Add certutil Linux tests

namecoin · Apr 27, 2022 · 4899b10 · 4899b10
1 parent bd80fca
commit 4899b10
Show file tree

Hide file tree

Showing 2 changed files with 76 additions and 0 deletions.
diff --git a/.cirrus.yml b/.cirrus.yml
@@ -117,6 +117,38 @@ task:
   env:
     GO_VERSION: latest
 
+task:
+  name: "certutil $CI_DISTRO"
+  matrix:
+    - container:
+        image: fedora:latest
+        cpu: 1
+        memory: 1G
+      package_install_script:
+        - dnf install -y nss-tools
+      env:
+        CI_DISTRO: fedora
+        CI_MAIN_MODULE: /usr/lib64/pkcs11/p11-kit-trust.so
+        CI_BAK_MODULE: /usr/lib64/pkcs11/p11-kit-trust.orig.so
+    - container:
+        image: debian:latest
+        cpu: 1
+        memory: 1G
+      package_install_script:
+        - apt-get update
+        - apt-get install -y curl libnss3-tools
+      env:
+        CI_DISTRO: debian
+        CI_MAIN_MODULE: /usr/lib/x86_64-linux-gnu/nss/libnssckbi.so
+        CI_BAK_MODULE: /usr/lib/x86_64-linux-gnu/nss/libnssckbi.orig.so
+  install_script:
+    - curl -o pkcs11mod.tar.gz https://api.cirrus-ci.com/v1/artifact/build/$CIRRUS_BUILD_ID/Compile%20Go%20latest%20linux%20amd64/binaries/dist/pkcs11mod.tar.gz
+    - tar -xaf ./pkcs11mod.tar.gz
+  test_script:
+    - testdata/ci-certutil-tests.bash
+  depends_on:
+    - "Compile Go latest linux amd64"
+
 task:
   name: "Chromium $CI_DISTRO"
   matrix:

diff --git a/testdata/ci-certutil-tests.bash b/testdata/ci-certutil-tests.bash
@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+shopt -s nullglob globstar
+
+export PKCS11PROXY_CKBI_TARGET="$CI_BAK_MODULE"
+export P11PROXY_CKBI_TARGET=$PKCS11PROXY_CKBI_TARGET
+
+echo "===== init DB ====="
+
+ln -s -T "$CI_MAIN_MODULE" ./libnssckbi.so
+certutil -N -d . --empty-password
+
+echo "===== list all (default) ====="
+
+certutil -L -d . -h all | tee list-all-default.txt || true
+grep -q ",C," list-all-default.txt
+
+testdata/assert-proxy-log.bash missing
+
+echo "===== list all (via pkcs11proxy) ====="
+
+mv "$CI_MAIN_MODULE" "$CI_BAK_MODULE"
+cp libpkcs11proxy.so "$CI_MAIN_MODULE"
+
+certutil -L -d . -h all | tee list-all-pkcs11proxy.txt || true
+grep -q ",C," list-all-pkcs11proxy.txt
+
+echo "===== list all (diff via pkcs11proxy) ====="
+
+diff list-all-default.txt list-all-pkcs11proxy.txt || testdata/dump-proxy-log-fail.bash
+testdata/assert-proxy-log.bash present
+
+echo "===== list all (via p11proxy) ====="
+
+cp libp11proxy.so "$CI_MAIN_MODULE"
+
+certutil -L -d . -h all | tee list-all-p11proxy.txt || true
+grep -q ",C," list-all-p11proxy.txt
+
+echo "===== list all (diff via p11proxy) ====="
+
+diff list-all-default.txt list-all-p11proxy.txt || testdata/dump-proxy-log-fail.bash
+testdata/assert-proxy-log.bash present