IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-25 16:31:08 -06:00
Code Issues Packages Projects Releases Wiki Activity
7c0b0f3471
freeipa/.test_runner_config.yaml
Christian Heimes a9f34c7605 Disable nss-p11-kit crypto policy for tests 
NSS 3.40 and 3.41 enable p11-kit proxy. The PKCS#11 proxy loads all
PKCS#11 providers including the default SoftHSM2 token. On Fedora 28
OpenLDAP is patched to use Mozilla NSS. Because the SoftHSM2 token is
protected, the OpenLDAP function tlsmc_extract_cacerts() blocks because
it is waiting for PIN.

Delete the p11-kit policy and regenerate crypto policy.

OpenLDAP debug output:

ldap_url_parse_ext(ldap://master.ipa.test:389/)
TLSMC: MozNSS compatibility interception begins.
tlsmc_intercept_initialization: INFO: entry options follow:
tlsmc_intercept_initialization: INFO: cacertdir = `/etc/dirsrv/slapd-IPA-TEST'
tlsmc_intercept_initialization: INFO: certfile = `(null)'
tlsmc_intercept_initialization: INFO: keyfile = `(null)'
tlsmc_convert: INFO: trying to open NSS DB with CACertDir = `/etc/dirsrv/slapd-IPA-TEST'.
tlsmc_open_nssdb: INFO: trying to initialize moznss using security dir `/etc/dirsrv/slapd-IPA-TEST` prefix ``.
tlsmc_open_nssdb: INFO: initialized MozNSS context.
tlsmc_convert: INFO: trying with PEM dir = `/tmp/openldap-tlsmc-slapd-IPA-TEST--CFD75CD2496FD947611EE486C199DB7DE06AF86D5CD28715BAD24414827D1987'.
tlsmc_convert: WARN: will try to create PEM dir.
tlsmc_prepare_dir: INFO: preparing PEM directory `/tmp/openldap-tlsmc-slapd-IPA-TEST--CFD75CD2496FD947611EE486C199DB7DE06AF86D5CD28715BAD24414827D1987'.
tlsmc_prepare_dir: INFO: creating a subdirectory `cacerts'.
tlsmc_prepare_dir: INFO: successfully created PEM directory structure.
   ***NSS 3.40 BLOCKS HERE***
tlsmc_extract_cacerts: INFO: found cert nick=`Server-Cert', _not_ a trusted CA, skipping.
tlsmc_extract_cacerts: INFO: found cert nick=`Self-Signed-CA', a trusted CA.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
2018-12-13 14:53:38 +01:00

89 lines
2.9 KiB
YAML
Raw Blame History

#
# Copyright (C) 2017 FreeIPA Contributors see COPYING for license
#
# Configuration file for the test runner used in Travis CI
container:
detach: true
hostname: master.ipa.test
working_dir: /freeipa
host:
binds:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- /dev/urandom:/dev/random:ro
privileged: true
security_opt:
- label:disable
tmpfs:
- /tmp
- /run
server:
domain: ipa.test
password: Secret123
realm: IPA.TEST
steps:
build:
- make V=0 ${make_target} LOG_COMPILE='gdb -return-child-result -ex run -ex "thread apply all bt" -ex "quit" --args'
builddep:
- rm -rf /var/cache/dnf/*
- "dnf makecache || :"
- dnf builddep -y ${builddep_opts} -D "with_wheels 1" --spec freeipa.spec.in --best --allowerasing --setopt=install_weak_deps=False
- dnf install -y gdb
- dnf update -y annobin
cleanup:
- chown -R ${uid}:${gid} ${container_working_dir}
- journalctl -b --no-pager > systemd_journal.log
- >
tar --ignore-failed-read -cvf ${container_working_dir}/var_log.tar
/var/log/dirsrv
/var/log/httpd
/var/log/ipa*
/var/log/krb5kdc.log
/var/log/pki
systemd_journal.log
`find daemons -name '*.log' -print`
- chown ${uid}:${gid} ${container_working_dir}/var_log.tar
- ls -laZ /etc/dirsrv/slapd-*/ /etc/httpd/alias/ /etc/pki/pki-tomcat/alias/ || true
configure:
- ./autogen.sh
install_packages:
- sed -i 's/%_install_langs \(.*\)/\0:fr/g' /etc/rpm/macros.image-language-conf
- dnf install -y ${container_working_dir}/dist/rpms/*.rpm --best --allowerasing
# nss-p11-kit causes OpenLDAP's TLSMC patch to block
- rm -f /etc/crypto-policies/local.d/nss-p11-kit.config && update-crypto-policies
install_server:
- ipa-server-install -U --domain ${server_domain} --realm ${server_realm} -p ${server_password}
-a ${server_password} --setup-dns --setup-kra --auto-forwarders
- sed -ri "s/mode = production/mode = development/" /etc/ipa/default.conf
- systemctl restart httpd.service
lint:
- make V=0 lint
webui_unit:
- dnf install -y npm
- cd ${container_working_dir}/install/ui/js/libs && make
- cd ${container_working_dir}/install/ui && npm install
- cd ${container_working_dir}/install/ui && node_modules/grunt/bin/grunt --verbose test
tox:
# just run one pylint and one Python 3 target (time/coverage trade-off)
- tox -e py36,pypi,pylint3
prepare_tests:
- echo ${server_password} | kinit admin && ipa ping
- cp -r /etc/ipa/* ~/.ipa/
- echo ${server_password} > ~/.ipa/.dmpw
- echo 'wait_for_dns=5' >> ~/.ipa/default.conf
run_tests:
- ipa-test-config --help
- ipa-test-task --help
- ipa-run-tests ${tests_ignore} -k-test_dns_soa ${tests_verbose} ${path}
- '! grep -n -C5 BytesWarning /var/log/httpd/error_log'
- ipa-server-install --uninstall -U
# second uninstall to verify that --uninstall without installation works
- ipa-server-install --uninstall -U
tests:
ignore:
- test_integration
- test_webui
- test_ipapython/test_keyring.py
verbose: true
Reference in New Issue View Git Blame Copy Permalink