starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-04-17 22:19:40 +02:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

rearranged and extended travis tests a bit

Browse Source
This commit is contained in:
Lukas Schauer
2015-12-16 13:58:49 +01:00
parent 760b689407
commit a4e7c43a78
3 changed files with 134 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
.travis.yml
View File

@@ -5,45 +5,6 @@ cache:
directories: directories:
- ngrok - ngrok
before_script:
# install ngrok
- if [[ ! -e "ngrok/ngrok" ]]; then mkdir -p ngrok; (cd ngrok; wget https://dl.ngrok.com/ngrok_2.0.19_linux_amd64.zip -O ngrok.zip; unzip ngrok.zip ngrok; chmod +x ngrok); fi
# run ngrok and grab url from logfile
- ngrok/ngrok http 8080 --log stdout --log-format logfmt --log-level debug > tmp.log &
- sleep 5
- cat tmp.log
- export TMP_URL="$(grep -Eo "Hostname:[a-z0-9]+.ngrok.io" tmp.log | head -1 | cut -d':' -f2)"
- if [[ -z "${TMP_URL}" ]]; then exit 1; fi
# start python http server in challenges directory
- (mkdir -p .acme-challenges/.well-known/acme-challenge; cd .acme-challenges; python -m SimpleHTTPServer 8080) &
# generate config
- echo 'CA="https://acme-staging.api.letsencrypt.org/directory"' > config.sh
- echo 'WELLKNOWN=".acme-challenges/.well-known/acme-challenge"' >> config.sh
- echo "${TMP_URL}" > domains.txt
script: script:
# check if help command is working - export CI="true"
- ./letsencrypt.sh --help - ./test.sh
# move config out of the way and try signing certificate by using temporary config location
- mv config.sh tmp_config.sh
- ./letsencrypt.sh --domain "${TMP_URL}" -f tmp_config.sh
- mv tmp_config.sh config.sh
# run in cron mode (should find a non-expiring certificate)
- ./letsencrypt.sh --cron
# check if certificate is valid in various ways
- openssl x509 -in "certs/${TMP_URL}/cert.pem" -noout -text
- openssl x509 -in "certs/${TMP_URL}/fullchain.pem" -noout -text > /dev/null
- "errout=\"$(openssl verify -verbose -CAfile \"certs/${TMP_URL}/fullchain.pem\" -purpose sslserver \"certs/${TMP_URL}/fullchain.pem\" | grep -v ': OK$' || true)\""
- if [[ ! -z "${errout}" ]]; then printf -- "${errout}"; exit 1; fi
# delete account key
- rm private_key.pem
# revoke certificate using certificate key
- ./letsencrypt.sh --revoke "certs/${TMP_URL}/cert.pem" --privkey "certs/${TMP_URL}/privkey.pem"

2
letsencrypt.sh
View File

@@ -372,7 +372,7 @@ sign_domain() {
crt_path="${BASEDIR}/certs/${domain}/cert-${timestamp}.pem" crt_path="${BASEDIR}/certs/${domain}/cert-${timestamp}.pem"
printf -- '-----BEGIN CERTIFICATE-----\n%s\n-----END CERTIFICATE-----\n' "${crt64}" > "${crt_path}" printf -- '-----BEGIN CERTIFICATE-----\n%s\n-----END CERTIFICATE-----\n' "${crt64}" > "${crt_path}"
# try to load the certificate to detect corruption # try to load the certificate to detect corruption
echo " + Checking certificate..." >&2 echo " + Checking certificate..."
_openssl x509 -text < "${crt_path}" _openssl x509 -text < "${crt_path}"
# Create fullchain.pem # Create fullchain.pem

131
test.sh Executable file
View File

@@ -0,0 +1,131 @@
#!/bin/bash
# Fail early
set -eu -o pipefail
# Check if running in CI environment
if [[ ! "${CI:-false}" == "true" ]]; then
echo "ERROR: Not running in CI environment!"
exit 1
fi
_TEST() {
echo -n "${1} "
}
_PASS() {
if [[ -z "$(cat errorlog)" ]]; then
echo -e "[\u001B[32mPASS\u001B[0m]"
else
_FAIL "Non-empty errorlog"
fi
}
_FAIL() {
echo -e "[\u001B[31mFAIL\u001B[0m]"
echo
echo "Problem: ${@}"
echo
echo "STDOUT:"
cat tmplog
echo
echo "STDERR:"
cat errorlog
exit 1
}
_CHECK_FILE() {
[[ -e "${1}" ]] || _FAIL "Missing file: ${1}"
}
_CHECK_LOG() {
grep "${1}" tmplog > /dev/null || _FAIL "Missing in log: ${1}"
}
# If not found (should be cached in travis) download ngrok
if [[ ! -e "ngrok/ngrok" ]]; then
(
mkdir -p ngrok
cd ngrog
wget https://dl.ngrok.com/ngrok_2.0.19_linux_amd64.zip -O ngrok.zip
unzip ngrok.zip ngrok
chmod +x ngrok
)
fi
# Run ngrok and grab temporary url from logfile
ngrok/ngrok http 8080 --log stdout --log-format logfmt --log-level debug > tmp.log &
sleep 2
TMP_URL="$(grep -Eo "Hostname:[a-z0-9]+.ngrok.io" tmp.log | head -1 | cut -d':' -f2)"
if [[ -z "${TMP_URL}" ]]; then
echo "Couldn't get an url from ngrok, not a letsencrypt.sh bug, tests can't continue."
exit 1
fi
# Run python webserver in .acme-challenges directory to serve challenge responses
mkdir -p .acme-challenges/.well-known/acme-challenge
(
cd .acme-challenges
python -m SimpleHTTPServer 8080 > /dev/null 2> /dev/null
) &
# Generate config and create empty domains.txt
echo 'CA="https://acme-staging.api.letsencrypt.org/directory"' > config.sh
echo 'WELLKNOWN=".acme-challenges/.well-known/acme-challenge"' >> config.sh
touch domains.txt
# Check if help command is working
_TEST "Checking if help command is working..."
./letsencrypt.sh --help > tmplog 2> errorlog
_CHECK_LOG "Default command: help"
_CHECK_LOG "\--help (-h)"
_CHECK_LOG "\--domain (-d) domain.tld"
_PASS
# Run in cron mode with empty domains.txt (should only generate private key and exit)
_TEST "First run in cron mode, checking if private key is generated and registered"
./letsencrypt.sh --cron > tmplog 2> errorlog
_CHECK_LOG "Registering account key"
_CHECK_FILE "private_key.pem"
_PASS
# Temporarily move config out of the way and try signing certificate by using temporary config location
_TEST "Try signing using temporary config location and with domain as command line parameter"
mv config.sh tmp_config.sh
./letsencrypt.sh --domain "${TMP_URL}" -f tmp_config.sh > tmplog 2> errorlog
_CHECK_LOG "Generating private key"
_CHECK_LOG "Requesting challenge for ${TMP_URL}"
_CHECK_LOG "Challenge is valid!"
_CHECK_LOG "Creating fullchain.pem"
_CHECK_LOG "Done!"
_PASS
mv tmp_config.sh config.sh
# Move private key and add new location to config
mv private_key.pem account_key.pem
echo 'PRIVATE_KEY="./account_key.pem"' >> config.sh
# Add domain to domains.txt and run in cron mode again (should find a non-expiring certificate and do nothing)
_TEST "Run in cron mode again, this time with domain in domains.txt, should find non-expiring certificate"
echo "${TMP_URL}" >> domains.txt
./letsencrypt.sh --cron > tmplog 2> errorlog
_CHECK_LOG "Skipping!"
_PASS
# Delete account key (not needed anymore)
rm account_key.pem
# Check if certificate is valid in various ways
_TEST "Verifying certificate..."
openssl x509 -in "certs/${TMP_URL}/cert.pem" -noout -text > tmplog 2> errorlog
_CHECK_LOG "CN=${TMP_URL}"
openssl x509 -in "certs/${TMP_URL}/fullchain.pem" -noout -text > /dev/null 2>> errorlog
(openssl verify -verbose -CAfile "certs/${TMP_URL}/fullchain.pem" -purpose sslserver "certs/${TMP_URL}/fullchain.pem" 2>&1 || true) | (grep -v ': OK$' || true) >> errorlog 2>> errorlog
_PASS
# Revoke certificate using certificate key
_TEST "Revoking certificate..."
./letsencrypt.sh --revoke "certs/${TMP_URL}/cert.pem" --privkey "certs/${TMP_URL}/privkey.pem" > tmplog 2> errorlog
_CHECK_LOG "Revoking certs/${TMP_URL}/cert.pem"
_CHECK_LOG "SUCCESS"
_CHECK_FILE "certs/${TMP_URL}/cert.pem-revoked"
_PASS
# All done
exit 0