# Use a separate accountd server process adduser --disabled-password \ --home /home/lacme-account \ --gecos "lacme account user" \ --quiet lacme-account # non-existent parent directory ! lacme --socket="/nonexistent/S.lacme" account 2>"$STDERR" || fail grepstderr -Fxq "Error: stat(/nonexistent): No such file or directory" # word-writable parent directory ! lacme --socket="/tmp/S.lacme" account 2>"$STDERR" || fail grepstderr -Fxq "Error: Insecure permissions on /tmp" # missing socket SOCKET=~lacme-account/S.lacme ! lacme --socket="$SOCKET" account 2>"$STDERR" || fail grepstderr -Fxq "Can't stat $SOCKET: No such file or directory (Is lacme-accountd running?)" ####################################################################### # missing configuration at default location ! runuser -u lacme-account -- lacme-accountd --debug 2>"$STDERR" || fail grepstderr -Fxq "Ignoring missing configuration file at default location /home/lacme-account/.config/lacme/lacme-accountd.conf" grepstderr -Fxq "Error: 'privkey' is not specified" install -olacme-account -glacme-account -Ddm0700 -- \ ~lacme-account/.config/lacme ~lacme-account/.local/share/lacme mv -t ~lacme-account/.config/lacme /etc/lacme/account.key chown lacme-account: ~lacme-account/.config/lacme/account.key cat >~lacme-account/.config/lacme/lacme-accountd.conf <<-EOF privkey = file:%E/lacme/account.key logfile = %h/.local/share/lacme/accountd.log EOF # non-existent parent directory ! runuser -u lacme-account -- lacme-accountd --socket="/nonexistent/S.lacme" 2>"$STDERR" || fail grepstderr -Fxq "Error: stat(/nonexistent): No such file or directory" # word-writable parent directory ! runuser -u lacme-account -- lacme-accountd --socket="%T/S.lacme" account 2>"$STDERR" || fail grepstderr -Fxq "Error: Insecure permissions on /tmp" # unset XDG_RUNTIME_DIR ! runuser -u lacme-account -- lacme-accountd 2>"$STDERR" || fail grepstderr "Error: Undefined expansion %t in \"%t/S.lacme\"" # non-existent $XDG_RUNTIME_DIR ! runuser -u lacme-account -- env XDG_RUNTIME_DIR="/nonexistent" lacme-accountd 2>"$STDERR" || fail grepstderr -Fxq "Error: stat(/nonexistent): No such file or directory" # test running accountd runuser -u lacme-account -- env XDG_RUNTIME_DIR=/home/lacme-account lacme-accountd --debug 2>"$STDERR" & PID=$! sleep 1 kill $PID || fail wait || fail grepstderr -Fxq "Using configuration file: /home/lacme-account/.config/lacme/lacme-accountd.conf" grepstderr -Fxq "Starting lacme Account Key Manager at /home/lacme-account/S.lacme" # make sure errors are logged too grep -F "Error: " ~lacme-account/.local/share/lacme/accountd.log # rotate the log and start accountd rm -f ~lacme-account/.local/share/lacme/accountd.log runuser -u lacme-account -- lacme-accountd --socket="$SOCKET" --quiet & PID=$! sleep 1 # run lacme(8) multiple times using that single lacme-accountd(1) instance lacme --socket="$SOCKET" --debug account 2>"$STDERR" || fail grepstderr -F "Received extra greeting data from accountd:" lacme --socket="$SOCKET" newOrder 2>"$STDERR" || fail test /etc/lacme/simpletest.rsa.crt -nt /etc/lacme/simpletest.rsa.key # terminate accountd and check that it removes the socket kill $PID wait ! test -e "$SOCKET" # ensure signature requests are logged grep -Fq "Starting lacme Account Key Manager at /home/lacme-account/S.lacme" ~lacme-account/.local/share/lacme/accountd.log grep -Fq "[0] Accepted new connection" ~lacme-account/.local/share/lacme/accountd.log grep -Fq "[1] Accepted new connection" ~lacme-account/.local/share/lacme/accountd.log grep -Fq "Shutting down and closing lacme Account Key Manager" ~lacme-account/.local/share/lacme/accountd.log grep -F "] SIGNED header=base64url({" ~lacme-account/.local/share/lacme/accountd.log # vim: set filetype=sh :