Skip to content

Commit

Permalink
Add an option to set a custom SSL certificates pem files directory in…
Browse files Browse the repository at this point in the history
… test.

In the Fedora project, we are running the mysql2 tests on the build environment
with a user permission, without root permission and without `sudo`.

In this case, we couldn't set up the pem files required to run SSL tests in the
`/etc/mysql`. This custom SSL directory option gives an option to run the SSL
tests executed in the environment.

How to use:

```
$ TEST_RUBY_MYSQL2_SSL_CERT_DIR=/tmp/mysql2 \
  bundle exec rake spec
```
  • Loading branch information
junaruga committed Jan 26, 2023
1 parent 89b4f15 commit 1edda51
Show file tree
Hide file tree
Showing 4 changed files with 32 additions and 10 deletions.
10 changes: 8 additions & 2 deletions .github/workflows/container.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
# Fedora latest stable version
- {distro: fedora, image: 'fedora:latest'}
# Fedora development version
- {distro: fedora, image: 'fedora:rawhide'}
- {distro: fedora, image: 'fedora:rawhide', ssl_cert_dir: '/tmp/mysql2'}
# On the fail-fast: true, it cancels all in-progress jobs
# if any matrix job fails unlike Travis fast_finish.
fail-fast: false
Expand All @@ -27,4 +27,10 @@ jobs:
# as a temporary workaround to avoid the following issue
# in the Fedora >= 34 containers.
# https://bugzilla.redhat.com/show_bug.cgi?id=1900021
- run: docker run --add-host=mysql2gem.example.com:127.0.0.1 -t --cap-add=SYS_PTRACE --security-opt seccomp=unconfined mysql2
- run: |
docker run \
--add-host=mysql2gem.example.com:127.0.0.1 \
-t \
-e TEST_RUBY_MYSQL2_SSL_CERT_DIR="${{ matrix.ssl_cert_dir || '' }}" \
--cap-add=SYS_PTRACE --security-opt seccomp=unconfined \
mysql2
13 changes: 8 additions & 5 deletions ci/ssl.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,19 +2,22 @@

set -eux

# TEST_RUBY_MYSQL2_SSL_CERT_DIR: custom SSL certs directory.
SSL_CERT_DIR=${TEST_RUBY_MYSQL2_SSL_CERT_DIR:-/etc/mysql}

# Make sure there is an /etc/mysql
mkdir -p /etc/mysql
mkdir -p "${SSL_CERT_DIR}"

# Copy the local certs to /etc/mysql
cp spec/ssl/*pem /etc/mysql/
cp spec/ssl/*pem "${SSL_CERT_DIR}"

# Wherever MySQL configs live, go there (this is for cross-platform)
cd $(my_print_defaults --help | grep my.cnf | xargs find 2>/dev/null | xargs dirname)

# Put the configs into the server
echo "
[mysqld]
ssl-ca=/etc/mysql/ca-cert.pem
ssl-cert=/etc/mysql/server-cert.pem
ssl-key=/etc/mysql/server-key.pem
ssl-ca=${SSL_CERT_DIR}/ca-cert.pem
ssl-cert=${SSL_CERT_DIR}/server-cert.pem
ssl-key=${SSL_CERT_DIR}/server-key.pem
" >> my.cnf
6 changes: 3 additions & 3 deletions spec/mysql2/client_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -154,9 +154,9 @@ def connect(*args)
let(:option_overrides) do
{
'host' => 'mysql2gem.example.com', # must match the certificates
:sslkey => '/etc/mysql/client-key.pem',
:sslcert => '/etc/mysql/client-cert.pem',
:sslca => '/etc/mysql/ca-cert.pem',
:sslkey => "#{ssl_cert_dir}/client-key.pem",
:sslcert => "#{ssl_cert_dir}/client-cert.pem",
:sslca => "#{ssl_cert_dir}/ca-cert.pem",
:sslcipher => 'DHE-RSA-AES256-SHA',
:sslverify => true,
}
Expand Down
13 changes: 13 additions & 0 deletions spec/spec_helper.rb
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,19 @@ def clock_time
end
end

# A directory where SSL certificates pem files exist.
def ssl_cert_dir
return @ssl_cert_dir if @ssl_cert_dir

dir = ENV['TEST_RUBY_MYSQL2_SSL_CERT_DIR']
@ssl_cert_dir = if dir && !dir.empty?
dir
else
'/etc/mysql'
end
@ssl_cert_dir
end

config.before(:suite) do
begin
new_client
Expand Down

0 comments on commit 1edda51

Please sign in to comment.