* Added Docker support for setting up an images based on debian sid,

   build current apache 2.4.x patch, current crustls PR branch and the
   local mod_tls sources and have the test suite run in the image.

Author: Stefan Eissing

.env

@@ -0,0 +1 @@
+DOCKER_REGISTRY=docker-registry.greenbytes.de

ChangeLog

@@ -1,3 +1,6 @@
+ * Added Docker support for setting up an images based on debian sid,
+   build current apache 2.4.x patch, current crustls PR branch and the
+   local mod_tls sources and have the test suite run in the image.
  * Updated documentation on protocol version/cipher configuring.
  * Changed numerical names to include `0x`, for example `TLS_CIPHER_0xc024`,
    to avoid ambiguities.

README.md

@@ -54,6 +54,18 @@ Run the usual autoconf/automake magic incantations.
 > make
 ```
 
+### Docker Test Image
+
+There is now support for building a Docker image based on `debian sid` to run the test suite in.
+
+```
+> cd mod_tls
+> docker-compose build debian-test
+> docker-compose run debian-test
+```
+
+This clone the git repository from `apache` and `crustls`, switched to the necessary branches and builds a copy of the local `mod_tls` sources. If you want to setup your own build, you'll find the instructions in `docker/debian-test/bin/update.sh`.
+
 ## Tests
 
 ### Functional Tests

configure.ac

@@ -14,7 +14,7 @@
 #
 
 AC_PREREQ([2.69])
-AC_INIT([mod_md], [0.1.0], [[email protected]])
+AC_INIT([mod_tls], [0.1.0], [[email protected]])
 
 LT_PREREQ([2.2.6])
 LT_INIT()

docker-compose.yml

@@ -0,0 +1,28 @@
+version: '3.7'
+services:
+  debian-test:
+    # build and run tests in a debian sid container
+    image: ${DOCKER_REGISTRY}/mod-tls-debian-test:0.0.1
+    container_name: mod-tls-debian-test
+    build:
+      context: .
+      dockerfile: docker/debian-test/Dockerfile
+      labels:
+        - "description=mod_tls debian test server"
+        - "[email protected]"
+    expose:
+      - "5010"
+      - "5011"
+    volumes:
+      - mod-tls-debian-test-data:/abetterinternet/data
+    ports:
+      - "5010"
+      - "5011"
+
+volumes:
+  mod-tls-debian-test-data:
+    name: mod-tls-debian-test-data
+    labels:
+      - "description=debian test data for mod_tls"
+      - "[email protected]"
+

docker/debian-test/Dockerfile

@@ -0,0 +1,23 @@
+FROM debian:sid
+
+RUN apt-get update; apt-get upgrade -y
+RUN apt-get install -y apt-listchanges \
+      make openssl libssl-dev libcurl4 libcurl4-openssl-dev \
+      gcc subversion git cargo python3 \
+      libapr1-dev libaprutil1-dev libnghttp2-dev pip
+
+RUN pip install pytest tqdm pycurl
+
+RUN apt-get install -y autoconf libtool libtool-bin
+RUN apt-get install -y libpcre3-dev libjansson-dev
+RUN apt-get install -y curl rsync
+
+RUN pip install cryptography
+
+COPY docker/debian-test/bin/* /abetterinternet/bin/
+COPY configure.ac Makefile.am NEWS README* AUTHORS ChangeLog COPYING LICENSE /abetterinternet/mod_tls/
+COPY src /abetterinternet/mod_tls/src
+COPY test test/Makefile.am test/test.ini.in /abetterinternet/mod_tls/test
+COPY m4 /abetterinternet/mod_tls/m4
+
+CMD ["/bin/bash", "-c", "/abetterinternet/bin/update.sh"]

docker/debian-test/bin/update.sh

@@ -0,0 +1,81 @@
+#!/bin/bash
+
+TOP=/abetterinternet
+DATADIR=$TOP/data
+
+fail() {
+  echo "$@"
+  exit 1
+}
+
+needs_update() {
+  local ref_file="$1"
+  local check_dir="$2"
+  if test ! -f "$ref_file"; then
+    return 0
+  fi
+  find "$check_dir" -type f -a -newer "$ref_file" -o -type d -name .git -prune -a -false |
+  while read fname; do
+    return 0
+  done
+  return 1
+}
+
+cd $DATADIR
+if test ! -f rustup.sh.run; then
+  curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs -o rustup.sh ||rm -f rustup.sh
+  /bin/bash rustup.sh -y ||fail
+  touch rustup.sh.run
+fi
+
+if test ! -d httpd; then
+  git clone https://github.com/icing/httpd.git httpd ||fail
+fi
+cd httpd
+if test ! -d srclib/apr; then
+  svn co http://svn.apache.org/repos/asf/apr/apr/trunk srclib/apr
+fi
+git fetch origin icing/2.4.x-ap_ssl_things ||fail
+git checkout icing/2.4.x-ap_ssl_things ||fail
+if needs_update $DATADIR/apache2/.installed .; then
+  rm -f $DATADIR/apache2/.installed
+  ./buildconf ||fail
+  ./configure --prefix=$DATADIR/apache2 --with-included-apr \
+    --enable-mpms-shared=event --enable-ssl --enable-http2 \
+    --enable-cgi --enable-md  ||fail
+  make install ||fail
+  touch $DATADIR/apache2/.installed
+fi
+
+
+cd $DATADIR
+if test ! -d crustls; then
+  git clone https://github.com/abetterinternet/crustls.git crustls
+fi
+cd crustls
+git fetch origin list-ciphersuites
+git checkout list-ciphersuites
+if needs_update $DATADIR/apache2/.crustls-installed .; then
+  rm -f $DATADIR/apache2/.crustls-installed
+  touch src/crustls.h ||fail "missing src/crustls.h"
+  make install DESTDIR=$DATADIR/apache2 ||fail
+  touch $DATADIR/apache2/.crustls-installed
+fi
+
+cd "$TOP/mod_tls" ||fail
+if needs_update .installed .; then
+  rm -f .installed
+  if test ! -f configure -o configure.ac -nt configure; then
+    autoreconf -i ||fail
+  fi
+  if test ! -d Makefile -o ./configure -nt Makefile; then
+    ./configure --with-apxs=$DATADIR/apache2/bin/apxs ||fail
+    touch ./configure
+  fi
+  make clean||fail
+  make ||fail
+  find .
+  make install ||fail
+  touch .installed
+fi
+make test

test/test_env.py

@@ -148,9 +148,9 @@ def __init__(self):
         self._http_port = int(config.get('global', 'http_port'))
         self._https_port = int(config.get('global', 'https_port'))
 
-        self._http_base = "http://localhost:{port}".format(port=self._http_port)
+        self._http_base = "http://127.0.0.1:{port}".format(port=self._http_port)
         self._httpd_check_url = self._http_base
-        self._https_base = "https://localhost:{port}".format(port=self._https_port)
+        self._https_base = "https://127.0.0.1:{port}".format(port=self._https_port)
 
         self._curl = config.get('global', 'curl_bin')
         if self._curl is None or len(self._curl) == 0: