1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
#!/bin/sh
set -ex
# Check that the init script correctly prompts for the passphrase on startup,
# then starts and responds correctly to https queries.
#
# Author: Robie Basak <robie.basak@ubuntu.com>
cd /etc/ssl/private
[ -f ssl-cert-snakeoil.key.nopassphrase ] || mv ssl-cert-snakeoil.key ssl-cert-snakeoil.key.nopassphrase
openssl rsa -des3 -in ssl-cert-snakeoil.key.nopassphrase -out ssl-cert-snakeoil.key -passout pass:test
a2enmod ssl
a2ensite default-ssl
# respond to systemd-ask-passphrase
password_responder() {
while [ ! -e /run/systemd/ask-password/sck.* ]; do sleep 1; done
echo "ssl-passphrase test password responder: found prompt, sending password"
echo test | /lib/systemd/systemd-reply-password 1 /run/systemd/ask-password/sck.*
}
password_responder &
# run expect for running under sysvinit/upstart
expect <<EOT
spawn service apache2 restart
set timeout 600
expect {
"assphrase:" {send "test\r"}
# Failure cases
"failed" {exit 1}
eof {exit 0}
}
# wait for eof and return exit code from spawned process back to the caller
expect eof
catch wait result
exit [lindex \$result 3]
EOT
echo "Hello, world!" > /var/www/html/hello.txt
# Use curl here. wget doesn't work on Debian, even with --no-check-certificate
# wget on Debian gives me:
# GnuTLS: A TLS warning alert has been received.
# Unable to establish SSL connection.
# Presumably this is due to the self-signed certificate, but I'm not sure how
# to skip the warning with wget. curl will do for now.
result=`curl -k https://localhost/hello.txt`
if [ "$result" != "Hello, world!" ]; then
echo "Unexpected result from wget" >&2
exit 1
fi
|
