From 0cfefe50373cd5f7da5b49f1a1380ba8b5baf825 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Tue, 9 Jan 2018 22:14:53 -0500 Subject: [PATCH 3/6] NSS in rawhide (F28) was switched to sqlite, fix assumptions Previous releases of NSS had dbm as the default storage type. Certain assumptions were built into the tests. Make the default scheme more explicit, leaving it as dbm for now. https://pagure.io/certmonger/issue/88 --- tests/007-certsave-dbm/expected.out | 4 ++-- tests/007-certsave/expected.out | 4 ++-- tests/007-certsave/run.sh | 47 +++++++++++++++++++------------------ tests/025-casave/run.sh | 36 ++++++++++++++-------------- tests/034-perms/expected.out | 36 ++++++++++++++-------------- tests/034-perms/run.sh | 2 ++ 6 files changed, 66 insertions(+), 63 deletions(-) diff --git a/tests/007-certsave-dbm/expected.out b/tests/007-certsave-dbm/expected.out index e0978c66..ed6b4ede 100644 --- a/tests/007-certsave-dbm/expected.out +++ b/tests/007-certsave-dbm/expected.out @@ -37,7 +37,7 @@ Testing setting trust to C,c,p: wrong nickname, right subject: cert ,, wrong subject, right nickname: cert ,, [nss:rosubdir] -Failed to save (NSS:${tmpdir}/rosubdir), filesystem permissions error. +Failed to save (NSS:dbm:${tmpdir}/rosubdir), filesystem permissions error. [nss:rwsubdir] -Failed to save (NSS:${tmpdir}/rwsubdir), filesystem permissions error. +Failed to save (NSS:dbm:${tmpdir}/rwsubdir), filesystem permissions error. Test complete. diff --git a/tests/007-certsave/expected.out b/tests/007-certsave/expected.out index e0978c66..ed6b4ede 100644 --- a/tests/007-certsave/expected.out +++ b/tests/007-certsave/expected.out @@ -37,7 +37,7 @@ Testing setting trust to C,c,p: wrong nickname, right subject: cert ,, wrong subject, right nickname: cert ,, [nss:rosubdir] -Failed to save (NSS:${tmpdir}/rosubdir), filesystem permissions error. +Failed to save (NSS:dbm:${tmpdir}/rosubdir), filesystem permissions error. [nss:rwsubdir] -Failed to save (NSS:${tmpdir}/rwsubdir), filesystem permissions error. +Failed to save (NSS:dbm:${tmpdir}/rwsubdir), filesystem permissions error. Test complete. diff --git a/tests/007-certsave/run.sh b/tests/007-certsave/run.sh index bea8341a..29b02152 100755 --- a/tests/007-certsave/run.sh +++ b/tests/007-certsave/run.sh @@ -2,8 +2,9 @@ cd "$tmpdir" +scheme="${scheme:-dbm}" source "$srcdir"/functions -initnssdb ${scheme:+${scheme}:}$tmpdir +initnssdb $scheme:$tmpdir wrongcert='-----BEGIN CERTIFICATE----- MIIDQTCCAimgAwIBAgIBBTANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDEwdwaWxs @@ -50,7 +51,7 @@ echo "$wrongcert" | sed -e 's,^$,,g' -e 's,^ ,,g' > cert.wrong echo "[nss:wrongnick]" cat > entry.nss << EOF cert_storage_type=NSSDB -cert_storage_location=${scheme:+${scheme}:}$tmpdir +cert_storage_location=$scheme:$tmpdir cert_nickname=wrongnick cert=$cert EOF @@ -59,7 +60,7 @@ $toolsdir/certsave entry.nss echo "[nss:wrongcert]" cat > entry.nss << EOF cert_storage_type=NSSDB -cert_storage_location=${scheme:+${scheme}:}$tmpdir +cert_storage_location=$scheme:$tmpdir cert_nickname=cert cert=$wrongcert EOF @@ -68,13 +69,13 @@ $toolsdir/certsave entry.nss echo "[nss:right]" cat > entry.nss << EOF cert_storage_type=NSSDB -cert_storage_location=${scheme:+${scheme}:}$tmpdir +cert_storage_location=$scheme:$tmpdir cert_nickname=cert cert=$cert EOF $toolsdir/certsave entry.nss $toolsdir/listnicks entry.nss -certutil -d ${scheme:+${scheme}:}$tmpdir -L -n cert -a > cert.nss +certutil -d $scheme:$tmpdir -L -n cert -a > cert.nss # Save the wrong certificate to the PEM file. echo "[openssl:wrong]" cat > entry.openssl << EOF @@ -96,7 +97,7 @@ run_dos2unix cert.original run_dos2unix cert.nss run_dos2unix cert.openssl if ! cmp cert.original cert.nss ; then - echo Original and NSS disagree "(${scheme:+${scheme}:}$tmpdir)". + echo Original and NSS disagree "($scheme:$tmpdir)". cat cert.original cert.nss exit 1 fi @@ -137,62 +138,62 @@ $toolsdir/certsave entry.openssl || true for trust in ,, P,, ,P, CT,C, C,c,p ; do echo Testing setting trust to "$trust": # Save the right certificate to NSS's database and read it back. - initnssdb ${scheme:+${scheme}:}$tmpdir + initnssdb $scheme:$tmpdir cat > entry.nss <<- EOF cert_storage_type=NSSDB - cert_storage_location=${scheme:+${scheme}:}$tmpdir + cert_storage_location=$scheme:$tmpdir cert_nickname=cert cert=$cert EOF $toolsdir/certsave entry.nss - certutil -d ${scheme:+${scheme}:}$tmpdir -M -n cert -t $trust + certutil -d $scheme:$tmpdir -M -n cert -t $trust echo -n " baseline: " - certutil -d ${scheme:+${scheme}:}$tmpdir -L | grep cert | sed -r 's,[ \t]+, ,g' + certutil -d $scheme:$tmpdir -L | grep cert | sed -r 's,[ \t]+, ,g' $toolsdir/certsave entry.nss echo -n " right nickname, right subject: " - certutil -d ${scheme:+${scheme}:}$tmpdir -L | grep cert | sed -r 's,[ \t]+, ,g' + certutil -d $scheme:$tmpdir -L | grep cert | sed -r 's,[ \t]+, ,g' # Save the right certificate to NSS's database with the wrong nickname. - initnssdb ${scheme:+${scheme}:}$tmpdir + initnssdb $scheme:$tmpdir $toolsdir/certsave entry.nss cat > entry.nss <<- EOF cert_storage_type=NSSDB - cert_storage_location=${scheme:+${scheme}:}$tmpdir + cert_storage_location=$scheme:$tmpdir cert_nickname=wrongnick cert=$cert EOF $toolsdir/certsave entry.nss - certutil -d ${scheme:+${scheme}:}$tmpdir -M -n wrongnick -t $trust + certutil -d $scheme:$tmpdir -M -n wrongnick -t $trust # Save the right certificate to NSS's database and read it back. cat > entry.nss <<- EOF cert_storage_type=NSSDB - cert_storage_location=${scheme:+${scheme}:}$tmpdir + cert_storage_location=$scheme:$tmpdir cert_nickname=cert cert=$cert EOF $toolsdir/certsave entry.nss echo -n " wrong nickname, right subject: " - certutil -d ${scheme:+${scheme}:}$tmpdir -L | grep cert | sed -r 's,[ \t]+, ,g' + certutil -d $scheme:$tmpdir -L | grep cert | sed -r 's,[ \t]+, ,g' # Save the wrong certificate to NSS's database with the right nickname. - initnssdb ${scheme:+${scheme}:}$tmpdir + initnssdb $scheme:$tmpdir $toolsdir/certsave entry.nss cat > entry.nss <<- EOF cert_storage_type=NSSDB - cert_storage_location=${scheme:+${scheme}:}$tmpdir + cert_storage_location=$scheme:$tmpdir cert_nickname=cert cert=$wrongcert EOF $toolsdir/certsave entry.nss - certutil -d ${scheme:+${scheme}:}$tmpdir -M -n cert -t $trust + certutil -d $scheme:$tmpdir -M -n cert -t $trust # Save the right certificate to NSS's database and read it back. cat > entry.nss <<- EOF cert_storage_type=NSSDB - cert_storage_location=${scheme:+${scheme}:}$tmpdir + cert_storage_location=$scheme:$tmpdir cert_nickname=cert cert=$cert EOF $toolsdir/certsave entry.nss echo -n " wrong subject, right nickname: " - certutil -d ${scheme:+${scheme}:}$tmpdir -L | grep cert | sed -r 's,[ \t]+, ,g' + certutil -d $scheme:$tmpdir -L | grep cert | sed -r 's,[ \t]+, ,g' done if test "$scheme" = sql ; then @@ -202,7 +203,7 @@ else echo "[nss:rosubdir]" cat > entry.nss <<- EOF cert_storage_type=NSSDB - cert_storage_location=$tmpdir/rosubdir + cert_storage_location=$scheme:$tmpdir/rosubdir cert_nickname=cert cert=$cert EOF @@ -216,7 +217,7 @@ else echo "[nss:rwsubdir]" cat > entry.nss <<- EOF cert_storage_type=NSSDB - cert_storage_location=$tmpdir/rwsubdir + cert_storage_location=$scheme:$tmpdir/rwsubdir cert_nickname=cert cert=$cert EOF diff --git a/tests/025-casave/run.sh b/tests/025-casave/run.sh index 44a08b06..aff1e6d9 100755 --- a/tests/025-casave/run.sh +++ b/tests/025-casave/run.sh @@ -196,7 +196,7 @@ id=EntryD1 root_cert_files= other_root_cert_files= other_cert_files= -root_cert_dbs=$tmpdir/db1,$tmpdir/dba +root_cert_dbs=dbm:$tmpdir/db1,dbm:$tmpdir/dba other_root_cert_dbs= other_cert_dbs= cert_roots=Per-certificate Signing Authority D1 @@ -229,7 +229,7 @@ root_cert_files= other_root_cert_files= other_cert_files= root_cert_dbs= -other_root_cert_dbs=$tmpdir/db2,$tmpdir/dba +other_root_cert_dbs=dbm:$tmpdir/db2,dbm:$tmpdir/dba other_cert_dbs= EOF cat > $tmpdir/entryd3 <<- EOF @@ -239,7 +239,7 @@ other_root_cert_files= other_cert_files= root_cert_dbs= other_root_cert_dbs= -other_cert_dbs=$tmpdir/db3,$tmpdir/dba +other_cert_dbs=dbm:$tmpdir/db3,dbm:$tmpdir/dba cert_chain=Per-certificate Signing Authority D3 -----BEGIN CERTIFICATE----- MIIDjjCCAnagAwIBAgIRALuVK2FuXklPuMP4qtRyQjUwDQYJKoZIhvcNAQELBQAw @@ -300,7 +300,7 @@ ca_name=CAD1 root_cert_files= other_root_cert_files= other_cert_files= -root_cert_dbs=$tmpdir/db1,$tmpdir/dba +root_cert_dbs=dbm:$tmpdir/db1,dbm:$tmpdir/dba other_root_cert_dbs= other_cert_dbs= EOF @@ -311,7 +311,7 @@ root_cert_files= other_root_cert_files= other_cert_files= root_cert_dbs= -other_root_cert_dbs=$tmpdir/db2,$tmpdir/dba +other_root_cert_dbs=dbm:$tmpdir/db2,dbm:$tmpdir/dba other_cert_dbs= EOF cat > $tmpdir/entrycad3 <<- EOF @@ -322,7 +322,7 @@ other_root_cert_files= other_cert_files= root_cert_dbs= other_root_cert_dbs= -other_cert_dbs=$tmpdir/db3,$tmpdir/dba +other_cert_dbs=dbm:$tmpdir/db3,dbm:$tmpdir/dba EOF cat > $tmpdir/cab1 <<- EOF @@ -564,9 +564,9 @@ ca_external_helper=$tmpdir/no-such-helper.sh ca_root_cert_files= ca_other_root_cert_files= ca_other_cert_files= -ca_root_cert_dbs=$tmpdir/db1,$tmpdir/dba -ca_other_root_cert_dbs=$tmpdir/dba -ca_other_cert_dbs=$tmpdir/dba +ca_root_cert_dbs=dbm:$tmpdir/db1,dbm:$tmpdir/dba +ca_other_root_cert_dbs=dbm:$tmpdir/dba +ca_other_cert_dbs=dbm:$tmpdir/dba ca_root_certs=Root Certificate D1 -----BEGIN CERTIFICATE----- MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ @@ -639,9 +639,9 @@ ca_external_helper=$tmpdir/no-such-helper.sh ca_root_cert_files= ca_other_root_cert_files= ca_other_cert_files= -ca_root_cert_dbs=$tmpdir/dba -ca_other_root_cert_dbs=$tmpdir/db2,$tmpdir/dba -ca_other_cert_dbs=$tmpdir/dba +ca_root_cert_dbs=dbm:$tmpdir/dba +ca_other_root_cert_dbs=dbm:$tmpdir/db2,dbm:$tmpdir/dba +ca_other_cert_dbs=dbm:$tmpdir/dba ca_root_certs=Root Certificate D2 -----BEGIN CERTIFICATE----- MIIEDzCCAvegAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJTSzET @@ -722,9 +722,9 @@ ca_external_helper=$tmpdir/no-such-helper.sh ca_root_cert_files= ca_other_root_cert_files= ca_other_cert_files= -ca_root_cert_dbs=,$tmpdir/dba -ca_other_root_cert_dbs=,$tmpdir/dba, -ca_other_cert_dbs=$tmpdir/db3,$tmpdir/dba +ca_root_cert_dbs=,dbm:$tmpdir/dba +ca_other_root_cert_dbs=,dbm:$tmpdir/dba, +ca_other_cert_dbs=dbm:$tmpdir/db3,dbm:$tmpdir/dba ca_root_certs=Root Certificate D3 -----BEGIN CERTIFICATE----- MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTEL @@ -796,9 +796,9 @@ ca_external_helper=$tmpdir/no-such-helper.sh ca_root_cert_files=$tmpdir/bundle-all ca_other_root_cert_files= ca_other_cert_files= -ca_root_cert_dbs=$tmpdir/dba -ca_other_root_cert_dbs=,$tmpdir/dba -ca_other_cert_dbs=,$tmpdir/dba +ca_root_cert_dbs=dbm:$tmpdir/dba +ca_other_root_cert_dbs=,dbm:$tmpdir/dba +ca_other_cert_dbs=,dbm:$tmpdir/dba ca_root_certs=Root Certificate DA -----BEGIN CERTIFICATE----- MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1Xm67XVjAKBggqhkjOPQQDAzCBhDEL diff --git a/tests/034-perms/expected.out b/tests/034-perms/expected.out index 4e2fbd71..c062d409 100644 --- a/tests/034-perms/expected.out +++ b/tests/034-perms/expected.out @@ -41,54 +41,54 @@ $owner:$group|0755|ee.key.MARKER.key $owner:$group|0662|ee.crt $owner:$group|0620|ee.key -[start] -[keygen] +[dbm:start] +[dbm:keygen] $owner:$group|0600|cert8.db $owner:$group|0620|key3.db -[reset] +[dbm:reset] $owner:$group|0755|cert8.db $owner:$group|0755|key3.db -[csrgen] +[dbm:csrgen] $owner:$group|0755|cert8.db $owner:$group|0620|key3.db -[reset] +[dbm:reset] $owner:$group|0755|cert8.db $owner:$group|0755|key3.db -[submit] +[dbm:submit] $owner:$group|0755|cert8.db $owner:$group|0755|key3.db -[reset] +[dbm:reset] $owner:$group|0755|cert8.db $owner:$group|0755|key3.db -[save] +[dbm:save] $owner:$group|0662|cert8.db $owner:$group|0620|key3.db -[rekey:start] -[rekey:keygen] +[rekey:dbm:start] +[rekey:dbm:keygen] $owner:$group|0600|cert8.db $owner:$group|0620|key3.db -[rekey:reset] +[rekey:dbm:reset] $owner:$group|0755|cert8.db $owner:$group|0755|key3.db -[rekey:keygen] +[rekey:dbm:keygen] $owner:$group|0755|cert8.db $owner:$group|0620|key3.db -[rekey:reset] +[rekey:dbm:reset] $owner:$group|0755|cert8.db $owner:$group|0755|key3.db -[rekey:csrgen] +[rekey:dbm:csrgen] $owner:$group|0755|cert8.db $owner:$group|0620|key3.db -[rekey:reset] +[rekey:dbm:reset] $owner:$group|0755|cert8.db $owner:$group|0755|key3.db -[rekey:submit] +[rekey:dbm:submit] $owner:$group|0755|cert8.db $owner:$group|0755|key3.db -[rekey:reset] +[rekey:dbm:reset] $owner:$group|0755|cert8.db $owner:$group|0755|key3.db -[rekey:save] +[rekey:dbm:save] $owner:$group|0662|cert8.db $owner:$group|0620|key3.db OK diff --git a/tests/034-perms/run.sh b/tests/034-perms/run.sh index 7f349d3b..88eae19f 100755 --- a/tests/034-perms/run.sh +++ b/tests/034-perms/run.sh @@ -1,6 +1,8 @@ #!/bin/bash cd "$tmpdir" +scheme="${scheme:-dbm:}" + function list() { $toolsdir/ls *.* | sed -e "s~^$owner:$group|~\$owner:\$group|~g" } -- 2.15.1