RuhNetConsulting
/
getssl
mirror of https://github.com/srvrco/getssl
1
0
Fork 0
Code Issues 0 Projects 0 Releases 51 Wiki Activity
Browse Source

Test ftp and passive ftp

pull/625/head
Tim Kimber 5 years ago
parent
e407426bdb
commit
8f32f9f078
No known key found for this signature in database GPG Key ID: 3E1804964E76BD18
19 changed files with 453 additions and 34 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +33
    -4
      test/33-ftp.bats
  2. +67
    -0
      test/34-ftp-passive.bats
  3. +13
    -1
      test/Dockerfile-alpine
  4. +13
    -1
      test/Dockerfile-bash4-0
  5. +13
    -1
      test/Dockerfile-bash4-2
  6. +13
    -1
      test/Dockerfile-bash5-0
  7. +19
    -4
      test/Dockerfile-centos6
  8. +15
    -0
      test/Dockerfile-centos7
  9. +15
    -0
      test/Dockerfile-centos8
  10. +13
    -0
      test/Dockerfile-debian
  11. +4
    -1
      test/Dockerfile-ubuntu
  12. +15
    -0
      test/Dockerfile-ubuntu16
  13. +15
    -0
      test/Dockerfile-ubuntu18
  14. +0
    -2
      test/restart-ftpd
  15. +21
    -18
      test/run-test.cmd
  16. +9
    -0
      test/test-config/alpine-supervisord.conf
  17. +66
    -0
      test/test-config/vsftpd.conf
  18. +103
    -0
      test/test-config/vsftpd.initd
  19. +6
    -1
      test/test_helper.bash

+ 33
- 4
test/33-ftp.bats View File

@ -8,6 +8,21 @@ load '/getssl/test/test_helper.bash'
# This is run for every test # This is run for every test
setup() { setup() {
export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
cp $VSFTPD_CONF ${VSFTPD_CONF}.getssl
# enable passive and disable active mode
# https://www.pixelstech.net/article/1364817664-FTP-active-mode-and-passive-mode
cat <<- _FTP >> $VSFTPD_CONF
pasv_enable=NO
_FTP
${CODE_DIR}/test/restart-ftpd
}
teardown() {
cp ${VSFTPD_CONF}.getssl $VSFTPD_CONF
${CODE_DIR}/test/restart-ftpd
} }
@ -16,23 +31,37 @@ setup() {
skip "Using staging server, skipping internal test" skip "Using staging server, skipping internal test"
fi fi
${CODE_DIR}/test/restart-ftpd
if [[ ! -d /var/www/html/.well-known/acme-challenge ]]; then if [[ ! -d /var/www/html/.well-known/acme-challenge ]]; then
mkdir -p /var/www/html/.well-known/acme-challenge mkdir -p /var/www/html/.well-known/acme-challenge
chgrp -R www-data /var/www/html/.well-known
chmod -R g+w /var/www/html/.well-known
fi fi
# Always change ownership and permissions in case previous tests created the directories as root
chgrp -R www-data /var/www/html/.well-known
chmod -R g+w /var/www/html/.well-known
CONFIG_FILE="getssl-http01.cfg" CONFIG_FILE="getssl-http01.cfg"
setup_environment setup_environment
init_getssl init_getssl
cat <<- EOF > ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl_test_specific.cfg cat <<- EOF > ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl_test_specific.cfg
ACL="ftp:ftpuser:ftpuser:${GETSSL_CMD_HOST}:/var/www/html/.well-known/acme-challenge" ACL="ftp:ftpuser:ftpuser:${GETSSL_CMD_HOST}:/var/www/html/.well-known/acme-challenge"
FTP_OPTIONS="chmod 644 \\\$fromfile"
EOF EOF
if [[ "$GETSSL_OS" = "alpine" ]]; then
cat <<- EOF2 >> ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl_test_specific.cfg
FTP_OPTIONS="set ftp:passive-mode off"
EOF2
elif [[ "$FTP_PASSIVE_DEFAULT" == "true" ]]; then
cat <<- EOF3 >> ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl_test_specific.cfg
FTP_OPTIONS="passive"
EOF3
fi
create_certificate create_certificate
assert_success assert_success
assert_line --partial "ftp:ftpuser:ftpuser:"
if [[ "$GETSSL_OS" != "alpine" ]] && [[ "$FTP_PASSIVE_DEFAULT" == "true" ]]; then
assert_line --partial "Passive mode off"
fi
check_output_for_errors check_output_for_errors
} }

+ 67
- 0
test/34-ftp-passive.bats View File

@ -0,0 +1,67 @@
#! /usr/bin/env bats
load '/bats-support/load.bash'
load '/bats-assert/load.bash'
load '/getssl/test/test_helper.bash'
# This is run for every test
setup() {
export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
cp $VSFTPD_CONF ${VSFTPD_CONF}.getssl
# enable passive and disable active mode
# https://www.pixelstech.net/article/1364817664-FTP-active-mode-and-passive-mode
cat <<- _FTP >> $VSFTPD_CONF
pasv_enable=YES
pasv_max_port=10100
pasv_min_port=10090
connect_from_port_20=NO
_FTP
${CODE_DIR}/test/restart-ftpd
}
teardown() {
cp ${VSFTPD_CONF}.getssl $VSFTPD_CONF
${CODE_DIR}/test/restart-ftpd
}
@test "Use Passive FTP to create challenge file" {
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
if [[ ! -d /var/www/html/.well-known/acme-challenge ]]; then
mkdir -p /var/www/html/.well-known/acme-challenge
fi
# Always change ownership and permissions in case previous tests created the directories as root
chgrp -R www-data /var/www/html/.well-known
chmod -R g+w /var/www/html/.well-known
CONFIG_FILE="getssl-http01.cfg"
setup_environment
init_getssl
cat <<- EOF > ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl_test_specific.cfg
ACL="ftp:ftpuser:ftpuser:${GETSSL_CMD_HOST}:/var/www/html/.well-known/acme-challenge"
EOF
if [[ "$FTP_PASSIVE_DEFAULT" == "false" ]]; then
cat <<- EOF3 >> ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl_test_specific.cfg
FTP_OPTIONS="passive"
EOF3
fi
create_certificate
assert_success
assert_line --partial "ftp:ftpuser:ftpuser:"
if [[ "$FTP_PASSIVE_DEFAULT" == "false" ]]; then
assert_line --partial "Passive mode on"
else
refute_line --partial "Passive mode off"
fi
check_output_for_errors
}

+ 13
- 1
test/Dockerfile-alpine View File

@ -2,7 +2,7 @@ FROM alpine:latest
# Note this image uses busybox awk instead of gawk # Note this image uses busybox awk instead of gawk
RUN apk --no-cache add supervisor openssl git curl bind-tools drill wget nginx bash
RUN apk --no-cache add supervisor openssl git curl bind-tools drill wget nginx bash lftp vsftpd openssh-server
WORKDIR /root WORKDIR /root
@ -11,6 +11,18 @@ RUN mkdir /run/nginx
RUN mkdir /etc/nginx/pki RUN mkdir /etc/nginx/pki
RUN mkdir /etc/nginx/pki/private RUN mkdir /etc/nginx/pki/private
# Setup ftp
ENV VSFTPD_CONF=/etc/vsftpd.conf
ENV FTP_PASSIVE_DEFAULT=true
COPY ./test/test-config/vsftpd.conf /etc/vsftpd.conf
RUN echo "seccomp_sandbox=NO" >> /etc/vsftpd.conf
RUN adduser -D ftpuser
RUN echo 'ftpuser:ftpuser' | chpasswd
RUN adduser ftpuser www-data
RUN adduser root www-data
RUN chown -R ftpuser.www-data /var/www
RUN chmod g+w -R /var/www
# BATS (Bash Automated Testings) # BATS (Bash Automated Testings)
RUN git clone https://github.com/bats-core/bats-core.git /bats-core --branch v1.2.1 RUN git clone https://github.com/bats-core/bats-core.git /bats-core --branch v1.2.1
RUN git clone https://github.com/bats-core/bats-support /bats-support RUN git clone https://github.com/bats-core/bats-support /bats-support


+ 13
- 1
test/Dockerfile-bash4-0 View File

@ -2,7 +2,7 @@ FROM bash:4.0
# https://hub.docker.com/_/bash # https://hub.docker.com/_/bash
RUN apk --no-cache add supervisor openssl git curl bind-tools drill wget nginx bash
RUN apk --no-cache add supervisor openssl git curl bind-tools drill wget nginx lftp vsftpd openssh-server
WORKDIR /root WORKDIR /root
@ -11,6 +11,18 @@ RUN mkdir /run/nginx
RUN mkdir /etc/nginx/pki RUN mkdir /etc/nginx/pki
RUN mkdir /etc/nginx/pki/private RUN mkdir /etc/nginx/pki/private
# Setup ftp
ENV VSFTPD_CONF=/etc/vsftpd.conf
ENV FTP_PASSIVE_DEFAULT=true
COPY ./test/test-config/vsftpd.conf /etc/vsftpd.conf
RUN echo "seccomp_sandbox=NO" >> /etc/vsftpd.conf
RUN adduser -D ftpuser
RUN echo 'ftpuser:ftpuser' | chpasswd
RUN adduser ftpuser www-data
RUN adduser root www-data
RUN chown -R ftpuser.www-data /var/www
RUN chmod g+w -R /var/www
# BATS (Bash Automated Testings) # BATS (Bash Automated Testings)
RUN git clone https://github.com/bats-core/bats-core.git /bats-core --branch v1.2.1 RUN git clone https://github.com/bats-core/bats-core.git /bats-core --branch v1.2.1
RUN git clone https://github.com/bats-core/bats-support /bats-support RUN git clone https://github.com/bats-core/bats-support /bats-support


+ 13
- 1
test/Dockerfile-bash4-2 View File

@ -2,7 +2,7 @@ FROM bash:4.2
# https://hub.docker.com/_/bash # https://hub.docker.com/_/bash
RUN apk --no-cache add supervisor openssl git curl bind-tools drill wget nginx bash
RUN apk --no-cache add supervisor openssl git curl bind-tools drill wget nginx lftp vsftpd openssh-server
WORKDIR /root WORKDIR /root
@ -11,6 +11,18 @@ RUN mkdir /run/nginx
RUN mkdir /etc/nginx/pki RUN mkdir /etc/nginx/pki
RUN mkdir /etc/nginx/pki/private RUN mkdir /etc/nginx/pki/private
# Setup ftp
ENV VSFTPD_CONF=/etc/vsftpd.conf
ENV FTP_PASSIVE_DEFAULT=true
COPY ./test/test-config/vsftpd.conf /etc/vsftpd.conf
RUN echo "seccomp_sandbox=NO" >> /etc/vsftpd.conf
RUN adduser -D ftpuser
RUN echo 'ftpuser:ftpuser' | chpasswd
RUN adduser ftpuser www-data
RUN adduser root www-data
RUN chown -R ftpuser.www-data /var/www
RUN chmod g+w -R /var/www
# BATS (Bash Automated Testings) # BATS (Bash Automated Testings)
RUN git clone https://github.com/bats-core/bats-core.git /bats-core --branch v1.2.1 RUN git clone https://github.com/bats-core/bats-core.git /bats-core --branch v1.2.1
RUN git clone https://github.com/bats-core/bats-support /bats-support RUN git clone https://github.com/bats-core/bats-support /bats-support


+ 13
- 1
test/Dockerfile-bash5-0 View File

@ -2,7 +2,7 @@ FROM bash:5.0
# https://hub.docker.com/_/bash # https://hub.docker.com/_/bash
RUN apk --no-cache add supervisor openssl git curl bind-tools drill wget nginx bash
RUN apk --no-cache add supervisor openssl git curl bind-tools drill wget nginx lftp vsftpd openssh-server
WORKDIR /root WORKDIR /root
@ -11,6 +11,18 @@ RUN mkdir /run/nginx
RUN mkdir /etc/nginx/pki RUN mkdir /etc/nginx/pki
RUN mkdir /etc/nginx/pki/private RUN mkdir /etc/nginx/pki/private
# Setup ftp
ENV VSFTPD_CONF=/etc/vsftpd.conf
ENV FTP_PASSIVE_DEFAULT=true
COPY ./test/test-config/vsftpd.conf /etc/vsftpd.conf
RUN echo "seccomp_sandbox=NO" >> /etc/vsftpd.conf
RUN adduser -D ftpuser
RUN echo 'ftpuser:ftpuser' | chpasswd
RUN adduser ftpuser www-data
RUN adduser root www-data
RUN chown -R ftpuser.www-data /var/www
RUN chmod g+w -R /var/www
# BATS (Bash Automated Testings) # BATS (Bash Automated Testings)
RUN git clone https://github.com/bats-core/bats-core.git /bats-core --branch v1.2.1 RUN git clone https://github.com/bats-core/bats-core.git /bats-core --branch v1.2.1
RUN git clone https://github.com/bats-core/bats-support /bats-support RUN git clone https://github.com/bats-core/bats-support /bats-support


+ 19
- 4
test/Dockerfile-centos6 View File

@ -5,16 +5,29 @@ FROM centos:centos6
# [wsl2] # [wsl2]
# kernelCommandLine = vsyscall=emulate # kernelCommandLine = vsyscall=emulate
# Centos 6 is EOL and is no longer available from the usual mirrors, so switch
# to https://vault.centos.org
# Centos 6 is EOL and is no longer available from the usual mirrors, so switch to https://vault.centos.org
RUN sed -i 's/enabled=1/enabled=0/g' /etc/yum/pluginconf.d/fastestmirror.conf && \ RUN sed -i 's/enabled=1/enabled=0/g' /etc/yum/pluginconf.d/fastestmirror.conf && \
sed -i 's/^mirrorlist/#mirrorlist/g' /etc/yum.repos.d/*.repo && \ sed -i 's/^mirrorlist/#mirrorlist/g' /etc/yum.repos.d/*.repo && \
sed -i 's;^#baseurl=http://mirror;baseurl=https://vault;g' /etc/yum.repos.d/*.repo sed -i 's;^#baseurl=http://mirror;baseurl=https://vault;g' /etc/yum.repos.d/*.repo
# Update and install required software # Update and install required software
#RUN yum -y update
RUN yum -y install epel-release RUN yum -y install epel-release
RUN yum -y install git curl dnsutils ldns wget nginx RUN yum -y install git curl dnsutils ldns wget nginx
RUN yum -y install ftp vsftpd
RUN yum -y install openssh-server
# Setup ftp
ENV VSFTPD_CONF=/etc/vsftpd/vsftpd.conf
ENV FTP_PASSIVE_DEFAULT=true
COPY test/test-config/vsftpd.conf /etc/vsftpd/vsftpd.conf
RUN adduser ftpuser
RUN echo 'ftpuser:ftpuser' | chpasswd
RUN adduser www-data
RUN usermod -G www-data ftpuser
RUN usermod -G www-data root
RUN mkdir -p /var/www/.well-known/acme-challenge
RUN chown -R www-data.www-data /var/www
RUN chmod g+w -R /var/www
WORKDIR /root WORKDIR /root
RUN mkdir /etc/nginx/pki RUN mkdir /etc/nginx/pki
@ -22,10 +35,12 @@ RUN mkdir /etc/nginx/pki/private
COPY ./test/test-config/nginx-ubuntu-no-ssl /etc/nginx/conf.d/default.conf COPY ./test/test-config/nginx-ubuntu-no-ssl /etc/nginx/conf.d/default.conf
# BATS (Bash Automated Testings) # BATS (Bash Automated Testings)
RUN git clone https://github.com/bats-core/bats-core.git /bats-core --branch v1.2.1
RUN git clone https://github.com/bats-core/bats-core.git /bats-core # --branch v1.2.1
RUN git clone https://github.com/bats-core/bats-support /bats-support RUN git clone https://github.com/bats-core/bats-support /bats-support
RUN git clone https://github.com/bats-core/bats-assert /bats-assert RUN git clone https://github.com/bats-core/bats-assert /bats-assert
RUN /bats-core/install.sh /usr/local RUN /bats-core/install.sh /usr/local
# Hack to disable BATS pretty formatter which stopped working on centos6
ENV CI=yes
EXPOSE 80 443 EXPOSE 80 443


+ 15
- 0
test/Dockerfile-centos7 View File

@ -4,6 +4,8 @@ FROM centos:centos7
RUN yum -y update RUN yum -y update
RUN yum -y install epel-release RUN yum -y install epel-release
RUN yum -y install git curl ldns bind-utils wget which nginx RUN yum -y install git curl ldns bind-utils wget which nginx
RUN yum -y install ftp vsftpd
RUN yum -y install openssh-server
WORKDIR /root WORKDIR /root
RUN mkdir /etc/nginx/pki RUN mkdir /etc/nginx/pki
@ -11,6 +13,19 @@ RUN mkdir /etc/nginx/pki/private
COPY ./test/test-config/nginx-ubuntu-no-ssl /etc/nginx/conf.d/default.conf COPY ./test/test-config/nginx-ubuntu-no-ssl /etc/nginx/conf.d/default.conf
COPY ./test/test-config/nginx-centos7.conf /etc/nginx/nginx.conf COPY ./test/test-config/nginx-centos7.conf /etc/nginx/nginx.conf
# Setup ftp
ENV VSFTPD_CONF=/etc/vsftpd/vsftpd.conf
ENV FTP_PASSIVE_DEFAULT=true
COPY test/test-config/vsftpd.conf /etc/vsftpd/vsftpd.conf
RUN adduser ftpuser
RUN echo 'ftpuser:ftpuser' | chpasswd
RUN adduser www-data
RUN usermod -G www-data ftpuser
RUN usermod -G www-data root
RUN mkdir -p /var/www/.well-known/acme-challenge
RUN chown -R www-data.www-data /var/www
RUN chmod g+w -R /var/www
# BATS (Bash Automated Testings) # BATS (Bash Automated Testings)
RUN git clone https://github.com/bats-core/bats-core.git /bats-core --branch v1.2.1 RUN git clone https://github.com/bats-core/bats-core.git /bats-core --branch v1.2.1
RUN git clone https://github.com/bats-core/bats-support /bats-support RUN git clone https://github.com/bats-core/bats-support /bats-support


+ 15
- 0
test/Dockerfile-centos8 View File

@ -6,6 +6,8 @@ FROM centos:centos8
RUN yum -y update RUN yum -y update
RUN yum -y install epel-release RUN yum -y install epel-release
RUN yum -y install git curl bind-utils wget which nginx RUN yum -y install git curl bind-utils wget which nginx
RUN yum -y install ftp vsftpd
RUN yum -y install openssh-server
WORKDIR /root WORKDIR /root
RUN mkdir /etc/nginx/pki RUN mkdir /etc/nginx/pki
@ -13,6 +15,19 @@ RUN mkdir /etc/nginx/pki/private
COPY ./test/test-config/nginx-ubuntu-no-ssl /etc/nginx/conf.d/default.conf COPY ./test/test-config/nginx-ubuntu-no-ssl /etc/nginx/conf.d/default.conf
COPY ./test/test-config/nginx-centos7.conf /etc/nginx/nginx.conf COPY ./test/test-config/nginx-centos7.conf /etc/nginx/nginx.conf
# Setup ftp
ENV VSFTPD_CONF=/etc/vsftpd/vsftpd.conf
ENV FTP_PASSIVE_DEFAULT=true
COPY test/test-config/vsftpd.conf /etc/vsftpd/vsftpd.conf
RUN adduser ftpuser
RUN echo 'ftpuser:ftpuser' | chpasswd
RUN adduser www-data
RUN usermod -G www-data ftpuser
RUN usermod -G www-data root
RUN mkdir -p /var/www/.well-known/acme-challenge
RUN chown -R www-data.www-data /var/www
RUN chmod g+w -R /var/www
# BATS (Bash Automated Testings) # BATS (Bash Automated Testings)
RUN git clone https://github.com/bats-core/bats-core.git /bats-core --branch v1.2.1 RUN git clone https://github.com/bats-core/bats-core.git /bats-core --branch v1.2.1
RUN git clone https://github.com/bats-core/bats-support /bats-support RUN git clone https://github.com/bats-core/bats-support /bats-support


+ 13
- 0
test/Dockerfile-debian View File

@ -5,11 +5,24 @@ FROM debian:latest
# Update and install required software # Update and install required software
RUN apt-get update --fix-missing RUN apt-get update --fix-missing
RUN apt-get install -y git curl dnsutils ldnsutils wget nginx-light RUN apt-get install -y git curl dnsutils ldnsutils wget nginx-light
RUN apt-get install -y ftp vsftpd
RUN apt-get install -y openssh-server
WORKDIR /root WORKDIR /root
RUN mkdir /etc/nginx/pki RUN mkdir /etc/nginx/pki
RUN mkdir /etc/nginx/pki/private RUN mkdir /etc/nginx/pki/private
# Setup ftp
ENV VSFTPD_CONF=/etc/vsftpd.conf
ENV FTP_PASSIVE_DEFAULT=false
COPY test/test-config/vsftpd.conf /etc/vsftpd.conf
RUN adduser ftpuser
RUN echo 'ftpuser:ftpuser' | chpasswd
RUN adduser ftpuser www-data
RUN adduser root www-data
RUN chown -R www-data.www-data /var/www
RUN chmod g+w -R /var/www
# BATS (Bash Automated Testings) # BATS (Bash Automated Testings)
RUN git clone https://github.com/bats-core/bats-core.git /bats-core --branch v1.2.1 RUN git clone https://github.com/bats-core/bats-core.git /bats-core --branch v1.2.1
RUN git clone https://github.com/bats-core/bats-support /bats-support RUN git clone https://github.com/bats-core/bats-support /bats-support


+ 4
- 1
test/Dockerfile-ubuntu View File

@ -12,7 +12,10 @@ RUN apt-get install -y vim dos2unix # for debugging
RUN apt-get install -y ftp vsftpd RUN apt-get install -y ftp vsftpd
RUN apt-get install -y openssh-server RUN apt-get install -y openssh-server
RUN echo "write_enable=YES" >> /etc/vsftpd.conf
# Setup ftp
ENV VSFTPD_CONF=/etc/vsftpd.conf
ENV FTP_PASSIVE_DEFAULT=false
COPY test/test-config/vsftpd.conf /etc/vsftpd.conf
RUN adduser ftpuser RUN adduser ftpuser
RUN echo 'ftpuser:ftpuser' | chpasswd RUN echo 'ftpuser:ftpuser' | chpasswd
RUN adduser ftpuser www-data RUN adduser ftpuser www-data


+ 15
- 0
test/Dockerfile-ubuntu16 View File

@ -6,12 +6,27 @@ FROM ubuntu:xenial
# Update and install required software # Update and install required software
RUN apt-get update --fix-missing RUN apt-get update --fix-missing
RUN apt-get install -y git curl dnsutils ldnsutils wget nginx-light RUN apt-get install -y git curl dnsutils ldnsutils wget nginx-light
RUN apt-get install -y ftp vsftpd
RUN apt-get install -y openssh-server
WORKDIR /root WORKDIR /root
RUN mkdir /etc/nginx/pki RUN mkdir /etc/nginx/pki
RUN mkdir /etc/nginx/pki/private RUN mkdir /etc/nginx/pki/private
COPY ./test/test-config/nginx-ubuntu-no-ssl /etc/nginx/sites-enabled/default COPY ./test/test-config/nginx-ubuntu-no-ssl /etc/nginx/sites-enabled/default
# Setup ftp
ENV VSFTPD_CONF=/etc/vsftpd.conf
ENV FTP_PASSIVE_DEFAULT=false
COPY test/test-config/vsftpd.conf /etc/vsftpd.conf
# The default init.d script seems to have an incorrect check that vsftpd has started
COPY test/test-config/vsftpd.initd /etc/init.d/vsftpd
RUN adduser ftpuser
RUN echo 'ftpuser:ftpuser' | chpasswd
RUN adduser ftpuser www-data
RUN adduser root www-data
RUN chown -R www-data.www-data /var/www
RUN chmod g+w -R /var/www
# BATS (Bash Automated Testings) # BATS (Bash Automated Testings)
RUN git clone https://github.com/bats-core/bats-core.git /bats-core --branch v1.2.1 RUN git clone https://github.com/bats-core/bats-core.git /bats-core --branch v1.2.1
RUN git clone https://github.com/bats-core/bats-support /bats-support RUN git clone https://github.com/bats-core/bats-support /bats-support


+ 15
- 0
test/Dockerfile-ubuntu18 View File

@ -6,12 +6,27 @@ FROM ubuntu:bionic
# Update and install required software # Update and install required software
RUN apt-get update --fix-missing RUN apt-get update --fix-missing
RUN apt-get install -y git curl dnsutils ldnsutils wget gawk nginx-light RUN apt-get install -y git curl dnsutils ldnsutils wget gawk nginx-light
RUN apt-get install -y ftp vsftpd
RUN apt-get install -y openssh-server
WORKDIR /root WORKDIR /root
RUN mkdir /etc/nginx/pki RUN mkdir /etc/nginx/pki
RUN mkdir /etc/nginx/pki/private RUN mkdir /etc/nginx/pki/private
COPY ./test/test-config/nginx-ubuntu-no-ssl /etc/nginx/sites-enabled/default COPY ./test/test-config/nginx-ubuntu-no-ssl /etc/nginx/sites-enabled/default
# Setup ftp
ENV VSFTPD_CONF=/etc/vsftpd.conf
ENV FTP_PASSIVE_DEFAULT=false
COPY test/test-config/vsftpd.conf /etc/vsftpd.conf
# The default init.d script seems to have an incorrect check that vsftpd has started
COPY test/test-config/vsftpd.initd /etc/init.d/vsftpd
RUN adduser ftpuser
RUN echo 'ftpuser:ftpuser' | chpasswd
RUN adduser ftpuser www-data
RUN adduser root www-data
RUN chown -R www-data.www-data /var/www
RUN chmod g+w -R /var/www
# Prevent "Can't load /root/.rnd into RNG" error from openssl # Prevent "Can't load /root/.rnd into RNG" error from openssl
RUN touch /root/.rnd RUN touch /root/.rnd


+ 0
- 2
test/restart-ftpd View File

@ -2,10 +2,8 @@
if [ "$GETSSL_OS" = "alpine" ]; then if [ "$GETSSL_OS" = "alpine" ]; then
killall -HUP vsftpd >&3- killall -HUP vsftpd >&3-
sleep 5
elif [[ "$GETSSL_OS" == "centos"[78] ]]; then elif [[ "$GETSSL_OS" == "centos"[78] ]]; then
pgrep vsftpd | head -1 | xargs kill -HUP pgrep vsftpd | head -1 | xargs kill -HUP
sleep 5
else else
service vsftpd restart >/dev/null >&3- service vsftpd restart >/dev/null >&3-
fi fi

+ 21
- 18
test/run-test.cmd View File

@ -1,51 +1,52 @@
@echo off @echo off
IF %1.==. GOTO NoOS IF %1.==. GOTO NoOS
set OS=%1
SET OS=%1
:CheckCommand :CheckCommand
IF %2.==. GOTO NoCmd IF %2.==. GOTO NoCmd
set COMMAND=%2 %3
SET COMMAND=%2 %3
:CheckAlias :CheckAlias
REM check if OS *contains* staging REM check if OS *contains* staging
IF NOT x%OS:duck=%==x%OS% GOTO duckdns IF NOT x%OS:duck=%==x%OS% GOTO duckdns
IF NOT x%OS:dynu=%==x%OS% GOTO dynu IF NOT x%OS:dynu=%==x%OS% GOTO dynu
IF NOT x%OS:bash=%==x%OS% GOTO bash IF NOT x%OS:bash=%==x%OS% GOTO bash
set ALIAS=%OS%.getssl.test
set STAGING=
set GETSSL_OS=%OS%
SET ALIAS=%OS%.getssl.test
SET STAGING=
SET GETSSL_OS=%OS%
GOTO Run GOTO Run
:NoOS :NoOS
set OS=ubuntu
SET OS=ubuntu
GOTO CheckCommand GOTO CheckCommand
:NoCmd :NoCmd
REM set COMMAND=/getssl/test/run-bats.sh
set COMMAND=bats /getssl/test --timing
REM SET COMMAND=/getssl/test/run-bats.sh
SET COMMAND=bats /getssl/test --timing
GOTO CheckAlias GOTO CheckAlias
:duckdns :duckdns
set ALIAS=%OS:-duckdns=%-getssl.duckdns.org
set STAGING=--env STAGING=true --env dynamic_dns=duckdns
set GETSSL_OS=%OS:-duckdns=%
SET ALIAS=%OS:-duckdns=%-getssl.duckdns.org
SET STAGING=--env STAGING=true --env dynamic_dns=duckdns
SET GETSSL_OS=%OS:-duckdns=%
GOTO Run GOTO Run
:dynu :dynu
set ALIAS=%OS:-dynu=%-getssl.freeddns.org
set STAGING=--env STAGING=true --env dynamic_dns=dynu
set GETSSL_OS=%OS:-dynu=%
SET ALIAS=%OS:-dynu=%-getssl.freeddns.org
SET STAGING=--env STAGING=true --env dynamic_dns=dynu
SET GETSSL_OS=%OS:-dynu=%
GOTO Run GOTO Run
:bash :bash
set ALIAS=%OS%.getssl.test
set STAGING=
set GETSSL_OS=alpine
SET ALIAS=%OS%.getssl.test
SET STAGING=
SET GETSSL_OS=alpine
:Run :Run
for %%I in (.) do set CurrDirName=%%~nxI
FOR %%I in (.) DO SET CurrDirName=%%~nxI
docker build --pull --rm -f "test\Dockerfile-%OS%" -t getssl-%OS% . docker build --pull --rm -f "test\Dockerfile-%OS%" -t getssl-%OS% .
IF %ErrorLevel% EQU 1 GOTO End
@echo on @echo on
docker run -it ^ docker run -it ^
--env GETSSL_HOST=%ALIAS% %STAGING% ^ --env GETSSL_HOST=%ALIAS% %STAGING% ^
@ -69,3 +70,5 @@ docker run -it ^
--name getssl-%OS% ^ --name getssl-%OS% ^
getssl-%OS% ^ getssl-%OS% ^
%COMMAND% %COMMAND%
:End

+ 9
- 0
test/test-config/alpine-supervisord.conf View File

@ -12,3 +12,12 @@ stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0 stderr_logfile_maxbytes=0
autorestart=false autorestart=false
startretries=0 startretries=0
[program:vsftpd]
command=vsftpd
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
autorestart=false
startretries=0

+ 66
- 0
test/test-config/vsftpd.conf View File

@ -0,0 +1,66 @@
# Example config file /etc/vsftpd.conf (alpine) /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# Run standalone? vsftpd can run either from an inetd or as a standalone
# daemon started from an initscript.
listen=YES
#
# This directive enables listening on IPv6 sockets. By default, listening
# on the IPv6 "any" address (::) will accept connections from both IPv6
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
# sockets. If you want that (perhaps because you want to listen on specific
# addresses) then you must run two copies of vsftpd with two configuration
# files.
#listen_ipv6=NO
#
# Allow anonymous FTP? (Disabled by default).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# If enabled, vsftpd will display directory listings with the time
# in your local time zone. The default is to display GMT. The
# times returned by the MDTM FTP command are also affected by this
# option.
use_localtime=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# You may restrict local users to their home directories. See the FAQ for
# the possible risks in this before using chroot_local_user or
# chroot_list_enable below.
chroot_local_user=NO
#
# This string is the name of the PAM service vsftpd will use.
pam_service_name=vsftpd
#
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO

+ 103
- 0
test/test-config/vsftpd.initd View File

@ -0,0 +1,103 @@
#!/bin/sh
### BEGIN INIT INFO
# Provides: vsftpd
# Required-Start: $network $remote_fs $syslog
# Required-Stop: $network $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Very secure FTP server
# Description: Provides a lightweight, efficient FTP server written
# for security.
### END INIT INFO
set -e
DAEMON="/usr/sbin/vsftpd"
NAME="vsftpd"
PATH="/sbin:/bin:/usr/sbin:/usr/bin"
LOGFILE="/var/log/vsftpd.log"
CHROOT="/var/run/vsftpd/empty"
test -x "${DAEMON}" || exit 0
. /lib/lsb/init-functions
if [ ! -e "${LOGFILE}" ]
then
touch "${LOGFILE}"
chmod 640 "${LOGFILE}"
chown root:adm "${LOGFILE}"
fi
if [ ! -d "${CHROOT}" ]
then
mkdir -p "${CHROOT}"
fi
case "${1}" in
start)
log_daemon_msg "Starting FTP server" "${NAME}"
if [ -e /etc/vsftpd.conf ] && ! egrep -iq "^ *listen(_ipv6)? *= *yes" /etc/vsftpd.conf
then
log_warning_msg "vsftpd disabled - listen disabled in config."
exit 0
fi
start-stop-daemon --start --background -m --oknodo --pidfile /var/run/vsftpd/vsftpd.pid --exec ${DAEMON}
n=0
while [ ${n} -le 5 ]
do
_PID="$(if [ -e /var/run/vsftpd/vsftpd.pid ]; then cat /var/run/vsftpd/vsftpd.pid; fi)"
if ! ps -C vsftpd | grep -qs "${_PID}"
then
break
fi
sleep 1
n=$(( $n + 1 ))
done
if ps -C vsftpd | grep -qs "${_PID}"
then
log_warning_msg "vsftpd failed - probably invalid config."
exit 1
fi
log_end_msg 0
;;
stop)
log_daemon_msg "Stopping FTP server" "${NAME}"
start-stop-daemon --stop --pidfile /var/run/vsftpd/vsftpd.pid --oknodo --exec ${DAEMON}
rm -f /var/run/vsftpd/vsftpd.pid
log_end_msg 0
;;
restart)
${0} stop
${0} start
;;
reload|force-reload)
log_daemon_msg "Reloading FTP server configuration"
start-stop-daemon --stop --pidfile /var/run/vsftpd/vsftpd.pid --signal 1 --exec $DAEMON
log_end_msg "${?}"
;;
status)
status_of_proc "${DAEMON}" "FTP server"
;;
*)
echo "Usage: ${0} {start|stop|restart|reload|status}"
exit 1
;;
esac
exit 0

+ 6
- 1
test/test_helper.bash View File

@ -70,16 +70,21 @@ setup_environment() {
/getssl/test/restart-nginx /getssl/test/restart-nginx
} }
# start nginx in background on alpine via supervisord
# start nginx and vsftpd in background on alpine via supervisord
# shellcheck disable=SC2153 # Ignore GETSSL_OS looks like typo of GETSSL_IP # shellcheck disable=SC2153 # Ignore GETSSL_OS looks like typo of GETSSL_IP
if [[ -f /usr/bin/supervisord && -f /etc/supervisord.conf ]]; then if [[ -f /usr/bin/supervisord && -f /etc/supervisord.conf ]]; then
if [[ ! $(pgrep supervisord) ]]; then if [[ ! $(pgrep supervisord) ]]; then
/usr/bin/supervisord -c /etc/supervisord.conf >&3- /usr/bin/supervisord -c /etc/supervisord.conf >&3-
# Give supervisord time to start
sleep 1
fi fi
elif [[ "$GETSSL_OS" == "centos"[78] ]]; then elif [[ "$GETSSL_OS" == "centos"[78] ]]; then
if [ -z "$(pgrep nginx)" ]; then if [ -z "$(pgrep nginx)" ]; then
nginx >&3- nginx >&3-
fi fi
if [ -z "$(pgrep vsftpd)" ]; then
vsftpd >&3-
fi
fi fi
# Find NGINX configuration directory for HTTP-01 testing (need to add SSL to config) # Find NGINX configuration directory for HTTP-01 testing (need to add SSL to config)


Write Preview
Loading…
Cancel
Save