSL_CMD_HOST" + run ${CODE_DIR}/getssl -U -d -c "$GETSSL_CMD_HOST" assert_success [ -d "$INSTALL_DIR/.getssl" ] }