Restore libgcrypt support.

[tinc] / test / testlib.sh.in

#!/bin/sh

set -ex

echo [STEP] Initialize test library

# Paths to compiled executables

# realpath on FreeBSD fails if the path does not exist.
realdir() {
  [ -e "$1" ] || mkdir -p "$1"
  if type realpath >/dev/null; then
    realpath "$1"
  else
    readlink -f "$1"
  fi
}

tincd_path=$(realdir "../src/tincd@EXEEXT@")
tinc_path=$(realdir "../src/tinc@EXEEXT@")

# shellcheck disable=SC2034
SPTPS_TEST=$(realdir "../src/sptps_test@EXEEXT@")
# shellcheck disable=SC2034
SPTPS_KEYPAIR=$(realdir "../src/sptps_keypair@EXEEXT@")

# Exit status list
# shellcheck disable=SC2034
EXIT_FAILURE=1
# shellcheck disable=SC2034
EXIT_SKIP_TEST=77

# The list of the environment variables that tinc injects into the scripts it calls.
# shellcheck disable=SC2016
TINC_SCRIPT_VARS='$NETNAME,$NAME,$DEVICE,$IFACE,$NODE,$REMOTEADDRESS,$REMOTEPORT,$SUBNET,$WEIGHT,$INVITATION_FILE,$INVITATION_URL,$DEBUG'

# Test directories

# Reuse script name if it was passed in an env var (when imported from tinc scripts).
if [ -z "$SCRIPTNAME" ]; then
  SCRIPTNAME=$(basename "$0")
fi

# Network names for tincd daemons.
net1=$SCRIPTNAME.1
net2=$SCRIPTNAME.2
net3=$SCRIPTNAME.3

# Configuration/pidfile directories for tincd daemons.
DIR_FOO=$(realdir "$PWD/$net1")
DIR_BAR=$(realdir "$PWD/$net2")
DIR_BAZ=$(realdir "$PWD/$net3")

# Register helper functions

# Alias gtimeout to timeout if it exists.
if type gtimeout >/dev/null; then
  timeout() { gtimeout "$@"; }
fi

# As usual, BSD tools require special handling, as they do not support -i without a suffix.
# Note that there must be no space after -i, or it won't work on GNU sed.
sed_cmd() {
  sed -i.orig "$@"
}

# Are the shell tools provided by busybox?
is_busybox() {
  timeout --help 2>&1 | grep -q -i busybox
}

# busybox timeout returns 128 + signal number (which is TERM by default)
if is_busybox; then
  # shellcheck disable=SC2034
  EXIT_TIMEOUT=$((128 + 15))
else
  # shellcheck disable=SC2034
  EXIT_TIMEOUT=124
fi

# Is this msys2?
is_windows() {
  test "$(uname -o)" = Msys
}

# Are we running on a CI server?
is_ci() {
  test "$CI"
}

# Dump error message and exit with an error.
bail() {
  echo >&2 "$@"
  exit 1
}

# Remove carriage returns to normalize strings on Windows for easier comparisons.
rm_cr() {
  tr -d '\r'
}

if is_windows; then
  normalize_path() { cygpath --mixed -- "$@"; }
else
  normalize_path() { echo "$@"; }
fi

# Executes whatever is passed to it, checking that the resulting exit code is non-zero.
must_fail() {
  if "$@"; then
    bail "expected a non-zero exit code"
  fi
}

# Executes the passed command and checks two conditions:
#   1. it must exit successfully (with code 0)
#   2. its output (stdout + stderr) must include the substring from the first argument (ignoring case)
# usage: expect_msg 'expected message' command --with --args
expect_msg() {
  message=$1
  shift

  if ! output=$("$@" 2>&1); then
    bail 'expected 0 exit code'
  fi

  if ! echo "$output" | grep -q -i "$message"; then
    bail "expected message '$message'"
  fi
}

# The reverse of expect_msg. We cannot simply wrap expect_msg with must_fail
# because there should be a separate check for tinc exit code.
fail_on_msg() {
  message=$1
  shift

  if ! output=$("$@" 2>&1); then
    bail 'expected 0 exit code'
  fi

  if echo "$output" | grep -q -i "$message"; then
    bail "unexpected message '$message'"
  fi
}

# Like expect_msg, but the command must fail with a non-zero exit code.
# usage: must_fail_with_msg 'expected message' command --with --args
must_fail_with_msg() {
  message=$1
  shift

  if output=$("$@" 2>&1); then
    bail "expected a non-zero exit code"
  fi

  if ! echo "$output" | grep -i -q "$message"; then
    bail "expected message '$message'"
  fi
}

# Is the legacy protocol enabled?
with_legacy() {
  tincd foo --version | grep -q legacy_protocol
}

# Are we running with EUID 0?
is_root() {
  test "$(id -u)" = 0
}

# Executes whatever is passed to it, checking that the resulting exit code is equal to the first argument.
expect_code() {
  expected=$1
  shift

  code=0
  "$@" || code=$?

  if [ $code != "$expected" ]; then
    bail "wrong exit code $code, expected $expected"
  fi
}

# Runs its arguments with timeout(1) or gtimeout(1) if either are installed.
# Usage: try_limit_time 10 command --with --args
if type timeout >/dev/null; then
  try_limit_time() {
    time=$1
    shift
    timeout "$time" "$@"
  }
else
  try_limit_time() {
    echo >&2 "timeout was not found, running without time limits!"
    shift
    "$@"
  }
fi

# wc -l on mac prints whitespace before the actual number.
# This is simplest cross-platform alternative without that behavior.
count_lines() {
  awk 'END{ print NR }'
}

# Calls compiled tinc, passing any supplied arguments.
# Usage: tinc { foo | bar | baz } --arg1 val1 "$args"
tinc() {
  peer=$1
  shift

  case "$peer" in
  foo) try_limit_time 30 "$tinc_path" -n "$net1" --config="$DIR_FOO" --pidfile="$DIR_FOO/pid" "$@" ;;
  bar) try_limit_time 30 "$tinc_path" -n "$net2" --config="$DIR_BAR" --pidfile="$DIR_BAR/pid" "$@" ;;
  baz) try_limit_time 30 "$tinc_path" -n "$net3" --config="$DIR_BAZ" --pidfile="$DIR_BAZ/pid" "$@" ;;
  *) bail "invalid command [[$peer $*]]" ;;
  esac
}

# Calls compiled tincd, passing any supplied arguments.
# Usage: tincd { foo | bar | baz } --arg1 val1 "$args"
tincd() {
  peer=$1
  shift

  case "$peer" in
  foo) try_limit_time 30 "$tincd_path" -n "$net1" --config="$DIR_FOO" --pidfile="$DIR_FOO/pid" --logfile="$DIR_FOO/log" -d5 "$@" ;;
  bar) try_limit_time 30 "$tincd_path" -n "$net2" --config="$DIR_BAR" --pidfile="$DIR_BAR/pid" --logfile="$DIR_BAR/log" -d5 "$@" ;;
  baz) try_limit_time 30 "$tincd_path" -n "$net3" --config="$DIR_BAZ" --pidfile="$DIR_BAZ/pid" --logfile="$DIR_BAZ/log" -d5 "$@" ;;
  *) bail "invalid command [[$peer $*]]" ;;
  esac
}

# Start the specified tinc daemon.
# usage: start_tinc { foo | bar | baz }
start_tinc() {
  peer=$1
  shift

  case "$peer" in
  foo) tinc "$peer" start --logfile="$DIR_FOO/log" -d5 "$@" ;;
  bar) tinc "$peer" start --logfile="$DIR_BAR/log" -d5 "$@" ;;
  baz) tinc "$peer" start --logfile="$DIR_BAZ/log" -d5 "$@" ;;
  *) bail "invalid peer $peer" ;;
  esac
}

# Stop all tinc clients.
stop_all_tincs() {
  (
    # In case these pid files are mangled.
    set +e
    [ -f "$DIR_FOO/pid" ] && tinc foo stop
    [ -f "$DIR_BAR/pid" ] && tinc bar stop
    [ -f "$DIR_BAZ/pid" ] && tinc baz stop
    true
  )
}

# Checks that the number of reachable nodes matches what is expected.
# usage: require_nodes node_name expected_number
require_nodes() {
  echo >&2 "Check that we're able to reach tincd"
  test "$(tinc "$1" pid | count_lines)" = 1

  echo >&2 "Check the number of reachable nodes for $1 (expecting $2)"
  actual="$(tinc "$1" dump reachable nodes | count_lines)"

  if [ "$actual" != "$2" ]; then
    echo >&2 "tinc $1: expected $2 reachable nodes, got $actual"
    exit 1
  fi
}

peer_directory() {
  peer=$1
  case "$peer" in
  foo) echo "$DIR_FOO" ;;
  bar) echo "$DIR_BAR" ;;
  baz) echo "$DIR_BAZ" ;;
  *) bail "invalid peer $peer" ;;
  esac
}

# This is an append-only log of all scripts executed by all peers.
script_runs_log() {
  echo "$(peer_directory "$1")/script-runs.log"
}

# Create tincd script. If it fails, it kills the test script with SIGTERM.
# usage: create_script { foo | bar | baz } { tinc-up | host-down | ... } 'script content'
create_script() {
  peer=$1
  script=$2
  shift 2

  # This is the line that we should start from when reading the script execution log while waiting
  # for $script from $peer. It is a poor man's hash map to avoid polluting tinc's home directory with
  # "last seen" files. There seem to be no good solutions to this that are compatible with all shells.
  line_var=$(next_line_var "$peer" "$script")

  # We must reassign it here in case the script is recreated.
  # shellcheck disable=SC2229
  read -r "$line_var" <<EOF
1
EOF

  # Full path to the script.
  script_path=$(peer_directory "$peer")/$script

  # Full path to the script execution log (one for each peer).
  script_log=$(script_runs_log "$peer")
  printf '' >"$script_log"

  # Script output is redirected into /dev/null. Otherwise, it ends up
  # in tinc's output and breaks things like 'tinc invite'.
  cat >"$script_path" <<EOF
#!/bin/sh
(
  cd "$PWD" || exit 1
  SCRIPTNAME="$SCRIPTNAME" . ./testlib.sh
  $@
  echo "$script,\$$,$TINC_SCRIPT_VARS" >>"$script_log"
) >/dev/null 2>&1 || kill -TERM $$
EOF

  chmod u+x "$script_path"

  if is_windows; then
    echo "@$MINGW_SHELL '$script_path'" >"$script_path.cmd"
  fi
}

# Returns the name of the variable that contains the line number
# we should read next when waiting on $script from $peer.
# usage: next_line_var foo host-up
next_line_var() {
  peer=$1
  script=$(echo "$2" | sed 's/[^a-zA-Z0-9]/_/g')
  printf "%s" "next_line_${peer}_${script}"
}

# Waits for `peer`'s script `script` to finish `count` number of times.
# usage: wait_script { foo | bar | baz } { tinc-up | host-up | ... } [count=1]
wait_script() {
  peer=$1
  script=$2
  count=$3

  if [ -z "$count" ] || [ "$count" -lt 1 ]; then
    count=1
  fi

  # Find out the location of the log and how many lines we should skip
  # (because we've already seen them in previous invocations of wait_script
  # for current $peer and $script).
  line_var=$(next_line_var "$peer" "$script")

  # eval is the only solution supported by POSIX shells.
  # https://github.com/koalaman/shellcheck/wiki/SC3053
  #   1. $line_var expands into 'next_line_foo_hosts_bar_up'
  #   2. the name is substituted and the command becomes 'echo "$next_line_foo_hosts_bar_up"'
  #   3. the command is evaluated and the line number is assigned to $line
  line=$(eval "echo \"\$$line_var\"")

  # This is the file that we monitor for script execution records.
  script_log=$(script_runs_log "$peer")

  # Starting from $line, read until $count matches are found.
  # Print the number of the last matching line and exit.
  # GNU tail 2.82 and newer terminates by itself when the pipe breaks.
  # To support other tails we do an explicit `kill`.
  # FIFO is useful here because otherwise it's difficult to determine
  # which tail process should be killed. We could stick them in a process
  # group by enabling job control, but this results in weird behavior when
  # running tests in parallel on some interactive shells
  # (e.g. when /bin/sh is symlinked to dash).
  fifo=$(mktemp)
  rm -f "$fifo"
  mkfifo "$fifo"

  # This weird thing is required to support old versions of ksh on NetBSD 8.2 and the like.
  (tail -n +"$line" -f "$script_log" >"$fifo") &

  new_line=$(
    try_limit_time 60 sh -c "
      grep -n -m $count '^$script,' <'$fifo'
    " | awk -F: 'END { print $1 }'
  )

  # Try to stop the background tail, ignoring possible failure (some tails
  # detect EOF, some don't, so it may have already exited), but do wait on
  # it (which is required at least by old ksh).
  kill $! || true
  wait || true
  rm -f "$fifo"

  # Remember the next line number for future reference. We'll use it if
  # wait_script is called again with same $peer and $script.
  read -r "${line_var?}" <<EOF
$((line + new_line))
EOF
}

# Are we running tests in parallel?
is_parallel() {
  # Grep the make flags for any of: '-j', '-j5', '-j 42', but not 'n-j', '-junk'.
  echo "$MAKEFLAGS" | grep -E -q '(^|[[:space:]])-j[[:digit:]]*([[:space:]]|$)'
}

# Cleanup after running each script.
cleanup() {
  (
    set +ex

    if command -v cleanup_hook 2>/dev/null; then
      echo >&2 "Cleanup hook found, calling..."
      cleanup_hook
    fi

    stop_all_tincs

    # Ask nicely, then kill anything that's left.
    if is_ci && ! is_parallel; then
      kill_processes() {
        signal=$1
        shift
        for process in "$@"; do
          pkill -"SIG$signal" -x -u "$(id -u)" "$process"
        done
      }
      echo >&2 "CI server detected, performing aggressive cleanup"
      kill_processes TERM tinc tincd
      kill_processes KILL tinc tincd
    fi
  ) || true
}

# If we're on a CI server, the test requires superuser privileges to run, and we're not
# currently a superuser, try running the test as one and fail if it doesn't work (the
# system must be configured to provide passwordless sudo for our user).
require_root() {
  if is_root; then
    return
  fi
  if is_ci; then
    echo "root is required for test $SCRIPTNAME, but we're a regular user; elevating privileges..."
    if ! command -v sudo 2>/dev/null; then
      bail "please install sudo and configure passwordless auth for user $USER"
    fi
    if ! sudo --preserve-env --non-interactive true; then
      bail "sudo is not allowed or requires a password for user $USER"
    fi
    exec sudo --preserve-env "$@"
  else
    # Avoid these kinds of surprises outside CI. Just skip the test.
    echo "root is required for test $SCRIPTNAME, but we're a regular user; skipping"
    exit $EXIT_SKIP_TEST
  fi
}

# Generate path to current shell which can be used from Windows applications.
if is_windows; then
  MINGW_SHELL=$(normalize_path "$SHELL")
fi

# This was called from a tincd script. Skip executing commands with side effects.
[ -n "$NAME" ] && return

echo [STEP] Check for leftover tinc daemons and test directories

# Cleanup leftovers from previous runs.
stop_all_tincs

if [ -d "$DIR_FOO" ]; then rm -rf "$DIR_FOO"; fi
if [ -d "$DIR_BAR" ]; then rm -rf "$DIR_BAR"; fi
if [ -d "$DIR_BAZ" ]; then rm -rf "$DIR_BAZ"; fi

# Register cleanup function so we don't have to call it everywhere
# (and failed scripts do not leave stray tincd running).
trap cleanup EXIT INT TERM