diff options
Diffstat (limited to 'tests')
65 files changed, 606 insertions, 1835 deletions
diff --git a/tests/boulder-fetch.sh b/tests/boulder-fetch.sh deleted file mode 100755 index a06d37325..000000000 --- a/tests/boulder-fetch.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash -# Download and run Boulder instance for integration testing -set -xe - -# Clone Boulder into a GOPATH-style directory structure even if Go isn't -# installed, because Boulder's docker-compose.yml file wll look for it there. -export GOPATH=${GOPATH:-$HOME/gopath} -BOULDERPATH=${BOULDERPATH:-$GOPATH/src/github.com/letsencrypt/boulder} -if [ ! -d ${BOULDERPATH} ]; then - git clone --depth=1 https://github.com/letsencrypt/boulder ${BOULDERPATH} -fi - -cd ${BOULDERPATH} - -# Since https://github.com/letsencrypt/boulder/commit/92e8e1708a725e9d08a5da2f4a7132320ed2158b, -# Boulder support for tls-sni-01 challenges is disabled. We still need to support it until this -# challenge is officially removed from ACME CA server on production, and also removed from Certbot. -# This sed command reactivate tls-sni-01 challenges inplace temporarily. -sed -i 's/tls-alpn-01/tls-sni-01/g' test/config/ra.json - -docker-compose up -d boulder - -set +x # reduce verbosity while waiting for boulder -for n in `seq 1 150` ; do - if curl http://localhost:4000/directory 2>/dev/null; then - break - else - sleep 1 - fi -done - -if ! curl http://localhost:4000/directory 2>/dev/null; then - echo "timed out waiting for boulder to start" - exit 1 -fi - -# Setup the DNS resolution used by boulder instance to docker host -curl -X POST -d '{"ip":"10.77.77.1"}' http://localhost:8055/set-default-ipv4 diff --git a/tests/boulder-integration.sh b/tests/boulder-integration.sh deleted file mode 100755 index 3e16fcbbc..000000000 --- a/tests/boulder-integration.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash - -set -e - -if [ "$INTEGRATION_TEST" = "certbot" ]; then - tests/certbot-boulder-integration.sh -elif [ "$INTEGRATION_TEST" = "nginx" ]; then - certbot-nginx/tests/boulder-integration.sh -else - tests/certbot-boulder-integration.sh - # Most CI systems set this variable to true. - # If the tests are running as part of CI, Nginx should be available. - if ${CI:-false} || type nginx; then - certbot-nginx/tests/boulder-integration.sh - fi -fi diff --git a/tests/certbot-boulder-integration.sh b/tests/certbot-boulder-integration.sh deleted file mode 100755 index 630571148..000000000 --- a/tests/certbot-boulder-integration.sh +++ /dev/null @@ -1,529 +0,0 @@ -#!/bin/bash -# Simple integration test. Make sure to activate virtualenv beforehand -# (source venv/bin/activate) and that you are running Boulder test -# instance (see ./boulder-fetch.sh). -# -# Environment variables: -# SERVER: Passed as "certbot --server" argument. -# -# Note: this script is called by Boulder integration test suite! - -set -eux - -# Check that python executable is available in the PATH. Fail immediatly if not. -command -v python > /dev/null || (echo "Error, python executable is not in the PATH" && exit 1) - -. ./tests/integration/_common.sh -export PATH="$PATH:/usr/sbin" # /usr/sbin/nginx - -cleanup_and_exit() { - EXIT_STATUS=$? - if SERVER_STILL_RUNNING=`ps -p $python_server_pid -o pid=` - then - echo Kill server subprocess, left running by abnormal exit - kill $SERVER_STILL_RUNNING - fi - if [ -f "$HOOK_DIRS_TEST" ]; then - rm -f "$HOOK_DIRS_TEST" - fi - exit $EXIT_STATUS -} - -trap cleanup_and_exit EXIT - -export HOOK_DIRS_TEST="$(mktemp)" -renewal_hooks_root="$config_dir/renewal-hooks" -renewal_hooks_dirs=$(echo "$renewal_hooks_root/"{pre,deploy,post}) -renewal_dir_pre_hook="$(echo $renewal_hooks_dirs | cut -f 1 -d " ")/hook.sh" -renewal_dir_deploy_hook="$(echo $renewal_hooks_dirs | cut -f 2 -d " ")/hook.sh" -renewal_dir_post_hook="$(echo $renewal_hooks_dirs | cut -f 3 -d " ")/hook.sh" - -# Creates hooks in Certbot's renewal hook directory that write to a file -CreateDirHooks() { - for hook_dir in $renewal_hooks_dirs; do - mkdir -p $hook_dir - hook_path="$hook_dir/hook.sh" - cat << EOF > "$hook_path" -#!/bin/bash -xe -if [ "\$0" = "$renewal_dir_deploy_hook" ]; then - if [ -z "\$RENEWED_DOMAINS" -o -z "\$RENEWED_LINEAGE" ]; then - echo "Environment variables not properly set!" >&2 - exit 1 - fi -fi -echo \$(basename \$(dirname "\$0")) >> "\$HOOK_DIRS_TEST" -EOF - chmod +x "$hook_path" - done -} - -# Asserts that the hooks created by CreateDirHooks have been run once and -# resets the file. -# -# Arguments: -# The number of times the deploy hook should have been run. (It should run -# once for each certificate that was issued in that run of Certbot.) -CheckDirHooks() { - expected="pre\n" - for ((i=0; i<$1; i++)); do - expected=$expected"deploy\n" - done - expected=$expected"post" - - if ! diff "$HOOK_DIRS_TEST" <(echo -e "$expected"); then - echo "Unexpected directory hook output!" >&2 - echo "Expected:" >&2 - echo -e "$expected" >&2 - echo "Got:" >&2 - cat "$HOOK_DIRS_TEST" >&2 - exit 1 - fi - - rm -f "$HOOK_DIRS_TEST" - export HOOK_DIRS_TEST="$(mktemp)" -} - -common_no_force_renew() { - certbot_test_no_force_renew \ - --authenticator standalone \ - --installer null \ - "$@" -} - -common() { - common_no_force_renew \ - --renew-by-default \ - "$@" -} - -export HOOK_TEST="/tmp/hook$$" -CheckHooks() { - if [ $(head -n1 "$HOOK_TEST") = "wtf.pre" ]; then - expected="wtf.pre\ndeploy\n" - if [ $(sed '3q;d' "$HOOK_TEST") = "deploy" ]; then - expected=$expected"deploy\nwtf2.pre\n" - else - expected=$expected"wtf2.pre\ndeploy\n" - fi - expected=$expected"deploy\ndeploy\nwtf.post\nwtf2.post" - else - expected="wtf2.pre\ndeploy\n" - if [ $(sed '3q;d' "$HOOK_TEST") = "deploy" ]; then - expected=$expected"deploy\nwtf.pre\n" - else - expected=$expected"wtf.pre\ndeploy\n" - fi - expected=$expected"deploy\ndeploy\nwtf2.post\nwtf.post" - fi - - if ! cmp --quiet <(echo -e "$expected") "$HOOK_TEST" ; then - echo Hooks did not run as expected\; got >&2 - cat "$HOOK_TEST" >&2 - echo -e "Expected\n$expected" >&2 - rm "$HOOK_TEST" - exit 1 - fi - rm "$HOOK_TEST" -} - -# Checks if deploy is in the hook output and deletes the file -DeployInHookOutput() { - CONTENTS=$(cat "$HOOK_TEST") - rm "$HOOK_TEST" - grep deploy <(echo "$CONTENTS") -} - -# Asserts that there is a saved renew_hook for a lineage. -# -# Arguments: -# Name of lineage to check -CheckSavedRenewHook() { - if ! grep renew_hook "$config_dir/renewal/$1.conf"; then - echo "Hook wasn't saved as renew_hook" >&2 - exit 1 - fi -} - -# Asserts the deploy hook was properly run and saved and deletes the hook file -# -# Arguments: -# Lineage name of the issued cert -CheckDeployHook() { - if ! DeployInHookOutput; then - echo "The deploy hook wasn't run" >&2 - exit 1 - fi - CheckSavedRenewHook $1 -} - -# Asserts the renew hook wasn't run but was saved and deletes the hook file -# -# Arguments: -# Lineage name of the issued cert -# Asserts the deploy hook wasn't run and deletes the hook file -CheckRenewHook() { - if DeployInHookOutput; then - echo "The renew hook was incorrectly run" >&2 - exit 1 - fi - CheckSavedRenewHook $1 -} - -# Return success only if input contains exactly $1 lines of text, of -# which $2 different values occur in the first field. -TotalAndDistinctLines() { - total=$1 - distinct=$2 - awk '{a[$1] = 1}; END {n = 0; for (i in a) { n++ }; exit(NR !='$total' || n !='$distinct')}' -} - -# Cleanup coverage data -coverage erase - -# test for regressions of #4719 -get_num_tmp_files() { - ls -1 /tmp | wc -l -} -num_tmp_files=$(get_num_tmp_files) -common --csr / > /dev/null && echo expected error && exit 1 || true -common --help > /dev/null -common --help all > /dev/null -common --version > /dev/null -if [ $(get_num_tmp_files) -ne $num_tmp_files ]; then - echo "New files or directories created in /tmp!" - exit 1 -fi -CreateDirHooks - -common register -for dir in $renewal_hooks_dirs; do - if [ ! -d "$dir" ]; then - echo "Hook directory not created by Certbot!" >&2 - exit 1 - fi -done - -common unregister - -common register --email ex1@domain.org,ex2@domain.org - -# TODO: When `certbot register --update-registration` is fully deprecated, delete the two following deprecated uses - -common register --update-registration --email ex1@domain.org - -common register --update-registration --email ex1@domain.org,ex2@domain.org - -common update_account --email example@domain.org - -common update_account --email ex1@domain.org,ex2@domain.org - -common plugins --init --prepare | grep webroot - -# We start a server listening on the port for the -# unrequested challenge to prevent regressions in #3601. -python ./tests/run_http_server.py $http_01_port & -python_server_pid=$! - -certname="le1.wtf" -common --domains le1.wtf --preferred-challenges tls-sni-01 auth \ - --cert-name $certname \ - --pre-hook 'echo wtf.pre >> "$HOOK_TEST"' \ - --post-hook 'echo wtf.post >> "$HOOK_TEST"'\ - --deploy-hook 'echo deploy >> "$HOOK_TEST"' -kill $python_server_pid -CheckDeployHook $certname - -python ./tests/run_http_server.py $tls_sni_01_port & -python_server_pid=$! -certname="le2.wtf" -common --domains le2.wtf --preferred-challenges http-01 run \ - --cert-name $certname \ - --pre-hook 'echo wtf.pre >> "$HOOK_TEST"' \ - --post-hook 'echo wtf.post >> "$HOOK_TEST"'\ - --deploy-hook 'echo deploy >> "$HOOK_TEST"' -kill $python_server_pid -CheckDeployHook $certname - -certname="le.wtf" -common certonly -a manual -d le.wtf --rsa-key-size 4096 --cert-name $certname \ - --manual-auth-hook ./tests/manual-http-auth.sh \ - --manual-cleanup-hook ./tests/manual-http-cleanup.sh \ - --pre-hook 'echo wtf2.pre >> "$HOOK_TEST"' \ - --post-hook 'echo wtf2.post >> "$HOOK_TEST"' \ - --renew-hook 'echo deploy >> "$HOOK_TEST"' -CheckRenewHook $certname - -certname="dns.le.wtf" -common -a manual -d dns.le.wtf --preferred-challenges dns,tls-sni run \ - --cert-name $certname \ - --manual-auth-hook ./tests/manual-dns-auth.sh \ - --manual-cleanup-hook ./tests/manual-dns-cleanup.sh \ - --pre-hook 'echo wtf2.pre >> "$HOOK_TEST"' \ - --post-hook 'echo wtf2.post >> "$HOOK_TEST"' \ - --renew-hook 'echo deploy >> "$HOOK_TEST"' -CheckRenewHook $certname - -common certonly --cert-name newname -d newname.le.wtf - -export CSR_PATH="${root}/csr.der" KEY_PATH="${root}/key.pem" \ - OPENSSL_CNF=examples/openssl.cnf -./examples/generate-csr.sh le3.wtf -common auth --csr "$CSR_PATH" \ - --cert-path "${root}/csr/cert.pem" \ - --chain-path "${root}/csr/chain.pem" -openssl x509 -in "${root}/csr/cert.pem" -text -openssl x509 -in "${root}/csr/chain.pem" -text - -common --domains le3.wtf install \ - --cert-path "${root}/csr/cert.pem" \ - --key-path "${root}/key.pem" - -CheckCertCount() { - CERTCOUNT=`ls "${root}/conf/archive/$1/cert"* | wc -l` - if [ "$CERTCOUNT" -ne "$2" ] ; then - echo Wrong cert count, not "$2" `ls "${root}/conf/archive/$1/"*` - exit 1 - fi -} - -CheckPermissions() { -# Args: <filepath_1> <filepath_2> <mask> -# Checks mode of two files match under <mask> - masked_mode() { echo $((0`stat -c %a $1` & 0$2)); } - if [ `masked_mode $1 $3` -ne `masked_mode $2 $3` ] ; then - echo "With $3 mask, expected mode `masked_mode $1 $3`, got `masked_mode $2 $3` on file $2" - exit 1 - fi -} - -CheckGID() { -# Args: <filepath_1> <filepath_2> -# Checks group owner of two files match - group_owner() { echo `stat -c %G $1`; } - if [ `group_owner $1` != `group_owner $2` ] ; then - echo "Expected group owner `group_owner $1`, got `group_owner $2` on file $2" - exit 1 - fi -} - -CheckOthersPermission() { -# Args: <filepath_1> <expected mode> -# Tests file's other/world permission against expected mode - other_permission=$((0`stat -c %a $1` & 07)) - if [ $other_permission -ne $2 ] ; then - echo "Expected file $1 to have others mode $2, got $other_permission instead" - exit 1 - fi -} - -CheckCertCount "le.wtf" 1 - -# This won't renew (because it's not time yet) -common_no_force_renew renew -CheckCertCount "le.wtf" 1 -if [ -s "$HOOK_DIRS_TEST" ]; then - echo "Directory hooks were executed for non-renewal!" >&2; - exit 1 -fi - -rm -rf "$renewal_hooks_root" -# renew using HTTP manual auth hooks -common renew --cert-name le.wtf --authenticator manual -CheckCertCount "le.wtf" 2 - -CheckOthersPermission "${root}/conf/archive/le.wtf/privkey1.pem" 0 -CheckOthersPermission "${root}/conf/archive/le.wtf/privkey2.pem" 0 -CheckPermissions "${root}/conf/archive/le.wtf/privkey1.pem" "${root}/conf/archive/le.wtf/privkey2.pem" 074 -CheckGID "${root}/conf/archive/le.wtf/privkey1.pem" "${root}/conf/archive/le.wtf/privkey2.pem" -chmod 0444 "${root}/conf/archive/le.wtf/privkey2.pem" - -# test renewal with no executables in hook directories -for hook_dir in $renewal_hooks_dirs; do - touch "$hook_dir/file" - mkdir "$hook_dir/dir" -done -# renew using DNS manual auth hooks -common renew --cert-name dns.le.wtf --authenticator manual -CheckCertCount "dns.le.wtf" 2 - -# test with disabled directory hooks -rm -rf "$renewal_hooks_root" -CreateDirHooks -# This will renew because the expiry is less than 10 years from now -sed -i "4arenew_before_expiry = 4 years" "$root/conf/renewal/le.wtf.conf" -common_no_force_renew renew --rsa-key-size 2048 --no-directory-hooks -CheckCertCount "le.wtf" 3 -CheckGID "${root}/conf/archive/le.wtf/privkey2.pem" "${root}/conf/archive/le.wtf/privkey3.pem" -CheckPermissions "${root}/conf/archive/le.wtf/privkey2.pem" "${root}/conf/archive/le.wtf/privkey3.pem" 074 -CheckOthersPermission "${root}/conf/archive/le.wtf/privkey3.pem" 04 - -if [ -s "$HOOK_DIRS_TEST" ]; then - echo "Directory hooks were executed with --no-directory-hooks!" >&2 - exit 1 -fi - -# The 4096 bit setting should persist to the first renewal, but be overridden in the second - -size1=`wc -c ${root}/conf/archive/le.wtf/privkey1.pem | cut -d" " -f1` -size2=`wc -c ${root}/conf/archive/le.wtf/privkey2.pem | cut -d" " -f1` -size3=`wc -c ${root}/conf/archive/le.wtf/privkey3.pem | cut -d" " -f1` -# 4096 bit PEM keys are about ~3270 bytes, 2048 ones are about 1700 bytes -if [ "$size1" -lt 3000 ] || [ "$size2" -lt 3000 ] || [ "$size3" -gt 1800 ] ; then - echo key sizes violate assumptions: - ls -l "${root}/conf/archive/le.wtf/privkey"* - exit 1 -fi - -# --renew-by-default is used, so renewal should occur -[ -f "$HOOK_TEST" ] && rm -f "$HOOK_TEST" -common renew -CheckCertCount "le.wtf" 4 -CheckHooks -CheckDirHooks 5 - -# test with overlapping directory hooks on the command line -common renew --cert-name le2.wtf \ - --pre-hook "$renewal_dir_pre_hook" \ - --deploy-hook "$renewal_dir_deploy_hook" \ - --post-hook "$renewal_dir_post_hook" -CheckDirHooks 1 - -# test with overlapping directory hooks in the renewal conf files -common renew --cert-name le2.wtf -CheckDirHooks 1 - -# manual-dns-auth.sh will skip completing the challenge for domains that begin -# with fail. -common -a manual -d dns1.le.wtf,fail.dns1.le.wtf \ - --allow-subset-of-names \ - --preferred-challenges dns,tls-sni \ - --manual-auth-hook ./tests/manual-dns-auth.sh \ - --manual-cleanup-hook ./tests/manual-dns-cleanup.sh - -if common certificates | grep "fail\.dns1\.le\.wtf"; then - echo "certificate should not have been issued for domain!" >&2 - exit 1 -fi - -# reuse-key -common --domains reusekey.le.wtf --reuse-key -common renew --cert-name reusekey.le.wtf -CheckCertCount "reusekey.le.wtf" 2 -ls -l "${root}/conf/archive/reusekey.le.wtf/privkey"* -# The final awk command here exits successfully if its input consists of -# exactly two lines with identical first fields, and unsuccessfully otherwise. -sha256sum "${root}/conf/archive/reusekey.le.wtf/privkey"* | TotalAndDistinctLines 2 1 - -# don't reuse key (just by forcing reissuance without --reuse-key) -common --cert-name reusekey.le.wtf --domains reusekey.le.wtf --force-renewal -CheckCertCount "reusekey.le.wtf" 3 -ls -l "${root}/conf/archive/reusekey.le.wtf/privkey"* -# Exactly three lines, of which exactly two identical first fields. -sha256sum "${root}/conf/archive/reusekey.le.wtf/privkey"* | TotalAndDistinctLines 3 2 - -# Nonetheless, all three certificates are different even though two of them -# share the same subject key. -sha256sum "${root}/conf/archive/reusekey.le.wtf/cert"* | TotalAndDistinctLines 3 3 - -# ECDSA -openssl ecparam -genkey -name secp384r1 -out "${root}/privkey-p384.pem" -SAN="DNS:ecdsa.le.wtf" openssl req -new -sha256 \ - -config "${OPENSSL_CNF:-openssl.cnf}" \ - -key "${root}/privkey-p384.pem" \ - -subj "/" \ - -reqexts san \ - -outform der \ - -out "${root}/csr-p384.der" -common auth --csr "${root}/csr-p384.der" \ - --cert-path "${root}/csr/cert-p384.pem" \ - --chain-path "${root}/csr/chain-p384.pem" -openssl x509 -in "${root}/csr/cert-p384.pem" -text | grep 'ASN1 OID: secp384r1' - -# OCSP Must Staple -common auth --must-staple --domains "must-staple.le.wtf" -openssl x509 -in "${root}/conf/live/must-staple.le.wtf/cert.pem" -text | grep -E 'status_request|1\.3\.6\.1\.5\.5\.7\.1\.24' - -# revoke by account key -common revoke --cert-path "$root/conf/live/le.wtf/cert.pem" --delete-after-revoke -# revoke renewed -common revoke --cert-path "$root/conf/live/le1.wtf/cert.pem" --no-delete-after-revoke -if [ ! -d "$root/conf/live/le1.wtf" ]; then - echo "cert deleted when --no-delete-after-revoke was used!" - exit 1 -fi -common delete --cert-name le1.wtf -# revoke by cert key -common revoke --cert-path "$root/conf/live/le2.wtf/cert.pem" \ - --key-path "$root/conf/live/le2.wtf/privkey.pem" - -# Get new certs to test revoke with a reason, by account and by cert key -common --domains le1.wtf -common revoke --cert-path "$root/conf/live/le1.wtf/cert.pem" \ - --reason cessationOfOperation -common --domains le2.wtf -common revoke --cert-path "$root/conf/live/le2.wtf/cert.pem" \ - --key-path "$root/conf/live/le2.wtf/privkey.pem" \ - --reason keyCompromise - -common unregister - -out=$(common certificates) -subdomains="le dns.le newname.le must-staple.le" -for subdomain in $subdomains; do - domain="$subdomain.wtf" - if ! echo $out | grep "$domain"; then - echo "$domain not in certificates output!" - exit 1; - fi -done - -# Testing that revocation also deletes by default -subdomains="le1 le2" -for subdomain in $subdomains; do - domain="$subdomain.wtf" - if echo $out | grep "$domain"; then - echo "Revoked $domain in certificates output! Should not be!" - exit 1; - fi -done - -# Test that revocation raises correct error when both --cert-name and --cert-path specified -common --domains le1.wtf -out=$(common revoke --cert-path "$root/conf/live/le1.wtf/fullchain.pem" --cert-name "le1.wtf" 2>&1) || true -if ! echo $out | grep "Exactly one of --cert-path or --cert-name must be specified"; then - echo "Non-interactive revoking with both --cert-name and --cert-path " - echo "did not raise the correct error!" - exit 1 -fi - -# Test that revocation doesn't delete if multiple lineages share an archive dir -common --domains le1.wtf -common --domains le2.wtf -sed -i "s|^archive_dir = .*$|archive_dir = $root/conf/archive/le1.wtf|" "$root/conf/renewal/le2.wtf.conf" -#common update_symlinks # not needed, but a bit more context for what this test is about -out=$(common revoke --cert-path "$root/conf/live/le1.wtf/cert.pem") -if ! echo $out | grep "Not deleting revoked certs due to overlapping archive dirs"; then - echo "Deleted a cert that had an overlapping archive dir with another lineage!" - exit 1 -fi - -cert_name="must-staple.le.wtf" -common delete --cert-name $cert_name -archive="$root/conf/archive/$cert_name" -conf="$root/conf/renewal/$cert_name.conf" -live="$root/conf/live/$cert_name" -for path in $archive $conf $live; do - if [ -e $path ]; then - echo "Lineage not properly deleted!" - exit 1 - fi -done - -# Test ACMEv2-only features -if [ "${BOULDER_INTEGRATION:-v1}" = "v2" ]; then - common -a manual -d '*.le4.wtf,le4.wtf' --preferred-challenges dns \ - --manual-auth-hook ./tests/manual-dns-auth.sh \ - --manual-cleanup-hook ./tests/manual-dns-cleanup.sh -fi - -coverage report --fail-under 64 --include 'certbot/*' --show-missing diff --git a/tests/certbot-pebble-integration.sh b/tests/certbot-pebble-integration.sh deleted file mode 100755 index 8711f72c1..000000000 --- a/tests/certbot-pebble-integration.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash -# Simple integration test. Make sure to activate virtualenv beforehand -# (source venv/bin/activate) and that you are running Pebble test -# instance (see ./pebble-fetch.sh). - -cleanup_and_exit() { - EXIT_STATUS=$? - unset SERVER - exit $EXIT_STATUS -} - -trap cleanup_and_exit EXIT - -export SERVER=https://localhost:14000/dir - -./tests/certbot-boulder-integration.sh diff --git a/tests/display.py b/tests/display.py deleted file mode 100644 index 1f548e33d..000000000 --- a/tests/display.py +++ /dev/null @@ -1,22 +0,0 @@ -"""Manual test of display functions.""" -import sys - -from certbot.display import util -from certbot.tests.display import util_test - - -def test_visual(displayer, choices): - """Visually test all of the display functions.""" - displayer.notification("Random notification!") - displayer.menu("Question?", choices, - ok_label="O", cancel_label="Can", help_label="??") - displayer.menu("Question?", [choice[1] for choice in choices], - ok_label="O", cancel_label="Can", help_label="??") - displayer.input("Input Message") - displayer.yesno("YesNo Message", yes_label="Yessir", no_label="Nosir") - displayer.checklist("Checklist Message", [choice[0] for choice in choices]) - - -if __name__ == "__main__": - displayer = util.FileDisplay(sys.stdout, False) - test_visual(displayer, util_test.CHOICES) diff --git a/tests/integration/_common.sh b/tests/integration/_common.sh deleted file mode 100755 index 83aa91a9e..000000000 --- a/tests/integration/_common.sh +++ /dev/null @@ -1,74 +0,0 @@ -# The -t is required on macOS. It provides a template file path for -# the kernel to use. -root=${root:-$(mktemp -d -t leitXXXX)} -echo "Root integration tests directory: $root" -config_dir="$root/conf" -tls_sni_01_port=5001 -http_01_port=5002 -sources="acme/,$(ls -dm certbot*/ | tr -d ' \n')" -export root config_dir tls_sni_01_port http_01_port sources -certbot_path="$(command -v certbot)" -# Flags that are added here will be added to Certbot calls within -# certbot_test_no_force_renew. -other_flags="--config-dir $config_dir --work-dir $root/work" -other_flags="$other_flags --logs-dir $root/logs" - -certbot_test () { - certbot_test_no_force_renew \ - --renew-by-default \ - "$@" -} - -# Succeeds if Certbot version is at least the given version number and fails -# otherwise. This is useful for making sure Certbot has certain features -# available. The patch version is currently ignored. -# -# Arguments: -# First argument is the minimum major version -# Second argument is the minimum minor version -version_at_least () { - # Certbot major and minor version (e.g. 0.30) - major_minor=$("$certbot_path" --version 2>&1 | cut -d' ' -f2 | cut -d. -f1,2) - major=$(echo "$major_minor" | cut -d. -f1) - minor=$(echo "$major_minor" | cut -d. -f2) - # Test that either the major version is greater or major version is equal - # and minor version is greater than or equal to. - [ \( "$major" -gt "$1" \) -o \( "$major" -eq "$1" -a "$minor" -ge "$2" \) ] -} - -# Use local ACMEv2 endpoint if requested and SERVER isn't already set. -if [ "${BOULDER_INTEGRATION:-v1}" = "v2" -a -z "${SERVER:+x}" ]; then - SERVER="http://localhost:4001/directory" -fi - -# --no-random-sleep-on-renew was added in -# https://github.com/certbot/certbot/pull/6599 and first released in Certbot -# 0.30.0. -if version_at_least 0 30; then - other_flags="$other_flags --no-random-sleep-on-renew" -fi - -certbot_test_no_force_renew () { - omit_patterns="*/*.egg-info/*,*/dns_common*,*/setup.py,*/test_*,*/tests/*" - omit_patterns="$omit_patterns,*_test.py,*_test_*,certbot-apache/*" - omit_patterns="$omit_patterns,certbot-compatibility-test/*,certbot-dns*/" - omit_patterns="$omit_patterns,certbot-nginx/certbot_nginx/parser_obj.py" - coverage run \ - --append \ - --source $sources \ - --omit $omit_patterns \ - "$certbot_path" \ - --server "${SERVER:-http://localhost:4000/directory}" \ - --no-verify-ssl \ - --tls-sni-01-port $tls_sni_01_port \ - --http-01-port $http_01_port \ - --manual-public-ip-logging-ok \ - $other_flags \ - --non-interactive \ - --no-redirect \ - --agree-tos \ - --register-unsafely-without-email \ - --debug \ - -vv \ - "$@" -} diff --git a/tests/letstest/README.md b/tests/letstest/README.md index 0155065b0..f8a15208e 100644 --- a/tests/letstest/README.md +++ b/tests/letstest/README.md @@ -14,15 +14,17 @@ Simple AWS testfarm scripts for certbot client testing - AWS EC2 has a default limit of 20 t2/t1 instances, if more are needed, they need to be requested via online webform. -## Usage - - To install the necessary dependencies on Ubuntu 16.04, run: +## Installation and configuration +These tests require Python 2.7, awscli, boto3, PyYAML, and fabric<2.0. If you +have Python 2.7 and virtualenv installed, you can use requirements.txt to +create a virtual environment with a known set of dependencies by running: ``` -sudo apt install awscli python-yaml python-boto3 fabric +virtualenv --python $(command -v python2.7 || command -v python2 || command -v python) venv +. ./venv/bin/activate +pip install --requirement requirements.txt ``` - - Requires AWS IAM secrets to be set up with aws cli - - Requires an AWS associated keyfile <keyname>.pem - +You can then configure AWS credentials and create a key by running: ``` >aws configure --profile <profile name> [interactive: enter secrets for IAM role] @@ -30,9 +32,10 @@ sudo apt install awscli python-yaml python-boto3 fabric ``` Note: whatever you pick for `<key name>` will be shown to other users with AWS access. -When prompted for a default region name, enter: `us-east-1` +When prompted for a default region name, enter: `us-east-1`. -then: +## Usage +To run tests, activate the virtual environment you created above and run: ``` >python multitester.py targets.yaml /path/to/your/key.pem <profile name> scripts/<test to run> ``` diff --git a/tests/letstest/apache2_targets.yaml b/tests/letstest/apache2_targets.yaml index e707b8636..1450a8578 100644 --- a/tests/letstest/apache2_targets.yaml +++ b/tests/letstest/apache2_targets.yaml @@ -1,57 +1,55 @@ targets: #----------------------------------------------------------------------------- - # Apache 2.4 - - ami: ami-26d5af4c - name: ubuntu15.10 + #Ubuntu + - ami: ami-08ab45c4343f5f5c6 + name: ubuntu19.04 type: ubuntu virt: hvm user: ubuntu - - ami: ami-d92e6bb3 - name: ubuntu15.04LTS + - ami: ami-095192256fe1477ad + name: ubuntu18.04LTS type: ubuntu virt: hvm user: ubuntu - - ami: ami-7b89cc11 - name: ubuntu14.04LTS + - ami: ami-09677e0a6b14905b0 + name: ubuntu16.04LTS type: ubuntu virt: hvm user: ubuntu - - ami: ami-9295d0f8 - name: ubuntu14.04LTS_32bit + #----------------------------------------------------------------------------- + # Debian + - ami: ami-01db78123b2b99496 + name: debian10 type: ubuntu - virt: pv - user: ubuntu - - ami: ami-116d857a + virt: hvm + user: admin + - ami: ami-003f19e0e687de1cd + name: debian9 + type: ubuntu + virt: hvm + user: admin + - ami: ami-0ed54dd1b25657636 + name: debian9_arm64 + type: ubuntu + virt: hvm + user: admin + machine_type: a1.medium + - ami: ami-077bf3962f29d3fa4 name: debian8.1 - type: debian + type: ubuntu virt: hvm user: admin - userdata: | - #cloud-init - runcmd: - - [ apt-get, install, -y, curl ] #----------------------------------------------------------------------------- - # Apache 2.2 - # - ami: ami-0611546c - # name: ubuntu12.04LTS - # type: ubuntu - # virt: hvm - # user: ubuntu - # - ami: ami-e0efab88 - # name: debian7.8.aws.1 - # type: debian - # virt: hvm - # user: admin - # userdata: | - # #cloud-init - # runcmd: - # - [ apt-get, install, -y, curl ] - # - ami: ami-e6eeaa8e - # name: debian7.8.aws.1_32bit - # type: debian - # virt: pv - # user: admin - # userdata: | - # #cloud-init - # runcmd: - # - [ apt-get, install, -y, curl ]
\ No newline at end of file + # Fedora + - ami: ami-00bbc6858140f19ed + name: fedora30 + type: centos + virt: hvm + user: fedora + #----------------------------------------------------------------------------- + # CentOS + - ami: ami-9887c6e7 + name: centos7 + type: centos + virt: hvm + user: centos diff --git a/tests/letstest/multitester.py b/tests/letstest/multitester.py index 8babc67b3..9ea9fe76b 100644 --- a/tests/letstest/multitester.py +++ b/tests/letstest/multitester.py @@ -23,7 +23,7 @@ Usage: >aws ec2 create-key-pair --profile HappyHacker --key-name MyKeyPair \ --query 'KeyMaterial' --output text > MyKeyPair.pem then: ->python multitester.py targets.yaml MyKeyPair.pem HappyHacker scripts/test_letsencrypt_auto_venv_only.sh +>python multitester.py targets.yaml MyKeyPair.pem HappyHacker scripts/test_leauto_upgrades.sh see: https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html https://docs.aws.amazon.com/cli/latest/userguide/cli-ec2-keypairs.html @@ -32,17 +32,31 @@ see: from __future__ import print_function from __future__ import with_statement -import sys, os, time, argparse, socket, traceback +import argparse import multiprocessing as mp from multiprocessing import Manager +import os +import socket +import sys +import time +import traceback import urllib2 -import yaml + import boto3 from botocore.exceptions import ClientError +import yaml + import fabric -from fabric.api import run, execute, local, env, sudo, cd, lcd -from fabric.operations import get, put +from fabric.api import cd +from fabric.api import env +from fabric.api import execute +from fabric.api import lcd +from fabric.api import local +from fabric.api import run +from fabric.api import sudo from fabric.context_managers import shell_env +from fabric.operations import get +from fabric.operations import put # Command line parser #------------------------------------------------------------------------------- @@ -84,9 +98,6 @@ parser.add_argument('--killboulder', parser.add_argument('--boulderonly', action='store_true', help="only make a boulder server") -parser.add_argument('--fast', - action='store_true', - help="use larger instance types to run faster (saves about a minute, probably not worth it)") cl_args = parser.parse_args() # Credential Variables @@ -94,18 +105,21 @@ cl_args = parser.parse_args() # assumes naming: <key_filename> = <keyname>.pem KEYFILE = cl_args.key_file KEYNAME = os.path.split(cl_args.key_file)[1].split('.pem')[0] -PROFILE = cl_args.aws_profile +PROFILE = None if cl_args.aws_profile == 'SET_BY_ENV' else cl_args.aws_profile # Globals #------------------------------------------------------------------------------- -BOULDER_AMI = 'ami-5f490b35' # premade shared boulder AMI 14.04LTS us-east-1 -LOGDIR = "" #points to logging / working directory -# boto3/AWS api globals -AWS_SESSION = None -EC2 = None +BOULDER_AMI = 'ami-072a9534772bec854' # premade shared boulder AMI 18.04LTS us-east-1 +LOGDIR = "letest-%d"%int(time.time()) #points to logging / working directory SECURITY_GROUP_NAME = 'certbot-security-group' +SENTINEL = None #queue kill signal SUBNET_NAME = 'certbot-subnet' +class Status(object): + """Possible statuses of client tests.""" + PASS = 'pass' + FAIL = 'fail' + # Boto3/AWS automation functions #------------------------------------------------------------------------------- def should_use_subnet(subnet): @@ -139,16 +153,19 @@ def make_security_group(vpc): mysg.authorize_ingress(IpProtocol="udp", CidrIp="0.0.0.0/0", FromPort=60000, ToPort=61000) return mysg -def make_instance(instance_name, +def make_instance(ec2_client, + instance_name, ami_id, keyname, security_group_id, subnet_id, machine_type='t2.micro', userdata=""): #userdata contains bash or cloud-init script - - new_instance = EC2.create_instances( - BlockDeviceMappings=_get_block_device_mappings(ami_id), + block_device_mappings = _get_block_device_mappings(ec2_client, ami_id) + tags = [{'Key': 'Name', 'Value': instance_name}] + tag_spec = [{'ResourceType': 'instance', 'Tags': tags}] + return ec2_client.create_instances( + BlockDeviceMappings=block_device_mappings, ImageId=ami_id, SecurityGroupIds=[security_group_id], SubnetId=subnet_id, @@ -156,24 +173,10 @@ def make_instance(instance_name, MinCount=1, MaxCount=1, UserData=userdata, - InstanceType=machine_type)[0] - - # brief pause to prevent rare error on EC2 delay, should block until ready instead - time.sleep(1.0) - - # give instance a name - try: - new_instance.create_tags(Tags=[{'Key': 'Name', 'Value': instance_name}]) - except ClientError as e: - if "InvalidInstanceID.NotFound" in str(e): - # This seems to be ephemeral... retry - time.sleep(1) - new_instance.create_tags(Tags=[{'Key': 'Name', 'Value': instance_name}]) - else: - raise - return new_instance + InstanceType=machine_type, + TagSpecifications=tag_spec)[0] -def _get_block_device_mappings(ami_id): +def _get_block_device_mappings(ec2_client, ami_id): """Returns the list of block device mappings to ensure cleanup. This list sets connected EBS volumes to be deleted when the EC2 @@ -186,7 +189,7 @@ def _get_block_device_mappings(ami_id): # * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-blockdev-template.html return [{'DeviceName': mapping['DeviceName'], 'Ebs': {'DeleteOnTermination': True}} - for mapping in EC2.Image(ami_id).block_device_mappings + for mapping in ec2_client.Image(ami_id).block_device_mappings if not mapping.get('Ebs', {}).get('DeleteOnTermination', True)] @@ -225,20 +228,18 @@ def block_until_ssh_open(ipstring, wait_time=10, timeout=120): def block_until_instance_ready(booting_instance, wait_time=5, extra_wait_time=20): "Blocks booting_instance until AWS EC2 instance is ready to accept SSH connections" - # the reinstantiation from id is necessary to force boto3 - # to correctly update the 'state' variable during init - _id = booting_instance.id - _instance = EC2.Instance(id=_id) - _state = _instance.state['Name'] - _ip = _instance.public_ip_address - while _state != 'running' or _ip is None: + state = booting_instance.state['Name'] + ip = booting_instance.public_ip_address + while state != 'running' or ip is None: time.sleep(wait_time) - _instance = EC2.Instance(id=_id) - _state = _instance.state['Name'] - _ip = _instance.public_ip_address - block_until_ssh_open(_ip) + # The instance needs to be reloaded to update its local attributes. See + # https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ec2.html#EC2.Instance.reload. + booting_instance.reload() + state = booting_instance.state['Name'] + ip = booting_instance.public_ip_address + block_until_ssh_open(ip) time.sleep(extra_wait_time) - return _instance + return booting_instance # Fabric Routines @@ -290,8 +291,7 @@ def deploy_script(scriptpath, *args): def run_boulder(): with cd('$GOPATH/src/github.com/letsencrypt/boulder'): - run('go run cmd/rabbitmq-setup/main.go -server amqp://localhost') - run('nohup ./start.py >& /dev/null < /dev/null &') + run('sudo docker-compose up -d') def config_and_launch_boulder(instance): execute(deploy_script, 'scripts/boulder_config.sh') @@ -315,53 +315,58 @@ def grab_certbot_log(): sudo('if [ -f ./certbot.log ]; then \ cat ./certbot.log; else echo "[nolocallog]"; fi') -def create_client_instances(targetlist, security_group_id, subnet_id): - "Create a fleet of client instances" - instances = [] - print("Creating instances: ", end="") - for target in targetlist: - if target['virt'] == 'hvm': - machine_type = 't2.medium' if cl_args.fast else 't2.micro' - else: - # 32 bit systems - machine_type = 'c1.medium' if cl_args.fast else 't1.micro' - if 'userdata' in target.keys(): - userdata = target['userdata'] - else: - userdata = '' - name = 'le-%s'%target['name'] - print(name, end=" ") - instances.append(make_instance(name, - target['ami'], - KEYNAME, - machine_type=machine_type, - security_group_id=security_group_id, - subnet_id=subnet_id, - userdata=userdata)) - print() - return instances - -def test_client_process(inqueue, outqueue): +def create_client_instance(ec2_client, target, security_group_id, subnet_id): + """Create a single client instance for running tests.""" + if 'machine_type' in target: + machine_type = target['machine_type'] + elif target['virt'] == 'hvm': + machine_type = 't2.medium' + else: + # 32 bit systems + machine_type = 'c1.medium' + if 'userdata' in target.keys(): + userdata = target['userdata'] + else: + userdata = '' + name = 'le-%s'%target['name'] + print(name, end=" ") + return make_instance(ec2_client, + name, + target['ami'], + KEYNAME, + machine_type=machine_type, + security_group_id=security_group_id, + subnet_id=subnet_id, + userdata=userdata) + + +def test_client_process(inqueue, outqueue, boulder_url): cur_proc = mp.current_process() for inreq in iter(inqueue.get, SENTINEL): - ii, target = inreq + ii, instance_id, target = inreq + + # Each client process is given its own session due to the suggestion at + # https://boto3.amazonaws.com/v1/documentation/api/latest/guide/resources.html?highlight=multithreading#multithreading-multiprocessing. + aws_session = boto3.session.Session(profile_name=PROFILE) + ec2_client = aws_session.resource('ec2') + instance = ec2_client.Instance(id=instance_id) #save all stdout to log file sys.stdout = open(LOGDIR+'/'+'%d_%s.log'%(ii,target['name']), 'w') print("[%s : client %d %s %s]" % (cur_proc.name, ii, target['ami'], target['name'])) - instances[ii] = block_until_instance_ready(instances[ii]) - print("server %s at %s"%(instances[ii], instances[ii].public_ip_address)) - env.host_string = "%s@%s"%(target['user'], instances[ii].public_ip_address) + instance = block_until_instance_ready(instance) + print("server %s at %s"%(instance, instance.public_ip_address)) + env.host_string = "%s@%s"%(target['user'], instance.public_ip_address) print(env.host_string) try: - install_and_launch_certbot(instances[ii], boulder_url, target) - outqueue.put((ii, target, 'pass')) + install_and_launch_certbot(instance, boulder_url, target) + outqueue.put((ii, target, Status.PASS)) print("%s - %s SUCCESS"%(target['ami'], target['name'])) except: - outqueue.put((ii, target, 'fail')) + outqueue.put((ii, target, Status.FAIL)) print("%s - %s FAIL"%(target['ami'], target['name'])) traceback.print_exc(file=sys.stdout) pass @@ -378,7 +383,10 @@ def test_client_process(inqueue, outqueue): def cleanup(cl_args, instances, targetlist): print('Logs in ', LOGDIR) - if not cl_args.saveinstances: + # If lengths of instances and targetlist aren't equal, instances failed to + # start before running tests so leaving instances running for debugging + # isn't very useful. Let's cleanup after ourselves instead. + if len(instances) != len(targetlist) or not cl_args.saveinstances: print('Terminating EC2 Instances') if cl_args.killboulder: boulder_server.terminate() @@ -392,182 +400,205 @@ def cleanup(cl_args, instances, targetlist): "%s@%s"%(target['user'], instances[ii].public_ip_address)) +def main(): + # Fabric library controlled through global env parameters + env.key_filename = KEYFILE + env.shell = '/bin/bash -l -i -c' + env.connection_attempts = 5 + env.timeout = 10 + # replace default SystemExit thrown by fabric during trouble + class FabricException(Exception): + pass + env['abort_exception'] = FabricException -#------------------------------------------------------------------------------- -# SCRIPT BEGINS -#------------------------------------------------------------------------------- - -# Fabric library controlled through global env parameters -env.key_filename = KEYFILE -env.shell = '/bin/bash -l -i -c' -env.connection_attempts = 5 -env.timeout = 10 -# replace default SystemExit thrown by fabric during trouble -class FabricException(Exception): - pass -env['abort_exception'] = FabricException - -# Set up local copy of git repo -#------------------------------------------------------------------------------- -LOGDIR = "letest-%d"%int(time.time()) -print("Making local dir for test repo and logs: %s"%LOGDIR) -local('mkdir %s'%LOGDIR) - -# figure out what git object to test and locally create it in LOGDIR -print("Making local git repo") -try: - if cl_args.pull_request != '~': - print('Testing PR %s '%cl_args.pull_request, - "MERGING into master" if cl_args.merge_master else "") - execute(local_git_PR, cl_args.repo, cl_args.pull_request, cl_args.merge_master) - elif cl_args.branch != '~': - print('Testing branch %s of %s'%(cl_args.branch, cl_args.repo)) - execute(local_git_branch, cl_args.repo, cl_args.branch) - else: - print('Testing master of %s'%cl_args.repo) - execute(local_git_clone, cl_args.repo) -except FabricException: - print("FAIL: trouble with git repo") - traceback.print_exc() - exit() - - -# Set up EC2 instances -#------------------------------------------------------------------------------- -configdata = yaml.load(open(cl_args.config_file, 'r')) -targetlist = configdata['targets'] -print('Testing against these images: [%d total]'%len(targetlist)) -for target in targetlist: - print(target['ami'], target['name']) - -print("Connecting to EC2 using\n profile %s\n keyname %s\n keyfile %s"%(PROFILE, KEYNAME, KEYFILE)) -AWS_SESSION = boto3.session.Session(profile_name=PROFILE) -EC2 = AWS_SESSION.resource('ec2') - -print("Determining Subnet") -for subnet in EC2.subnets.all(): - if should_use_subnet(subnet): - subnet_id = subnet.id - vpc_id = subnet.vpc.id - break -else: - print("No usable subnet exists!") - print("Please create a VPC with a subnet named {0}".format(SUBNET_NAME)) - print("that maps public IPv4 addresses to instances launched in the subnet.") - sys.exit(1) - -print("Making Security Group") -vpc = EC2.Vpc(vpc_id) -sg_exists = False -for sg in vpc.security_groups.all(): - if sg.group_name == SECURITY_GROUP_NAME: - security_group_id = sg.id - sg_exists = True - print(" %s already exists"%SECURITY_GROUP_NAME) -if not sg_exists: - security_group_id = make_security_group(vpc).id - time.sleep(30) - -boulder_preexists = False -boulder_servers = EC2.instances.filter(Filters=[ - {'Name': 'tag:Name', 'Values': ['le-boulderserver']}, - {'Name': 'instance-state-name', 'Values': ['running']}]) - -boulder_server = next(iter(boulder_servers), None) - -print("Requesting Instances...") -if boulder_server: - print("Found existing boulder server:", boulder_server) - boulder_preexists = True -else: - print("Can't find a boulder server, starting one...") - boulder_server = make_instance('le-boulderserver', - BOULDER_AMI, - KEYNAME, - machine_type='t2.micro', - #machine_type='t2.medium', - security_group_id=security_group_id, - subnet_id=subnet_id) - -try: - if not cl_args.boulderonly: - instances = create_client_instances(targetlist, security_group_id, subnet_id) - - # Configure and launch boulder server + # Set up local copy of git repo #------------------------------------------------------------------------------- - print("Waiting on Boulder Server") - boulder_server = block_until_instance_ready(boulder_server) - print(" server %s"%boulder_server) - + print("Making local dir for test repo and logs: %s"%LOGDIR) + local('mkdir %s'%LOGDIR) - # env.host_string defines the ssh user and host for connection - env.host_string = "ubuntu@%s"%boulder_server.public_ip_address - print("Boulder Server at (SSH):", env.host_string) - if not boulder_preexists: - print("Configuring and Launching Boulder") - config_and_launch_boulder(boulder_server) - # blocking often unnecessary, but cheap EC2 VMs can get very slow - block_until_http_ready('http://%s:4000'%boulder_server.public_ip_address, - wait_time=10, timeout=500) - - boulder_url = "http://%s:4000/directory"%boulder_server.private_ip_address - print("Boulder Server at (public ip): http://%s:4000/directory"%boulder_server.public_ip_address) - print("Boulder Server at (EC2 private ip): %s"%boulder_url) + # figure out what git object to test and locally create it in LOGDIR + print("Making local git repo") + try: + if cl_args.pull_request != '~': + print('Testing PR %s '%cl_args.pull_request, + "MERGING into master" if cl_args.merge_master else "") + execute(local_git_PR, cl_args.repo, cl_args.pull_request, cl_args.merge_master) + elif cl_args.branch != '~': + print('Testing branch %s of %s'%(cl_args.branch, cl_args.repo)) + execute(local_git_branch, cl_args.repo, cl_args.branch) + else: + print('Testing master of %s'%cl_args.repo) + execute(local_git_clone, cl_args.repo) + except FabricException: + print("FAIL: trouble with git repo") + traceback.print_exc() + exit() - if cl_args.boulderonly: - sys.exit(0) - # Install and launch client scripts in parallel + # Set up EC2 instances #------------------------------------------------------------------------------- - print("Uploading and running test script in parallel: %s"%cl_args.test_script) - print("Output routed to log files in %s"%LOGDIR) - # (Advice: always use Manager.Queue, never regular multiprocessing.Queue - # the latter has implementation flaws that deadlock it in some circumstances) - manager = Manager() - outqueue = manager.Queue() - inqueue = manager.Queue() - SENTINEL = None #queue kill signal - - # launch as many processes as clients to test - num_processes = len(targetlist) - jobs = [] #keep a reference to current procs - - - # initiate process execution - for i in range(num_processes): - p = mp.Process(target=test_client_process, args=(inqueue, outqueue)) - jobs.append(p) - p.daemon = True # kills subprocesses if parent is killed - p.start() - - # fill up work queue - for ii, target in enumerate(targetlist): - inqueue.put((ii, target)) - - # add SENTINELs to end client processes - for i in range(num_processes): - inqueue.put(SENTINEL) - # wait on termination of client processes - for p in jobs: - p.join() - # add SENTINEL to output queue - outqueue.put(SENTINEL) - - # clean up - execute(local_repo_clean) - - # print and save summary results - results_file = open(LOGDIR+'/results', 'w') - outputs = [outq for outq in iter(outqueue.get, SENTINEL)] - outputs.sort(key=lambda x: x[0]) - for outq in outputs: - ii, target, status = outq - print('%d %s %s'%(ii, target['name'], status)) - results_file.write('%d %s %s\n'%(ii, target['name'], status)) - results_file.close() - -finally: - cleanup(cl_args, instances, targetlist) - - # kill any connections - fabric.network.disconnect_all() + configdata = yaml.load(open(cl_args.config_file, 'r')) + targetlist = configdata['targets'] + print('Testing against these images: [%d total]'%len(targetlist)) + for target in targetlist: + print(target['ami'], target['name']) + + print("Connecting to EC2 using\n profile %s\n keyname %s\n keyfile %s"%(PROFILE, KEYNAME, KEYFILE)) + aws_session = boto3.session.Session(profile_name=PROFILE) + ec2_client = aws_session.resource('ec2') + + print("Determining Subnet") + for subnet in ec2_client.subnets.all(): + if should_use_subnet(subnet): + subnet_id = subnet.id + vpc_id = subnet.vpc.id + break + else: + print("No usable subnet exists!") + print("Please create a VPC with a subnet named {0}".format(SUBNET_NAME)) + print("that maps public IPv4 addresses to instances launched in the subnet.") + sys.exit(1) + + print("Making Security Group") + vpc = ec2_client.Vpc(vpc_id) + sg_exists = False + for sg in vpc.security_groups.all(): + if sg.group_name == SECURITY_GROUP_NAME: + security_group_id = sg.id + sg_exists = True + print(" %s already exists"%SECURITY_GROUP_NAME) + if not sg_exists: + security_group_id = make_security_group(vpc).id + time.sleep(30) + + boulder_preexists = False + boulder_servers = ec2_client.instances.filter(Filters=[ + {'Name': 'tag:Name', 'Values': ['le-boulderserver']}, + {'Name': 'instance-state-name', 'Values': ['running']}]) + + boulder_server = next(iter(boulder_servers), None) + + print("Requesting Instances...") + if boulder_server: + print("Found existing boulder server:", boulder_server) + boulder_preexists = True + else: + print("Can't find a boulder server, starting one...") + boulder_server = make_instance(ec2_client, + 'le-boulderserver', + BOULDER_AMI, + KEYNAME, + machine_type='t2.micro', + #machine_type='t2.medium', + security_group_id=security_group_id, + subnet_id=subnet_id) + + instances = [] + try: + if not cl_args.boulderonly: + print("Creating instances: ", end="") + for target in targetlist: + instances.append( + create_client_instance(ec2_client, target, + security_group_id, subnet_id) + ) + print() + + # Configure and launch boulder server + #------------------------------------------------------------------------------- + print("Waiting on Boulder Server") + boulder_server = block_until_instance_ready(boulder_server) + print(" server %s"%boulder_server) + + + # env.host_string defines the ssh user and host for connection + env.host_string = "ubuntu@%s"%boulder_server.public_ip_address + print("Boulder Server at (SSH):", env.host_string) + if not boulder_preexists: + print("Configuring and Launching Boulder") + config_and_launch_boulder(boulder_server) + # blocking often unnecessary, but cheap EC2 VMs can get very slow + block_until_http_ready('http://%s:4000'%boulder_server.public_ip_address, + wait_time=10, timeout=500) + + boulder_url = "http://%s:4000/directory"%boulder_server.private_ip_address + print("Boulder Server at (public ip): http://%s:4000/directory"%boulder_server.public_ip_address) + print("Boulder Server at (EC2 private ip): %s"%boulder_url) + + if cl_args.boulderonly: + sys.exit(0) + + # Install and launch client scripts in parallel + #------------------------------------------------------------------------------- + print("Uploading and running test script in parallel: %s"%cl_args.test_script) + print("Output routed to log files in %s"%LOGDIR) + # (Advice: always use Manager.Queue, never regular multiprocessing.Queue + # the latter has implementation flaws that deadlock it in some circumstances) + manager = Manager() + outqueue = manager.Queue() + inqueue = manager.Queue() + + # launch as many processes as clients to test + num_processes = len(targetlist) + jobs = [] #keep a reference to current procs + + + # initiate process execution + for i in range(num_processes): + p = mp.Process(target=test_client_process, args=(inqueue, outqueue, boulder_url)) + jobs.append(p) + p.daemon = True # kills subprocesses if parent is killed + p.start() + + # fill up work queue + for ii, target in enumerate(targetlist): + inqueue.put((ii, instances[ii].id, target)) + + # add SENTINELs to end client processes + for i in range(num_processes): + inqueue.put(SENTINEL) + print('Waiting on client processes', end='') + for p in jobs: + while p.is_alive(): + p.join(5 * 60) + # Regularly print output to keep Travis happy + print('.', end='') + sys.stdout.flush() + print() + # add SENTINEL to output queue + outqueue.put(SENTINEL) + + # clean up + execute(local_repo_clean) + + # print and save summary results + results_file = open(LOGDIR+'/results', 'w') + outputs = [outq for outq in iter(outqueue.get, SENTINEL)] + outputs.sort(key=lambda x: x[0]) + failed = False + for outq in outputs: + ii, target, status = outq + if status == Status.FAIL: + failed = True + print('%d %s %s'%(ii, target['name'], status)) + results_file.write('%d %s %s\n'%(ii, target['name'], status)) + if len(outputs) != num_processes: + failed = True + failure_message = 'FAILURE: Some target machines failed to run and were not tested. ' +\ + 'Tests should be rerun.' + print(failure_message) + results_file.write(failure_message + '\n') + results_file.close() + + if failed: + sys.exit(1) + + finally: + cleanup(cl_args, instances, targetlist) + + # kill any connections + fabric.network.disconnect_all() + + +if __name__ == '__main__': + main() diff --git a/tests/letstest/requirements.txt b/tests/letstest/requirements.txt new file mode 100644 index 000000000..64e1f6a0c --- /dev/null +++ b/tests/letstest/requirements.txt @@ -0,0 +1,25 @@ +asn1crypto==0.24.0 +awscli==1.16.157 +bcrypt==3.1.6 +boto3==1.9.146 +botocore==1.12.147 +cffi==1.12.3 +colorama==0.3.9 +cryptography==2.4.2 +docutils==0.14 +enum34==1.1.6 +Fabric==1.14.1 +futures==3.2.0 +idna==2.8 +ipaddress==1.0.22 +jmespath==0.9.4 +paramiko==2.4.2 +pyasn1==0.4.5 +pycparser==2.19 +PyNaCl==1.3.0 +python-dateutil==2.8.0 +PyYAML==3.10 +rsa==3.4.2 +s3transfer==0.2.0 +six==1.12.0 +urllib3==1.24.3 diff --git a/tests/letstest/scripts/boulder_config.sh b/tests/letstest/scripts/boulder_config.sh index 1ef63ca10..b99bbabbe 100755 --- a/tests/letstest/scripts/boulder_config.sh +++ b/tests/letstest/scripts/boulder_config.sh @@ -1,32 +1,24 @@ #!/bin/bash -x # Configures and Launches Boulder Server installed on -# us-east-1 ami-5f490b35 bouldertestserver (boulder commit 8b433f54dab) +# us-east-1 ami-072a9534772bec854 bouldertestserver3 (boulder commit b24fe7c3ea4) # fetch instance data from EC2 metadata service public_host=$(curl -s http://169.254.169.254/2014-11-05/meta-data/public-hostname) public_ip=$(curl -s http://169.254.169.254/2014-11-05/meta-data/public-ipv4) private_ip=$(curl -s http://169.254.169.254/2014-11-05/meta-data/local-ipv4) -# get local DNS resolver for VPC -resolver_ip=$(grep nameserver /etc/resolv.conf |cut -d" " -f2 |head -1) +# set to public DNS resolver +resolver_ip=8.8.8.8 resolver=$resolver_ip':53' # modifies integration testing boulder setup for local AWS VPC network # connections instead of localhost cd $GOPATH/src/github.com/letsencrypt/boulder -# configure boulder to receive outside connection on 4000 -sed -i '/listenAddress/ s/127.0.0.1:4000/'$private_ip':4000/' ./test/boulder-config.json -sed -i '/baseURL/ s/127.0.0.1:4000/'$private_ip':4000/' ./test/boulder-config.json # change test ports to real -sed -i '/httpPort/ s/5002/80/' ./test/boulder-config.json -sed -i '/httpsPort/ s/5001/443/' ./test/boulder-config.json -sed -i '/tlsPort/ s/5001/443/' ./test/boulder-config.json -# set local dns resolver -sed -i '/dnsResolver/ s/127.0.0.1:8053/'$resolver'/' ./test/boulder-config.json - -# start rabbitMQ -#go run cmd/rabbitmq-setup/main.go -server amqp://localhost -# start acme services -#nohup ./start.py >& /dev/null < /dev/null & -#./start.py +sed -i '/httpPort/ s/5002/80/' ./test/config/va.json +sed -i '/httpsPort/ s/5001/443/' ./test/config/va.json +sed -i '/tlsPort/ s/5001/443/' ./test/config/va.json +# set dns resolver +sed -i 's/"127.0.0.1:8053",/"'$resolver'"/' ./test/config/va.json +sed -i 's/"127.0.0.1:8054"//' ./test/config/va.json diff --git a/tests/letstest/scripts/boulder_install.sh b/tests/letstest/scripts/boulder_install.sh index f997268bd..5161de374 100755 --- a/tests/letstest/scripts/boulder_install.sh +++ b/tests/letstest/scripts/boulder_install.sh @@ -1,7 +1,5 @@ #!/bin/bash -x -# >>>> only tested on Ubuntu 14.04LTS <<<< - # Check out special branch until latest docker changes land in Boulder master. git clone -b docker-integration https://github.com/letsencrypt/boulder $BOULDERPATH cd $BOULDERPATH diff --git a/tests/letstest/scripts/set_python_envvars.sh b/tests/letstest/scripts/set_python_envvars.sh new file mode 100755 index 000000000..668444209 --- /dev/null +++ b/tests/letstest/scripts/set_python_envvars.sh @@ -0,0 +1,17 @@ +#!/bin/sh +# This is a simple script that can be sourced to set Python environment +# variables for use in Certbot's letstest test farm tests. + +# Some distros like Fedora may only have an executable named python3 installed. +if command -v python; then + PYTHON_NAME="python" + VENV_SCRIPT="tools/venv.py" + VENV_PATH="venv" +else + # We could check for "python2" here, however, the addition of "python3" + # only systems is what necessitated this change so checking for "python2" + # isn't necessary. + PYTHON_NAME="python3" + VENV_PATH="venv3" + VENV_SCRIPT="tools/venv3.py" +fi diff --git a/tests/letstest/scripts/test_apache2.sh b/tests/letstest/scripts/test_apache2.sh index d24de2458..9af39e8bb 100755 --- a/tests/letstest/scripts/test_apache2.sh +++ b/tests/letstest/scripts/test_apache2.sh @@ -45,8 +45,13 @@ if [ $? -ne 0 ] ; then exit 1 fi -python tools/_venv_common.py -e acme[dev] -e .[dev,docs] -e certbot-apache -sudo venv/bin/certbot -v --debug --text --agree-dev-preview --agree-tos \ +# This script sets the environment variables PYTHON_NAME, VENV_PATH, and +# VENV_SCRIPT based on the version of Python available on the system. For +# instance, Fedora uses Python 3 and Python 2 is not installed. +. tests/letstest/scripts/set_python_envvars.sh + +"$VENV_SCRIPT" -e acme[dev] -e certbot[dev,docs] -e certbot-apache +sudo "$VENV_PATH/bin/certbot" -v --debug --text --agree-tos \ --renew-by-default --redirect --register-unsafely-without-email \ --domain $PUBLIC_HOSTNAME --server $BOULDER_URL if [ $? -ne 0 ] ; then @@ -55,7 +60,7 @@ fi if [ "$OS_TYPE" = "ubuntu" ] ; then export SERVER="$BOULDER_URL" - venv/bin/tox -e apacheconftest + "$VENV_PATH/bin/tox" -e apacheconftest else echo Not running hackish apache tests on $OS_TYPE fi diff --git a/tests/letstest/scripts/test_leauto_upgrades.sh b/tests/letstest/scripts/test_leauto_upgrades.sh index 0c2b374f2..fc7632793 100755 --- a/tests/letstest/scripts/test_leauto_upgrades.sh +++ b/tests/letstest/scripts/test_leauto_upgrades.sh @@ -15,27 +15,37 @@ if ! command -v git ; then exit 1 fi fi -# 0.17.0 is the oldest version of letsencrypt-auto that has precompiled -# cryptography and the tagged commit is in master. 0.16.0 was the first version -# to use precompiled cryptography, but the release PR was squashed losing the -# commit. We want to use a precompiled version of cryptography for stability. -# Previous versions that have to compile against OpenSSL on installation -# started failing on newer distros with newer versions of OpenSSL. -INITIAL_VERSION="0.17.0" +# If we're on a RHEL 6 based system, we can be confident Python is already +# installed because the package manager is written in Python. +if command -v python && [ $(python -V 2>&1 | cut -d" " -f 2 | cut -d. -f1,2 | sed 's/\.//') -eq 26 ]; then + # 0.20.0 is the latest version of letsencrypt-auto that doesn't install + # Python 3 on RHEL 6. + INITIAL_VERSION="0.20.0" + RUN_RHEL6_TESTS=1 +else + # 0.37.x is the oldest version of letsencrypt-auto that works on RHEL 8. + INITIAL_VERSION="0.37.1" +fi + git checkout -f "v$INITIAL_VERSION" letsencrypt-auto -if ! ./letsencrypt-auto -v --debug --version --no-self-upgrade 2>&1 | grep "$INITIAL_VERSION" ; then +if ! ./letsencrypt-auto -v --debug --version --no-self-upgrade 2>&1 | tail -n1 | grep "^certbot $INITIAL_VERSION$" ; then echo initial installation appeared to fail exit 1 fi +# This script sets the environment variables PYTHON_NAME, VENV_PATH, and +# VENV_SCRIPT based on the version of Python available on the system. For +# instance, Fedora uses Python 3 and Python 2 is not installed. +. tests/letstest/scripts/set_python_envvars.sh + # Now that python and openssl have been installed, we can set up a fake server # to provide a new version of letsencrypt-auto. First, we start the server and # directory to be served. MY_TEMP_DIR=$(mktemp -d) PORT_FILE="$MY_TEMP_DIR/port" -SERVER_PATH=$(tools/readlink.py tools/simple_http_server.py) +SERVER_PATH=$("$PYTHON_NAME" tools/readlink.py tools/simple_http_server.py) cd "$MY_TEMP_DIR" -"$SERVER_PATH" 0 > $PORT_FILE & +"$PYTHON_NAME" "$SERVER_PATH" 0 > $PORT_FILE & SERVER_PID=$! trap 'kill "$SERVER_PID" && rm -rf "$MY_TEMP_DIR"' EXIT cd ~- @@ -68,8 +78,7 @@ iQIDAQAB -----END PUBLIC KEY----- " -if [ $(python -V 2>&1 | cut -d" " -f 2 | cut -d. -f1,2 | sed 's/\.//') -eq 26 ]; then - RUN_PYTHON3_TESTS=1 +if [ "$RUN_RHEL6_TESTS" = 1 ]; then if command -v python3; then echo "Didn't expect Python 3 to be installed!" exit 1 @@ -79,13 +88,12 @@ if [ $(python -V 2>&1 | cut -d" " -f 2 | cut -d. -f1,2 | sed 's/\.//') -eq 26 ]; echo "Certbot shouldn't have updated to a new version!" exit 1 fi - if [ -d "/opt/eff.org" ]; then - echo "New directory shouldn't have been created!" - exit 1 - fi - # Create a 2nd venv at the new path to ensure we properly handle this case - export VENV_PATH="/opt/eff.org/certbot/venv" - if ! sudo -E ./letsencrypt-auto -v --debug --version --no-self-upgrade 2>&1 | grep "$INITIAL_VERSION" ; then + # Create a 2nd venv at the old path to ensure we properly handle the (unlikely) case of two separate virtual environments below. + HOME=${HOME:-~root} + XDG_DATA_HOME=${XDG_DATA_HOME:-~/.local/share} + OLD_VENV_PATH="$XDG_DATA_HOME/letsencrypt" + export VENV_PATH="$OLD_VENV_PATH" + if ! sudo -E ./letsencrypt-auto -v --debug --version --no-self-upgrade 2>&1 | tail -n1 | grep "^certbot $INITIAL_VERSION$" ; then echo second installation appeared to fail exit 1 fi @@ -98,7 +106,7 @@ if ./letsencrypt-auto -v --debug --version | grep "WARNING: couldn't find Python fi EXPECTED_VERSION=$(grep -m1 LE_AUTO_VERSION certbot-auto | cut -d\" -f2) -if ! /opt/eff.org/certbot/venv/bin/letsencrypt --version 2>&1 | grep "$EXPECTED_VERSION" ; then +if ! /opt/eff.org/certbot/venv/bin/letsencrypt --version 2>&1 | tail -n1 | grep "^certbot $EXPECTED_VERSION$" ; then echo upgrade appeared to fail exit 1 fi @@ -108,7 +116,9 @@ if ! diff letsencrypt-auto letsencrypt-auto-source/letsencrypt-auto ; then exit 1 fi -if [ "$RUN_PYTHON3_TESTS" = 1 ]; then +if [ "$RUN_RHEL6_TESTS" = 1 ]; then + # Add the SCL python release to PATH in order to resolve python3 command + PATH="/opt/rh/rh-python36/root/usr/bin:$PATH" if ! command -v python3; then echo "Python3 wasn't properly installed" exit 1 @@ -117,11 +127,10 @@ if [ "$RUN_PYTHON3_TESTS" = 1 ]; then echo "Python3 wasn't used in venv!" exit 1 fi -fi -echo upgrade appeared to be successful -if [ "$(tools/readlink.py ${XDG_DATA_HOME:-~/.local/share}/letsencrypt)" != "/opt/eff.org/certbot/venv" ]; then - echo symlink from old venv path not properly created! - exit 1 + if [ "$("$PYTHON_NAME" tools/readlink.py $OLD_VENV_PATH)" != "/opt/eff.org/certbot/venv" ]; then + echo symlink from old venv path not properly created! + exit 1 + fi fi -echo symlink properly created +echo upgrade appeared to be successful diff --git a/tests/letstest/scripts/test_letsencrypt_auto_certonly_standalone.sh b/tests/letstest/scripts/test_letsencrypt_auto_certonly_standalone.sh index 2cbe66a83..c028031c7 100755 --- a/tests/letstest/scripts/test_letsencrypt_auto_certonly_standalone.sh +++ b/tests/letstest/scripts/test_letsencrypt_auto_certonly_standalone.sh @@ -9,36 +9,47 @@ set -eo pipefail #private_ip=$(curl -s http://169.254.169.254/2014-11-05/meta-data/local-ipv4) cd letsencrypt -export PATH="$PWD/letsencrypt-auto-source:$PATH" +LE_AUTO_DIR="/usr/local/bin" +LE_AUTO_PATH="$LE_AUTO_DIR/letsencrypt-auto" +sudo cp letsencrypt-auto-source/letsencrypt-auto "$LE_AUTO_PATH" +sudo chown root "$LE_AUTO_PATH" +sudo chmod 0755 "$LE_AUTO_PATH" +export PATH="$LE_AUTO_DIR:$PATH" + letsencrypt-auto --os-packages-only --debug --version + +# This script sets the environment variables PYTHON_NAME, VENV_PATH, and +# VENV_SCRIPT based on the version of Python available on the system. For +# instance, Fedora uses Python 3 and Python 2 is not installed. +. tests/letstest/scripts/set_python_envvars.sh + +# Create a venv-like layout at the old virtual environment path to test that a +# symlink is properly created when letsencrypt-auto runs. +HOME=${HOME:-~root} +XDG_DATA_HOME=${XDG_DATA_HOME:-~/.local/share} +OLD_VENV_BIN="$XDG_DATA_HOME/letsencrypt/bin" +mkdir -p "$OLD_VENV_BIN" +touch "$OLD_VENV_BIN/letsencrypt" + letsencrypt-auto certonly --no-self-upgrade -v --standalone --debug \ - --text --agree-dev-preview --agree-tos \ + --text --agree-tos \ --renew-by-default --redirect \ --register-unsafely-without-email \ --domain $PUBLIC_HOSTNAME --server $BOULDER_URL -# we have to jump through some hoops to cope with relative paths in renewal -# conf files ... -# 1. be in the right directory -cd tests/letstest/testdata/ - -# 2. refer to the config with the same level of relativity that it itself -# contains :/ -OUT=`letsencrypt-auto certificates --config-dir sample-config -v --no-self-upgrade` -TEST_CERTS=`echo "$OUT" | grep TEST_CERT | wc -l` -REVOKED=`echo "$OUT" | grep REVOKED | wc -l` - -if [ "$TEST_CERTS" != 2 ] ; then - echo "Did not find two test certs as expected ($TEST_CERTS)" +LINK_PATH=$("$PYTHON_NAME" tools/readlink.py ${XDG_DATA_HOME:-~/.local/share}/letsencrypt) +if [ "$LINK_PATH" != "/opt/eff.org/certbot/venv" ]; then + echo symlink from old venv path not properly created! exit 1 fi -if [ "$REVOKED" != 1 ] ; then - echo "Did not find one revoked cert as expected ($REVOKED)" +if ! letsencrypt-auto --help --no-self-upgrade | grep -F "letsencrypt-auto [SUBCOMMAND]"; then + echo "letsencrypt-auto not included in help output!" exit 1 fi -if ! letsencrypt-auto --help --no-self-upgrade | grep -F "letsencrypt-auto [SUBCOMMAND]"; then - echo "letsencrypt-auto not included in help output!" +OUTPUT_LEN=$(letsencrypt-auto --install-only --no-self-upgrade --quiet 2>&1 | wc -c) +if [ "$OUTPUT_LEN" != 0 ]; then + echo letsencrypt-auto produced unexpected output! exit 1 fi diff --git a/tests/letstest/scripts/test_letsencrypt_auto_venv_only.sh b/tests/letstest/scripts/test_letsencrypt_auto_venv_only.sh deleted file mode 100755 index c55e12e8b..000000000 --- a/tests/letstest/scripts/test_letsencrypt_auto_venv_only.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash -x - -# $PUBLIC_IP $PRIVATE_IP $PUBLIC_HOSTNAME $BOULDER_URL are dynamically set at execution - -cd letsencrypt -# help installs virtualenv and does nothing else -./letsencrypt-auto-source/letsencrypt-auto -v --debug --help all diff --git a/tests/letstest/scripts/test_renew_standalone.sh b/tests/letstest/scripts/test_renew_standalone.sh deleted file mode 100755 index 31c38ea46..000000000 --- a/tests/letstest/scripts/test_renew_standalone.sh +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/bash -x - -# $OS_TYPE $PUBLIC_IP $PRIVATE_IP $PUBLIC_HOSTNAME $BOULDER_URL -# are dynamically set at execution - -# run certbot-apache2 via letsencrypt-auto -cd letsencrypt - -export SUDO=sudo -if [ -f /etc/debian_version ] ; then - echo "Bootstrapping dependencies for Debian-based OSes..." - $SUDO bootstrap/_deb_common.sh -elif [ -f /etc/redhat-release ] ; then - echo "Bootstrapping dependencies for RedHat-based OSes..." - $SUDO bootstrap/_rpm_common.sh -else - echo "Don't have bootstrapping for this OS!" - exit 1 -fi - -bootstrap/dev/venv.sh -sudo venv/bin/certbot certonly --debug --standalone -t --agree-dev-preview --agree-tos \ - --renew-by-default --redirect --register-unsafely-without-email \ - --domain $PUBLIC_HOSTNAME --server $BOULDER_URL -v -if [ $? -ne 0 ] ; then - FAIL=1 -fi - -if [ "$OS_TYPE" = "ubuntu" ] ; then - venv/bin/tox -e apacheconftest -else - echo Not running hackish apache tests on $OS_TYPE -fi - -if [ $? -ne 0 ] ; then - FAIL=1 -fi - -sudo venv/bin/certbot renew --renew-by-default - -if [ $? -ne 0 ] ; then - FAIL=1 -fi - - -ls /etc/letsencrypt/archive/$PUBLIC_HOSTNAME | grep -q 2.pem - -if [ $? -ne 0 ] ; then - FAIL=1 -fi - -# return error if any of the subtests failed -if [ "$FAIL" = 1 ] ; then - exit 1 -fi diff --git a/tests/letstest/scripts/test_sdists.sh b/tests/letstest/scripts/test_sdists.sh index 0b9a91ffd..204f55d55 100755 --- a/tests/letstest/scripts/test_sdists.sh +++ b/tests/letstest/scripts/test_sdists.sh @@ -1,20 +1,46 @@ #!/bin/sh -xe cd letsencrypt -./certbot-auto --os-packages-only -n --debug + +# If we're on a RHEL 6 based system, we can be confident Python is already +# installed because the package manager is written in Python. +if command -v python && [ $(python -V 2>&1 | cut -d" " -f 2 | cut -d. -f1,2 | sed 's/\.//') -eq 26 ]; then + # RHEL/CentOS 6 will need a special treatment, so we need to detect that environment + RUN_RHEL6_TESTS=1 +fi + +letsencrypt-auto-source/letsencrypt-auto --install-only -n --debug + +if [ "$RUN_RHEL6_TESTS" = 1 ]; then + # Enable the SCL Python 3.6 installed by letsencrypt-auto bootstrap + PATH="/opt/rh/rh-python36/root/usr/bin:$PATH" +fi PLUGINS="certbot-apache certbot-nginx" -PYTHON=$(command -v python2.7 || command -v python27 || command -v python2 || command -v python) +PYTHON_MAJOR_VERSION=$(/opt/eff.org/certbot/venv/bin/python --version 2>&1 | cut -d" " -f 2 | cut -d. -f1) TEMP_DIR=$(mktemp -d) -VERSION=$(letsencrypt-auto-source/version.py) -export VENV_ARGS="-p $PYTHON" + +if [ "$PYTHON_MAJOR_VERSION" = "3" ]; then + # Some distros like Fedora may only have an executable named python3 installed. + PYTHON_NAME="python3" + VENV_PATH="venv3" + VENV_SCRIPT="tools/venv3.py" +else + PYTHON_NAME="python" + VENV_SCRIPT="tools/venv.py" + VENV_PATH="venv" +fi + +VERSION=$("$PYTHON_NAME" letsencrypt-auto-source/version.py) # setup venv -tools/_venv_common.py --requirement letsencrypt-auto-source/pieces/dependency-requirements.txt -. ./venv/bin/activate +"$VENV_SCRIPT" --requirement letsencrypt-auto-source/pieces/dependency-requirements.txt +. "$VENV_PATH/bin/activate" +# pytest is needed to run tests on some of our packages so we install a pinned version here. +tools/pip_install.py pytest # build sdists -for pkg_dir in acme . $PLUGINS; do +for pkg_dir in acme certbot $PLUGINS; do cd $pkg_dir python setup.py clean rm -rf build dist diff --git a/tests/letstest/scripts/test_tests.sh b/tests/letstest/scripts/test_tests.sh index e6ab836b8..fb86ce4cd 100755 --- a/tests/letstest/scripts/test_tests.sh +++ b/tests/letstest/scripts/test_tests.sh @@ -1,20 +1,29 @@ #!/bin/sh -xe +# +# This script is useful for testing that the packages we've built for a release +# work on a variety of systems. For an example of the kinds of problems that +# can occur, see https://github.com/certbot/certbot/issues/3455. -LE_AUTO="letsencrypt/letsencrypt-auto-source/letsencrypt-auto" +REPO_ROOT="letsencrypt" +LE_AUTO="$REPO_ROOT/letsencrypt-auto-source/letsencrypt-auto" LE_AUTO="$LE_AUTO --debug --no-self-upgrade --non-interactive" -MODULES="acme certbot certbot_apache certbot_nginx" +MODULES="acme certbot certbot-apache certbot-nginx" +PIP_INSTALL="$REPO_ROOT/tools/pip_install.py" VENV_NAME=venv # *-auto respects VENV_PATH $LE_AUTO --os-packages-only LE_AUTO_SUDO="" VENV_PATH="$VENV_NAME" $LE_AUTO --no-bootstrap --version . $VENV_NAME/bin/activate +"$PIP_INSTALL" pytest -# change to an empty directory to ensure CWD doesn't affect tests -cd $(mktemp -d) -pip install pytest==3.2.5 +# To run tests that aren't packaged in modules, run pytest +# from the repo root. The directory structure should still +# cause the installed packages to be tested while using +# the tests available in the subdirectories. +cd $REPO_ROOT for module in $MODULES ; do echo testing $module - pytest -v --pyargs $module + pytest -v $module done diff --git a/tests/letstest/scripts/test_tox.sh b/tests/letstest/scripts/test_tox.sh deleted file mode 100755 index bb9126673..000000000 --- a/tests/letstest/scripts/test_tox.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -x -XDG_DATA_HOME=${XDG_DATA_HOME:-~/.local/share} -VENV_NAME="venv" -# The path to the letsencrypt-auto script. Everything that uses these might -# at some point be inlined... -LEA_PATH=./letsencrypt/ -VENV_PATH=${LEA_PATH/$VENV_NAME} -VENV_BIN=${VENV_PATH}/bin - - -# virtualenv call is not idempotent: it overwrites pip upgraded in -# later steps, causing "ImportError: cannot import name unpack_url" - -"$LEA_PATH/letsencrypt-auto" --os-packages-only - -cd letsencrypt -python tools/venv.py -venv/bin/tox -e py27 diff --git a/tests/letstest/targets.yaml b/tests/letstest/targets.yaml index c1a28af98..188be8e24 100644 --- a/tests/letstest/targets.yaml +++ b/tests/letstest/targets.yaml @@ -1,12 +1,12 @@ targets: #----------------------------------------------------------------------------- #Ubuntu - - ami: ami-064bd2d44a1d6c097 - name: ubuntu18.10 + - ami: ami-08ab45c4343f5f5c6 + name: ubuntu19.04 type: ubuntu virt: hvm user: ubuntu - - ami: ami-012fd5eb46f56731f + - ami: ami-095192256fe1477ad name: ubuntu18.04LTS type: ubuntu virt: hvm @@ -16,24 +16,25 @@ targets: type: ubuntu virt: hvm user: ubuntu - - ami: ami-7b89cc11 - name: ubuntu14.04LTS - type: ubuntu - virt: hvm - user: ubuntu - - ami: ami-9295d0f8 - name: ubuntu14.04LTS_32bit - type: ubuntu - virt: pv - user: ubuntu #----------------------------------------------------------------------------- # Debian + - ami: ami-01db78123b2b99496 + name: debian10 + type: ubuntu + virt: hvm + user: admin - ami: ami-003f19e0e687de1cd name: debian9 type: ubuntu virt: hvm user: admin - - ami: ami-116d857a + - ami: ami-0ed54dd1b25657636 + name: debian9_arm64 + type: ubuntu + virt: hvm + user: admin + machine_type: a1.medium + - ami: ami-077bf3962f29d3fa4 name: debian8.1 type: ubuntu virt: hvm @@ -44,23 +45,18 @@ targets: # - [ apt-get, install, -y, curl ] #----------------------------------------------------------------------------- # Other Redhat Distros - - ami: ami-60b6c60a - name: amazonlinux-2015.09.1 - type: centos - virt: hvm - user: ec2-user - - ami: ami-0d4cfd66 - name: amazonlinux-2015.03.1 + - ami: ami-0916c408cb02e310b + name: RHEL7 type: centos virt: hvm user: ec2-user - - ami: ami-a8d369c0 - name: RHEL7 + - ami: ami-0c322300a1dd5dc79 + name: RHEL8 type: centos virt: hvm user: ec2-user - - ami: ami-518bfb3b - name: fedora23 + - ami: ami-00bbc6858140f19ed + name: fedora30 type: centos virt: hvm user: fedora diff --git a/tests/letstest/testdata/sample-config/accounts/acme-staging.api.letsencrypt.org/directory/48d6b9e8d767eccf7e4d877d6ffa81e3/meta.json b/tests/letstest/testdata/sample-config/accounts/acme-staging.api.letsencrypt.org/directory/48d6b9e8d767eccf7e4d877d6ffa81e3/meta.json deleted file mode 100644 index 6fe0b47f3..000000000 --- a/tests/letstest/testdata/sample-config/accounts/acme-staging.api.letsencrypt.org/directory/48d6b9e8d767eccf7e4d877d6ffa81e3/meta.json +++ /dev/null @@ -1 +0,0 @@ -{"creation_host": "ec2-52-91-193-99.compute-1.amazonaws.com", "creation_dt": "2016-12-23T02:08:32Z"}
\ No newline at end of file diff --git a/tests/letstest/testdata/sample-config/accounts/acme-staging.api.letsencrypt.org/directory/48d6b9e8d767eccf7e4d877d6ffa81e3/private_key.json b/tests/letstest/testdata/sample-config/accounts/acme-staging.api.letsencrypt.org/directory/48d6b9e8d767eccf7e4d877d6ffa81e3/private_key.json deleted file mode 100644 index 0affb573d..000000000 --- a/tests/letstest/testdata/sample-config/accounts/acme-staging.api.letsencrypt.org/directory/48d6b9e8d767eccf7e4d877d6ffa81e3/private_key.json +++ /dev/null @@ -1 +0,0 @@ -{"e": "AQAB", "d": "W410Wny96RO4qJ207KGQ3RSn0KAwqb93JBMHWU1yS9H3fN_2eCpFYdMLNFI9t1__nW1okeUioEfvMN_YW-G9krw97kVdZ63MfbeJCf35Onc8VZhAnk_3V8MtS26Of8ml0tTYhlQ65nuzhvHbY7aP-Uk260oDN-AbCCVhu5G4CQiMY6sdtCc8YkB6gK7SK874oWU7ogvAIPtNtEI-AXDUBYNAfoh34s1r2fE6mJSX4UYtzWB2hTUisvZdVL5JUInvxpCQFttk1cwWLFwwb6d2ERCbseeudvGJ6fkYiJ-EYxfHKOQK2kxPeOlLFMwGYQ0khDxTNajxQ1Asl43r7wgAeQ", "n": "xL5HzdhU_7P-_tphpRxpDSIL2L-aAlWt6r9EVyw53Sp-jx4fHDgnYv9HQOzNeL_IpLRCLLBItMzqnBvHUdHcS3aB6fv8HSNiHdVdC-c2rPFO8DLSGLNqi9G9WshjLDsKwc__BPNX5wHFcm8TZUJ4uZ_Ax1JCe05ePHWAf8GTr8vPaKtMpUVF55HPwpJtYvFZlH1LiVo8I_trJtHl8-pGeel3zdcaDJgNZrohZG2acTg95Ry46FE4HOslAg8Z6yECPyYLInJSDcb5yCgSqtOOp7rMVSPQFhoZRt4KDfew9lqIwNQSJoDE3bJWpwkzL1tp4clG8ExI1WnA86OjW83Vvw", "q": "0xdfHMMKYWHPE1UoQ10niDI7rnCM9vmPo4JpCOCYZf51KPNJgNaPCw62Q0Y-ZQfCBifypQyf291d0_2C_Rif0WMg07Y-Ypv8SpPK77vLV12GoAoAX2Xy3AJAz1gDBcyUzDtRlrzgCZja9YqIDVzMatkdPJXaBrBu5B-sXv4wGa0", "p": "7pl5xe_400Sn6PdN_F6KLWHFROVd7379WPWGHYmnvOvXx7DmrMjDsTOmhNRlrv7jPemVqMzp1FGsubGBizEMFGyCET30bUgH6ZU7Cmgv-2JKKN1FZnm1QTepZ7kjAT_qRCI6nvN6J0SIX197QOSz3hMmP7UYQXQ32QcVKdCksps", "kty": "RSA", "qi": "zG60VpLZjgR0o7dTeEP-HjbtxHUedyZLGe4FIPyWrPRl28anebkMUGzibpB8z5ohRsqHU2i4tmDq2NMvshISqkpk8t5PLiIcQgU46HQ24SCv7lunkVPKYU1n2uXVVfttrBP4c3UkjYzda1bcIVp6cJHanm_JuWI5nxy9ebVQJiw", "dp": "kRIBx0aj7Jh22x_aa9JzgypKDhzDY4W7tmX5-GWk9ioTVZgKeQ3MZiZ4XZTiimbxdchbNXn5xh0uvuzdTesxZA2he6hGwFcmcHBKqIY2fksBuhznQGpJuXCFcMpRLUZWQrzpFZIGOG_j1tEwGIG1lxXfkKakK8_k0PEMfhMcwHc", "dq": "AsoSRa0GHBdQxy6e45T9ir0vMLToB_NwRHbasHVXTjG4lpvwYrVzGnBNVEI_XNJna_FnMWsjSaJ5NO3qpzGGGxw2ONX1qRPql4mwas6Od08TElZPfvM37FRTSuoc0BzN8ozuHRHN3BKbAheciKCrStYnnr9ULDZ0oKsSegbd19k"}
\ No newline at end of file diff --git a/tests/letstest/testdata/sample-config/accounts/acme-staging.api.letsencrypt.org/directory/48d6b9e8d767eccf7e4d877d6ffa81e3/regr.json b/tests/letstest/testdata/sample-config/accounts/acme-staging.api.letsencrypt.org/directory/48d6b9e8d767eccf7e4d877d6ffa81e3/regr.json deleted file mode 100644 index fdd2df7da..000000000 --- a/tests/letstest/testdata/sample-config/accounts/acme-staging.api.letsencrypt.org/directory/48d6b9e8d767eccf7e4d877d6ffa81e3/regr.json +++ /dev/null @@ -1 +0,0 @@ -{"body": {"agreement": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf", "key": {"e": "AQAB", "kty": "RSA", "n": "xL5HzdhU_7P-_tphpRxpDSIL2L-aAlWt6r9EVyw53Sp-jx4fHDgnYv9HQOzNeL_IpLRCLLBItMzqnBvHUdHcS3aB6fv8HSNiHdVdC-c2rPFO8DLSGLNqi9G9WshjLDsKwc__BPNX5wHFcm8TZUJ4uZ_Ax1JCe05ePHWAf8GTr8vPaKtMpUVF55HPwpJtYvFZlH1LiVo8I_trJtHl8-pGeel3zdcaDJgNZrohZG2acTg95Ry46FE4HOslAg8Z6yECPyYLInJSDcb5yCgSqtOOp7rMVSPQFhoZRt4KDfew9lqIwNQSJoDE3bJWpwkzL1tp4clG8ExI1WnA86OjW83Vvw"}}, "uri": "https://acme-staging.api.letsencrypt.org/acme/reg/566631", "new_authzr_uri": "https://acme-staging.api.letsencrypt.org/acme/new-authz", "terms_of_service": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"}
\ No newline at end of file diff --git a/tests/letstest/testdata/sample-config/archive/a.encryption-example.com/cert1.pem b/tests/letstest/testdata/sample-config/archive/a.encryption-example.com/cert1.pem deleted file mode 100644 index 80739dd3f..000000000 --- a/tests/letstest/testdata/sample-config/archive/a.encryption-example.com/cert1.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE9TCCA92gAwIBAgITAPrA8hxQOlpVRMgAm/Ib0HYdqzANBgkqhkiG9w0BAQsF -ADAiMSAwHgYDVQQDDBdGYWtlIExFIEludGVybWVkaWF0ZSBYMTAeFw0xNjEyMjMw -MTAyMDBaFw0xNzAzMjMwMTAyMDBaMCMxITAfBgNVBAMTGGEuZW5jcnlwdGlvbi1l -eGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKqz0cco -hsCqyWPwGr79a8j+JO3HqbphLTzhoNHYF+fW8glyMyBmOMyZjc8v8E3U3KYEXuuR -WzR+bvUXBcLOhSogIifZDNiMKEFyDNcDlG08ze9GTj2hTQyjet2ZuPWNuuJ4u5UM -FvobaceDqITuqEqUrjCBi5CmEXswrV3l2BVSiOcPf+l+ZR81xG7qcjGfLG6YQWca -nsYYorz/kSRtwYjAT4NaeUYNXVeH1luWTWhbed8pmKfBVfv+OEmwUyAhSE1ePfny -Cj37wo1+nqQz37IJNEpI0RNbxrE7ZCgA40QrFVqc9XevcypFi9DftVWzDNBtd97Q -lmHuIqA9Kb3C/e8CAwEAAaOCAiEwggIdMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE -FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU -C7/XcCnNRht91hnQVEB2E9AtNUowHwYDVR0jBBgwFoAUwMwDRrlYIMxccnDz4S7L -IKb1aDoweAYIKwYBBQUHAQEEbDBqMDMGCCsGAQUFBzABhidodHRwOi8vb2NzcC5z -dGctaW50LXgxLmxldHNlbmNyeXB0Lm9yZy8wMwYIKwYBBQUHMAKGJ2h0dHA6Ly9j -ZXJ0LnN0Zy1pbnQteDEubGV0c2VuY3J5cHQub3JnLzAjBgNVHREEHDAaghhhLmVu -Y3J5cHRpb24tZXhhbXBsZS5jb20wgf4GA1UdIASB9jCB8zAIBgZngQwBAgEwgeYG -CysGAQQBgt8TAQEBMIHWMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNy -eXB0Lm9yZzCBqwYIKwYBBQUHAgIwgZ4MgZtUaGlzIENlcnRpZmljYXRlIG1heSBv -bmx5IGJlIHJlbGllZCB1cG9uIGJ5IFJlbHlpbmcgUGFydGllcyBhbmQgb25seSBp -biBhY2NvcmRhbmNlIHdpdGggdGhlIENlcnRpZmljYXRlIFBvbGljeSBmb3VuZCBh -dCBodHRwczovL2xldHNlbmNyeXB0Lm9yZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0B -AQsFAAOCAQEAP04z87VVNYYHpBkCLkw3B+gTd/F0xDo7ab2HvJJAeOpZgSfoSYMR -omYWiug9wGQqKjs4kaOGjAkW1EV3qosumOtvK7uTvoa2caXDjPYAxRiVIp08Qm0J -/FU/FfGpUXBZW9Ne3m3nDYxOCAWAw9WmV+dUuvb7qZWQSKs7cQv3FY/NuQe0o9LH -FgL7T0W7vc6uVGeBgcoEkX7xX4T7A9V3BqL6mgkK+L++n0EFrDXXzWWENNdWYCvY -Ptu0Ez95IyYNRgI3U1waO9QZ944Pc9OuMCZD4ifbYoMKGqSQb3sGR+B2TQ+qqCUC -4sikdX4WRbEYKlBTcvSpCVJ7ndFTyD6lyg== ------END CERTIFICATE----- diff --git a/tests/letstest/testdata/sample-config/archive/a.encryption-example.com/chain1.pem b/tests/letstest/testdata/sample-config/archive/a.encryption-example.com/chain1.pem deleted file mode 100644 index 29a54e2a1..000000000 --- a/tests/letstest/testdata/sample-config/archive/a.encryption-example.com/chain1.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEqzCCApOgAwIBAgIRAIvhKg5ZRO08VGQx8JdhT+UwDQYJKoZIhvcNAQELBQAw -GjEYMBYGA1UEAwwPRmFrZSBMRSBSb290IFgxMB4XDTE2MDUyMzIyMDc1OVoXDTM2 -MDUyMzIyMDc1OVowIjEgMB4GA1UEAwwXRmFrZSBMRSBJbnRlcm1lZGlhdGUgWDEw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtWKySDn7rWZc5ggjz3ZB0 -8jO4xti3uzINfD5sQ7Lj7hzetUT+wQob+iXSZkhnvx+IvdbXF5/yt8aWPpUKnPym -oLxsYiI5gQBLxNDzIec0OIaflWqAr29m7J8+NNtApEN8nZFnf3bhehZW7AxmS1m0 -ZnSsdHw0Fw+bgixPg2MQ9k9oefFeqa+7Kqdlz5bbrUYV2volxhDFtnI4Mh8BiWCN -xDH1Hizq+GKCcHsinDZWurCqder/afJBnQs+SBSL6MVApHt+d35zjBD92fO2Je56 -dhMfzCgOKXeJ340WhW3TjD1zqLZXeaCyUNRnfOmWZV8nEhtHOFbUCU7r/KkjMZO9 -AgMBAAGjgeMwgeAwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAw -HQYDVR0OBBYEFMDMA0a5WCDMXHJw8+EuyyCm9Wg6MHoGCCsGAQUFBwEBBG4wbDA0 -BggrBgEFBQcwAYYoaHR0cDovL29jc3Auc3RnLXJvb3QteDEubGV0c2VuY3J5cHQu -b3JnLzA0BggrBgEFBQcwAoYoaHR0cDovL2NlcnQuc3RnLXJvb3QteDEubGV0c2Vu -Y3J5cHQub3JnLzAfBgNVHSMEGDAWgBTBJnSkikSg5vogKNhcI5pFiBh54DANBgkq -hkiG9w0BAQsFAAOCAgEABYSu4Il+fI0MYU42OTmEj+1HqQ5DvyAeyCA6sGuZdwjF -UGeVOv3NnLyfofuUOjEbY5irFCDtnv+0ckukUZN9lz4Q2YjWGUpW4TTu3ieTsaC9 -AFvCSgNHJyWSVtWvB5XDxsqawl1KzHzzwr132bF2rtGtazSqVqK9E07sGHMCf+zp -DQVDVVGtqZPHwX3KqUtefE621b8RI6VCl4oD30Olf8pjuzG4JKBFRFclzLRjo/h7 -IkkfjZ8wDa7faOjVXx6n+eUQ29cIMCzr8/rNWHS9pYGGQKJiY2xmVC9h12H99Xyf -zWE9vb5zKP3MVG6neX1hSdo7PEAb9fqRhHkqVsqUvJlIRmvXvVKTwNCP3eCjRCCI -PTAvjV+4ni786iXwwFYNz8l3PmPLCyQXWGohnJ8iBm+5nk7O2ynaPVW0U2W+pt2w -SVuvdDM5zGv2f9ltNWUiYZHJ1mmO97jSY/6YfdOUH66iRtQtDkHBRdkNBsMbD+Em -2TgBldtHNSJBfB3pm9FblgOcJ0FSWcUDWJ7vO0+NTXlgrRofRT6pVywzxVo6dND0 -WzYlTWeUVsO40xJqhgUQRER9YLOLxJ0O6C8i0xFxAMKOtSdodMB3RIwt7RFQ0uyt -n5Z5MqkYhlMI3J1tPRTp1nEt9fyGspBOO05gi148Qasp+3N+svqKomoQglNoAxU= ------END CERTIFICATE----- diff --git a/tests/letstest/testdata/sample-config/archive/a.encryption-example.com/fullchain1.pem b/tests/letstest/testdata/sample-config/archive/a.encryption-example.com/fullchain1.pem deleted file mode 100644 index ba245d213..000000000 --- a/tests/letstest/testdata/sample-config/archive/a.encryption-example.com/fullchain1.pem +++ /dev/null @@ -1,56 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE9TCCA92gAwIBAgITAPrA8hxQOlpVRMgAm/Ib0HYdqzANBgkqhkiG9w0BAQsF -ADAiMSAwHgYDVQQDDBdGYWtlIExFIEludGVybWVkaWF0ZSBYMTAeFw0xNjEyMjMw -MTAyMDBaFw0xNzAzMjMwMTAyMDBaMCMxITAfBgNVBAMTGGEuZW5jcnlwdGlvbi1l -eGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKqz0cco -hsCqyWPwGr79a8j+JO3HqbphLTzhoNHYF+fW8glyMyBmOMyZjc8v8E3U3KYEXuuR -WzR+bvUXBcLOhSogIifZDNiMKEFyDNcDlG08ze9GTj2hTQyjet2ZuPWNuuJ4u5UM -FvobaceDqITuqEqUrjCBi5CmEXswrV3l2BVSiOcPf+l+ZR81xG7qcjGfLG6YQWca -nsYYorz/kSRtwYjAT4NaeUYNXVeH1luWTWhbed8pmKfBVfv+OEmwUyAhSE1ePfny -Cj37wo1+nqQz37IJNEpI0RNbxrE7ZCgA40QrFVqc9XevcypFi9DftVWzDNBtd97Q -lmHuIqA9Kb3C/e8CAwEAAaOCAiEwggIdMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE -FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU -C7/XcCnNRht91hnQVEB2E9AtNUowHwYDVR0jBBgwFoAUwMwDRrlYIMxccnDz4S7L -IKb1aDoweAYIKwYBBQUHAQEEbDBqMDMGCCsGAQUFBzABhidodHRwOi8vb2NzcC5z -dGctaW50LXgxLmxldHNlbmNyeXB0Lm9yZy8wMwYIKwYBBQUHMAKGJ2h0dHA6Ly9j -ZXJ0LnN0Zy1pbnQteDEubGV0c2VuY3J5cHQub3JnLzAjBgNVHREEHDAaghhhLmVu -Y3J5cHRpb24tZXhhbXBsZS5jb20wgf4GA1UdIASB9jCB8zAIBgZngQwBAgEwgeYG -CysGAQQBgt8TAQEBMIHWMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNy -eXB0Lm9yZzCBqwYIKwYBBQUHAgIwgZ4MgZtUaGlzIENlcnRpZmljYXRlIG1heSBv -bmx5IGJlIHJlbGllZCB1cG9uIGJ5IFJlbHlpbmcgUGFydGllcyBhbmQgb25seSBp -biBhY2NvcmRhbmNlIHdpdGggdGhlIENlcnRpZmljYXRlIFBvbGljeSBmb3VuZCBh -dCBodHRwczovL2xldHNlbmNyeXB0Lm9yZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0B -AQsFAAOCAQEAP04z87VVNYYHpBkCLkw3B+gTd/F0xDo7ab2HvJJAeOpZgSfoSYMR -omYWiug9wGQqKjs4kaOGjAkW1EV3qosumOtvK7uTvoa2caXDjPYAxRiVIp08Qm0J -/FU/FfGpUXBZW9Ne3m3nDYxOCAWAw9WmV+dUuvb7qZWQSKs7cQv3FY/NuQe0o9LH -FgL7T0W7vc6uVGeBgcoEkX7xX4T7A9V3BqL6mgkK+L++n0EFrDXXzWWENNdWYCvY -Ptu0Ez95IyYNRgI3U1waO9QZ944Pc9OuMCZD4ifbYoMKGqSQb3sGR+B2TQ+qqCUC -4sikdX4WRbEYKlBTcvSpCVJ7ndFTyD6lyg== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEqzCCApOgAwIBAgIRAIvhKg5ZRO08VGQx8JdhT+UwDQYJKoZIhvcNAQELBQAw -GjEYMBYGA1UEAwwPRmFrZSBMRSBSb290IFgxMB4XDTE2MDUyMzIyMDc1OVoXDTM2 -MDUyMzIyMDc1OVowIjEgMB4GA1UEAwwXRmFrZSBMRSBJbnRlcm1lZGlhdGUgWDEw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtWKySDn7rWZc5ggjz3ZB0 -8jO4xti3uzINfD5sQ7Lj7hzetUT+wQob+iXSZkhnvx+IvdbXF5/yt8aWPpUKnPym -oLxsYiI5gQBLxNDzIec0OIaflWqAr29m7J8+NNtApEN8nZFnf3bhehZW7AxmS1m0 -ZnSsdHw0Fw+bgixPg2MQ9k9oefFeqa+7Kqdlz5bbrUYV2volxhDFtnI4Mh8BiWCN -xDH1Hizq+GKCcHsinDZWurCqder/afJBnQs+SBSL6MVApHt+d35zjBD92fO2Je56 -dhMfzCgOKXeJ340WhW3TjD1zqLZXeaCyUNRnfOmWZV8nEhtHOFbUCU7r/KkjMZO9 -AgMBAAGjgeMwgeAwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAw -HQYDVR0OBBYEFMDMA0a5WCDMXHJw8+EuyyCm9Wg6MHoGCCsGAQUFBwEBBG4wbDA0 -BggrBgEFBQcwAYYoaHR0cDovL29jc3Auc3RnLXJvb3QteDEubGV0c2VuY3J5cHQu -b3JnLzA0BggrBgEFBQcwAoYoaHR0cDovL2NlcnQuc3RnLXJvb3QteDEubGV0c2Vu -Y3J5cHQub3JnLzAfBgNVHSMEGDAWgBTBJnSkikSg5vogKNhcI5pFiBh54DANBgkq -hkiG9w0BAQsFAAOCAgEABYSu4Il+fI0MYU42OTmEj+1HqQ5DvyAeyCA6sGuZdwjF -UGeVOv3NnLyfofuUOjEbY5irFCDtnv+0ckukUZN9lz4Q2YjWGUpW4TTu3ieTsaC9 -AFvCSgNHJyWSVtWvB5XDxsqawl1KzHzzwr132bF2rtGtazSqVqK9E07sGHMCf+zp -DQVDVVGtqZPHwX3KqUtefE621b8RI6VCl4oD30Olf8pjuzG4JKBFRFclzLRjo/h7 -IkkfjZ8wDa7faOjVXx6n+eUQ29cIMCzr8/rNWHS9pYGGQKJiY2xmVC9h12H99Xyf -zWE9vb5zKP3MVG6neX1hSdo7PEAb9fqRhHkqVsqUvJlIRmvXvVKTwNCP3eCjRCCI -PTAvjV+4ni786iXwwFYNz8l3PmPLCyQXWGohnJ8iBm+5nk7O2ynaPVW0U2W+pt2w -SVuvdDM5zGv2f9ltNWUiYZHJ1mmO97jSY/6YfdOUH66iRtQtDkHBRdkNBsMbD+Em -2TgBldtHNSJBfB3pm9FblgOcJ0FSWcUDWJ7vO0+NTXlgrRofRT6pVywzxVo6dND0 -WzYlTWeUVsO40xJqhgUQRER9YLOLxJ0O6C8i0xFxAMKOtSdodMB3RIwt7RFQ0uyt -n5Z5MqkYhlMI3J1tPRTp1nEt9fyGspBOO05gi148Qasp+3N+svqKomoQglNoAxU= ------END CERTIFICATE----- diff --git a/tests/letstest/testdata/sample-config/archive/a.encryption-example.com/privkey1.pem b/tests/letstest/testdata/sample-config/archive/a.encryption-example.com/privkey1.pem deleted file mode 100644 index b3059cb47..000000000 --- a/tests/letstest/testdata/sample-config/archive/a.encryption-example.com/privkey1.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCqs9HHKIbAqslj -8Bq+/WvI/iTtx6m6YS084aDR2Bfn1vIJcjMgZjjMmY3PL/BN1NymBF7rkVs0fm71 -FwXCzoUqICIn2QzYjChBcgzXA5RtPM3vRk49oU0Mo3rdmbj1jbrieLuVDBb6G2nH -g6iE7qhKlK4wgYuQphF7MK1d5dgVUojnD3/pfmUfNcRu6nIxnyxumEFnGp7GGKK8 -/5EkbcGIwE+DWnlGDV1Xh9Zblk1oW3nfKZinwVX7/jhJsFMgIUhNXj358go9+8KN -fp6kM9+yCTRKSNETW8axO2QoAONEKxVanPV3r3MqRYvQ37VVswzQbXfe0JZh7iKg -PSm9wv3vAgMBAAECggEAattP6Wz8FaWTlgTaqU44Z8R314VSQULNr7vKETJFnLKY -JsOfL5vt2F4TQGxQ8Ffcm+xGgw4l2tF+odv8ljrzbzBYUTt06CWsmXNMiFhMVKlo -fG01Uy0i71Ny+T9eYhCLuXM8cYv04jHA4M0Q8831+WHjPKgLdswOS2BoVkwoHQfc -xEo40D0sPynd+KRukhgR+5AjwMdaNOV7S8c5iuQYIaZ1Xe5AyfiQkMV4LdbobMDj -bHzGxdeC5GRVOHnMBYrRotgSt4+bsQGeoV9yWY0WAVvnoDfRBRdWK8yRVhuJY1+D -WB6sPJ5cOg7Ijclubo9b+EaUkddvP0aCA3FepqNwcQKBgQDR0hz9OSom2fBjLaR2 -mQe3LqnotwPCuMmXuKndGIwJz9KgelBaRNUcvDtnzSzQVZ3h9/YFJKUkoVPVCoAu -wAF9aBeDGs+LdHerBK8fI87PXwCV0OlZLQfUw1/82dpO/dyYXVeGorrO6FE/Oxb8 -enLerMW0Ocp/MhEgM5lFRUJM1wKBgQDQRauI9QuMoBnl516pOs+7EPRvTwe4oBpO -iH2U7ryJ/YQTgsx25sDWqQBouEnv3j83wnVh9kApkS8UXFd4ZwuizIFCMlgrxw4x -nKDsd1TZOLUO2FNi09YWPUnzxzQBOjBeekEIDKUQCLOKttTrjRHgGld3tmVtHWtL -W+OvNIdcqQKBgCMpqjAJr3W5Wl7UnFY/yRo62MCmQxwT6bzidp0V6woN6Qd52BN4 -q5pYNUBtExCK+J2Q94rfHEnqO2ldjCPJi7ZfhmkzSgrd5twjOdHnJ1Z7Xla9Hw4R -zNksMN7oB3zrcFecdPmcNeBM8Ki/F1gSkUOeArf0Y2ozkskpvIruU3EbAoGBAMVz -h7CMQKrNjj/8Hi5qZ05+QH7Wegd7IfWaSRTNUUmxY2nr81Q2aFQaXRzquo4CMgT3 -Arog76t4zR2MfhDUAKATKehMOnMmgDpgt9/3MiXOMTkltchX9PuYl2faT19qfzjS -xpyPAF43IaA8vZejYnMIBiyka3wLDBGhyDXuovYhAoGAB/AZnOM/4SQuIdtzmBSy -YsHpXcNgRPqvfauCus3e5I6H4wmi+nqF/jyt0oyDBDKZki67CpStwu5Eo7tcLLnY -o+VfJ9co8jUfVxRh0NlZwomF1t/8yAm/deWoV9sX9Yj71ft/eomCifNseeeg31Kl -wkqKc3PndJHrR40mswUOHbs= ------END PRIVATE KEY----- diff --git a/tests/letstest/testdata/sample-config/archive/b.encryption-example.com/cert1.pem b/tests/letstest/testdata/sample-config/archive/b.encryption-example.com/cert1.pem deleted file mode 100644 index 0c1c6b5ef..000000000 --- a/tests/letstest/testdata/sample-config/archive/b.encryption-example.com/cert1.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE9TCCA92gAwIBAgITAPqBl0IgXf6F9LO/8sV1SsoA9DANBgkqhkiG9w0BAQsF -ADAiMSAwHgYDVQQDDBdGYWtlIExFIEludGVybWVkaWF0ZSBYMTAeFw0xNjEyMjMw -MTA0MDBaFw0xNzAzMjMwMTA0MDBaMCMxITAfBgNVBAMTGGIuZW5jcnlwdGlvbi1l -eGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALWA6tWR -FAfYyOEM9HtJXK4tCd1tGF2QZrlJHEL3PJzFHonv7ZaPo6Vkrar1uLinM4AVux/f -s9vcsbdebu54DXpj1IllzjKs3tjStHK46luMqj8gf+3yLZIIVnN4YxkItd1WBtim -+144ku1gULsGnnHmuCefXz6qqkLzFZsElqO7NY+TL4F4m/L0lDjYsU++XgbHT9gi -Tw0jAi8SyH8Ia4IYi4ynnMuHuS11e+yOtq16kLW1RdnxrYpleu9z0DU+6Xlr1tbl -eSkyzbWelDgdsicfOxZz5pbmALXErb472TidcHHK6bsMVhR/P1zQK9Ydc+tC33d0 -XCRRgPoduN8XRfcCAwEAAaOCAiEwggIdMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE -FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU -RJ6J6HcpXRdRjqfyGshMEzkJy4cwHwYDVR0jBBgwFoAUwMwDRrlYIMxccnDz4S7L -IKb1aDoweAYIKwYBBQUHAQEEbDBqMDMGCCsGAQUFBzABhidodHRwOi8vb2NzcC5z -dGctaW50LXgxLmxldHNlbmNyeXB0Lm9yZy8wMwYIKwYBBQUHMAKGJ2h0dHA6Ly9j -ZXJ0LnN0Zy1pbnQteDEubGV0c2VuY3J5cHQub3JnLzAjBgNVHREEHDAaghhiLmVu -Y3J5cHRpb24tZXhhbXBsZS5jb20wgf4GA1UdIASB9jCB8zAIBgZngQwBAgEwgeYG -CysGAQQBgt8TAQEBMIHWMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNy -eXB0Lm9yZzCBqwYIKwYBBQUHAgIwgZ4MgZtUaGlzIENlcnRpZmljYXRlIG1heSBv -bmx5IGJlIHJlbGllZCB1cG9uIGJ5IFJlbHlpbmcgUGFydGllcyBhbmQgb25seSBp -biBhY2NvcmRhbmNlIHdpdGggdGhlIENlcnRpZmljYXRlIFBvbGljeSBmb3VuZCBh -dCBodHRwczovL2xldHNlbmNyeXB0Lm9yZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0B -AQsFAAOCAQEA2K8R+nSf9TmfSeUqB+ckObkf8bgyR0qKx/8fGoYGNAzKVE0KUs8u -SDIITjbcTivEuSChycZAGQMEMZal8uT8GsFqqJUcEJUzuxbv7nvZkCSdal1PrRsw -U4cBBuuZ/NvisEZCyjZe8mMdlhcSgThzqljF5Tcz3EWvaH9kxhqr8eL/6pYdAasT -0HqirveIQUrf9LqEEAYGB3P6VI2kjroxUZif7dt2jvOGwJEJfHOjiC8rp0Db0hVZ -omXSsZN6mVkbv1q0I7lgKWu1RHfNAefado3TJZHe8JJ5Oxrl3f2hxi3SzuPGgfXV -ZdKb0zjDXhgumrp0F2eT9zltTIUr8alYcg== ------END CERTIFICATE----- diff --git a/tests/letstest/testdata/sample-config/archive/b.encryption-example.com/chain1.pem b/tests/letstest/testdata/sample-config/archive/b.encryption-example.com/chain1.pem deleted file mode 100644 index 29a54e2a1..000000000 --- a/tests/letstest/testdata/sample-config/archive/b.encryption-example.com/chain1.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEqzCCApOgAwIBAgIRAIvhKg5ZRO08VGQx8JdhT+UwDQYJKoZIhvcNAQELBQAw -GjEYMBYGA1UEAwwPRmFrZSBMRSBSb290IFgxMB4XDTE2MDUyMzIyMDc1OVoXDTM2 -MDUyMzIyMDc1OVowIjEgMB4GA1UEAwwXRmFrZSBMRSBJbnRlcm1lZGlhdGUgWDEw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtWKySDn7rWZc5ggjz3ZB0 -8jO4xti3uzINfD5sQ7Lj7hzetUT+wQob+iXSZkhnvx+IvdbXF5/yt8aWPpUKnPym -oLxsYiI5gQBLxNDzIec0OIaflWqAr29m7J8+NNtApEN8nZFnf3bhehZW7AxmS1m0 -ZnSsdHw0Fw+bgixPg2MQ9k9oefFeqa+7Kqdlz5bbrUYV2volxhDFtnI4Mh8BiWCN -xDH1Hizq+GKCcHsinDZWurCqder/afJBnQs+SBSL6MVApHt+d35zjBD92fO2Je56 -dhMfzCgOKXeJ340WhW3TjD1zqLZXeaCyUNRnfOmWZV8nEhtHOFbUCU7r/KkjMZO9 -AgMBAAGjgeMwgeAwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAw -HQYDVR0OBBYEFMDMA0a5WCDMXHJw8+EuyyCm9Wg6MHoGCCsGAQUFBwEBBG4wbDA0 -BggrBgEFBQcwAYYoaHR0cDovL29jc3Auc3RnLXJvb3QteDEubGV0c2VuY3J5cHQu -b3JnLzA0BggrBgEFBQcwAoYoaHR0cDovL2NlcnQuc3RnLXJvb3QteDEubGV0c2Vu -Y3J5cHQub3JnLzAfBgNVHSMEGDAWgBTBJnSkikSg5vogKNhcI5pFiBh54DANBgkq -hkiG9w0BAQsFAAOCAgEABYSu4Il+fI0MYU42OTmEj+1HqQ5DvyAeyCA6sGuZdwjF -UGeVOv3NnLyfofuUOjEbY5irFCDtnv+0ckukUZN9lz4Q2YjWGUpW4TTu3ieTsaC9 -AFvCSgNHJyWSVtWvB5XDxsqawl1KzHzzwr132bF2rtGtazSqVqK9E07sGHMCf+zp -DQVDVVGtqZPHwX3KqUtefE621b8RI6VCl4oD30Olf8pjuzG4JKBFRFclzLRjo/h7 -IkkfjZ8wDa7faOjVXx6n+eUQ29cIMCzr8/rNWHS9pYGGQKJiY2xmVC9h12H99Xyf -zWE9vb5zKP3MVG6neX1hSdo7PEAb9fqRhHkqVsqUvJlIRmvXvVKTwNCP3eCjRCCI -PTAvjV+4ni786iXwwFYNz8l3PmPLCyQXWGohnJ8iBm+5nk7O2ynaPVW0U2W+pt2w -SVuvdDM5zGv2f9ltNWUiYZHJ1mmO97jSY/6YfdOUH66iRtQtDkHBRdkNBsMbD+Em -2TgBldtHNSJBfB3pm9FblgOcJ0FSWcUDWJ7vO0+NTXlgrRofRT6pVywzxVo6dND0 -WzYlTWeUVsO40xJqhgUQRER9YLOLxJ0O6C8i0xFxAMKOtSdodMB3RIwt7RFQ0uyt -n5Z5MqkYhlMI3J1tPRTp1nEt9fyGspBOO05gi148Qasp+3N+svqKomoQglNoAxU= ------END CERTIFICATE----- diff --git a/tests/letstest/testdata/sample-config/archive/b.encryption-example.com/fullchain1.pem b/tests/letstest/testdata/sample-config/archive/b.encryption-example.com/fullchain1.pem deleted file mode 100644 index 705cca6c3..000000000 --- a/tests/letstest/testdata/sample-config/archive/b.encryption-example.com/fullchain1.pem +++ /dev/null @@ -1,56 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE9TCCA92gAwIBAgITAPqBl0IgXf6F9LO/8sV1SsoA9DANBgkqhkiG9w0BAQsF -ADAiMSAwHgYDVQQDDBdGYWtlIExFIEludGVybWVkaWF0ZSBYMTAeFw0xNjEyMjMw -MTA0MDBaFw0xNzAzMjMwMTA0MDBaMCMxITAfBgNVBAMTGGIuZW5jcnlwdGlvbi1l -eGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALWA6tWR -FAfYyOEM9HtJXK4tCd1tGF2QZrlJHEL3PJzFHonv7ZaPo6Vkrar1uLinM4AVux/f -s9vcsbdebu54DXpj1IllzjKs3tjStHK46luMqj8gf+3yLZIIVnN4YxkItd1WBtim -+144ku1gULsGnnHmuCefXz6qqkLzFZsElqO7NY+TL4F4m/L0lDjYsU++XgbHT9gi -Tw0jAi8SyH8Ia4IYi4ynnMuHuS11e+yOtq16kLW1RdnxrYpleu9z0DU+6Xlr1tbl -eSkyzbWelDgdsicfOxZz5pbmALXErb472TidcHHK6bsMVhR/P1zQK9Ydc+tC33d0 -XCRRgPoduN8XRfcCAwEAAaOCAiEwggIdMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE -FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU -RJ6J6HcpXRdRjqfyGshMEzkJy4cwHwYDVR0jBBgwFoAUwMwDRrlYIMxccnDz4S7L -IKb1aDoweAYIKwYBBQUHAQEEbDBqMDMGCCsGAQUFBzABhidodHRwOi8vb2NzcC5z -dGctaW50LXgxLmxldHNlbmNyeXB0Lm9yZy8wMwYIKwYBBQUHMAKGJ2h0dHA6Ly9j -ZXJ0LnN0Zy1pbnQteDEubGV0c2VuY3J5cHQub3JnLzAjBgNVHREEHDAaghhiLmVu -Y3J5cHRpb24tZXhhbXBsZS5jb20wgf4GA1UdIASB9jCB8zAIBgZngQwBAgEwgeYG -CysGAQQBgt8TAQEBMIHWMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNy -eXB0Lm9yZzCBqwYIKwYBBQUHAgIwgZ4MgZtUaGlzIENlcnRpZmljYXRlIG1heSBv -bmx5IGJlIHJlbGllZCB1cG9uIGJ5IFJlbHlpbmcgUGFydGllcyBhbmQgb25seSBp -biBhY2NvcmRhbmNlIHdpdGggdGhlIENlcnRpZmljYXRlIFBvbGljeSBmb3VuZCBh -dCBodHRwczovL2xldHNlbmNyeXB0Lm9yZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0B -AQsFAAOCAQEA2K8R+nSf9TmfSeUqB+ckObkf8bgyR0qKx/8fGoYGNAzKVE0KUs8u -SDIITjbcTivEuSChycZAGQMEMZal8uT8GsFqqJUcEJUzuxbv7nvZkCSdal1PrRsw -U4cBBuuZ/NvisEZCyjZe8mMdlhcSgThzqljF5Tcz3EWvaH9kxhqr8eL/6pYdAasT -0HqirveIQUrf9LqEEAYGB3P6VI2kjroxUZif7dt2jvOGwJEJfHOjiC8rp0Db0hVZ -omXSsZN6mVkbv1q0I7lgKWu1RHfNAefado3TJZHe8JJ5Oxrl3f2hxi3SzuPGgfXV -ZdKb0zjDXhgumrp0F2eT9zltTIUr8alYcg== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEqzCCApOgAwIBAgIRAIvhKg5ZRO08VGQx8JdhT+UwDQYJKoZIhvcNAQELBQAw -GjEYMBYGA1UEAwwPRmFrZSBMRSBSb290IFgxMB4XDTE2MDUyMzIyMDc1OVoXDTM2 -MDUyMzIyMDc1OVowIjEgMB4GA1UEAwwXRmFrZSBMRSBJbnRlcm1lZGlhdGUgWDEw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtWKySDn7rWZc5ggjz3ZB0 -8jO4xti3uzINfD5sQ7Lj7hzetUT+wQob+iXSZkhnvx+IvdbXF5/yt8aWPpUKnPym -oLxsYiI5gQBLxNDzIec0OIaflWqAr29m7J8+NNtApEN8nZFnf3bhehZW7AxmS1m0 -ZnSsdHw0Fw+bgixPg2MQ9k9oefFeqa+7Kqdlz5bbrUYV2volxhDFtnI4Mh8BiWCN -xDH1Hizq+GKCcHsinDZWurCqder/afJBnQs+SBSL6MVApHt+d35zjBD92fO2Je56 -dhMfzCgOKXeJ340WhW3TjD1zqLZXeaCyUNRnfOmWZV8nEhtHOFbUCU7r/KkjMZO9 -AgMBAAGjgeMwgeAwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAw -HQYDVR0OBBYEFMDMA0a5WCDMXHJw8+EuyyCm9Wg6MHoGCCsGAQUFBwEBBG4wbDA0 -BggrBgEFBQcwAYYoaHR0cDovL29jc3Auc3RnLXJvb3QteDEubGV0c2VuY3J5cHQu -b3JnLzA0BggrBgEFBQcwAoYoaHR0cDovL2NlcnQuc3RnLXJvb3QteDEubGV0c2Vu -Y3J5cHQub3JnLzAfBgNVHSMEGDAWgBTBJnSkikSg5vogKNhcI5pFiBh54DANBgkq -hkiG9w0BAQsFAAOCAgEABYSu4Il+fI0MYU42OTmEj+1HqQ5DvyAeyCA6sGuZdwjF -UGeVOv3NnLyfofuUOjEbY5irFCDtnv+0ckukUZN9lz4Q2YjWGUpW4TTu3ieTsaC9 -AFvCSgNHJyWSVtWvB5XDxsqawl1KzHzzwr132bF2rtGtazSqVqK9E07sGHMCf+zp -DQVDVVGtqZPHwX3KqUtefE621b8RI6VCl4oD30Olf8pjuzG4JKBFRFclzLRjo/h7 -IkkfjZ8wDa7faOjVXx6n+eUQ29cIMCzr8/rNWHS9pYGGQKJiY2xmVC9h12H99Xyf -zWE9vb5zKP3MVG6neX1hSdo7PEAb9fqRhHkqVsqUvJlIRmvXvVKTwNCP3eCjRCCI -PTAvjV+4ni786iXwwFYNz8l3PmPLCyQXWGohnJ8iBm+5nk7O2ynaPVW0U2W+pt2w -SVuvdDM5zGv2f9ltNWUiYZHJ1mmO97jSY/6YfdOUH66iRtQtDkHBRdkNBsMbD+Em -2TgBldtHNSJBfB3pm9FblgOcJ0FSWcUDWJ7vO0+NTXlgrRofRT6pVywzxVo6dND0 -WzYlTWeUVsO40xJqhgUQRER9YLOLxJ0O6C8i0xFxAMKOtSdodMB3RIwt7RFQ0uyt -n5Z5MqkYhlMI3J1tPRTp1nEt9fyGspBOO05gi148Qasp+3N+svqKomoQglNoAxU= ------END CERTIFICATE----- diff --git a/tests/letstest/testdata/sample-config/archive/b.encryption-example.com/privkey1.pem b/tests/letstest/testdata/sample-config/archive/b.encryption-example.com/privkey1.pem deleted file mode 100644 index c43af4f50..000000000 --- a/tests/letstest/testdata/sample-config/archive/b.encryption-example.com/privkey1.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC1gOrVkRQH2Mjh -DPR7SVyuLQndbRhdkGa5SRxC9zycxR6J7+2Wj6OlZK2q9bi4pzOAFbsf37Pb3LG3 -Xm7ueA16Y9SJZc4yrN7Y0rRyuOpbjKo/IH/t8i2SCFZzeGMZCLXdVgbYpvteOJLt -YFC7Bp5x5rgnn18+qqpC8xWbBJajuzWPky+BeJvy9JQ42LFPvl4Gx0/YIk8NIwIv -Esh/CGuCGIuMp5zLh7ktdXvsjratepC1tUXZ8a2KZXrvc9A1Pul5a9bW5XkpMs21 -npQ4HbInHzsWc+aW5gC1xK2+O9k4nXBxyum7DFYUfz9c0CvWHXPrQt93dFwkUYD6 -HbjfF0X3AgMBAAECggEAYjEnWnjNTF10d4Qps5UBxdzpzFfb6apYWH78AiJ9MRbX -Kaqab2ywDKdF6Qpcb9FM5EtdW6YLSLPBlUFKZEqgiAkAD4D7J6EsQkLjinkNmI+l -/tbXPuRY0PsfwgJsIjv7H44N0CGuNdAHdNI5eqTfDSHTmOP4hA+SYvvdQWsfD94r -m4ocr2YfL4BmEh3hujb8NjVD8csSnFlpeVibtJ1rWiv1otLaEuVmcN49n0rIj0IK -tiCIdqqIscVZ+P3fFfr/E3oL2nhBqxRnzqoK/HNTpI4JJAbRGP51nVr0QhZYpIuj -xDM+zeuIt0lMYOzoE+JD0612Q66mokBPHZAd5MuEwQKBgQDbdJUQfcw/9zHuWm4n -9+wYgMN1QhfJNEr21LUjbe551YapkU389mBJJIlmjH5p67PaMRuJ1o6uRJWv40hf -Y4xy6iViLc1FExIvRVznxMCIyCELtuvYMiCJtaekFKunziniw8yg5SwSZJY3GlXN -cDAwIcgb9PPU5rBEip8g0DIp1wKBgQDTunF3OtEoVqdsPSmw5y1767YTCsm3dnVT -+kwp7ZrX3TJ3Xd6EVPWUBP1HbGD3qfsIR+Ha3Vl8OiLNC4zDoZY886U4qY5Mtn4P -JhUN0H9zYZg2l9gFf9u8RkUoPZPXXuk+eQnlGT133PrkCloDlqP47u/fQ5dV1t6F -NghgwfOA4QKBgHI/IRMyylBKmj3h6hL4qHqhHiA/Ri7DAHu7hIlrQ4k9ths0wAr/ -IGUzlixC29S8libzBckeX60tm1ez1QuDwaxZZRjVi1V4djERxSoLbchHl5yHoAQv -JG1Mmnd7I1n6pCefkzn31JfGscUB+sU2sH9+NrUHMqEVb5JfMDRe7p6FAoGAcYGc -Xqz7gEKkUtSfSyVELxD4dVDtPxuUXsbqmfe1cVA2Q+Pg7NSXKxlZpzak7WEFITVY -EXtlA8Iu8fnlJuOzpU2BH9VWYi3beseRtew2x2Zksa/JsXkQFekeHiqU3XsWU9WT -xmw3ldCz+BjMlOvnUAbYNbsIoI4mkQecijKwFkECgYA2zafSyWCW5zAronUBQDEe -vJumAJ77TwpYzzvH2ic6siWimdePxQ6TgdM3s1FgpdkbaXgKzS5MbZbD0Uyg3MEj -t6ZT7GSWq39wLDJVDYJ5ClAi8mv9WNs8X8rJ0CkdiPZgHC77OwBELthGn2p9ncar -Bwhs4S84KEJFT0LAC3YeRQ== ------END PRIVATE KEY----- diff --git a/tests/letstest/testdata/sample-config/csr/0000_csr-certbot.pem b/tests/letstest/testdata/sample-config/csr/0000_csr-certbot.pem deleted file mode 100644 index 16d73ffde..000000000 --- a/tests/letstest/testdata/sample-config/csr/0000_csr-certbot.pem +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIIChjCCAW4CAQIwFzEVMBMGA1UEAwwMaXMuaXNub3Qub3JnMIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7nsHOCTvvQlRYXpI5xE7AggqTVmM8lGi18Y2 -gVlr3WYAS7higHRJjWroAmZ2Bx9IRfHOxwhVWm/hlc/u4w0IYlRnArg6suXrgtn+ -6Ea0WDUCiKEiKvQqD0kaI936hpydU/dY70UZnpKSyi0kiCrLzCkIaXS8HJdLOIXB -Q4FMVqjppYjUejMgrabthq1QTqU0S4MxwS1oj67VqaAkedGWxFgFQ2kIFV0/WL13 -Xs0SCTYyN96KK1Q2CF63HoN79zc+TVslg32DDU5UF7sVVvlkoHcl0OgR9l4jfou5 -HwmatMjXPI+0bWVxmw6iC6tbK7Dx+ytYIodhEOL52Youzy/lLwIDAQABoCowKAYJ -KoZIhvcNAQkOMRswGTAXBgNVHREEEDAOggxpcy5pc25vdC5vcmcwDQYJKoZIhvcN -AQELBQADggEBAAJsLiylvGq64wxVt8EBeXRB4ycBzC5J/pyOWMP9oexW1o3XPhCC -+0tIQVGk7wJMe3+WiPMVsn4pGOUGDaPvfC7ijlvipzaYyLEfnr+J7pukhYbzNHmu -XL5lbTJ0hTCfqUjmi1yE4M/v2eX5yNaEHsZExZ1NbtwutE/Tx5iSqt7kxbIoFqmF -7Tne2JHjt945+/l9yvqaIcEFOmblS0OxY9EjxgJdhKCKbhD/ZoYaVVisc52h/2/M -jtzvzZr1rZCvFnuQxGDco5vYe3u7uJ9tQHLCMpoIorT3kX3yTdgnWxst6XBVUY/P -Q6O18obG4ALoP/ESzvTauQIwFVGfal/jqyI= ------END CERTIFICATE REQUEST----- diff --git a/tests/letstest/testdata/sample-config/csr/0001_csr-certbot.pem b/tests/letstest/testdata/sample-config/csr/0001_csr-certbot.pem deleted file mode 100644 index 452bc45cd..000000000 --- a/tests/letstest/testdata/sample-config/csr/0001_csr-certbot.pem +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIICgDCCAWgCAQIwFDESMBAGA1UEAwwJaXNub3Qub3JnMIIBIjANBgkqhkiG9w0B -AQEFAAOCAQ8AMIIBCgKCAQEAsEAy7rdPsYFFt9VsK9NZy+W9nbsYGmvIaMSyJkEg -Xe2P0MmnWG/hn6F1bLPm85uS5oQsOWDpwVz31tKhoWhUDbRzPWP5Ur2NnHY92Whz -5tP4ir4vEEDuB9etQ8+wZ7+3z9q1VhPcgDdYyouQVB0QejJ1yUBiVPr289bW//ln -kj9DFxn4oufoJ4ELSZSZgWFM92EGKMMy1zD2bJH87mI0Gs0pIOEo+QMJ8TvVEbau -+aFaTANslqRAF5LaWcrPgvHor7cK5w/4bVBZCmY2QYKqlYwZiRPpwg3Ii6B9Q8kz -rDkGSDjwsazca4api57cza13XkRl7KvyZbwTwlFBud+ydwIDAQABoCcwJQYJKoZI -hvcNAQkOMRgwFjAUBgNVHREEDTALgglpc25vdC5vcmcwDQYJKoZIhvcNAQELBQAD -ggEBAB3vniZw2ML6E9jrMY8DtQjPDDNr1BqOGzyOaJipqpGZSRvhTA44DAAjdFpS -5BLrnXniPIZGG4/6WorLTEDBnlFcLinUg7GDT2DpauQa+4PLxFi13hE1TuSVOp9A -08YXhzALvZxMIjQ/tVhAp0+PkGEWU2wI0SmDvUUTJqMwSJYgXkf/vBS34/koKywV -gPDod5AbLuhYgKiQYwDZ0dd69leT0REmizuaHtA6tW3mBgewSKotwqY3fHmhHV8o -YLSVhImz4jJjK3LjmcdXuBxqE0z+p6n/+lSGG8RR/E8pix4OAkVAP6nyt/loW1BX -ZzWOuSHozGN5UJSL248vLFWrsV8= ------END CERTIFICATE REQUEST----- diff --git a/tests/letstest/testdata/sample-config/csr/0002_csr-certbot.pem b/tests/letstest/testdata/sample-config/csr/0002_csr-certbot.pem deleted file mode 100644 index 2ee44b3fd..000000000 --- a/tests/letstest/testdata/sample-config/csr/0002_csr-certbot.pem +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIICnjCCAYYCAQIwIzEhMB8GA1UEAwwYYS5lbmNyeXB0aW9uLWV4YW1wbGUuY29t -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrPRxyiGwKrJY/Aavv1r -yP4k7cepumEtPOGg0dgX59byCXIzIGY4zJmNzy/wTdTcpgRe65FbNH5u9RcFws6F -KiAiJ9kM2IwoQXIM1wOUbTzN70ZOPaFNDKN63Zm49Y264ni7lQwW+htpx4OohO6o -SpSuMIGLkKYRezCtXeXYFVKI5w9/6X5lHzXEbupyMZ8sbphBZxqexhiivP+RJG3B -iMBPg1p5Rg1dV4fWW5ZNaFt53ymYp8FV+/44SbBTICFITV49+fIKPfvCjX6epDPf -sgk0SkjRE1vGsTtkKADjRCsVWpz1d69zKkWL0N+1VbMM0G133tCWYe4ioD0pvcL9 -7wIDAQABoDYwNAYJKoZIhvcNAQkOMScwJTAjBgNVHREEHDAaghhhLmVuY3J5cHRp -b24tZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggEBAJyKJHdUwR9BOKYJarUy -P8mqu6UBUt8faSu6o3EUeDHbnUgxGAVwB5TJV0+JwIjPFQFRofHE8CFhUvi0W0YJ -BsGVqblnJzz80NkUX9uwjBAGKaDxXqXDOctkQSAOJxM/rvD2uJLmlokibDDm7mnS -DX8SUVAPgORDGlVTGATjvmA3YeH05gHRFgRDWFP5DOZs99fx4957HrXhsIxew98s -Felupgswnouyq3crrgcjY0qo3Pc5gjUcuwaT2cjtvzi93f/ImDt6f1sdSSJB00wk -34lbs/Z+0G8bH1dqYIZzkwNgq7rolhDYh3WRgTlfkgkV7FlkQGm8qn5uoQvaXaaS -ShM= ------END CERTIFICATE REQUEST----- diff --git a/tests/letstest/testdata/sample-config/csr/0003_csr-certbot.pem b/tests/letstest/testdata/sample-config/csr/0003_csr-certbot.pem deleted file mode 100644 index 2a50dc33d..000000000 --- a/tests/letstest/testdata/sample-config/csr/0003_csr-certbot.pem +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIICnjCCAYYCAQIwIzEhMB8GA1UEAwwYYi5lbmNyeXB0aW9uLWV4YW1wbGUuY29t -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYDq1ZEUB9jI4Qz0e0lc -ri0J3W0YXZBmuUkcQvc8nMUeie/tlo+jpWStqvW4uKczgBW7H9+z29yxt15u7ngN -emPUiWXOMqze2NK0crjqW4yqPyB/7fItkghWc3hjGQi13VYG2Kb7XjiS7WBQuwae -cea4J59fPqqqQvMVmwSWo7s1j5MvgXib8vSUONixT75eBsdP2CJPDSMCLxLIfwhr -ghiLjKecy4e5LXV77I62rXqQtbVF2fGtimV673PQNT7peWvW1uV5KTLNtZ6UOB2y -Jx87FnPmluYAtcStvjvZOJ1wccrpuwxWFH8/XNAr1h1z60Lfd3RcJFGA+h243xdF -9wIDAQABoDYwNAYJKoZIhvcNAQkOMScwJTAjBgNVHREEHDAaghhiLmVuY3J5cHRp -b24tZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggEBACDw8/zjFaIdp4aqyrzT -fzaqAnoXZt3+0JDPLANy3DLCJmK2TQMyItg/Oid5NEQ45UluXv811IMCcONyVmrD -19W3XErhTJOJMgpjg4GLBRRFhLm+uTIcbv/xEeUgOYbslsqwi2gHECe1Vsj/Ahbo -QXXqcDg1cXe6VTQhX+Nw5q30t/oCmkJWcUVHBON2nbOujRz1+z6AjVl1dM+CYDRq -bsKn7m3biYS7lx7/ApIuhJQsghcmccCtWrH5GsOUsJUgiANv5u+QZgGaajkCRKYV -fD/u8qTPfKb/+lTxtDrfFOGH+mbZKbKf2/ibneYcql8fFQWiapbudI2cMk8yDxA9 -2Tw= ------END CERTIFICATE REQUEST----- diff --git a/tests/letstest/testdata/sample-config/keys/0000_key-certbot.pem b/tests/letstest/testdata/sample-config/keys/0000_key-certbot.pem deleted file mode 100644 index 9a018c41e..000000000 --- a/tests/letstest/testdata/sample-config/keys/0000_key-certbot.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDuewc4JO+9CVFh -ekjnETsCCCpNWYzyUaLXxjaBWWvdZgBLuGKAdEmNaugCZnYHH0hF8c7HCFVab+GV -z+7jDQhiVGcCuDqy5euC2f7oRrRYNQKIoSIq9CoPSRoj3fqGnJ1T91jvRRmekpLK -LSSIKsvMKQhpdLwcl0s4hcFDgUxWqOmliNR6MyCtpu2GrVBOpTRLgzHBLWiPrtWp -oCR50ZbEWAVDaQgVXT9YvXdezRIJNjI33oorVDYIXrceg3v3Nz5NWyWDfYMNTlQX -uxVW+WSgdyXQ6BH2XiN+i7kfCZq0yNc8j7RtZXGbDqILq1srsPH7K1gih2EQ4vnZ -ii7PL+UvAgMBAAECggEBAIX9jeLXrfNSRu0z3b4mCjdsCwiGphCIGayOa5VlfptY -chYZNQ7jR2gzhsPCedIqm1rhL8LYRcyYS/D2cUwUyH8m2PHIPQLC9/3/KZ+sCiv9 -LL1De4USxobsFcnNMLNtT2Ab+1YERw63X85EauAu226MJ3PI6OBPiS3qyNl6zj9p -do9SyzsNFEGtDk+ndWf3keoHBKLge4DP1lA3Jt42wSUxVv9U5SLvFpMQm8PqbqrK -4ofXcgxMFIJHDDGXsoDI7LOOsV6ncBVlui0ELM/QWBb5x1605VxqEDRL+h/wMp5Y -JIc6HbgcERmtHmyFlHHNtjAXxeulJVDJQDekd/irJ5ECgYEA/WQJ4LwkkA/Yhf2W -WYJtD8LuwzRnvGs3R+rgx3+hOeO4TFZD5fzObZVRSwWQO2jbOtBJOaRLUsUngcJQ -DXr/FGf1rnGhLmNeLE+jN9FS73wBhEXViFZ/fzhVibGbc7u45Y5REykZj8HtUHP5 -hBKR2Nx94WDiv1MBgcKrRk6yI50CgYEA8O+vWcMzEdPtonHl8UgTa8/c5g/RBBvS -plB8mVsmM/E5CNwnetZM32cg7dC7yNaZzn3qF6w+LdE2vw3j5VbqvuVUvsRgvYcJ -3kMbHsbsxkRw+HVWZGgEtWNzuYQUL0xN+xzIZDWkbtuaihqYAy4voYNAM08BTNcE -POQEMIGxcDsCgYEAg+TLo3grS/WDjhM2bHcQT9D2uRMRIClqx/uBbzaG9HwNFWcd -xpv102KSwwstTU9CNfXu95sGPhozez5qrumj1rpaTqgE7wF4JnZ5jfdeRRv2KiSz -hlkH2m+3TontUauYDZ0rpF6TWJnn7iW/7jhARHJY77SfslkBgsqSnnEeFp0CgYEA -7FsFVvZRzCRt01UOsPL28mWYmyxa7D/rFvKQONUdFgmG3PUz2aIPCX2e5Q1GmlBD -1Djbg1uaJ9I8dZJHxbzNTnWk+/ujt2mYuax1F20n65xKgsKA/MC6FcM5TH2QW5Hs -UfI7d2rUI1hVMzPBeiU93qDmQy825E1uP9mjbn5cNe8CgYAsBpJgS1LkDruyWmjG -ZTzdHGciA1O3gUArLQmyUfJlPS3Hgwn7wnBBihtGZDHmjJ7734+PQ9ioCnO9Pb+K -8Cp29vJ85lka7o7I48OeScLmczgEUYOPCrbkkKJdKaG6gn5CKpRBVYDlhbWjVZ51 -4uda/BQ1hqHh8WmxK6x21qC9JQ== ------END PRIVATE KEY----- diff --git a/tests/letstest/testdata/sample-config/keys/0001_key-certbot.pem b/tests/letstest/testdata/sample-config/keys/0001_key-certbot.pem deleted file mode 100644 index a3a7faf55..000000000 --- a/tests/letstest/testdata/sample-config/keys/0001_key-certbot.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCwQDLut0+xgUW3 -1Wwr01nL5b2duxgaa8hoxLImQSBd7Y/QyadYb+GfoXVss+bzm5LmhCw5YOnBXPfW -0qGhaFQNtHM9Y/lSvY2cdj3ZaHPm0/iKvi8QQO4H161Dz7Bnv7fP2rVWE9yAN1jK -i5BUHRB6MnXJQGJU+vbz1tb/+WeSP0MXGfii5+gngQtJlJmBYUz3YQYowzLXMPZs -kfzuYjQazSkg4Sj5AwnxO9URtq75oVpMA2yWpEAXktpZys+C8eivtwrnD/htUFkK -ZjZBgqqVjBmJE+nCDciLoH1DyTOsOQZIOPCxrNxrhqmLntzNrXdeRGXsq/JlvBPC -UUG537J3AgMBAAECggEBAJoZR27X72GvORmmDFG1FInlcIf8EPLo0exoLaqsvnPh -RSCzbxEvoQFE1boZARB1MVdCsLfqN/bMJhU5TAAni3YAE9HVGyRwfuQRrbnsTYnA -Q0prRhLb8kIBHIhxijbrtPaSroF4FA42VfehVqt0TffJLpqrJE5QrqI7cPeVRCzk -laLyi2rjZBhN6l1OxFSIOrEDlcowlPUMORbmNDMbq/dLu5riVO/kP2x70K1IiANI -NZzVhMwkktYj3Ku2altRLcyRrC3Bs46w2QF6wiC88/LMapt79um65P/SgcCgyOYE -oxJywZwMnyw8ut1Y+KS8B7AdzqWmj7Q9wr0xbW6+4eECgYEA6sNrMGZVRUFRPAcr -m3y5fkM/WJ8tAkT3hI2/noljv3k8iameTy/B/y3p+aM8/6Oa/gdO/SWtfKPednkf -CIh/3J5tJ1yvK7wHEEU6r6qxVKr2FLCMfSXoGx+E+r9qPF8WdV+55beVgO86UqA5 -y9a6DhNA+Xt4jDJc+rbpga0pj60CgYEAwDHDV0lR7jVT6iiU6VhAu1gM/SBVqXE/ -VSfmGihgaO4pJ9OgfqusKbraNONc+oBub7B4T3sSnF/I0mSUclD6brmG99OWLIg8 -L6/ed+bLPRO0iTvKRLbyBLom1Totfh/X6iQ2Zci40vLIS7kbYDban16ca+iSm+0B -41RV4q6+vzMCgYBLoxiW6HGStZ+xonHHT+EHsCzppac/su64c18IeiV8HFiH1fFe -e/mZ+LYIqzJM/u5B6CLn5srFfJqBOzbnbescLqLmarM5eQQhltx4mps1tzs/oT4y -WBM3IembTC6zMsOun1/qhkKR3wHAe0UDyrP5MvTdLI3DRbq1QFdtY1gfpQKBgEgg -pNGWJ5RBGSvwbOohf7GPOtioEN3VLVJ09crtSjk23+Uda8b+AE9s20Ur6pHsLwXl -cVFKu9JJtCEZNAiu0T1KjRdmpZ4yxnuTAed3iuByC7fQ43jkO3GAtuAgxD/oDWzG -iE+sg4hPKtIYNujlzSgwJn3su1CfIq1A0jaPI/C3AoGAHGTBtsXdR1goFvcxwA+n -l2bAs/InoED5nj26a//JuONgtGlm//QKCxIgjjktpeZm8sfsaYeR+rwIUODWRX/e -LUF85a70SaH+FZRXBRS2d/zaNxO4F37nE5fwO+VAurSb7El7yOyCepK22iSHMYdl -xak78KZKv3HXW5yrfA+dc2Y= ------END PRIVATE KEY----- diff --git a/tests/letstest/testdata/sample-config/keys/0002_key-certbot.pem b/tests/letstest/testdata/sample-config/keys/0002_key-certbot.pem deleted file mode 100644 index b3059cb47..000000000 --- a/tests/letstest/testdata/sample-config/keys/0002_key-certbot.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCqs9HHKIbAqslj -8Bq+/WvI/iTtx6m6YS084aDR2Bfn1vIJcjMgZjjMmY3PL/BN1NymBF7rkVs0fm71 -FwXCzoUqICIn2QzYjChBcgzXA5RtPM3vRk49oU0Mo3rdmbj1jbrieLuVDBb6G2nH -g6iE7qhKlK4wgYuQphF7MK1d5dgVUojnD3/pfmUfNcRu6nIxnyxumEFnGp7GGKK8 -/5EkbcGIwE+DWnlGDV1Xh9Zblk1oW3nfKZinwVX7/jhJsFMgIUhNXj358go9+8KN -fp6kM9+yCTRKSNETW8axO2QoAONEKxVanPV3r3MqRYvQ37VVswzQbXfe0JZh7iKg -PSm9wv3vAgMBAAECggEAattP6Wz8FaWTlgTaqU44Z8R314VSQULNr7vKETJFnLKY -JsOfL5vt2F4TQGxQ8Ffcm+xGgw4l2tF+odv8ljrzbzBYUTt06CWsmXNMiFhMVKlo -fG01Uy0i71Ny+T9eYhCLuXM8cYv04jHA4M0Q8831+WHjPKgLdswOS2BoVkwoHQfc -xEo40D0sPynd+KRukhgR+5AjwMdaNOV7S8c5iuQYIaZ1Xe5AyfiQkMV4LdbobMDj -bHzGxdeC5GRVOHnMBYrRotgSt4+bsQGeoV9yWY0WAVvnoDfRBRdWK8yRVhuJY1+D -WB6sPJ5cOg7Ijclubo9b+EaUkddvP0aCA3FepqNwcQKBgQDR0hz9OSom2fBjLaR2 -mQe3LqnotwPCuMmXuKndGIwJz9KgelBaRNUcvDtnzSzQVZ3h9/YFJKUkoVPVCoAu -wAF9aBeDGs+LdHerBK8fI87PXwCV0OlZLQfUw1/82dpO/dyYXVeGorrO6FE/Oxb8 -enLerMW0Ocp/MhEgM5lFRUJM1wKBgQDQRauI9QuMoBnl516pOs+7EPRvTwe4oBpO -iH2U7ryJ/YQTgsx25sDWqQBouEnv3j83wnVh9kApkS8UXFd4ZwuizIFCMlgrxw4x -nKDsd1TZOLUO2FNi09YWPUnzxzQBOjBeekEIDKUQCLOKttTrjRHgGld3tmVtHWtL -W+OvNIdcqQKBgCMpqjAJr3W5Wl7UnFY/yRo62MCmQxwT6bzidp0V6woN6Qd52BN4 -q5pYNUBtExCK+J2Q94rfHEnqO2ldjCPJi7ZfhmkzSgrd5twjOdHnJ1Z7Xla9Hw4R -zNksMN7oB3zrcFecdPmcNeBM8Ki/F1gSkUOeArf0Y2ozkskpvIruU3EbAoGBAMVz -h7CMQKrNjj/8Hi5qZ05+QH7Wegd7IfWaSRTNUUmxY2nr81Q2aFQaXRzquo4CMgT3 -Arog76t4zR2MfhDUAKATKehMOnMmgDpgt9/3MiXOMTkltchX9PuYl2faT19qfzjS -xpyPAF43IaA8vZejYnMIBiyka3wLDBGhyDXuovYhAoGAB/AZnOM/4SQuIdtzmBSy -YsHpXcNgRPqvfauCus3e5I6H4wmi+nqF/jyt0oyDBDKZki67CpStwu5Eo7tcLLnY -o+VfJ9co8jUfVxRh0NlZwomF1t/8yAm/deWoV9sX9Yj71ft/eomCifNseeeg31Kl -wkqKc3PndJHrR40mswUOHbs= ------END PRIVATE KEY----- diff --git a/tests/letstest/testdata/sample-config/keys/0003_key-certbot.pem b/tests/letstest/testdata/sample-config/keys/0003_key-certbot.pem deleted file mode 100644 index c43af4f50..000000000 --- a/tests/letstest/testdata/sample-config/keys/0003_key-certbot.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC1gOrVkRQH2Mjh -DPR7SVyuLQndbRhdkGa5SRxC9zycxR6J7+2Wj6OlZK2q9bi4pzOAFbsf37Pb3LG3 -Xm7ueA16Y9SJZc4yrN7Y0rRyuOpbjKo/IH/t8i2SCFZzeGMZCLXdVgbYpvteOJLt -YFC7Bp5x5rgnn18+qqpC8xWbBJajuzWPky+BeJvy9JQ42LFPvl4Gx0/YIk8NIwIv -Esh/CGuCGIuMp5zLh7ktdXvsjratepC1tUXZ8a2KZXrvc9A1Pul5a9bW5XkpMs21 -npQ4HbInHzsWc+aW5gC1xK2+O9k4nXBxyum7DFYUfz9c0CvWHXPrQt93dFwkUYD6 -HbjfF0X3AgMBAAECggEAYjEnWnjNTF10d4Qps5UBxdzpzFfb6apYWH78AiJ9MRbX -Kaqab2ywDKdF6Qpcb9FM5EtdW6YLSLPBlUFKZEqgiAkAD4D7J6EsQkLjinkNmI+l -/tbXPuRY0PsfwgJsIjv7H44N0CGuNdAHdNI5eqTfDSHTmOP4hA+SYvvdQWsfD94r -m4ocr2YfL4BmEh3hujb8NjVD8csSnFlpeVibtJ1rWiv1otLaEuVmcN49n0rIj0IK -tiCIdqqIscVZ+P3fFfr/E3oL2nhBqxRnzqoK/HNTpI4JJAbRGP51nVr0QhZYpIuj -xDM+zeuIt0lMYOzoE+JD0612Q66mokBPHZAd5MuEwQKBgQDbdJUQfcw/9zHuWm4n -9+wYgMN1QhfJNEr21LUjbe551YapkU389mBJJIlmjH5p67PaMRuJ1o6uRJWv40hf -Y4xy6iViLc1FExIvRVznxMCIyCELtuvYMiCJtaekFKunziniw8yg5SwSZJY3GlXN -cDAwIcgb9PPU5rBEip8g0DIp1wKBgQDTunF3OtEoVqdsPSmw5y1767YTCsm3dnVT -+kwp7ZrX3TJ3Xd6EVPWUBP1HbGD3qfsIR+Ha3Vl8OiLNC4zDoZY886U4qY5Mtn4P -JhUN0H9zYZg2l9gFf9u8RkUoPZPXXuk+eQnlGT133PrkCloDlqP47u/fQ5dV1t6F -NghgwfOA4QKBgHI/IRMyylBKmj3h6hL4qHqhHiA/Ri7DAHu7hIlrQ4k9ths0wAr/ -IGUzlixC29S8libzBckeX60tm1ez1QuDwaxZZRjVi1V4djERxSoLbchHl5yHoAQv -JG1Mmnd7I1n6pCefkzn31JfGscUB+sU2sH9+NrUHMqEVb5JfMDRe7p6FAoGAcYGc -Xqz7gEKkUtSfSyVELxD4dVDtPxuUXsbqmfe1cVA2Q+Pg7NSXKxlZpzak7WEFITVY -EXtlA8Iu8fnlJuOzpU2BH9VWYi3beseRtew2x2Zksa/JsXkQFekeHiqU3XsWU9WT -xmw3ldCz+BjMlOvnUAbYNbsIoI4mkQecijKwFkECgYA2zafSyWCW5zAronUBQDEe -vJumAJ77TwpYzzvH2ic6siWimdePxQ6TgdM3s1FgpdkbaXgKzS5MbZbD0Uyg3MEj -t6ZT7GSWq39wLDJVDYJ5ClAi8mv9WNs8X8rJ0CkdiPZgHC77OwBELthGn2p9ncar -Bwhs4S84KEJFT0LAC3YeRQ== ------END PRIVATE KEY----- diff --git a/tests/letstest/testdata/sample-config/live/a.encryption-example.com/README b/tests/letstest/testdata/sample-config/live/a.encryption-example.com/README deleted file mode 100644 index 15194ae3a..000000000 --- a/tests/letstest/testdata/sample-config/live/a.encryption-example.com/README +++ /dev/null @@ -1,10 +0,0 @@ -This directory contains your keys and certificates. - -`privkey.pem` : the private key for your certificate. -`fullchain.pem`: the certificate file used in most server software. -`chain.pem` : used for OCSP stapling in Nginx >=1.3.7. -`cert.pem` : will break many server configurations, and should not be used - without reading further documentation (see link below). - -We recommend not moving these files. For more information, see the Certbot -User Guide at https://certbot.eff.org/docs/using.html#where-are-my-certificates. diff --git a/tests/letstest/testdata/sample-config/live/a.encryption-example.com/cert.pem b/tests/letstest/testdata/sample-config/live/a.encryption-example.com/cert.pem deleted file mode 120000 index 79b6abdf9..000000000 --- a/tests/letstest/testdata/sample-config/live/a.encryption-example.com/cert.pem +++ /dev/null @@ -1 +0,0 @@ -../../archive/a.encryption-example.com/cert1.pem
\ No newline at end of file diff --git a/tests/letstest/testdata/sample-config/live/a.encryption-example.com/chain.pem b/tests/letstest/testdata/sample-config/live/a.encryption-example.com/chain.pem deleted file mode 120000 index 2d6b30420..000000000 --- a/tests/letstest/testdata/sample-config/live/a.encryption-example.com/chain.pem +++ /dev/null @@ -1 +0,0 @@ -../../archive/a.encryption-example.com/chain1.pem
\ No newline at end of file diff --git a/tests/letstest/testdata/sample-config/live/a.encryption-example.com/fullchain.pem b/tests/letstest/testdata/sample-config/live/a.encryption-example.com/fullchain.pem deleted file mode 120000 index b801ef735..000000000 --- a/tests/letstest/testdata/sample-config/live/a.encryption-example.com/fullchain.pem +++ /dev/null @@ -1 +0,0 @@ -../../archive/a.encryption-example.com/fullchain1.pem
\ No newline at end of file diff --git a/tests/letstest/testdata/sample-config/live/a.encryption-example.com/privkey.pem b/tests/letstest/testdata/sample-config/live/a.encryption-example.com/privkey.pem deleted file mode 120000 index 74e20c5ff..000000000 --- a/tests/letstest/testdata/sample-config/live/a.encryption-example.com/privkey.pem +++ /dev/null @@ -1 +0,0 @@ -../../archive/a.encryption-example.com/privkey1.pem
\ No newline at end of file diff --git a/tests/letstest/testdata/sample-config/live/b.encryption-example.com/README b/tests/letstest/testdata/sample-config/live/b.encryption-example.com/README deleted file mode 100644 index 15194ae3a..000000000 --- a/tests/letstest/testdata/sample-config/live/b.encryption-example.com/README +++ /dev/null @@ -1,10 +0,0 @@ -This directory contains your keys and certificates. - -`privkey.pem` : the private key for your certificate. -`fullchain.pem`: the certificate file used in most server software. -`chain.pem` : used for OCSP stapling in Nginx >=1.3.7. -`cert.pem` : will break many server configurations, and should not be used - without reading further documentation (see link below). - -We recommend not moving these files. For more information, see the Certbot -User Guide at https://certbot.eff.org/docs/using.html#where-are-my-certificates. diff --git a/tests/letstest/testdata/sample-config/live/b.encryption-example.com/cert.pem b/tests/letstest/testdata/sample-config/live/b.encryption-example.com/cert.pem deleted file mode 120000 index 41b06370e..000000000 --- a/tests/letstest/testdata/sample-config/live/b.encryption-example.com/cert.pem +++ /dev/null @@ -1 +0,0 @@ -../../archive/b.encryption-example.com/cert1.pem
\ No newline at end of file diff --git a/tests/letstest/testdata/sample-config/live/b.encryption-example.com/chain.pem b/tests/letstest/testdata/sample-config/live/b.encryption-example.com/chain.pem deleted file mode 120000 index 2d3e18bec..000000000 --- a/tests/letstest/testdata/sample-config/live/b.encryption-example.com/chain.pem +++ /dev/null @@ -1 +0,0 @@ -../../archive/b.encryption-example.com/chain1.pem
\ No newline at end of file diff --git a/tests/letstest/testdata/sample-config/live/b.encryption-example.com/fullchain.pem b/tests/letstest/testdata/sample-config/live/b.encryption-example.com/fullchain.pem deleted file mode 120000 index 3a08c1432..000000000 --- a/tests/letstest/testdata/sample-config/live/b.encryption-example.com/fullchain.pem +++ /dev/null @@ -1 +0,0 @@ -../../archive/b.encryption-example.com/fullchain1.pem
\ No newline at end of file diff --git a/tests/letstest/testdata/sample-config/live/b.encryption-example.com/privkey.pem b/tests/letstest/testdata/sample-config/live/b.encryption-example.com/privkey.pem deleted file mode 120000 index 182aa6d78..000000000 --- a/tests/letstest/testdata/sample-config/live/b.encryption-example.com/privkey.pem +++ /dev/null @@ -1 +0,0 @@ -../../archive/b.encryption-example.com/privkey1.pem
\ No newline at end of file diff --git a/tests/letstest/testdata/sample-config/options-ssl-apache.conf b/tests/letstest/testdata/sample-config/options-ssl-apache.conf deleted file mode 100644 index ec07a4ba3..000000000 --- a/tests/letstest/testdata/sample-config/options-ssl-apache.conf +++ /dev/null @@ -1,22 +0,0 @@ -# Baseline setting to Include for SSL sites - -SSLEngine on - -# Intermediate configuration, tweak to your needs -SSLProtocol all -SSLv2 -SSLv3 -SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA -SSLHonorCipherOrder on -SSLCompression off - -SSLOptions +StrictRequire - -# Add vhost name to log entries: -LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined -LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common - -#CustomLog /var/log/apache2/access.log vhost_combined -#LogLevel warn -#ErrorLog /var/log/apache2/error.log - -# Always ensure Cookies have "Secure" set (JAH 2012/1) -#Header edit Set-Cookie (?i)^(.*)(;\s*secure)??((\s*;)?(.*)) "$1; Secure$3$4" diff --git a/tests/letstest/testdata/sample-config/renewal/a.encryption-example.com.conf b/tests/letstest/testdata/sample-config/renewal/a.encryption-example.com.conf deleted file mode 100644 index 4455137b4..000000000 --- a/tests/letstest/testdata/sample-config/renewal/a.encryption-example.com.conf +++ /dev/null @@ -1,15 +0,0 @@ -# renew_before_expiry = 30 days -version = 0.10.0.dev0 -archive_dir = sample-config/archive/a.encryption-example.com -cert = sample-config/live/a.encryption-example.com/cert.pem -privkey = sample-config/live/a.encryption-example.com/privkey.pem -chain = sample-config/live/a.encryption-example.com/chain.pem -fullchain = sample-config/live/a.encryption-example.com/fullchain.pem - -# Options used in the renewal process -[renewalparams] -authenticator = apache -installer = apache -account = 48d6b9e8d767eccf7e4d877d6ffa81e3 -config_dir = sample-config -server = https://acme-staging.api.letsencrypt.org/directory diff --git a/tests/letstest/testdata/sample-config/renewal/b.encryption-example.com.conf b/tests/letstest/testdata/sample-config/renewal/b.encryption-example.com.conf deleted file mode 100644 index 58d8a13d9..000000000 --- a/tests/letstest/testdata/sample-config/renewal/b.encryption-example.com.conf +++ /dev/null @@ -1,15 +0,0 @@ -# renew_before_expiry = 30 days -version = 0.10.0.dev0 -archive_dir = sample-config/archive/b.encryption-example.com -cert = sample-config/live/b.encryption-example.com/cert.pem -privkey = sample-config/live/b.encryption-example.com/privkey.pem -chain = sample-config/live/b.encryption-example.com/chain.pem -fullchain = sample-config/live/b.encryption-example.com/fullchain.pem - -# Options used in the renewal process -[renewalparams] -authenticator = apache -installer = apache -account = 48d6b9e8d767eccf7e4d877d6ffa81e3 -config_dir = sample-config -server = https://acme-staging.api.letsencrypt.org/directory diff --git a/tests/letstest/travis-setup.sh b/tests/letstest/travis-setup.sh new file mode 100755 index 000000000..261a1504f --- /dev/null +++ b/tests/letstest/travis-setup.sh @@ -0,0 +1,10 @@ +#!/bin/bash -ex +# +# Preps the test farm tests to be run in Travis. + +if [ "$TRAVIS_PULL_REQUEST" != "false" ]; then + echo This script must be run in Travis on a non-pull request build + exit 1 +fi + +openssl aes-256-cbc -K "${encrypted_9a387195a62e_key}" -iv "${encrypted_9a387195a62e_iv}" -in travis-test-farm.pem.enc -out travis-test-farm.pem -d diff --git a/tests/letstest/travis-test-farm.pem.enc b/tests/letstest/travis-test-farm.pem.enc Binary files differnew file mode 100644 index 000000000..f8b1d576c --- /dev/null +++ b/tests/letstest/travis-test-farm.pem.enc diff --git a/tests/lock_test.py b/tests/lock_test.py index 0266cf029..29a77ae17 100644 --- a/tests/lock_test.py +++ b/tests/lock_test.py @@ -2,6 +2,7 @@ from __future__ import print_function import atexit +import datetime import functools import logging import os @@ -11,12 +12,19 @@ import subprocess import sys import tempfile -from certbot import lock -from certbot import util +from cryptography import x509 +from cryptography.hazmat.backends import default_backend +# TODO: once mypy has cryptography types bundled, type: ignore can be removed. +# See https://github.com/pyca/cryptography/issues/4275 +from cryptography.hazmat.primitives import hashes # type: ignore +from cryptography.hazmat.primitives import serialization +from cryptography.hazmat.primitives.asymmetric import rsa +from certbot import util +from certbot._internal import lock +from certbot.compat import filesystem from certbot.tests import util as test_util - logger = logging.getLogger(__name__) @@ -84,7 +92,7 @@ def set_up_dirs(): nginx_dir = os.path.join(temp_dir, 'nginx') for directory in (config_dir, logs_dir, work_dir, nginx_dir,): - os.mkdir(directory) + filesystem.mkdir(directory) test_util.make_lineage(config_dir, 'sample-renewal.conf') set_up_nginx_dir(nginx_dir) @@ -102,12 +110,11 @@ def set_up_nginx_dir(root_path): repo_root = check_call('git rev-parse --show-toplevel'.split()).strip() conf_script = os.path.join( repo_root, 'certbot-nginx', 'tests', 'boulder-integration.conf.sh') - # boulder-integration.conf.sh uses the root environment variable as - # the Nginx server root when writing paths - os.environ['root'] = root_path + # Prepare self-signed certificates for Nginx + key_path, cert_path = setup_certificate(root_path) + # Generate Nginx configuration with open(os.path.join(root_path, 'nginx.conf'), 'w') as f: - f.write(check_call(['/bin/sh', conf_script])) - del os.environ['root'] + f.write(check_call(['/bin/sh', conf_script, root_path, key_path, cert_path])) def set_up_command(config_dir, logs_dir, work_dir, nginx_dir): @@ -134,6 +141,51 @@ def set_up_command(config_dir, logs_dir, work_dir, nginx_dir): config_dir, logs_dir, work_dir, nginx_dir).split()) +def setup_certificate(workspace): + """Generate a self-signed certificate for nginx. + :param workspace: path of folder where to put the certificate + :return: tuple containing the key path and certificate path + :rtype: `tuple` + """ + # Generate key + # See comment on cryptography import about type: ignore + private_key = rsa.generate_private_key( # type: ignore + public_exponent=65537, + key_size=2048, + backend=default_backend() + ) + subject = issuer = x509.Name([ + x509.NameAttribute(x509.NameOID.COMMON_NAME, u'nginx.wtf') + ]) + certificate = x509.CertificateBuilder().subject_name( + subject + ).issuer_name( + issuer + ).public_key( + private_key.public_key() + ).serial_number( + 1 + ).not_valid_before( + datetime.datetime.utcnow() + ).not_valid_after( + datetime.datetime.utcnow() + datetime.timedelta(days=1) + ).sign(private_key, hashes.SHA256(), default_backend()) + + key_path = os.path.join(workspace, 'cert.key') + with open(key_path, 'wb') as file_handle: + file_handle.write(private_key.private_bytes( # type: ignore + encoding=serialization.Encoding.PEM, + format=serialization.PrivateFormat.TraditionalOpenSSL, + encryption_algorithm=serialization.NoEncryption() + )) + + cert_path = os.path.join(workspace, 'cert.pem') + with open(cert_path, 'wb') as file_handle: + file_handle.write(certificate.public_bytes(serialization.Encoding.PEM)) + + return key_path, cert_path + + def test_command(command, directories): """Assert Certbot acquires locks in a specific order. diff --git a/tests/manual-dns-auth.sh b/tests/manual-dns-auth.sh deleted file mode 100755 index febecf455..000000000 --- a/tests/manual-dns-auth.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -# If domain begins with fail, fail the challenge by not completing it. -if [[ "$CERTBOT_DOMAIN" != fail* ]]; then - curl -X POST 'http://localhost:8055/set-txt' -d \ - "{\"host\": \"_acme-challenge.$CERTBOT_DOMAIN.\", \ - \"value\": \"$CERTBOT_VALIDATION\"}" -fi diff --git a/tests/manual-dns-cleanup.sh b/tests/manual-dns-cleanup.sh deleted file mode 100755 index 1c09e892c..000000000 --- a/tests/manual-dns-cleanup.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -# If domain begins with fail, we didn't complete the challenge so there is -# nothing to clean up. -if [[ "$CERTBOT_DOMAIN" != fail* ]]; then - curl -X POST 'http://localhost:8055/clear-txt' -d \ - "{\"host\": \"_acme-challenge.$CERTBOT_DOMAIN.\"}" -fi diff --git a/tests/manual-http-auth.sh b/tests/manual-http-auth.sh deleted file mode 100755 index 48c33f04b..000000000 --- a/tests/manual-http-auth.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh -uri_path=".well-known/acme-challenge/$CERTBOT_TOKEN" - -# This script should be run from the top level. e.g. ./tests/manual-http-auth.sh -source_dir="$(pwd)" -cd $(mktemp -d) -mkdir -p $(dirname $uri_path) -echo $CERTBOT_VALIDATION > $uri_path -python "$source_dir/tests/run_http_server.py" $http_01_port >/dev/null 2>&1 & -server_pid=$! -while ! curl "http://localhost:$http_01_port/$uri_path" >/dev/null 2>&1; do - sleep 1s -done -echo $server_pid diff --git a/tests/manual-http-cleanup.sh b/tests/manual-http-cleanup.sh deleted file mode 100755 index 5e437bf08..000000000 --- a/tests/manual-http-cleanup.sh +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -kill $CERTBOT_AUTH_OUTPUT diff --git a/tests/modification-check.py b/tests/modification-check.py index 8abc0fbfe..811f369d4 100755 --- a/tests/modification-check.py +++ b/tests/modification-check.py @@ -3,10 +3,11 @@ from __future__ import print_function import os +import shutil import subprocess import sys import tempfile -import shutil + try: from urllib.request import urlretrieve except ImportError: diff --git a/tests/pebble-fetch.sh b/tests/pebble-fetch.sh deleted file mode 100755 index b0ba08961..000000000 --- a/tests/pebble-fetch.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash -# Download and run Pebble instance for integration testing -set -xe - -PEBBLE_VERSION=2018-11-02 - -# We reuse the same GOPATH-style directory than for Boulder. -# Pebble does not need it, but it will make the installation consistent with Boulder's one. -export GOPATH=${GOPATH:-$HOME/gopath} -PEBBLEPATH=${PEBBLEPATH:-$GOPATH/src/github.com/letsencrypt/pebble} - -mkdir -p ${PEBBLEPATH} - -cat << UNLIKELY_EOF > "$PEBBLEPATH/docker-compose.yml" -version: '3' - -services: - pebble: - image: letsencrypt/pebble:${PEBBLE_VERSION} - command: pebble -strict ${PEBBLE_STRICT:-false} -dnsserver 10.77.77.1 - ports: - - 14000:14000 - environment: - - PEBBLE_VA_NOSLEEP=1 -UNLIKELY_EOF - -docker-compose -f "$PEBBLEPATH/docker-compose.yml" up -d pebble - -set +x # reduce verbosity while waiting for boulder -for n in `seq 1 150` ; do - if curl -k https://localhost:14000/dir 2>/dev/null; then - break - else - sleep 1 - fi -done - -if ! curl -k https://localhost:14000/dir 2>/dev/null; then - echo "timed out waiting for pebble to start" - exit 1 -fi diff --git a/tests/run_http_server.py b/tests/run_http_server.py deleted file mode 100644 index 0e4f8ac79..000000000 --- a/tests/run_http_server.py +++ /dev/null @@ -1,11 +0,0 @@ -import runpy -import sys - -# Run Python's built-in HTTP server -# Usage: python ./tests/run_http_server.py port_num -# NOTE: This script should be compatible with 2.7, 3.4+ - -# sys.argv (port number) is passed as-is to the HTTP server module -runpy.run_module( - 'http.server' if sys.version_info[0] == 3 else 'SimpleHTTPServer', - run_name='__main__') diff --git a/tests/tox-boulder-integration.sh b/tests/tox-boulder-integration.sh deleted file mode 100755 index 8c8a967fd..000000000 --- a/tests/tox-boulder-integration.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash -e -# A simple wrapper around tests/boulder-integration.sh that activates the tox -# virtual environment defined by the environment variable TOXENV before running -# integration tests. - -if [ -z "${TOXENV+x}" ]; then - echo "The environment variable TOXENV must be set to use this script!" >&2 - exit 1 -fi - -source .tox/$TOXENV/bin/activate -tests/boulder-integration.sh |