mirror of
https://github.com/dehydrated-io/dehydrated.git
synced 2026-01-19 09:57:05 +01:00
rearranged and extended travis tests a bit
This commit is contained in:
Lukas Schauer
43
.travis.yml
43
.travis.yml
@@ -5,45 +5,6 @@ cache:
|
||||
directories:
|
||||
- ngrok
|
||||
|
||||
before_script:
|
||||
# install ngrok
|
||||
- if [[ ! -e "ngrok/ngrok" ]]; then mkdir -p ngrok; (cd ngrok; wget https://dl.ngrok.com/ngrok_2.0.19_linux_amd64.zip -O ngrok.zip; unzip ngrok.zip ngrok; chmod +x ngrok); fi
|
||||
|
||||
# run ngrok and grab url from logfile
|
||||
- ngrok/ngrok http 8080 --log stdout --log-format logfmt --log-level debug > tmp.log &
|
||||
- sleep 5
|
||||
- cat tmp.log
|
||||
- export TMP_URL="$(grep -Eo "Hostname:[a-z0-9]+.ngrok.io" tmp.log | head -1 | cut -d':' -f2)"
|
||||
- if [[ -z "${TMP_URL}" ]]; then exit 1; fi
|
||||
|
||||
# start python http server in challenges directory
|
||||
- (mkdir -p .acme-challenges/.well-known/acme-challenge; cd .acme-challenges; python -m SimpleHTTPServer 8080) &
|
||||
|
||||
# generate config
|
||||
- echo 'CA="https://acme-staging.api.letsencrypt.org/directory"' > config.sh
|
||||
- echo 'WELLKNOWN=".acme-challenges/.well-known/acme-challenge"' >> config.sh
|
||||
- echo "${TMP_URL}" > domains.txt
|
||||
|
||||
script:
|
||||
# check if help command is working
|
||||
- ./letsencrypt.sh --help
|
||||
|
||||
# move config out of the way and try signing certificate by using temporary config location
|
||||
- mv config.sh tmp_config.sh
|
||||
- ./letsencrypt.sh --domain "${TMP_URL}" -f tmp_config.sh
|
||||
- mv tmp_config.sh config.sh
|
||||
|
||||
# run in cron mode (should find a non-expiring certificate)
|
||||
- ./letsencrypt.sh --cron
|
||||
|
||||
# check if certificate is valid in various ways
|
||||
- openssl x509 -in "certs/${TMP_URL}/cert.pem" -noout -text
|
||||
- openssl x509 -in "certs/${TMP_URL}/fullchain.pem" -noout -text > /dev/null
|
||||
- "errout=\"$(openssl verify -verbose -CAfile \"certs/${TMP_URL}/fullchain.pem\" -purpose sslserver \"certs/${TMP_URL}/fullchain.pem\" | grep -v ': OK$' || true)\""
|
||||
- if [[ ! -z "${errout}" ]]; then printf -- "${errout}"; exit 1; fi
|
||||
|
||||
# delete account key
|
||||
- rm private_key.pem
|
||||
|
||||
# revoke certificate using certificate key
|
||||
- ./letsencrypt.sh --revoke "certs/${TMP_URL}/cert.pem" --privkey "certs/${TMP_URL}/privkey.pem"
|
||||
- export CI="true"
|
||||
- ./test.sh
|
||||
|
||||
@@ -372,7 +372,7 @@ sign_domain() {
|
||||
crt_path="${BASEDIR}/certs/${domain}/cert-${timestamp}.pem"
|
||||
printf -- '-----BEGIN CERTIFICATE-----\n%s\n-----END CERTIFICATE-----\n' "${crt64}" > "${crt_path}"
|
||||
# try to load the certificate to detect corruption
|
||||
echo " + Checking certificate..." >&2
|
||||
echo " + Checking certificate..."
|
||||
_openssl x509 -text < "${crt_path}"
|
||||
|
||||
# Create fullchain.pem
|
||||
|
||||
131
test.sh
Executable file
131
test.sh
Executable file
@@ -0,0 +1,131 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Fail early
|
||||
set -eu -o pipefail
|
||||
|
||||
# Check if running in CI environment
|
||||
if [[ ! "${CI:-false}" == "true" ]]; then
|
||||
echo "ERROR: Not running in CI environment!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
_TEST() {
|
||||
echo -n "${1} "
|
||||
}
|
||||
_PASS() {
|
||||
if [[ -z "$(cat errorlog)" ]]; then
|
||||
echo -e "[\u001B[32mPASS\u001B[0m]"
|
||||
else
|
||||
_FAIL "Non-empty errorlog"
|
||||
fi
|
||||
}
|
||||
_FAIL() {
|
||||
echo -e "[\u001B[31mFAIL\u001B[0m]"
|
||||
echo
|
||||
echo "Problem: ${@}"
|
||||
echo
|
||||
echo "STDOUT:"
|
||||
cat tmplog
|
||||
echo
|
||||
echo "STDERR:"
|
||||
cat errorlog
|
||||
exit 1
|
||||
}
|
||||
_CHECK_FILE() {
|
||||
[[ -e "${1}" ]] || _FAIL "Missing file: ${1}"
|
||||
}
|
||||
_CHECK_LOG() {
|
||||
grep "${1}" tmplog > /dev/null || _FAIL "Missing in log: ${1}"
|
||||
}
|
||||
|
||||
# If not found (should be cached in travis) download ngrok
|
||||
if [[ ! -e "ngrok/ngrok" ]]; then
|
||||
(
|
||||
mkdir -p ngrok
|
||||
cd ngrog
|
||||
wget https://dl.ngrok.com/ngrok_2.0.19_linux_amd64.zip -O ngrok.zip
|
||||
unzip ngrok.zip ngrok
|
||||
chmod +x ngrok
|
||||
)
|
||||
fi
|
||||
|
||||
# Run ngrok and grab temporary url from logfile
|
||||
ngrok/ngrok http 8080 --log stdout --log-format logfmt --log-level debug > tmp.log &
|
||||
sleep 2
|
||||
TMP_URL="$(grep -Eo "Hostname:[a-z0-9]+.ngrok.io" tmp.log | head -1 | cut -d':' -f2)"
|
||||
if [[ -z "${TMP_URL}" ]]; then
|
||||
echo "Couldn't get an url from ngrok, not a letsencrypt.sh bug, tests can't continue."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Run python webserver in .acme-challenges directory to serve challenge responses
|
||||
mkdir -p .acme-challenges/.well-known/acme-challenge
|
||||
(
|
||||
cd .acme-challenges
|
||||
python -m SimpleHTTPServer 8080 > /dev/null 2> /dev/null
|
||||
) &
|
||||
|
||||
# Generate config and create empty domains.txt
|
||||
echo 'CA="https://acme-staging.api.letsencrypt.org/directory"' > config.sh
|
||||
echo 'WELLKNOWN=".acme-challenges/.well-known/acme-challenge"' >> config.sh
|
||||
touch domains.txt
|
||||
|
||||
# Check if help command is working
|
||||
_TEST "Checking if help command is working..."
|
||||
./letsencrypt.sh --help > tmplog 2> errorlog
|
||||
_CHECK_LOG "Default command: help"
|
||||
_CHECK_LOG "\--help (-h)"
|
||||
_CHECK_LOG "\--domain (-d) domain.tld"
|
||||
_PASS
|
||||
|
||||
# Run in cron mode with empty domains.txt (should only generate private key and exit)
|
||||
_TEST "First run in cron mode, checking if private key is generated and registered"
|
||||
./letsencrypt.sh --cron > tmplog 2> errorlog
|
||||
_CHECK_LOG "Registering account key"
|
||||
_CHECK_FILE "private_key.pem"
|
||||
_PASS
|
||||
|
||||
# Temporarily move config out of the way and try signing certificate by using temporary config location
|
||||
_TEST "Try signing using temporary config location and with domain as command line parameter"
|
||||
mv config.sh tmp_config.sh
|
||||
./letsencrypt.sh --domain "${TMP_URL}" -f tmp_config.sh > tmplog 2> errorlog
|
||||
_CHECK_LOG "Generating private key"
|
||||
_CHECK_LOG "Requesting challenge for ${TMP_URL}"
|
||||
_CHECK_LOG "Challenge is valid!"
|
||||
_CHECK_LOG "Creating fullchain.pem"
|
||||
_CHECK_LOG "Done!"
|
||||
_PASS
|
||||
mv tmp_config.sh config.sh
|
||||
|
||||
# Move private key and add new location to config
|
||||
mv private_key.pem account_key.pem
|
||||
echo 'PRIVATE_KEY="./account_key.pem"' >> config.sh
|
||||
|
||||
# Add domain to domains.txt and run in cron mode again (should find a non-expiring certificate and do nothing)
|
||||
_TEST "Run in cron mode again, this time with domain in domains.txt, should find non-expiring certificate"
|
||||
echo "${TMP_URL}" >> domains.txt
|
||||
./letsencrypt.sh --cron > tmplog 2> errorlog
|
||||
_CHECK_LOG "Skipping!"
|
||||
_PASS
|
||||
|
||||
# Delete account key (not needed anymore)
|
||||
rm account_key.pem
|
||||
|
||||
# Check if certificate is valid in various ways
|
||||
_TEST "Verifying certificate..."
|
||||
openssl x509 -in "certs/${TMP_URL}/cert.pem" -noout -text > tmplog 2> errorlog
|
||||
_CHECK_LOG "CN=${TMP_URL}"
|
||||
openssl x509 -in "certs/${TMP_URL}/fullchain.pem" -noout -text > /dev/null 2>> errorlog
|
||||
(openssl verify -verbose -CAfile "certs/${TMP_URL}/fullchain.pem" -purpose sslserver "certs/${TMP_URL}/fullchain.pem" 2>&1 || true) | (grep -v ': OK$' || true) >> errorlog 2>> errorlog
|
||||
_PASS
|
||||
|
||||
# Revoke certificate using certificate key
|
||||
_TEST "Revoking certificate..."
|
||||
./letsencrypt.sh --revoke "certs/${TMP_URL}/cert.pem" --privkey "certs/${TMP_URL}/privkey.pem" > tmplog 2> errorlog
|
||||
_CHECK_LOG "Revoking certs/${TMP_URL}/cert.pem"
|
||||
_CHECK_LOG "SUCCESS"
|
||||
_CHECK_FILE "certs/${TMP_URL}/cert.pem-revoked"
|
||||
_PASS
|
||||
|
||||
# All done
|
||||
exit 0
|
||||
Reference in New Issue
Block a user