Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
Chu Peng 楚鹏
minikube
提交
546c8daa
M
minikube
项目概览
Chu Peng 楚鹏
/
minikube
与 Fork 源项目一致
从无法访问的项目Fork
通知
2
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
M
minikube
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
546c8daa
编写于
4月 08, 2020
作者:
T
Thomas Stromberg
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
cert sync: ignore 0-byte certs, test for them explicitly
上级
d7bb5a88
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
76 addition
and
29 deletion
+76
-29
pkg/minikube/bootstrapper/certs.go
pkg/minikube/bootstrapper/certs.go
+42
-26
test/integration/functional_test.go
test/integration/functional_test.go
+34
-3
未找到文件。
pkg/minikube/bootstrapper/certs.go
浏览文件 @
546c8daa
...
...
@@ -323,20 +323,33 @@ func collectCACerts() (map[string]string, error) {
if
err
!=
nil
{
return
err
}
if
info
==
nil
{
return
nil
}
if
info
.
IsDir
()
{
return
nil
}
fullPath
:=
filepath
.
Join
(
certsDir
,
hostpath
)
ext
:=
strings
.
ToLower
(
filepath
.
Ext
(
hostpath
))
if
info
!=
nil
&&
!
info
.
IsDir
()
{
ext
:=
strings
.
ToLower
(
filepath
.
Ext
(
hostpath
))
if
ext
==
".crt"
||
ext
==
".pem"
{
glog
.
Infof
(
"found cert: %s (%d bytes)"
,
info
.
Name
(),
info
.
Size
())
validPem
,
err
:=
isValidPEMCertificate
(
hostpath
)
if
err
!=
nil
{
return
err
}
if
validPem
{
filename
:=
filepath
.
Base
(
hostpath
)
dst
:=
fmt
.
Sprintf
(
"%s.%s"
,
strings
.
TrimSuffix
(
filename
,
ext
),
"pem"
)
certFiles
[
hostpath
]
=
path
.
Join
(
vmpath
.
GuestCertAuthDir
,
dst
)
}
if
ext
==
".crt"
||
ext
==
".pem"
{
if
info
.
Size
()
<
32
{
glog
.
Warningf
(
"ignoring %s, impossibly tiny %d bytes"
,
fullPath
,
info
.
Size
())
return
nil
}
glog
.
Infof
(
"found cert: %s (%d bytes)"
,
fullPath
,
info
.
Size
())
validPem
,
err
:=
isValidPEMCertificate
(
hostpath
)
if
err
!=
nil
{
return
err
}
if
validPem
{
filename
:=
filepath
.
Base
(
hostpath
)
dst
:=
fmt
.
Sprintf
(
"%s.%s"
,
strings
.
TrimSuffix
(
filename
,
ext
),
"pem"
)
certFiles
[
hostpath
]
=
path
.
Join
(
vmpath
.
GuestCertAuthDir
,
dst
)
}
}
return
nil
...
...
@@ -394,23 +407,26 @@ func installCertSymlinks(cr command.Runner, caCerts map[string]string) error {
for
_
,
caCertFile
:=
range
caCerts
{
dstFilename
:=
path
.
Base
(
caCertFile
)
certStorePath
:=
path
.
Join
(
vmpath
.
GuestCertStoreDir
,
dstFilename
)
// If the cert really exists, add a named symlink
cmd
:=
fmt
.
Sprintf
(
"test -
f
%s && ln -fs %s %s"
,
caCertFile
,
caCertFile
,
certStorePath
)
cmd
:=
fmt
.
Sprintf
(
"test -
s
%s && ln -fs %s %s"
,
caCertFile
,
caCertFile
,
certStorePath
)
if
_
,
err
:=
cr
.
RunCmd
(
exec
.
Command
(
"sudo"
,
"/bin/bash"
,
"-c"
,
cmd
));
err
!=
nil
{
return
errors
.
Wrapf
(
err
,
"create symlink for %s"
,
caCertFile
)
}
if
hasSSLBinary
{
subjectHash
,
err
:=
getSubjectHash
(
cr
,
caCertFile
)
if
err
!=
nil
{
return
errors
.
Wrapf
(
err
,
"calculate hash for cacert %s"
,
caCertFile
)
}
subjectHashLink
:=
path
.
Join
(
vmpath
.
GuestCertStoreDir
,
fmt
.
Sprintf
(
"%s.0"
,
subjectHash
))
// NOTE: This symlink may exist, but point to a missing file
cmd
:=
fmt
.
Sprintf
(
"test -L %s || ln -fs %s %s"
,
subjectHashLink
,
certStorePath
,
subjectHashLink
)
if
_
,
err
:=
cr
.
RunCmd
(
exec
.
Command
(
"sudo"
,
"/bin/bash"
,
"-c"
,
cmd
));
err
!=
nil
{
return
errors
.
Wrapf
(
err
,
"create symlink for %s"
,
caCertFile
)
}
if
!
hasSSLBinary
{
continue
}
subjectHash
,
err
:=
getSubjectHash
(
cr
,
caCertFile
)
if
err
!=
nil
{
return
errors
.
Wrapf
(
err
,
"calculate hash for cacert %s"
,
caCertFile
)
}
subjectHashLink
:=
path
.
Join
(
vmpath
.
GuestCertStoreDir
,
fmt
.
Sprintf
(
"%s.0"
,
subjectHash
))
// NOTE: This symlink may exist, but point to a missing file
cmd
=
fmt
.
Sprintf
(
"test -L %s || ln -fs %s %s"
,
subjectHashLink
,
certStorePath
,
subjectHashLink
)
if
_
,
err
:=
cr
.
RunCmd
(
exec
.
Command
(
"sudo"
,
"/bin/bash"
,
"-c"
,
cmd
));
err
!=
nil
{
return
errors
.
Wrapf
(
err
,
"create symlink for %s"
,
caCertFile
)
}
}
return
nil
...
...
test/integration/functional_test.go
浏览文件 @
546c8daa
...
...
@@ -73,6 +73,11 @@ func TestFunctional(t *testing.T) {
if
err
:=
os
.
Remove
(
p
);
err
!=
nil
{
t
.
Logf
(
"unable to remove %q: %v"
,
p
,
err
)
}
p
=
localEmptyCertPath
()
if
err
:=
os
.
Remove
(
p
);
err
!=
nil
{
t
.
Logf
(
"unable to remove %q: %v"
,
p
,
err
)
}
CleanupWithLogs
(
t
,
profile
,
cancel
)
}()
...
...
@@ -793,18 +798,44 @@ func localTestCertPath() string {
return
filepath
.
Join
(
localpath
.
MiniPath
(),
"/certs"
,
testCert
())
}
// localEmptyCertPath is where the test file will be synced into the VM
func
localEmptyCertPath
()
string
{
return
filepath
.
Join
(
localpath
.
MiniPath
(),
"/certs"
,
fmt
.
Sprintf
(
"%d_empty.pem"
,
os
.
Getpid
()))
}
// Copy extra file into minikube home folder for file sync test
func
setupFileSync
(
ctx
context
.
Context
,
t
*
testing
.
T
,
profile
string
)
{
p
:=
localSyncTestPath
()
t
.
Logf
(
"local sync path: %s"
,
p
)
err
:=
copy
.
Copy
(
"./testdata/sync.test"
,
p
)
if
err
!=
nil
{
t
.
Fatalf
(
"failed to copy ./testdata/sync.test
: %v"
,
err
)
t
.
Fatalf
(
"failed to copy ./testdata/sync.test: %v"
,
err
)
}
err
=
copy
.
Copy
(
"./testdata/minikube_test.pem"
,
localTestCertPath
())
testPem
:=
"./testdata/minikube_test.pem"
err
=
copy
.
Copy
(
testPem
,
localTestCertPath
())
if
err
!=
nil
{
t
.
Fatalf
(
"failed to copy ./testdata/minikube_test.pem : %v"
,
err
)
t
.
Fatalf
(
"failed to copy %s: %v"
,
testPem
,
err
)
}
want
,
err
:=
os
.
Stat
(
testPem
)
if
err
!=
nil
{
t
.
Fatalf
(
"stat failed: %v"
,
err
)
}
got
,
err
:=
os
.
Stat
(
localTestCertPath
())
if
err
!=
nil
{
t
.
Fatalf
(
"stat failed: %v"
,
err
)
}
if
want
.
Size
()
!=
got
.
Size
()
{
t
.
Errorf
(
"%s size=%d, want %d"
,
localTestCertPath
(),
got
.
Size
(),
want
.
Size
())
}
// Create an empty file just to mess with people
if
_
,
err
:=
os
.
Create
(
localEmptyCertPath
());
err
!=
nil
{
t
.
Fatalf
(
"create failed: %v"
,
err
)
}
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录