[apache2] 03/03: Merge autopkgtests from Ubuntu

[Stefan Fritsch]

This is an automated email from the git hooks/post-receive script.

sf pushed a commit to branch master
in repository apache2.

commit 55b35c68c2510b2935f7b4d18f83d8d1f06f25f6
Author: Stefan Fritsch <sf at sfritsch.de>
Date:   Sun Mar 27 10:46:37 2016 +0200

    Merge autopkgtests from Ubuntu
    
    And fix duplicate-module-load test
---
 debian/changelog                   |  5 ++++
 debian/tests/chroot                | 39 +++++++++++++++++++++++++++
 debian/tests/control               | 12 +++++++++
 debian/tests/duplicate-module-load | 28 ++++++++++++++++++++
 debian/tests/ssl-passphrase        | 54 ++++++++++++++++++++++++++++++++++++++
 5 files changed, 138 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index a463ef5..4d326ed 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -10,6 +10,11 @@ apache2 (2.4.18-2) UNRELEASED; urgency=medium
   * Don't treat mod_access_compat as essential. It's essentially broken,
     anyway.
   * Merge cross-compile tweaks for debian/rules from ubuntu.
+  * Merge autopkgtests from Ubuntu. Many thanks to Robie Basak.
+    Closes: #719245
+  * Fix duplicate-module-load test and make sure it fails if it cannot execute
+    apache2ctl.
+    
 
  -- Stefan Fritsch <sf at debian.org>  Sat, 09 Jan 2016 23:35:20 +0100
 
diff --git a/debian/tests/chroot b/debian/tests/chroot
new file mode 100644
index 0000000..d722a29
--- /dev/null
+++ b/debian/tests/chroot
@@ -0,0 +1,39 @@
+#!/bin/sh
+set -ex
+
+# Check that ChrootDir works correctly. Written in response to LP: #1251939.
+#
+# Author: Robie Basak <robie.basak at ubuntu.com>
+#
+# This test requires:
+#  * wget
+#  * The dpkg-dev package for the dpkg-architecture command
+#
+# This is a "breaks-testbed" dep8 test.
+#
+# This test sets up a minimal environment to exercise ChrootDir. Do not use
+# it as an example of how to set up Apache in a secure chroot environment.
+
+sed -i 's_DocumentRoot.*$_DocumentRoot /_' /etc/apache2/sites-available/000-default.conf
+
+LIBGCC_S_PATH=/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH)/libgcc_s.so.1
+cat > /etc/apache2/conf-available/chroot.conf <<EOT
+LoadFile $LIBGCC_S_PATH
+ChrootDir /var/www
+<Directory />
+       Options Indexes FollowSymLinks
+       AllowOverride None
+       Require all granted
+</Directory>
+EOT
+a2enconf chroot
+
+echo "Hello, world!" > /var/www/hello.txt
+
+service apache2 restart
+
+result=`wget -qO- http://localhost/hello.txt`
+if [ "$result" != "Hello, world!" ]; then
+    echo "Unexpected result from wget" >&2
+    exit 1
+fi
diff --git a/debian/tests/control b/debian/tests/control
new file mode 100644
index 0000000..7194e34
--- /dev/null
+++ b/debian/tests/control
@@ -0,0 +1,12 @@
+Tests: duplicate-module-load
+Restrictions: allow-stderr, needs-root
+Depends: apache2
+
+Tests: ssl-passphrase
+Restrictions: needs-root allow-stderr breaks-testbed
+Depends: apache2, curl, expect, ssl-cert
+
+Tests: chroot
+Features: no-build-needed
+Restrictions: needs-root allow-stderr breaks-testbed
+Depends: apache2, wget, dpkg-dev
diff --git a/debian/tests/duplicate-module-load b/debian/tests/duplicate-module-load
new file mode 100644
index 0000000..41ca45e
--- /dev/null
+++ b/debian/tests/duplicate-module-load
@@ -0,0 +1,28 @@
+#!/bin/sh
+set -ex
+
+# Check to make sure that module loads haven't been duplicated.
+# Since this is potential minefield that could cause chaos, and a fix is
+# currently in the Ubuntu delta, check specifically for it.
+
+# Why is this so bad? See:
+#   https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1251939
+#   https://issues.apache.org/bugzilla/show_bug.cgi?id=55787
+
+TEMPFILE0=$(mktemp)
+TEMPFILE1=$(mktemp)
+TEMPFILE2=$(mktemp)
+
+apache2ctl -l -M > $TEMPFILE0
+sort $TEMPFILE0 > $TEMPFILE1
+if ! grep core.c $TEMPFILE1 ; then
+	echo "core.c not found in apach2ctl output. apache2ctl broken?"
+	exit 1
+fi
+
+uniq < $TEMPFILE1 > $TEMPFILE2
+
+if ! diff -u $TEMPFILE1 $TEMPFILE2 ; then
+	echo Duplicate module loads found
+	exit 1
+fi
diff --git a/debian/tests/ssl-passphrase b/debian/tests/ssl-passphrase
new file mode 100644
index 0000000..a0a4fb6
--- /dev/null
+++ b/debian/tests/ssl-passphrase
@@ -0,0 +1,54 @@
+#!/bin/sh
+set -ex
+
+# Check that the init script correctly prompts for the passphrase on startup,
+# then starts and responds correctly to https queries.
+#
+# Author: Robie Basak <robie.basak at ubuntu.com>
+
+cd /etc/ssl/private
+[ -f ssl-cert-snakeoil.key.nopassphrase ] || mv ssl-cert-snakeoil.key ssl-cert-snakeoil.key.nopassphrase
+openssl rsa -des3 -in ssl-cert-snakeoil.key.nopassphrase -out ssl-cert-snakeoil.key -passout pass:test
+a2enmod ssl
+a2ensite default-ssl
+
+# respond to systemd-ask-passphrase
+password_responder() {
+    while [ ! -e /run/systemd/ask-password/sck.* ]; do sleep 1; done
+    echo "ssl-passphrase test password responder: found prompt, sending password"
+    echo test | /lib/systemd/systemd-reply-password 1 /run/systemd/ask-password/sck.*
+}
+password_responder &
+
+# run expect for running under sysvinit/upstart
+expect <<EOT
+spawn service apache2 restart
+set timeout 600
+expect {
+	"assphrase:" {send "test\r"}
+
+	# Failure cases
+	"failed" {exit 1}
+	eof {exit 0}
+}
+
+# wait for eof and return exit code from spawned process back to the caller
+expect eof
+catch wait result
+exit [lindex \$result 3]
+EOT
+
+echo "Hello, world!" > /var/www/html/hello.txt
+
+# Use curl here. wget doesn't work on Debian, even with --no-check-certificate
+# wget on Debian gives me:
+#    GnuTLS: A TLS warning alert has been received.
+#    Unable to establish SSL connection.
+# Presumably this is due to the self-signed certificate, but I'm not sure how
+# to skip the warning with wget. curl will do for now.
+result=`curl -k https://localhost/hello.txt`
+
+if [ "$result" != "Hello, world!" ]; then
+    echo "Unexpected result from wget" >&2
+    exit 1
+fi

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git