From a4d0188d215e6394edce152b750105e284d911e2 Mon Sep 17 00:00:00 2001
From: Brandon Kreisel <kreiselb@gmail.com>
Date: Sat, 3 Oct 2015 12:50:18 -0400
Subject: [PATCH] Add Mac compatibility to integration tests

---
 letsencrypt/plugins/manual.py                   |  1 +
 letsencrypt/plugins/standalone/authenticator.py | 11 +++++++----
 tests/boulder-integration.sh                    |  6 +++++-
 3 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/letsencrypt/plugins/manual.py b/letsencrypt/plugins/manual.py
index 3f7276725..f532b8fbc 100644
--- a/letsencrypt/plugins/manual.py
+++ b/letsencrypt/plugins/manual.py
@@ -159,6 +159,7 @@ binary for temporary key/certificate generation.""".replace("\n", "")
                     # don't care about setting stdout and stderr,
                     # we're in test mode anyway
                     shell=True,
+                    executable="/bin/bash",
                     # "preexec_fn" is UNIX specific, but so is "command"
                     preexec_fn=os.setsid)
             except OSError as error:  # ValueError should not happen!
diff --git a/letsencrypt/plugins/standalone/authenticator.py b/letsencrypt/plugins/standalone/authenticator.py
index 968063781..f7c24f5e5 100644
--- a/letsencrypt/plugins/standalone/authenticator.py
+++ b/letsencrypt/plugins/standalone/authenticator.py
@@ -301,11 +301,14 @@ class StandaloneAuthenticator(common.Plugin):
         :param int port: The TCP port in question.
         :returns: True or False."""
 
-        listeners = [conn.pid for conn in psutil.net_connections()
-                     if conn.status == 'LISTEN' and
-                     conn.type == socket.SOCK_STREAM and
-                     conn.laddr[1] == port]
         try:
+
+            # net_connections() can raise AccessDenied on certain OSs
+            listeners = [conn.pid for conn in psutil.net_connections()
+                         if conn.status == 'LISTEN' and
+                         conn.type == socket.SOCK_STREAM and
+                         conn.laddr[1] == port]
+
             if listeners and listeners[0] is not None:
                 # conn.pid may be None if the current process doesn't have
                 # permission to identify the listening process!  Additionally,
diff --git a/tests/boulder-integration.sh b/tests/boulder-integration.sh
index ed877d136..efd16ef6c 100755
--- a/tests/boulder-integration.sh
+++ b/tests/boulder-integration.sh
@@ -50,7 +50,11 @@ dir="$root/conf/archive/le1.wtf"
 for x in cert chain fullchain privkey;
 do
     latest="$(ls -1t $dir/ | grep -e "^${x}" | head -n1)"
-    live="$(readlink -f "$root/conf/live/le1.wtf/${x}.pem")"
+    if [ `uname`  == 'Darwin' ]; then
+      live="$(greadlink -f "$root/conf/live/le1.wtf/${x}.pem")"
+    else
+      live="$(readlink -f "$root/conf/live/le1.wtf/${x}.pem")"
+    fi
     [ "${dir}/${latest}" = "$live" ]  # renewer fails this test
 done