From 651331e50f0696ed0bedb721f92207afda41a312 Mon Sep 17 00:00:00 2001
From: Jeremy Rand <jeremyrand@airmail.cc>
Date: Tue, 15 Mar 2022 20:42:20 +0000
Subject: [PATCH] Add certutil Linux tests

Refs https://github.com/namecoin/pkcs11mod/issues/36
---
 .cirrus.yml                     | 32 +++++++++++++++++++++++++++
 testdata/ci-certutil-tests.bash | 39 +++++++++++++++++++++++++++++++++
 2 files changed, 71 insertions(+)
 create mode 100755 testdata/ci-certutil-tests.bash

diff --git a/.cirrus.yml b/.cirrus.yml
index faace78..6452a60 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -117,6 +117,38 @@ task:
   env:
     GO_VERSION: latest
 
+task:
+  name: "certutil $CI_DISTRO"
+  matrix:
+    - container:
+        image: fedora:latest
+        cpu: 1
+        memory: 1G
+      package_install_script:
+        - dnf install -y nss-tools
+      env:
+        CI_DISTRO: fedora
+        CI_MAIN_MODULE: /usr/lib64/pkcs11/p11-kit-trust.so
+        CI_BAK_MODULE: /usr/lib64/pkcs11/p11-kit-trust.orig.so
+    - container:
+        image: debian:latest
+        cpu: 1
+        memory: 1G
+      package_install_script:
+        - apt-get update
+        - apt-get install -y curl libnss3-tools
+      env:
+        CI_DISTRO: debian
+        CI_MAIN_MODULE: /usr/lib/x86_64-linux-gnu/nss/libnssckbi.so
+        CI_BAK_MODULE: /usr/lib/x86_64-linux-gnu/nss/libnssckbi.orig.so
+  install_script:
+    - curl -o pkcs11mod.tar.gz https://api.cirrus-ci.com/v1/artifact/build/$CIRRUS_BUILD_ID/Compile%20Go%20latest%20linux%20amd64/binaries/dist/pkcs11mod.tar.gz
+    - tar -xaf ./pkcs11mod.tar.gz
+  test_script:
+    - testdata/ci-certutil-tests.bash
+  depends_on:
+    - "Compile Go latest linux amd64"
+
 task:
   name: "chromium $CI_DISTRO"
   matrix:
diff --git a/testdata/ci-certutil-tests.bash b/testdata/ci-certutil-tests.bash
new file mode 100755
index 0000000..f752d6e
--- /dev/null
+++ b/testdata/ci-certutil-tests.bash
@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+shopt -s nullglob globstar
+
+export PKCS11PROXY_CKBI_TARGET="$CI_BAK_MODULE"
+export P11PROXY_CKBI_TARGET=$PKCS11PROXY_CKBI_TARGET
+
+echo "===== init DB ====="
+
+certutil -N -d .
+
+echo "===== list all (default) ====="
+
+certutil -L -d . -h all | tee list-all-default.txt || true
+testdata/assert-proxy-log.bash missing
+
+echo "===== list all (via pkcs11proxy) ====="
+
+mv "$CI_MAIN_MODULE" "$CI_BAK_MODULE"
+cp libpkcs11proxy.so "$CI_MAIN_MODULE"
+
+certutil -L -d . -h all | tee list-all-pkcs11proxy.txt || true
+
+echo "===== list all (diff via pkcs11proxy) ====="
+
+diff list-all-default.txt list-all-pkcs11proxy.txt || testdata/dump-proxy-log-fail.bash
+testdata/assert-proxy-log.bash present
+
+echo "===== list all (via p11proxy) ====="
+
+cp libp11proxy.so "$CI_MAIN_MODULE"
+
+certutil -L -d . -h all | tee list-all-p11proxy.txt || true
+
+echo "===== list all (diff via p11proxy) ====="
+
+diff list-all-default.txt list-all-p11proxy.txt || testdata/dump-proxy-log-fail.bash
+testdata/assert-proxy-log.bash present