Misc fixes for CI tests

getssl

@@ -568,7 +568,7 @@ check_challenge_completion_dns() { # perform validation via DNS challenge
 
  # add +noidnout if idn-domain so search for domain in results works
  if [[ "${d}" == xn--* || "${d}" == *".xn--"* ]]; then
- if [[ "$DNS_CHECK_FUNC" == "nslookup" || "$DNS_CHECK_FUNC" == "host" || ("$DNS_CHECK_FUNC" == "dig" && "$DIG_SUPPORTS_NOIDNOUT" == "false") ]]; then
+ if [[ "$DNS_CHECK_FUNC" == "nslookup" || "$DNS_CHECK_FUNC" == "host" || ("$DNS_CHECK_FUNC" == "$HAS_DIG_OR_DRILL" && "$DIG_SUPPORTS_NOIDNOUT" == "false") ]]; then
  info "Info: idn domain but $DNS_CHECK_FUNC doesn't support +noidnout"
  else
  debug "adding +noidnout to DNS_CHECK_OPTIONS"
@@ -1418,6 +1418,8 @@ for d in "${alldomains[@]}"; do
  # get the token and uri from the dns-01 component
  token=$(json_get "$response" "challenges" "type" "dns-01" "token")
  uri=$(json_get "$response" "challenges" "type" "dns-01" "url")
+ # when using pebble this sometimes appears to have a newline which causes problems in send_signed_request
+ uri=$(echo "$uri" | tr -d '\r')
  debug uri "$uri"
  fi
 
@@ -2516,7 +2518,7 @@ send_signed_request() { # Sends a request to the ACME server, signed with your p
 
  code="500"
  loop_limit=5
- while [[ "$code" -eq 500 ]]; do
+ while [[ "$code" == 5* ]]; do
  if [[ "$outfile" ]] ; then
  $CURL -X POST -H "Content-Type: application/jose+json" --data "$body" "$url" > "$outfile"
  errcode=$?
@@ -2562,13 +2564,13 @@ send_signed_request() { # Sends a request to the ACME server, signed with your p
  fi
  fi
  debug "response status = $response_status"
- if [[ "$code" -eq 500 ]]; then
- info "_error on acme server - trying again ...."
+ if [[ "$code" == 5* ]]; then
+ info "_error on acme server - waiting 30s then trying again ...."
  debug "loop_limit = $loop_limit"
- sleep 5
+ sleep 30
  loop_limit=$((loop_limit - 1))
  if [[ $loop_limit -lt 1 ]]; then
- error_exit "500 error from ACME server:  $response"
+ error_exit "$code error from ACME server: $response"
  fi
  fi
  done

test/0-test-usage.bats

@@ -40,6 +40,9 @@ setup() {
  if [ -n "$STAGING" ]; then
  skip "Using staging server, skipping internal test"
  fi
+
+ # Feb-23 Getting semi-repeatable "can't check for upgrades: ''" errors which are because the limit is being exceeded (re-use of github action ip?)
+ check_github_quota 7
  run ${CODE_DIR}/getssl --upgrade
  refute_output
  assert_success

test/32-test-upgrade.bats

@@ -4,39 +4,6 @@ load '/bats-support/load.bash'
 load '/bats-assert/load.bash'
 load '/getssl/test/test_helper.bash'
 
-LIMIT_API="https://api.github.com/rate_limit"
-
-# Quota generally shouldn't be an issue - except for tests
-# Rate limits are per-IP address
-check_github_quota() {
- local need remaining reset limits now
- need="$1"
- while true ; do
- limits="$(curl ${_NOMETER:---silent} --user-agent "$CURL_USERAGENT" -H 'Accept: application/vnd.github.v3+json' "$LIMIT_API" | sed -e's/\("[^:]*": *\("[^""]*",\|[^,]*[,}]\)\)/\r\n\1/g' | sed -ne'/"core":/,/}/p')"
- errcode=$?
- if [[ $errcode -eq 60 ]]; then
- error_exit "curl needs updating, your version does not support SNI (multiple SSL domains on a single IP)"
- elif [[ $errcode -gt 0 ]]; then
- error_exit "curl error checking releases: $errcode"
- fi
- limits="$(sed -e's/^ *//g' <<<"${limits}")"
- remaining="$(sed -e'/^"remaining": *[0-9]/!d;s/^"remaining": *\([0-9][0-9]*\).*$/\1/' <<<"${limits}")"
- reset="$(sed -e'/^"reset": *[0-9]/!d;s/^"reset": *\([0-9][0-9]*\).*$/\1/' <<<"${limits}")"
- if [[ "$remaining" -ge "$need" ]] ; then return 0 ; fi
- limit="$(sed -e'/^"limit": *[0-9]/!d;s/^"limit": *\([0-9][0-9]*\).*$/\1/' <<<"${limits}")"
- if [[ "$limit" -lt "$need" ]] ; then
- error_exit "GitHub API request $need exceeds limit $limit"
- fi
- now="$(date +%s)"
- while [[ "$now" -lt "$reset" ]] ; do
- info "sleeping $(( "$reset" - "$now" )) seconds for GitHub quota"
- sleep "$(( "$reset" - "$now" ))"
- now="$(date +%s)"
- done
- done
-}
-
-
 setup_file() {
  if [ -n "$STAGING" ]; then
  echo "Using staging server, skipping internal test" >&3

test/test_helper.bash

@@ -1,5 +1,6 @@
 INSTALL_DIR=/root
 CODE_DIR=/getssl
+LIMIT_API="https://api.github.com/rate_limit"
 
 check_certificates()
 {
@@ -8,6 +9,42 @@ check_certificates()
  assert [ -e "${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/${GETSSL_CMD_HOST}.crt" ]
 }
 
+# Quota generally shouldn't be an issue - except for tests
+# Rate limits are per-IP address
+check_github_quota() {
+ local need remaining reset limits now
+ need="$1"
+ echo "# Checking github limits"
+ while true ; do
+ limits="$(curl ${_NOMETER:---silent} --user-agent "srvrco/getssl/github-actions" -H 'Accept: application/vnd.github.v3+json' "$LIMIT_API")"
+ echo "# limits = $limits"
+ errcode=$?
+ if [[ $errcode -eq 60 ]]; then
+ echo "curl needs updating, your version does not support SNI (multiple SSL domains on a single IP)"
+ exit 1
+ elif [[ $errcode -gt 0 ]]; then
+ echo "curl error checking releases: $errcode"
+ exit 1
+ fi
+ remaining="$(jq -r '.resources.core.remaining' <<<"$limits")"
+ echo "# Remaining: $remaining"
+ reset="$(jq -r '.resources.core.reset' <<<"$limits")"
+ if [[ "$remaining" -ge "$need" ]] ; then return 0 ; fi
+ limit="$(jq -r '.resources.core.limit' <<<"$limits")"
+ echo "# Limit: $limit"
+ if [[ "$limit" -lt "$need" ]] ; then
+ echo "GitHub API request $need exceeds limit $limit"
+ exit 1
+ fi
+ now="$(date +%s)"
+ while [[ "$now" -lt "$reset" ]] ; do
+ echo "# sleeping $(( reset - now )) seconds for GitHub quota"
+ sleep "$(( reset - now ))"
+ now="$(date +%s)"
+ done
+ done
+}
+
 # Only nginx > 1.11.0 support dual certificates in a single configuration file
 # https://unix.stackexchange.com/questions/285924/how-to-compare-a-programs-version-in-a-shell-script
 check_nginx() {
@@ -24,7 +61,7 @@ check_nginx() {
 
 check_output_for_errors() {
  refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
- refute_output --regexp '[^_][Ee][Rr][Rr][Oo][Rr][^:nonce]'
+ refute_output --regexp '[^_][Ee][Rr][Rr][Oo][Rr][^:badNonce]'
  refute_output --regexp '[^_][Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
  refute_line --partial 'command not found'
 }