certbot/tests/letstest/scripts/test_letsencrypt_auto_certonly_standalone.sh

#!/bin/bash -x
set -eo pipefail

# $PUBLIC_IP $PRIVATE_IP $PUBLIC_HOSTNAME $BOULDER_URL are dynamically set at execution

# with curl, instance metadata available from EC2 metadata service:
#public_host=$(curl -s http://169.254.169.254/2014-11-05/meta-data/public-hostname)
#public_ip=$(curl -s http://169.254.169.254/2014-11-05/meta-data/public-ipv4)
#private_ip=$(curl -s http://169.254.169.254/2014-11-05/meta-data/local-ipv4)

cd letsencrypt
LE_AUTO_DIR="/usr/local/bin"
LE_AUTO_PATH="$LE_AUTO_DIR/letsencrypt-auto"
sudo cp letsencrypt-auto-source/letsencrypt-auto "$LE_AUTO_PATH"
sudo chown root "$LE_AUTO_PATH"
sudo chmod 0755 "$LE_AUTO_PATH"
export PATH="$LE_AUTO_DIR:$PATH"

letsencrypt-auto --os-packages-only --debug --version

# This script sets the environment variables PYTHON_NAME, VENV_PATH, and
# VENV_SCRIPT based on the version of Python available on the system. For
# instance, Fedora uses Python 3 and Python 2 is not installed.
. tests/letstest/scripts/set_python_envvars.sh

# Create a venv-like layout at the old virtual environment path to test that a
# symlink is properly created when letsencrypt-auto runs.
HOME=${HOME:-~root}
XDG_DATA_HOME=${XDG_DATA_HOME:-~/.local/share}
OLD_VENV_BIN="$XDG_DATA_HOME/letsencrypt/bin"
mkdir -p "$OLD_VENV_BIN"
touch "$OLD_VENV_BIN/letsencrypt"

letsencrypt-auto certonly --no-self-upgrade -v --standalone --debug \
                   --text --agree-dev-preview --agree-tos \
                   --renew-by-default --redirect \
                   --register-unsafely-without-email \
                   --domain $PUBLIC_HOSTNAME --server $BOULDER_URL

LINK_PATH=$("$PYTHON_NAME" tools/readlink.py ${XDG_DATA_HOME:-~/.local/share}/letsencrypt)
if [ "$LINK_PATH" != "/opt/eff.org/certbot/venv" ]; then
    echo symlink from old venv path not properly created!
    exit 1
fi

if ! letsencrypt-auto --help --no-self-upgrade | grep -F "letsencrypt-auto [SUBCOMMAND]"; then
    echo "letsencrypt-auto not included in help output!"
    exit 1
fi

OUTPUT_LEN=$(letsencrypt-auto --install-only --no-self-upgrade --quiet 2>&1 | wc -c)
if [ "$OUTPUT_LEN" != 0 ]; then
    echo letsencrypt-auto produced unexpected output!
    exit 1
fi
initial commit of scripts 2015-12-04 09:32:24 -05:00			`#!/bin/bash -x`
Test farm improvements (#5088) * prevent regressions of #5082 * Fix test_leauto_upgrades.sh test_leauto_upgrades.sh has been incorrectly been succeeding because while peep doesn't work with newer versions of pip and letsencrypt-auto would crash, the output included the version number so we reported the test as passing. This updates letsencrypt-auto to the oldest version that still works for the purpose of the test and sets pipefail so errors are properly reported. * Test symlink creation in test_leauto_upgrades.sh * Pin dependencies in test_sdists.sh. * Fix permissions errors in test_tests.sh 2017-09-07 20:54:40 -04:00			`set -eo pipefail`
initial commit of scripts 2015-12-04 09:32:24 -05:00
passing in instance data as environment variables 2015-12-04 17:35:57 -05:00			`# $PUBLIC_IP $PRIVATE_IP $PUBLIC_HOSTNAME $BOULDER_URL are dynamically set at execution`

			`# with curl, instance metadata available from EC2 metadata service:`
			`#public_host=$(curl -s http://169.254.169.254/2014-11-05/meta-data/public-hostname)`
			`#public_ip=$(curl -s http://169.254.169.254/2014-11-05/meta-data/public-ipv4)`
			`#private_ip=$(curl -s http://169.254.169.254/2014-11-05/meta-data/local-ipv4)`
initial commit of scripts 2015-12-04 09:32:24 -05:00
WIP 2016-12-23 02:07:00 -05:00			`cd letsencrypt`
Print warning when certbot-auto has insecure permissions. (#6995) This PR attempts to better inform people about the problem identified at https://community.letsencrypt.org/t/certbot-auto-deployment-best-practices/91979/. I was hesitant to add the flag --no-permissions-check, however, if there's some obscure distro out there (or custom user setup) that has a strange users and groups, I didn't want us to either: Have to put out a bug fix release Refuse to fix the problem and let them deal with warnings on every run * add check_permissions.py * Update letsencrypt-auto.template. * build letsencrypt-auto * Add test_permissions_warnings to auto_test * Allow uid/gid < 1000. * Add --no-permissions-check to Certbot. * Add --no-permissions-check to certbot-auto. * Add test farm test that letsencrypt-auto is quiet. As a bonus, this new test will catch problems like the one that the caused 0.33.1 point release. * Update CHANGELOG about permissions check. * Update permissions comment. * Fix symlink handling. * Use a better default in auto_test.py. 2019-04-30 13:45:03 -04:00			`LE_AUTO_DIR="/usr/local/bin"`
			`LE_AUTO_PATH="$LE_AUTO_DIR/letsencrypt-auto"`
			`sudo cp letsencrypt-auto-source/letsencrypt-auto "$LE_AUTO_PATH"`
			`sudo chown root "$LE_AUTO_PATH"`
			`sudo chmod 0755 "$LE_AUTO_PATH"`
			`export PATH="$LE_AUTO_DIR:$PATH"`

WIP 2016-12-23 02:07:00 -05:00			`letsencrypt-auto --os-packages-only --debug --version`
Move venv symlink check out of leauto_upgrades. (#6830) * Move venv symlink check out of leauto_upgrades. * Add back double venv check. 2019-04-10 21:24:32 -04:00
Update Fedora AMI (#7102) Fixes #6955. This updates the Fedora version used in our test farm tests to Fedora 30. The AMI ID comes from https://alt.fedoraproject.org/cloud/ where it is listed as their standard HVM AMI for the region we use us-east-1 (US East (N. Virginia)). Unfortunately, there were a lot of small changes required for this. The big reason for this is on Fedora, there isn't a Python 2 executable installed. In fact, there's not even an executable named python. It's just python3. Rather than installing another Python in each test, I wrote a script that the test scripts can share to figure out the different paths and names that should be used in their script. (This isn't used in test_sdists.sh because the logic is a little different.) Other changes here worth flagging are: I changed the name of the variable RUN_PYTHON3_TESTS in test_leauto_upgrades.sh to RUN_RHEL6_TESTS. The tests that are run when this variable is set test the upgrade from Python 2 to Python 3 on RHEL 6. I think this new name is much better now that we also have Fedora running Python 3. I made tools/simple_http_server.py work on Python 3. You can see tests passing with these changes at https://travis-ci.com/certbot/certbot/builds/113821476. I also ran test_tests.sh and they passed. * Update to Fedora 30 in test farm tests. Fedora 28 is likely to reach its EOL soon. * Add set_python_envvars.sh. * Fix test_apache2.sh on python3 only distros. * Fix test_leauto_upgrades.sh on python3 systems. * Fix certonly_standalone tests with python3 only * Fix test_sdists.sh on python3 only distros. * Make simple_http_server.py work on Python 3. * add comments 2019-05-31 21:08:52 -04:00			`# This script sets the environment variables PYTHON_NAME, VENV_PATH, and`
			`# VENV_SCRIPT based on the version of Python available on the system. For`
			`# instance, Fedora uses Python 3 and Python 2 is not installed.`
			`. tests/letstest/scripts/set_python_envvars.sh`

Move venv symlink check out of leauto_upgrades. (#6830) * Move venv symlink check out of leauto_upgrades. * Add back double venv check. 2019-04-10 21:24:32 -04:00			`# Create a venv-like layout at the old virtual environment path to test that a`
			`# symlink is properly created when letsencrypt-auto runs.`
			`HOME=${HOME:-~root}`
			`XDG_DATA_HOME=${XDG_DATA_HOME:-~/.local/share}`
			`OLD_VENV_BIN="$XDG_DATA_HOME/letsencrypt/bin"`
			`mkdir -p "$OLD_VENV_BIN"`
			`touch "$OLD_VENV_BIN/letsencrypt"`

WIP 2016-12-23 02:07:00 -05:00			`letsencrypt-auto certonly --no-self-upgrade -v --standalone --debug \`
initial commit of scripts 2015-12-04 09:32:24 -05:00			`--text --agree-dev-preview --agree-tos \`
			`--renew-by-default --redirect \`
			`--register-unsafely-without-email \`
passing in instance data as environment variables 2015-12-04 17:35:57 -05:00			`--domain $PUBLIC_HOSTNAME --server $BOULDER_URL`
Test farm tests for openssl-based revocation checking 2016-12-23 03:20:38 -05:00
Update Fedora AMI (#7102) Fixes #6955. This updates the Fedora version used in our test farm tests to Fedora 30. The AMI ID comes from https://alt.fedoraproject.org/cloud/ where it is listed as their standard HVM AMI for the region we use us-east-1 (US East (N. Virginia)). Unfortunately, there were a lot of small changes required for this. The big reason for this is on Fedora, there isn't a Python 2 executable installed. In fact, there's not even an executable named python. It's just python3. Rather than installing another Python in each test, I wrote a script that the test scripts can share to figure out the different paths and names that should be used in their script. (This isn't used in test_sdists.sh because the logic is a little different.) Other changes here worth flagging are: I changed the name of the variable RUN_PYTHON3_TESTS in test_leauto_upgrades.sh to RUN_RHEL6_TESTS. The tests that are run when this variable is set test the upgrade from Python 2 to Python 3 on RHEL 6. I think this new name is much better now that we also have Fedora running Python 3. I made tools/simple_http_server.py work on Python 3. You can see tests passing with these changes at https://travis-ci.com/certbot/certbot/builds/113821476. I also ran test_tests.sh and they passed. * Update to Fedora 30 in test farm tests. Fedora 28 is likely to reach its EOL soon. * Add set_python_envvars.sh. * Fix test_apache2.sh on python3 only distros. * Fix test_leauto_upgrades.sh on python3 systems. * Fix certonly_standalone tests with python3 only * Fix test_sdists.sh on python3 only distros. * Make simple_http_server.py work on Python 3. * add comments 2019-05-31 21:08:52 -04:00			`LINK_PATH=$("$PYTHON_NAME" tools/readlink.py ${XDG_DATA_HOME:-~/.local/share}/letsencrypt)`
			`if [ "$LINK_PATH" != "/opt/eff.org/certbot/venv" ]; then`
Move venv symlink check out of leauto_upgrades. (#6830) * Move venv symlink check out of leauto_upgrades. * Add back double venv check. 2019-04-10 21:24:32 -04:00			`echo symlink from old venv path not properly created!`
			`exit 1`
			`fi`

Add --no-self-upgrade to test farm test. (#5095) 2017-09-14 20:33:32 -04:00			`if ! letsencrypt-auto --help --no-self-upgrade \| grep -F "letsencrypt-auto [SUBCOMMAND]"; then`
Test farm improvements (#5088) * prevent regressions of #5082 * Fix test_leauto_upgrades.sh test_leauto_upgrades.sh has been incorrectly been succeeding because while peep doesn't work with newer versions of pip and letsencrypt-auto would crash, the output included the version number so we reported the test as passing. This updates letsencrypt-auto to the oldest version that still works for the purpose of the test and sets pipefail so errors are properly reported. * Test symlink creation in test_leauto_upgrades.sh * Pin dependencies in test_sdists.sh. * Fix permissions errors in test_tests.sh 2017-09-07 20:54:40 -04:00			`echo "letsencrypt-auto not included in help output!"`
			`exit 1`
			`fi`
Print warning when certbot-auto has insecure permissions. (#6995) This PR attempts to better inform people about the problem identified at https://community.letsencrypt.org/t/certbot-auto-deployment-best-practices/91979/. I was hesitant to add the flag --no-permissions-check, however, if there's some obscure distro out there (or custom user setup) that has a strange users and groups, I didn't want us to either: Have to put out a bug fix release Refuse to fix the problem and let them deal with warnings on every run * add check_permissions.py * Update letsencrypt-auto.template. * build letsencrypt-auto * Add test_permissions_warnings to auto_test * Allow uid/gid < 1000. * Add --no-permissions-check to Certbot. * Add --no-permissions-check to certbot-auto. * Add test farm test that letsencrypt-auto is quiet. As a bonus, this new test will catch problems like the one that the caused 0.33.1 point release. * Update CHANGELOG about permissions check. * Update permissions comment. * Fix symlink handling. * Use a better default in auto_test.py. 2019-04-30 13:45:03 -04:00
Stop certbot-auto from printing blank lines (#7016) Fixes #7012. Apparently, the previous test we had here doesn't catch the case when certbot-auto prints blank lines. (I don't yet understand why so if someone does, please let me know!) Regardless, I fixed up the test and verified it fails with the version of letsencrypt-auto in master and then fixed letsencrypt-auto so the test passes. I ran test farm tests on the changes here and they passed on all instances. * correct test * fixes #7012 2019-05-02 14:36:47 -04:00			`OUTPUT_LEN=$(letsencrypt-auto --install-only --no-self-upgrade --quiet 2>&1 \| wc -c)`
			`if [ "$OUTPUT_LEN" != 0 ]; then`
Print warning when certbot-auto has insecure permissions. (#6995) This PR attempts to better inform people about the problem identified at https://community.letsencrypt.org/t/certbot-auto-deployment-best-practices/91979/. I was hesitant to add the flag --no-permissions-check, however, if there's some obscure distro out there (or custom user setup) that has a strange users and groups, I didn't want us to either: Have to put out a bug fix release Refuse to fix the problem and let them deal with warnings on every run * add check_permissions.py * Update letsencrypt-auto.template. * build letsencrypt-auto * Add test_permissions_warnings to auto_test * Allow uid/gid < 1000. * Add --no-permissions-check to Certbot. * Add --no-permissions-check to certbot-auto. * Add test farm test that letsencrypt-auto is quiet. As a bonus, this new test will catch problems like the one that the caused 0.33.1 point release. * Update CHANGELOG about permissions check. * Update permissions comment. * Fix symlink handling. * Use a better default in auto_test.py. 2019-04-30 13:45:03 -04:00			`echo letsencrypt-auto produced unexpected output!`
			`exit 1`
			`fi`