Bug#719245: dep8 test for apache2 passphrase prompting

To: submit@bugs.debian.org
Subject: Bug#719245: dep8 test for apache2 passphrase prompting
From: Robie Basak <robie.basak@ubuntu.com>
Date: Fri, 9 Aug 2013 17:22:37 +0100
Message-id: <[🔎] 20130809162237.GP10196@mal.justgohome.co.uk>
Reply-to: Robie Basak <robie.basak@ubuntu.com>, 719245@bugs.debian.org

Package: apache2
Version: 2.4.6-2
User: ubuntu-devel@lists.ubuntu.com
Usertags: origin-ubuntu saucy ubuntu-patch
Tags: patch
Severity: wishlist

I've added a dep8[1] test to the Ubuntu apache2 package which verifies
basic functionality as well as checks that SSL is working and passphrase
prompting on service startup works correctly. An error in an Ubuntu diff
for passphrase entry prompted me to do this, but I wrote the test to
work correctly with the Debian package as well. Please consider adding
this test to the Debian packaging. Patch attached. Thanks!

[1]: http://dep.debian.net/deps/dep8/

diff --git a/debian/ask-for-passphrase b/debian/ask-for-passphrase
old mode 100644
new mode 100755
diff --git a/debian/control b/debian/control
index a36428d..60906c2 100644
--- a/debian/control
+++ b/debian/control
@@ -13,6 +13,7 @@ Standards-Version: 3.9.4
 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-apache/apache2.git
 Vcs-Git: git://anonscm.debian.org/pkg-apache/apache2.git
 Homepage: http://httpd.apache.org/
+XS-Testsuite: autopkgtest
 
 Package: apache2
 Architecture: any
diff --git a/debian/tests/control b/debian/tests/control
new file mode 100644
index 0000000..26b0b80
--- /dev/null
+++ b/debian/tests/control
@@ -0,0 +1,3 @@
+Tests: ssl-passphrase
+Restrictions: needs-root allow-stderr
+Depends: apache2, curl, expect, ssl-cert
diff --git a/debian/tests/ssl-passphrase b/debian/tests/ssl-passphrase
new file mode 100644
index 0000000..c509677
--- /dev/null
+++ b/debian/tests/ssl-passphrase
@@ -0,0 +1,49 @@
+#!/bin/sh
+set -ex
+
+# Check that the init script correctly prompts for the passphrase on startup,
+# then starts and responds correctly to https queries.
+#
+# Author: Robie Basak <robie.basak@ubuntu.com>
+
+cd /etc/ssl/private
+[ -f ssl-cert-snakeoil.key.nopassphrase ] || mv ssl-cert-snakeoil.key ssl-cert-snakeoil.key.nopassphrase
+openssl rsa -des3 -in ssl-cert-snakeoil.key.nopassphrase -out ssl-cert-snakeoil.key -passout pass:test
+a2enmod ssl
+a2ensite default-ssl
+
+expect <<EOT
+spawn service apache2 restart
+set timeout 600
+expect {
+	# Debian
+	"ass phrase:" {send "test\r"}
+
+	# Ubuntu
+	"assphrase:" {send "test\r"}
+
+	# Failure cases
+	"failed" {exit 1}
+	eof {exit 1}
+}
+
+# wait for eof and return exit code from spawned process back to the caller
+expect eof
+catch wait result
+exit [lindex \$result 3]
+EOT
+
+echo "Hello, world!" > /var/www/hello.txt
+
+# Use curl here. wget doesn't work on Debian, even with --no-check-certificate
+# wget on Debian gives me:
+#    GnuTLS: A TLS warning alert has been received.
+#    Unable to establish SSL connection.
+# Presumably this is due to the self-signed certificate, but I'm not sure how
+# to skip the warning with wget. curl will do for now.
+result=`curl -k https://localhost/hello.txt`
+
+if [ "$result" != "Hello, world!" ]; then
+    echo "Unexpected result from wget" >&2
+    exit 1
+fi

Reply to:

Prev by Date: Processed: reassign 719097 to apache2, merging 719097 718789
Next by Date: Bug#719265: apache2: Cleanup after a2_invoke enable third party mod|conf|site
Previous by thread: Processed: reassign 719097 to apache2, merging 719097 718789
Next by thread: Bug#719265: apache2: Cleanup after a2_invoke enable third party mod|conf|site
Index(es):
- Date
- Thread