From 11d971bc07ceb4359565e6611ae03a0c0134d153 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Fri, 19 Feb 2021 23:22:15 +0100 Subject: Add test suite against Let's Encrypt's staging environment. https://letsencrypt.org/docs/staging-environment/ --- tests/accountd | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 tests/accountd (limited to 'tests/accountd') diff --git a/tests/accountd b/tests/accountd new file mode 100644 index 0000000..2f3985f --- /dev/null +++ b/tests/accountd @@ -0,0 +1,64 @@ +# Use a separate accountd server process + +adduser --disabled-password \ + --home /home/lacme-account \ + --gecos "lacme account user" \ + --quiet lacme-account + +# non-existent parent directory +! lacme --socket="/nonexistent/S.lacme" account 2>"$STDERR" || fail +grepstderr -Fxq "stat(/nonexistent): No such file or directory" + +# word-writable parent directory +! lacme --socket="/tmp/S.lacme" account 2>"$STDERR" || fail +grepstderr -Fxq "Error: insecure permissions on /tmp" + +# missing socket +SOCKET=~lacme-account/S.lacme +! lacme --socket="$SOCKET" account 2>"$STDERR" || fail +grepstderr -Fxq "Can't stat $SOCKET: No such file or directory (Is lacme-accountd running?)" + +####################################################################### + +install -olacme-account -glacme-account -Ddm0700 ~lacme-account/.config/lacme +mv -t ~lacme-account/.config/lacme /etc/lacme/account.key +chown lacme-account: ~lacme-account/.config/lacme/account.key + +cat >~lacme-account/.config/lacme/lacme-accountd.conf <<-EOF + privkey = file:/home/lacme-account/.config/lacme/account.key +EOF + +# non-existent parent directory +! runuser -u lacme-account -- lacme-accountd --socket="/nonexistent/S.lacme" 2>"$STDERR" || fail +grepstderr -Fxq "stat(/nonexistent): No such file or directory" + +# word-writable parent directory +! runuser -u lacme-account -- lacme-accountd --socket="/tmp/S.lacme" account 2>"$STDERR" || fail +grepstderr -Fxq "Error: insecure permissions on /tmp" + +# non-existent $XDG_RUNTIME_DIR +! runuser -u lacme-account -- env XDG_RUNTIME_DIR="/nonexistent" lacme-accountd 2>"$STDERR" || fail +grepstderr -Fxq "stat(/nonexistent): No such file or directory" + +# test running accountd +runuser -u lacme-account -- env XDG_RUNTIME_DIR=/home/lacme-account lacme-accountd --debug 2>"$STDERR" & PID=$! +sleep 1 +kill $PID || fail +wait || fail +grepstderr -Fxq "Using configuration file: /home/lacme-account/.config/lacme/lacme-accountd.conf" +grepstderr -Fxq "Starting lacme Account Key Manager at /home/lacme-account/S.lacme" + +# spawn accountd +runuser -u lacme-account -- lacme-accountd --socket="$SOCKET" --quiet & PID=$! + +# run lacme(8) multiple times using that single lacme-accountd(1) instance +lacme --socket="$SOCKET" account 2>"$STDERR" || fail +lacme --socket="$SOCKET" newOrder 2>"$STDERR" || fail +test /etc/lacme/simpletest.rsa.crt -nt /etc/lacme/simpletest.rsa.key + +# terminate accountd and check that it removes the socket +kill $PID +wait +! test -e "$SOCKET" + +# vim: set filetype=sh : -- cgit v1.2.3 From 0ef94d85e58497dcb2c4c954cadcac918032467a Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 18 Feb 2021 21:07:01 +0100 Subject: Add %-specifiers support. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit lacme(8): for --config=, --socket=, --config-certs= (and ‘socket’/ ‘config-certs’/‘challenge-directory’ configuration options *before* privilege drop; and for the [accountd] section ‘command’/‘config’ configuration options *after* privilege drop). lacme-accountd(1): for --config=, --socket= and --privkey= (and ‘socket’/‘privkey’ configuration options). This also changes the default configuration file location. lacme(8) and lacme-accountd(1) now respectively use /etc/lacme/lacme.conf resp. /etc/lacme/lacme-accountd.conf when running as root, and $XDG_CONFIG_HOME/lacme/lacme.conf resp. $XDG_CONFIG_HOME/lacme/lacme-accountd.conf when running as a normal user. There is no fallback to /etc anymore. --- tests/accountd | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'tests/accountd') diff --git a/tests/accountd b/tests/accountd index 2f3985f..4626c78 100644 --- a/tests/accountd +++ b/tests/accountd @@ -20,12 +20,17 @@ grepstderr -Fxq "Can't stat $SOCKET: No such file or directory (Is lacme-account ####################################################################### +# missing configuration at default location +! runuser -u lacme-account -- lacme-accountd --debug 2>"$STDERR" || fail +grepstderr -Fxq "Ignoring missing configuration file at default location /home/lacme-account/.config/lacme/lacme-accountd.conf" +grepstderr -Fxq "Error: 'privkey' is not specified" + install -olacme-account -glacme-account -Ddm0700 ~lacme-account/.config/lacme mv -t ~lacme-account/.config/lacme /etc/lacme/account.key chown lacme-account: ~lacme-account/.config/lacme/account.key cat >~lacme-account/.config/lacme/lacme-accountd.conf <<-EOF - privkey = file:/home/lacme-account/.config/lacme/account.key + privkey = file:%E/lacme/account.key EOF # non-existent parent directory @@ -33,9 +38,13 @@ EOF grepstderr -Fxq "stat(/nonexistent): No such file or directory" # word-writable parent directory -! runuser -u lacme-account -- lacme-accountd --socket="/tmp/S.lacme" account 2>"$STDERR" || fail +! runuser -u lacme-account -- lacme-accountd --socket="%T/S.lacme" account 2>"$STDERR" || fail grepstderr -Fxq "Error: insecure permissions on /tmp" +# unset XDG_RUNTIME_DIR +! runuser -u lacme-account -- lacme-accountd 2>"$STDERR" || fail +grepstderr "Error: undefined expansion %t in \"%t/S.lacme\"" + # non-existent $XDG_RUNTIME_DIR ! runuser -u lacme-account -- env XDG_RUNTIME_DIR="/nonexistent" lacme-accountd 2>"$STDERR" || fail grepstderr -Fxq "stat(/nonexistent): No such file or directory" -- cgit v1.2.3 From 74c0a11722cf1e01b9a9834e89a07b55eaf01080 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sat, 20 Feb 2021 22:05:18 +0100 Subject: lacme-accountd: new setting 'logfile' to log signature requests. Prefixed with a timestamp. --- tests/accountd | 27 ++++++++++++++++++++------- 1 file changed, 20 insertions(+), 7 deletions(-) (limited to 'tests/accountd') diff --git a/tests/accountd b/tests/accountd index 4626c78..2798465 100644 --- a/tests/accountd +++ b/tests/accountd @@ -7,11 +7,11 @@ adduser --disabled-password \ # non-existent parent directory ! lacme --socket="/nonexistent/S.lacme" account 2>"$STDERR" || fail -grepstderr -Fxq "stat(/nonexistent): No such file or directory" +grepstderr -Fxq "Error: stat(/nonexistent): No such file or directory" # word-writable parent directory ! lacme --socket="/tmp/S.lacme" account 2>"$STDERR" || fail -grepstderr -Fxq "Error: insecure permissions on /tmp" +grepstderr -Fxq "Error: Insecure permissions on /tmp" # missing socket SOCKET=~lacme-account/S.lacme @@ -25,21 +25,23 @@ grepstderr -Fxq "Can't stat $SOCKET: No such file or directory (Is lacme-account grepstderr -Fxq "Ignoring missing configuration file at default location /home/lacme-account/.config/lacme/lacme-accountd.conf" grepstderr -Fxq "Error: 'privkey' is not specified" -install -olacme-account -glacme-account -Ddm0700 ~lacme-account/.config/lacme +install -olacme-account -glacme-account -Ddm0700 -- \ + ~lacme-account/.config/lacme ~lacme-account/.local/share/lacme mv -t ~lacme-account/.config/lacme /etc/lacme/account.key chown lacme-account: ~lacme-account/.config/lacme/account.key cat >~lacme-account/.config/lacme/lacme-accountd.conf <<-EOF privkey = file:%E/lacme/account.key + logfile = %h/.local/share/lacme/accountd.log EOF # non-existent parent directory ! runuser -u lacme-account -- lacme-accountd --socket="/nonexistent/S.lacme" 2>"$STDERR" || fail -grepstderr -Fxq "stat(/nonexistent): No such file or directory" +grepstderr -Fxq "Error: stat(/nonexistent): No such file or directory" # word-writable parent directory ! runuser -u lacme-account -- lacme-accountd --socket="%T/S.lacme" account 2>"$STDERR" || fail -grepstderr -Fxq "Error: insecure permissions on /tmp" +grepstderr -Fxq "Error: Insecure permissions on /tmp" # unset XDG_RUNTIME_DIR ! runuser -u lacme-account -- lacme-accountd 2>"$STDERR" || fail @@ -47,7 +49,7 @@ grepstderr "Error: undefined expansion %t in \"%t/S.lacme\"" # non-existent $XDG_RUNTIME_DIR ! runuser -u lacme-account -- env XDG_RUNTIME_DIR="/nonexistent" lacme-accountd 2>"$STDERR" || fail -grepstderr -Fxq "stat(/nonexistent): No such file or directory" +grepstderr -Fxq "Error: stat(/nonexistent): No such file or directory" # test running accountd runuser -u lacme-account -- env XDG_RUNTIME_DIR=/home/lacme-account lacme-accountd --debug 2>"$STDERR" & PID=$! @@ -57,7 +59,11 @@ wait || fail grepstderr -Fxq "Using configuration file: /home/lacme-account/.config/lacme/lacme-accountd.conf" grepstderr -Fxq "Starting lacme Account Key Manager at /home/lacme-account/S.lacme" -# spawn accountd +# make sure errors are logged too +grep -F "Error: " ~lacme-account/.local/share/lacme/accountd.log + +# rotate the log and start accountd +rm -f ~lacme-account/.local/share/lacme/accountd.log runuser -u lacme-account -- lacme-accountd --socket="$SOCKET" --quiet & PID=$! # run lacme(8) multiple times using that single lacme-accountd(1) instance @@ -70,4 +76,11 @@ kill $PID wait ! test -e "$SOCKET" +# ensure signature requests are logged +grep -Fq "Starting lacme Account Key Manager at /home/lacme-account/S.lacme" ~lacme-account/.local/share/lacme/accountd.log +grep -Fq "[0] >>> Accepted new connection" ~lacme-account/.local/share/lacme/accountd.log +grep -Fq "[1] >>> Accepted new connection" ~lacme-account/.local/share/lacme/accountd.log +grep -Fq "Shutting down and closing lacme Account Key Manager" ~lacme-account/.local/share/lacme/accountd.log +grep -F ">>> Incoming signature request for " ~lacme-account/.local/share/lacme/accountd.log + # vim: set filetype=sh : -- cgit v1.2.3 From d56b957dbae6c8214d50ce88d0ea04eb4654b843 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sun, 21 Feb 2021 17:34:51 +0100 Subject: wording --- tests/accountd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tests/accountd') diff --git a/tests/accountd b/tests/accountd index 2798465..c82a05d 100644 --- a/tests/accountd +++ b/tests/accountd @@ -45,7 +45,7 @@ grepstderr -Fxq "Error: Insecure permissions on /tmp" # unset XDG_RUNTIME_DIR ! runuser -u lacme-account -- lacme-accountd 2>"$STDERR" || fail -grepstderr "Error: undefined expansion %t in \"%t/S.lacme\"" +grepstderr "Error: Undefined expansion %t in \"%t/S.lacme\"" # non-existent $XDG_RUNTIME_DIR ! runuser -u lacme-account -- env XDG_RUNTIME_DIR="/nonexistent" lacme-accountd 2>"$STDERR" || fail -- cgit v1.2.3 From 1bdaeae835b5c9914f9c2107efda150d643cda12 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sun, 21 Feb 2021 19:54:25 +0100 Subject: accountd: Improve log message for incoming requests. --- tests/accountd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tests/accountd') diff --git a/tests/accountd b/tests/accountd index c82a05d..9acb33f 100644 --- a/tests/accountd +++ b/tests/accountd @@ -81,6 +81,6 @@ grep -Fq "Starting lacme Account Key Manager at /home/lacme-account/S.lacme" ~la grep -Fq "[0] >>> Accepted new connection" ~lacme-account/.local/share/lacme/accountd.log grep -Fq "[1] >>> Accepted new connection" ~lacme-account/.local/share/lacme/accountd.log grep -Fq "Shutting down and closing lacme Account Key Manager" ~lacme-account/.local/share/lacme/accountd.log -grep -F ">>> Incoming signature request for " ~lacme-account/.local/share/lacme/accountd.log +grep -F ">>> OK signing request:" ~lacme-account/.local/share/lacme/accountd.log # vim: set filetype=sh : -- cgit v1.2.3 From 903309cb8364047a2939fb6d3cb06da8ecc32726 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 22 Feb 2021 03:19:38 +0100 Subject: tests: Check presence of extra greeting data. --- tests/accountd | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'tests/accountd') diff --git a/tests/accountd b/tests/accountd index 9acb33f..a603c16 100644 --- a/tests/accountd +++ b/tests/accountd @@ -67,7 +67,8 @@ rm -f ~lacme-account/.local/share/lacme/accountd.log runuser -u lacme-account -- lacme-accountd --socket="$SOCKET" --quiet & PID=$! # run lacme(8) multiple times using that single lacme-accountd(1) instance -lacme --socket="$SOCKET" account 2>"$STDERR" || fail +lacme --socket="$SOCKET" --debug account 2>"$STDERR" || fail +grepstderr -F "Received extra greeting data from accountd:" lacme --socket="$SOCKET" newOrder 2>"$STDERR" || fail test /etc/lacme/simpletest.rsa.crt -nt /etc/lacme/simpletest.rsa.key -- cgit v1.2.3