Commit a6ea9efe authored by Christoph Berg's avatar Christoph Berg

pg_createcluster, t/001_packages.t: Refactor the ssl cert test, and add

matching testcases in the testsuite.
parent 14e48a85
......@@ -8,6 +8,8 @@ postgresql-common (153) UNRELEASED; urgency=medium
* postgresql-common.postinst: Stop debconf later so ucf can use it.
* postgresql-common.postinst: Call su without - to avoid a warning.
* t/003_package_checks.t: Add test case for logrotate.
* pg_createcluster, t/001_packages.t: Refactor the ssl cert test, and add
matching testcases in the testsuite.
* t/020_create_sql_remove.t: Make pipe writes unbuffered.
* pg_buildext: Document the loop action (present since version 141).
* pg_buildext: Add "installcheck" action for use with autopkgtest.
......
......@@ -444,10 +444,12 @@ $conf_fn =~tr/./_/;
&$conf_fn if defined &$conf_fn and $newcluster;
# Check whether we can access the SSL private key as the cluster owner
my $key_file = '/etc/ssl/private/ssl-cert-snakeoil.key';
my $pem_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem';
my $ssl_key_access;
my ($uid, $euid, $gid, $egid) = ($<, $>, $(, $));
change_ugid $owneruid, $ownergid;
$ssl_key_access = -r '/etc/ssl/private/ssl-cert-snakeoil.key';
$ssl_key_access = -r $key_file;
$> = $euid;
$< = $uid;
$( = $gid;
......@@ -456,16 +458,15 @@ die "changing euid back: $!" if $> != $euid;
die "changing egid back: $!" if $) != $egid;
# enable SSL if we have the snakeoil default certificate
if ($newcluster && -e '/etc/ssl/certs/ssl-cert-snakeoil.pem' &&
$ssl_key_access) {
if ($newcluster && -e $pem_file && $ssl_key_access) {
if ($version >= '9.2') {
PgCommon::set_conf_value $version, $cluster, 'postgresql.conf',
'ssl_cert_file', '/etc/ssl/certs/ssl-cert-snakeoil.pem';
'ssl_cert_file', $pem_file;
PgCommon::set_conf_value $version, $cluster, 'postgresql.conf',
'ssl_key_file', '/etc/ssl/private/ssl-cert-snakeoil.key';
'ssl_key_file', $key_file;
} else {
symlink '/etc/ssl/certs/ssl-cert-snakeoil.pem', $datadir.'/server.crt';
symlink '/etc/ssl/private/ssl-cert-snakeoil.key', $datadir.'/server.key';
symlink $pem_file, "$datadir/server.crt";
symlink $key_file, "$datadir/server.key";
}
PgCommon::set_conf_value $version, $cluster, 'postgresql.conf', 'ssl', 'true';
......
......@@ -6,7 +6,7 @@ use lib 't';
use TestLib;
use POSIX qw/setlocale LC_ALL LC_MESSAGES/;
use Test::More tests => 9 + ($#MAJORS+1)*7;
use Test::More tests => 12 + ($#MAJORS+1)*7;
print "Info: PostgreSQL versions installed: @MAJORS\n";
......@@ -36,7 +36,12 @@ ok ((setlocale(LC_MESSAGES, '') =~ /utf8|UTF-8/), 'system has a default UTF-8 lo
ok (setlocale (LC_ALL, "ru_RU"), 'locale ru_RU exists');
ok (setlocale (LC_ALL, "ru_RU.UTF-8"), 'locale ru_RU.UTF-8 exists');
my $key_file = '/etc/ssl/private/ssl-cert-snakeoil.key';
my $pem_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem';
ok ((getgrnam('ssl-cert'))[3] =~ /postgres/,
'user postgres in the UNIX group ssl-cert');
ok (-e $key_file, "$key_file exists");
is (exec_as ('postgres', "cat $key_file > /dev/null"), 0, "$key_file is readable for postgres");
ok (-e $pem_file, "$pem_file exists");
# vim: filetype=perl
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment