Hello community, here is the log from the commit of package apache-rex for openSUSE:Factory checked in at 2019-11-03 10:30:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/apache-rex (Old) and /work/SRC/openSUSE:Factory/.apache-rex.new.2990 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apache-rex" Sun Nov 3 10:30:50 2019 rev:15 rq:743665 version:20191022 Changes: -------- --- /work/SRC/openSUSE:Factory/apache-rex/apache-rex.changes 2019-09-17 13:36:37.533850355 +0200 +++ /work/SRC/openSUSE:Factory/.apache-rex.new.2990/apache-rex.changes 2019-11-03 10:30:55.489018900 +0100 @@ -1,0 +2,19 @@ +Tue Oct 22 06:19:52 UTC 2019 - pgaj...@suse.com + +- version update to 20191022 + * add softshm support + * new + . mod_whatkilledus-basic + . mod_diagnostics-basic + . mod_ssl-pkcs11 + * expand + . core-ErrorLogFormat-basic + . mod_ssl-basic + . core-KeepAlive-basic + . mod_log_config-basic + . mod_log_debug-basic + . mod_dumpio-basic + . mod_log_forensic-basic + . mod_unique_id-basic + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apache-rex.spec ++++++ --- /var/tmp/diff_new_pack.X7U6yf/_old 2019-11-03 10:30:56.645020283 +0100 +++ /var/tmp/diff_new_pack.X7U6yf/_new 2019-11-03 10:30:56.649020287 +0100 @@ -25,7 +25,7 @@ %define macros_file macros.apache-rex Name: apache-rex -Version: 20190906 +Version: 20191022 Release: 0 Summary: Script for Apache HTTPD Runnable Examples License: Apache-2.0 ++++++ apache-rex.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/README.md new/apache-rex/README.md --- old/apache-rex/README.md 2019-09-06 11:45:01.183616776 +0200 +++ new/apache-rex/README.md 2019-10-22 08:18:35.629562689 +0200 @@ -101,6 +101,8 @@ * `pre-run.sh` (optional) Shows what has to be done before apache start (e. g. place test ssl certificate on correct place). `pre-run.sh` return value is not checked. + It can write `$AREX_RUN_DIR/server_environment`, which will be sourced + into httpd environment. * `run.sh` (required) Determines an example flow. Script exits `0` in case whole example passed or number of failed subexample. If there are more subexamples failing, @@ -152,4 +154,5 @@ Full path to `sed` command (required for some Filter example definitions). * `AREX_ROTATELOGS_COMMAND` Full path to `rotatelogs` or `rotatelogs2` command (required e. g. in piped logs). - +* `AREX_SOFTHSM2_SO` + mailny used in lib/softhsm, it is softhsm shared library module diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/contents new/apache-rex/contents --- old/apache-rex/contents 2019-09-06 11:45:01.227617040 +0200 +++ new/apache-rex/contents 2019-10-22 08:18:35.613562599 +0200 @@ -155,7 +155,7 @@ mod_cache-filter mod_file_cache-basic mod_expires-basic -mod_unique-id-basic +mod_unique_id-basic mod_lua-basic mod_lua-authz-provider mod_lua-authz-provider-abz57204 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/core-ErrorLogFormat-basic/example.conf new/apache-rex/core-ErrorLogFormat-basic/example.conf --- old/apache-rex/core-ErrorLogFormat-basic/example.conf 2019-09-06 11:45:03.447630371 +0200 +++ new/apache-rex/core-ErrorLogFormat-basic/example.conf 2019-10-22 08:18:35.669562914 +0200 @@ -1,2 +1,2 @@ -ErrorLogFormat "[MYLOGFORMAT] %M [MYLOGFORMAT]" +ErrorLogFormat "[MYLOGFORMAT] [DATE]%t[DATE] [MESSAGE]%M[MESSAGE] [MYLOGFORMAT]" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/core-ErrorLogFormat-basic/run.sh new/apache-rex/core-ErrorLogFormat-basic/run.sh --- old/apache-rex/core-ErrorLogFormat-basic/run.sh 2019-09-06 11:45:03.447630371 +0200 +++ new/apache-rex/core-ErrorLogFormat-basic/run.sh 2019-10-22 08:18:35.669562914 +0200 @@ -3,4 +3,11 @@ echo "[1] error_log contains specified format" cat $AREX_RUN_DIR/error_log | grep "[MYLOGFORMAT].*[MYLOGFORMAT]" || exit_code=1 +echo "[2] server time (time in an error_log) timezone matches system one" +servertimesec=$(tail -n 1 $AREX_RUN_DIR/error_log | sed 's:.*[DATE]\(.*\)[DATE].*::' | date +%s) +systemtimesec=$(date +%s) +difference=$((systemtimesec-servertimesec)) +echo $servertimesec - $systemtimesec = $difference +[ $difference -lt 5 ] || exit_code=2 + exit $exit_code diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/core-KeepAlive-basic/MODULES new/apache-rex/core-KeepAlive-basic/MODULES --- old/apache-rex/core-KeepAlive-basic/MODULES 2019-09-06 11:45:01.123616416 +0200 +++ new/apache-rex/core-KeepAlive-basic/MODULES 2019-10-22 08:18:35.617562622 +0200 @@ -0,0 +1 @@ +version diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/core-KeepAlive-basic/example.conf.in new/apache-rex/core-KeepAlive-basic/example.conf.in --- old/apache-rex/core-KeepAlive-basic/example.conf.in 2019-09-06 11:45:01.123616416 +0200 +++ new/apache-rex/core-KeepAlive-basic/example.conf.in 2019-10-22 08:18:35.617562622 +0200 @@ -1,3 +1,10 @@ +<IfVersion >= 2.4.0> + LogLevel debug + # http://httpd.apache.org/docs/2.4/mod/core.html#errorlogformat + ErrorLogFormat "[%{uc}t] [%-m:%-l] [R:%L] [C:%{C}L] %7F: %E: %M" + ErrorLogFormat request "[%{uc}t] [R:%L] Request %k on C:%{c}L pid:%P tid:%T" + ErrorLogFormat connection "[%{uc}t] [C:%{c}L] local\ %a remote\ %A" +</IfVersion> Listen @AREX_PORT1@ <VirtualHost *:@AREX_PORT1@> DocumentRoot @AREX_RUN_DIR@/htdocs-vh1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/core-KeepAlive-basic/run.sh new/apache-rex/core-KeepAlive-basic/run.sh --- old/apache-rex/core-KeepAlive-basic/run.sh 2019-09-06 11:45:01.123616416 +0200 +++ new/apache-rex/core-KeepAlive-basic/run.sh 2019-10-22 08:18:35.617562622 +0200 @@ -18,4 +18,11 @@ http://localhost:$AREX_PORT2/apache_pb.png > $AREX_RUN_DIR/out-vh2 2>&1 grep -a 'Re-using existing connection' $AREX_RUN_DIR/out-vh2 && exit_code=2 +if [ $AREX_APACHE_VERSION -ge 20400 ]; then + echo "[3] error_log containing requests to connections according" + cat $AREX_RUN_DIR/error_log | grep 'Request [01]' | tee $AREX_RUN_DIR/requests-to-conections + [ $(grep -c 'Request 0' $AREX_RUN_DIR/requests-to-conections) -eq 3 ] || exit_code=3 + [ $(grep -c 'Request 1' $AREX_RUN_DIR/requests-to-conections) -eq 1 ] || exit_code=3 +fi + exit $exit_code diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/core-LogLevel-basic/example.conf.in new/apache-rex/core-LogLevel-basic/example.conf.in --- old/apache-rex/core-LogLevel-basic/example.conf.in 2019-09-06 11:45:03.563631068 +0200 +++ new/apache-rex/core-LogLevel-basic/example.conf.in 2019-10-22 08:18:35.677562959 +0200 @@ -1,8 +1,14 @@ <IfVersion >= 2.4> # http://events.linuxfoundation.org/sites/events/files/slides/AC2014-Debug.pdf - <If "%{REMOTE_ADDR} =~ /(127.0.0|::1)/"> - LogLevel trace8 - </If> + <Location /problem/> + LogLevel info + <If "%{REMOTE_ADDR} =~ /(127.0.0|::1)/"> + LogLevel trace4 + </If> + </Location> + <Location /no-problem/> + LogLevel trace3 + </Location> </IfVersion> <IfVersion < 2.4> LogLevel debug diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/core-LogLevel-basic/run.sh new/apache-rex/core-LogLevel-basic/run.sh --- old/apache-rex/core-LogLevel-basic/run.sh 2019-09-06 11:45:03.563631068 +0200 +++ new/apache-rex/core-LogLevel-basic/run.sh 2019-10-22 08:18:35.677562959 +0200 @@ -1,9 +1,18 @@ exit_code=0 -echo "[1] LogLevel setting depending on %{REMOTE_ADDR}" -curl -s http://localhost:$AREX_PORT/ > /dev/null +mkdir $AREX_DOCUMENT_ROOT/no-problem/ +echo 'index' > $AREX_DOCUMENT_ROOT/no-problem/index.html + +echo "[1] LogLevel setting depending on %{REMOTE_ADDR} and location" +curl -s http://localhost:$AREX_PORT/problem/ > /dev/null +curl -s http://localhost:$AREX_PORT/no-problem/ > /dev/null if [ $AREX_APACHE_VERSION -ge 20400 ]; then - grep 'http:trace[1-8]' $AREX_RUN_DIR/error_log || exit_code=1 + echo 'trace3 in both requests' + grep 'http:trace3.*Response' $AREX_RUN_DIR/error_log | tee $AREX_RUN_DIR/trace3-response.txt + [ $(cat $AREX_RUN_DIR/trace3-response.txt | wc -l) -eq 2 ] || exit_code=1 + echo 'trace4 in first only' + grep 'http:trace4.*Content-Length' $AREX_RUN_DIR/error_log | tee $AREX_RUN_DIR/trace4-content-length.txt + [ $(cat $AREX_RUN_DIR/trace4-content-length.txt | wc -l) -eq 1 ] || exit_code=1 else grep '\[debug\]' $AREX_RUN_DIR/error_log || exit_code=1 fi diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/debug-coredump/run.sh new/apache-rex/debug-coredump/run.sh --- old/apache-rex/debug-coredump/run.sh 2019-09-06 11:45:03.299629483 +0200 +++ new/apache-rex/debug-coredump/run.sh 2019-10-22 08:18:35.661562869 +0200 @@ -33,7 +33,9 @@ if [ -e $AREX_RUN_DIR/core ]; then echo - echo 'bt' | gdb $AREX_RUN_DIR/core 2>/dev/null | grep 'Core was generated by.*httpd' || exit_code=1 + echo 'bt' | gdb $AREX_RUN_DIR/core 2>/dev/null > $AREX_RUN_DIR/backtrace + grep '^#' $AREX_RUN_DIR/backtrace + grep 'Core was generated by.*httpd' $AREX_RUN_DIR/backtrace || exit_code=1 fi exit $exit_code diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/debug-coredump/skip.sh new/apache-rex/debug-coredump/skip.sh --- old/apache-rex/debug-coredump/skip.sh 2019-09-06 11:45:03.299629483 +0200 +++ new/apache-rex/debug-coredump/skip.sh 2019-10-22 08:18:35.661562869 +0200 @@ -1,9 +1,8 @@ -# REASON: ulimit -c is zero or could not obtain coredump from coredumpctl +# REASON: ulimit -c is zero or does not have coredumpctl (or permissions) skip_exit_code=1 [ "$(ulimit -c)" == "0" ] && skip_exit_code=0 # System appears to write coredumps to systemd-coredump -# but do not have coredumpctl. I have no solution for -# this situation now. -[ "$AREX_HAVE_SYSTEMD_COREDUMP" == "1" ] && ! [ $(which coredumpctl 2>/dev/null) ] && skip_exit_code=0 +# but do not have coredumpctl abilities. +[ "$AREX_HAVE_SYSTEMD_COREDUMP" == "0" ] && skip_exit_code=0 exit $skip_exit_code diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/lib/openssl new/apache-rex/lib/openssl --- old/apache-rex/lib/openssl 2019-09-06 11:45:03.311629554 +0200 +++ new/apache-rex/lib/openssl 2019-10-22 08:18:35.661562869 +0200 @@ -208,3 +208,10 @@ | grep 'Cert Status' | sed 's/.*Cert Status:[^a-z]*\([a-z]*\)[^a-z]*/\1/' } +function openssl_pem_to_der() +{ + pem_file=$1 + der_file=$2 + openssl rsa -in $pem_file -inform pem -out $der_file -outform der +} + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/lib/processman new/apache-rex/lib/processman --- old/apache-rex/lib/processman 2019-09-06 11:45:03.311629554 +0200 +++ new/apache-rex/lib/processman 2019-10-22 08:18:35.661562869 +0200 @@ -17,7 +17,7 @@ lsof -i | grep ":$port (LISTEN)" && return 1 || return 0 } -function httpd_restart +function httpd_restart() { ps -A | grep httpd kill -HUP $(cat $AREX_RUN_DIR/pid) @@ -26,3 +26,9 @@ ps -A | grep httpd } +function a_child_pid() +{ + main_process_pid=$(cat $AREX_RUN_DIR/pid) + ps -A | grep httpd | grep -v "$main_process_pid" | head -n 1 | sed 's:^\s*\([0-9]*\).*:\1:' +} + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/lib/softhsm new/apache-rex/lib/softhsm --- old/apache-rex/lib/softhsm 1970-01-01 01:00:00.000000000 +0100 +++ new/apache-rex/lib/softhsm 2019-10-22 08:18:35.661562869 +0200 @@ -0,0 +1,79 @@ +#!/bin/bash + +source $(dirname ${BASH_SOURCE[0]})/openssl + +shsm2_pin=1234 +shsm2_puk=4321 + +# create the softhsm database, which is a plain dir +function softhsm2_create_database() +{ + dir=$1 + shsm2_database_dir="$dir/softhsm.db" + echo -n "~ Creating $shsm2_database_dir .. " + mkdir -p $shsm2_database_dir + echo '~ .. done.' +} + +# create softhsm configuration pointing to the database +function softhsm2_configuration() +{ + dir=$1 + shsm2_database_dir="$dir/softhsm.db" + shsm2_configuration_file="$dir/softhsm.conf" + echo -n '~ Creating softhsm2 configuration file .. ' + echo 'objectstore.backend = file' >> $shsm2_configuration_file + echo "directories.tokendir = $shsm2_database_dir" > $shsm2_configuration_file + echo 'done.' + echo '~ Exporting SOFTHSM2_CONF' +} + +# inits a softhsm token in the slot +function softhsm2_init_token() +{ + dir=$1 + label=$2 + echo '~ Creating softhsm2 token ... ' + export SOFTHSM2_CONF="$dir/softhsm.conf" + softhsm2 --init-token --free --label "$label" --so-pin $shsm2_puk --pin $shsm2_pin + if softhsm2 --show-slots | grep "$label"; then + echo '~ .. done.' + return 0 + fi + echo '~ .. failure.' + return 1 +} + +# shortcut for the above +function softhsm2_create_token() +{ + dir=$1 + token_label=$2 + softhsm2_create_database $dir + softhsm2_configuration $dir + softhsm2_init_token $dir $token_label || return 1 +} + +# load a file to the softhsm token +function softhsm2_token_load_file() +{ + dir=$1 + token_label=$2 + id=$3 + file_path=$4 + file_label=$5 + file_type=$6 + export SOFTHSM2_CONF="$dir/softhsm.conf" + echo "~ Writing $file_type $file_label ($file_path) to $token_label .. " + success='yes' + pkcs11-tool -p $shsm2_pin --module $AREX_SOFTHSM2_SO --id $id --token-label $token_label --label $file_label --write-object $file_path -y $file_type || success='no' + if [ $success == 'yes' ]; then + echo '~ .. done.' + return 0 + else + echo '~ .. failure.' + return 1 + fi +} + + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_diagnostics-basic/DESCRIPTION new/apache-rex/mod_diagnostics-basic/DESCRIPTION --- old/apache-rex/mod_diagnostics-basic/DESCRIPTION 1970-01-01 01:00:00.000000000 +0100 +++ new/apache-rex/mod_diagnostics-basic/DESCRIPTION 2019-10-22 08:18:35.629562689 +0200 @@ -0,0 +1 @@ +How to debug with mod_diagnostics. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_diagnostics-basic/MODULES new/apache-rex/mod_diagnostics-basic/MODULES --- old/apache-rex/mod_diagnostics-basic/MODULES 1970-01-01 01:00:00.000000000 +0100 +++ new/apache-rex/mod_diagnostics-basic/MODULES 2019-10-22 08:18:35.629562689 +0200 @@ -0,0 +1 @@ +diagnostic_filter substitute log_debug deflate diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_diagnostics-basic/example.conf.in new/apache-rex/mod_diagnostics-basic/example.conf.in --- old/apache-rex/mod_diagnostics-basic/example.conf.in 1970-01-01 01:00:00.000000000 +0100 +++ new/apache-rex/mod_diagnostics-basic/example.conf.in 2019-10-22 08:18:35.629562689 +0200 @@ -0,0 +1,39 @@ +LogLevel info substitute:trace8 deflate:trace8 + +<Directory "@AREX_DOCUMENT_ROOT@"> + @AREX_ALLOW_FROM_LOCALHOST@ + + LogMessage "Request BEGIN: %{THE_REQUEST}" hook=handler + LogMessage "Request END: %{THE_REQUEST}" hook=log_transaction +</Directory> + +DeflateCompressionLevel 7 + +<Location /a/> + # no filter applied + SetOutputfilter o-resource-1;o-resource-2 +</Location> + +<Location /b/> + # using o-resource as mod_substitute is registered as AP_FTYPE_RESOURCE + SetOutputfilter o-resource-1;SUBSTITUTE;o-resource-2 +</Location> + +<Location /c/> + # using o-resource as mod_substitute is registered as AP_FTYPE_RESOURCE + SetOutputfilter o-resource-1;SUBSTITUTE;o-resource-2 + Substitute 's/L/l/' +</Location> + +<Location /d/> + # using o-resource as mod_substitute is registered as AP_FTYPE_RESOURCE + SetOutputfilter o-resource-1;SUBSTITUTE;o-resource-2 + Substitute 's/^h/H/' + Substitute 's/FUN/fun/' +</Location> + +<Location /e/> + # using o-resource as mod_data is registered as AP_FTYPE_CONTENT_SET + SetOutputfilter o-content-1;DEFLATE;o-content-2 +</Location> + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_diagnostics-basic/run.sh new/apache-rex/mod_diagnostics-basic/run.sh --- old/apache-rex/mod_diagnostics-basic/run.sh 1970-01-01 01:00:00.000000000 +0100 +++ new/apache-rex/mod_diagnostics-basic/run.sh 2019-10-22 08:18:35.629562689 +0200 @@ -0,0 +1,73 @@ +exit_code=0 + +function log_entries +{ + req_ident=$1 + # utilize '\t' in the mod_diagnostics error_log messages + output=0 + while read -r line; do + [[ "$line" =~ BEGIN.*$req_ident ]] && output=1 + [ $output -eq 1 ] && printf "$line\n"; + [[ "$line" =~ END.*$req_ident ]] && output=0 + done < $AREX_RUN_DIR/error_log + +} + +mkdir $AREX_DOCUMENT_ROOT/{a,b,c,d,e} + +echo "[1] no filter between log filters" +echo "brigade is intact (FILE EOS)" +echo -n 'Have a lot of fun...' > $AREX_DOCUMENT_ROOT/a/test.html +curl http://localhost:$AREX_PORT/a/test.html +echo +log_entries '/a/' | tee $AREX_RUN_DIR/error_log.1 +[ $(grep -c FILE $AREX_RUN_DIR/error_log.1) -eq 2 ] || exit_code=1 + +echo +echo "[2] SUBSTITUTE filter between log filters, no Substitute directive, though" +echo " data bucket changes type from FILE to TRANSIENT" +echo -n 'Have a lot of fun...' > $AREX_DOCUMENT_ROOT/b/test.html +curl http://localhost:$AREX_PORT/b/test.html +echo +log_entries '/b/' | tee $AREX_RUN_DIR/error_log.2 +[ $(grep -c TRANSIENT $AREX_RUN_DIR/error_log.2) -eq 1 ] || exit_code=2 + +echo +echo "[3] SUBSTITUTE filter between log filters, regexp does not match" +echo " data bucket changes type from FILE to TRANSIENT" +echo -n 'Have a lot of fun...' > $AREX_DOCUMENT_ROOT/c/test1.html +curl http://localhost:$AREX_PORT/c/test1.html +echo +log_entries '/c/test1.html' | tee $AREX_RUN_DIR/error_log.3 +[ $(grep -c TRANSIENT $AREX_RUN_DIR/error_log.3) -eq 1 ] || exit_code=3 + +echo +echo "[4] SUBSTITUTE filter between log filters, regexp matches" +echo " data bucket changes type from FILE (20 bytes) to three TRANSIENT ones (7+1+12 bytes)" +echo -n 'Have a Lot of fun...' > $AREX_DOCUMENT_ROOT/c/test2.html +curl http://localhost:$AREX_PORT/c/test2.html +echo +log_entries '/c/test2.html' | tee $AREX_RUN_DIR/error_log.4 +[ $(grep -c TRANSIENT $AREX_RUN_DIR/error_log.4) -eq 3 ] || exit_code=4 + +echo +echo "[5] SUBSTITUTE filter between log filters, two Substitute, both regexps match" +echo " data bucket changes type from FILE (20 bytes) to POOL (20 bytes)" +echo -n 'have a lot of FUN...' > $AREX_DOCUMENT_ROOT/d/test.html +curl http://localhost:$AREX_PORT/d/test.html +echo +log_entries '/d/' | tee $AREX_RUN_DIR/error_log.5 +[ $(grep -c POOL $AREX_RUN_DIR/error_log.5) -eq 1 ] || exit_code=5 + +echo +echo "[6] DATA filter between log filters" +echo " data bucket transforms type from FILE (20000 bytes) to HEAP (87 bytes) and IMMORTAL (10 bytes), POOL (8 bytes)," +echo " which look like a overhead cost" +for i in $(seq 1 1000); do + echo -n 'Have a lot of fun...' >> $AREX_DOCUMENT_ROOT/e/test.data +done +curl -H "Accept-Encoding: gzip,deflate" http://localhost:$AREX_PORT/e/test.data >/dev/null 2>&1 +log_entries '/e/' | tee $AREX_RUN_DIR/error_log.6 +[ $(grep -c HEAP $AREX_RUN_DIR/error_log.6) -eq 1 ] || exit_code=6 + + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_dumpio-basic/example.conf.in new/apache-rex/mod_dumpio-basic/example.conf.in --- old/apache-rex/mod_dumpio-basic/example.conf.in 2019-09-06 11:45:01.143616536 +0200 +++ new/apache-rex/mod_dumpio-basic/example.conf.in 2019-10-22 08:18:35.621562644 +0200 @@ -1,4 +1,5 @@ <IfVersion >= 2.4> +ErrorLogFormat "%M" LogLevel info dumpio:trace7 </IfVersion> <IfVersion < 2.4> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_dumpio-basic/run.sh new/apache-rex/mod_dumpio-basic/run.sh --- old/apache-rex/mod_dumpio-basic/run.sh 2019-09-06 11:45:01.143616536 +0200 +++ new/apache-rex/mod_dumpio-basic/run.sh 2019-10-22 08:18:35.621562644 +0200 @@ -1,11 +1,15 @@ exit_code=0 -echo index > $AREX_DOCUMENT_ROOT/index.html - -echo "[1] dumpio log" -curl -s http://localhost:$AREX_PORT/ -grep 'mod_dumpio: dumpio_in (data-HEAP): Host: localhost' $AREX_RUN_DIR/error_log || exit_code=1 -grep 'mod_dumpio: dumpio_out (data-MMAP): index' $AREX_RUN_DIR/error_log || exit_code=1 +echo 'my index' > $AREX_DOCUMENT_ROOT/index.html +echo "[1] dumpio log of simple GET" +curl -H 'Range: bytes=4-8' -s "http://localhost:$AREX_PORT/?genus-name=ips&species-name=duplicatus"; +echo REQUEST +grep 'dumpio_in (data' $AREX_RUN_DIR/error_log +echo RESPONSE +grep 'dumpio_out (data' $AREX_RUN_DIR/error_log +echo +grep 'mod_dumpio: dumpio_in .*: Host: localhost' $AREX_RUN_DIR/error_log || exit_code=1 +grep 'mod_dumpio: dumpio_out .*: ndex' $AREX_RUN_DIR/error_log || exit_code=1 exit $exit_code diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_log_config-basic/MODULES new/apache-rex/mod_log_config-basic/MODULES --- old/apache-rex/mod_log_config-basic/MODULES 2019-09-06 11:45:01.155616608 +0200 +++ new/apache-rex/mod_log_config-basic/MODULES 2019-10-22 08:18:35.625562667 +0200 @@ -1 +1 @@ -log_config +log_config version diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_log_config-basic/example.conf.in new/apache-rex/mod_log_config-basic/example.conf.in --- old/apache-rex/mod_log_config-basic/example.conf.in 2019-09-06 11:45:01.155616608 +0200 +++ new/apache-rex/mod_log_config-basic/example.conf.in 2019-10-22 08:18:35.625562667 +0200 @@ -1,3 +1,12 @@ -LogFormat "%a %A %s" my_format -CustomLog @AREX_RUN_DIR@/my_log my_format - +LogLevel info +<IfVersion >= 2.4.0> + ErrorLogFormat "%L| [%l] %E: %M" + LogFormat "%L| [local ip: %A] [peer ip: %a] [url: %U]" my_request + LogFormat "%L| [handler: %R] [status: %s] [size: %B] [serve time: %D ms]" my_response +</IfVersion> +<IfVersion < 2.4.0> + LogFormat "[local ip: %A] [peer ip: %a] [url: %U]" my_request + LogFormat "[handler: %R] [status: %s] [size: %B] [serve time: %D ms]" my_response +</IfVersion> +CustomLog @AREX_RUN_DIR@/requests my_request +CustomLog @AREX_RUN_DIR@/responses my_response diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_log_config-basic/run.sh new/apache-rex/mod_log_config-basic/run.sh --- old/apache-rex/mod_log_config-basic/run.sh 2019-09-06 11:45:01.155616608 +0200 +++ new/apache-rex/mod_log_config-basic/run.sh 2019-10-22 08:18:35.625562667 +0200 @@ -1,12 +1,40 @@ exit_code=0 - -echo "[1] Test 404 from localhost" +icontent='site index' +sizeof_icontent=$(echo $icontent | wc -c) curl -s http://localhost:$AREX_PORT/ > /dev/null -cat $AREX_RUN_DIR/my_log | grep '\(127.0.0.1\|::1\) \(127.0.0.1\|::1\) 404' || exit_code=1 - -echo "[2] Test 200 from localhost" -touch $AREX_DOCUMENT_ROOT/index.html +echo $icontent > $AREX_DOCUMENT_ROOT/index.html curl -s http://localhost:$AREX_PORT/ > /dev/null -cat $AREX_RUN_DIR/my_log | grep '\(127.0.0.1\|::1\) \(127.0.0.1\|::1\) 200' || exit_code=1 +echo ERROR LOG: +cat $AREX_RUN_DIR/error_log +echo +echo REQUEST LOG: +cat $AREX_RUN_DIR/requests +echo +echo RESPONSE LOG: +cat $AREX_RUN_DIR/responses +echo + +echo "[1] 404 logs" +if [ $AREX_APACHE_VERSION -ge 20400 ]; then + # gather request error_log id + request_error_log_id=$(grep 'Attempt to serve directory' $AREX_RUN_DIR/error_log | sed 's:^\([^|]*\)|.*:\1:') + echo "REQUEST LOG ID: $request_error_log_id, related logs:" + grep $request_error_log_id $AREX_RUN_DIR/{error_log,requests,responses} +else + grep '\[url: /\]' $AREX_RUN_DIR/requests || exit_code=1 + grep '\[status: 404\]' $AREX_RUN_DIR/responses || exit_code=1 +fi + +echo +echo "[2] 200 logs" +if [ $AREX_APACHE_VERSION -ge 20400 ]; then + # this will not get error_log id, as it generates no log entry in error_log + # for 'info' LogLevel; in case of 'debug' it would get one + request_error_log_id='-' + echo "REQUEST LOG ID: $request_error_log_id, related logs:" + grep "^$request_error_log_id|" $AREX_RUN_DIR/{requests,responses} +fi +grep '\[url: /index.html\]' $AREX_RUN_DIR/requests || exit_code=2 +grep '\[status: 200\] \[size: 11\]' $AREX_RUN_DIR/responses || exit_code=2 exit $exit_code diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_log_debug-basic/example.conf.in new/apache-rex/mod_log_debug-basic/example.conf.in --- old/apache-rex/mod_log_debug-basic/example.conf.in 2019-09-06 11:45:03.395630059 +0200 +++ new/apache-rex/mod_log_debug-basic/example.conf.in 2019-10-22 08:18:35.661562869 +0200 @@ -1,11 +1,24 @@ -ErrorLogFormat '[%{cu}t] %M' +ErrorLogFormat "[%{cu}t] %M" LogLevel info + +<Directory "@AREX_DOCUMENT_ROOT@"> + @AREX_ALLOW_FROM_LOCALHOST@ +</Directory> + +<Directory "@AREX_DOCUMENT_ROOT@/a/"> + LogMessage "request under /a/ (%{THE_REQUEST})" +</Directory> + <Directory "@AREX_DOCUMENT_ROOT@/foo/"> RewriteEngine on RewriteBase "/foo/" RewriteRule "(.*)\.html" "welcome.html" [L] - LogMessage "%{REQUEST_URI} has been requested, serving %{REQUEST_FILENAME}" hook=all + LogMessage "[%{HANDLER}] %{REQUEST_URI} has been requested, serving %{REQUEST_FILENAME}" hook=all +</Directory> - @AREX_ALLOW_FROM_LOCALHOST@ +<Directory "@AREX_DOCUMENT_ROOT@/weather/"> + LogMessage "weather info: hi" + # according to doc, it should be %{reqenv:Range}, but that does not work + LogMessage "weather info: %{req:Range}" hook=handler </Directory> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_log_debug-basic/run.sh new/apache-rex/mod_log_debug-basic/run.sh --- old/apache-rex/mod_log_debug-basic/run.sh 2019-09-06 11:45:03.395630059 +0200 +++ new/apache-rex/mod_log_debug-basic/run.sh 2019-10-22 08:18:35.661562869 +0200 @@ -1,10 +1,32 @@ exit_code=0 -echo "[1] log of request and internal request after rewrite" +echo "[1] basic log message" +mkdir -p $AREX_DOCUMENT_ROOT/a/ +echo "index" > $AREX_DOCUMENT_ROOT/a/index.html +curl -s http://localhost:$AREX_PORT/a/index.html > /dev/null +curl -s http://localhost:$AREX_PORT/a/b/not-existing.html > /dev/null +grep 'request under /a/ .*index.html' $AREX_RUN_DIR/error_log || exit_code=1 +grep 'request under /a/ .*not-existing.html' $AREX_RUN_DIR/error_log || exit_code=1 + +echo +echo "[2] log of request and internal request after rewrite" mkdir -p $AREX_DOCUMENT_ROOT/foo/ echo 'Welcome!' > $AREX_DOCUMENT_ROOT/foo/welcome.html curl -s http://localhost:$AREX_PORT/foo/bar.html > /dev/null -grep 'has been requested' $AREX_RUN_DIR/error_log || exit_code=1 +grep 'has been requested' $AREX_RUN_DIR/error_log || exit_code=2 +echo + +echo "[3] expose a header in error_log, Range: in this case" +mkdir -p $AREX_DOCUMENT_ROOT/weather/ +echo 'Today, there will be raining whole day.' > $AREX_DOCUMENT_ROOT/weather/data.txt +curl -s -o $AREX_RUN_DIR/weather-data.txt http://localhost:$AREX_PORT/weather/data.txt +echo 'Today, there will be snowing whole day.' >> $AREX_DOCUMENT_ROOT/weather/data.txt +curl -s -C - -o $AREX_RUN_DIR/weather-data.txt http://localhost:$AREX_PORT/weather/data.txt +echo 'Otherwise the weather will be different.'>> $AREX_DOCUMENT_ROOT/weather/data.txt +curl -s -C - -o $AREX_RUN_DIR/weather-data.txt http://localhost:$AREX_PORT/weather/data.txt +grep 'weather info: hi' $AREX_RUN_DIR/error_log || exit_code=3 +grep 'weather info: bytes=40-' $AREX_RUN_DIR/error_log || exit_code=3 +grep 'weather info: bytes=80-' $AREX_RUN_DIR/error_log || exit_code=3 exit $exit_code diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_log_forensic-basic/BINARIES new/apache-rex/mod_log_forensic-basic/BINARIES --- old/apache-rex/mod_log_forensic-basic/BINARIES 1970-01-01 01:00:00.000000000 +0100 +++ new/apache-rex/mod_log_forensic-basic/BINARIES 2019-10-22 08:18:35.669562914 +0200 @@ -0,0 +1 @@ +check_forensic diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_log_forensic-basic/MODULES new/apache-rex/mod_log_forensic-basic/MODULES --- old/apache-rex/mod_log_forensic-basic/MODULES 2019-09-06 11:45:03.471630515 +0200 +++ new/apache-rex/mod_log_forensic-basic/MODULES 2019-10-22 08:18:35.669562914 +0200 @@ -1 +1 @@ -log_forensic +log_forensic cgi alias diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_log_forensic-basic/example.conf.in new/apache-rex/mod_log_forensic-basic/example.conf.in --- old/apache-rex/mod_log_forensic-basic/example.conf.in 2019-09-06 11:45:03.471630515 +0200 +++ new/apache-rex/mod_log_forensic-basic/example.conf.in 2019-10-22 08:18:35.669562914 +0200 @@ -1,6 +1,15 @@ +# make sure there is only one child for subexample [3] +StartServers 1 +MinSpareServers 1 +MaxSpareServers 1 + ForensicLog @AREX_RUN_DIR@/forensic_log <Directory @AREX_DOCUMENT_DIR@> @AREX_ALLOW_FROM_LOCALHOST@ </Directory> +ScriptAlias /cgi-bin/ "@AREX_RUN_DIR@/cgi-bin/" +<Directory "@AREX_RUN_DIR@/cgi-bin/"> + Options +ExecCGI +</Directory> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_log_forensic-basic/run.sh new/apache-rex/mod_log_forensic-basic/run.sh --- old/apache-rex/mod_log_forensic-basic/run.sh 2019-09-06 11:45:03.471630515 +0200 +++ new/apache-rex/mod_log_forensic-basic/run.sh 2019-10-22 08:18:35.669562914 +0200 @@ -1,5 +1,7 @@ exit_code=0 +. ../lib/processman + echo index > $AREX_DOCUMENT_ROOT/index.html echo "[1] forensic log contains begin and end of processing request" @@ -8,8 +10,41 @@ request_id=$(head -n 1 $AREX_RUN_DIR/forensic_log | sed 's:+\(.*\)|GET.*:\1:') grep "\-$request_id" $AREX_RUN_DIR/forensic_log || exit_code=1 +echo echo "[2] forensic log contains also specified header" curl -s -X POST -H 'my-header: hello_world' http://localhost:$AREX_PORT/ grep '+.*|POST.*|my-header:hello_world' $AREX_RUN_DIR/forensic_log || exit_code=2 +echo +echo "[3] after apache child pid kill, there will be no pairwise line" +cgi_dir=$AREX_RUN_DIR/cgi-bin +mkdir -p $cgi_dir +cat << EOF > $cgi_dir/long.cgi +#!/bin/bash +echo 'Content-type: text/html' +echo '' +sleep 5 +echo 'result' +EOF +chmod 755 $cgi_dir/long.cgi + +child_pid=$(a_child_pid) +echo "Make request, but there is only child $child_pid; request takes long" +curl -s http://localhost:$AREX_PORT/cgi-bin/long.cgi&; +sleep 1 + +echo "Killing child pid $child_pid" +kill -9 $child_pid +sleep 1 + +echo "forensic_log contains only + line, but not the - line" +grep 'long.cgi' $AREX_RUN_DIR/forensic_log | grep long.cgi | tee $AREX_RUN_DIR/forensic_log-excerpt +nlines=$(cat $AREX_RUN_DIR/forensic_log-excerpt | wc -l) +[ "$nlines" -eq 1 ] || exit_code=3 + +echo "Alternatively, via check_forensic script" +check_forensic $AREX_RUN_DIR/forensic_log | tee $AREX_RUN_DIR/check_forensic-output +diff $AREX_RUN_DIR/{forensic_log-excerpt,check_forensic-output} || exit_code=3 + exit $exit_code + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_ssl-pkcs11/BINARIES new/apache-rex/mod_ssl-pkcs11/BINARIES --- old/apache-rex/mod_ssl-pkcs11/BINARIES 1970-01-01 01:00:00.000000000 +0100 +++ new/apache-rex/mod_ssl-pkcs11/BINARIES 2019-10-22 08:18:35.685563004 +0200 @@ -0,0 +1 @@ +openssl softhsm2-util pkcs11-tool diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_ssl-pkcs11/DESCRIPTION new/apache-rex/mod_ssl-pkcs11/DESCRIPTION --- old/apache-rex/mod_ssl-pkcs11/DESCRIPTION 1970-01-01 01:00:00.000000000 +0100 +++ new/apache-rex/mod_ssl-pkcs11/DESCRIPTION 2019-10-22 08:18:35.685563004 +0200 @@ -0,0 +1 @@ +Using PKCS11 module authentication in mod_ssl. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_ssl-pkcs11/MODULES new/apache-rex/mod_ssl-pkcs11/MODULES --- old/apache-rex/mod_ssl-pkcs11/MODULES 1970-01-01 01:00:00.000000000 +0100 +++ new/apache-rex/mod_ssl-pkcs11/MODULES 2019-10-22 08:18:35.685563004 +0200 @@ -0,0 +1 @@ +ssl:mime:log_config:version diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_ssl-pkcs11/MODULES_OPT new/apache-rex/mod_ssl-pkcs11/MODULES_OPT --- old/apache-rex/mod_ssl-pkcs11/MODULES_OPT 1970-01-01 01:00:00.000000000 +0100 +++ new/apache-rex/mod_ssl-pkcs11/MODULES_OPT 2019-10-22 08:18:35.685563004 +0200 @@ -0,0 +1 @@ +socache_shmcb diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_ssl-pkcs11/example.conf.in new/apache-rex/mod_ssl-pkcs11/example.conf.in --- old/apache-rex/mod_ssl-pkcs11/example.conf.in 1970-01-01 01:00:00.000000000 +0100 +++ new/apache-rex/mod_ssl-pkcs11/example.conf.in 2019-10-22 08:18:35.685563004 +0200 @@ -0,0 +1,39 @@ +LogLevel info + + +ServerName aserver.suse.cz + +<IfVersion >= 2.4.2> + DefaultRuntimeDir @AREX_RUN_DIR@/run +</IfVersion> + +AddType application/x-x509-ca-cert .crt +AddType application/x-pkcs7-crl .crl + +SSLEngine on + +SSLCryptoDevice pkcs11 +SSLCertificateFile "pkcs11:token=aserver.suse.cz-token;object=aserver.suse.cz-cert;type=cert;pin-value=1234" +SSLCertificateKeyFile "pkcs11:token=aserver.suse.cz-token;object=aserver.suse.cz-privkey;type=private;pin-value=1234" + +SSLSessionCache shmcb:@AREX_RUN_DIR/ssl_scache(512000) +SSLSessionCacheTimeout 300 + +SSLRandomSeed startup builtin +SSLRandomSeed connect builtin + +SSLProtocol all +<IfVersion >= 2.3.0> +SSLCipherSuite DEFAULT +</IfVersion> +<IfVersion < 2.3.0> +SSLCipherSuite ALL +</IfVersion> +SSLHonorCipherOrder on + +CustomLog @AREX_RUN_DIR@/test-server_log ssl_combined + +<Directory @AREX_DOCUMENT_ROOT@> + @AREX_ALLOW_FROM_LOCALHOST@ +</Directory> + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_ssl-pkcs11/pre-run.sh new/apache-rex/mod_ssl-pkcs11/pre-run.sh --- old/apache-rex/mod_ssl-pkcs11/pre-run.sh 1970-01-01 01:00:00.000000000 +0100 +++ new/apache-rex/mod_ssl-pkcs11/pre-run.sh 2019-10-22 08:18:35.685563004 +0200 @@ -0,0 +1,56 @@ +# +# create CA certificate and SERVER certificate +# +. ../lib/openssl +. ../lib/softhsm + +echo Setup CA +echo ~~~~~~~~ +openssl_setup_ca $AREX_RUN_DIR +echo +echo Setup SERVER +echo ~~~~~~~~~~~~ +openssl_setup_entity $AREX_RUN_DIR aserver.suse.cz +echo + +# +# create a softhsm token with server key on it +# +# create the token +echo '--- Initializing softhsm2 ------------------' +success='yes' +softhsm2_create_token "$AREX_RUN_DIR/pkcs11" 'aserver.suse.cz-token' || success='no' +if [ $success == 'yes' ]; then + echo '--- Done. ----------------------------------' +else + echo '--- Failed. --------------------------------' +fi +# openssl_setup_entity writes $AREX_RUN_DIR/aserver.suse.cz/private.key in +# PEM format, we need DER +echo 'Converting PEM to DER' +openssl_pem_to_der $AREX_RUN_DIR/aserver.suse.cz/private.key $AREX_RUN_DIR/aserver.suse.cz/private.key.der +openssl_pem_to_der $AREX_RUN_DIR/aserver.suse.cz/my.crt $AREX_RUN_DIR/aserver.suse.cz/my.crt.der +# load the key in DER format +echo "--- Write private key to token ---------------------" +success='yes' +softhsm2_token_load_file "$AREX_RUN_DIR/pkcs11" 'aserver.suse.cz-token' 010203 $AREX_RUN_DIR/aserver.suse.cz/private.key.der 'aserver.suse.cz-privkey' privkey || success='no' +if [ $success == 'yes' ]; then + echo '--- Done. ----------------------------------' +else + echo '--- Failed. --------------------------------' +fi +echo "--- Write certiicate to token ---------------------" +success='yes' +softhsm2_token_load_file "$AREX_RUN_DIR/pkcs11" 'aserver.suse.cz-token' 010203 $AREX_RUN_DIR/aserver.suse.cz/my.crt 'aserver.suse.cz-cert' cert || success='no' +if [ $success == 'yes' ]; then + echo '--- Done. ----------------------------------' +else + echo '--- Failed. --------------------------------' +fi +# create server environment, need SOFTHSM2_CONF exported +echo "export SOFTHSM2_CONF=\"$AREX_RUN_DIR/pkcs11/softhsm.conf\"" > $AREX_RUN_DIR/server_environment +# +# create runtime dir, see DefaultRuntimeDir directive +# +mkdir -p $AREX_RUN_DIR/run +exit 0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_ssl-pkcs11/run.sh new/apache-rex/mod_ssl-pkcs11/run.sh --- old/apache-rex/mod_ssl-pkcs11/run.sh 1970-01-01 01:00:00.000000000 +0100 +++ new/apache-rex/mod_ssl-pkcs11/run.sh 2019-10-22 08:18:35.685563004 +0200 @@ -0,0 +1,12 @@ +exit_code=0 + +echo 'Test SSL' > $AREX_DOCUMENT_ROOT/index.html + +echo "[1] access trough https allowed" +curl -s --cacert $AREX_RUN_DIR/ca/my.crt --resolve "aserver.suse.cz:$AREX_PORT:127.0.0.1" https://aserver.suse.cz:$AREX_PORT/ \ + | grep 'Test SSL' || exit_code=1 + +echo "[2] error_log contains references to pkcs11" +grep 'Certificate and private key.*pkcs11:token=aserver.suse.cz-token' $AREX_RUN_DIR/error_log || exit_code=2 + +exit $exit_code diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_ssl-pkcs11/skip.sh new/apache-rex/mod_ssl-pkcs11/skip.sh --- old/apache-rex/mod_ssl-pkcs11/skip.sh 1970-01-01 01:00:00.000000000 +0100 +++ new/apache-rex/mod_ssl-pkcs11/skip.sh 2019-10-22 08:18:35.685563004 +0200 @@ -0,0 +1,2 @@ +# REASON: curl does not have --resolve +exit $([ $AREX_CURL_HAVE_RESOLVE -eq 0 ]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_unique-id-basic/DESCRIPTION new/apache-rex/mod_unique-id-basic/DESCRIPTION --- old/apache-rex/mod_unique-id-basic/DESCRIPTION 2019-09-06 11:45:03.427630251 +0200 +++ new/apache-rex/mod_unique-id-basic/DESCRIPTION 1970-01-01 01:00:00.000000000 +0100 @@ -1 +0,0 @@ -Demonstrate basic functionality of unique_id module. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_unique-id-basic/MODULES new/apache-rex/mod_unique-id-basic/MODULES --- old/apache-rex/mod_unique-id-basic/MODULES 2019-09-06 11:45:03.427630251 +0200 +++ new/apache-rex/mod_unique-id-basic/MODULES 1970-01-01 01:00:00.000000000 +0100 @@ -1 +0,0 @@ -unique_id log_config diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_unique-id-basic/example.conf.in new/apache-rex/mod_unique-id-basic/example.conf.in --- old/apache-rex/mod_unique-id-basic/example.conf.in 2019-09-06 11:45:03.427630251 +0200 +++ new/apache-rex/mod_unique-id-basic/example.conf.in 1970-01-01 01:00:00.000000000 +0100 @@ -1,6 +0,0 @@ -LogFormat "%{UNIQUE_ID}e %{%d/%b/%Y %T}t.%{msec_frac}t %f %s" mylog -CustomLog "@AREX_RUN_DIR@/access.log" mylog - -<Directory "@AREX_DOCUMENT_ROOT@"> - @AREX_ALLOW_FROM_LOCALHOST@ -</Directory> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_unique-id-basic/run.sh new/apache-rex/mod_unique-id-basic/run.sh --- old/apache-rex/mod_unique-id-basic/run.sh 2019-09-06 11:45:03.427630251 +0200 +++ new/apache-rex/mod_unique-id-basic/run.sh 1970-01-01 01:00:00.000000000 +0100 @@ -1,8 +0,0 @@ -exit_code=0 - -echo "[1] UNIQUE_ID is set to '[A-Za-z0-9@-]*' string" -echo 'main index' > $AREX_DOCUMENT_ROOT/index.html -curl -s http://localhost:$AREX_PORT/ > /dev/null -grep '^[A-Za-z0-9@-]* .*' $AREX_RUN_DIR/access.log || exit_code=1 - -exit $exit_code diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_unique_id-basic/DESCRIPTION new/apache-rex/mod_unique_id-basic/DESCRIPTION --- old/apache-rex/mod_unique_id-basic/DESCRIPTION 1970-01-01 01:00:00.000000000 +0100 +++ new/apache-rex/mod_unique_id-basic/DESCRIPTION 2019-10-22 08:18:35.665562892 +0200 @@ -0,0 +1 @@ +Demonstrate basic functionality of unique_id module. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_unique_id-basic/MODULES new/apache-rex/mod_unique_id-basic/MODULES --- old/apache-rex/mod_unique_id-basic/MODULES 1970-01-01 01:00:00.000000000 +0100 +++ new/apache-rex/mod_unique_id-basic/MODULES 2019-10-22 08:18:35.665562892 +0200 @@ -0,0 +1 @@ +unique_id log_config log_forensic log_debug diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_unique_id-basic/example.conf.in new/apache-rex/mod_unique_id-basic/example.conf.in --- old/apache-rex/mod_unique_id-basic/example.conf.in 1970-01-01 01:00:00.000000000 +0100 +++ new/apache-rex/mod_unique_id-basic/example.conf.in 2019-10-22 08:18:35.665562892 +0200 @@ -0,0 +1,11 @@ +LogFormat "%{UNIQUE_ID}e %{%d/%b/%Y %T}t.%{msec_frac}t %f %s" mylog +CustomLog @AREX_RUN_DIR@/access_log mylog +ForensicLog @AREX_RUN_DIR@/forensic_log +# LogLevel info for LogMessage to be logged +LogLevel info +ErrorLogFormat "%L| [%l] %E: %M" + +<Directory "@AREX_DOCUMENT_ROOT@"> + @AREX_ALLOW_FROM_LOCALHOST@ + LogMessage "Request: %{env:UNIQUE_ID}" +</Directory> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_unique_id-basic/run.sh new/apache-rex/mod_unique_id-basic/run.sh --- old/apache-rex/mod_unique_id-basic/run.sh 1970-01-01 01:00:00.000000000 +0100 +++ new/apache-rex/mod_unique_id-basic/run.sh 2019-10-22 08:18:35.665562892 +0200 @@ -0,0 +1,17 @@ +exit_code=0 + +echo "[1] UNIQUE_ID is set to '[A-Za-z0-9@-]*' string" +echo 'main index' > $AREX_DOCUMENT_ROOT/index.html +curl -s http://localhost:$AREX_PORT/ >/dev/null +grep '^[A-Za-z0-9@-]* .*' $AREX_RUN_DIR/access_log || exit_code=1 +unique_id=$(head -n 1 $AREX_RUN_DIR/access_log | cut -d' ' -f1) + +echo +echo "[2] UNIQUE_ID is also used as forensic_log identifier" +grep $unique_id $AREX_RUN_DIR/forensic_log || exit_code=2 + +echo +echo "[3] UNIQUE_ID can be used also in error_log: as %L in ErrorLogFormat or in LogMessage (%{env: UNIQUE_ID})" +grep "$unique_id|.*Request: $unique_id" $AREX_RUN_DIR/error_log || exit_code=3 + +exit $exit_code diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_whatkilledus-basic/DESCRIPTION new/apache-rex/mod_whatkilledus-basic/DESCRIPTION --- old/apache-rex/mod_whatkilledus-basic/DESCRIPTION 1970-01-01 01:00:00.000000000 +0100 +++ new/apache-rex/mod_whatkilledus-basic/DESCRIPTION 2019-10-22 08:18:35.673562937 +0200 @@ -0,0 +1 @@ +Demonstrate WKU reports. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_whatkilledus-basic/MODULES new/apache-rex/mod_whatkilledus-basic/MODULES --- old/apache-rex/mod_whatkilledus-basic/MODULES 1970-01-01 01:00:00.000000000 +0100 +++ new/apache-rex/mod_whatkilledus-basic/MODULES 2019-10-22 08:18:35.669562914 +0200 @@ -0,0 +1 @@ +backtrace log_config mime whatkilledus crash cgi alias diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_whatkilledus-basic/example.conf.in new/apache-rex/mod_whatkilledus-basic/example.conf.in --- old/apache-rex/mod_whatkilledus-basic/example.conf.in 1970-01-01 01:00:00.000000000 +0100 +++ new/apache-rex/mod_whatkilledus-basic/example.conf.in 2019-10-22 08:18:35.669562914 +0200 @@ -0,0 +1,15 @@ +# make sure there is only one child +StartServers 1 +MinSpareServers 1 +MaxSpareServers 1 + +EnableExceptionHook On + +WKUObscureInRequest hdr:Authorization hdr:Cookie hdr:Proxy-Authorization user password query unparsed-line +WKULogfile @AREX_RUN_DIR@/wku_log + +ScriptAlias /cgi-bin/ "@AREX_RUN_DIR@/cgi-bin/" +<Directory "@AREX_RUN_DIR@/cgi-bin/"> + Options +ExecCGI +</Directory> + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_whatkilledus-basic/run.sh new/apache-rex/mod_whatkilledus-basic/run.sh --- old/apache-rex/mod_whatkilledus-basic/run.sh 1970-01-01 01:00:00.000000000 +0100 +++ new/apache-rex/mod_whatkilledus-basic/run.sh 2019-10-22 08:18:35.669562914 +0200 @@ -0,0 +1,63 @@ +exit_code=0 + +. ../lib/processman + +cgi_dir=$AREX_RUN_DIR/cgi-bin +mkdir -p $cgi_dir +cat << EOF > $cgi_dir/long.cgi +#!/bin/bash +echo 'Content-type: text/html' +echo '' +sleep 5 +echo 'result' +EOF +chmod 755 $cgi_dir/long.cgi + +child_pid=$(a_child_pid) +echo "Make request, but there is only child $child_pid; request takes long" +curl -s http://localhost:$AREX_PORT/cgi-bin/long.cgi&; +sleep 1 + +echo "Killing child pid $child_pid" +kill -SEGV $child_pid +sleep 1 + +child_pid=$(a_child_pid) +echo "Make a request again with another child (pid $child_pid)" +curl -s http://localhost:$AREX_PORT/cgi-bin/long.cgi&; +sleep 1 + +echo "Killing child pid $child_pid with another signal" +kill -BUS $child_pid +sleep 1 + +echo +echo "[1] wku_log contains data of the crash" +echo "The report contains:" +echo "====================" +# highlights in the report +echo "(a) Crash happened, when" +echo "------------------------" +grep '**** Crash at' $AREX_RUN_DIR/wku_log | tee $AREX_RUN_DIR/wku_log-excerpt +wc -l $AREX_RUN_DIR/wku_log-excerpt | grep -q '^2 ' || exit_code=1 +echo "(b) What uncaught signal caused it" +echo "----------------------------------" +grep 'Fatal signal:' $AREX_RUN_DIR/wku_log | tee $AREX_RUN_DIR/wku_log-excerpt +wc -l $AREX_RUN_DIR/wku_log-excerpt | grep -q '^2 ' || exit_code=1 +echo "(c) Backtrace, where the crash happened" +echo "---------------------------------------" +grep 'mod_cgi.so' $AREX_RUN_DIR/wku_log | tee $AREX_RUN_DIR/wku_log-excerpt +wc -l $AREX_RUN_DIR/wku_log-excerpt | grep -q '^4 ' || exit_code=1 +echo "(d) Request line processed" +echo "--------------------------" +grep -A 1 'Request line' $AREX_RUN_DIR/wku_log | tee $AREX_RUN_DIR/wku_log-excerpt +wc -l $AREX_RUN_DIR/wku_log-excerpt | grep -q '^5 ' || exit_code=1 +echo "(e) Client connection processed" +echo "-------------------------------" +grep -A 1 'Client connection' $AREX_RUN_DIR/wku_log | tee $AREX_RUN_DIR/wku_log-excerpt +wc -l $AREX_RUN_DIR/wku_log-excerpt | grep -q '^5 ' || exit_code=1 + +echo +echo See $AREX_RUN_DIR/wku_log for details. + +exit $exit_code diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/run-rex new/apache-rex/run-rex --- old/apache-rex/run-rex 2019-09-06 11:45:01.223617017 +0200 +++ new/apache-rex/run-rex 2019-10-22 08:18:35.629562689 +0200 @@ -191,6 +191,11 @@ which httxt2dbm 2>/dev/null } +function check_forensic_command() +{ + which check_forensic 2>/dev/null +} + function curl_command() { which curl 2>/dev/null @@ -256,6 +261,11 @@ which python3 python 2>/dev/null | head -n 1 } +function sysctl_command() +{ + which sysctl 2>/dev/null +} + function coredumpctl_command() { which coredumpctl 2>/dev/null | head -n 1 @@ -266,6 +276,16 @@ which openssl 2>/dev/null } +function softhsm2_command() +{ + which softhsm2-util 2>/dev/null +} + +function pkcs11_tool_command() +{ + which pkcs11-tool 2>/dev/null +} + function nss_pcache_command() { which nss_pcache 2>/dev/null @@ -291,6 +311,11 @@ openssl engine | grep -v dynamic | head -n 1 | sed 's:^(\([^()]*\)).*:\1:' } +function softhsm2_so() +{ + ls /usr/lib{,64}/pkcs11/libsofthsm2.so /usr/lib{,64}/shofthsm2/libsofthsm2.so 2>/dev/null | head -n 1 +} + function openssl_have_alpn() { objdump -T $(ldconfig -p | grep 'libssl\.so\.' | sed 's:.* => ::') | grep alpn > /dev/null && echo -n '1' || echo -n '0' @@ -318,7 +343,13 @@ function have_systemd_coredump() { - core_pattern | grep -q 'systemd-coredump' && echo '1' || echo '0' + # check whether: 1. system is configured to dump coredumps into systemd-coredump + # 2. coredumpctl command exists and user have enough privileges to gather dumps + if sysctl kernel.core_pattern | grep -q 'systemd-coredump' && coredumpctl list | grep -q 'TIME\|No coredumps found.'; then + echo '1' + else + echo '0' + fi } function check_system() @@ -354,6 +385,9 @@ HTTXT2DBM_COMMAND=$(httxt2dbm_command) register_command "$HTTXT2DBM_COMMAND" httxt2dbm echod -n '.' + CHECK_FORENSIC_COMMAND=$(check_forensic_command) + register_command "$CHECK_FORENSIC_COMMAND" check_forensic + echod -n '.' CURL_COMMAND=$(curl_command) register_command "$CURL_COMMAND" curl echod -n '.' @@ -381,12 +415,21 @@ PYTHON_COMMAND=$(python_command) register_command "$PYTHON_COMMAND" python echod -n '.' + SYSCTL_COMMAND=$(sysctl_command) + register_command "$SYSCTL_COMMAND" sysctl + echod -n '.' COREDUMPCTL_COMMAND=$(coredumpctl_command) register_command "$COREDUMPCTL_COMMAND" coredumpctl echod -n '.' OPENSSL_COMMAND=$(openssl_command) register_command "$OPENSSL_COMMAND" openssl echod -n '.' + SOFTHSM2_COMMAND=$(softhsm2_command) + register_command "$SOFTHSM2_COMMAND" softhsm2 + echod -n '.' + PKCS11_TOOL_COMMAND=$(pkcs11_tool_command) + register_command "$PKCS11_TOOL_COMMAND" pkcs11-tool + echod -n '.' NSS_PCACHE_COMMAND=$(nss_pcache_command) register_command "$NSS_PCACHE_COMMAND" nss_pcache echod -n '.' @@ -417,6 +460,9 @@ export AREX_OPENSSL_HAVE_ALPN=$(openssl_have_alpn) echod -n '.' fi + if command_exists softhsm2; then + export AREX_SOFTHSM2_SO=$(softhsm2_so) + fi if command_exists python; then export AREX_HAVE_PYTHON_TORNADO=$(have_python_tornado) echod -n '.' @@ -442,6 +488,7 @@ echod "htdbm command ............................ $HTDBM_COMMAND" echod "rotatelogs command ....................... $AREX_ROTATELOGS_COMMAND" echod "httxt2dbm command ........................ $HTTXT2DBM_COMMAND" + echod "check_forensic command ................... $CHECK_FORENSIC_COMMAND" echod "curl command ............................. $CURL_COMMAND" echod "curl have --resolve switch ............... $AREX_CURL_HAVE_RESOLVE" echod "curl have --cert-status switch ........... $AREX_CURL_HAVE_CERT_STATUS" @@ -455,10 +502,14 @@ echod "wget command ............................. $WGET_COMMAND" echod "nc command ............................... $NC_COMMAND" echod "python command ........................... $PYTHON_COMMAND" + echod "sysctl command ........................... $SYSCTL_COMMAND" echod "coredumpctl command ...................... $COREDUMPCTL_COMMAND" echod "openssl command .......................... $OPENSSL_COMMAND" + echod "softhsm2 command ......................... $SOFTHSM2_COMMAND" + echod "pkcs11-tool command ...................... $PKCS11_TOOL_COMMAND" echod "openssl engine ........................... $AREX_AN_OPENSSL_ENGINE" echod "openssl have alpn support ................ $AREX_OPENSSL_HAVE_ALPN" + echod "softhsm2 shared object ................... $AREX_SOFTHSM2_SO" echod "nss_pcache command ....................... $NSS_PCACHE_COMMAND" echod "lsof command ............................. $LSOF_COMMAND" echod "vsftpd command ........................... $VSFTPD_COMMAND" @@ -702,6 +753,10 @@ sh $AREX_RUN_DIR/pre-run.sh fi + # source $AREX_RUN_DIR/server_environment, which pre-run.sh + # can write + . $AREX_RUN_DIR/server_environment + # create default DocumentRoot mkdir -p $AREX_RUN_DIR/htdocs @@ -731,6 +786,7 @@ function start_apache() { start_ok=1 + httpd -f $AREX_RUN_DIR/httpd.conf $SERVER_FLAGS -k start 2>$AREX_RUN_DIR/start_log || start_ok=0 if [ $start_ok -ne 1 ]; then echo '0'
