Daniel Maksymilian Syrnicki
8fbe67ffb9
Some checks failed
Closes #10. Two linked bugs in 26.4-alpha's Phase 1 HTTPS made the force-HTTPS toggle fatal: every SNI handshake on :443 died with SSL_ERROR_INTERNAL_ERROR_ALERT, so the toggle redirected users from working HTTP to broken HTTPS. Root cause 1: bare `:443 { tls internal }` gives Caddy no hostname to issue a leaf cert for, so /var/lib/caddy/certificates/ stayed empty and Caddy sent TLS `internal_error` on every handshake. Fix: the :443 block is now `__FURTKA_HOSTNAME__.local, __FURTKA_HOSTNAME__ { tls internal }`, with the marker substituted by webinstaller/app.py at install time and by furtka.updater._refresh_caddyfile on self-update (reads /etc/hostname, falls back to "furtka"). `auto_https disable_redirects` keeps Caddy's built-in redirect out of the way of the /settings toggle. Root cause 2: furtka/https.py and the /rootCA.crt handler both referenced /var/lib/caddy/.local/share/caddy/pki/authorities/local/ — a path that doesn't exist. caddy.service sets XDG_DATA_HOME=/var/lib, so Caddy's storage is /var/lib/caddy/ directly. Fix: both paths corrected. Verified on the 192.168.178.110 smoke VM by swapping the Caddyfile in, reloading, handshaking, restoring: TLS 1.3 handshake succeeds, leaf cert issued under /var/lib/caddy/certificates/local/, /rootCA.crt returns 200. Tests: new cases assert the Caddyfile ships the hostname placeholder, the webinstaller substitutes it, _refresh_caddyfile re-substitutes from /etc/hostname on update, and the asset sets auto_https disable_redirects. Unit tests still stub the Caddy reload — the real handshake regression needs a smoke-VM integration test (follow-up, separate from this fix). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
206 lines
9.1 KiB
Python
206 lines
9.1 KiB
Python
"""Asset sourcing + install-flow tests for webinstaller.
|
|
|
|
Phase-2 slice 1a moved every HTML/CSS/script/unit payload out of inline
|
|
Python string constants and into real files under furtka/assets/. Slice 1b
|
|
then flipped Caddy to serve from /opt/furtka/current/assets/www/, retired
|
|
/srv/furtka/www/, and switched systemd units from hand-written files in
|
|
/etc/systemd/system/ to `systemctl link` against the shipped asset tree.
|
|
|
|
These tests lock the new contract:
|
|
- the Caddyfile and the status.json placeholder still land via
|
|
_write_file_cmd and match the on-disk asset bit-for-bit,
|
|
- the resource-manager bootstrap extracts to /opt/furtka/versions/<ver>/,
|
|
creates /opt/furtka/current, and systemctl-links every unit,
|
|
- furtka.json is written with the installer's hostname,
|
|
- no write ever targets /srv/furtka/www/ (that path is retired).
|
|
"""
|
|
|
|
import base64
|
|
import re
|
|
import sys
|
|
from pathlib import Path
|
|
|
|
import pytest
|
|
|
|
sys.path.insert(0, str(Path(__file__).resolve().parent.parent / "webinstaller"))
|
|
import app # noqa: E402
|
|
|
|
REPO_ROOT = Path(__file__).resolve().parent.parent
|
|
ASSETS = REPO_ROOT / "assets"
|
|
|
|
|
|
# (install target path, asset path under furtka/assets/) — only the files we
|
|
# still copy bit-for-bit at install time. Scripts + unit files are no longer
|
|
# copied; they're reached via /opt/furtka/current and `systemctl link`. The
|
|
# Caddyfile is not in this list because it's written with the hostname
|
|
# placeholder substituted — see test_post_install_substitutes_hostname_in_caddyfile.
|
|
ASSET_TARGETS = [
|
|
("/var/lib/furtka/status.json", "www/status.json"),
|
|
]
|
|
|
|
|
|
def _extract_written_content(cmd, target):
|
|
"""Pull the base64 payload back out of a _write_file_cmd() shell string."""
|
|
match = re.search(r"printf %s (\S+) \| base64 -d > " + re.escape(target), cmd)
|
|
assert match, f"cmd didn't look like a write of {target}: {cmd[:100]}"
|
|
return base64.b64decode(match.group(1)).decode("utf-8")
|
|
|
|
|
|
@pytest.fixture
|
|
def install_cmds(tmp_path, monkeypatch):
|
|
# Make _resource_manager_commands return a non-empty list so the full
|
|
# command tree is exercised. A fake payload file is enough since the
|
|
# test only inspects the generated shell strings.
|
|
fake = tmp_path / "payload.tar.gz"
|
|
fake.write_bytes(b"not a real tarball")
|
|
monkeypatch.setattr(app, "RESOURCE_MANAGER_PAYLOAD", fake)
|
|
return app._post_install_commands("testhost")
|
|
|
|
|
|
@pytest.mark.parametrize("target,asset_relpath", ASSET_TARGETS)
|
|
def test_post_install_writes_asset_from_disk(install_cmds, target, asset_relpath):
|
|
expected = (ASSETS / asset_relpath).read_text(encoding="utf-8")
|
|
matching = [c for c in install_cmds if f" > {target}" in c]
|
|
assert matching, f"no command writes {target}"
|
|
assert _extract_written_content(matching[0], target) == expected
|
|
|
|
|
|
def test_no_command_writes_to_retired_srv_path(install_cmds):
|
|
for c in install_cmds:
|
|
assert "/srv/furtka/www" not in c, f"retired /srv/furtka/www write: {c[:120]}"
|
|
|
|
|
|
def test_resource_manager_extracts_to_versioned_slot(install_cmds):
|
|
extract_cmd = next((c for c in install_cmds if "tar -xzf" in c), None)
|
|
assert extract_cmd is not None, "no tar extract command"
|
|
assert "/opt/furtka/versions" in extract_cmd
|
|
assert "staging-" in extract_cmd # mktemp -d pattern
|
|
assert 'cat "$staging/VERSION"' in extract_cmd
|
|
# An empty VERSION file must abort the install instead of silently
|
|
# moving the staging dir into versions/ as a subdir.
|
|
assert '[ -n "$ver" ]' in extract_cmd
|
|
# Version dir must be 755 so Caddy (non-root) can traverse it.
|
|
assert 'chmod 755 "/opt/furtka/versions/$ver"' in extract_cmd
|
|
assert 'ln -sfn "/opt/furtka/versions/$ver" /opt/furtka/current' in extract_cmd
|
|
|
|
|
|
def test_furtka_json_cmd_uses_heredoc_and_interpolates_hostname(install_cmds):
|
|
# Regression: the previous base64+sed version of this command was a
|
|
# silent no-op on some installs due to archinstall-side quoting; the
|
|
# heredoc version is the one that reliably writes furtka.json.
|
|
cmd = next((c for c in install_cmds if "/var/lib/furtka/furtka.json" in c), None)
|
|
assert cmd is not None
|
|
assert "cat > /var/lib/furtka/furtka.json <<EOF" in cmd
|
|
assert '"hostname": "testhost"' in cmd
|
|
assert "date -Iseconds" in cmd
|
|
assert "/opt/furtka/current/VERSION" in cmd
|
|
|
|
|
|
def test_resource_manager_systemctl_links_every_unit(install_cmds):
|
|
link_cmd = next((c for c in install_cmds if c.startswith("systemctl link ")), None)
|
|
assert link_cmd is not None, "no systemctl link command"
|
|
for unit in app._FURTKA_UNITS:
|
|
assert f"/opt/furtka/current/assets/systemd/{unit}" in link_cmd
|
|
|
|
|
|
def test_resource_manager_enables_all_units(install_cmds):
|
|
enable_cmd = next((c for c in install_cmds if c.startswith("systemctl enable ")), None)
|
|
assert enable_cmd is not None
|
|
for unit in app._FURTKA_UNITS:
|
|
assert unit in enable_cmd
|
|
|
|
|
|
def test_wrapper_script_points_at_current_symlink():
|
|
assert "PYTHONPATH=/opt/furtka/current" in app._FURTKA_WRAPPER_SH
|
|
|
|
|
|
def test_caddyfile_asset_serves_from_current():
|
|
caddy = (ASSETS / "Caddyfile").read_text()
|
|
assert "root * /opt/furtka/current/assets/www" in caddy
|
|
assert "/srv/furtka/www" not in caddy
|
|
# Runtime JSON paths served from /var/lib/furtka/ so updates don't clobber.
|
|
assert "root * /var/lib/furtka" in caddy
|
|
|
|
|
|
def test_caddyfile_serves_both_http_and_https():
|
|
# :80 stays so users who haven't installed the CA still reach the box;
|
|
# HTTPS is served via a named-hostname block so Caddy's `tls internal`
|
|
# has something to issue a leaf cert for. A bare `:443 { tls internal }`
|
|
# never triggers issuance — that was the 26.4-alpha regression.
|
|
caddy = (ASSETS / "Caddyfile").read_text()
|
|
assert ":80 {" in caddy
|
|
assert "__FURTKA_HOSTNAME__.local, __FURTKA_HOSTNAME__ {" in caddy
|
|
assert "tls internal" in caddy
|
|
# Shared routes live in a named snippet to avoid drift between the two
|
|
# listeners — both site blocks must import it.
|
|
assert "(furtka_routes)" in caddy
|
|
assert caddy.count("import furtka_routes") == 2
|
|
|
|
|
|
def test_caddyfile_disables_caddy_auto_redirects():
|
|
# Named-hostname :443 block makes Caddy want to add its own HTTP→HTTPS
|
|
# redirect. The /settings toggle is the single source of truth, so the
|
|
# built-in has to be off — otherwise the toggle and auto_https race.
|
|
caddy = (ASSETS / "Caddyfile").read_text()
|
|
assert "auto_https disable_redirects" in caddy
|
|
|
|
|
|
def test_caddyfile_imports_force_redirect_snippet_dir():
|
|
# The /api/furtka/https/force endpoint toggles HTTP→HTTPS by writing or
|
|
# removing a snippet file in this dir; the Caddyfile must glob-import it
|
|
# inside the :80 block for the toggle to take effect.
|
|
caddy = (ASSETS / "Caddyfile").read_text()
|
|
assert "import /etc/caddy/furtka.d/*.caddyfile" in caddy
|
|
|
|
|
|
def test_caddyfile_exposes_root_ca_download():
|
|
# /rootCA.crt is the download handle the UI uses. It must map to the
|
|
# Caddy local-CA pki path and set a Content-Disposition so the browser
|
|
# treats it as a download rather than trying to render it. Path is the
|
|
# real one Caddy uses under XDG_DATA_HOME=/var/lib (see caddy.service
|
|
# Environment= directive) — not the /var/lib/caddy/.local/share/caddy/
|
|
# path Caddy docs show for non-systemd installs.
|
|
caddy = (ASSETS / "Caddyfile").read_text()
|
|
assert "handle /rootCA.crt" in caddy
|
|
assert "/var/lib/caddy/pki/authorities/local" in caddy
|
|
assert ".local/share/caddy" not in caddy
|
|
assert "attachment; filename=furtka-local-rootCA.crt" in caddy
|
|
|
|
|
|
def test_post_install_substitutes_hostname_in_caddyfile(install_cmds):
|
|
# Fresh installs: the placeholder the asset ships with must be replaced
|
|
# with the hostname the user picked in the form. The `testhost` value
|
|
# comes from the install_cmds fixture. Without substitution Caddy's
|
|
# `tls internal` never issues a leaf cert for the real hostname.
|
|
caddyfile_cmd = next(
|
|
(c for c in install_cmds if " > /etc/caddy/Caddyfile" in c), None
|
|
)
|
|
assert caddyfile_cmd is not None
|
|
written = _extract_written_content(caddyfile_cmd, "/etc/caddy/Caddyfile")
|
|
assert "__FURTKA_HOSTNAME__" not in written
|
|
assert "testhost.local, testhost {" in written
|
|
|
|
|
|
def test_post_install_creates_furtka_d_snippet_dir(install_cmds):
|
|
# Pre-existing installs pick up the import path via updater._refresh_caddyfile,
|
|
# but fresh installs never run that — this command is the only guarantee
|
|
# that the first Caddy start on a brand-new box has a dir to glob-import.
|
|
matching = [c for c in install_cmds if "/etc/caddy/furtka.d" in c and "install -d" in c]
|
|
assert matching, "no install -d command creates /etc/caddy/furtka.d"
|
|
|
|
|
|
def test_systemd_units_reference_current_paths():
|
|
for unit in ("furtka-status.service", "furtka-welcome.service"):
|
|
body = (ASSETS / "systemd" / unit).read_text()
|
|
assert "/opt/furtka/current/assets/bin/" in body, (
|
|
f"{unit} still references a /usr/local/bin path"
|
|
)
|
|
|
|
|
|
def test_read_asset_raises_for_missing_file():
|
|
with pytest.raises(FileNotFoundError):
|
|
app._read_asset("does/not/exist.html")
|
|
|
|
|
|
def test_assets_dir_resolves_to_repo_tree():
|
|
assert app._ASSETS_DIR == ASSETS
|