Changeset bfc3278 for tests


Ignore:
Timestamp:
Mar 30, 2013 2:24:59 PM (7 years ago)
Author:
kytv <kytv@…>
Branches:
master
Children:
2cbb157, af79b74
Parents:
427abb0
Message:

checkcerts.sh: add some support for non-Linux systems

Date computations as performed in this script require the use of GNU date,
which is only available by default on Linux systems. With this check-in we
explicitly check for the existence of GNU date before continuing with the date
calculations.

Previous versions of this script relied on 'certtool' to print the expiration
dates but certtool isn't available by default on non-Linux systems either. The
previous check-in added support for using OpenSSL, retaining the old behavior
on non-Linux systems.

(Also a re-arrangement of the date warning logic)

File:
1 edited

Legend:

Unmodified
Added
Removed
  • tests/scripts/checkcerts.sh

    r427abb0 rbfc3278  
    44# Returns nonzero on failure. Fails if cert cannot be read or is older than
    55# $SOON (default 30).
     6#
     7# Hard dependency: OpenSSL OR gnutls
     8# Recommended: GNU date
    69#
    710# zzz 2011-08
     
    2326fi
    2427
    25 CHECKCERT() {
     28# This "grouping hack" is here to prevent errors from being displayed with the
     29# original Bourne shell (Linux shells don't need the {}s
     30if { date --help;} >/dev/null 2>&1 ; then
     31    HAVE_GNUDATE=1
     32fi
     33
     34checkcert() {
    2635    if [ $OPENSSL ]; then
    2736        DATA=$(openssl x509 -enddate -noout -in $1| cut -d'=' -f2-)
     
    3039    fi
    3140    # While this isn't strictly needed it'll ensure that the output is consistent,
    32     # regardles of the tool used.
    33     date -u -d "$(echo $DATA)" '+%F %H:%M'
     41    # regardles of the tool used. Dates/times are formatting according to OpenSSL's output
     42    # since this available by default on most systems.
     43    if [ -n "$HAVE_GNUDATE" ]; then
     44        LANG=C date -u -d "$(echo $DATA)" '+%b %d %H:%M:%S %Y GMT'
     45    else
     46        echo $DATA
     47    fi
    3448}
    3549
     50compute_dates() {
     51    # Date computations currently depend on GNU date(1).
     52    # If run on a non-Linux system just print the expiration date.
     53    # TODO Cross-platform date calculation support
     54    if [ -n "$HAVE_GNUDATE" ]; then
     55        SECS=$(date -u -d "$EXPIRES" '+%s')
     56        DAYS="$(expr \( $SECS - $NOW \) / 86400)"
     57        if [ $DAYS -ge $SOON ]; then
     58            echo "Expires in $DAYS days ($EXPIRES)"
     59        elif [ $DAYS -eq 1 ]; then
     60            DAYS=$(echo $DAYS | sed 's/^-//')
     61            echo "****** Check for $I failed, expires tomorrow ($EXPIRES) ******"
     62            FAIL=1
     63        elif [ $DAYS -eq 0 ]; then
     64            echo "****** Check for $i failed, expires today ($EXPIRES) ******"
     65            FAIL=1
     66        elif [ $DAYS -le $SOON ] && [ $DAYS -gt 0 ]; then
     67            echo "****** Check for $i failed, expires in $DAYS days (<= ${SOON}d) ($EXPIRES) ******"
     68            FAIL=1
     69        elif [ $DAYS -lt $WARN ] && [ $DAYS -gt $SOON ]; then
     70            echo "****** WARNING: $i expires in $DAYS days (<= ${WANT}d) ($EXPIRES) ******"
     71        elif [ $DAYS -lt 0 ]; then
     72            DAYS=$(echo $DAYS | sed 's/^-//')
     73            echo "****** Check for $i failed, expired $DAYS days ago ($EXPIRES) ******"
     74            FAIL=1
     75        fi
     76    else
     77        echo $EXPIRES
     78    fi
     79}
    3680
    3781cd `dirname $0`/../../installer/resources/certificates
     
    4286do
    4387    echo "Checking $i ..."
    44     EXPIRES=`CHECKCERT $i`
     88    EXPIRES=`checkcert $i`
    4589    if [ -z "$EXPIRES" ]; then
    4690        echo "********* FAILED CHECK FOR $i *************"
    4791        FAIL=1
    4892    else
    49         SECS=$(date -u -d "$EXPIRES" '+%s')
    50         DAYS="$(expr \( $SECS - $NOW \) / 86400)"
    51         if [ $DAYS -ge $SOON ]; then
    52             echo "Expires in $DAYS days ($EXPIRES)"
    53         elif [ $DAYS -le $SOON ] && [ $DAYS -gt 0 ]; then
    54             echo "****** Check for $i failed, expires in $DAYS days (<= ${SOON}d) ($EXPIRES) ******"
    55             FAIL=1
    56         elif [ $DAYS -le $WARN ] && [ $DAYS -ge $SOON ]; then
    57             echo "****** WARNING: $i expires in $DAYS days (<= ${WANT}d) ($EXPIRES) ******"
    58         elif [ $DAYS -eq 1 ]; then
    59             DAYS=$(echo $DAYS | sed 's/^-//')
    60             echo "****** Check for $I failed, expires in $DAYS day ($EXPIRES) ******"
    61             FAIL=1
    62         elif [ $DAYS -eq 0 ]; then
    63             echo "****** Check for $i failed, expires today ($EXPIRES) ******"
    64             FAIL=1
    65         elif [ $DAYS -le 0 ]; then
    66             DAYS=$(echo $DAYS | sed 's/^-//')
    67             echo "****** Check for $i failed, expired $DAYS days ago ($EXPIRES) ******"
    68             FAIL=1
    69         fi
     93       compute_dates
    7094    fi
    7195done
Note: See TracChangeset for help on using the changeset viewer.