rpms / certmonger

Clone
Source Code
GIT

Files

  1.   6155daa274e8899e3a0fa0255d8394a72bf2706a
  2.   0003-NSS-in-rawhide-F28-was-switched-to-sqlite-fix-assump.patch
Blob Blame History Raw 
From 0cfefe50373cd5f7da5b49f1a1380ba8b5baf825 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 9 Jan 2018 22:14:53 -0500
Subject: [PATCH 3/6] NSS in rawhide (F28) was switched to sqlite, fix
 assumptions

Previous releases of NSS had dbm as the default storage type.
Certain assumptions were built into the tests. Make the default
scheme more explicit, leaving it as dbm for now.

https://pagure.io/certmonger/issue/88
---
 tests/007-certsave-dbm/expected.out |  4 ++--
 tests/007-certsave/expected.out     |  4 ++--
 tests/007-certsave/run.sh           | 47 +++++++++++++++++++------------------
 tests/025-casave/run.sh             | 36 ++++++++++++++--------------
 tests/034-perms/expected.out        | 36 ++++++++++++++--------------
 tests/034-perms/run.sh              |  2 ++
 6 files changed, 66 insertions(+), 63 deletions(-)

diff --git a/tests/007-certsave-dbm/expected.out b/tests/007-certsave-dbm/expected.out
index e0978c66..ed6b4ede 100644
--- a/tests/007-certsave-dbm/expected.out
+++ b/tests/007-certsave-dbm/expected.out
@@ -37,7 +37,7 @@ Testing setting trust to C,c,p:
  wrong nickname, right subject: cert ,, 
  wrong subject, right nickname: cert ,, 
 [nss:rosubdir]
-Failed to save (NSS:${tmpdir}/rosubdir), filesystem permissions error.
+Failed to save (NSS:dbm:${tmpdir}/rosubdir), filesystem permissions error.
 [nss:rwsubdir]
-Failed to save (NSS:${tmpdir}/rwsubdir), filesystem permissions error.
+Failed to save (NSS:dbm:${tmpdir}/rwsubdir), filesystem permissions error.
 Test complete.
diff --git a/tests/007-certsave/expected.out b/tests/007-certsave/expected.out
index e0978c66..ed6b4ede 100644
--- a/tests/007-certsave/expected.out
+++ b/tests/007-certsave/expected.out
@@ -37,7 +37,7 @@ Testing setting trust to C,c,p:
  wrong nickname, right subject: cert ,, 
  wrong subject, right nickname: cert ,, 
 [nss:rosubdir]
-Failed to save (NSS:${tmpdir}/rosubdir), filesystem permissions error.
+Failed to save (NSS:dbm:${tmpdir}/rosubdir), filesystem permissions error.
 [nss:rwsubdir]
-Failed to save (NSS:${tmpdir}/rwsubdir), filesystem permissions error.
+Failed to save (NSS:dbm:${tmpdir}/rwsubdir), filesystem permissions error.
 Test complete.
diff --git a/tests/007-certsave/run.sh b/tests/007-certsave/run.sh
index bea8341a..29b02152 100755
--- a/tests/007-certsave/run.sh
+++ b/tests/007-certsave/run.sh
@@ -2,8 +2,9 @@
 
 cd "$tmpdir"
 
+scheme="${scheme:-dbm}"
 source "$srcdir"/functions
-initnssdb ${scheme:+${scheme}:}$tmpdir
+initnssdb $scheme:$tmpdir
 
 wrongcert='-----BEGIN CERTIFICATE-----
  MIIDQTCCAimgAwIBAgIBBTANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDEwdwaWxs
@@ -50,7 +51,7 @@ echo "$wrongcert" | sed -e 's,^$,,g' -e 's,^ ,,g' > cert.wrong
 echo "[nss:wrongnick]"
 cat > entry.nss << EOF
 cert_storage_type=NSSDB
-cert_storage_location=${scheme:+${scheme}:}$tmpdir
+cert_storage_location=$scheme:$tmpdir
 cert_nickname=wrongnick
 cert=$cert
 EOF
@@ -59,7 +60,7 @@ $toolsdir/certsave entry.nss
 echo "[nss:wrongcert]"
 cat > entry.nss << EOF
 cert_storage_type=NSSDB
-cert_storage_location=${scheme:+${scheme}:}$tmpdir
+cert_storage_location=$scheme:$tmpdir
 cert_nickname=cert
 cert=$wrongcert
 EOF
@@ -68,13 +69,13 @@ $toolsdir/certsave entry.nss
 echo "[nss:right]"
 cat > entry.nss << EOF
 cert_storage_type=NSSDB
-cert_storage_location=${scheme:+${scheme}:}$tmpdir
+cert_storage_location=$scheme:$tmpdir
 cert_nickname=cert
 cert=$cert
 EOF
 $toolsdir/certsave entry.nss
 $toolsdir/listnicks entry.nss
-certutil -d ${scheme:+${scheme}:}$tmpdir -L -n cert -a > cert.nss
+certutil -d $scheme:$tmpdir -L -n cert -a > cert.nss
 # Save the wrong certificate to the PEM file.
 echo "[openssl:wrong]"
 cat > entry.openssl << EOF
@@ -96,7 +97,7 @@ run_dos2unix cert.original
 run_dos2unix cert.nss
 run_dos2unix cert.openssl
 if ! cmp cert.original cert.nss ; then
-	echo Original and NSS disagree "(${scheme:+${scheme}:}$tmpdir)".
+	echo Original and NSS disagree "($scheme:$tmpdir)".
 	cat cert.original cert.nss
 	exit 1
 fi
@@ -137,62 +138,62 @@ $toolsdir/certsave entry.openssl || true
 for trust in ,, P,, ,P, CT,C, C,c,p ; do
 	echo Testing setting trust to "$trust":
 	# Save the right certificate to NSS's database and read it back.
-	initnssdb ${scheme:+${scheme}:}$tmpdir
+	initnssdb $scheme:$tmpdir
 	cat > entry.nss <<- EOF
 	cert_storage_type=NSSDB
-	cert_storage_location=${scheme:+${scheme}:}$tmpdir
+	cert_storage_location=$scheme:$tmpdir
 	cert_nickname=cert
 	cert=$cert
 	EOF
 	$toolsdir/certsave entry.nss
-	certutil -d ${scheme:+${scheme}:}$tmpdir -M -n cert -t $trust
+	certutil -d $scheme:$tmpdir -M -n cert -t $trust
 	echo -n " baseline: "
-	certutil -d ${scheme:+${scheme}:}$tmpdir -L | grep cert | sed -r 's,[ \t]+, ,g'
+	certutil -d $scheme:$tmpdir -L | grep cert | sed -r 's,[ \t]+, ,g'
 	$toolsdir/certsave entry.nss
 	echo -n " right nickname, right subject: "
-	certutil -d ${scheme:+${scheme}:}$tmpdir -L | grep cert | sed -r 's,[ \t]+, ,g'
+	certutil -d $scheme:$tmpdir -L | grep cert | sed -r 's,[ \t]+, ,g'
 	# Save the right certificate to NSS's database with the wrong nickname.
-	initnssdb ${scheme:+${scheme}:}$tmpdir
+	initnssdb $scheme:$tmpdir
 	$toolsdir/certsave entry.nss
 	cat > entry.nss <<- EOF
 	cert_storage_type=NSSDB
-	cert_storage_location=${scheme:+${scheme}:}$tmpdir
+	cert_storage_location=$scheme:$tmpdir
 	cert_nickname=wrongnick
 	cert=$cert
 	EOF
 	$toolsdir/certsave entry.nss
-	certutil -d ${scheme:+${scheme}:}$tmpdir -M -n wrongnick -t $trust
+	certutil -d $scheme:$tmpdir -M -n wrongnick -t $trust
 	# Save the right certificate to NSS's database and read it back.
 	cat > entry.nss <<- EOF
 	cert_storage_type=NSSDB
-	cert_storage_location=${scheme:+${scheme}:}$tmpdir
+	cert_storage_location=$scheme:$tmpdir
 	cert_nickname=cert
 	cert=$cert
 	EOF
 	$toolsdir/certsave entry.nss
 	echo -n " wrong nickname, right subject: "
-	certutil -d ${scheme:+${scheme}:}$tmpdir -L | grep cert | sed -r 's,[ \t]+, ,g'
+	certutil -d $scheme:$tmpdir -L | grep cert | sed -r 's,[ \t]+, ,g'
 	# Save the wrong certificate to NSS's database with the right nickname.
-	initnssdb ${scheme:+${scheme}:}$tmpdir
+	initnssdb $scheme:$tmpdir
 	$toolsdir/certsave entry.nss
 	cat > entry.nss <<- EOF
 	cert_storage_type=NSSDB
-	cert_storage_location=${scheme:+${scheme}:}$tmpdir
+	cert_storage_location=$scheme:$tmpdir
 	cert_nickname=cert
 	cert=$wrongcert
 	EOF
 	$toolsdir/certsave entry.nss
-	certutil -d ${scheme:+${scheme}:}$tmpdir -M -n cert -t $trust
+	certutil -d $scheme:$tmpdir -M -n cert -t $trust
 	# Save the right certificate to NSS's database and read it back.
 	cat > entry.nss <<- EOF
 	cert_storage_type=NSSDB
-	cert_storage_location=${scheme:+${scheme}:}$tmpdir
+	cert_storage_location=$scheme:$tmpdir
 	cert_nickname=cert
 	cert=$cert
 	EOF
 	$toolsdir/certsave entry.nss
 	echo -n " wrong subject, right nickname: "
-	certutil -d ${scheme:+${scheme}:}$tmpdir -L | grep cert | sed -r 's,[ \t]+, ,g'
+	certutil -d $scheme:$tmpdir -L | grep cert | sed -r 's,[ \t]+, ,g'
 done
 
 if test "$scheme" = sql ; then
@@ -202,7 +203,7 @@ else
 	echo "[nss:rosubdir]"
 	cat > entry.nss <<- EOF
 	cert_storage_type=NSSDB
-	cert_storage_location=$tmpdir/rosubdir
+	cert_storage_location=$scheme:$tmpdir/rosubdir
 	cert_nickname=cert
 	cert=$cert
 	EOF
@@ -216,7 +217,7 @@ else
 	echo "[nss:rwsubdir]"
 	cat > entry.nss <<- EOF
 	cert_storage_type=NSSDB
-	cert_storage_location=$tmpdir/rwsubdir
+	cert_storage_location=$scheme:$tmpdir/rwsubdir
 	cert_nickname=cert
 	cert=$cert
 	EOF
diff --git a/tests/025-casave/run.sh b/tests/025-casave/run.sh
index 44a08b06..aff1e6d9 100755
--- a/tests/025-casave/run.sh
+++ b/tests/025-casave/run.sh
@@ -196,7 +196,7 @@ id=EntryD1
 root_cert_files=
 other_root_cert_files=
 other_cert_files=
-root_cert_dbs=$tmpdir/db1,$tmpdir/dba
+root_cert_dbs=dbm:$tmpdir/db1,dbm:$tmpdir/dba
 other_root_cert_dbs=
 other_cert_dbs=
 cert_roots=Per-certificate Signing Authority D1
@@ -229,7 +229,7 @@ root_cert_files=
 other_root_cert_files=
 other_cert_files=
 root_cert_dbs=
-other_root_cert_dbs=$tmpdir/db2,$tmpdir/dba
+other_root_cert_dbs=dbm:$tmpdir/db2,dbm:$tmpdir/dba
 other_cert_dbs=
 EOF
 cat > $tmpdir/entryd3 <<- EOF
@@ -239,7 +239,7 @@ other_root_cert_files=
 other_cert_files=
 root_cert_dbs=
 other_root_cert_dbs=
-other_cert_dbs=$tmpdir/db3,$tmpdir/dba
+other_cert_dbs=dbm:$tmpdir/db3,dbm:$tmpdir/dba
 cert_chain=Per-certificate Signing Authority D3
  -----BEGIN CERTIFICATE-----
  MIIDjjCCAnagAwIBAgIRALuVK2FuXklPuMP4qtRyQjUwDQYJKoZIhvcNAQELBQAw
@@ -300,7 +300,7 @@ ca_name=CAD1
 root_cert_files=
 other_root_cert_files=
 other_cert_files=
-root_cert_dbs=$tmpdir/db1,$tmpdir/dba
+root_cert_dbs=dbm:$tmpdir/db1,dbm:$tmpdir/dba
 other_root_cert_dbs=
 other_cert_dbs=
 EOF
@@ -311,7 +311,7 @@ root_cert_files=
 other_root_cert_files=
 other_cert_files=
 root_cert_dbs=
-other_root_cert_dbs=$tmpdir/db2,$tmpdir/dba
+other_root_cert_dbs=dbm:$tmpdir/db2,dbm:$tmpdir/dba
 other_cert_dbs=
 EOF
 cat > $tmpdir/entrycad3 <<- EOF
@@ -322,7 +322,7 @@ other_root_cert_files=
 other_cert_files=
 root_cert_dbs=
 other_root_cert_dbs=
-other_cert_dbs=$tmpdir/db3,$tmpdir/dba
+other_cert_dbs=dbm:$tmpdir/db3,dbm:$tmpdir/dba
 EOF
 
 cat > $tmpdir/cab1 <<- EOF
@@ -564,9 +564,9 @@ ca_external_helper=$tmpdir/no-such-helper.sh
 ca_root_cert_files=
 ca_other_root_cert_files=
 ca_other_cert_files=
-ca_root_cert_dbs=$tmpdir/db1,$tmpdir/dba
-ca_other_root_cert_dbs=$tmpdir/dba
-ca_other_cert_dbs=$tmpdir/dba
+ca_root_cert_dbs=dbm:$tmpdir/db1,dbm:$tmpdir/dba
+ca_other_root_cert_dbs=dbm:$tmpdir/dba
+ca_other_cert_dbs=dbm:$tmpdir/dba
 ca_root_certs=Root Certificate D1
  -----BEGIN CERTIFICATE-----
  MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
@@ -639,9 +639,9 @@ ca_external_helper=$tmpdir/no-such-helper.sh
 ca_root_cert_files=
 ca_other_root_cert_files=
 ca_other_cert_files=
-ca_root_cert_dbs=$tmpdir/dba
-ca_other_root_cert_dbs=$tmpdir/db2,$tmpdir/dba
-ca_other_cert_dbs=$tmpdir/dba
+ca_root_cert_dbs=dbm:$tmpdir/dba
+ca_other_root_cert_dbs=dbm:$tmpdir/db2,dbm:$tmpdir/dba
+ca_other_cert_dbs=dbm:$tmpdir/dba
 ca_root_certs=Root Certificate D2
  -----BEGIN CERTIFICATE-----
  MIIEDzCCAvegAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJTSzET
@@ -722,9 +722,9 @@ ca_external_helper=$tmpdir/no-such-helper.sh
 ca_root_cert_files=
 ca_other_root_cert_files=
 ca_other_cert_files=
-ca_root_cert_dbs=,$tmpdir/dba
-ca_other_root_cert_dbs=,$tmpdir/dba,
-ca_other_cert_dbs=$tmpdir/db3,$tmpdir/dba
+ca_root_cert_dbs=,dbm:$tmpdir/dba
+ca_other_root_cert_dbs=,dbm:$tmpdir/dba,
+ca_other_cert_dbs=dbm:$tmpdir/db3,dbm:$tmpdir/dba
 ca_root_certs=Root Certificate D3
  -----BEGIN CERTIFICATE-----
  MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTEL
@@ -796,9 +796,9 @@ ca_external_helper=$tmpdir/no-such-helper.sh
 ca_root_cert_files=$tmpdir/bundle-all
 ca_other_root_cert_files=
 ca_other_cert_files=
-ca_root_cert_dbs=$tmpdir/dba
-ca_other_root_cert_dbs=,$tmpdir/dba
-ca_other_cert_dbs=,$tmpdir/dba
+ca_root_cert_dbs=dbm:$tmpdir/dba
+ca_other_root_cert_dbs=,dbm:$tmpdir/dba
+ca_other_cert_dbs=,dbm:$tmpdir/dba
 ca_root_certs=Root Certificate DA
  -----BEGIN CERTIFICATE-----
  MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1Xm67XVjAKBggqhkjOPQQDAzCBhDEL
diff --git a/tests/034-perms/expected.out b/tests/034-perms/expected.out
index 4e2fbd71..c062d409 100644
--- a/tests/034-perms/expected.out
+++ b/tests/034-perms/expected.out
@@ -41,54 +41,54 @@ $owner:$group|0755|ee.key.MARKER.key
 $owner:$group|0662|ee.crt
 $owner:$group|0620|ee.key
 
-[start]
-[keygen]
+[dbm:start]
+[dbm:keygen]
 $owner:$group|0600|cert8.db
 $owner:$group|0620|key3.db
-[reset]
+[dbm:reset]
 $owner:$group|0755|cert8.db
 $owner:$group|0755|key3.db
-[csrgen]
+[dbm:csrgen]
 $owner:$group|0755|cert8.db
 $owner:$group|0620|key3.db
-[reset]
+[dbm:reset]
 $owner:$group|0755|cert8.db
 $owner:$group|0755|key3.db
-[submit]
+[dbm:submit]
 $owner:$group|0755|cert8.db
 $owner:$group|0755|key3.db
-[reset]
+[dbm:reset]
 $owner:$group|0755|cert8.db
 $owner:$group|0755|key3.db
-[save]
+[dbm:save]
 $owner:$group|0662|cert8.db
 $owner:$group|0620|key3.db
-[rekey:start]
-[rekey:keygen]
+[rekey:dbm:start]
+[rekey:dbm:keygen]
 $owner:$group|0600|cert8.db
 $owner:$group|0620|key3.db
-[rekey:reset]
+[rekey:dbm:reset]
 $owner:$group|0755|cert8.db
 $owner:$group|0755|key3.db
-[rekey:keygen]
+[rekey:dbm:keygen]
 $owner:$group|0755|cert8.db
 $owner:$group|0620|key3.db
-[rekey:reset]
+[rekey:dbm:reset]
 $owner:$group|0755|cert8.db
 $owner:$group|0755|key3.db
-[rekey:csrgen]
+[rekey:dbm:csrgen]
 $owner:$group|0755|cert8.db
 $owner:$group|0620|key3.db
-[rekey:reset]
+[rekey:dbm:reset]
 $owner:$group|0755|cert8.db
 $owner:$group|0755|key3.db
-[rekey:submit]
+[rekey:dbm:submit]
 $owner:$group|0755|cert8.db
 $owner:$group|0755|key3.db
-[rekey:reset]
+[rekey:dbm:reset]
 $owner:$group|0755|cert8.db
 $owner:$group|0755|key3.db
-[rekey:save]
+[rekey:dbm:save]
 $owner:$group|0662|cert8.db
 $owner:$group|0620|key3.db
 OK
diff --git a/tests/034-perms/run.sh b/tests/034-perms/run.sh
index 7f349d3b..88eae19f 100755
--- a/tests/034-perms/run.sh
+++ b/tests/034-perms/run.sh
@@ -1,6 +1,8 @@
 #!/bin/bash
 cd "$tmpdir"
 
+scheme="${scheme:-dbm:}"
+
 function list() {
 	$toolsdir/ls *.* | sed -e "s~^$owner:$group|~\$owner:\$group|~g"
 }
-- 
2.15.1
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.