[devel] [PATCH for apt 36/38] Add http and https methods tests

Вт Дек 10 18:23:41 MSK 2019

---
 apt/test/integration/framework                | 104 +++++++++++++++++-
 apt/test/integration/test-apt-method-http     |  29 +++++
 apt/test/integration/test-apt-method-https    |  56 ++++++++++
 ...est-apt-method-https-invalid-cert-hostname |  41 +++++++
 4 files changed, 229 insertions(+), 1 deletion(-)
 create mode 100755 apt/test/integration/test-apt-method-http
 create mode 100755 apt/test/integration/test-apt-method-https
 create mode 100755 apt/test/integration/test-apt-method-https-invalid-cert-hostname

diff --git a/apt/test/integration/framework b/apt/test/integration/framework
index fa9672d..6098089 100644
--- a/apt/test/integration/framework
+++ b/apt/test/integration/framework
@@ -519,7 +519,7 @@ generaterepository() {
 			--suite="${GB_REPO_SUITE:-$label}" \
 			--version="${GB_REPO_VERSION:-$date_s}" \
 			--topdir="$REPO_DIR" \
-			--flat --no-oldhashfile --no-bz2 --no-xz --mapi \
+			--flat --no-oldhashfile --bz2 --xz --mapi \
 			$dir $comps
 
 		if [ -n "$REPO_DATE" ] ; then
@@ -552,3 +552,105 @@ ENDSCRIPT
 
 	chmod +x $TMPWORKINGDIRECTORY/bash/scripts/${SCRIPTFILENAME}.sh
 }
+
+nginxsetuphttp() {
+	mkdir -p $TMPWORKINGDIRECTORY/nginx ||:
+	mkdir -p $TMPWORKINGDIRECTORY/nginx/tmp ||:
+
+cat >> $TMPWORKINGDIRECTORY/nginx/nginx.conf << ENDCONFIG
+worker_processes 1;
+error_log $TMPWORKINGDIRECTORY/nginx/error.log;
+daemon off;
+pid $TMPWORKINGDIRECTORY/nginx/nginx.pid;
+
+events {
+	worker_connections  1024;
+}
+
+http {
+	client_body_temp_path $TMPWORKINGDIRECTORY/nginx/tmp/client_body;
+	fastcgi_temp_path $TMPWORKINGDIRECTORY/nginx/tmp/fastcgi_temp;
+	proxy_temp_path $TMPWORKINGDIRECTORY/nginx/tmp/proxy_temp;
+	scgi_temp_path $TMPWORKINGDIRECTORY/nginx/tmp/scgi_temp;
+	uwsgi_temp_path $TMPWORKINGDIRECTORY/nginx/tmp/uwsgi_temp;
+
+	include             /etc/nginx/mime.types;
+	default_type        application/octet-stream;
+
+	sendfile on;
+
+	keepalive_timeout   65;
+
+	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
+	ssl_prefer_server_ciphers on;
+	access_log $TMPWORKINGDIRECTORY/nginx/http.access.log;
+	error_log $TMPWORKINGDIRECTORY/nginx/http.error.log;
+
+	server {
+		listen 8080;
+		server_name localhost localhost.localdomain;
+
+		location / {
+			root $TMPWORKINGDIRECTORY/nginx/repo;
+			autoindex on;
+		}
+	}
+}
+ENDCONFIG
+}
+
+nginxsetuphttps() {
+	mkdir -p $TMPWORKINGDIRECTORY/nginx ||:
+	mkdir -p $TMPWORKINGDIRECTORY/nginx/tmp ||:
+
+	cat >> $TMPWORKINGDIRECTORY/nginx/nginx.conf << ENDCONFIG
+worker_processes 1;
+error_log $TMPWORKINGDIRECTORY/nginx/error.log;
+daemon off;
+pid $TMPWORKINGDIRECTORY/nginx/nginx.pid;
+
+events {
+	worker_connections  1024;
+}
+
+http {
+	client_body_temp_path $TMPWORKINGDIRECTORY/nginx/tmp/client_body;
+	fastcgi_temp_path $TMPWORKINGDIRECTORY/nginx/tmp/fastcgi_temp;
+	proxy_temp_path $TMPWORKINGDIRECTORY/nginx/tmp/proxy_temp;
+	scgi_temp_path $TMPWORKINGDIRECTORY/nginx/tmp/scgi_temp;
+	uwsgi_temp_path $TMPWORKINGDIRECTORY/nginx/tmp/uwsgi_temp;
+
+	include             /etc/nginx/mime.types;
+	default_type        application/octet-stream;
+
+	sendfile on;
+
+	keepalive_timeout   65;
+
+	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
+	ssl_prefer_server_ciphers on;
+	access_log $TMPWORKINGDIRECTORY/nginx/http.access.log;
+	error_log $TMPWORKINGDIRECTORY/nginx/http.error.log;
+
+	server {
+		listen 8080;
+		server_name localhost localhost.localdomain;
+
+		ssl_certificate	$TMPWORKINGDIRECTORY/nginx/cert.crt;
+		ssl_certificate_key	$TMPWORKINGDIRECTORY/nginx/cert.key;
+
+		ssl on;
+
+		ssl_session_cache	builtin:1000	shared:SSL:10m;
+		ssl_protocols TLSv1.2;
+		ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
+		ssl_prefer_server_ciphers on;
+
+		location / {
+			root $TMPWORKINGDIRECTORY/nginx/repo;
+			autoindex on;
+		}
+	}
+}
+ENDCONFIG
+}
diff --git a/apt/test/integration/test-apt-method-http b/apt/test/integration/test-apt-method-http
new file mode 100755
index 0000000..0872c99
--- /dev/null
+++ b/apt/test/integration/test-apt-method-http
@@ -0,0 +1,29 @@
+#!/bin/bash
+set -e
+
+TESTDIR=$(readlink -f $(dirname $0))
+. $TESTDIR/framework
+
+setupenvironment
+
+nginxsetuphttp
+
+buildpackage "simple-package"
+
+generaterepository "$TMPWORKINGDIRECTORY/usr/src/RPM/RPMS" "$TMPWORKINGDIRECTORY/nginx/repo"
+
+cat > $TMPWORKINGDIRECTORY/rootdir/etc/apt/sources.list << END
+rpm http://localhost:8080/ $(getarchitecture) apt-tests
+rpm http://localhost:8080/ noarch apt-tests
+END
+
+/usr/sbin/nginx -c $TMPWORKINGDIRECTORY/nginx/nginx.conf -p $TMPWORKINGDIRECTORY &>> $TMPWORKINGDIRECTORY/nginx/process-stderr.log &
+NGINXPID=$!
+
+addtrap 'prefix' "kill -SIGTERM $NGINXPID; [ \"$EXIT_CODE\" = '0' ] || cat $TMPWORKINGDIRECTORY/nginx/process-stderr.log;"
+
+testsuccess aptget update
+
+testpkgnotinstalled "simple-package"
+testsuccess aptget install simple-package
+testpkginstalled "simple-package"
diff --git a/apt/test/integration/test-apt-method-https b/apt/test/integration/test-apt-method-https
new file mode 100755
index 0000000..29e4d2d
--- /dev/null
+++ b/apt/test/integration/test-apt-method-https
@@ -0,0 +1,56 @@
+#!/bin/bash
+set -e
+
+TESTDIR=$(readlink -f $(dirname $0))
+. $TESTDIR/framework
+
+setupenvironment
+
+nginxsetuphttps
+
+# generate key
+openssl req -x509 -newkey rsa:4096 -keyout $TMPWORKINGDIRECTORY/nginx/cert.key -out $TMPWORKINGDIRECTORY/nginx/cert.crt -nodes -days 365 -subj '/CN=localhost' &>/dev/null
+
+# add key to apt's config. Also pin the key
+cat > $TMPWORKINGDIRECTORY/rootdir/etc/apt/apt.conf.d/80https.conf << END
+Acquire::https::CaInfo	"$TMPWORKINGDIRECTORY/nginx/cert.crt";
+END
+
+cat > $TMPWORKINGDIRECTORY/rootdir/etc/apt/apt.conf.d/81https-pinning.conf << END
+Acquire::https::PinnedCert	"$TMPWORKINGDIRECTORY/nginx/cert.crt";
+END
+
+buildpackage "simple-package"
+buildpackage "conflicting-package-one"
+
+generaterepository "$TMPWORKINGDIRECTORY/usr/src/RPM/RPMS" "$TMPWORKINGDIRECTORY/nginx/repo"
+
+cat > $TMPWORKINGDIRECTORY/rootdir/etc/apt/sources.list << END
+rpm https://localhost:8080/ $(getarchitecture) apt-tests
+rpm https://localhost:8080/ noarch apt-tests
+END
+
+/usr/sbin/nginx -c $TMPWORKINGDIRECTORY/nginx/nginx.conf -p $TMPWORKINGDIRECTORY &>> $TMPWORKINGDIRECTORY/nginx/process-stderr.log &
+NGINXPID=$!
+
+addtrap 'prefix' "kill -SIGTERM $NGINXPID; [ \"$EXIT_CODE\" = '0' ] || cat $TMPWORKINGDIRECTORY/nginx/process-stderr.log;"
+
+testsuccess aptget update
+
+testpkgnotinstalled "simple-package"
+testsuccess aptget install simple-package
+testpkginstalled "simple-package"
+
+# generate another key, and pin apt to it. Check key pinning
+msgmsg "Pinning invalid key in apt"
+openssl req -x509 -newkey rsa:4096 -keyout $TMPWORKINGDIRECTORY/nginx/cert.invalid.key -out $TMPWORKINGDIRECTORY/nginx/cert.invalid.crt -nodes -days 365 -subj '/CN=localhost' &>/dev/null
+
+cat > $TMPWORKINGDIRECTORY/rootdir/etc/apt/apt.conf.d/81https-pinning.conf << END
+Acquire::https::PinnedCert	"$TMPWORKINGDIRECTORY/nginx/cert.invalid.crt";
+END
+
+testfailure aptget update
+
+testpkgnotinstalled "conflicting-package-one"
+testfailure aptget install conflicting-package-one
+testpkgnotinstalled "conflicting-package-one"
diff --git a/apt/test/integration/test-apt-method-https-invalid-cert-hostname b/apt/test/integration/test-apt-method-https-invalid-cert-hostname
new file mode 100755
index 0000000..33e80b6
--- /dev/null
+++ b/apt/test/integration/test-apt-method-https-invalid-cert-hostname
@@ -0,0 +1,41 @@
+#!/bin/bash
+set -e
+
+TESTDIR=$(readlink -f $(dirname $0))
+. $TESTDIR/framework
+
+setupenvironment
+
+nginxsetuphttps
+
+# generate key
+openssl req -x509 -newkey rsa:4096 -keyout $TMPWORKINGDIRECTORY/nginx/cert.key -out $TMPWORKINGDIRECTORY/nginx/cert.crt -nodes -days 365 -subj '/CN=wronghost' &>/dev/null
+
+# add key to apt's config. Also pin the key
+cat > $TMPWORKINGDIRECTORY/rootdir/etc/apt/apt.conf.d/80https.conf << END
+Acquire::https::CaInfo	"$TMPWORKINGDIRECTORY/nginx/cert.crt";
+END
+
+cat > $TMPWORKINGDIRECTORY/rootdir/etc/apt/apt.conf.d/81https-pinning.conf << END
+Acquire::https::PinnedCert	"$TMPWORKINGDIRECTORY/nginx/cert.crt";
+END
+
+buildpackage "simple-package"
+
+generaterepository "$TMPWORKINGDIRECTORY/usr/src/RPM/RPMS" "$TMPWORKINGDIRECTORY/nginx/repo"
+
+cat > $TMPWORKINGDIRECTORY/rootdir/etc/apt/sources.list << END
+rpm https://localhost:8080/ $(getarchitecture) apt-tests
+rpm https://localhost:8080/ noarch apt-tests
+END
+
+/usr/sbin/nginx -c $TMPWORKINGDIRECTORY/nginx/nginx.conf -p $TMPWORKINGDIRECTORY &>> $TMPWORKINGDIRECTORY/nginx/process-stderr.log &
+NGINXPID=$!
+
+addtrap 'prefix' "kill -SIGTERM $NGINXPID; [ \"$EXIT_CODE\" = '0' ] || cat $TMPWORKINGDIRECTORY/nginx/process-stderr.log;"
+
+testfailure aptget update
+
+testpkgnotinstalled "conflicting-package-one"
+testfailure aptget install conflicting-package-one
+testpkgnotinstalled "conflicting-package-one"
-- 
2.24.0

