This is an automated email from the ASF dual-hosted git repository.
gnodet pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mina-sshd.git
The following commit(s) were added to refs/heads/master by this push:
new b6020dfd3 Fix container tests when run from the src tgz in the
distribution
b6020dfd3 is described below
commit b6020dfd341c36abc93069591fd04d427f0c5782
Author: Thomas Wolf <[email protected]>
AuthorDate: Thu Jul 14 21:02:32 2022 +0200
Fix container tests when run from the src tgz in the distribution
Running a "mvn clean install" from the source tar archive failed for
some container tests because unpacking the tar might not preserve
executable bits. Testcontainers need an entrypoint that is executable,
or otherwise the entrypoint script must not be run directly but via
a shell explicitly.
Rewrite the two problematic tests to ensure the entrypoint script is
always executable, irrespective of whether the test resource has the
bit set.
---
.../auth/pubkey/HostBoundPubKeyAuthTest.java | 4 +-
.../ClientOpenSSHCertificatesTest.java | 72 ++++++++++++++++------
.../sshd/client/opensshcerts/docker/Dockerfile | 45 --------------
3 files changed, 57 insertions(+), 64 deletions(-)
diff --git
a/sshd-core/src/test/java/org/apache/sshd/client/auth/pubkey/HostBoundPubKeyAuthTest.java
b/sshd-core/src/test/java/org/apache/sshd/client/auth/pubkey/HostBoundPubKeyAuthTest.java
index d38786ccb..d99b84231 100644
---
a/sshd-core/src/test/java/org/apache/sshd/client/auth/pubkey/HostBoundPubKeyAuthTest.java
+++
b/sshd-core/src/test/java/org/apache/sshd/client/auth/pubkey/HostBoundPubKeyAuthTest.java
@@ -70,7 +70,9 @@ public class HostBoundPubKeyAuthTest extends BaseTestSupport {
.withCopyFileToContainer(
MountableFile.forClasspathResource(TEST_KEYS + "/user01_authorized_keys"),
"/home/bob/.ssh/authorized_keys")
-
.withCopyFileToContainer(MountableFile.forClasspathResource(TEST_RESOURCES +
"/entrypoint.sh"),
+ // entrypoint must be executable. Spotbugs doesn't
like 0777, so use hex
+ .withCopyFileToContainer(
+
MountableFile.forClasspathResource(TEST_RESOURCES + "/entrypoint.sh", 0x1ff),
"/entrypoint.sh")
.waitingFor(Wait.forLogMessage(".*Server listening
on :: port 22.*\\n", 1))
.withExposedPorts(22) //
diff --git
a/sshd-core/src/test/java/org/apache/sshd/client/opensshcerts/ClientOpenSSHCertificatesTest.java
b/sshd-core/src/test/java/org/apache/sshd/client/opensshcerts/ClientOpenSSHCertificatesTest.java
index 5392a2e80..fe2e68282 100644
---
a/sshd-core/src/test/java/org/apache/sshd/client/opensshcerts/ClientOpenSSHCertificatesTest.java
+++
b/sshd-core/src/test/java/org/apache/sshd/client/opensshcerts/ClientOpenSSHCertificatesTest.java
@@ -51,6 +51,7 @@ import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.testcontainers.containers.GenericContainer;
import org.testcontainers.images.builder.ImageFromDockerfile;
+import org.testcontainers.utility.MountableFile;
@RunWith(Parameterized.class) // see
https://github.com/junit-team/junit/wiki/Parameterized-tests
@Category(ContainerTestCase.class)
@@ -79,25 +80,60 @@ public class ClientOpenSSHCertificatesTest extends
BaseTestSupport {
**/
@ClassRule
public static GenericContainer<?> sshdContainer = new GenericContainer<>(
- new ImageFromDockerfile("clientopensshcertificatestest", true)
- .withFileFromClasspath("entrypoint.sh",
"org/apache/sshd/client/opensshcerts/docker/entrypoint.sh")
- .withFileFromClasspath("sshd_config",
"org/apache/sshd/client/opensshcerts/docker/sshd_config")
- .withFileFromClasspath("supervisord.conf",
"org/apache/sshd/client/opensshcerts/docker/supervisord.conf")
- .withFileFromClasspath("user01_authorized_keys",
-
"org/apache/sshd/client/opensshcerts/user/user01_authorized_keys")
- .withFileFromClasspath("user02_authorized_keys",
-
"org/apache/sshd/client/opensshcerts/user/user02_authorized_keys")
- .withFileFromClasspath("host01",
"org/apache/sshd/client/opensshcerts/host/host01")
- .withFileFromClasspath("host01" +
PublicKeyEntry.PUBKEY_FILE_SUFFIX,
- "org/apache/sshd/client/opensshcerts/host/host01"
+ PublicKeyEntry.PUBKEY_FILE_SUFFIX)
- .withFileFromClasspath("host02",
"org/apache/sshd/client/opensshcerts/host/host02")
- .withFileFromClasspath("host02" +
PublicKeyEntry.PUBKEY_FILE_SUFFIX,
- "org/apache/sshd/client/opensshcerts/host/host02"
+ PublicKeyEntry.PUBKEY_FILE_SUFFIX)
- .withFileFromClasspath("ca" +
PublicKeyEntry.PUBKEY_FILE_SUFFIX,
- "org/apache/sshd/client/opensshcerts/ca/ca" +
PublicKeyEntry.PUBKEY_FILE_SUFFIX)
- .withFileFromClasspath("Dockerfile",
"org/apache/sshd/client/opensshcerts/docker/Dockerfile"))
+ new ImageFromDockerfile().withDockerfileFromBuilder(builder ->
builder.from("alpine:3.13") //
+ .run("apk --update add supervisor openssh openssh-server
bash") // Install
+ .run("rm -rf /var/cache/apk/*") // Clear cache
+ .run("mkdir /var/run/sshd") // For privilege separation
+ .run("addgroup customusers") // Give our users a group
+ .run("adduser -D user01 -G customusers") // Create a user
+ .run("adduser -D user02 -G customusers") // Create another
one
+ .run("passwd -u user01") // Unlock, but...
+ .run("passwd -u user02") // ... don't set passwords
+ .run("mkdir -p /keys/user/user01") // Directories for...
+ .run("mkdir -p /keys/user/user02") // ... the authorized
keys
+ .run("echo 'user01:password01' | chpasswd") // Passwords
for...
+ .run("echo 'user02:password02' | chpasswd") // ...both
users
+ .entryPoint("/entrypoint.sh") // Sets up supervisor to run
sshd
+ .build())) //
+
.withCopyFileToContainer(MountableFile.forClasspathResource(
+
"org/apache/sshd/client/opensshcerts/docker/sshd_config"),
"/etc/ssh/sshd_config")
+ .withCopyFileToContainer(
+ MountableFile.forClasspathResource(
+
"org/apache/sshd/client/opensshcerts/docker/supervisord.conf"),
+ "/etc/supervisor/supervisord.conf")
+ .withCopyFileToContainer(
+ MountableFile.forClasspathResource(
+
"org/apache/sshd/client/opensshcerts/user/user01_authorized_keys"),
+ "/keys/user/user01/authorized_keys")
+ .withCopyFileToContainer(
+ MountableFile.forClasspathResource(
+
"org/apache/sshd/client/opensshcerts/user/user02_authorized_keys"),
+ "/keys/user/user02/authorized_keys")
+ .withCopyFileToContainer(
+
MountableFile.forClasspathResource("org/apache/sshd/client/opensshcerts/host/host01"),
+ "/keys/host/host01")
+ .withCopyFileToContainer(
+
MountableFile.forClasspathResource("org/apache/sshd/client/opensshcerts/host/host01"
+ +
PublicKeyEntry.PUBKEY_FILE_SUFFIX),
+ "/keys/host/host01" +
PublicKeyEntry.PUBKEY_FILE_SUFFIX)
+ .withCopyFileToContainer(
+
MountableFile.forClasspathResource("org/apache/sshd/client/opensshcerts/host/host02"),
+ "/keys/host/host02")
+ .withCopyFileToContainer(
+
MountableFile.forClasspathResource("org/apache/sshd/client/opensshcerts/host/host02"
+ +
PublicKeyEntry.PUBKEY_FILE_SUFFIX),
+ "/keys/host/host02" +
PublicKeyEntry.PUBKEY_FILE_SUFFIX)
+ .withCopyFileToContainer(
+ MountableFile.forClasspathResource(
+
"org/apache/sshd/client/opensshcerts/ca/ca" +
PublicKeyEntry.PUBKEY_FILE_SUFFIX),
+ "/ca" + PublicKeyEntry.PUBKEY_FILE_SUFFIX)
+ // entrypoint must be executable. Spotbugs doesn't
like 0777, so use hex
+ .withCopyFileToContainer(
+ MountableFile.forClasspathResource(
+
"org/apache/sshd/client/opensshcerts/docker/entrypoint.sh", 0x1ff),
+ "/entrypoint.sh")
// must be set to "/keys/host/host01" or
"/keys/host/host02"
- .withEnv("SSH_HOST_KEY", "/keys/host/host01")
+ .withEnv("SSH_HOST_KEY", "/keys/host/host01") //
.withExposedPorts(22);
private static final String USER_KEY_PATH =
"org/apache/sshd/client/opensshcerts/user/";
diff --git
a/sshd-core/src/test/resources/org/apache/sshd/client/opensshcerts/docker/Dockerfile
b/sshd-core/src/test/resources/org/apache/sshd/client/opensshcerts/docker/Dockerfile
deleted file mode 100644
index 0e9604d2d..000000000
---
a/sshd-core/src/test/resources/org/apache/sshd/client/opensshcerts/docker/Dockerfile
+++ /dev/null
@@ -1,45 +0,0 @@
-FROM alpine:3.13
-
-RUN apk --update add supervisor openssh openssh-server bash \
- && rm -rf /var/cache/apk/* \
-# sshd requires a "privilege separation directory"
- && mkdir /var/run/sshd \
-# add a group for all the ssh users
- && addgroup customusers \
-# add a non-root local users
- && adduser -D user01 -G customusers \
- && adduser -D user02 -G customusers \
-# unlock the users (but dont set a password)
- && passwd -u user01 \
- && passwd -u user02 \
-# create a keys directory for the users authorized_keys
- && mkdir -p /keys/user/user01 \
- && mkdir -p /keys/user/user02 \
-# set passwords
- && echo 'user01:password01' | chpasswd \
- && echo 'user02:password02' | chpasswd
-
-COPY entrypoint.sh /entrypoint.sh
-
-# copy users pub keys into authorized_keys files
-COPY user01_authorized_keys /keys/user/user01/authorized_keys
-COPY user02_authorized_keys /keys/user/user02/authorized_keys
-
-# copy SSH host keypairs
-COPY host01 /keys/host/host01
-COPY host01.pub /keys/host/host01.pub
-COPY host02 /keys/host/host02
-COPY host02.pub /keys/host/host02.pub
-
-# copy CA pub key
-COPY ca.pub /ca.pub
-
-# copy sshd_config
-COPY sshd_config /etc/ssh/sshd_config
-
-# supervisord conf
-COPY supervisord.conf /etc/supervisor/supervisord.conf
-
-EXPOSE 22
-
-CMD ["/entrypoint.sh"]
