Merge pull request #625 from srvrco/ftp-tests

Add FTP_OPTIONS (passive support)
5 years ago · 7c243124b0
--- a/+ 29
+++ b/+ 29
@ -274,6 +274,7 @@ DEACTIVATE_AUTH="false"
 DEFAULT_REVOKE_CA="https://acme-v02.api.letsencrypt.org"
 DOMAIN_KEY_LENGTH=4096
 DUAL_RSA_ECDSA="false"
 FTP_OPTIONS=""
 GETSSL_IGNORE_CP_PRESERVE="false"
 HTTP_TOKEN_CHECK_WAIT=0
 IGNORE_DIRECTORY_DOMAIN="false"
@ -842,6 +843,9 @@ copy_file_to_location() { # copies a file, using scp, sftp or ftp if required.
      if [[ "$cert" != "challenge token" ]] ; then
        error_exit "ftp is not a secure method for copying certificates or keys"
      fi
      if [[ -z "$FTP_COMMAND" ]]; then
        error_exit "No ftp command found"
      fi
      debug "using ftp to copy the file from $from"
      ftpuser=$(echo "$to"| awk -F: '{print $2}')
      ftppass=$(echo "$to"| awk -F: '{print $3}')
@ -853,9 +857,15 @@ copy_file_to_location() { # copies a file, using scp, sftp or ftp if required.
      fromfile=$(basename "$from")
      debug "ftp user=$ftpuser - pass=$ftppass - host=$ftphost dir=$ftpdirn file=$ftpfile"
      debug "from dir=$fromdir  file=$fromfile"
      ftp -n <<- _EOF
      if [ -n "$FTP_OPTIONS" ]; then
        # Use eval to expand any variables in FTP_OPTIONS
        FTP_OPTIONS=$(eval echo "$FTP_OPTIONS")
        debug "FTP_OPTIONS=$FTP_OPTIONS"
      fi
      $FTP_COMMAND <<- _EOF
 			open $ftphost
 			user $ftpuser $ftppass
      user $ftpuser $ftppass
      $FTP_OPTIONS
 			cd $ftpdirn
 			lcd $fromdir
 			put ./$fromfile
@ -1119,6 +1129,18 @@ find_dns_utils() {
    fi
 }

 find_ftp_command() {
  FTP_COMMAND=""
  if [[ -n "$(command -v ftp 2>/dev/null)" ]]; then
    debug "Has ftp"
    FTP_COMMAND="ftp -n"
  elif [[ -n "$(command -v lftp 2>/dev/null)" ]]; then
    debug "Has lftp"
    FTP_COMMAND="lftp"
  fi
 }


 fulfill_challenges() {
 dn=0
 for d in "${alldomains[@]}"; do
@ -1268,8 +1290,8 @@ for d in "${alldomains[@]}"; do
          ftppass=$(echo "${t_loc}"| awk -F: '{print $3}')
          ftphost=$(echo "${t_loc}"| awk -F: '{print $4}')
          ftplocn=$(echo "${t_loc}"| awk -F: '{print $5}')
          debug "ftp user=$ftpuser - pass=$ftppass - host=$ftphost location=$ftplocn"
          ftp -n <<- EOF
          debug "$FTP_COMMAND user=$ftpuser - pass=$ftppass - host=$ftphost location=$ftplocn"
          $FTP_COMMAND <<- EOF
 					open $ftphost
 					user $ftpuser $ftppass
 					cd $ftplocn
@ -2654,6 +2676,9 @@ set_server_type
 # check what dns utils are installed
 find_dns_utils

 # Find what ftp client is installed
 find_ftp_command

 # auto upgrade clients to v2
 auto_upgrade_v2

--- a/test/33-ftp.bats
+++ b/test/33-ftp.bats
@ -0,0 +1,71 @@
 #! /usr/bin/env bats

 load '/bats-support/load.bash'
 load '/bats-assert/load.bash'
 load '/getssl/test/test_helper.bash'


 # This is run for every test
 setup() {
    export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
    if [ -n "${VSFTPD_CONF}" ]; then
        cp $VSFTPD_CONF ${VSFTPD_CONF}.getssl

        # enable passive and disable active mode
        # https://www.pixelstech.net/article/1364817664-FTP-active-mode-and-passive-mode
        cat <<- _FTP >> $VSFTPD_CONF
 pasv_enable=NO
 _FTP

        ${CODE_DIR}/test/restart-ftpd
    fi
 }


 teardown() {
    if [ -n "${VSFTPD_CONF}" ]; then
        cp ${VSFTPD_CONF}.getssl $VSFTPD_CONF
        ${CODE_DIR}/test/restart-ftpd
    fi
 }


@test "Use FTP to create challenge file" {
    if [ -n "$STAGING" ]; then
        skip "Using staging server, skipping internal test"
    fi

    if [[ ! -d /var/www/html/.well-known/acme-challenge ]]; then
        mkdir -p /var/www/html/.well-known/acme-challenge
    fi

    # Always change ownership and permissions in case previous tests created the directories as root
    chgrp -R www-data /var/www/html/.well-known
    chmod -R g+w /var/www/html/.well-known

    CONFIG_FILE="getssl-http01.cfg"
    setup_environment
    init_getssl

    cat <<- EOF > ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl_test_specific.cfg
 ACL="ftp:ftpuser:ftpuser:${GETSSL_CMD_HOST}:/var/www/html/.well-known/acme-challenge"
 EOF

    if [[ "$GETSSL_OS" = "alpine" ]]; then
        cat <<- EOF2 >> ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl_test_specific.cfg
 FTP_OPTIONS="set ftp:passive-mode off"
 EOF2
    elif [[ "$FTP_PASSIVE_DEFAULT" == "true" ]]; then
        cat <<- EOF3 >> ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl_test_specific.cfg
 FTP_OPTIONS="passive"
 EOF3
    fi

    create_certificate
    assert_success
    assert_line --partial "ftp:ftpuser:ftpuser:"
    if [[ "$GETSSL_OS" != "alpine" ]] && [[ "$FTP_PASSIVE_DEFAULT" == "true" ]]; then
        assert_line --partial "Passive mode off"
    fi
    check_output_for_errors
 }
--- a/test/34-ftp-passive.bats
+++ b/test/34-ftp-passive.bats
@ -0,0 +1,71 @@
 #! /usr/bin/env bats

 load '/bats-support/load.bash'
 load '/bats-assert/load.bash'
 load '/getssl/test/test_helper.bash'


 # This is run for every test
 setup() {
    export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
    if [ -n "${VSFTPD_CONF}" ]; then
        cp $VSFTPD_CONF ${VSFTPD_CONF}.getssl

        # enable passive and disable active mode
        # https://www.pixelstech.net/article/1364817664-FTP-active-mode-and-passive-mode
        cat <<- _FTP >> $VSFTPD_CONF
 pasv_enable=YES
 pasv_max_port=10100
 pasv_min_port=10090
 connect_from_port_20=NO
 _FTP

        ${CODE_DIR}/test/restart-ftpd
    fi
 }


 teardown() {
    if [ -n "${VSFTPD_CONF}" ]; then
        cp ${VSFTPD_CONF}.getssl $VSFTPD_CONF
        ${CODE_DIR}/test/restart-ftpd
    fi
 }


@test "Use Passive FTP to create challenge file" {
    if [ -n "$STAGING" ]; then
        skip "Using staging server, skipping internal test"
    fi

    if [[ ! -d /var/www/html/.well-known/acme-challenge ]]; then
        mkdir -p /var/www/html/.well-known/acme-challenge
    fi

    # Always change ownership and permissions in case previous tests created the directories as root
    chgrp -R www-data /var/www/html/.well-known
    chmod -R g+w /var/www/html/.well-known

    CONFIG_FILE="getssl-http01.cfg"
    setup_environment
    init_getssl

    cat <<- EOF > ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl_test_specific.cfg
 ACL="ftp:ftpuser:ftpuser:${GETSSL_CMD_HOST}:/var/www/html/.well-known/acme-challenge"
 EOF
    if [[ "$FTP_PASSIVE_DEFAULT" == "false" ]]; then
        cat <<- EOF3 >> ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl_test_specific.cfg
 FTP_OPTIONS="passive"
 EOF3
    fi

    create_certificate
    assert_success
    assert_line --partial "ftp:ftpuser:ftpuser:"
    if [[ "$FTP_PASSIVE_DEFAULT" == "false" ]]; then
        assert_line --partial "Passive mode on"
    else
        refute_line --partial "Passive mode off"
    fi
    check_output_for_errors
 }
--- a/test/Dockerfile-alpine
+++ b/test/Dockerfile-alpine
@ -2,7 +2,7 @@ FROM alpine:latest

 # Note this image uses busybox awk instead of gawk

 RUN apk --no-cache add supervisor openssl git curl bind-tools drill wget nginx bash
 RUN apk --no-cache add supervisor openssl git curl bind-tools drill wget nginx bash lftp vsftpd openssh-server

 WORKDIR /root

@ -11,6 +11,18 @@ RUN mkdir /run/nginx
 RUN mkdir /etc/nginx/pki
 RUN mkdir /etc/nginx/pki/private

 # Setup ftp
 ENV VSFTPD_CONF=/etc/vsftpd.conf
 ENV FTP_PASSIVE_DEFAULT=true
 COPY ./test/test-config/vsftpd.conf /etc/vsftpd.conf
 RUN echo "seccomp_sandbox=NO" >> /etc/vsftpd.conf
 RUN adduser -D ftpuser
 RUN echo 'ftpuser:ftpuser' | chpasswd
 RUN adduser ftpuser www-data
 RUN adduser root www-data
 RUN chown -R ftpuser.www-data /var/www
 RUN chmod g+w -R /var/www

 # BATS (Bash Automated Testings)
 RUN git clone https://github.com/bats-core/bats-core.git /bats-core --branch v1.2.1
 RUN git clone https://github.com/bats-core/bats-support /bats-support
--- a/test/Dockerfile-bash4-0
+++ b/test/Dockerfile-bash4-0
@ -2,7 +2,7 @@ FROM bash:4.0

 # https://hub.docker.com/_/bash

 RUN apk --no-cache add supervisor openssl git curl bind-tools drill wget nginx bash
 RUN apk --no-cache add supervisor openssl git curl bind-tools drill wget nginx lftp vsftpd openssh-server

 WORKDIR /root

@ -11,6 +11,18 @@ RUN mkdir /run/nginx
 RUN mkdir /etc/nginx/pki
 RUN mkdir /etc/nginx/pki/private

 # Setup ftp
 ENV VSFTPD_CONF=/etc/vsftpd.conf
 ENV FTP_PASSIVE_DEFAULT=true
 COPY ./test/test-config/vsftpd.conf /etc/vsftpd.conf
 RUN echo "seccomp_sandbox=NO" >> /etc/vsftpd.conf
 RUN adduser -D ftpuser
 RUN echo 'ftpuser:ftpuser' | chpasswd
 RUN adduser ftpuser www-data
 RUN adduser root www-data
 RUN chown -R ftpuser.www-data /var/www
 RUN chmod g+w -R /var/www

 # BATS (Bash Automated Testings)
 RUN git clone https://github.com/bats-core/bats-core.git /bats-core --branch v1.2.1
 RUN git clone https://github.com/bats-core/bats-support /bats-support
--- a/test/Dockerfile-bash4-2
+++ b/test/Dockerfile-bash4-2
@ -2,7 +2,7 @@ FROM bash:4.2

 # https://hub.docker.com/_/bash

 RUN apk --no-cache add supervisor openssl git curl bind-tools drill wget nginx bash
 RUN apk --no-cache add supervisor openssl git curl bind-tools drill wget nginx lftp vsftpd openssh-server

 WORKDIR /root

@ -11,6 +11,18 @@ RUN mkdir /run/nginx
 RUN mkdir /etc/nginx/pki
 RUN mkdir /etc/nginx/pki/private

 # Setup ftp
 ENV VSFTPD_CONF=/etc/vsftpd.conf
 ENV FTP_PASSIVE_DEFAULT=true
 COPY ./test/test-config/vsftpd.conf /etc/vsftpd.conf
 RUN echo "seccomp_sandbox=NO" >> /etc/vsftpd.conf
 RUN adduser -D ftpuser
 RUN echo 'ftpuser:ftpuser' | chpasswd
 RUN adduser ftpuser www-data
 RUN adduser root www-data
 RUN chown -R ftpuser.www-data /var/www
 RUN chmod g+w -R /var/www

 # BATS (Bash Automated Testings)
 RUN git clone https://github.com/bats-core/bats-core.git /bats-core --branch v1.2.1
 RUN git clone https://github.com/bats-core/bats-support /bats-support
--- a/test/Dockerfile-bash5-0
+++ b/test/Dockerfile-bash5-0
@ -2,7 +2,7 @@ FROM bash:5.0

 # https://hub.docker.com/_/bash

 RUN apk --no-cache add supervisor openssl git curl bind-tools drill wget nginx bash
 RUN apk --no-cache add supervisor openssl git curl bind-tools drill wget nginx lftp vsftpd openssh-server

 WORKDIR /root

@ -11,6 +11,18 @@ RUN mkdir /run/nginx
 RUN mkdir /etc/nginx/pki
 RUN mkdir /etc/nginx/pki/private

 # Setup ftp
 ENV VSFTPD_CONF=/etc/vsftpd.conf
 ENV FTP_PASSIVE_DEFAULT=true
 COPY ./test/test-config/vsftpd.conf /etc/vsftpd.conf
 RUN echo "seccomp_sandbox=NO" >> /etc/vsftpd.conf
 RUN adduser -D ftpuser
 RUN echo 'ftpuser:ftpuser' | chpasswd
 RUN adduser ftpuser www-data
 RUN adduser root www-data
 RUN chown -R ftpuser.www-data /var/www
 RUN chmod g+w -R /var/www

 # BATS (Bash Automated Testings)
 RUN git clone https://github.com/bats-core/bats-core.git /bats-core --branch v1.2.1
 RUN git clone https://github.com/bats-core/bats-support /bats-support
--- a/test/Dockerfile-centos6
+++ b/test/Dockerfile-centos6
@ -5,16 +5,29 @@ FROM centos:centos6
 # [wsl2]
 # kernelCommandLine = vsyscall=emulate

 # Centos 6 is EOL and is no longer available from the usual mirrors, so switch
 # to https://vault.centos.org
 # Centos 6 is EOL and is no longer available from the usual mirrors, so switch to https://vault.centos.org
 RUN sed -i 's/enabled=1/enabled=0/g' /etc/yum/pluginconf.d/fastestmirror.conf && \
    sed -i 's/^mirrorlist/#mirrorlist/g' /etc/yum.repos.d/*.repo && \
    sed -i 's;^#baseurl=http://mirror;baseurl=https://vault;g' /etc/yum.repos.d/*.repo

 # Update and install required software
 #RUN yum -y update
 RUN yum -y install epel-release
 RUN yum -y install git curl dnsutils ldns wget nginx
 RUN yum -y install ftp vsftpd
 RUN yum -y install openssh-server

 # Setup ftp
 ENV VSFTPD_CONF=/etc/vsftpd/vsftpd.conf
 ENV FTP_PASSIVE_DEFAULT=true
 COPY test/test-config/vsftpd.conf /etc/vsftpd/vsftpd.conf
 RUN adduser ftpuser
 RUN echo 'ftpuser:ftpuser' | chpasswd
 RUN adduser www-data
 RUN usermod -G www-data ftpuser
 RUN usermod -G www-data root
 RUN mkdir -p /var/www/.well-known/acme-challenge
 RUN chown -R www-data.www-data /var/www
 RUN chmod g+w -R /var/www

 WORKDIR /root
 RUN mkdir /etc/nginx/pki
@ -22,10 +35,12 @@ RUN mkdir /etc/nginx/pki/private
 COPY ./test/test-config/nginx-ubuntu-no-ssl /etc/nginx/conf.d/default.conf

 # BATS (Bash Automated Testings)
 RUN git clone https://github.com/bats-core/bats-core.git /bats-core --branch v1.2.1
 RUN git clone https://github.com/bats-core/bats-core.git /bats-core # --branch v1.2.1
 RUN git clone https://github.com/bats-core/bats-support /bats-support
 RUN git clone https://github.com/bats-core/bats-assert /bats-assert
 RUN /bats-core/install.sh /usr/local
 # Hack to disable BATS pretty formatter which stopped working on centos6
 ENV CI=yes

 EXPOSE 80 443

--- a/test/Dockerfile-centos7
+++ b/test/Dockerfile-centos7
@ -4,6 +4,8 @@ FROM centos:centos7
 RUN yum -y update
 RUN yum -y install epel-release
 RUN yum -y install git curl ldns bind-utils wget which nginx
 RUN yum -y install ftp vsftpd
 RUN yum -y install openssh-server

 WORKDIR /root
 RUN mkdir /etc/nginx/pki
@ -11,6 +13,19 @@ RUN mkdir /etc/nginx/pki/private
 COPY ./test/test-config/nginx-ubuntu-no-ssl /etc/nginx/conf.d/default.conf
 COPY ./test/test-config/nginx-centos7.conf /etc/nginx/nginx.conf

 # Setup ftp
 ENV VSFTPD_CONF=/etc/vsftpd/vsftpd.conf
 ENV FTP_PASSIVE_DEFAULT=true
 COPY test/test-config/vsftpd.conf /etc/vsftpd/vsftpd.conf
 RUN adduser ftpuser
 RUN echo 'ftpuser:ftpuser' | chpasswd
 RUN adduser www-data
 RUN usermod -G www-data ftpuser
 RUN usermod -G www-data root
 RUN mkdir -p /var/www/.well-known/acme-challenge
 RUN chown -R www-data.www-data /var/www
 RUN chmod g+w -R /var/www

 # BATS (Bash Automated Testings)
 RUN git clone https://github.com/bats-core/bats-core.git /bats-core --branch v1.2.1
 RUN git clone https://github.com/bats-core/bats-support /bats-support
--- a/test/Dockerfile-centos8
+++ b/test/Dockerfile-centos8
@ -6,6 +6,8 @@ FROM centos:centos8
 RUN yum -y update
 RUN yum -y install epel-release
 RUN yum -y install git curl bind-utils wget which nginx
 RUN yum -y install ftp vsftpd
 RUN yum -y install openssh-server

 WORKDIR /root
 RUN mkdir /etc/nginx/pki
@ -13,6 +15,19 @@ RUN mkdir /etc/nginx/pki/private
 COPY ./test/test-config/nginx-ubuntu-no-ssl /etc/nginx/conf.d/default.conf
 COPY ./test/test-config/nginx-centos7.conf /etc/nginx/nginx.conf

 # Setup ftp
 ENV VSFTPD_CONF=/etc/vsftpd/vsftpd.conf
 ENV FTP_PASSIVE_DEFAULT=true
 COPY test/test-config/vsftpd.conf /etc/vsftpd/vsftpd.conf
 RUN adduser ftpuser
 RUN echo 'ftpuser:ftpuser' | chpasswd
 RUN adduser www-data
 RUN usermod -G www-data ftpuser
 RUN usermod -G www-data root
 RUN mkdir -p /var/www/.well-known/acme-challenge
 RUN chown -R www-data.www-data /var/www
 RUN chmod g+w -R /var/www

 # BATS (Bash Automated Testings)
 RUN git clone https://github.com/bats-core/bats-core.git /bats-core --branch v1.2.1
 RUN git clone https://github.com/bats-core/bats-support /bats-support
--- a/test/Dockerfile-debian
+++ b/test/Dockerfile-debian
@ -5,11 +5,24 @@ FROM debian:latest
 # Update and install required software
 RUN apt-get update --fix-missing
 RUN apt-get install -y git curl dnsutils ldnsutils wget nginx-light
 RUN apt-get install -y ftp vsftpd
 RUN apt-get install -y openssh-server

 WORKDIR /root
 RUN mkdir /etc/nginx/pki
 RUN mkdir /etc/nginx/pki/private

 # Setup ftp
 ENV VSFTPD_CONF=/etc/vsftpd.conf
 ENV FTP_PASSIVE_DEFAULT=false
 COPY test/test-config/vsftpd.conf /etc/vsftpd.conf
 RUN adduser ftpuser
 RUN echo 'ftpuser:ftpuser' | chpasswd
 RUN adduser ftpuser www-data
 RUN adduser root www-data
 RUN chown -R www-data.www-data /var/www
 RUN chmod g+w -R /var/www

 # BATS (Bash Automated Testings)
 RUN git clone https://github.com/bats-core/bats-core.git /bats-core --branch v1.2.1
 RUN git clone https://github.com/bats-core/bats-support /bats-support
--- a/test/Dockerfile-ubuntu
+++ b/test/Dockerfile-ubuntu
@ -9,6 +9,19 @@ ENV DEBIAN_FRONTEND noninteractive
 RUN apt-get update --fix-missing
 RUN apt-get install -y git curl dnsutils ldnsutils wget nginx-light
 RUN apt-get install -y vim dos2unix # for debugging
 RUN apt-get install -y ftp vsftpd
 RUN apt-get install -y openssh-server

 # Setup ftp
 ENV VSFTPD_CONF=/etc/vsftpd.conf
 ENV FTP_PASSIVE_DEFAULT=false
 COPY test/test-config/vsftpd.conf /etc/vsftpd.conf
 RUN adduser ftpuser
 RUN echo 'ftpuser:ftpuser' | chpasswd
 RUN adduser ftpuser www-data
 RUN adduser root www-data
 RUN chown -R www-data.www-data /var/www
 RUN chmod g+w -R /var/www

 WORKDIR /root

--- a/test/Dockerfile-ubuntu16
+++ b/test/Dockerfile-ubuntu16
@ -6,12 +6,27 @@ FROM ubuntu:xenial
 # Update and install required software
 RUN apt-get update --fix-missing
 RUN apt-get install -y git curl dnsutils ldnsutils wget nginx-light
 RUN apt-get install -y ftp vsftpd
 RUN apt-get install -y openssh-server

 WORKDIR /root
 RUN mkdir /etc/nginx/pki
 RUN mkdir /etc/nginx/pki/private
 COPY ./test/test-config/nginx-ubuntu-no-ssl /etc/nginx/sites-enabled/default

 # Setup ftp
 ENV VSFTPD_CONF=/etc/vsftpd.conf
 ENV FTP_PASSIVE_DEFAULT=false
 COPY test/test-config/vsftpd.conf /etc/vsftpd.conf
 # The default init.d script seems to have an incorrect check that vsftpd has started
 COPY test/test-config/vsftpd.initd /etc/init.d/vsftpd
 RUN adduser ftpuser
 RUN echo 'ftpuser:ftpuser' | chpasswd
 RUN adduser ftpuser www-data
 RUN adduser root www-data
 RUN chown -R www-data.www-data /var/www
 RUN chmod g+w -R /var/www

 # BATS (Bash Automated Testings)
 RUN git clone https://github.com/bats-core/bats-core.git /bats-core --branch v1.2.1
 RUN git clone https://github.com/bats-core/bats-support /bats-support
--- a/test/Dockerfile-ubuntu18
+++ b/test/Dockerfile-ubuntu18
@ -6,12 +6,27 @@ FROM ubuntu:bionic
 # Update and install required software
 RUN apt-get update --fix-missing
 RUN apt-get install -y git curl dnsutils ldnsutils wget gawk nginx-light
 RUN apt-get install -y ftp vsftpd
 RUN apt-get install -y openssh-server

 WORKDIR /root
 RUN mkdir /etc/nginx/pki
 RUN mkdir /etc/nginx/pki/private
 COPY ./test/test-config/nginx-ubuntu-no-ssl /etc/nginx/sites-enabled/default

 # Setup ftp
 ENV VSFTPD_CONF=/etc/vsftpd.conf
 ENV FTP_PASSIVE_DEFAULT=false
 COPY test/test-config/vsftpd.conf /etc/vsftpd.conf
 # The default init.d script seems to have an incorrect check that vsftpd has started
 COPY test/test-config/vsftpd.initd /etc/init.d/vsftpd
 RUN adduser ftpuser
 RUN echo 'ftpuser:ftpuser' | chpasswd
 RUN adduser ftpuser www-data
 RUN adduser root www-data
 RUN chown -R www-data.www-data /var/www
 RUN chmod g+w -R /var/www

 # Prevent "Can't load /root/.rnd into RNG" error from openssl
 RUN touch /root/.rnd

--- a/test/restart-ftpd
+++ b/test/restart-ftpd
@ -0,0 +1,9 @@
 #!/usr/bin/env bash

 if [ "$GETSSL_OS" = "alpine" ]; then
    killall -HUP vsftpd >&3-
 elif [[ "$GETSSL_OS" == "centos"[78] ]]; then
    pgrep vsftpd | head -1 | xargs kill -HUP
 else
    service vsftpd restart >/dev/null >&3-
 fi
--- a/test/run-test.cmd
+++ b/test/run-test.cmd
@ -1,51 +1,52 @@
@echo off
 IF %1.==. GOTO NoOS
 set OS=%1
 SET OS=%1

 :CheckCommand
 IF %2.==. GOTO NoCmd
 set COMMAND=%2 %3
 SET COMMAND=%2 %3

 :CheckAlias
 REM check if OS *contains* staging
 IF NOT x%OS:duck=%==x%OS% GOTO duckdns
 IF NOT x%OS:dynu=%==x%OS% GOTO dynu
 IF NOT x%OS:bash=%==x%OS% GOTO bash
 set ALIAS=%OS%.getssl.test
 set STAGING=
 set GETSSL_OS=%OS%
 SET ALIAS=%OS%.getssl.test
 SET STAGING=
 SET GETSSL_OS=%OS%
 GOTO Run

 :NoOS
 set OS=ubuntu
 SET OS=ubuntu
 GOTO CheckCommand

 :NoCmd
 REM set COMMAND=/getssl/test/run-bats.sh
 set COMMAND=bats /getssl/test --timing
 REM SET COMMAND=/getssl/test/run-bats.sh
 SET COMMAND=bats /getssl/test --timing
 GOTO CheckAlias

 :duckdns
 set ALIAS=%OS:-duckdns=%-getssl.duckdns.org
 set STAGING=--env STAGING=true --env dynamic_dns=duckdns
 set GETSSL_OS=%OS:-duckdns=%
 SET ALIAS=%OS:-duckdns=%-getssl.duckdns.org
 SET STAGING=--env STAGING=true --env dynamic_dns=duckdns
 SET GETSSL_OS=%OS:-duckdns=%
 GOTO Run

 :dynu
 set ALIAS=%OS:-dynu=%-getssl.freeddns.org
 set STAGING=--env STAGING=true --env dynamic_dns=dynu
 set GETSSL_OS=%OS:-dynu=%
 SET ALIAS=%OS:-dynu=%-getssl.freeddns.org
 SET STAGING=--env STAGING=true --env dynamic_dns=dynu
 SET GETSSL_OS=%OS:-dynu=%
 GOTO Run

 :bash
 set ALIAS=%OS%.getssl.test
 set STAGING=
 set GETSSL_OS=alpine
 SET ALIAS=%OS%.getssl.test
 SET STAGING=
 SET GETSSL_OS=alpine

 :Run
 for %%I in (.) do set CurrDirName=%%~nxI
 FOR %%I in (.) DO SET CurrDirName=%%~nxI

 docker build --rm -f "test\Dockerfile-%OS%" -t getssl-%OS% .
 docker build --pull --rm -f "test\Dockerfile-%OS%" -t getssl-%OS% .
 IF %ErrorLevel% EQU 1 GOTO End
@echo on
 docker run -it ^
  --env GETSSL_HOST=%ALIAS% %STAGING% ^
@ -69,3 +70,5 @@ docker run -it ^
  --name getssl-%OS% ^
  getssl-%OS% ^
  %COMMAND%

 :End
--- a/test/test-config/alpine-supervisord.conf
+++ b/test/test-config/alpine-supervisord.conf
@ -12,3 +12,12 @@ stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 autorestart=false
 startretries=0

 [program:vsftpd]
 command=vsftpd
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 autorestart=false
 startretries=0
--- a/test/test-config/vsftpd.conf
+++ b/test/test-config/vsftpd.conf
@ -0,0 +1,66 @@
 # Example config file /etc/vsftpd.conf (alpine) /etc/vsftpd/vsftpd.conf
 #
 # The default compiled in settings are fairly paranoid. This sample file
 # loosens things up a bit, to make the ftp daemon more usable.
 # Please see vsftpd.conf.5 for all compiled in defaults.
 #
 # Run standalone?  vsftpd can run either from an inetd or as a standalone
 # daemon started from an initscript.
 listen=YES
 #
 # This directive enables listening on IPv6 sockets. By default, listening
 # on the IPv6 "any" address (::) will accept connections from both IPv6
 # and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
 # sockets. If you want that (perhaps because you want to listen on specific
 # addresses) then you must run two copies of vsftpd with two configuration
 # files.
 #listen_ipv6=NO
 #
 # Allow anonymous FTP? (Disabled by default).
 anonymous_enable=NO
 #
 # Uncomment this to allow local users to log in.
 local_enable=YES
 #
 # Uncomment this to enable any form of FTP write command.
 write_enable=YES
 #
 # Default umask for local users is 077. You may wish to change this to 022,
 # if your users expect that (022 is used by most other ftpd's)
 local_umask=022
 #
 # Activate directory messages - messages given to remote users when they
 # go into a certain directory.
 dirmessage_enable=YES
 #
 # If enabled, vsftpd will display directory listings with the time
 # in  your  local  time  zone.  The default is to display GMT. The
 # times returned by the MDTM FTP command are also affected by this
 # option.
 use_localtime=YES
 #
 # Activate logging of uploads/downloads.
 xferlog_enable=YES
 #
 # Make sure PORT transfer connections originate from port 20 (ftp-data).
 connect_from_port_20=YES
 #
 # You may change the default value for timing out an idle session.
 #idle_session_timeout=600
 #
 # You may change the default value for timing out a data connection.
 #data_connection_timeout=120
 #
 # You may restrict local users to their home directories.  See the FAQ for
 # the possible risks in this before using chroot_local_user or
 # chroot_list_enable below.
 chroot_local_user=NO
 #
 # This string is the name of the PAM service vsftpd will use.
 pam_service_name=vsftpd
 #
 # This option specifies the location of the RSA certificate to use for SSL
 # encrypted connections.
 rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
 rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
 ssl_enable=NO
--- a/test/test-config/vsftpd.initd
+++ b/test/test-config/vsftpd.initd
@ -0,0 +1,103 @@
 #!/bin/sh

 ### BEGIN INIT INFO
 # Provides:		vsftpd
 # Required-Start:	$network $remote_fs $syslog
 # Required-Stop:	$network $remote_fs $syslog
 # Default-Start:	2 3 4 5
 # Default-Stop:		0 1 6
 # Short-Description:	Very secure FTP server
 # Description:		Provides a lightweight, efficient FTP server written
 #			for security.
 ### END INIT INFO

 set -e

 DAEMON="/usr/sbin/vsftpd"
 NAME="vsftpd"
 PATH="/sbin:/bin:/usr/sbin:/usr/bin"
 LOGFILE="/var/log/vsftpd.log"
 CHROOT="/var/run/vsftpd/empty"

 test -x "${DAEMON}" || exit 0

 . /lib/lsb/init-functions

 if [ ! -e "${LOGFILE}" ]
 then
 	touch "${LOGFILE}"
 	chmod 640 "${LOGFILE}"
 	chown root:adm "${LOGFILE}"
 fi

 if [ ! -d "${CHROOT}" ]
 then
 	mkdir -p "${CHROOT}"
 fi

 case "${1}" in
 	start)
 		log_daemon_msg "Starting FTP server" "${NAME}"

 		if [ -e /etc/vsftpd.conf ] && ! egrep -iq "^ *listen(_ipv6)? *= *yes" /etc/vsftpd.conf
 		then
 			log_warning_msg "vsftpd disabled - listen disabled in config."
 			exit 0
 		fi

 		start-stop-daemon --start --background -m --oknodo --pidfile /var/run/vsftpd/vsftpd.pid --exec ${DAEMON}

 		n=0
 		while [ ${n} -le 5 ]
 		do
 			_PID="$(if [ -e /var/run/vsftpd/vsftpd.pid ]; then cat /var/run/vsftpd/vsftpd.pid; fi)"
 			if ! ps -C vsftpd | grep -qs "${_PID}"
 			then
 				break
 			fi
 			sleep 1
 			n=$(( $n + 1 ))
 		done

 		if ps -C vsftpd | grep -qs "${_PID}"
 		then
 			log_warning_msg "vsftpd failed - probably invalid config."
 			exit 1
 		fi

 		log_end_msg 0
 		;;

 	stop)
 		log_daemon_msg "Stopping FTP server" "${NAME}"

 		start-stop-daemon --stop --pidfile /var/run/vsftpd/vsftpd.pid --oknodo --exec ${DAEMON}
 		rm -f /var/run/vsftpd/vsftpd.pid

 		log_end_msg 0
 		;;

 	restart)
 		${0} stop
 		${0} start
 		;;

 	reload|force-reload)
 		log_daemon_msg "Reloading FTP server configuration"

 		start-stop-daemon --stop --pidfile /var/run/vsftpd/vsftpd.pid --signal 1 --exec $DAEMON

 		log_end_msg "${?}"
 		;;

 	status)
 		status_of_proc "${DAEMON}" "FTP server"
 		;;

 	*)
 		echo "Usage: ${0} {start|stop|restart|reload|status}"
 		exit 1
 		;;
 esac

 exit 0
--- a/test/test_helper.bash
+++ b/test/test_helper.bash
@ -70,16 +70,21 @@ setup_environment() {
  /getssl/test/restart-nginx
 }

 # start nginx in background on alpine via supervisord
 # start nginx and vsftpd in background on alpine via supervisord
 # shellcheck disable=SC2153 # Ignore GETSSL_OS looks like typo of GETSSL_IP
 if [[ -f /usr/bin/supervisord && -f /etc/supervisord.conf ]]; then
  if [[ ! $(pgrep supervisord) ]]; then
    /usr/bin/supervisord -c /etc/supervisord.conf >&3-
    # Give supervisord time to start
    sleep 1
  fi
 elif [[ "$GETSSL_OS" == "centos"[78] ]]; then
  if [ -z "$(pgrep nginx)" ]; then
    nginx >&3-
  fi
  if [ -z "$(pgrep vsftpd)" ] && [ "$(command -v vsftpd)" ]; then
    vsftpd >&3-
  fi
 fi

 # Find NGINX configuration directory for HTTP-01 testing (need to add SSL to config)