From 5842c7055f3c5f4bbc027073950c32aa635af7b6 Mon Sep 17 00:00:00 2001 From: Jun Aruga Date: Thu, 22 Dec 2022 15:15:11 +0100 Subject: [PATCH] Add an option to set a custom SSL pem files directory in test. In the Fedora project, we are running the mysql2 tests on the build environment with a user permission, without root permission and without `sudo`. In this case, we couldn't set up the pem files required to run SSL tests in the `/etc/mysql`. This custom SSL directory option gives an option to run the SSL tests executed in the environment. How to use: ``` $ TEST_RUBY_MYSQL2_SSL_DIR=/tmp/mysql2 \ bundle exec rake spec ``` --- .github/workflows/container.yml | 10 ++++++++-- ci/ssl.sh | 13 ++++++++----- spec/mysql2/client_spec.rb | 6 +++--- spec/spec_helper.rb | 13 +++++++++++++ 4 files changed, 32 insertions(+), 10 deletions(-) diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index bd14debf2..890d81f50 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -16,7 +16,7 @@ jobs: # Fedora latest stable version - {distro: fedora, image: 'fedora:latest'} # Fedora development version - - {distro: fedora, image: 'fedora:rawhide'} + - {distro: fedora, image: 'fedora:rawhide', ssl_dir: '/tmp/mysql2'} # On the fail-fast: true, it cancels all in-progress jobs # if any matrix job fails unlike Travis fast_finish. fail-fast: false @@ -27,4 +27,10 @@ jobs: # as a temporary workaround to avoid the following issue # in the Fedora >= 34 containers. # https://bugzilla.redhat.com/show_bug.cgi?id=1900021 - - run: docker run --add-host=mysql2gem.example.com:127.0.0.1 -t --cap-add=SYS_PTRACE --security-opt seccomp=unconfined mysql2 + - run: | + docker run \ + --add-host=mysql2gem.example.com:127.0.0.1 \ + -t \ + -e TEST_RUBY_MYSQL2_SSL_DIR="${{ matrix.ssl_dir || '' }}" \ + --cap-add=SYS_PTRACE --security-opt seccomp=unconfined \ + mysql2 diff --git a/ci/ssl.sh b/ci/ssl.sh index e98f27a44..f2fca28b8 100644 --- a/ci/ssl.sh +++ b/ci/ssl.sh @@ -2,11 +2,14 @@ set -eux +# TEST_RUBY_MYSQL2_SSL_DIR: custom SSL directory. +SSL_DIR=${TEST_RUBY_MYSQL2_SSL_DIR:-/etc/mysql} + # Make sure there is an /etc/mysql -mkdir -p /etc/mysql +mkdir -p "${SSL_DIR}" # Copy the local certs to /etc/mysql -cp spec/ssl/*pem /etc/mysql/ +cp spec/ssl/*pem "${SSL_DIR}" # Wherever MySQL configs live, go there (this is for cross-platform) cd $(my_print_defaults --help | grep my.cnf | xargs find 2>/dev/null | xargs dirname) @@ -14,7 +17,7 @@ cd $(my_print_defaults --help | grep my.cnf | xargs find 2>/dev/null | xargs dir # Put the configs into the server echo " [mysqld] -ssl-ca=/etc/mysql/ca-cert.pem -ssl-cert=/etc/mysql/server-cert.pem -ssl-key=/etc/mysql/server-key.pem +ssl-ca=${SSL_DIR}/ca-cert.pem +ssl-cert=${SSL_DIR}/server-cert.pem +ssl-key=${SSL_DIR}/server-key.pem " >> my.cnf diff --git a/spec/mysql2/client_spec.rb b/spec/mysql2/client_spec.rb index ede316b76..65f960c9e 100644 --- a/spec/mysql2/client_spec.rb +++ b/spec/mysql2/client_spec.rb @@ -154,9 +154,9 @@ def connect(*args) let(:option_overrides) do { 'host' => 'mysql2gem.example.com', # must match the certificates - :sslkey => '/etc/mysql/client-key.pem', - :sslcert => '/etc/mysql/client-cert.pem', - :sslca => '/etc/mysql/ca-cert.pem', + :sslkey => "#{ssl_dir}/client-key.pem", + :sslcert => "#{ssl_dir}/client-cert.pem", + :sslca => "#{ssl_dir}/ca-cert.pem", :sslcipher => 'DHE-RSA-AES256-SHA', :sslverify => true, } diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index edfac4d64..8e6ed3235 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -60,6 +60,19 @@ def clock_time end end + # A directory where SSL pem files exist. + def ssl_dir + return @ssl_dir if @ssl_dir + + dir = ENV['TEST_RUBY_MYSQL2_SSL_DIR'] + @ssl_dir = if dir && !dir.empty? + dir + else + '/etc/mysql' + end + @ssl_dir + end + config.before(:suite) do begin new_client