Cherry-pick "Tests: unify tests"

debian/patches/cherry-pick/1619654056.v9-3-g69b47ce.tests-unify-tests.patch

@@ -0,0 +1,232 @@
+Subject: Tests: unify tests
+Origin: v9-3-g69b47ce <https://github.com/latchset/tang/commit/v9-3-g69b47ce>
+Upstream-Author: Sergio Correia <scorreia@redhat.com>
+Date: Wed Apr 28 20:54:16 2021 -0300
+
+    Let's try to not duplicate tests but instead reuse them across the
+    supported platforms.
+
+--- a/tests/adv
++++ b/tests/adv
+@@ -1,4 +1,4 @@
+-#!/bin/bash -x
++#!/bin/sh -ex
+ # vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
+ #
+ # Copyright (c) 2016 Red Hat, Inc.
+@@ -18,35 +18,11 @@
+ # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ #
+ 
+-function fetch() {
+-    curl -sfg http://127.0.0.1:$PORT$1
+-}
+-
+-function ver() {
+-    jose jws ver -i- -k "$1"
+-}
+-
+-function on_exit() {
+-    if [ "$PID" ]; then kill $PID; wait $PID || true; fi
+-    [ -d "$TMP" ] && rm -rf $TMP
+-}
+-
+-validate() {
+-    if ! _jwks="$(jose fmt --json="${1}" -Og payload -SyOg keys \
+-                 -AUo- 2>/dev/null)"; then
+-        echo "Advertisement is malformed" >&2
+-        exit 1
+-    fi
+-    _ver="$(printf '%s' "${_jwks}" | jose jwk use -i- -r -u verify -o-)"
+-    if ! printf '%s' "${_ver}" | jose jws ver -i "${1}" -k- -a; then
+-        echo "Advertisement is missing signatures" >&2
+-        exit 1
+-    fi
+-}
++. helpers
+ 
+-trap 'on_exit' EXIT
+-trap 'exit' ERR
++sanity_check
+ 
++trap 'on_exit' EXIT
+ export TMP=`mktemp -d`
+ mkdir -p $TMP/db
+ 
+@@ -54,8 +30,8 @@
+ jose jwk gen -i '{"alg": "ES512"}' -o $TMP/db/.sig.jwk
+ jose jwk gen -i '{"alg": "ES512"}' -o $TMP/db/.oth.jwk
+ 
+-export PORT=`shuf -i 1024-65536 -n 1`
+-$SD_ACTIVATE -l "127.0.0.1:$PORT" -a $VALGRIND tangd $TMP/db &
++export PORT=$(random_port)
++start_server "${PORT}"
+ export PID=$!
+ sleep 0.5
+ 
+@@ -95,7 +71,7 @@
+                -g 0 -Og protected -SyOg cty -Sq "jwk-set+json" -EUUUUU \
+                -g 1 -Og protected -SyOg cty -Sq "jwk-set+json" -EUUUUU
+ 
+-test "$(tang-show-keys $PORT)" == "$(jose jwk thp -i $TMP/db/sig.jwk)"
++test "$(tang-show-keys $PORT)" = "$(jose jwk thp -i $TMP/db/sig.jwk)"
+ 
+ # Check that new keys will be created if none exist.
+ rm -rf "${TMP}/db" && mkdir -p "${TMP}/db"
+--- /dev/null
++++ b/tests/helpers
+@@ -0,0 +1,62 @@
++#!/bin/sh -ex
++# vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
++#
++# Copyright (c) 2016 Red Hat, Inc.
++# Author: Nathaniel McCallum <npmccallum@redhat.com>
++#
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation, either version 3 of the License, or
++# (at your option) any later version.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++#
++
++fetch() {
++    curl -sfg "http://127.0.0.1:${PORT}${1}"
++}
++
++ver() {
++    jose jws ver -i- -k "${1}"
++}
++
++random_port() {
++    if [ -n "${TANG_BSD}" ]; then
++        jot -r 1 1024 65536
++    else
++        shuf -i 1024-65536 -n 1
++    fi
++}
++
++start_server() {
++    "${SOCAT}" TCP-LISTEN:"${1}",bind=127.0.0.1,fork SYSTEM:"${VALGRIND} tangd ${TMP}/db" &
++}
++
++on_exit() {
++    if [ "$PID" ]; then kill "${PID}"; wait "${PID}" || true; fi
++    [ -d "${TMP}" ] && rm -rf "${TMP}"
++}
++
++validate() {
++    if ! _jwks="$(jose fmt --json="${1}" -Og payload -SyOg keys \
++                 -AUo- 2>/dev/null)"; then
++        echo "Advertisement is malformed" >&2
++        exit 1
++    fi
++    _ver="$(printf '%s' "${_jwks}" | jose jwk use -i- -r -u verify -o-)"
++    if ! printf '%s' "${_ver}" | jose jws ver -i "${1}" -k- -a; then
++        echo "Advertisement is missing signatures" >&2
++        exit 1
++    fi
++}
++
++sanity_check() {
++    # Skip test if socat is not available.
++    [ -n "${SOCAT}" ] || exit 77
++}
+--- a/tests/meson.build
++++ b/tests/meson.build
+@@ -18,9 +18,8 @@
+   include_directories: incdir
+ )
+ 
+-sd_activate = find_program(
+-  'systemd-socket-activate',
+-  'systemd-activate',
++socat = find_program(
++  'socat',
+   required: false
+ )
+ 
+@@ -28,15 +27,21 @@
+ env.prepend('PATH',
+   join_paths(meson.source_root(), 'src'),
+   join_paths(meson.build_root(), 'src'),
++  join_paths(meson.source_root(), 'tests'),
++  join_paths(meson.build_root(), 'tests'),
+   separator: ':'
+ )
+ 
+-if sd_activate.found()
+-  env.set('SD_ACTIVATE', sd_activate.path() + ' --inetd')
++if build_machine.system() == 'freebsd'
++  env.set('TANG_BSD', '1')
++endif
+ 
+-  test('adv', find_program('adv'), env: env, timeout: 60)
+-  test('rec', find_program('rec'), env: env)
++if socat.found()
++  env.set('SOCAT', socat.path())
+ endif
++
++test('adv', find_program('adv'), env: env, timeout: 60)
++test('rec', find_program('rec'), env: env)
+ test('test-keys', test_keys, env: env, timeout: 60)
+ 
+ # vim:set ts=2 sw=2 et:
+--- a/tests/rec
++++ b/tests/rec
+@@ -1,4 +1,4 @@
+-#!/bin/bash -x
++#!/bin/sh -ex
+ # vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
+ #
+ # Copyright (c) 2016 Red Hat, Inc.
+@@ -18,14 +18,11 @@
+ # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ #
+ 
+-function on_exit() {
+-    if [ "$PID" ]; then kill $PID; wait $PID || true; fi
+-    [ -d "$TMP" ] && rm -rf $TMP
+-}
++. helpers
+ 
+-trap 'on_exit' EXIT
+-trap 'exit' ERR
++sanity_check
+ 
++trap 'on_exit' EXIT
+ export TMP=`mktemp -d`
+ mkdir -p $TMP/db
+ 
+@@ -39,19 +36,19 @@
+ jose jwk pub -i $TMP/exc.jwk -o $TMP/exc.pub.jwk
+ 
+ # Start the server
+-port=`shuf -i 1024-65536 -n 1`
+-$SD_ACTIVATE -l 127.0.0.1:$port -a $VALGRIND tangd $TMP/db &
++export PORT=$(random_port)
++start_server "${PORT}"
+ export PID=$!
+ sleep 0.5
+ 
+ # Make sure that GET fails
+-! curl -sf http://127.0.0.1:$port/rec
+-! curl -sf http://127.0.0.1:$port/rec/
++! curl -sf http://127.0.0.1:$PORT/rec
++! curl -sf http://127.0.0.1:$PORT/rec/
+ 
+ # Make a recovery request (NOTE: this is insecure! Don't do this in real code!)
+ good=`jose jwk exc -i '{"alg":"ECMR","key_ops":["deriveKey"]}' -l $TMP/exc.jwk -r $TMP/db/exc.jwk`
+ test=`curl -sf -X POST \
+            -H "Content-Type: application/jwk+json" \
+            --data-binary @- \
+-           http://127.0.0.1:$port/rec/${exc_kid} < $TMP/exc.pub.jwk`
+-[ "$good" == "$test" ]
++           http://127.0.0.1:$PORT/rec/${exc_kid} < $TMP/exc.pub.jwk`
++[ "$good" = "$test" ]

debian/patches/series

@@ -2,6 +2,7 @@
 # cherry-picked commits. Keep in upstream's chronological order
 cherry-pick/1619791926.v9-1-g5482313.fix-generation-of-new-keys-when-no-keys-are-available.patch
 cherry-pick/1619793024.v9-2-gafb6055.keys-fix-signature-generation.patch
+cherry-pick/1619654056.v9-3-g69b47ce.tests-unify-tests.patch
 
 # patches for upstream
 for-upstream/2018-08-11.use-asciidoctor-to-build-manpages.patch