From db4162fcb8829bf73871b5a97c9e19f48c6379b5 Mon Sep 17 00:00:00 2001 From: bluhm Date: Sun, 25 Jun 2017 21:33:23 +0000 Subject: [PATCH] Convert the acme-client test to use a config file acme-client.conf. Restructure the Makefile, put httpd.conf in separate config file. Skip test if domain name for letsencrypt.org is not set. discussed with benno@ --- regress/usr.sbin/acme-client/Makefile | 85 ++++++++++++++----- regress/usr.sbin/acme-client/acme-client.conf | 10 +++ .../usr.sbin/acme-client/create-httpd-env.sh | 16 ---- regress/usr.sbin/acme-client/httpd.conf | 8 ++ 4 files changed, 81 insertions(+), 38 deletions(-) create mode 100644 regress/usr.sbin/acme-client/acme-client.conf delete mode 100644 regress/usr.sbin/acme-client/create-httpd-env.sh create mode 100644 regress/usr.sbin/acme-client/httpd.conf diff --git a/regress/usr.sbin/acme-client/Makefile b/regress/usr.sbin/acme-client/Makefile index a5485588785..c765bcd841e 100644 --- a/regress/usr.sbin/acme-client/Makefile +++ b/regress/usr.sbin/acme-client/Makefile @@ -1,27 +1,68 @@ -REGRESS_TARGETS=acme - -acme: start_httpd - /usr/sbin/acme-client \ - -C ${.OBJDIR}/www/acme \ - -c ${.OBJDIR}/etc/ssl/acme \ - -f ${.OBJDIR}/etc/acme/privkey.pem \ - -k ${.OBJDIR}/etc/ssl/acme/private/privkey.pem \ - -nNv -s letsencrypt-staging `hostname` - /usr/sbin/acme-client \ - -C ${.OBJDIR}/www/acme \ - -c ${.OBJDIR}/etc/ssl/acme \ - -f ${.OBJDIR}/etc/acme/privkey.pem \ - -k ${.OBJDIR}/etc/ssl/acme/private/privkey.pem \ - -rv -s letsencrypt-staging `hostname` - pkill -xf "/usr/sbin/httpd -f ${.OBJDIR}/etc/httpd.conf" - -start_httpd: - sh ${.CURDIR}/create-httpd-env.sh ${.OBJDIR} - /bin/echo `/bin/hostname` - /usr/sbin/httpd -f ${.OBJDIR}/etc/httpd.conf +# $OpenBSD: Makefile,v 1.2 2017/06/25 21:33:23 bluhm Exp $ + +# Copyright (c) 2017 Alexander Bluhm +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +# acme-client retrieves a certificate from letsencrypt.org. For +# that a domain must be registered and the local machine must be +# reachable via this DNS name. + +DOMAIN ?= + +.if empty (DOMAIN) +regress: + @echo This tests needs a domain reachable from letsencrypt.org. + @echo Set it with the DOMAIN variable. + @echo SKIPPED +.endif + +clean: _SUBDIRUSE + rm -f a.out [Ee]rrs mklog *.core y.tab.h ktrace.out + rm -rf etc www + +etc/acme-client.conf: acme-client.conf + mkdir -p etc + sed 's,$${.OBJDIR},${.OBJDIR},;s,$${DOMAIN},${DOMAIN},'\ + ${.CURDIR}/acme-client.conf >etc/acme-client.conf + +etc/httpd.conf: httpd.conf + mkdir -p etc + sed 's,$${.OBJDIR},${.OBJDIR},'\ + ${.CURDIR}/httpd.conf >etc/httpd.conf + mkdir -p www/htdocs www/acme www/logs etc/acme etc/ssl/acme/private + +httpd-start: etc/httpd.conf + ${SUDO} /usr/sbin/httpd -f ${.OBJDIR}/etc/httpd.conf sleep .1 # give httpd some time to spin up pgrep -xf "/usr/sbin/httpd -f ${.OBJDIR}/etc/httpd.conf" -.PHONY: ${REGRESS_TARGETS} start_httpd +httpd-stop: + -${SUDO} pkill -xf "/usr/sbin/httpd -f ${.OBJDIR}/etc/httpd.conf" + +REGRESS_TARGETS += run-regress-acme +run-regress-acme: etc/acme-client.conf httpd-start + ${SUDO} /usr/sbin/acme-client \ + -f ${.OBJDIR}/etc/acme-client.conf \ + -A -D -v ${DOMAIN} + ${SUDO} /usr/sbin/acme-client \ + -f ${.OBJDIR}/etc/acme-client.conf \ + -r -v ${DOMAIN} + +REGRESS_TARGETS += run-regress-cleanup +run-regress-cleanup: + ${.MAKE} -C ${.CURDIR} httpd-stop + +.PHONY: ${REGRESS_TARGETS} httpd-start httpd-stop .include diff --git a/regress/usr.sbin/acme-client/acme-client.conf b/regress/usr.sbin/acme-client/acme-client.conf new file mode 100644 index 00000000000..2b36a215ef9 --- /dev/null +++ b/regress/usr.sbin/acme-client/acme-client.conf @@ -0,0 +1,10 @@ +authority myauth { + account key "${.OBJDIR}/etc/acme/privkey.pem" + api url "https://acme-v01.api.letsencrypt.org/directory" +} +domain ${DOMAIN} { + domain key "${.OBJDIR}/etc/ssl/acme/private/privkey.pem" + domain certificate "${.OBJDIR}/etc/ssl/acme/cert.pem" + sign with "myauth" + challengedir "${.OBJDIR}/www/acme" +} diff --git a/regress/usr.sbin/acme-client/create-httpd-env.sh b/regress/usr.sbin/acme-client/create-httpd-env.sh deleted file mode 100644 index af3a7076602..00000000000 --- a/regress/usr.sbin/acme-client/create-httpd-env.sh +++ /dev/null @@ -1,16 +0,0 @@ -set -e -mkdir -p $1/www/htdocs -mkdir -p $1/www/acme -mkdir -p $1/www/logs -mkdir -p $1/etc/acme -mkdir -p $1/etc/ssl/acme/private -cat < $1/etc/httpd.conf -chroot "$1/www" -server "default" { - listen on "*" port 80 - location "/.well-known/acme-challenge/*" { - root "/acme" - root strip 2 - } -} -END diff --git a/regress/usr.sbin/acme-client/httpd.conf b/regress/usr.sbin/acme-client/httpd.conf new file mode 100644 index 00000000000..b8bada1b09d --- /dev/null +++ b/regress/usr.sbin/acme-client/httpd.conf @@ -0,0 +1,8 @@ +chroot "${.OBJDIR}/www" +server "default" { + listen on "*" port 80 + location "/.well-known/acme-challenge/*" { + root "/acme" + root strip 2 + } +} -- 2.20.1