summaryrefslogtreecommitdiffstats
path: root/debian/tests
diff options
context:
space:
mode:
Diffstat (limited to 'debian/tests')
-rw-r--r--debian/tests/chroot39
-rw-r--r--debian/tests/control29
-rw-r--r--debian/tests/default-mods28
-rw-r--r--debian/tests/duplicate-module-load26
-rw-r--r--debian/tests/htcacheclean70
-rw-r--r--debian/tests/run-test-suite64
-rw-r--r--debian/tests/ssl-passphrase54
7 files changed, 310 insertions, 0 deletions
diff --git a/debian/tests/chroot b/debian/tests/chroot
new file mode 100644
index 0000000..d722a29
--- /dev/null
+++ b/debian/tests/chroot
@@ -0,0 +1,39 @@
+#!/bin/sh
+set -ex
+
+# Check that ChrootDir works correctly. Written in response to LP: #1251939.
+#
+# Author: Robie Basak <robie.basak@ubuntu.com>
+#
+# This test requires:
+# * wget
+# * The dpkg-dev package for the dpkg-architecture command
+#
+# This is a "breaks-testbed" dep8 test.
+#
+# This test sets up a minimal environment to exercise ChrootDir. Do not use
+# it as an example of how to set up Apache in a secure chroot environment.
+
+sed -i 's_DocumentRoot.*$_DocumentRoot /_' /etc/apache2/sites-available/000-default.conf
+
+LIBGCC_S_PATH=/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH)/libgcc_s.so.1
+cat > /etc/apache2/conf-available/chroot.conf <<EOT
+LoadFile $LIBGCC_S_PATH
+ChrootDir /var/www
+<Directory />
+ Options Indexes FollowSymLinks
+ AllowOverride None
+ Require all granted
+</Directory>
+EOT
+a2enconf chroot
+
+echo "Hello, world!" > /var/www/hello.txt
+
+service apache2 restart
+
+result=`wget -qO- http://localhost/hello.txt`
+if [ "$result" != "Hello, world!" ]; then
+ echo "Unexpected result from wget" >&2
+ exit 1
+fi
diff --git a/debian/tests/control b/debian/tests/control
new file mode 100644
index 0000000..cb45689
--- /dev/null
+++ b/debian/tests/control
@@ -0,0 +1,29 @@
+Tests: run-test-suite
+Features: no-build-needed
+Restrictions: allow-stderr isolation-container breaks-testbed needs-root
+Depends: build-essential, apache2, apache2-dev,
+ libwww-perl, libnet-ssleay-perl, libanyevent-perl, libdatetime-perl,
+ libhtml-parser-perl, libtime-hires-perl, libcrypt-ssleay-perl,
+ libhttp-dav-perl, libprotocol-http2-perl, libfcgi-perl,
+ perl-doc
+
+Tests: duplicate-module-load
+Restrictions: allow-stderr, needs-root
+Depends: apache2
+
+Tests: htcacheclean
+Restrictions: allow-stderr, needs-root, skippable
+Depends: apache2
+
+Tests: default-mods
+Restrictions: allow-stderr, needs-root
+Depends: apache2
+
+Tests: ssl-passphrase
+Restrictions: needs-root allow-stderr breaks-testbed
+Depends: apache2, curl, expect, ssl-cert
+
+Tests: chroot
+Features: no-build-needed
+Restrictions: needs-root allow-stderr breaks-testbed
+Depends: apache2, wget, dpkg-dev
diff --git a/debian/tests/default-mods b/debian/tests/default-mods
new file mode 100644
index 0000000..5d9df6a
--- /dev/null
+++ b/debian/tests/default-mods
@@ -0,0 +1,28 @@
+#!/bin/bash
+set -eu
+
+RC=0
+fail () {
+ echo "FAIL: $@" >&2
+ RC=1
+}
+
+declare -a REQUIRED_MODS
+REQUIRED_MODS=(
+ alias
+ auth_basic
+ authn_core
+ authz_core
+ log_config
+ mime
+ reqtimeout
+ version
+ watchdog
+)
+
+
+for m in "${REQUIRED_MODS[@]}" ; do
+ apachectl -M | grep -w "${m}_module" || fail "Module $m not activated"
+done
+
+exit $RC
diff --git a/debian/tests/duplicate-module-load b/debian/tests/duplicate-module-load
new file mode 100644
index 0000000..3d28471
--- /dev/null
+++ b/debian/tests/duplicate-module-load
@@ -0,0 +1,26 @@
+#!/bin/sh
+set -exu
+
+# Check to make sure that module loads haven't been duplicated.
+# Since this is potential minefield that could cause chaos, and a fix is
+# currently in the Ubuntu delta, check specifically for it.
+
+# Why is this so bad? See:
+# https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1251939
+# https://issues.apache.org/bugzilla/show_bug.cgi?id=55787
+
+cd $ADTTMP
+
+apache2ctl -l -M > unsorted
+sort unsorted > sorted
+if ! grep core.c sorted ; then
+ echo "core.c not found in apach2ctl output. apache2ctl broken?"
+ exit 1
+fi
+
+uniq < sorted > dedup
+
+if ! diff -u sorted dedup ; then
+ echo Duplicate module loads found
+ exit 1
+fi
diff --git a/debian/tests/htcacheclean b/debian/tests/htcacheclean
new file mode 100644
index 0000000..90c721f
--- /dev/null
+++ b/debian/tests/htcacheclean
@@ -0,0 +1,70 @@
+#!/bin/sh
+set -exu
+
+fatal () {
+ echo "ERROR: $@" >&2
+ exit 1
+}
+
+skip () {
+ echo "ERROR: $@" >&2
+ exit 77
+}
+
+htc_enabled () {
+ if ls /etc/rc[2345].d/S*apache-htcacheclean > /dev/null 2>&1 ; then
+ return 0
+ else
+ return 1
+ fi
+}
+
+if htc_enabled ; then
+ fatal "apache-htcacheclean should not be enabled"
+fi
+
+a2enmod cache_disk
+
+if ! htc_enabled ; then
+ fatal "apache-htcacheclean should be enabled"
+fi
+
+service apache-htcacheclean start
+
+# for debugging
+ps -ef|grep /usr/bin/htcacheclean || true
+
+PGREP="pgrep -P 1 -u www-data -G www-data htcacheclean"
+
+if ! $PGREP ; then
+ fatal "htcacheclean is not running or running as wrong user/group"
+fi
+
+if ! service apache-htcacheclean status ; then
+ fatal "status did not return 'running'"
+fi
+
+service apache-htcacheclean stop
+sleep 1
+
+if $PGREP ; then
+ skip "htcacheclean did not stop"
+fi
+
+if service apache-htcacheclean status ; then
+ fatal "status did not return 'stopped'"
+fi
+
+a2dismod cache_disk
+
+if htc_enabled ; then
+ fatal "apache-htcacheclean should not be enabled"
+fi
+
+a2enmod cache_socache
+
+if htc_enabled ; then
+ fatal "apache-htcacheclean has been enabled for cache_socache"
+fi
+
+exit 0
diff --git a/debian/tests/run-test-suite b/debian/tests/run-test-suite
new file mode 100644
index 0000000..15279b8
--- /dev/null
+++ b/debian/tests/run-test-suite
@@ -0,0 +1,64 @@
+#!/bin/bash
+
+. /etc/apache2/envvars
+set -xeu
+set -o pipefail
+export LANG=C
+export PATH=/usr/lib/ccache:$PATH
+# set to "-v t/modules/ext_filter.t ..." to run only a few test, but verbose
+TESTS=""
+TESTUSER=tuser
+
+# The test framework assumes localhost resolves exclusively to 127.0.0.1
+# (and not to ::1). So remove 'localhost' from the ::1 entry.
+perl -p -i -e ' if (/^\s*::1\s+/) { s/\s+localhost\s+/ /g }' /etc/hosts
+
+useradd --user-group --system --create-home -s /bin/bash $TESTUSER
+cp -a debian/perl-framework $AUTOPKGTEST_TMP
+cd $AUTOPKGTEST_TMP/perl-framework
+
+run_tests () {
+ local MPM=$1
+ shift
+ local LOG=testlog.$MPM
+
+ echo =============Running-with-${MPM}==========
+ rm -f apache2.conf.debian
+ cp /etc/apache2/apache2.conf apache2.conf.debian
+ cat /etc/apache2/mods-available/$MPM.load >> apache2.conf.debian
+ ls /etc/apache2/mods-available/*.load | grep -v mpm_ | xargs cat >> apache2.conf.debian
+ # these are only for tests and don't have a .load file
+ for m in bucketeer case_filter case_filter_in ; do
+ echo "LoadModule ${m}_module /usr/lib/apache2/modules/mod_${m}.so" >> apache2.conf.debian
+ done
+ # need TypesConfig from mime.conf for t/modules/filter.t
+ cat /etc/apache2/mods-available/mime.conf >> apache2.conf.debian
+ echo "Servername localhost" >> apache2.conf.debian
+ make clean || true
+ perl -p -i -e 's,^Include,#Include,' apache2.conf.debian
+ chown -R $TESTUSER: $AUTOPKGTEST_TMP
+ su $TESTUSER -c "perl Makefile.PL -apxs /usr/bin/apxs2 -httpd_conf $PWD/apache2.conf.debian" \
+ || return 1
+ su $TESTUSER -c "t/TEST $TESTS" | tee $LOG
+ if ! grep -E "^Files=[0-9]+, Tests=[0-9]+" $LOG ; then
+ echo "Message about Files/Tests not found in $LOG" >&2
+ return 1
+ fi
+ if ! grep -E "^Result: PASS" $LOG ; then
+ echo "PASS message not found in $LOG" >&2
+ return 1
+ fi
+ if grep -E "^Result: FAIL" $LOG ; then >&2
+ echo "Test suite failed"
+ return 1
+ fi
+ if grep -E "server dumped core" $LOG ; then >&2
+ echo "segfault detected"
+ return 1
+ fi
+ return 0
+}
+
+run_tests mpm_prefork
+run_tests mpm_worker
+run_tests mpm_event
diff --git a/debian/tests/ssl-passphrase b/debian/tests/ssl-passphrase
new file mode 100644
index 0000000..a0a4fb6
--- /dev/null
+++ b/debian/tests/ssl-passphrase
@@ -0,0 +1,54 @@
+#!/bin/sh
+set -ex
+
+# Check that the init script correctly prompts for the passphrase on startup,
+# then starts and responds correctly to https queries.
+#
+# Author: Robie Basak <robie.basak@ubuntu.com>
+
+cd /etc/ssl/private
+[ -f ssl-cert-snakeoil.key.nopassphrase ] || mv ssl-cert-snakeoil.key ssl-cert-snakeoil.key.nopassphrase
+openssl rsa -des3 -in ssl-cert-snakeoil.key.nopassphrase -out ssl-cert-snakeoil.key -passout pass:test
+a2enmod ssl
+a2ensite default-ssl
+
+# respond to systemd-ask-passphrase
+password_responder() {
+ while [ ! -e /run/systemd/ask-password/sck.* ]; do sleep 1; done
+ echo "ssl-passphrase test password responder: found prompt, sending password"
+ echo test | /lib/systemd/systemd-reply-password 1 /run/systemd/ask-password/sck.*
+}
+password_responder &
+
+# run expect for running under sysvinit/upstart
+expect <<EOT
+spawn service apache2 restart
+set timeout 600
+expect {
+ "assphrase:" {send "test\r"}
+
+ # Failure cases
+ "failed" {exit 1}
+ eof {exit 0}
+}
+
+# wait for eof and return exit code from spawned process back to the caller
+expect eof
+catch wait result
+exit [lindex \$result 3]
+EOT
+
+echo "Hello, world!" > /var/www/html/hello.txt
+
+# Use curl here. wget doesn't work on Debian, even with --no-check-certificate
+# wget on Debian gives me:
+# GnuTLS: A TLS warning alert has been received.
+# Unable to establish SSL connection.
+# Presumably this is due to the self-signed certificate, but I'm not sure how
+# to skip the warning with wget. curl will do for now.
+result=`curl -k https://localhost/hello.txt`
+
+if [ "$result" != "Hello, world!" ]; then
+ echo "Unexpected result from wget" >&2
+ exit 1
+fi