ci(nix): Startup/configure apache for renegotiate test under nix (#4592)

Author: dougch

flake.nix

@@ -29,6 +29,7 @@
           corretto
           pkgs.iproute2
           pkgs.apacheHttpd
+          pkgs.procps
           # GnuTLS-cli and serv utilities needed for some integration tests.
           pkgs.gnutls
           pkgs.gdb

nix/shell.sh

@@ -62,18 +62,11 @@ function unit {
 }
 
 function integ {
-    if [ "$1" == "help" ]; then
-        echo "The following tests are not supported:"
-        echo "- renegotiate_apache"
-        echo "   This test requires apache to be running. See codebuild/bin/s2n_apache.sh"
-        echo "    for more info."
-        return
-    fi
+    apache2_start
     if [[ -z "$1" ]]; then
-        banner "Running all integ tests except renegotiate_apache."
-        (cd $SRC_ROOT/build; ctest -L integrationv2 -E "(integrationv2_cross_compatibility|integrationv2_renegotiate_apache)" --verbose)
+        banner "Running all integ tests."
+        (cd $SRC_ROOT/build; ctest -L integrationv2 --verbose)
     else
-        banner "Warning: renegotiate_apache is not supported in nix for various reasons integ help for more info."
         for test in $@; do
             ctest --test-dir ./build -L integrationv2 --no-tests=error --output-on-failure -R "$test" --verbose
             if [ "$?" -ne 0 ]; then
@@ -159,3 +152,34 @@ function test_nonstandard_compilation {
     ./codebuild/bin/test_dynamic_load.sh $(mktemp -d)
 }
 
+function apache2_config(){
+    export APACHE_NIX_STORE=$(dirname $(dirname $(which httpd)))
+    export APACHE2_INSTALL_DIR=/usr/local/apache2
+    export APACHE_SERVER_ROOT="$APACHE2_INSTALL_DIR"
+    export APACHE_RUN_USER=nobody
+    # Unprivileged groupname differs
+    export APACHE_RUN_GROUP=$(awk 'BEGIN{FS=":"} /65534/{print $1}' /etc/group)
+    export APACHE_PID_FILE="${APACHE2_INSTALL_DIR}/run/apache2.pid"
+    export APACHE_RUN_DIR="${APACHE2_INSTALL_DIR}/run"
+    export APACHE_LOCK_DIR="${APACHE2_INSTALL_DIR}/lock"
+    export APACHE_LOG_DIR="${APACHE2_INSTALL_DIR}/log"
+    export APACHE_CERT_DIR="$SRC_ROOT/tests/pems"
+}
+
+function apache2_start(){
+    if [[ "$(pgrep -c httpd)" -eq "0" ]]; then
+        apache2_config
+        if [[ ! -f "$APACHE2_INSTALL_DIR/conf/apache2.conf" ]]; then
+            mkdir -p $APACHE2_INSTALL_DIR/{run,log,lock}
+            # NixOs specific base apache config
+            cp -R ./tests/integrationv2/apache2/nix/* $APACHE2_INSTALL_DIR
+            # Integrationv2::renegotiate site
+            cp -R ./codebuild/bin/apache2/{www,sites-enabled} $APACHE2_INSTALL_DIR
+        fi
+        httpd -k start -f "${APACHE2_INSTALL_DIR}/conf/apache2.conf"
+        trap 'pkill httpd' ERR EXIT
+    else
+      echo "Apache is already running...and if \"$APACHE2_INSTALL_DIR\" is stale, it might be in an unknown state."
+    fi
+
+}

tests/integrationv2/apache2/nix/conf/apache2.conf

@@ -0,0 +1,146 @@
+# Consolidated apache2.conf, mods-enabled/* and conf-enabled/*.
+ServerRoot ${APACHE_SERVER_ROOT}
+DefaultRuntimeDir ${APACHE_RUN_DIR}
+PidFile ${APACHE_PID_FILE}
+Timeout 60
+KeepAlive On
+MaxKeepAliveRequests 100
+KeepAliveTimeout 5
+HostnameLookups Off
+ErrorLog ${APACHE_LOG_DIR}/error.log
+LogLevel info
+
+# Inline load module
+LoadModule access_compat_module ${APACHE_NIX_STORE}/modules/mod_access_compat.so
+LoadModule alias_module ${APACHE_NIX_STORE}/modules/mod_alias.so
+LoadModule auth_basic_module ${APACHE_NIX_STORE}/modules/mod_auth_basic.so
+LoadModule authn_core_module ${APACHE_NIX_STORE}/modules/mod_authn_core.so
+LoadModule authn_file_module ${APACHE_NIX_STORE}/modules/mod_authn_file.so
+LoadModule authz_core_module ${APACHE_NIX_STORE}/modules/mod_authz_core.so
+LoadModule authz_host_module ${APACHE_NIX_STORE}/modules/mod_authz_host.so
+LoadModule authz_user_module ${APACHE_NIX_STORE}/modules/mod_authz_user.so
+LoadModule autoindex_module ${APACHE_NIX_STORE}/modules/mod_autoindex.so
+LoadModule dir_module ${APACHE_NIX_STORE}/modules/mod_dir.so
+LoadModule deflate_module ${APACHE_NIX_STORE}/modules/mod_deflate.so
+LoadModule env_module ${APACHE_NIX_STORE}/modules/mod_env.so
+LoadModule filter_module ${APACHE_NIX_STORE}/modules/mod_filter.so
+LoadModule log_config_module ${APACHE_NIX_STORE}/modules/mod_log_config.so
+LoadModule mime_module ${APACHE_NIX_STORE}/modules/mod_mime.so
+LoadModule mpm_event_module ${APACHE_NIX_STORE}/modules/mod_mpm_event.so
+LoadModule reqtimeout_module ${APACHE_NIX_STORE}/modules/mod_reqtimeout.so
+LoadModule rewrite_module ${APACHE_NIX_STORE}/modules/mod_rewrite.so
+LoadModule setenvif_module ${APACHE_NIX_STORE}/modules/mod_setenvif.so
+LoadModule socache_shmcb_module ${APACHE_NIX_STORE}/modules/mod_socache_shmcb.so
+LoadModule ssl_module ${APACHE_NIX_STORE}/modules/mod_ssl.so
+LoadModule status_module ${APACHE_NIX_STORE}/modules/mod_status.so
+LoadModule unixd_module ${APACHE_NIX_STORE}/modules/mod_unixd.so
+
+# Include list of ports to listen on
+Include conf/ports.conf
+
+<IfModule unixd_module>
+  User ${APACHE_RUN_USER}
+  Group ${APACHE_RUN_GROUP}
+</IfModule>
+
+DocumentRoot ${APACHE_SERVER_ROOT}/www/html
+<Directory />
+	Options FollowSymLinks
+	AllowOverride None
+	Require all denied
+</Directory>
+
+<Directory ${APACHE_SERVER_ROOT}/www/html>
+       Options Indexes FollowSymLinks
+       AllowOverride None
+       Require all granted
+</Directory>
+
+AccessFileName .htaccess
+
+LogFormat "%v:%p %h %l %u %t \"%r\" %>s  \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+LogFormat "%h %l %u %t \"%r\" %>s  \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%h %l %u %t \"%r\" %>s " common
+LogFormat "%{Referer}i -> %U" referer
+LogFormat "%{User-agent}i" agent
+CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log vhost_combined
+
+# Include the virtual host configurations:
+IncludeOptional sites-enabled/*.conf
+
+# inline module configs
+<IfModule mod_mime.c>
+	TypesConfig ${APACHE_NIX_STORE}/conf/mime.types
+	AddType application/x-compress .Z
+	AddType application/x-gzip .gz .tgz
+	AddType application/x-bzip2 .bz2
+	AddLanguage en .en
+	AddCharset us-ascii	.ascii .us-ascii
+	AddCharset ISO-8859-1  .iso8859-1  .latin1
+	AddCharset ISO-8859-2  .iso8859-2  .latin2 .cen
+	AddCharset ISO-8859-3  .iso8859-3  .latin3
+	AddCharset ISO-8859-4  .iso8859-4  .latin4
+	AddCharset ISO-8859-9  .iso8859-9  .latin5 .trk
+	AddCharset ISO-8859-10  .iso8859-10  .latin6
+	AddCharset ISO-8859-13  .iso8859-13
+	AddCharset ISO-8859-14  .iso8859-14  .latin8
+	AddCharset ISO-8859-15  .iso8859-15  .latin9
+	AddCharset ISO-8859-16  .iso8859-16  .latin10
+	# For russian, more than one charset is used (depends on client, mostly):
+	AddCharset WINDOWS-1251 .cp-1251   .win-1251
+	AddCharset CP866	   .cp866
+	AddCharset ISO-10646-UCS-2 .ucs2
+	AddCharset ISO-10646-UCS-4 .ucs4
+	AddCharset UTF-7	   .utf7
+	AddCharset UTF-8	   .utf8
+	AddCharset UTF-16	  .utf16
+	AddCharset UTF-16BE	.utf16be
+	AddCharset UTF-16LE	.utf16le
+	AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2
+	AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4
+	AddCharset shift_jis   .shift_jis .sjis
+	AddCharset BRF		 .brf
+
+	AddHandler type-map var
+	AddType text/html .shtml
+<IfModule mod_include.c>
+	AddOutputFilter INCLUDES .shtml
+</IfModule>
+
+</IfModule>
+
+<IfModule mod_ssl.c>
+	SSLRandomSeed startup builtin
+	SSLRandomSeed startup file:/dev/urandom 512
+	SSLRandomSeed connect builtin
+	SSLRandomSeed connect file:/dev/urandom 512
+	AddType application/x-x509-ca-cert .crt
+	AddType application/x-pkcs7-crl	.crl
+	SSLSessionCache		shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
+	SSLSessionCacheTimeout  300
+	SSLCipherSuite HIGH:!aNULL
+	SSLProtocol all -SSLv3
+</IfModule>
+
+<IfModule mod_negotiation.c>
+        LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW
+        ForceLanguagePriority Prefer Fallback
+</IfModule>
+<IfModule mpm_event_module>
+        StartServers      2
+        MinSpareThreads  25
+        MaxSpareThreads  75
+        ThreadLimit      64
+        ThreadsPerChild  25
+        MaxRequestWorkers 150
+        MaxConnectionsPerChild 0
+</IfModule>
+<IfModule reqtimeout_module>
+        RequestReadTimeout header=20-40,minrate=500
+        RequestReadTimeout body=10,minrate=500
+</IfModule>
+
+# === end module configs
+
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet