54 lines
1.6 KiB
Bash
54 lines
1.6 KiB
Bash
#!/bin/sh
|
|
set -ex
|
|
|
|
# Check that the init script correctly prompts for the passphrase on startup,
|
|
# then starts and responds correctly to https queries.
|
|
#
|
|
# Author: Robie Basak <robie.basak@ubuntu.com>
|
|
|
|
cd /etc/ssl/private
|
|
[ -f ssl-cert-snakeoil.key.nopassphrase ] || mv ssl-cert-snakeoil.key ssl-cert-snakeoil.key.nopassphrase
|
|
openssl rsa -des3 -in ssl-cert-snakeoil.key.nopassphrase -out ssl-cert-snakeoil.key -passout pass:test
|
|
a2enmod ssl
|
|
a2ensite default-ssl
|
|
|
|
# respond to systemd-ask-passphrase
|
|
password_responder() {
|
|
while [ ! -e /run/systemd/ask-password/sck.* ]; do sleep 1; done
|
|
echo "ssl-passphrase test password responder: found prompt, sending password"
|
|
echo test | /lib/systemd/systemd-reply-password 1 /run/systemd/ask-password/sck.*
|
|
}
|
|
password_responder &
|
|
|
|
# run expect for running under sysvinit/upstart
|
|
expect <<EOT
|
|
spawn service apache2 restart
|
|
set timeout 600
|
|
expect {
|
|
"assphrase:" {send "test\r"}
|
|
|
|
# Failure cases
|
|
"failed" {exit 1}
|
|
eof {exit 0}
|
|
}
|
|
|
|
# wait for eof and return exit code from spawned process back to the caller
|
|
expect eof
|
|
catch wait result
|
|
exit [lindex \$result 3]
|
|
EOT
|
|
|
|
echo "Hello, world!" > /var/www/html/hello.txt
|
|
|
|
# Use curl here. wget doesn't work on Debian, even with --no-check-certificate
|
|
# wget on Debian gives me:
|
|
# GnuTLS: A TLS warning alert has been received.
|
|
# Unable to establish SSL connection.
|
|
# Presumably this is due to the self-signed certificate, but I'm not sure how
|
|
# to skip the warning with wget. curl will do for now.
|
|
result=`curl -k https://localhost/hello.txt`
|
|
|
|
if [ "$result" != "Hello, world!" ]; then
|
|
echo "Unexpected result from wget" >&2
|
|
exit 1
|
|
fi
|