From 136c348f0170ad597c79eef0a875835a6b21eb5b Mon Sep 17 00:00:00 2001 From: Adrian Heine Date: Fri, 29 Nov 2024 08:21:57 +0100 Subject: [PATCH 1/5] Update tests --- src/symbols/user.rs | 2 ++ tests/setup.rs | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/symbols/user.rs b/src/symbols/user.rs index c32bec3..4c76058 100644 --- a/src/symbols/user.rs +++ b/src/symbols/user.rs @@ -74,6 +74,7 @@ mod test { let symbol = User { user_name: "nonexisting", command_runner: StdCommandRunner, + home_path: "/home/nonexisting", }; assert_eq!(run(symbol.target_reached()).unwrap(), false); } @@ -83,6 +84,7 @@ mod test { let symbol = User { user_name: "root", command_runner: StdCommandRunner, + home_path: "/root", }; assert_eq!(run(symbol.target_reached()).unwrap(), true); } diff --git a/tests/setup.rs b/tests/setup.rs index 1603f86..2b2e856 100644 --- a/tests/setup.rs +++ b/tests/setup.rs @@ -61,7 +61,7 @@ fn test( #[test] fn can_create_an_acme_user() { let mut result = test(1, |setup| { - assert_eq!(&*(run(setup.add(AcmeUser)).unwrap().0).0, "acme"); + assert_eq!(((run(setup.add(AcmeUser)).unwrap().0).0).0.as_ref(), "acme"); }); let entry = result .pop() @@ -127,7 +127,7 @@ fn can_create_an_acme_cert() { .pop() .expect("log is empty but should contain one entry"); assert_eq!(entry.0, 3, "log entry has wrong level"); - assert_eq!(entry.1.matches("run_symbol").count(), 19); + assert_eq!(entry.1.matches("run_symbol").count(), 18); assert_eq!(result.len(), 0, "log has more than one entry"); } From 97057db8d2bb1e6a2e9172c650ad5cc77d584da8 Mon Sep 17 00:00:00 2001 From: Adrian Heine Date: Tue, 2 Sep 2025 11:46:33 +0200 Subject: [PATCH 2/5] Adapt to trixie openssl --- src/command_runner.rs | 9 +++++++++ src/symbols/tls/csr.rs | 7 ++++--- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/src/command_runner.rs b/src/command_runner.rs index 75a1d3b..a463f6a 100644 --- a/src/command_runner.rs +++ b/src/command_runner.rs @@ -33,6 +33,15 @@ pub fn get_output(output: Output) -> Result, Box> { Ok(check_success(output)?.stdout) } +pub fn get_stderr_or_stdout(output: Output) -> Result, Box> { + let output = check_success(output)?; + Ok(if output.stderr.is_empty() { + output.stdout + } else { + output.stderr + }) +} + #[async_trait(?Send)] pub trait CommandRunner { async fn run<'a>(&self, program: &str, args: &'a [&'a OsStr], input: &[u8]) -> IoResult; diff --git a/src/symbols/tls/csr.rs b/src/symbols/tls/csr.rs index a5894fd..21f1959 100644 --- a/src/symbols/tls/csr.rs +++ b/src/symbols/tls/csr.rs @@ -1,4 +1,4 @@ -use crate::command_runner::CommandRunner; +use crate::command_runner::{get_stderr_or_stdout, CommandRunner}; use crate::symbols::Symbol; use async_trait::async_trait; use std::borrow::Borrow; @@ -32,13 +32,14 @@ impl, K: AsRef, P: AsRef> Symbol fo return Ok(false); } - let output = self + let result = self .command_runner - .get_stderr( + .run_with_args( "openssl", args!["req", "-in", self.csr_path.as_ref(), "-noout", "-verify",], ) .await?; + let output = get_stderr_or_stdout(result)?; Ok(output == b"verify OK\n" || output == b"Certificate request self-signature verify OK\n") } From ddf645e19e619cfcecc93ccdc6f0442d0a8da4af Mon Sep 17 00:00:00 2001 From: Adrian Heine Date: Tue, 2 Sep 2025 11:47:36 +0200 Subject: [PATCH 3/5] cargo fmt --- src/builder.rs | 8 ++++---- src/locator.rs | 13 ++++++++----- src/setup/util.rs | 4 +++- src/symbols/user.rs | 2 +- 4 files changed, 16 insertions(+), 11 deletions(-) diff --git a/src/builder.rs b/src/builder.rs index fddb7fa..5652a07 100644 --- a/src/builder.rs +++ b/src/builder.rs @@ -1,9 +1,9 @@ use crate::command_runner::{SetuidCommandRunner, StdCommandRunner}; use crate::resources::{ - AcmeAccountKey, AcmeChallengesDir, AcmeChallengesNginxSnippet, AcmeUser, Cert, - CertChain, Cron, Csr, DefaultServer, Dir, File, GitCheckout, Key, KeyAndCertBundle, - LoadedDirectory, MariaDbDatabase, MariaDbUser, NpmInstall, Owner, PhpFpmPool, PostgresqlDatabase, - Resource, ServeCustom, ServePhp, ServeRedir, ServeService, ServeStatic, StoredDirectory, + AcmeAccountKey, AcmeChallengesDir, AcmeChallengesNginxSnippet, AcmeUser, Cert, CertChain, Cron, + Csr, DefaultServer, Dir, File, GitCheckout, Key, KeyAndCertBundle, LoadedDirectory, + MariaDbDatabase, MariaDbUser, NpmInstall, Owner, PhpFpmPool, PostgresqlDatabase, Resource, + ServeCustom, ServePhp, ServeRedir, ServeService, ServeStatic, StoredDirectory, SystemdSocketService, User, UserForDomain, WordpressPlugin, WordpressTranslation, }; use crate::storage::SimpleStorage; diff --git a/src/locator.rs b/src/locator.rs index 277566b..4ad4fbf 100644 --- a/src/locator.rs +++ b/src/locator.rs @@ -3,10 +3,10 @@ use crate::artifacts::{ UserName as UserNameArtifact, }; use crate::resources::{ - AcmeAccountKey, AcmeChallengesDir, AcmeChallengesNginxSnippet, AcmeUser, Cert, - CertChain, Cron, Csr, DefaultServer, Dir, File, GitCheckout, Key, KeyAndCertBundle, - LoadedDirectory, MariaDbDatabase, MariaDbUser, NpmInstall, Owner, PhpFpmPool, PostgresqlDatabase, - Resource, ServeCustom, ServePhp, ServeRedir, ServeService, ServeStatic, StoredDirectory, + AcmeAccountKey, AcmeChallengesDir, AcmeChallengesNginxSnippet, AcmeUser, Cert, CertChain, Cron, + Csr, DefaultServer, Dir, File, GitCheckout, Key, KeyAndCertBundle, LoadedDirectory, + MariaDbDatabase, MariaDbUser, NpmInstall, Owner, PhpFpmPool, PostgresqlDatabase, Resource, + ServeCustom, ServePhp, ServeRedir, ServeService, ServeStatic, StoredDirectory, SystemdSocketService, User, UserForDomain, WordpressPlugin, WordpressTranslation, }; use crate::to_artifact::ToArtifact; @@ -198,7 +198,10 @@ impl ResourceLocator for DefaultLocator

{ fn locate(_resource: &AcmeUser) -> (::Artifact, Self::Prerequisites) { let user_name = P::acme_user(); let home = P::user_home(&user_name); - ((UserNameArtifact(user_name.into()), PathArtifact::from(home)), ()) + ( + (UserNameArtifact(user_name.into()), PathArtifact::from(home)), + (), + ) } } diff --git a/src/setup/util.rs b/src/setup/util.rs index 6951165..315958e 100644 --- a/src/setup/util.rs +++ b/src/setup/util.rs @@ -108,7 +108,9 @@ impl Recorder { slog_term::CompactFormat::new(decorator).build(), move |record| record.level().is_at_least(filter_level), ); - let Ok(mutex) = Arc::try_unwrap(self.0) else { panic!("cannot unwrap Arc") }; // AsyncRecord does not implement Debug, so we cannot unwrap + let Ok(mutex) = Arc::try_unwrap(self.0) else { + panic!("cannot unwrap Arc") + }; // AsyncRecord does not implement Debug, so we cannot unwrap for record in mutex.into_inner().unwrap() { record.log_to(&drain).unwrap(); } diff --git a/src/symbols/user.rs b/src/symbols/user.rs index 4c76058..ddde440 100644 --- a/src/symbols/user.rs +++ b/src/symbols/user.rs @@ -3,8 +3,8 @@ use crate::symbols::Symbol; use async_trait::async_trait; use once_cell::sync::Lazy; use std::error::Error; -use tokio::sync::Semaphore; use std::path::Path; +use tokio::sync::Semaphore; pub type Wait = Lazy; static WAIT: Wait = Lazy::new(|| Semaphore::new(1)); From 0a6b6efd7afc9b7dc2d931a9b07b133d846dbf7a Mon Sep 17 00:00:00 2001 From: Adrian Heine Date: Tue, 2 Sep 2025 11:47:48 +0200 Subject: [PATCH 4/5] Streamline command runner a bit --- src/command_runner.rs | 4 ++-- src/symbols/cron.rs | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/command_runner.rs b/src/command_runner.rs index a463f6a..3ef8934 100644 --- a/src/command_runner.rs +++ b/src/command_runner.rs @@ -29,7 +29,7 @@ pub fn is_success(res: Result) -> Result Result, Box> { +pub fn get_stdout(output: Output) -> Result, Box> { Ok(check_success(output)?.stdout) } @@ -55,7 +55,7 @@ pub trait CommandRunner { args: &'a [&'a OsStr], ) -> Result, Box> { let output = self.run_with_args(program, args).await?; - get_output(output) + get_stdout(output) } async fn run_successfully<'a>( &self, diff --git a/src/symbols/cron.rs b/src/symbols/cron.rs index 1152a30..86cfd9f 100644 --- a/src/symbols/cron.rs +++ b/src/symbols/cron.rs @@ -37,7 +37,7 @@ impl, U: AsRef, R: CommandRunner> Symbol for Cron<'_, C, U, .run( "crontab", args!["-u", self.user.as_ref(), "-",], - self.content.as_ref(), + self.content.as_ref(), // input ) .await, )?; From d01c3f84cc1a69b993cf5eaae6cf8a8e101ead84 Mon Sep 17 00:00:00 2001 From: Adrian Heine Date: Tue, 2 Sep 2025 11:55:58 +0200 Subject: [PATCH 5/5] Adapt to trixie openssl --- src/symbols/acme/cert.rs | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/src/symbols/acme/cert.rs b/src/symbols/acme/cert.rs index 955606b..6330c40 100644 --- a/src/symbols/acme/cert.rs +++ b/src/symbols/acme/cert.rs @@ -66,12 +66,18 @@ impl<_C: CommandRunner, C: Borrow<_C>, D: AsRef, P: AsRef> Symbol for ) .await?; if output.status.success() - && output.stdout + && (output.stdout == format!( "subject=CN = {}\nCertificate will not expire\n", self.domain.as_ref() ) .as_bytes() + || output.stdout + == format!( + "subject=CN={}\nCertificate will not expire\n", + self.domain.as_ref() + ) + .as_bytes()) { Ok( self @@ -94,12 +100,18 @@ impl<_C: CommandRunner, C: Borrow<_C>, D: AsRef, P: AsRef> Symbol for .is_ok(), ) } else if output.status.code() == Some(1) - && output.stdout + && (output.stdout == format!( "subject=CN = {}\nCertificate will expire\n", self.domain.as_ref() ) .as_bytes() + || output.stdout + == format!( + "subject=CN={}\nCertificate will expire\n", + self.domain.as_ref() + ) + .as_bytes()) { Ok(false) } else {