Re: [PATCH] To automate the svnsshcheck

Philip Martin wrote:
> Garrett Rooney <rooneg@electricjellyfish.net> writes:
>
>
>> It's not just a matter of it cleaning up after itself, I'm
>> uncomfortable having it mess around in .ssh at all.
>>
>
> Me too. Also, it probably won't work if someone tries to run multiple
> instances of the testsuite simultaneously.
>
>
Made the following corrections to the patch.
1)Undone the changes made to svnsshcheck target.
2)Updated the doc to call the key configuration/cleanup targets explicitly.
3)Modified the undoing of changes to authorized_keys file selectively
rather than 'mv authorized_keys.pristine authorized_keys'
4)Renamed the targets to mean what they do.
5)destroytestsshsetup target undoes the current build area's current
testsuite key configuration only.
6)destroytestsshsetup_bruteforce target undoes the current build area's
all past testsuite key configurations.

With regards
Kamesh Jayachandran

[[[
Automate the svnsshcheck and make sure ssh tunnel understands
--user = jconstant/jrandom accordingly.

Patch by: Kamesh Jayachandran <kamesh@collab.net>

* Makefile.in
(createtestsshsetup): Creates public/private keys
for jconstant/jrandom, sets up key based authentication stuff working
the adds localhost to known_hosts.
(destroytestsshsetup): Undoes key based authentication setup upon test
completion for the current testsuite execution and current build area.
(destroytestsshsetup_bruteforce): Could be used to undo the key setups
done by the test system in earlier invocations for current build area
in a brute force way.
* subversion/tests/cmdline/README
Small doc on this svn+ssh test key configuration automation.
* subversion/tests/cmdline/svntest/main.py
(setup_tunnel): Sets up the SVN_SSH environment variable with
'ssh -p port -i /path/to/jconstant_or_jrandom_private_key
[based on --username argument] hostname[localhost]
(run_svn): calls setup_tunnel
(run_svnsync): calls setup_tunnel
]]]

Index: Makefile.in
===================================================================
--- Makefile.in (revision 18446)
+++ Makefile.in (working copy)
@@ -33,6 +33,15 @@
 SWIG_SRC_DIR = $(abs_srcdir)/subversion/bindings/swig
 SWIG_BUILD_DIR = $(abs_builddir)/subversion/bindings/swig
 
+JCONSTANT_PUBLIC_KEY_FILE = $(abs_builddir)/subversion/tests/cmdline/jconstant.pub
+JCONSTANT_PRIVATE_KEY_FILE = $(abs_builddir)/subversion/tests/cmdline/jconstant
+JRANDOM_PUBLIC_KEY_FILE = $(abs_builddir)/subversion/tests/cmdline/jrandom.pub
+JRANDOM_PRIVATE_KEY_FILE = $(abs_builddir)/subversion/tests/cmdline/jrandom
+JCONSTANT_PUBLIC_KEY = $(shell cat $(JCONSTANT_PUBLIC_KEY_FILE))
+JRANDOM_PUBLIC_KEY = $(shell cat $(JRANDOM_PUBLIC_KEY_FILE))
+JRANDOM_AUTHORIZED_KEYS_PATTERN=$(shell echo "command=\"$(abs_builddir)/subversion/svnserve/svnserve -t --tunnel-user=jrandom\""|sed 's/\//\\\//g')
+JCONSTANT_AUTHORIZED_KEYS_PATTERN=$(shell echo "command=\"$(abs_builddir)/subversion/svnserve/svnserve -t --tunnel-user=jconstant\""|sed 's/\//\\\//g')
+
 SVN_EXTERNAL_PROJECT_SUBDIRS = @SVN_EXTERNAL_PROJECT_SUBDIRS@
 
 SCHEMA_DIR = subversion/svn/schema
@@ -410,8 +419,48 @@
 svncheck6:
         @$(MAKE) check BASE_URL=svn://\[::1\]
 
-# First make sure you can ssh to localhost and that "svnserve" is in
-# the path of the resulting shell.
+createtestsshsetup:
+ rm -f $(JCONSTANT_PRIVATE_KEY_FILE) $(JCONSTANT_PUBLIC_KEY_FILE)
+ rm -f $(JRANDOM_PRIVATE_KEY_FILE) $(JRANDOM_PUBLIC_KEY_FILE)
+ ssh-keygen -t dsa -f $(JCONSTANT_PRIVATE_KEY_FILE) -P ''
+ ssh-keygen -t dsa -f $(JRANDOM_PRIVATE_KEY_FILE) -P ''
+ -@if ! test -d ~/.ssh; then \
+ mkdir ~/.ssh;\
+ chmod 700 ~/.ssh;\
+ fi
+ -@if test -f ~/.ssh/authorized_keys; then \
+ mv -f ~/.ssh/authorized_keys ~/.ssh/authorized_keys.pristine;\
+ fi
+ #small hack to make ssh not to prompt for whether to save or not
+ #kind of interactions while the tests are running.
+ echo "command=\"exit 0;\" `cat $(JCONSTANT_PUBLIC_KEY_FILE)`" > ~/.ssh/authorized_keys
+ chmod 644 ~/.ssh/authorized_keys
+ ssh -o StrictHostKeyChecking=no -i $(JCONSTANT_PRIVATE_KEY_FILE) localhost
+ -@if test -f ~/.ssh/authorized_keys.pristine; then \
+ mv -f ~/.ssh/authorized_keys.pristine ~/.ssh/authorized_keys;\
+ fi
+ echo "command=\"$(abs_builddir)/subversion/svnserve/svnserve -t --tunnel-user=jrandom\" `cat $(JRANDOM_PUBLIC_KEY_FILE)`" >> ~/.ssh/authorized_keys
+ echo "command=\"$(abs_builddir)/subversion/svnserve/svnserve -t --tunnel-user=jconstant\" `cat $(JCONSTANT_PUBLIC_KEY_FILE)`" >> ~/.ssh/authorized_keys
+ chmod 644 ~/.ssh/authorized_keys
+
+destroytestsshsetup:
+ cat ~/.ssh/authorized_keys | awk '{ \
+ if (! ($$0 == "command=\"$(abs_builddir)/subversion/svnserve/svnserve -t --tunnel-user=jrandom\" $(JRANDOM_PUBLIC_KEY)" || $$0 == "command=\"$(abs_builddir)/subversion/svnserve/svnserve -t --tunnel-user=jconstant\" $(JCONSTANT_PUBLIC_KEY)")) \
+ print $$0 \
+ }' > ~/.ssh/authorized_keys1
+ mv ~/.ssh/authorized_keys1 ~/.ssh/authorized_keys
+ rm -f $(JCONSTANT_PRIVATE_KEY_FILE) $(JCONSTANT_PUBLIC_KEY_FILE)
+ rm -f $(JRANDOM_PRIVATE_KEY_FILE) $(JRANDOM_PUBLIC_KEY_FILE)
+
+destroytestsshsetup_bruteforce:
+ cat ~/.ssh/authorized_keys | awk '{ \
+ if (! ($$0 ~ /$(JRANDOM_AUTHORIZED_KEYS_PATTERN)/ || $$0 ~ /$(JCONSTANT_AUTHORIZED_KEYS_PATTERN)/)) \
+ print $$0 \
+ }' > ~/.ssh/authorized_keys1
+ mv ~/.ssh/authorized_keys1 ~/.ssh/authorized_keys
+ rm -f $(JCONSTANT_PRIVATE_KEY_FILE) $(JCONSTANT_PUBLIC_KEY_FILE)
+ rm -f $(JRANDOM_PRIVATE_KEY_FILE) $(JRANDOM_PUBLIC_KEY_FILE)
+
 svnsshcheck:
         @$(MAKE) check \
           BASE_URL=svn+ssh://localhost`pwd`/subversion/tests/cmdline
Index: subversion/tests/cmdline/README
===================================================================
--- subversion/tests/cmdline/README (revision 18446)
+++ subversion/tests/cmdline/README (working copy)
@@ -144,8 +144,34 @@
 $ ./basic_tests.py --url=svn://localhost 3
 
 
+Running over svn+ssh tunnel
+---------------------------
+This needs running ssh server.
 
+$make createtestsshsetup
+This automatically sets up the ssh public/private key configurations
+needed to make the testsuite to run smoothly.
 
+$make destroytestsshsetup
+This undoes the key based authentication setup for the last test execution
+from the current build area.
+
+$make destroytestsshsetup_bruteforce
+This undoes the key based authentication setup for the past test executions
+from the current build area.
+
+After creating configuring the ssh key based authentication using,
+$make createtestsshsetup
+Run the testsuite as follows,
+$make svnsshcheck
+
+To test only the subset of testsuite, you can mention it by setting the
+'TESTS' variable while invoking a TestSuite. Something like the following
+just tests from subversion/tests/cmdline/svnsync_tests.py.
+Note: TESTS=relative_path/with/respect/to/source/dir/test.py
+(Not with respect to build dir).
+$make svnsshcheck TESTS=subversion/tests/cmdline/svnsync_tests.py
+
 Directory Contents
 ==================
 
Index: subversion/tests/cmdline/svntest/main.py
===================================================================
--- subversion/tests/cmdline/svntest/main.py (revision 18446)
+++ subversion/tests/cmdline/svntest/main.py (working copy)
@@ -110,6 +110,7 @@
 svnlook_binary = os.path.abspath('../../svnlook/svnlook' + _exe)
 svnsync_binary = os.path.abspath('../../svnsync/svnsync' + _exe)
 svnversion_binary = os.path.abspath('../../svnversion/svnversion' + _exe)
+privkey_dir = os.path.abspath('.')
 
 # Username and password used by the working copies
 wc_author = 'jrandom'
@@ -133,6 +134,10 @@
 # Global variable indicating the FS type for repository creations.
 fs_type = None
 
+# Global variable indicating the ssh tunnel program template with args
+# for repository access.
+ssh_tunnel_template = 'ssh -p %s -i %s %s'
+
 # All temporary repositories and working copies are created underneath
 # this dir, so there's one point at which to mount, e.g., a ramdisk.
 work_dir = "svn-test-work"
@@ -325,7 +330,32 @@
   fd.write(server_contents)
   fd.close()
 
+def setup_tunnel(*varargs):
+ scheme = ''
+ scheme_ends = test_area_url.find('://')
+ if scheme_ends != -1:
+ scheme = test_area_url[:scheme_ends]
+
+ if scheme == 'svn+ssh':
+ port = 22
+ hostname = 'localhost'
+ host_and_others = test_area_url[scheme_ends+3:]
+ port_starts = host_and_others.find(':')
+ path_starts = host_and_others.find('/')
+ if port_starts != -1 and (port_starts < path_starts):
+ hostname = host_and_others[:port_starts]
+ port = host_and_others[port_starts+1:path_starts]
 
+ iteration_count=0
+ for item in varargs:
+ iteration_count = iteration_count + 1
+ if item == '--username':
+ break
+ if iteration_count != len(varargs):
+ username = varargs[iteration_count]
+ SVN_SSH = ssh_tunnel_template % (port, os.path.join(privkey_dir, username), hostname)
+ os.putenv('SVN_SSH', SVN_SSH)
+
 # For running subversion and returning the output
 def run_svn(error_expected, *varargs):
   """Run svn with VARARGS; return stdout, stderr as lists of lines.
@@ -333,6 +363,7 @@
   you're just checking that something does/doesn't come out of
   stdout/stderr, you might want to use actions.run_and_verify_svn()."""
   global config_dir
+ setup_tunnel(*varargs)
   return run_command(svn_binary, error_expected, 0,
                      *varargs + ('--config-dir', config_dir))
 
@@ -348,6 +379,7 @@
 
 def run_svnsync(*varargs):
   "Run svnsync with VARARGS, returns stdout, stderr as list of lines."
+ setup_tunnel(*varargs)
   return run_command(svnsync_binary, 1, 0, *varargs)
 
 def run_svnversion(*varargs):

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Feb 16 11:25:09 2006