cert sync: ignore 0-byte certs, test for them explicitly

546c8daa · Thomas Stromberg · d7bb5a88 · 546c8daa · 546c8daa
隐藏空白更改
内联并排

Showing with 76 addition and 29 deletion

pkg/minikube/bootstrapper/certs.go pkg/minikube/bootstrapper/certs.go +42 -26

test/integration/functional_test.go test/integration/functional_test.go +34 -3

未找到文件。
--- a/pkg/minikube/bootstrapper/certs.go
+++ b/pkg/minikube/bootstrapper/certs.go
@@ -323,20 +323,33 @@ func collectCACerts() (map[string]string, error) {
 		if err != nil {
 			return err
 		}
+		if info == nil {
+			return nil
+		}
+		if info.IsDir() {
+			return nil
+		}
+
+		fullPath := filepath.Join(certsDir, hostpath)
+		ext := strings.ToLower(filepath.Ext(hostpath))

-		if info != nil && !info.IsDir() {
-			ext := strings.ToLower(filepath.Ext(hostpath))
-			if ext == ".crt" || ext == ".pem" {
-				glog.Infof("found cert: %s (%d bytes)", info.Name(), info.Size())
-				validPem, err := isValidPEMCertificate(hostpath)
-				if err != nil {
-					return err
-				}
-				if validPem {
-					filename := filepath.Base(hostpath)
-					dst := fmt.Sprintf("%s.%s", strings.TrimSuffix(filename, ext), "pem")
-					certFiles[hostpath] = path.Join(vmpath.GuestCertAuthDir, dst)
-				}
+		if ext == ".crt" || ext == ".pem" {
+			if info.Size() < 32 {
+				glog.Warningf("ignoring %s, impossibly tiny %d bytes", fullPath, info.Size())
+				return nil
+			}
+
+			glog.Infof("found cert: %s (%d bytes)", fullPath, info.Size())
+
+			validPem, err := isValidPEMCertificate(hostpath)
+			if err != nil {
+				return err
+			}
+
+			if validPem {
+				filename := filepath.Base(hostpath)
+				dst := fmt.Sprintf("%s.%s", strings.TrimSuffix(filename, ext), "pem")
+				certFiles[hostpath] = path.Join(vmpath.GuestCertAuthDir, dst)
 			}
 		}
 		return nil
@@ -394,23 +407,26 @@ func installCertSymlinks(cr command.Runner, caCerts map[string]string) error {
 	for _, caCertFile := range caCerts {
 		dstFilename := path.Base(caCertFile)
 		certStorePath := path.Join(vmpath.GuestCertStoreDir, dstFilename)
-		// If the cert really exists, add a named symlink
-		cmd := fmt.Sprintf("test -f %s && ln -fs %s %s", caCertFile, caCertFile, certStorePath)
+
+		cmd := fmt.Sprintf("test -s %s && ln -fs %s %s", caCertFile, caCertFile, certStorePath)
 		if _, err := cr.RunCmd(exec.Command("sudo", "/bin/bash", "-c", cmd)); err != nil {
 			return errors.Wrapf(err, "create symlink for %s", caCertFile)
 		}
-		if hasSSLBinary {
-			subjectHash, err := getSubjectHash(cr, caCertFile)
-			if err != nil {
-				return errors.Wrapf(err, "calculate hash for cacert %s", caCertFile)
-			}
-			subjectHashLink := path.Join(vmpath.GuestCertStoreDir, fmt.Sprintf("%s.0", subjectHash))

-			// NOTE: This symlink may exist, but point to a missing file
-			cmd := fmt.Sprintf("test -L %s || ln -fs %s %s", subjectHashLink, certStorePath, subjectHashLink)
-			if _, err := cr.RunCmd(exec.Command("sudo", "/bin/bash", "-c", cmd)); err != nil {
-				return errors.Wrapf(err, "create symlink for %s", caCertFile)
-			}
+		if !hasSSLBinary {
+			continue
+		}
+
+		subjectHash, err := getSubjectHash(cr, caCertFile)
+		if err != nil {
+			return errors.Wrapf(err, "calculate hash for cacert %s", caCertFile)
+		}
+		subjectHashLink := path.Join(vmpath.GuestCertStoreDir, fmt.Sprintf("%s.0", subjectHash))
+
+		// NOTE: This symlink may exist, but point to a missing file
+		cmd = fmt.Sprintf("test -L %s || ln -fs %s %s", subjectHashLink, certStorePath, subjectHashLink)
+		if _, err := cr.RunCmd(exec.Command("sudo", "/bin/bash", "-c", cmd)); err != nil {
+			return errors.Wrapf(err, "create symlink for %s", caCertFile)
 		}
 	}
 	return nil

--- a/test/integration/functional_test.go
+++ b/test/integration/functional_test.go
@@ -73,6 +73,11 @@ func TestFunctional(t *testing.T) {
 		if err := os.Remove(p); err != nil {
 			t.Logf("unable to remove %q: %v", p, err)
 		}
+		p = localEmptyCertPath()
+		if err := os.Remove(p); err != nil {
+			t.Logf("unable to remove %q: %v", p, err)
+		}
+
 		CleanupWithLogs(t, profile, cancel)
 	}()

@@ -793,18 +798,44 @@ func localTestCertPath() string {
 	return filepath.Join(localpath.MiniPath(), "/certs", testCert())
 }

+// localEmptyCertPath is where the test file will be synced into the VM
+func localEmptyCertPath() string {
+	return filepath.Join(localpath.MiniPath(), "/certs", fmt.Sprintf("%d_empty.pem", os.Getpid()))
+}
+
 // Copy extra file into minikube home folder for file sync test
 func setupFileSync(ctx context.Context, t *testing.T, profile string) {
 	p := localSyncTestPath()
 	t.Logf("local sync path: %s", p)
 	err := copy.Copy("./testdata/sync.test", p)
 	if err != nil {
-		t.Fatalf("failed to copy ./testdata/sync.test : %v", err)
+		t.Fatalf("failed to copy ./testdata/sync.test: %v", err)
 	}

-	err = copy.Copy("./testdata/minikube_test.pem", localTestCertPath())
+	testPem := "./testdata/minikube_test.pem"
+
+	err = copy.Copy(testPem, localTestCertPath())
 	if err != nil {
-		t.Fatalf("failed to copy ./testdata/minikube_test.pem : %v", err)
+		t.Fatalf("failed to copy %s: %v", testPem, err)
+	}
+
+	want, err := os.Stat(testPem)
+	if err != nil {
+		t.Fatalf("stat failed: %v", err)
+	}
+
+	got, err := os.Stat(localTestCertPath())
+	if err != nil {
+		t.Fatalf("stat failed: %v", err)
+	}
+
+	if want.Size() != got.Size() {
+		t.Errorf("%s size=%d, want %d", localTestCertPath(), got.Size(), want.Size())
+	}
+
+	// Create an empty file just to mess with people
+	if _, err := os.Create(localEmptyCertPath()); err != nil {
+		t.Fatalf("create failed: %v", err)
 	}
 }