ALT: tests: reenable enginepkcs11 tests

Fix for openssl/openssl#22508 landed in Sisyphus. TODO: convert this to the patch
stanislavlevin · Apr 2, 2024 · d5f56f6 · d5f56f6
1 parent b6644d4
commit d5f56f6
Show file tree

Hide file tree

Showing 5 changed files with 58 additions and 40 deletions.
diff --git a/bind.spec b/bind.spec
@@ -9,7 +9,7 @@
 %def_without system_tests
 # skip enginepkcs11 tests
 # https://github.com/openssl/openssl/issues/22508
-%def_without enginepkcs11
+%def_with enginepkcs11
 
 # common directory for documentation
 %define docdir %_docdir/bind-%version
@@ -81,18 +81,18 @@ BuildRequires: python3(sphinx_rtd_theme)
 %if_with check
 # for backtraces
 BuildRequires: gdb
-%if_with system_tests
-BuildRequires: python3(dns)
-BuildRequires: python3(hypothesis)
-# /usr/bin/gnutls-cli is required by doth tests
-BuildRequires: gnutls-utils
 %if_with enginepkcs11
 # requires only for pkcs11 tests
 BuildRequires: softhsm
 BuildRequires: libp11
 BuildRequires: opensc
 BuildRequires: openssl
 %endif
+%if_with system_tests
+BuildRequires: python3(dns)
+BuildRequires: python3(hypothesis)
+# /usr/bin/gnutls-cli is required by doth tests
+BuildRequires: gnutls-utils
 %else
 BuildRequires: rpm-build-vm
 BuildRequires: /dev/kvm
@@ -343,42 +343,16 @@ chmod 0755 %buildroot%_rpmlibdir/%name-restart.filetrigger
 # setup and teardown require root
 perl bin/tests/system/testsock.pl || sudo sh -x bin/tests/system/ifconfig.sh up
 
-%if_with enginepkcs11
-# setup softhsm
-# taken from https://gitlab.isc.org/isc-projects/images/-/blob/main/docker/bind9/debian-template/prep-softhsm-openssl-engine.sh.in
-export OPENSSL_CONF="/tmp/openssl.cnf"
-export SOFTHSM2_WORKDIR="/tmp/softhsm2"
-export SOFTHSM2_CONF="$SOFTHSM2_WORKDIR/softhsm2.conf"
-export SOFTHSM2_MODULE="%_libdir/softhsm/libsofthsm2.so"
-
-rm -rf "$SOFTHSM2_WORKDIR"
-mkdir -p "$SOFTHSM2_WORKDIR/tokens"
-cat <<EOF > "$SOFTHSM2_CONF"
-directories.tokendir = $SOFTHSM2_WORKDIR/tokens
-objectstore.backend = file
-log.level = DEBUG
-EOF
-
-cat > "$OPENSSL_CONF"<<EOF
-openssl_conf = openssl_init
-
-[openssl_init]
-engines = engine_section
-
-[engine_section]
-pkcs11 = pkcs11_section
-
-[pkcs11_section]
-engine_id = pkcs11
-dynamic_path = $(pkg-config libcrypto --variable=enginesdir)/pkcs11.so
-MODULE_PATH = %_libdir/softhsm/libsofthsm2.so
-init=0
-EOF
-%endif
-
 # tests are run as current user
 # see .gitlab-ci.yml
 pushd bin/tests/system
+%if_with enginepkcs11
+# set SOFTHSM2_MODULE to run pkc11 tests
+# see bin/tests/system/enginepkcs11/prereq.sh
+export SOFTHSM2_MODULE="%_libdir/softhsm/libsofthsm2.so"
+# set vars for named
+. ./softhsm_vars.sh
+%endif
 # named must be unchrooted for upstream tests
 export ALT_NAMED_OPTIONS=' -t / '
 SYSTEMTEST_NO_CLEAN=1 %make_build -k test V=1
@@ -403,10 +377,17 @@ perl bin/tests/system/testsock.pl || sh -x bin/tests/system/ifconfig.sh up
 ip a
 
 # tests
+pushd bin/tests/system
+%if_with enginepkcs11
+# set SOFTHSM2_MODULE to run pkc11 tests
+# see bin/tests/system/enginepkcs11/prereq.sh
+export SOFTHSM2_MODULE="%_libdir/softhsm/libsofthsm2.so"
+# set vars for named
+. ./softhsm_vars.sh
+%endif
 # named must be unchrooted for upstream tests
 export ALT_NAMED_OPTIONS=' -t / '
 
-pushd bin/tests/system
 testdirs=
 for testdir in */; do
     subns=$(find "$testdir" -maxdepth 1 -type d -name "ns[0-9]" | wc -l)

diff --git a/bind/bin/tests/system/enginepkcs11/setup.sh b/bind/bin/tests/system/enginepkcs11/setup.sh
@@ -13,6 +13,7 @@
 
 # shellcheck source=conf.sh
 . ../conf.sh
+. ../setup_softhsm.sh
 
 set -e
 

diff --git a/bind/bin/tests/system/keyfromlabel/setup.sh b/bind/bin/tests/system/keyfromlabel/setup.sh
@@ -13,6 +13,7 @@
 
 # shellcheck source=conf.sh
 . ../conf.sh
+. ../setup_softhsm.sh
 
 set -e
 

diff --git a/bind/bin/tests/system/setup_softhsm.sh b/bind/bin/tests/system/setup_softhsm.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+set -e
+
+# setup softhsm
+# taken from https://gitlab.isc.org/isc-projects/images/-/blob/main/docker/bind9/debian-template/prep-softhsm-openssl-engine.sh.in
+
+rm -rf "$SOFTHSM2_WORKDIR"
+mkdir -p "$SOFTHSM2_WORKDIR/tokens"
+cat <<EOF > "$SOFTHSM2_CONF"
+directories.tokendir = $SOFTHSM2_WORKDIR/tokens
+objectstore.backend = file
+log.level = DEBUG
+EOF
+
+cat > "$OPENSSL_CONF"<<EOF
+openssl_conf = openssl_init
+
+[openssl_init]
+engines = engine_section
+
+[engine_section]
+pkcs11 = pkcs11_section
+
+[pkcs11_section]
+engine_id = pkcs11
+dynamic_path = $(pkg-config libcrypto --variable=enginesdir)/pkcs11.so
+MODULE_PATH = $SOFTHSM2_MODULE
+init=0
+EOF
diff --git a/bind/bin/tests/system/softhsm_vars.sh b/bind/bin/tests/system/softhsm_vars.sh
@@ -0,0 +1,5 @@
+if [ -n "$SOFTHSM2_MODULE" ]; then
+  export OPENSSL_CONF="${TMPDIR:-/tmp}/openssl.cnf"
+  export SOFTHSM2_WORKDIR="${TMPDIR:-/tmp}/softhsm2"
+  export SOFTHSM2_CONF="$SOFTHSM2_WORKDIR/softhsm2.conf"
+fi