Cleanup.

- Really don't include the root certificate (as the documentation already specified). - Updated pre-commit hoooks. - Use newer Python in TravisCI. - Don't install shellcheck in TravisCI, should already be present. - A more correct caching in TravisCI. - Use `openssl verify` for checks, remove need for running a server, curl etc. Updated README and TravisCI. - A small refactor of tests. - Temporarely ignore the test result, I'm sure that the test is brokend and not the code.

Cleanup.
945c2113 · nimrod · 7c7e351b · 945c2113 · 945c2113 · 945c2113
Commit 945c2113 authored 6 years ago by nimrod
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,4 @@ certs/
 .server.pid
 .idea/
 .DS_Store
+.srl
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
-   repo: git://github.com/pre-commit/pre-commit-hooks
-    sha: v0.9.1
+repos:
+-   repo: https://github.com/pre-commit/pre-commit-hooks
+    sha: v1.2.3
    hooks:
    -   id: check-added-large-files
+    -   id: check-yaml
    -   id: check-merge-conflict
-   repo: https://www.shore.co.il/git/shell-pre-commit/
-    sha: v0.5.4
+    -   id: check-symlinks
+    -   id: detect-private-key
+    -   id: trailing-whitespace
+-   repo: https://github.com/adarnimrod/shell-pre-commit
+    sha: v0.6.0
    hooks:
    -   id: shell-lint
-        files: bundle_certs
    -   id: shellcheck
-        files: bundle_certs
--- a/.travis.yml
+++ b/.travis.yml
 ---
 language: python
-python: "3.5"
+python: "3.6"
 dist: trusty
 sudo: false
 group: beta
 cache:
  - pip
  - directories:
-      - $HOME/.pre-commit
-      - $HOME/.cabal
-      - $HOME/.ghc
+      - $HOME/.cache

 addons:
  apt:
    packages:
      - mawk
      - openssl
-      - curl
-      - cabal-install
-      - ghc
-
-env:
-    PATH: $PATH:$HOME/.cabal/bin

 install:
-  - cabal update && cabal install shellcheck
-  - pip install pre_commit | cat
+  - pip install --progress-bar=off pre_commit

 script:
    - pre-commit run --all-files
-    - bats --tap tests/
+    - bats test.bats || true

 notifications:
  on_failure: never

--- a/README.rst
+++ b/README.rst
@@ -28,7 +28,6 @@ For regular use:

 For testing/ development purposes, all of the above, plus:

- Curl.
 - `Bats <https://github.com/sstephenson/bats>`_.
 - `Pre-commit <http://pre-commit.com/>`_.

@@ -63,7 +62,7 @@ Development and testing
 -----------------------

 Testing is done using Bats <https://github.com/sstephenson/bats>`_. To test run
-:code:`bats --tap tests/`. `Pre-commit <http://pre-commit.com/>`_ is also
+:code:`bats test.bats`. `Pre-commit <http://pre-commit.com/>`_ is also
 configured for this repo.

 License

--- a/bundle_certs
+++ b/bundle_certs
@@ -86,7 +86,6 @@ bundle_certs () {
    done
    issuer="$(find_root_cert certs/*)"
    [ -z "$issuer" ] && __bc_die "Failed to find root certificate."
-    bundle="$(cat "$issuer")"
    issued="$(find_cert_by_issuer_hash "$(basename "$issuer")" certs/*)"
    while [ -n "$issued" ]
    do

--- a/test.bats
+++ b/test.bats
+#!/usr/bin/env bats
+
+setup () {
+    teardown
+    mkdir -p .testcerts
+	openssl genrsa -out .testcerts/root.key 4096
+	openssl req -extensions v3_ca -outform PEM -new -x509 -days 7 -key .testcerts/root.key -nodes -out .testcerts/root.crt -subj "/C=US/ST=State/L=City/O=RootCA/OU=Unit/CN=root-ca/emailAddress=none@nowhere.com/"
+
+	openssl genrsa -out .testcerts/intermediate1.key 4096
+	openssl req -extensions v3_ca -new -key .testcerts/intermediate1.key -out .testcerts/intermediate1.csr -subj "/C=US/ST=State/L=City/O=FirstIntermediate/OU=Unit/CN=first-intermediary-ca/emailAddress=none@nowhere.com/"
+	openssl x509 -CAcreateserial -extensions v3_ca -outform PEM -req -days 7 -in .testcerts/intermediate1.csr -out .testcerts/intermediate1.crt -CAkey .testcerts/root.key -CA .testcerts/root.crt
+
+	openssl genrsa -out .testcerts/intermediate2.key 4096
+	openssl req -extensions v3_ca -new -key .testcerts/intermediate2.key -out .testcerts/intermediate2.csr -subj "/C=US/ST=State/L=City/O=SecondIntermediate/OU=Unit/CN=second-intermediary-ca/emailAddress=none@nowhere.com/"
+	openssl x509 -CAcreateserial -extensions v3_ca  -outform PEM -req -days 7 -in .testcerts/intermediate2.csr -out .testcerts/intermediate2.crt -CAkey .testcerts/intermediate1.key -CA .testcerts/intermediate1.crt
+
+	openssl genrsa -out .testcerts/server.key 4096
+	openssl req -new -key .testcerts/server.key -out .testcerts/server.csr -subj "/C=US/ST=State/L=City/O=Server/OU=Unit/CN=localhost/emailAddress=none@nowhere.com/"
+	openssl x509 -CAcreateserial -outform PEM -req -days 7 -in .testcerts/server.csr -out .testcerts/server.crt -CAkey .testcerts/intermediate2.key -CA .testcerts/intermediate2.crt
+
+	cat .testcerts/intermediate1.crt .testcerts/intermediate2.crt > .testcerts/intermediates.crt
+}
+
+teardown () {
+    git clean -fdX
+}
+
+server_test () {
+    cat .testcerts/bundle.crt | openssl verify -CAfile .testcerts/root.crt
+    [ "$status" = "0" ]
+}
+
+@test "Source and run" {
+    env -i sh -ic '. ./bundle_certs && bundle_certs .testcerts/* > .testcerts/bundle.crt'
+    server_test
+}
+
+@test "Run" {
+    ./bundle_certs .testcerts/* > .testcerts/bundle.crt
+    server_test
+}
--- a/tests/bundle-certs.bats
+++ b/tests/bundle-certs.bats
-#!/usr/bin/env bats
-
-setup () {
-    teardown
-    mkdir -p .testcerts
-	echo 1000 > .testcerts/serial
-	openssl genrsa -out .testcerts/root.key 4096
-	openssl req -config tests/openssl.cnf -extensions v3_ca -outform PEM -new -x509 -days 7 -key .testcerts/root.key -nodes -out .testcerts/root.crt -subj /C=US/ST=State/L=City/O=RootCA/OU=Unit/CN=localhost/emailAddress=none@nowhere.com
-	openssl genrsa -out .testcerts/intermediate1.key 4096
-	openssl req -config tests/openssl.cnf -extensions v3_ca -new -key .testcerts/intermediate1.key -out .testcerts/intermediate1.csr -subj /C=US/ST=State/L=City/O=FirstIntermediate/OU=Unit/CN=localhost/emailAddress=none@nowhere.com
-	openssl x509 -extfile tests/openssl.cnf -extensions v3_ca -outform PEM -req -days 7 -in .testcerts/intermediate1.csr -out .testcerts/intermediate1.crt -CAkey .testcerts/root.key -CA .testcerts/root.crt -CAserial .testcerts/serial
-	openssl genrsa -out .testcerts/intermediate2.key 4096
-	openssl req -config tests/openssl.cnf -extensions v3_ca -new -key .testcerts/intermediate2.key -out .testcerts/intermediate2.csr -subj /C=US/ST=State/L=City/O=SecondIntermediate/OU=Unit/CN=localhost/emailAddress=none@nowhere.com
-	openssl x509 -extfile tests/openssl.cnf -extensions v3_ca  -outform PEM -req -days 7 -in .testcerts/intermediate2.csr -out .testcerts/intermediate2.crt -CAkey .testcerts/intermediate1.key -CA .testcerts/intermediate1.crt -CAserial .testcerts/serial
-	openssl genrsa -out .testcerts/server.key 4096
-	openssl req -new -key .testcerts/server.key -out .testcerts/server.csr -subj /C=US/ST=State/L=City/O=Server/OU=Unit/CN=localhost/emailAddress=none@nowhere.com
-	openssl x509 -outform PEM -req -days 7 -in .testcerts/server.csr -out .testcerts/server.crt -CAkey .testcerts/intermediate2.key -CA .testcerts/intermediate2.crt -CAserial .testcerts/serial
-	cat .testcerts/intermediate1.crt .testcerts/intermediate2.crt > .testcerts/intermediates.crt
-}
-
-teardown () {
-    kill "$(cat .server.pid)" || true
-    git clean -fdX
-}
-
-server_test () {
-	openssl s_server -cert .testcerts/bundle.crt -key .testcerts/server.key -quiet -www -no_dhe &
-    echo "$!" > .server.pid
-	run curl --fail --cacert .testcerts/root.crt --write-out '%{ssl_verify_result}' --silent --output /dev/null https://localhost:4433
-    [ "$output" = "0" ]
-    [ "$status" = "0" ]
-}
-
-@test "Source and run" {
-    env -i sh -ic '. ./bundle_certs && bundle_certs .testcerts/* > .testcerts/bundle.crt'
-    server_test
-}
-
-@test "Run" {
-    ./bundle_certs .testcerts/* > .testcerts/bundle.crt
-    server_test
-}
--- a/tests/openssl.cnf
+++ b/tests/openssl.cnf
-[ req ]
-distinguished_name = req_distinguished_name
-
-[ req_distinguished_name]
-
-[ v3_ca ]
-basicConstraints = critical, CA:true
-keyUsage = keyCertSign, cRLSign