aboutsummaryrefslogtreecommitdiffstats
path: root/debian/patches/Adjust-test-suite-against-current-Let-s-Encrypt-staging-e.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/Adjust-test-suite-against-current-Let-s-Encrypt-staging-e.patch')
-rw-r--r--debian/patches/Adjust-test-suite-against-current-Let-s-Encrypt-staging-e.patch183
1 files changed, 183 insertions, 0 deletions
diff --git a/debian/patches/Adjust-test-suite-against-current-Let-s-Encrypt-staging-e.patch b/debian/patches/Adjust-test-suite-against-current-Let-s-Encrypt-staging-e.patch
new file mode 100644
index 0000000..063217a
--- /dev/null
+++ b/debian/patches/Adjust-test-suite-against-current-Let-s-Encrypt-staging-e.patch
@@ -0,0 +1,183 @@
+From: Guilhem Moulin <guilhem@fripost.org>
+Date: Thu, 13 Jun 2024 15:54:11 +0200
+Subject: Adjust test suite against current Let's Encrypt staging environment
+
+Origin: https://git.guilhem.org/lacme/commit/?id=cb0b301e7a62a71d9e4454f9f7af5358c857c48c
+Origin: https://git.guilhem.org/lacme/commit/?id=f84716c064312dd9dc0d149f0ec7a12f5c88c3af
+Origin: https://git.guilhem.org/lacme/commit/?id=a41444b8b1fe5349a4a33c45f1e96036845609bb
+Origin: https://git.guilhem.org/lacme/commit/?id=98e4397f5330245cb7f8a21054ab078c4d0bba82
+---
+ tests/account-encrypted-gpg | 2 +-
+ tests/account-encrypted-openssl | 1 +
+ tests/accountd | 1 +
+ tests/accountd-kid | 4 +++-
+ tests/cert-install | 2 +-
+ tests/cert-revoke | 4 ++--
+ tests/cert-verify | 20 ++++----------------
+ tests/old-accountd | 1 +
+ tests/old-lacme | 1 +
+ 9 files changed, 15 insertions(+), 21 deletions(-)
+
+diff --git a/tests/account-encrypted-gpg b/tests/account-encrypted-gpg
+index fd1e4ac..7cb978d 100644
+--- a/tests/account-encrypted-gpg
++++ b/tests/account-encrypted-gpg
+@@ -9,7 +9,7 @@ keyid="$(gpg --list-secret-key --with-colons | grep -m1 ^fpr: | cut -sd: -f10)"
+ gpg --encrypt -r "$keyid" /etc/lacme/account.key
+ sed -ri '0,\|^#?privkey\s*=.*| {s||privkey = gpg:/etc/lacme/account.key.gpg|}' /etc/lacme/lacme-accountd.conf
+
+-export GPG_TTY="$(tty)"
++export GPG_TTY="$(tty)" TERM="linux"
+ lacme account
+
+ # vim: set filetype=sh :
+diff --git a/tests/account-encrypted-openssl b/tests/account-encrypted-openssl
+index e79a528..a3ad707 100644
+--- a/tests/account-encrypted-openssl
++++ b/tests/account-encrypted-openssl
+@@ -5,6 +5,7 @@ PASSPHRASE="test"
+ openssl rsa -aes128 -passout pass:"$PASSPHRASE" </etc/lacme/account.key >/etc/lacme/account.enc.key
+ sed -ri '0,\|^#?privkey\s*=.*| {s||privkey = file:/etc/lacme/account.enc.key|}' /etc/lacme/lacme-accountd.conf
+
++export TERM="linux"
+ lacme account
+
+ # vim: set filetype=sh :
+diff --git a/tests/accountd b/tests/accountd
+index a603c16..d204b9c 100644
+--- a/tests/accountd
++++ b/tests/accountd
+@@ -65,6 +65,7 @@ grep -F "Error: " ~lacme-account/.local/share/lacme/accountd.log
+ # rotate the log and start accountd
+ rm -f ~lacme-account/.local/share/lacme/accountd.log
+ runuser -u lacme-account -- lacme-accountd --socket="$SOCKET" --quiet & PID=$!
++sleep 1
+
+ # run lacme(8) multiple times using that single lacme-accountd(1) instance
+ lacme --socket="$SOCKET" --debug account 2>"$STDERR" || fail
+diff --git a/tests/accountd-kid b/tests/accountd-kid
+index e1bd63d..28f1c3c 100644
+--- a/tests/accountd-kid
++++ b/tests/accountd-kid
+@@ -23,6 +23,7 @@ EOF
+
+ SOCKET=~lacme-account/S.lacme
+ runuser -u lacme-account -- lacme-accountd --socket="$SOCKET" --quiet & PID=$!
++sleep 1
+
+ # newAccount resource fails as per RFC 8555 sec. 6.2 it requires a JWK
+ ! lacme --socket="$SOCKET" account 2>"$STDERR" || fail
+@@ -37,6 +38,7 @@ wait
+
+ rm ~lacme-account/.local/share/lacme/accountd.log
+ runuser -u lacme-account -- lacme-accountd --socket="$SOCKET" --quiet & PID=$!
++sleep 1
+
+ # newOrder works fine without JWK
+ lacme --socket="$SOCKET" newOrder
+@@ -46,7 +48,7 @@ test /etc/lacme/simpletest.rsa.crt -nt /etc/lacme/simpletest.rsa.key
+ lacme --socket="$SOCKET" revokeCert /etc/lacme/simpletest.rsa.crt
+ ! lacme --socket="$SOCKET" revokeCert /etc/lacme/simpletest.rsa.crt 2>"$STDERR" || fail
+ grepstderr -Fxq "Revoking /etc/lacme/simpletest.rsa.crt"
+-grepstderr -Fxq "400 Bad Request (Certificate already revoked)"
++grepstderr -Fq "400 Bad Request (unable to revoke"
+ grepstderr -Fxq "Warning: Couldn't revoke /etc/lacme/simpletest.rsa.crt"
+
+ kill $PID
+diff --git a/tests/cert-install b/tests/cert-install
+index 69faae4..dfb882a 100644
+--- a/tests/cert-install
++++ b/tests/cert-install
+@@ -79,7 +79,7 @@ check_chain() {
+
+ # 'certificate' installs only the leaf certificate
+ openssl genpkey -algorithm RSA -out /etc/lacme/test1.key
+-subject="/CN=$(head -c10 /dev/urandom | base32 -w0).$DOMAINNAME"
++subject="/CN=$(head -c10 /dev/urandom | base32 -w0 | tr "A-Z" "a-z").$DOMAINNAME"
+ cat >"/etc/lacme/lacme-certs.conf.d/test1.conf" <<- EOF
+ [test1]
+ certificate-key = /etc/lacme/test1.key
+diff --git a/tests/cert-revoke b/tests/cert-revoke
+index f3d585e..179ccba 100644
+--- a/tests/cert-revoke
++++ b/tests/cert-revoke
+@@ -18,7 +18,7 @@ test /etc/lacme/simpletest.ecdsa.crt -nt /etc/lacme/simpletest.ecdsa.key
+ lacme revokeCert /etc/lacme/simpletest.ecdsa.crt
+ ! lacme revokeCert /etc/lacme/simpletest.ecdsa.crt 2>"$STDERR" || fail
+ grepstderr -Fxq "Revoking /etc/lacme/simpletest.ecdsa.crt"
+-grepstderr -Fxq "400 Bad Request (Certificate already revoked)"
++grepstderr -Fq "400 Bad Request (unable to revoke"
+ grepstderr -Fxq "Warning: Couldn't revoke /etc/lacme/simpletest.ecdsa.crt"
+
+ # and the RSA certificate using the service key
+@@ -26,7 +26,7 @@ mv -vfT /etc/lacme/simpletest.rsa.key /etc/lacme/account.key
+ lacme revokeCert /etc/lacme/simpletest.rsa.crt
+ ! lacme revokeCert /etc/lacme/simpletest.rsa.crt 2>"$STDERR" || fail
+ grepstderr -Fxq "Revoking /etc/lacme/simpletest.rsa.crt"
+-grepstderr -Fxq "400 Bad Request (Certificate already revoked)"
++grepstderr -Fq "400 Bad Request (unable to revoke"
+ grepstderr -Fxq "Warning: Couldn't revoke /etc/lacme/simpletest.rsa.crt"
+
+ # vim: set filetype=sh :
+diff --git a/tests/cert-verify b/tests/cert-verify
+index 49629f2..7d27c98 100644
+--- a/tests/cert-verify
++++ b/tests/cert-verify
+@@ -8,9 +8,9 @@ for ca in /usr/share/lacme/letsencrypt-stg-root-*.pem; do
+ done
+ update-ca-certificates
+
+-# test (modified) trust store for intermediate certificates
+-openssl verify -no-CAfile -CApath /etc/ssl/certs -show_chain /usr/share/lacme/letsencrypt-stg-int-*.pem
+-openssl verify -no-CApath -CAfile /etc/ssl/certs/ca-certificates.crt -show_chain /usr/share/lacme/letsencrypt-stg-int-*.pem
++# test (modified) trust store
++openssl verify -no-CAfile -CApath /etc/ssl/certs -show_chain /usr/share/lacme/letsencrypt-stg-root-x1.pem
++openssl verify -no-CApath -CAfile /etc/ssl/certs/ca-certificates.crt -show_chain /usr/share/lacme/letsencrypt-stg-root-x1.pem
+
+ mv /usr/share/lacme/ca-certificates.crt /usr/share/lacme/ca-certificates.crt.back
+ ! lacme newOrder 2>"$STDERR" || fail
+@@ -20,19 +20,7 @@ grepstderr -Fxq "[simpletest-rsa] Error: Received invalid X.509 certificate from
+ # verification error for unrelated CA bundle
+ cat /etc/ssl/certs/ssl-cert-snakeoil.pem >/usr/share/lacme/ca-certificates.crt
+ ! lacme newOrder 2>"$STDERR" || fail
+-grepstderr -Fxq "error 20 at 0 depth lookup: unable to get local issuer certificate"
+-grepstderr -Fxq "[simpletest-rsa] Error: Received invalid X.509 certificate from ACME server!"
+-
+-# verification error when the CA bundle contains only the root certificates
+-cat /usr/share/lacme/letsencrypt-stg-root-*.pem >/usr/share/lacme/ca-certificates.crt
+-! lacme newOrder 2>"$STDERR" || fail
+-grepstderr -Fxq "error 20 at 0 depth lookup: unable to get local issuer certificate"
+-grepstderr -Fxq "[simpletest-rsa] Error: Received invalid X.509 certificate from ACME server!"
+-
+-# verification error when the CA bundle contains only the intermediate certificates
+-cat /usr/share/lacme/letsencrypt-stg-int-*.pem >/usr/share/lacme/ca-certificates.crt
+-! lacme newOrder 2>"$STDERR" || fail
+-grepstderr -Fxq "error 2 at 1 depth lookup: unable to get issuer certificate"
++grepstderr -Fxq "error 20 at 1 depth lookup: unable to get local issuer certificate"
+ grepstderr -Fxq "[simpletest-rsa] Error: Received invalid X.509 certificate from ACME server!"
+
+ # use saved bundle as custom CAfile
+diff --git a/tests/old-accountd b/tests/old-accountd
+index b44f7ec..abd330d 100644
+--- a/tests/old-accountd
++++ b/tests/old-accountd
+@@ -21,6 +21,7 @@ DEBIAN_FRONTEND="noninteractive" apt install -y --no-install-recommends \
+
+ SOCKET=~lacme-account/S.lacme
+ runuser -u lacme-account -- lacme-accountd --socket="$SOCKET" & PID=$!
++sleep 1
+ lacme --socket="$SOCKET" account
+ lacme --socket="$SOCKET" newOrder
+
+diff --git a/tests/old-lacme b/tests/old-lacme
+index fa7d827..b1c9f88 100644
+--- a/tests/old-lacme
++++ b/tests/old-lacme
+@@ -26,6 +26,7 @@ mv -f /usr/share/lacme/ca-certificates.crt.back /usr/share/lacme/ca-certificates
+
+ SOCKET=~lacme-account/S.lacme
+ runuser -u lacme-account -- lacme-accountd --socket="$SOCKET" & PID=$!
++sleep 1
+ sed -ri "s/^\[accountd]$/#&/" /etc/lacme/lacme.conf # https://bugs.debian.org/955767
+ lacme --socket="$SOCKET" account
+ lacme --socket="$SOCKET" newOrder
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 09:51:39 +0000