diff options
| author | Guilhem Moulin <guilhem@debian.org> | 2023-01-25 03:32:04 +0100 | 
|---|---|---|
| committer | Guilhem Moulin <guilhem@debian.org> | 2023-01-25 03:32:04 +0100 | 
| commit | 33687a2e3aea5ae69add7812315445ad23748fab (patch) | |
| tree | 952a06618d7da373043debef8a8c28d4c8371385 /tests/cert-install | |
| parent | 2a981ac3829f27d3179eb6b6e682dc17cc9c4225 (diff) | |
| parent | b3af3526b293f396da02a6276ea86ca17dcd2d03 (diff) | |
Merge tag 'v0.8.1' into debian/latest
Release version 0.8.1
Diffstat (limited to 'tests/cert-install')
| -rw-r--r-- | tests/cert-install | 65 | 
1 files changed, 47 insertions, 18 deletions
| diff --git a/tests/cert-install b/tests/cert-install index f2147d2..4b3e820 100644 --- a/tests/cert-install +++ b/tests/cert-install @@ -103,74 +103,103 @@ st="$(stat -c "%U:%G %#a" /etc/lacme/test3.pem)"  st="$(stat -c "%U:%G %#a" /etc/lacme/test3.crt)"  [ "$st" = "root:root 0644" ] -# chmod user +# owner user  openssl genpkey -algorithm RSA -out /etc/lacme/test4.key  cat >"/etc/lacme/lacme-certs.conf.d/test4.conf" <<- EOF  	[test4]  	certificate-key = /etc/lacme/test4.key  	certificate = /etc/lacme/test4.pem  	certificate-chain = /etc/lacme/test4.crt -    chown = nobody +	owner = nonexistent-user  	subject = $subject  EOF +! lacme newOrder test4 2>"$STDERR" || fail newOrder test4 +grepstderr -Fxq "getpwnam(nonexistent-user)" +! test -e /etc/lacme/test4.pem +! test -e /etc/lacme/test4.crt + +sed -ri "s/^owner\\s*=.*/owner = nobody/" /etc/lacme/lacme-certs.conf.d/test4.conf  lacme newOrder test4 2>"$STDERR" || fail newOrder test4  st="$(stat -c "%U:%G %#a" /etc/lacme/test4.pem)"  [ "$st" = "nobody:root 0644" ]  st="$(stat -c "%U:%G %#a" /etc/lacme/test4.crt)"  [ "$st" = "nobody:root 0644" ] -# chmod user:group +# owner user:group  openssl genpkey -algorithm RSA -out /etc/lacme/test5.key  cat >"/etc/lacme/lacme-certs.conf.d/test5.conf" <<- EOF  	[test5]  	certificate-key = /etc/lacme/test5.key  	certificate = /etc/lacme/test5.pem  	certificate-chain = /etc/lacme/test5.crt -    chown = nobody:nogroup +	owner = nobody:nonexistent-group  	subject = $subject  EOF +! lacme newOrder test5 2>"$STDERR" || fail newOrder test5 +grepstderr -Fxq "getgrnam(nonexistent-group)" +! test -e /etc/lacme/test5.pem +! test -e /etc/lacme/test5.crt + +sed -ri "s/^owner\\s*=.*/owner = nobody:nogroup/" /etc/lacme/lacme-certs.conf.d/test5.conf  lacme newOrder test5 2>"$STDERR" || fail newOrder test5  st="$(stat -c "%U:%G %#a" /etc/lacme/test5.pem)"  [ "$st" = "nobody:nogroup 0644" ]  st="$(stat -c "%U:%G %#a" /etc/lacme/test5.crt)"  [ "$st" = "nobody:nogroup 0644" ] -# chown +# umask restrictions (also test empty values)  openssl genpkey -algorithm RSA -out /etc/lacme/test6.key  cat >"/etc/lacme/lacme-certs.conf.d/test6.conf" <<- EOF  	[test6]  	certificate-key = /etc/lacme/test6.key -	certificate = /etc/lacme/test6.pem  	certificate-chain = /etc/lacme/test6.crt -    chmod = 0400 +	certificate = +	mode = +	owner =  	subject = $subject  EOF -lacme newOrder test6 2>"$STDERR" || fail newOrder test6 -st="$(stat -c "%U:%G %#a" /etc/lacme/test6.pem)" -[ "$st" = "root:root 0400" ] +( umask 0077 && lacme newOrder test6 2>"$STDERR" || fail newOrder test6 ) +! test -e /etc/lacme/test6.pem  st="$(stat -c "%U:%G %#a" /etc/lacme/test6.crt)" -[ "$st" = "root:root 0400" ] +[ "$st" = "root:root 0600" ] -# post-issuance notification +# mode  openssl genpkey -algorithm RSA -out /etc/lacme/test7.key  cat >"/etc/lacme/lacme-certs.conf.d/test7.conf" <<- EOF  	[test7]  	certificate-key = /etc/lacme/test7.key +	certificate = /etc/lacme/test7.pem  	certificate-chain = /etc/lacme/test7.crt +	mode = 0400  	subject = $subject -	notify = touch /tmp/test7.notify  EOF  lacme newOrder test7 2>"$STDERR" || fail newOrder test7 -grepstderr -Fxq "Running notification command \`touch /tmp/test7.notify\`" -test -e /tmp/test7.notify +st="$(stat -c "%U:%G %#a" /etc/lacme/test7.pem)" +[ "$st" = "root:root 0400" ] +st="$(stat -c "%U:%G %#a" /etc/lacme/test7.crt)" +[ "$st" = "root:root 0400" ] -rm -f /tmp/test7.notify -lacme newOrder test7 2>"$STDERR" || fail newOrder test7 +# post-issuance notification +openssl genpkey -algorithm RSA -out /etc/lacme/test8.key +cat >"/etc/lacme/lacme-certs.conf.d/test8.conf" <<- EOF +	[test8] +	certificate-key = /etc/lacme/test8.key +	certificate-chain = /etc/lacme/test8.crt +	subject = $subject +	notify = touch /tmp/test8.notify +EOF + +lacme newOrder test8 2>"$STDERR" || fail newOrder test8 +grepstderr -Fxq "Running notification command \`touch /tmp/test8.notify\`" +test -e /tmp/test8.notify + +rm -f /tmp/test8.notify +lacme newOrder test8 2>"$STDERR" || fail newOrder test8  ngrepstderr -Fq "Running notification command" -! test -e /tmp/test7.notify +! test -e /tmp/test8.notify  # vim: set filetype=sh : | 
