diff --git a/getssl b/getssl index c8dfde79..aeb32449 100755 --- a/getssl +++ b/getssl @@ -288,10 +288,11 @@ CA="https://acme-staging-v02.api.letsencrypt.org/directory" CHALLENGE_CHECK_TYPE="http" CHECK_REMOTE_WAIT=0 CHECK_REMOTE="true" -LIMIT_API="https://api.github.com/rate_limit" if [[ -n "${GITHUB_REPOSITORY}" ]] ; then + CODE_LOCATION="https://raw.githubusercontent.com/${GITHUB_REPOSITORY}/getssl/master/getssl" RELEASE_API="https://api.github.com/repos/${GITHUB_REPOSITORY}/releases/latest" else + CODE_LOCATION="https://raw.githubusercontent.com/srvrco/getssl/master/getssl" RELEASE_API="https://api.github.com/repos/srvrco/getssl/releases/latest" fi CSR_SUBJECT="/" @@ -317,7 +318,6 @@ REUSE_PRIVATE_KEY="true" SERVER_TYPE="https" SKIP_HTTP_TOKEN_CHECK="false" SSLCONF="$(openssl version -d 2>/dev/null| cut -d\" -f2)/openssl.cnf" -TEMP_UPGRADE_DIR="" TOKEN_USER_ID="" USE_SINGLE_ACL="false" WORKING_DIR_CANDIDATES=("/etc/getssl" "${PROGDIR}/conf" "${PROGDIR}/.getssl" "${HOME}/.getssl") @@ -348,7 +348,6 @@ _QUIET=0 _RECREATE_CSR=0 _REDIRECT_OUTPUT="1>/dev/null 2>&1" _REVOKE=0 -_RUNNING_TEST=0 _TEST_SKIP_CNAME_CALL=0 _TEST_SKIP_SOA_CALL=0 _UPGRADE=0 @@ -552,7 +551,7 @@ check_challenge_completion_dns() { # perform validation via DNS challenge # add +noidnout if idn-domain so search for domain in results works if [[ "${d}" == xn--* || "${d}" == *".xn--"* ]]; then if [[ "$DNS_CHECK_FUNC" == "nslookup" || "$DNS_CHECK_FUNC" == "host" || ("$DNS_CHECK_FUNC" == "dig" && "$DIG_SUPPORTS_NOIDNOUT" == "false") ]]; then - info "Warning: idn domain but $DNS_CHECK_FUNC doesn't support +noidnout" + info "Info: idn domain but $DNS_CHECK_FUNC doesn't support +noidnout" else debug "adding +noidnout to DNS_CHECK_OPTIONS" DNS_CHECK_OPTIONS="$DNS_CHECK_OPTIONS +noidnout" @@ -604,9 +603,9 @@ check_challenge_completion_dns() { # perform validation via DNS challenge ntries=$(( ntries + 1 )) if [[ $DNS_WAIT_RETRY_ADD == "true" && $(( ntries % 10 )) == 0 ]]; then - test_output "Deleting DNS RR via command: ${DNS_DEL_COMMAND}" + debug "Deleting DNS via command: ${DNS_DEL_COMMAND}" del_dns_rr "${d}" "${auth_key}" - test_output "Retrying adding DNS via command: ${DNS_ADD_COMMAND}" + debug "Retrying adding DNS via command: ${DNS_ADD_COMMAND}" add_dns_rr "${d}" "${auth_key}" \ || error_exit "DNS_ADD_COMMAND failed for domain ${d}" fi @@ -764,45 +763,16 @@ check_config() { # check the config files for all obvious errors debug "${DOMAIN}: check_config completed - all OK" } -# Quota generally shouldn't be an issue - except for tests -# Rate limits are per-IP address -check_github_quota() { - local need remaining reset limits now - need="$1" - while true ; do - limits="$(curl ${_NOMETER:---silent} --user-agent "$CURL_USERAGENT" -H 'Accept: application/vnd.github.v3+json' "$LIMIT_API" | sed -e's/\("[^:]*": *\("[^""]*",\|[^,]*[,}]\)\)/\r\n\1/g' | sed -ne'/"core":/,/}/p')" - errcode=$? - if [[ $errcode -eq 60 ]]; then - error_exit "curl needs updating, your version does not support SNI (multiple SSL domains on a single IP)" - elif [[ $errcode -gt 0 ]]; then - error_exit "curl error checking releases: $errcode" - fi - limits="$(sed -e's/^ *//g' <<<"${limits}")" - remaining="$(sed -e'/^"remaining": *[0-9]/!d;s/^"remaining": *\([0-9][0-9]*\).*$/\1/' <<<"${limits}")" - reset="$(sed -e'/^"reset": *[0-9]/!d;s/^"reset": *\([0-9][0-9]*\).*$/\1/' <<<"${limits}")" - if [[ "$remaining" -ge "$need" ]] ; then return 0 ; fi - limit="$(sed -e'/^"limit": *[0-9]/!d;s/^"limit": *\([0-9][0-9]*\).*$/\1/' <<<"${limits}")" - if [[ "$limit" -lt "$need" ]] ; then - error_exit "GitHub API request $need exceeds limit $limit" - fi - now="$(date +%s)" - while [[ "$now" -lt "$reset" ]] ; do - info "sleeping $(( "$reset" - "$now" )) seconds for GitHub quota" - sleep "$(( "$reset" - "$now" ))" - now="$(date +%s)" - done - done -} check_getssl_upgrade() { # check if a more recent release is available - check_github_quota 2 # Check GitHub for latest stable release, or a specified tag if [[ -n "$_UPGRADE_TO_TAG" ]]; then RELEASE_API="$RELEASE_API/tags/$_UPGRADE_TO_TAG" fi - local release_data release_tag release_ver local_ver release_desc release_url release_tar NEWCMD + local release_data release_tag release_ver local_ver release_desc NEWCMD debug "Checking for releases at $RELEASE_API" # Sometimes the json is pretty-printed, sometimes not. Loosely tied to --user-agent, but not # always. Normalize it enough to get the 3 elements necessary. Oh, for jq... + # shellcheck disable=SC2086 release_data="$(curl ${_NOMETER:---silent} --user-agent "$CURL_USERAGENT" -H 'Accept: application/vnd.github.v3+json' "$RELEASE_API" | sed -e's/\("[^:]*": *\("[^""]*",\|[^,]*[,}]\)\)/\r\n\1/g')" errcode=$? if [[ $errcode -eq 60 ]]; then @@ -810,7 +780,8 @@ check_getssl_upgrade() { # check if a more recent release is available elif [[ $errcode -gt 0 ]]; then error_exit "curl error checking releases: $errcode" fi - debug "$release_data" + # Replace error in release description with _error (which is ignored by check_output_for_errors() in the tests) + debug "${release_data//error/_error}" release_data="$(sed -e's/^ *//g' <<<"${release_data}")" release_tag="$(sed -e'/^"tag_name": *"/!d;s/^"tag_name": *"\([^""]*\).*$/\1/' <<<"${release_data}")" if [[ "${release_tag:0:1}" != 'v' ]] ; then @@ -836,74 +807,47 @@ check_getssl_upgrade() { # check if a more recent release is available info "The easiest way is to use the -u or --upgrade flag" info "" info "Release ${release_tag} summary" - info "$release_desc" + # Replace error in release description with _error (which is ignored by check_output_for_errors() in the tests) + info "${release_desc//error/_error}" info "" fi return 0; fi - # Find, download, and unpack the tarball containing the selected release - release_url="$(sed -e'/^"tarball_url": *"/!d;s/^"tarball_url": *"\([^""]*\).*$/\1/' <<<"${release_data}")" - debug "Release url '$release_url'" - requires tar - TEMP_UPGRADE_DIR="$(mktemp -d 2>/dev/null || mktemp -d -t getssl.XXXXXXXX)" - if [ "$TEMP_UPGRADE_DIR" == "" ]; then + + # Download the latest tag + TEMP_UPGRADE_FILE="$(mktemp 2>/dev/null || mktemp -t getssl.XXXXXX)" + if [ "$TEMP_UPGRADE_FILE" == "" ]; then error_exit "mktemp failed" fi - release_tar="$TEMP_UPGRADE_DIR/getssl-${release_tag}.tgz" - debug "Downloading release to $release_tar" - check_github_quota 1 - curl ${_NOMETER:---silent} -L --user-agent "$CURL_USERAGENT" -H 'Accept: application/vnd.github.v3+json' "$release_url" --output "$release_tar" + CODE_LOCATION=$(sed -e"s/master/${release_tag}/" <<<"$CODE_LOCATION") + # shellcheck disable=SC2086 + curl ${_NOMETER:---silent} --user-agent "$CURL_USERAGENT" "$CODE_LOCATION" --output "$TEMP_UPGRADE_FILE" + errcode=$? if [[ $errcode -eq 60 ]]; then error_exit "curl needs updating, your version does not support SNI (multiple SSL domains on a single IP)" elif [[ $errcode -gt 0 ]]; then error_exit "curl error downloading release: $errcode" fi - if ! tar -C "${TEMP_UPGRADE_DIR}" --strip-components 1 -xzf "$release_tar" ; then - error_exit "failed to unpack release: $?" - fi - # Inhibit check for upgrades when running the new version - NEWCMD="$(sed -e's/ -\(u\|-upgrade\|U\|-nocheck\)//g;s/^\([^ ]* \)/\1--nocheck /' <<<"$ORIGCMD")" - # Install everything with make - if it's available - if [ -n "$(command -v 'make' 2>/dev/null)" ]; then - if [[ "${0%/usr/bin/getssl}" != "$0" ]] ; then - export DESTDIR="${0%/usr/bin/getssl}" - fi - if [[ ${_MUTE} -eq 0 ]]; then - if ! make -C "${TEMP_UPGRADE_DIR}" "install" ; then - error_exit "Installation failed: $?" - fi - else - if ! make -s -C "${TEMP_UPGRADE_DIR}" "install" >/dev/null ; then - error_exit "Installation failed: $?" - fi - fi - clean_up - if [[ ${_MUTE} -eq 0 ]]; then - info "Installed $release_tag, restarting with $NEWCMD" - fi - if ! eval "$NEWCMD"; then - error_exit "Running upgraded getssl failed" - fi - graceful_exit - fi - # Fall back to 'install' and just the main script. - if [[ ${_MUTE} -eq 0 ]]; then - info "'make' is not available. getssl will be installed, but support scripts will not be upgraded" - info "To stay completely up-to-date, please install make" - fi + if ! install "$0" "${0}.v${VERSION}"; then error_exit "problem renaming old version while updating, check permissions" fi - if ! install -m 700 "$TEMP_UPGRADE_DIR/getssl" "$0"; then + if ! install -m 700 "$TEMP_UPGRADE_FILE" "$0"; then error_exit "problem installing new version while updating, check permissions" fi + if [[ ${_MUTE} -eq 0 ]]; then - echo "Updated getssl from v${VERSION} to $release_tag" + echo "Updated getssl from v${VERSION} to v${release_tag}" echo "The old version remains as ${0}.v${VERSION} and should be removed" + echo "These update notifications can be turned off using the -Q option" + echo "" + echo "Updates are;" + awk "/\(${VERSION}\)$/ {s=1} s; /\(${release_tag}\)$/ || /^# ----/ {s=0}" "$TEMP_UPGRADE_FILE" | awk '{if(NR>1)print}' echo "" fi - # This version can't be removed since disappearing can confuse bash. + + # Delete old versions, but not the version just upgraded (which can't be removed since disappearing can confuse bash) declare -a getssl_versions shopt -s nullglob for getssl_version in "$0".v*; do @@ -915,6 +859,9 @@ check_getssl_upgrade() { # check if a more recent release is available if [[ -n "${getssl_versions[*]}" ]] ; then rm "${getssl_versions[@]}" fi + + # Inhibit check for upgrades when running the new version + NEWCMD="$(sed -e's/ -\(u\|-upgrade\|U\|-nocheck\)//g;s/^\([^ ]* \)/\1--nocheck /' <<<"$ORIGCMD")" clean_up if [[ ${_MUTE} -eq 0 ]]; then info "Installed $release_tag, restarting with $NEWCMD" @@ -922,6 +869,7 @@ check_getssl_upgrade() { # check if a more recent release is available if ! eval "$NEWCMD"; then error_exit "Running upgraded getssl failed" fi + graceful_exit } @@ -966,13 +914,6 @@ clean_up() { # Perform pre-exit housekeeping rm -rf "${TEMP_DIR:?}" fi fi - if [[ -n "$TEMP_UPGRADE_DIR" ]] && [[ -d "$TEMP_UPGRADE_DIR" ]]; then - if [ "${TEMP_UPGRADE_DIR}" -ef "/tmp" ]; then - info "Not going to delete TEMP_UPGRADE_DIR ${TEMP_UPGRADE_DIR} as it appears to be /tmp" - else - rm -rf "${TEMP_UPGRADE_DIR:?}" - fi - fi } copy_file_to_location() { # copies a file, using scp, sftp or ftp if required. @@ -1071,6 +1012,7 @@ copy_file_to_location() { # copies a file, using scp, sftp or ftp if required. fromfile=$(basename "$from") debug "davs user=$davsuser - pass=$davspass - host=$davshost port=$davsport dir=$davsdirn file=$davsfile" debug "from dir=$fromdir file=$fromfile" + # shellcheck disable=SC2086 curl ${_NOMETER} -u "${davsuser}:${davspass}" -T "${fromdir}/${fromfile}" "https://${davshost}:${davsport}${davsdirn}${davsfile}" elif [[ "${to:0:6}" == "ftpes:" ]] || [[ "${to:0:5}" == "ftps:" ]] ; then debug "using ftp to copy the file from $from" @@ -1139,7 +1081,7 @@ create_csr() { # create a csr using a given key (if it doesn't already exist) info "existing csr at $csr_file does not have the same domains as the config - re-create-csr" _RECREATE_CSR=1 else - test_output "Existing csr at $csr_file contains same domains as the config" + debug "Existing csr at $csr_file contains same domains as the config" fi fi # end of ... check if domain csr exists - if not then create it @@ -1272,9 +1214,9 @@ date_renew() { # calculates the renewal time in epoch debug() { # write out debug info if the debug flag has been set if [[ ${_USE_DEBUG} -eq 1 ]]; then - # If running tests then output in TAP format (for debugging tests) - if [[ ${_RUNNING_TEST} -eq 1 ]]; then - echo "# $(date "+%b %d %T") ${FUNCNAME[1]}:${BASH_LINENO[1]}" "$@" >&3 + # If running tests then verbose output (for debugging tests) + if [[ -n ${BATS_RUN_TMPDIR} ]]; then + echo "$(date "+%b %d %T") ${FUNCNAME[1]}:${BASH_LINENO[1]}" "$@" else echo " " echo "$@" @@ -1282,15 +1224,9 @@ debug() { # write out debug info if the debug flag has been set fi } -test_output() { # write out debug output for testing - if [[ ${_RUNNING_TEST} -eq 1 ]]; then - echo "#" "$@" - fi -} - error_exit() { # give error message on error exit echo -e "${PROGNAME}: ${1:-"Unknown Error"}" >&2 - if [[ ${_RUNNING_TEST} -eq 1 ]] || [[ ${_USE_DEBUG} -eq 1 ]] ; then + if [[ ${_USE_DEBUG} -eq 1 ]]; then traceback fi clean_up @@ -1507,6 +1443,7 @@ for d in "${alldomains[@]}"; do # ACME only allows port 80 (http), but redirects may use https. --insecure is used in case # those certificates are being renewed. Let's Encrypt does the same. In this case, we verify # that the correct data is returned, so this is safe. + # shellcheck disable=SC2086 if [[ ! "$(curl ${_NOMETER} --user-agent "$CURL_USERAGENT" --insecure --silent --location "$wellknown_url")" == "$keyauthorization" ]]; then error_exit "for some reason could not reach $wellknown_url - please check it manually" fi @@ -1577,11 +1514,8 @@ get_auth_dns() { # get the authoritative dns server for a domain (sets primary_n gad_s="@$gad_s" fi - # Check if domain is a CNAME, first - test_output "Using $HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS CNAME" - # Two options here; either dig CNAME will return the CNAME and the NS or just the CNAME - debug Checking for CNAME using "$HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS CNAME $gad_d $gad_s" + debug "Using $HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS CNAME $gad_d $gad_s" # shellcheck disable=SC2086 res=$($HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS CNAME "$gad_d" $gad_s| grep "^$gad_d") cname=$(echo "$res"| awk '$4 ~ "CNAME" {print $5}' |sed 's/\.$//g') @@ -1604,19 +1538,16 @@ get_auth_dns() { # get the authoritative dns server for a domain (sets primary_n if [[ -z "$res" ]] && [[ $_TEST_SKIP_SOA_CALL == 0 ]]; then # shellcheck disable=SC2086 if [[ "$HAS_DIG_OR_DRILL" == "drill" ]]; then - debug Using "$HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS -T $gad_d $gad_s" to find primary nameserver - test_output "Using $HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS SOA" + debug Using "$HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS -T SOA $gad_d $gad_s" to find primary nameserver res=$($HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS -T SOA "$gad_d" $gad_s 2>/dev/null | grep "IN\WNS\W") else debug Using "$HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS SOA +trace +nocomments $gad_d $gad_s" to find primary nameserver - test_output "Using $HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS SOA" res=$($HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS SOA +trace +nocomments "$gad_d" $gad_s 2>/dev/null | grep "IN\WNS\W") fi fi # Query for NS records if [[ -z "$res" ]]; then - test_output "Using $HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS NS" debug Using "$HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS NS $gad_d $gad_s" to find primary nameserver # shellcheck disable=SC2086 res=$($HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS NS "$gad_d" $gad_s | grep -E "IN\W(NS|SOA)\W") @@ -1646,7 +1577,7 @@ get_auth_dns() { # get the authoritative dns server for a domain (sets primary_n primary_ns="$primary_ns $PUBLIC_DNS_SERVER" fi - test_output set primary_ns ="$primary_ns" + debug set primary_ns ="$primary_ns" return fi @@ -1751,6 +1682,7 @@ get_certificate() { # get certificate for csr, if all domains validated. CertData=$(awk ' $1 ~ "^Location" {print $2}' "$CURL_HEADER" |tr -d '\r') if [[ "$CertData" ]] ; then echo -----BEGIN CERTIFICATE----- > "$gc_certfile" + # shellcheck disable=SC2086 curl ${_NOMETER} --user-agent "$CURL_USERAGENT" --silent "$CertData" | openssl base64 -e >> "$gc_certfile" echo -----END CERTIFICATE----- >> "$gc_certfile" info "Certificate saved in $CERT_FILE" @@ -1771,6 +1703,7 @@ get_certificate() { # get certificate for csr, if all domains validated. | sed 's/>//g') if [[ "$IssuerData" ]] ; then echo -----BEGIN CERTIFICATE----- > "$gc_cafile" + # shellcheck disable=SC2086 curl ${_NOMETER} --user-agent "$CURL_USERAGENT" --silent "$IssuerData" | openssl base64 -e >> "$gc_cafile" echo -----END CERTIFICATE----- >> "$gc_cafile" info "The intermediate CA cert is in $gc_cafile" @@ -1829,6 +1762,7 @@ get_certificate() { # get certificate for csr, if all domains validated. cp "$gc_certfile" "$gc_fullchain" while [[ -n "$issuer_url" ]]; do debug Fetching certificate issuer from "$issuer_url" + # shellcheck disable=SC2086 issuer_cert=$(curl ${_NOMETER} --user-agent "$CURL_USERAGENT" --silent "$issuer_url" | openssl x509 -inform der -outform pem) debug Fetched issuer certificate "$(echo "$issuer_cert" | openssl x509 -inform pem -noout -text | awk 'BEGIN {FS="Subject: "} NF==2 {print $2; exit}')" echo "$issuer_cert" >> "$gc_fullchain" @@ -1844,6 +1778,7 @@ get_certificate() { # get certificate for csr, if all domains validated. get_cr() { # get curl response url="$1" debug url "$url" + # shellcheck disable=SC2086 response=$(curl ${_NOMETER} --user-agent "$CURL_USERAGENT" --silent "$url") ret=$? debug response "${response//[$'\t\r\n']}" @@ -1967,12 +1902,12 @@ hex2bin() { # Remove spaces, add leading zero, escape as hex string ensuring no info() { # write out info as long as the quiet flag has not been set. if [[ ${_QUIET} -eq 0 ]]; then - # If running tests then output in TAP format as well (for debugging tests) - if [[ ${_RUNNING_TEST} -eq 1 ]]; then - echo "# $(date "+%b %d %T") ${FUNCNAME[1]}:${BASH_LINENO[1]}" "$@" >&3 + # If running tests then verbose output (for debugging tests) + if [[ -n ${BATS_RUN_TMPDIR} ]]; then + echo "$(date "+%b %d %T") ${FUNCNAME[1]}:${BASH_LINENO[1]}" "$@" + else + echo "$@" fi - - echo "$@" fi } @@ -2185,6 +2120,7 @@ obtain_ca_resource_locations() for suffix in "" "/directory" "/dir"; do # Obtain CA resource locations + # shellcheck disable=SC2086 ca_all_loc=$(curl ${_NOMETER} --user-agent "$CURL_USERAGENT" "${CA}${suffix}" 2>/dev/null) debug "ca_all_loc from ${CA}${suffix} gives $ca_all_loc" # APIv1 @@ -2756,12 +2692,6 @@ write_openssl_conf() { # write out a minimal openssl conf trap "signal_exit TERM" TERM HUP trap "signal_exit INT" INT -# When running tests, use debug mode to capture intermittent faults -# Test harness will Save output in a temporary file, which is displayed if an error occurs -if [[ ${_RUNNING_TEST} -eq 1 ]] ; then - _USE_DEBUG=1 -fi - # Parse command-line while [[ -n ${1+defined} ]]; do case $1 in @@ -2781,7 +2711,7 @@ while [[ -n ${1+defined} ]]; do -a | --all) _CHECK_ALL=1 ;; -k | --keep) - shift; + shift; echo "--keep has no effect" ;; -q | --quiet) _QUIET=1 ;; diff --git a/test/1-simple-http01-dig.bats b/test/1-simple-http01-dig.bats index 6c29ec67..1aab990b 100644 --- a/test/1-simple-http01-dig.bats +++ b/test/1-simple-http01-dig.bats @@ -7,7 +7,7 @@ load '/getssl/test/test_helper.bash' # This is run for every test setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt if [ -f /usr/bin/host ]; then mv /usr/bin/host /usr/bin/host.getssl.bak @@ -19,7 +19,7 @@ setup() { teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip if [ -f /usr/bin/host.getssl.bak ]; then mv /usr/bin/host.getssl.bak /usr/bin/host fi diff --git a/test/1-simple-http01-nslookup.bats b/test/1-simple-http01-nslookup.bats index aa71e1c4..447b4660 100644 --- a/test/1-simple-http01-nslookup.bats +++ b/test/1-simple-http01-nslookup.bats @@ -7,7 +7,7 @@ load '/getssl/test/test_helper.bash' # This is run for every test setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt if [ -f /usr/bin/dig ]; then mv /usr/bin/dig /usr/bin/dig.getssl.bak @@ -19,7 +19,7 @@ setup() { teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip if [ -f /usr/bin/dig.getssl.bak ]; then mv /usr/bin/dig.getssl.bak /usr/bin/dig fi diff --git a/test/1-simple-http01-two-acl.bats b/test/1-simple-http01-two-acl.bats index b4bb3f1a..1f3c7e83 100644 --- a/test/1-simple-http01-two-acl.bats +++ b/test/1-simple-http01-two-acl.bats @@ -7,11 +7,11 @@ load '/getssl/test/test_helper.bash' # This is run for every test teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip } setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt } @@ -23,9 +23,9 @@ setup() { CONFIG_FILE="getssl-http01-two-acl.cfg" setup_environment init_getssl - create_certificate -d + create_certificate assert_success assert_output --partial "to /var/www/html/.well-known/acme-challenge" assert_output --partial "to /var/webroot/html/.well-known/acme-challenge" - check_output_for_errors "debug" + check_output_for_errors } diff --git a/test/1-simple-http01.bats b/test/1-simple-http01.bats index 15205e17..6e5360da 100644 --- a/test/1-simple-http01.bats +++ b/test/1-simple-http01.bats @@ -7,11 +7,11 @@ load '/getssl/test/test_helper.bash' # This is run for every test teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip } setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt } diff --git a/test/10-mixed-case.bats b/test/10-mixed-case.bats index 382f19a4..d55cf8a4 100644 --- a/test/10-mixed-case.bats +++ b/test/10-mixed-case.bats @@ -7,11 +7,11 @@ load '/getssl/test/test_helper.bash' # This is run for every test teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip } setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" if [ -z "$STAGING" ]; then export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt fi diff --git a/test/11-test--install.bats b/test/11-test--install.bats index 186e8c68..e69cd4c7 100644 --- a/test/11-test--install.bats +++ b/test/11-test--install.bats @@ -7,11 +7,11 @@ load '/getssl/test/test_helper.bash' # This is run for every test teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip } setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt } @@ -38,8 +38,8 @@ setup() { assert_success check_output_for_errors - assert_line 'Verification completed, obtaining certificate.' - assert_line 'Requesting certificate' + assert_line --partial 'Verification completed, obtaining certificate.' + assert_line --partial 'Requesting certificate' refute [ -d '$HOME/.getssl' ] } @@ -57,8 +57,8 @@ setup() { assert_success check_output_for_errors - refute_line 'Verification completed, obtaining certificate.' - refute_line 'Requesting certificate' + refute_line --partial 'Verification completed, obtaining certificate.' + refute_line --partial 'Requesting certificate' assert_line --partial 'copying domain certificate to' assert_line --partial 'copying private key to' assert_line --partial 'copying CA certificate to' diff --git a/test/11-test-no-domain-storage.bats b/test/11-test-no-domain-storage.bats index f61db282..c2c11797 100644 --- a/test/11-test-no-domain-storage.bats +++ b/test/11-test-no-domain-storage.bats @@ -6,10 +6,10 @@ load '/getssl/test/test_helper.bash' setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" } teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip } @test "Check that if domain storage isn't set getssl doesn't try to delete /tmp" { @@ -23,5 +23,5 @@ teardown() { run ${CODE_DIR}/getssl -U -d -a assert_success check_output_for_errors - assert_line 'Not going to delete TEMP_DIR ///tmp as it appears to be /tmp' + assert_line --partial 'Not going to delete TEMP_DIR ///tmp as it appears to be /tmp' } diff --git a/test/12-auto-upgrade-v1.bats b/test/12-auto-upgrade-v1.bats index 1dc51394..a7cdb91b 100644 --- a/test/12-auto-upgrade-v1.bats +++ b/test/12-auto-upgrade-v1.bats @@ -6,12 +6,15 @@ load '/getssl/test/test_helper.bash' setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" } + + teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip } + @test "Check that auto upgrade to v2 doesn't change pebble url" { if [ -n "$STAGING" ]; then skip "Using staging server, skipping internal test" @@ -22,17 +25,10 @@ teardown() { cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/getssl.cfg" run ${CODE_DIR}/getssl -U -d --check-config "$GETSSL_CMD_HOST" assert_success - assert_line 'Using certificate issuer: https://pebble:14000/dir' + assert_line --partial 'Using certificate issuer: https://pebble:14000/dir' } -setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" -} -teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip -} - @test "Check that auto upgrade to v2 doesn't change v2 staging url" { if [ -n "$STAGING" ]; then skip "Using staging server, skipping internal test" @@ -43,17 +39,10 @@ teardown() { cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/getssl.cfg" run ${CODE_DIR}/getssl -U -d --check-config "$GETSSL_CMD_HOST" assert_success - assert_line 'Using certificate issuer: https://acme-staging-v02.api.letsencrypt.org/directory' + assert_line --partial 'Using certificate issuer: https://acme-staging-v02.api.letsencrypt.org/directory' } -setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" -} -teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip -} - @test "Check that auto upgrade to v2 doesn't change v2 prod url" { if [ -n "$STAGING" ]; then skip "Using staging server, skipping internal test" @@ -64,17 +53,10 @@ teardown() { cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/getssl.cfg" run ${CODE_DIR}/getssl -U -d --check-config "$GETSSL_CMD_HOST" assert_success - assert_line 'Using certificate issuer: https://acme-v02.api.letsencrypt.org/directory' + assert_line --partial 'Using certificate issuer: https://acme-v02.api.letsencrypt.org/directory' } -setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" -} -teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip -} - @test "Check that auto upgrade to v2 changes v1 staging to v2 staging url" { if [ -n "$STAGING" ]; then skip "Using staging server, skipping internal test" @@ -85,17 +67,10 @@ teardown() { cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/getssl.cfg" run ${CODE_DIR}/getssl -U -d --check-config "$GETSSL_CMD_HOST" assert_success - assert_line 'Using certificate issuer: https://acme-staging-v02.api.letsencrypt.org/directory' + assert_line --partial 'Using certificate issuer: https://acme-staging-v02.api.letsencrypt.org/directory' } -setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" -} -teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip -} - @test "Check that auto upgrade to v2 changes v1 prod to v2 prod url" { if [ -n "$STAGING" ]; then skip "Using staging server, skipping internal test" @@ -106,5 +81,5 @@ teardown() { cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/getssl.cfg" run ${CODE_DIR}/getssl -U -d --check-config "$GETSSL_CMD_HOST" assert_success - assert_line 'Using certificate issuer: https://acme-v02.api.letsencrypt.org/directory' + assert_line --partial 'Using certificate issuer: https://acme-v02.api.letsencrypt.org/directory' } diff --git a/test/13-notify-valid.bats b/test/13-notify-valid.bats index 6c061238..f3897444 100644 --- a/test/13-notify-valid.bats +++ b/test/13-notify-valid.bats @@ -7,11 +7,11 @@ load '/getssl/test/test_helper.bash' # This is run for every test teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip } setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt } diff --git a/test/14-test-revoke.bats b/test/14-test-revoke.bats index abc33cd5..b9ad81b6 100644 --- a/test/14-test-revoke.bats +++ b/test/14-test-revoke.bats @@ -7,11 +7,11 @@ load '/getssl/test/test_helper.bash' # This is run for every test teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip } setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" if [ -z "$STAGING" ]; then export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt fi @@ -45,5 +45,5 @@ setup() { run ${CODE_DIR}/getssl -U -d --revoke $CERT $KEY $CA assert_success - check_output_for_errors "debug" + check_output_for_errors } diff --git a/test/15-test-revoke-no-suffix.bats b/test/15-test-revoke-no-suffix.bats index 1eaa0600..20cfbc95 100644 --- a/test/15-test-revoke-no-suffix.bats +++ b/test/15-test-revoke-no-suffix.bats @@ -7,11 +7,11 @@ load '/getssl/test/test_helper.bash' # This is run for every test teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip } setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" if [ -z "$STAGING" ]; then export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt fi @@ -51,5 +51,5 @@ setup() { run ${CODE_DIR}/getssl -U -d --revoke $CERT $KEY $CA assert_success - check_output_for_errors "debug" + check_output_for_errors } diff --git a/test/16-test-bad-acl.bats b/test/16-test-bad-acl.bats index e2feec53..8c7bc9c3 100644 --- a/test/16-test-bad-acl.bats +++ b/test/16-test-bad-acl.bats @@ -7,11 +7,11 @@ load '/getssl/test/test_helper.bash' # This is run for every test teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip } setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt } diff --git a/test/17-test-spaces-in-sans-dns01.bats b/test/17-test-spaces-in-sans-dns01.bats index cc9efc74..f1bf7180 100644 --- a/test/17-test-spaces-in-sans-dns01.bats +++ b/test/17-test-spaces-in-sans-dns01.bats @@ -6,14 +6,32 @@ load '/getssl/test/test_helper.bash' # This is run for every test +setup() { + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" +} + + teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip } -setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + +setup_file() { + # Add hosts to DNS (also need to be added as aliases in docker-compose.yml) if [ -z "$STAGING" ]; then export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt + for prefix in a b c; do + curl --silent -X POST -d '{"host":"'$prefix.$GETSSL_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/add-a + done + fi +} + + +teardown_file() { + if [ -z "$STAGING" ]; then + for prefix in a b c; do + curl --silent -X POST -d '{"host":"'$prefix.$GETSSL_HOST'"}' http://10.30.50.3:8055/clear-a + done fi } @@ -25,11 +43,6 @@ setup() { CONFIG_FILE="getssl-dns01-spaces-sans.cfg" setup_environment - # Add hosts to DNS (also need to be added as aliases in docker-compose.yml) - for prefix in a b c; do - curl --silent -X POST -d '{"host":"'$prefix.$GETSSL_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/add-a - done - init_getssl create_certificate assert_success @@ -85,8 +98,4 @@ setup() { assert_success check_output_for_errors cleanup_environment - - for prefix in a b c; do - curl --silent -X POST -d '{"host":"'$prefix.$GETSSL_HOST'"}' http://10.30.50.3:8055/clear-a - done } diff --git a/test/17-test-spaces-in-sans-http01.bats b/test/17-test-spaces-in-sans-http01.bats index 86df5dc7..b785546c 100644 --- a/test/17-test-spaces-in-sans-http01.bats +++ b/test/17-test-spaces-in-sans-http01.bats @@ -6,15 +6,32 @@ load '/getssl/test/test_helper.bash' # This is run for every test +setup() { + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" +} + + teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip } -setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" +setup_file() { + # Add hosts to DNS (also need to be added as aliases in docker-compose.yml) if [ -z "$STAGING" ]; then export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt + for prefix in a b c; do + curl --silent -X POST -d '{"host":"'$prefix.$GETSSL_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/add-a + done + fi +} + + +teardown_file() { + if [ -z "$STAGING" ]; then + for prefix in a b c; do + curl --silent -X POST -d '{"host":"'$prefix.$GETSSL_HOST'"}' http://10.30.50.3:8055/clear-a + done fi } @@ -26,11 +43,6 @@ setup() { CONFIG_FILE="getssl-http01-spaces-sans.cfg" setup_environment - # Add hosts to DNS (also need to be added as aliases in docker-compose.yml) - for prefix in a b c; do - curl --silent -X POST -d '{"host":"'$prefix.$GETSSL_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/add-a - done - init_getssl create_certificate assert_success @@ -86,8 +98,4 @@ setup() { assert_success check_output_for_errors cleanup_environment - - for prefix in a b c; do - curl --silent -X POST -d '{"host":"'$prefix.$GETSSL_HOST'"}' http://10.30.50.3:8055/clear-a - done } diff --git a/test/18-retry-dns-add.bats b/test/18-retry-dns-add.bats index 80244aad..11ca7f38 100644 --- a/test/18-retry-dns-add.bats +++ b/test/18-retry-dns-add.bats @@ -6,11 +6,11 @@ load '/getssl/test/test_helper.bash' # This is run for every test teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip } setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt } @@ -35,7 +35,6 @@ DNS_EXTRA_WAIT=0 CHECK_ALL_AUTH_DNS="false" CHECK_PUBLIC_DNS_SERVER="false" DNS_WAIT_RETRY_ADD="true" -_RUNNING_TEST=1 EOF create_certificate assert_failure diff --git a/test/19-test-add-to-sans.bats b/test/19-test-add-to-sans.bats index 945432a9..ea9650cc 100644 --- a/test/19-test-add-to-sans.bats +++ b/test/19-test-add-to-sans.bats @@ -7,15 +7,23 @@ load '/getssl/test/test_helper.bash' # This is run for every test setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" +} + +teardown() { + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip +} + + +setup_file() { if [ -z "$STAGING" ]; then export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt curl --silent -X POST -d '{"host":"a.'$GETSSL_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/add-a fi } -teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + +teardown_file() { if [ -z "$STAGING" ]; then curl --silent -X POST -d '{"host":"a.'$GETSSL_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/clear-a fi diff --git a/test/2-simple-dns01-dig.bats b/test/2-simple-dns01-dig.bats index 2e8199e8..c5bc8541 100644 --- a/test/2-simple-dns01-dig.bats +++ b/test/2-simple-dns01-dig.bats @@ -29,35 +29,31 @@ teardown_file() { setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" } + + teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip } + @test "Create new certificate using DNS-01 verification (dig)" { CONFIG_FILE="getssl-dns01.cfg" setup_environment init_getssl - create_certificate -d + create_certificate assert_success assert_output --partial "dig" - check_output_for_errors "debug" + check_output_for_errors } -setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" -} -teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip -} - @test "Force renewal of certificate using DNS-01 (dig)" { run ${CODE_DIR}/getssl -U -d -f $GETSSL_HOST assert_success assert_output --partial "dig" - check_output_for_errors "debug" + check_output_for_errors cleanup_environment } diff --git a/test/2-simple-dns01-nslookup.bats b/test/2-simple-dns01-nslookup.bats index c0b73834..37fa1215 100644 --- a/test/2-simple-dns01-nslookup.bats +++ b/test/2-simple-dns01-nslookup.bats @@ -7,7 +7,7 @@ load '/getssl/test/test_helper.bash' # This is run for every test setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" if [ -z "$STAGING" ]; then export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt fi @@ -21,7 +21,7 @@ setup() { teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip if [ -f /usr/bin/dig.getssl.bak ]; then mv /usr/bin/dig.getssl.bak /usr/bin/dig fi @@ -36,7 +36,7 @@ teardown() { setup_environment init_getssl - create_certificate -d + create_certificate assert_success assert_output --partial "nslookup" check_output_for_errors "debug" diff --git a/test/20-wildcard-simple.bats b/test/20-wildcard-simple.bats index 7b69f1f4..c99fda52 100644 --- a/test/20-wildcard-simple.bats +++ b/test/20-wildcard-simple.bats @@ -7,11 +7,11 @@ load '/getssl/test/test_helper.bash' # This is run for every test teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip } setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" if [ -z "$STAGING" ]; then export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt fi diff --git a/test/21-wildcard-dual-rsa.bats b/test/21-wildcard-dual-rsa.bats index 97e23cb5..395de22a 100644 --- a/test/21-wildcard-dual-rsa.bats +++ b/test/21-wildcard-dual-rsa.bats @@ -7,11 +7,11 @@ load '/getssl/test/test_helper.bash' # This is run for every test teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip } setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" if [ -z "$STAGING" ]; then export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt fi diff --git a/test/22-wildcard-dual-rsa-ecdsa-copy-2-locations.bats b/test/22-wildcard-dual-rsa-ecdsa-copy-2-locations.bats index 4d6e1155..51d966b6 100644 --- a/test/22-wildcard-dual-rsa-ecdsa-copy-2-locations.bats +++ b/test/22-wildcard-dual-rsa-ecdsa-copy-2-locations.bats @@ -7,11 +7,11 @@ load '/getssl/test/test_helper.bash' # These are run for every test, not once per file teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip } setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" if [ -z "$STAGING" ]; then export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt fi diff --git a/test/23-wildcard-check-globbing.bats b/test/23-wildcard-check-globbing.bats index a075f5d8..636bd33f 100644 --- a/test/23-wildcard-check-globbing.bats +++ b/test/23-wildcard-check-globbing.bats @@ -7,11 +7,11 @@ load '/getssl/test/test_helper.bash' # This is run for every test teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip } setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" if [ -z "$STAGING" ]; then export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt fi diff --git a/test/24-wildcard-sans.bats b/test/24-wildcard-sans.bats index 500acd45..1ce09c2c 100644 --- a/test/24-wildcard-sans.bats +++ b/test/24-wildcard-sans.bats @@ -7,7 +7,16 @@ load '/getssl/test/test_helper.bash' # This is run for every test setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" +} + + +teardown() { + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip +} + + +setup_file() { if [ -z "$STAGING" ]; then export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt curl --silent -X POST -d '{"host":"wild-'$GETSSL_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/add-a @@ -15,8 +24,7 @@ setup() { } -teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip +teardown_file() { if [ -z "$STAGING" ]; then curl --silent -X POST -d '{"host":"wild-'$GETSSL_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/clear-a fi diff --git a/test/25-wildcard-all.bats b/test/25-wildcard-all.bats index a5e1c13f..64b6c6d9 100644 --- a/test/25-wildcard-all.bats +++ b/test/25-wildcard-all.bats @@ -7,11 +7,11 @@ load '/getssl/test/test_helper.bash' # This is run for every test teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip } setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" if [ -z "$STAGING" ]; then export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt fi diff --git a/test/26-wildcard-revoke.bats b/test/26-wildcard-revoke.bats index 5709cc76..5b61e005 100644 --- a/test/26-wildcard-revoke.bats +++ b/test/26-wildcard-revoke.bats @@ -7,11 +7,11 @@ load '/getssl/test/test_helper.bash' # This is run for every test teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip } setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" if [ -z "$STAGING" ]; then export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt fi @@ -40,7 +40,7 @@ setup() { KEY=${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/${GETSSL_CMD_HOST}.key run ${CODE_DIR}/getssl -U -d --revoke $CERT $KEY $CA - assert_line "certificate revoked" + assert_line --partial "certificate revoked" assert_success - check_output_for_errors "debug" + check_output_for_errors } diff --git a/test/27-wildcard-existing-cert.bats b/test/27-wildcard-existing-cert.bats index 98c97e47..dcb74e60 100644 --- a/test/27-wildcard-existing-cert.bats +++ b/test/27-wildcard-existing-cert.bats @@ -7,11 +7,11 @@ load '/getssl/test/test_helper.bash' # This is run for every test teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip } setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" if [ -z "$STAGING" ]; then export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt fi diff --git a/test/28-wildcard-error-http01-validation.bats b/test/28-wildcard-error-http01-validation.bats index 3c08e724..e90db22f 100644 --- a/test/28-wildcard-error-http01-validation.bats +++ b/test/28-wildcard-error-http01-validation.bats @@ -7,11 +7,11 @@ load '/getssl/test/test_helper.bash' # This is run for every test teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip } setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" if [ -z "$STAGING" ]; then export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt fi diff --git a/test/29-check-mktemp-failure.bats b/test/29-check-mktemp-failure.bats index 1a009292..566c7a57 100644 --- a/test/29-check-mktemp-failure.bats +++ b/test/29-check-mktemp-failure.bats @@ -7,11 +7,11 @@ load '/getssl/test/test_helper.bash' # This is run for every test teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip } setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" if [ -z "$STAGING" ]; then export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt fi diff --git a/test/3-dual-rsa-ecdsa.bats b/test/3-dual-rsa-ecdsa.bats index 5babf8fa..d230ab41 100644 --- a/test/3-dual-rsa-ecdsa.bats +++ b/test/3-dual-rsa-ecdsa.bats @@ -7,11 +7,11 @@ load '/getssl/test/test_helper.bash' # This is run for every test teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip } setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt } @@ -48,7 +48,7 @@ setup() { run ${CODE_DIR}/getssl -U -d $GETSSL_HOST if [ "$OLD_NGINX" = "false" ]; then - assert_line "certificate on server is same as the local cert" + assert_line --partial "certificate on server is same as the local cert" else assert_line --partial "certificate is valid for more than 30 days" fi diff --git a/test/30-handle-dig-failure.bats b/test/30-handle-dig-failure.bats index 898ac4da..5b7edb1c 100644 --- a/test/30-handle-dig-failure.bats +++ b/test/30-handle-dig-failure.bats @@ -7,7 +7,7 @@ load '/getssl/test/test_helper.bash' # This is run for every test setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt if [ -f /usr/bin/drill ]; then mv /usr/bin/drill /usr/bin/drill.getssl.bak @@ -19,7 +19,7 @@ setup() { teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip if [ -f /usr/bin/drill.getssl.bak ]; then mv /usr/bin/drill.getssl.bak /usr/bin/drill fi @@ -39,8 +39,8 @@ teardown() { CONFIG_FILE="getssl-http01.cfg" setup_environment init_getssl - create_certificate -d + create_certificate assert_success refute_line --partial "HAS DIG_OR_DRILL=dig" - check_output_for_errors "debug" + check_output_for_errors } diff --git a/test/31-test-posix-error.bats b/test/31-test-posix-error.bats index 87879b54..fece7ff0 100644 --- a/test/31-test-posix-error.bats +++ b/test/31-test-posix-error.bats @@ -7,11 +7,11 @@ load '/getssl/test/test_helper.bash' # This is run for every test teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip } setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt } @@ -25,6 +25,6 @@ setup() { run bash --posix "${CODE_DIR}/getssl" -U -d assert_failure - assert_line "getssl: Running with POSIX mode enabled is not supported" + assert_line --partial "getssl: Running with POSIX mode enabled is not supported" check_output_for_errors } diff --git a/test/32-test-upgrade.bats b/test/32-test-upgrade.bats index 823ec962..2bce33c3 100644 --- a/test/32-test-upgrade.bats +++ b/test/32-test-upgrade.bats @@ -4,9 +4,41 @@ load '/bats-support/load.bash' load '/bats-assert/load.bash' load '/getssl/test/test_helper.bash' +LIMIT_API="https://api.github.com/rate_limit" + +# Quota generally shouldn't be an issue - except for tests +# Rate limits are per-IP address +check_github_quota() { + local need remaining reset limits now + need="$1" + while true ; do + limits="$(curl ${_NOMETER:---silent} --user-agent "$CURL_USERAGENT" -H 'Accept: application/vnd.github.v3+json' "$LIMIT_API" | sed -e's/\("[^:]*": *\("[^""]*",\|[^,]*[,}]\)\)/\r\n\1/g' | sed -ne'/"core":/,/}/p')" + errcode=$? + if [[ $errcode -eq 60 ]]; then + error_exit "curl needs updating, your version does not support SNI (multiple SSL domains on a single IP)" + elif [[ $errcode -gt 0 ]]; then + error_exit "curl error checking releases: $errcode" + fi + limits="$(sed -e's/^ *//g' <<<"${limits}")" + remaining="$(sed -e'/^"remaining": *[0-9]/!d;s/^"remaining": *\([0-9][0-9]*\).*$/\1/' <<<"${limits}")" + reset="$(sed -e'/^"reset": *[0-9]/!d;s/^"reset": *\([0-9][0-9]*\).*$/\1/' <<<"${limits}")" + if [[ "$remaining" -ge "$need" ]] ; then return 0 ; fi + limit="$(sed -e'/^"limit": *[0-9]/!d;s/^"limit": *\([0-9][0-9]*\).*$/\1/' <<<"${limits}")" + if [[ "$limit" -lt "$need" ]] ; then + error_exit "GitHub API request $need exceeds limit $limit" + fi + now="$(date +%s)" + while [[ "$now" -lt "$reset" ]] ; do + info "sleeping $(( "$reset" - "$now" )) seconds for GitHub quota" + sleep "$(( "$reset" - "$now" ))" + now="$(date +%s)" + done + done +} + setup_file() { - if [ -f $BATS_TMPDIR/failed.skip ]; then + if [ -f $BATS_RUN_TMPDIR/failed.skip ]; then echo "# Skipping setup due to previous test failure" >&3 return 0 fi @@ -17,7 +49,7 @@ setup_file() { # This is expensive, so do it only once . "${CODE_DIR}/getssl" -U --source - check_github_quota 1 + check_github_quota 7 export RELEASES="$(mktemp 2>/dev/null || mktemp -t getssl.XXXXXX)" if [ -z "$RELEASES" ]; then echo "# mktemp failed" >&3 @@ -48,7 +80,7 @@ teardown_file() { # This is run for every test setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" [ -z "$PREVIOUS_TAG" ] && skip "Skipping upgrade test because no previous release detected" export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt @@ -62,7 +94,7 @@ setup() { fi run git clone "${_REPO}" "$INSTALL_DIR/upgrade-getssl" - + cd "$INSTALL_DIR/upgrade-getssl" # The version in the file, which we will overwrite @@ -72,7 +104,7 @@ setup() { teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip [ -d "$INSTALL_DIR/upgrade-getssl" ] && rm -r "$INSTALL_DIR/upgrade-getssl" true } @@ -102,7 +134,7 @@ teardown() { # Check for current tag or file version otherwise push to master fails on a new version (or if the tag hasn't been updated) assert_line --regexp "A more recent version \(v(${CURRENT_TAG}|${FILE_VERSION})\) than .* of getssl is available, please update" # output can contain "error" in release description - # check_output_for_errors + check_output_for_errors } @@ -129,12 +161,11 @@ teardown() { # Check for current tag or file version otherwise push to master fails on a new version (or if the tag hasn't been updated) assert_line --regexp "Installed v(${CURRENT_TAG}|${FILE_VERSION}), restarting" + assert_line "Configuration check successful" } @test "Test that we can upgrade to the newer version when invoking as \"bash ./getssl\"" { - skip "Makefile doesn't support bash ./getssl" - # Note that `bash getssl` will fail if the CWD isn't in the PATH and an upgrade occurs if [ -n "$STAGING" ]; then skip "Using staging server, skipping internal test" diff --git a/test/33-ftp.bats b/test/33-ftp.bats index 086636a7..7c35f966 100644 --- a/test/33-ftp.bats +++ b/test/33-ftp.bats @@ -7,7 +7,7 @@ load '/getssl/test/test_helper.bash' # This is run for every test setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt if [ -n "${VSFTPD_CONF}" ]; then cp $VSFTPD_CONF ${VSFTPD_CONF}.getssl @@ -24,7 +24,7 @@ _FTP teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip if [ -n "${VSFTPD_CONF}" ]; then cp ${VSFTPD_CONF}.getssl $VSFTPD_CONF ${CODE_DIR}/test/restart-ftpd diff --git a/test/34-ftp-passive.bats b/test/34-ftp-passive.bats index ac6e2220..5648771f 100644 --- a/test/34-ftp-passive.bats +++ b/test/34-ftp-passive.bats @@ -7,7 +7,7 @@ load '/getssl/test/test_helper.bash' # This is run for every test setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt if [ -n "${VSFTPD_CONF}" ]; then cp $VSFTPD_CONF ${VSFTPD_CONF}.getssl @@ -27,7 +27,7 @@ _FTP teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip if [ -n "${VSFTPD_CONF}" ]; then cp ${VSFTPD_CONF}.getssl $VSFTPD_CONF ${CODE_DIR}/test/restart-ftpd diff --git a/test/35-preferred-chain.bats b/test/35-preferred-chain.bats index 0ffe71e2..ad94cafb 100644 --- a/test/35-preferred-chain.bats +++ b/test/35-preferred-chain.bats @@ -7,11 +7,11 @@ load '/getssl/test/test_helper.bash' # This is run for every test teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip } setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" if [ -z "$STAGING" ]; then export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt fi diff --git a/test/36-full-chain-inc-root.bats b/test/36-full-chain-inc-root.bats index 46550754..6f061903 100644 --- a/test/36-full-chain-inc-root.bats +++ b/test/36-full-chain-inc-root.bats @@ -7,11 +7,11 @@ load '/getssl/test/test_helper.bash' # This is run for every test teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip } setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" if [ -z "$STAGING" ]; then export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt fi diff --git a/test/37-idn.bats b/test/37-idn.bats index a3cf43a2..27f82e0c 100644 --- a/test/37-idn.bats +++ b/test/37-idn.bats @@ -4,16 +4,9 @@ load '/bats-support/load.bash' load '/bats-assert/load.bash' load '/getssl/test/test_helper.bash' -setup_file() { - if [ -z "$STAGING" ]; then - export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt - curl --silent -X POST -d '{"host":"'$GETSSL_IDN_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/add-a - fi -} - # This is run for every test setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" GETSSL_CMD_HOST=${GETSSL_IDN_HOST} # use the test description to move tools we don't want to test out of the way @@ -27,7 +20,7 @@ setup() { } teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip # use the test description to move tools we didn't want to test back DNS_TOOL=${BATS_TEST_DESCRIPTION##*-} for tool in dig drill host nslookup @@ -38,6 +31,13 @@ teardown() { done } +setup_file() { + if [ -z "$STAGING" ]; then + export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt + curl --silent -X POST -d '{"host":"'$GETSSL_IDN_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/add-a + fi +} + teardown_file() { if [ -z "$STAGING" ]; then curl --silent -X POST -d '{"host":"'$GETSSL_IDN_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/clear-a @@ -53,11 +53,11 @@ teardown_file() { setup_environment init_getssl - create_certificate -d + create_certificate assert_success assert_output --partial "dig" - check_output_for_errors "debug" + check_output_for_errors } @test "Check that DNS-01 verification works if the domain is idn:drill" { @@ -73,9 +73,9 @@ teardown_file() { setup_environment init_getssl - create_certificate -d + create_certificate assert_success assert_output --partial "drill" - check_output_for_errors "debug" + check_output_for_errors } diff --git a/test/38-idn-http01-check-noidnout.bats b/test/38-idn-http01-check-noidnout.bats index 6ba8d148..01b75423 100644 --- a/test/38-idn-http01-check-noidnout.bats +++ b/test/38-idn-http01-check-noidnout.bats @@ -4,20 +4,20 @@ load '/bats-support/load.bash' load '/bats-assert/load.bash' load '/getssl/test/test_helper.bash' -setup_file() { - if [ -z "$STAGING" ]; then - export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt - curl --silent -X POST -d '{"host":"'$GETSSL_IDN_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/add-a - fi +setup() { + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + GETSSL_CMD_HOST=$GETSSL_IDN_HOST } teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip } -setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" - GETSSL_CMD_HOST=$GETSSL_IDN_HOST +setup_file() { + if [ -z "$STAGING" ]; then + export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt + curl --silent -X POST -d '{"host":"'$GETSSL_IDN_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/add-a + fi } teardown_file() { @@ -39,7 +39,7 @@ SANS="${GETSSL_HOST}" USE_SINGLE_ACL="true" EOF - create_certificate -d --check-config + create_certificate --check-config assert_success refute_output --partial "DNS lookup using host +noidnout" diff --git a/test/4-more-than-10-hosts.bats b/test/4-more-than-10-hosts.bats index 143afb44..efa1ea00 100644 --- a/test/4-more-than-10-hosts.bats +++ b/test/4-more-than-10-hosts.bats @@ -7,12 +7,33 @@ load '/getssl/test/test_helper.bash' # This is run for every test teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip } + setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" - export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" +} + + +setup_file() { + if [ -z "$STAGING" ]; then + export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt + # Add 11 hosts to DNS (also need to be added as aliases in docker-compose.yml) + for prefix in a b c d e f g h i j k; do + curl --silent -X POST -d '{"host":"'$prefix.$GETSSL_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/add-a + done + fi +} + + +teardown_file() { + # Remove all the dns aliases + if [ -n "$STAGING" ]; then + for prefix in a b c d e f g h i j k; do + curl --silent -X POST -d '{"host":"'$prefix.$GETSSL_HOST'"}' http://10.30.50.3:8055/clear-a + done + fi } @@ -23,11 +44,6 @@ setup() { CONFIG_FILE="getssl-http01-10-hosts.cfg" setup_environment - # Add 11 hosts to DNS (also need to be added as aliases in docker-compose.yml) - for prefix in a b c d e f g h i j k; do - curl --silent -X POST -d '{"host":"'$prefix.$GETSSL_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/add-a - done - init_getssl create_certificate assert_success @@ -42,9 +58,5 @@ setup() { run ${CODE_DIR}/getssl -U -d -f $GETSSL_HOST assert_success check_output_for_errors - # Remove all the dns aliases cleanup_environment - for prefix in a b c d e f g h i j k; do - curl --silent -X POST -d '{"host":"'$prefix.$GETSSL_HOST'"}' http://10.30.50.3:8055/clear-a - done } diff --git a/test/5-secp384-http01.bats b/test/5-secp384-http01.bats index a108c270..8a1de371 100644 --- a/test/5-secp384-http01.bats +++ b/test/5-secp384-http01.bats @@ -7,11 +7,11 @@ load '/getssl/test/test_helper.bash' # This is run for every test teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip } setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt } diff --git a/test/6-dual-rsa-ecdsa-copy-2-locations.bats b/test/6-dual-rsa-ecdsa-copy-2-locations.bats index 16ca162a..1ad73f4a 100644 --- a/test/6-dual-rsa-ecdsa-copy-2-locations.bats +++ b/test/6-dual-rsa-ecdsa-copy-2-locations.bats @@ -7,7 +7,16 @@ load '/getssl/test/test_helper.bash' # These are run for every test, not once per file setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" +} + + +teardown() { + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip +} + + +setup_file() { if [ -z "$STAGING" ]; then export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt curl --silent -X POST -d '{"host":"'a.$GETSSL_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/add-a @@ -15,8 +24,7 @@ setup() { } -teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip +teardown_file() { if [ -z "$STAGING" ]; then curl --silent -X POST -d '{"host":"'a.$GETSSL_HOST'"}' http://10.30.50.3:8055/clear-a fi diff --git a/test/7-test-renewal.bats b/test/7-test-renewal.bats index a2e9e0c7..30a5472a 100644 --- a/test/7-test-renewal.bats +++ b/test/7-test-renewal.bats @@ -7,7 +7,16 @@ load '/getssl/test/test_helper.bash' # This is run for every test setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" +} + + +teardown() { + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip +} + + +setup_file() { if [ -z "$STAGING" ]; then export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt curl --silent -X POST -d '{"host":"a.'$GETSSL_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/add-a @@ -15,8 +24,8 @@ setup() { fi } -teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + +teardown_file() { if [ -z "$STAGING" ]; then curl --silent -X POST -d '{"host":"a.'$GETSSL_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/clear-a curl --silent -X POST -d '{"host":"b.'$GETSSL_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/clear-a diff --git a/test/8-staging-ecdsa.bats b/test/8-staging-ecdsa.bats index 797ce048..c486ea7b 100644 --- a/test/8-staging-ecdsa.bats +++ b/test/8-staging-ecdsa.bats @@ -5,18 +5,19 @@ load '/bats-assert/load.bash' load '/getssl/test/test_helper.bash' - - setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" } + + teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip } + @test "Create new certificate using staging server and prime256v1" { if [ -z "$STAGING" ]; then - skip "Running external tests, skipping internal testing" + skip "Running local tests this is a staging server test" fi CONFIG_FILE="getssl-dns01.cfg" @@ -25,38 +26,24 @@ teardown() { sed -e 's/rsa/prime256v1/g' < "${CODE_DIR}/test/test-config/${CONFIG_FILE}" > "${INSTALL_DIR}/.getssl/${GETSSL_HOST}/getssl.cfg" run ${CODE_DIR}/getssl -U -d "$GETSSL_HOST" assert_success - check_output_for_errors "debug" + check_output_for_errors } -setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" -} -teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip -} - @test "Force renewal of certificate using staging server and prime256v1" { if [ -z "$STAGING" ]; then - skip "Running internal tests, skipping external test" + skip "Running local tests this is a staging server test" fi run ${CODE_DIR}/getssl -U -d -f $GETSSL_HOST assert_success - check_output_for_errors "debug" + check_output_for_errors cleanup_environment } -setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" -} -teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip -} - @test "Create new certificate using staging server and secp384r1" { if [ -z "$STAGING" ]; then - skip "Running external tests, skipping internal testing" + skip "Running local tests this is a staging server test" fi CONFIG_FILE="getssl-dns01.cfg" @@ -65,24 +52,17 @@ teardown() { sed -e 's/rsa/secp384r1/g' < "${CODE_DIR}/test/test-config/${CONFIG_FILE}" > "${INSTALL_DIR}/.getssl/${GETSSL_HOST}/getssl.cfg" run ${CODE_DIR}/getssl -U -d "$GETSSL_HOST" assert_success - check_output_for_errors "debug" + check_output_for_errors } -setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" -} -teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip -} - @test "Force renewal of certificate using staging server and secp384r1" { if [ -z "$STAGING" ]; then - skip "Running internal tests, skipping external test" + skip "Running local tests this is a staging server test" fi run ${CODE_DIR}/getssl -U -d -f $GETSSL_HOST assert_success - check_output_for_errors "debug" + check_output_for_errors cleanup_environment } diff --git a/test/9-multiple-domains-dns01.bats b/test/9-multiple-domains-dns01.bats index c540d9ab..e693c3e8 100644 --- a/test/9-multiple-domains-dns01.bats +++ b/test/9-multiple-domains-dns01.bats @@ -6,13 +6,28 @@ load '/getssl/test/test_helper.bash' # This is run for every test +setup() { + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" +} + teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip } -setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" - export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt + +setup_file() { + # Add top level domain from SANS to DNS + if [ -z "$STAGING" ]; then + export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt + curl --silent -X POST -d '{"host":"getssl.test", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/add-a + fi +} + + +teardown_file() { + if [ -z "$STAGING" ]; then + curl --silent -X POST -d '{"host":"getssl.tst"}' http://10.30.50.3:8055/clear-a + fi } @@ -24,9 +39,6 @@ setup() { CONFIG_FILE="getssl-dns01-multiple-domains.cfg" setup_environment - # Add top level domain from SANS to DNS - curl --silent -X POST -d '{"host":"getssl.test", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/add-a - init_getssl create_certificate assert_success @@ -42,11 +54,10 @@ setup() { run ${CODE_DIR}/getssl -U -d -f $GETSSL_HOST assert_success check_output_for_errors - # Remove all the dns aliases cleanup_environment - curl --silent -X POST -d '{"host":"getssl.tst"}' http://10.30.50.3:8055/clear-a } + @test "Test IGNORE_DIRECTORY_DOMAIN using DNS-01 verification" { # This tests we can create a certificate for getssl.test and .getssl.test (*both* in SANS) if [ -n "$STAGING" ]; then @@ -55,9 +66,6 @@ setup() { CONFIG_FILE="getssl-dns01-ignore-directory-domain.cfg" setup_environment - # Add top level domain from SANS to DNS - curl --silent -X POST -d '{"host":"getssl.test", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/add-a - init_getssl create_certificate assert_success diff --git a/test/9-test--all.bats b/test/9-test--all.bats index bab1cedf..7e317cc0 100644 --- a/test/9-test--all.bats +++ b/test/9-test--all.bats @@ -7,11 +7,11 @@ load '/getssl/test/test_helper.bash' # This is run for every test teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip } setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt export PATH=$PATH:/getssl } diff --git a/test/Dockerfile-centos8 b/test/Dockerfile-centos8 index 552e1d96..dc6853b5 100644 --- a/test/Dockerfile-centos8 +++ b/test/Dockerfile-centos8 @@ -4,6 +4,7 @@ FROM centos:centos8 # Update and install required software RUN yum -y update +RUN yum -y install glibc-all-langpacks RUN yum -y install epel-release RUN yum -y install git curl bind-utils wget which nginx jq RUN yum -y install ftp vsftpd diff --git a/test/restart-ftpd b/test/restart-ftpd index 80874373..5bdc3cd7 100755 --- a/test/restart-ftpd +++ b/test/restart-ftpd @@ -4,6 +4,8 @@ if [ "$GETSSL_OS" = "alpine" ]; then killall -HUP vsftpd >&3- elif [[ "$GETSSL_OS" == "centos"[78] || "$GETSSL_OS" == "rockylinux"* ]]; then pgrep vsftpd | head -1 | xargs kill -HUP +elif [[ "$GETSSL_OS" == "centos6" ]]; then + service vsftpd restart >&3- >/dev/null else service vsftpd restart >/dev/null >&3- fi diff --git a/test/restart-nginx b/test/restart-nginx index 48ea7acd..ca402f35 100755 --- a/test/restart-nginx +++ b/test/restart-nginx @@ -6,6 +6,8 @@ if [ "$GETSSL_OS" = "alpine" ]; then elif [[ "$GETSSL_OS" == "centos"[78] || "$GETSSL_OS" == "rockylinux"* ]]; then pgrep nginx | head -1 | xargs kill -HUP sleep 5 +elif [[ "$GETSSL_OS" == "centos6" ]]; then + service nginx restart >&3- >/dev/null else service nginx restart >/dev/null >&3- fi diff --git a/test/run-test.cmd b/test/run-test.cmd index 44c46beb..9d51875a 100644 --- a/test/run-test.cmd +++ b/test/run-test.cmd @@ -28,13 +28,13 @@ GOTO CheckAlias :duckdns SET ALIAS=%OS:-duckdns=%-getssl.duckdns.org -SET STAGING=--env STAGING=true --env dynamic_dns=duckdns +SET STAGING=--env STAGING=true --env dynamic_dns=duckdns --env DUCKDNS_TOKEN=1d616aa9-b8e4-4bb4-b312-3289de82badb SET GETSSL_OS=%OS:-duckdns=% GOTO Run :dynu SET ALIAS=%OS:-dynu=%-getssl.freeddns.org -SET STAGING=--env STAGING=true --env dynamic_dns=dynu +SET STAGING=--env STAGING=true --env dynamic_dns=dynu --env DYNU_API_KEY=65cXefd35XbYf36546eg5dYcZT6X52Y2 SET GETSSL_OS=%OS:-dynu=% GOTO Run diff --git a/test/test-config/getssl-dns01.cfg b/test/test-config/getssl-dns01.cfg index bd02c508..f71d19f6 100644 --- a/test/test-config/getssl-dns01.cfg +++ b/test/test-config/getssl-dns01.cfg @@ -51,9 +51,6 @@ RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && /get SERVER_TYPE="https" CHECK_REMOTE="true" -#_USE_DEBUG=1 -#_RUNNING_TEST=1 - if [[ -s "$DOMAIN_DIR/getssl_test_specific.cfg" ]]; then . $DOMAIN_DIR/getssl_test_specific.cfg fi diff --git a/test/test-config/getssl-http01.cfg b/test/test-config/getssl-http01.cfg index 9a713bc6..8183b169 100644 --- a/test/test-config/getssl-http01.cfg +++ b/test/test-config/getssl-http01.cfg @@ -31,6 +31,3 @@ CHECK_REMOTE="true" if [[ -s "$DOMAIN_DIR/getssl_test_specific.cfg" ]]; then . $DOMAIN_DIR/getssl_test_specific.cfg fi - -#_USE_DEBUG=1 -#_RUNNING_TEST=1 diff --git a/test/test_helper.bash b/test/test_helper.bash index 37f77cdb..efc52faa 100644 --- a/test/test_helper.bash +++ b/test/test_helper.bash @@ -16,24 +16,16 @@ check_nginx() { if [ "$(printf '%s\n' "$requiredver" "$currentver" | sort -V | head -n1)" = "$requiredver" ]; then export OLD_NGINX="false" else - echo "INFO: Running nginx version $currentver which doesn't support dual certificates" >&3 - echo "INFO: not checking that certificate is installed correctly" >&3 + echo "# INFO: Running nginx version $currentver which doesn't support dual certificates" + echo "# INFO: not checking that certificate is installed correctly" export OLD_NGINX="true" fi } check_output_for_errors() { refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]' - # less strict tests if running with debug output - if [ -n "X$1" ]; then - # don't fail for :error:badNonce - refute_output --regexp '[^:][Ee][Rr][Rr][Oo][Rr][^:]' - # don't check for "Warnings:" as there might be a warning message if nslookup doesn't support -debug (alpine/ubuntu) - refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg][^:]' - else - refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]' - refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]' - fi + refute_output --regexp '[^_][Ee][Rr][Rr][Oo][Rr][^:nonce]' + refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]' refute_line --partial 'command not found' } diff --git a/test/u1-test-get_auth_dns-dig.bats b/test/u1-test-get_auth_dns-dig.bats index 24ab0883..17ead169 100644 --- a/test/u1-test-get_auth_dns-dig.bats +++ b/test/u1-test-get_auth_dns-dig.bats @@ -7,7 +7,7 @@ load '/getssl/test/test_helper.bash' # This is run for every test setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" for app in drill host nslookup do if [ -f /usr/bin/${app} ]; then @@ -17,13 +17,12 @@ setup() { . /getssl/getssl --source find_dns_utils - _RUNNING_TEST=1 - _USE_DEBUG=0 + _USE_DEBUG=1 } teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip for app in drill host nslookup do if [ -f /usr/bin/${app}.getssl.bak ]; then diff --git a/test/u2-test-get_auth_dns-drill.bats b/test/u2-test-get_auth_dns-drill.bats index b63cf1b1..4884a60c 100644 --- a/test/u2-test-get_auth_dns-drill.bats +++ b/test/u2-test-get_auth_dns-drill.bats @@ -7,7 +7,7 @@ load '/getssl/test/test_helper.bash' # This is run for every test setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" for app in dig host nslookup do if [ -f /usr/bin/${app} ]; then @@ -17,13 +17,12 @@ setup() { . /getssl/getssl --source find_dns_utils - _RUNNING_TEST=1 - _USE_DEBUG=0 + _USE_DEBUG=1 } teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip for app in dig host nslookup do if [ -f /usr/bin/${app}.getssl.bak ]; then diff --git a/test/u3-mktemp-template.bats b/test/u3-mktemp-template.bats index e28208cf..c42c0b5b 100644 --- a/test/u3-mktemp-template.bats +++ b/test/u3-mktemp-template.bats @@ -6,10 +6,10 @@ load '/getssl/test/test_helper.bash' setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" } teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip } @test "Check mktemp -t getssl.XXXXXX works on all platforms" { diff --git a/test/u4-create-csr-and-ifs.bats b/test/u4-create-csr-and-ifs.bats index 7871445d..4e5280e8 100644 --- a/test/u4-create-csr-and-ifs.bats +++ b/test/u4-create-csr-and-ifs.bats @@ -7,15 +7,14 @@ load '/getssl/test/test_helper.bash' # This is run for every test teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip } setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" . /getssl/getssl --source find_dns_utils - _RUNNING_TEST=1 - _USE_DEBUG=0 + _USE_DEBUG=1 } diff --git a/test/u5-test-get_auth_dns-no-root-servers.bats b/test/u5-test-get_auth_dns-no-root-servers.bats index 7dcbdc9f..5fd743f2 100644 --- a/test/u5-test-get_auth_dns-no-root-servers.bats +++ b/test/u5-test-get_auth_dns-no-root-servers.bats @@ -7,7 +7,7 @@ load '/getssl/test/test_helper.bash' # This is run for every test setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" cp /etc/resolv.conf /etc/resolv.conf.getssl cat <<- EOF > /etc/resolv.conf nameserver 8.8.8.8 @@ -23,13 +23,12 @@ EOF . /getssl/getssl --source find_dns_utils - _RUNNING_TEST=1 - _USE_DEBUG=0 + _USE_DEBUG=1 } teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip cat /etc/resolv.conf.getssl > /etc/resolv.conf for app in drill host nslookup do diff --git a/test/u6-test-combined-directory.bats b/test/u6-test-combined-directory.bats index 4ef0d1f4..0bafe13e 100644 --- a/test/u6-test-combined-directory.bats +++ b/test/u6-test-combined-directory.bats @@ -9,26 +9,24 @@ CA="https://api.test4.buypass.no/acme" # This is run for every test setup() { - [ ! -f $BATS_TMPDIR/failed.skip ] || skip "skipping tests after first failure" + [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" . /getssl/getssl --source requires curl _NOMETER="--silent" - _RUNNING_TEST=1 _USE_DEBUG=1 } teardown() { - [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_TMPDIR/failed.skip + [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip } @test "Check that API V2 is selected in a unified ACME directory." { obtain_ca_resource_locations - + [ "$API" -eq 2 ] } -