#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#
#
from . import testutils
if __name__ == "__main__":
import pkg5unittest
import copy
import os
import shutil
import six
try:
except ImportError:
"""This class contains publisher configuration used for setting up the
depots and https apache instances needed by the tests."""
"""Tests pkg interaction with the system repository."""
# Tests in this suite use the read only data directory.
example_pkg10 = """
open example_pkg@1.0,5.11-0
add file tmp/example_file mode=0555 owner=root group=bin path=/usr/bin/example_path
close"""
foo10 = """
open foo@1.0,5.11-0
close"""
foo11 = """
open foo@1.1,5.11-0
add file tmp/example_file mode=0555 owner=root group=bin path=/usr/bin/example_path2
close"""
bar10 = """
open bar@1.0,5.11-0
add file tmp/example_two mode=0555 owner=root group=bin path=/usr/bin/example_path3
close"""
bar11 = """
open bar@1.1,5.11-0
add file tmp/example_two mode=0555 owner=root group=bin path=/usr/bin/example_path3
add file tmp/example_two mode=0555 owner=root group=bin path=/usr/bin/example_path4
close"""
baz10 = """
open baz@1.0,5.11-0
add file tmp/example_three mode=0555 owner=root group=bin path=/usr/bin/another_1
close"""
caz10 = """
open caz@1.0,5.11-0
add file tmp/example_four mode=0555 owner=root group=bin path=/usr/bin/another_2
close"""
"tmp/example_three", "tmp/example_four"]
expected_all_access = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test1\ttrue\ttrue\ttrue\torigin\tonline\t{durl1}/\thttp://localhost:{port}
test12\tfalse\ttrue\ttrue\torigin\tonline\t{durl2}/\thttp://localhost:{port}
test3\ttrue\ttrue\ttrue\torigin\tonline\t{durl3}/\thttp://localhost:{port}
test4\ttrue\ttrue\ttrue\t\t\t\t
"""
# These need to be set before calling setUp in case setUp fails.
# These need to set to allow the smf commands to give the right
# responses.
# Set up the smf commands that these tests use.
for n in self.__smf_cmds_template:
# we make self.durl3 multi-hash aware, to ensure that the
# system-repository can serve packages published with multiple
# hashes.
"apache_logs")
# We send to rurl3 using multi-hash aware publication
debug_hash="sha1+sha256")
debug_hash="sha1+sha256")
if sha512_supported:
debug_hash="sha1+sha512t_256")
"apache-serve")
self.apache_confs = {}
# Establish the different publisher configurations that tests
# will need. self.configs is a dictionary that maps config
# names to tuples of (image properties, PC objects). The image
# properties are stored in a dictionary that maps the name of
# the property to the value. The list of PC objects represent
# the configuration of each publisher.
#
# The self.configs dictionary is used to create images whose
# configuration is used by pkg.sysrepo to create the
# configuration files needed to set up a system-repository
# instance for that image.
"all-access": ({}, [
"all-access-f": ({}, [
"disabled": ({}, [
"https-access": ({}, [
client_ta="ta6"),
client_ta="ta10")]),
"mirror-access": ({}, [
"mirror-access-f": ({}, [
"mirror-access-user": ({}, [
"none": ({}, []),
"test1-test12": ({}, [
"test1-test12-test12": ({}, [
PC(None,
"disabled": False}],
"test1-test3": ({}, [
"test1-test3-f": ({}, [
"test12": ({}, [
"test12-test12": ({}, [
PC(None,
"disabled": False}],
"test12-test3": ({}, [
"img-sig-ignore": ({"signature-policy": "ignore"}, [
"img-sig-require": (
{"signature-policy": "require-signatures"}, [
"img-sig-req-names": ({
"signature-policy": "require-names",
"signature-required-names": ["cs1_ch1_ta3"]
}, [
"pub-sig-ignore": ({}, [
sig_pol="ignore"),
"pub-sig-require": ({}, [
sig_pol="require-signatures"),
"pub-sig-reqnames": ({}, [
req_names="cs1_ch1_ta3"),
req_names="cs1_ch1_ta3")]),
"pub-sig-mixed": ({}, [
"img-pub-sig-mixed": ({"signature-policy": "ignore"}, [
"disabled_1_origin": ({}, [
PC(None,
"disabled": False}],
"disabled_2_origins": ({}, [
PC(None,
"disabled": True}],
}
# Config needed for https apache instances.
"signing_certs", "produced")
"code_signing_certs")
"chain_certs")
"publisher_cas")
"inter_certs")
"trust_anchors")
self.base_conf_dict = {
"common_log_format": "%h %l %u %t \\\"%r\\\" %>s %b",
"ssl-special": "%{SSL_CLIENT_I_DN_OU}",
}
# Pick a directory to store all the https apache configuration
# in.
# Start up an https apache config
# This apache instance will need a free port.
# Set up the directories and configuration this instance of
# apache will need.
"https_port": https_port,
"log_locs": log_dir,
"port": https_port,
"serve_root": content_dir,
})
return ac
"""Prepare the system repository configuration given either
a string corresponding to a key in self.configs, or a list
of keys.
'port' if used overrides the default port to be used.
'use_config_cache' causes us to call pkg.sysrepo twice for each
configuration, ensuring that we use the pkg.sysrepo config
"""
if not port:
self.__configured_names = []
cmd = "set-publisher"
cmd += " --non-sticky"
o["url"])
else:
else:
# Configure image to use apache instance
cmd = " --debug " \
"ssl_ca_file={ca_file} {cmd} " \
"-k {key} -c {cert} " \
"-p {url}".format(
"{0}_cert.pem".format(
"cs1_{0}_cert.pem".format(
"cs1_{0}_key.pem".format(
)
if pc.signature_policy:
cmd += " --set-property " \
"signature-policy={0}".format(
if pc.required_names:
cmd += " --set-property " \
"signature-required-names='{0}'".format(
if o["disabled"]:
if use_config_cache:
# Call self.sysrepo so that a config cache is
# created. The subsequent call to self.sysrepo
# will use that cache to build the Apache
# configuration.
"-r {common_serve}".format(
)
"-r {common_serve}".format(
)
"htdocs"))
name)
"""Sets the system-repository to use a named configuration
when providing responses."""
raise RuntimeError("{0} hasn't been prepared for this "
"htdocs")
raise RuntimeError("Expected {0} to already exist and "
gid)
# changing configuration without registering a new
# ApacheController is safe even if the new configuration
# specifies a different port, because the controller
# method of ApacheController if the process is running.
for p in pubs:
raise RuntimeError("Publisher {0} was expected "
"to exist but its directory is missing "
"from the image directory.".format(p))
if d not in pubs:
raise RuntimeError("{0} was not expected in the "
"publisher directory but was found.".format(d))
"""Test that an image with no publishers can be created and that
it can pick up its publisher configuration from the system
repository."""
"""Tests that an image with no publishers can be created and
that it can pick up its publisher configuration from the system
repository when we're using a cached pkg.sysrepo config."""
"""Implementation of test_01_basics, parameterizing
use_config_cache"""
# Make sure that the publisher catalogs were created.
for n in ("test1", "test12", "test3"):
# make sure none of our sysrepo-provided configuration has
# leaked into the image configuration
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
"""
# check we have the correct number of lines, each containing
# <system-repository>
count = 0
count += 1
# publisher 4 does not have any origins set
"line {0} does not contain "
"expected 5 lines of output in \n{0}\n, got {1}".format(
# Test that the publishers have the right uris and appear in
# the correct order.
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test1\ttrue\ttrue\ttrue\torigin\tonline\t{one}/\thttp://localhost:{port}
test12\tfalse\ttrue\ttrue\torigin\tonline\t{two}/\thttp://localhost:{port}
test3\ttrue\ttrue\ttrue\torigin\tonline\t{three}/\thttp://localhost:{port}
test4\ttrue\ttrue\ttrue\t\t\t\t
# Test that a new pkg process will pick up the right catalog.
# Test that the current api object has the right catalog.
# Test that we can install a multi-hash package
if sha512_supported:
"""Test that the transport for communicating with the depots is
actually going through the proxy. This is done by
"misconfiguring" the system repository so that it refuses to
proxy to certain depots then operations which would communicate
with those depots fail.
We also verify that $http_proxy and $no_proxy environment
variables are not used for interactions with the system
repository.
"""
"test3"])
# check that $http_proxy environment variables are ignored
# by setting http_proxy and no_proxy values that would otherwise
# cause us to bypass the system-repository.
# create an image the long way, allowing us to pass an environ
# create an image the long way, allowing us to pass an environ
"""Test that adding and removing origins to a system publisher
works as expected and that modifying other configuration of a
system publisher fails."""
"mirror-access-user"])
# Test that most modifications to a system publisher fail.
exit=1)
# Add a mirror to an existing system publisher
# Add an origin to an existing system publisher.
# Check that the publisher information is shown correctly.
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test1\ttrue\ttrue\ttrue\torigin\tonline\t{rurl1}/\t-
test1\ttrue\ttrue\ttrue\torigin\tonline\t{durl1}/\thttp://localhost:{port}
test1\ttrue\ttrue\ttrue\tmirror\tonline\t{rurl1}/\t-
# Check that the publisher specific information has information
# for both origins, and that we only have one occurrence of
# "Proxy:"
# Change the proxy configuration so that the image can't use it
# to communicate with the depot. This forces communication to
# go through the user configured origin.
# Check that the catalog can't be refreshed and that the
# communcation with the repository fails.
# Check that removing the system configured origin fails.
exit=1)
# Check that removing the user configured origin succeeds.
# --no-refresh is needed because otherwise we attempt to contact
# the publisher to update the catalogs.
# Check that the user configured origin is gone.
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test1\ttrue\ttrue\ttrue\torigin\tonline\t{durl1}/\thttp://localhost:{port}
test1\ttrue\ttrue\ttrue\tmirror\tonline\t{rurl1}/\t-
# Ensure that previous communication was going through the file
# repo by confirming that communication to the depot is still
# refused.
# Reenable access to the depot to make sure nothing has been
# broken in the image.
# Find the hashes that will be included in the urls of the
# proxied file repos.
# Check that a user can add and remove mirrors,
# but can't remove repo-provided mirrors
expected_mirrors = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test1\ttrue\ttrue\ttrue\torigin\tonline\t{durl1}/\thttp://localhost:{port}
test1\ttrue\ttrue\ttrue\tmirror\tonline\t{rurl1}/\t-
test1\ttrue\ttrue\ttrue\tmirror\tonline\thttp://localhost:{port}/test1/{hash1}/\t-
test12\tfalse\ttrue\ttrue\torigin\tonline\t{durl2}/\thttp://localhost:{port}
test12\tfalse\ttrue\ttrue\tmirror\tonline\t{rurl2}/\t-
test3\ttrue\ttrue\ttrue\torigin\tonline\t{durl3}/\thttp://localhost:{port}
test3\ttrue\ttrue\ttrue\tmirror\tonline\thttp://localhost:{port}/test3/{hash3}/\t-
# turn off the sysrepo property, and ensure the mirror is there
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test1\ttrue\tfalse\ttrue\tmirror\tonline\t{rurl1}/\t-
test12\tfalse\tfalse\ttrue\tmirror\tonline\t{rurl2}/\t-
# ensure we can't remove the sysrepo-provided mirror
# ensure we can remove the user-provided mirror
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test1\ttrue\ttrue\ttrue\torigin\tonline\t{durl1}/\thttp://localhost:{port}
test1\ttrue\ttrue\ttrue\tmirror\tonline\t{rurl1}/\t-
test1\ttrue\ttrue\ttrue\tmirror\tonline\thttp://localhost:{port}/test1/{hash1}/\t-
test12\tfalse\ttrue\ttrue\torigin\tonline\t{durl2}/\thttp://localhost:{port}
test3\ttrue\ttrue\ttrue\torigin\tonline\t{durl3}/\thttp://localhost:{port}
test3\ttrue\ttrue\ttrue\tmirror\tonline\thttp://localhost:{port}/test3/{hash3}/\t-
"""Test that changes to the syspub/0 response are handled
correctly by the client."""
# Check that a syspub/0 response with no configured publisers
# works.
"test1-test3", "test12"])
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
"""
# The user configures test1 as a publisher.
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test1\tfalse\tfalse\ttrue\torigin\tonline\t{0}/\t-
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test1\tfalse\tfalse\ttrue\torigin\tonline\t{0}/\t-
# Now the syspub/0 response configures two publishers. The
# test12 publisher is totally new while the test1 publisher
# overlaps with the publisher the user configured.
# Check that the syspub/0 sticky setting has masked the user
# configuration and that the other publisher information is as
# expected. Note that the user-configured origin should be
# hidden since we can only have a single path to an origin,
# so we use the system repository version.
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test1\ttrue\ttrue\ttrue\torigin\tonline\t{durl1}/\thttp://localhost:{port}
test12\tfalse\ttrue\ttrue\torigin\tonline\t{durl2}/\thttp://localhost:{port}
expected = """\
example_pkg 1.0-0 ---
foo (test12) 1.0-0 ---
"""
# Now the syspub/0 response configures two publishers, test1 and
# test 3.
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test1\ttrue\ttrue\ttrue\torigin\tonline\t{durl1}/\thttp://localhost:{port}
test3\ttrue\ttrue\ttrue\torigin\tonline\t{durl3}/\thttp://localhost:{port}
# Only test1 is expected to exist because only it was present in
# both the old configuration and the current configuration.
if sha512_supported:
expected = """\
bar (test3) 1.0-0 ---
baz (test3) 1.0-0 ---
caz (test3) 1.0-0 ---
example_pkg 1.0-0 ---
"""
else:
expected = """\
bar (test3) 1.0-0 ---
baz (test3) 1.0-0 ---
example_pkg 1.0-0 ---
"""
# The user tries to add an origin to the system publisher test3
# using the same url as the system-repository provides, which
# should fail, because There Can Be Only One origin for a given
# uri.
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test1\ttrue\ttrue\ttrue\torigin\tonline\t{durl1}/\thttp://localhost:{port}
test3\ttrue\ttrue\ttrue\torigin\tonline\t{durl3}/\thttp://localhost:{port}
if sha512_supported:
expected = """\
bar (test3) 1.0-0 ---
baz (test3) 1.0-0 ---
caz (test3) 1.0-0 ---
example_pkg 1.0-0 ---
"""
else:
expected = """\
bar (test3) 1.0-0 ---
baz (test3) 1.0-0 ---
example_pkg 1.0-0 ---
"""
# Now syspub/0 removes test1 and test3 as publishers and returns
# test12 as a publisher.
# test1 should be reinstated as a publisher because the
# user added an origin for it before using the system
# repository. test1 should also return to
# the settings the user had previously configured. test12 should
# be listed first since, because it's a system publisher, it's
# higher ranked.
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test12\tfalse\ttrue\ttrue\torigin\tonline\t{durl2}/\thttp://localhost:{port}
test1\tfalse\tfalse\ttrue\torigin\tonline\t{durl1}/\t-
expected = """\
foo 1.0-0 ---
"""
# Install a package from test12.
# Now syspub/0 removes test12 as a publisher as well.
# test12 should be disabled and at the bottom of the list
# because a package was installed from it prior to its removal
# as a system publisher.
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test1\tfalse\tfalse\ttrue\torigin\tonline\t{durl1}/\t-
test12\tfalse\ttrue\tfalse\t\t\t\t
# Uninstalling foo should remove test12 from the list of
# publishers.
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test1\tfalse\tfalse\ttrue\torigin\tonline\t{durl1}/\t-
"""Test that simultaneous changes in both user configuration and
system publisher state are handled correctly."""
# Create an image with no user configured publishers and no
# system configured publishers.
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
"""
# Have the user configure test1 at the same time that test1 is
# made a system publisher.
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test1\ttrue\ttrue\ttrue\torigin\tonline\t{rurl1}/\t-
test1\ttrue\ttrue\ttrue\torigin\tonline\t{durl1}/\thttp://localhost:{port}
# Adding the origin to the publisher which now exists should
# fail.
# The user adds an origin to test12 at the same time that test12
# first becomes known to the image.
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test12\tfalse\ttrue\ttrue\torigin\tonline\t{rurl2}/\t-
test12\tfalse\ttrue\ttrue\torigin\tonline\t{durl2}/\thttp://localhost:{port}
test1\ttrue\tfalse\ttrue\torigin\tonline\t{rurl1}/\t-
# The user removes the origin for test12 at the same time that
# test12 stops being a system publisher and test1 is added as a
# system publisher.
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test1\ttrue\ttrue\ttrue\torigin\tonline\t{rurl1}/\t-
test1\ttrue\ttrue\ttrue\torigin\tonline\t{durl1}/\thttp://localhost:{port}
test12\tfalse\tfalse\ttrue\t\t\t\t
# The user now removes the originless publisher
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test1\ttrue\ttrue\ttrue\torigin\tonline\t{rurl1}/\t-
test1\ttrue\ttrue\ttrue\torigin\tonline\t{durl1}/\thttp://localhost:{port}
# The user now unsets test1 at the same time that test1 stops
# being a system publisher.
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
"""
"""Test that publishers have the right search order given both
user configuration and whether a publisher is a system
publisher."""
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test3\ttrue\tfalse\ttrue\torigin\tonline\t{0}/\t-
test12\ttrue\tfalse\ttrue\torigin\tonline\t{1}/\t-
test1\ttrue\tfalse\ttrue\torigin\tonline\t{2}/\t-
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test1\ttrue\ttrue\ttrue\torigin\tonline\t{rurl1}/\t-
test1\ttrue\ttrue\ttrue\torigin\tonline\t{durl1}/\thttp://localhost:{port}
test12\tfalse\ttrue\ttrue\torigin\tonline\t{rurl2}/\t-
test12\tfalse\ttrue\ttrue\torigin\tonline\t{durl2}/\thttp://localhost:{port}
test3\ttrue\ttrue\ttrue\torigin\tonline\t{rurl3}/\t-
test3\ttrue\ttrue\ttrue\torigin\tonline\t{durl3}/\thttp://localhost:{port}
test4\ttrue\ttrue\ttrue\t\t\t\t
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test3\ttrue\tfalse\ttrue\torigin\tonline\t{0}/\t-
test12\ttrue\tfalse\ttrue\torigin\tonline\t{1}/\t-
test1\ttrue\tfalse\ttrue\torigin\tonline\t{2}/\t-
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test1\ttrue\ttrue\ttrue\torigin\tonline\t{rurl1}/\t-
test1\ttrue\ttrue\ttrue\torigin\tonline\t{durl1}/\thttp://localhost:{port}
test12\tfalse\ttrue\ttrue\torigin\tonline\t{rurl2}/\t-
test12\tfalse\ttrue\ttrue\torigin\tonline\t{durl2}/\thttp://localhost:{port}
test3\ttrue\ttrue\ttrue\torigin\tonline\t{rurl3}/\t-
test3\ttrue\ttrue\ttrue\torigin\tonline\t{durl3}/\thttp://localhost:{port}
test4\ttrue\ttrue\ttrue\t\t\t\t
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test1\ttrue\ttrue\ttrue\torigin\tonline\t{rurl1}/\t-
test1\ttrue\ttrue\ttrue\torigin\tonline\t{durl1}/\thttp://localhost:{port}
test3\ttrue\tfalse\ttrue\torigin\tonline\t{rurl3}/\t-
test12\ttrue\tfalse\ttrue\torigin\tonline\t{rurl2}/\t-
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test1\ttrue\ttrue\ttrue\torigin\tonline\t{rurl1}/\t-
test1\ttrue\ttrue\ttrue\torigin\tonline\t{durl1}/\thttp://localhost:{port}
test12\ttrue\tfalse\ttrue\torigin\tonline\t{rurl2}/\t-
test3\ttrue\tfalse\ttrue\torigin\tonline\t{rurl3}/\t-
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test1\ttrue\ttrue\ttrue\torigin\tonline\t{rurl1}/\t-
test1\ttrue\ttrue\ttrue\torigin\tonline\t{durl1}/\thttp://localhost:{port}
test3\ttrue\tfalse\ttrue\torigin\tonline\t{rurl3}/\t-
test12\ttrue\tfalse\ttrue\torigin\tonline\t{rurl2}/\t-
exit=1)
# Ensure that test12 is not disabled.
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test1\ttrue\ttrue\ttrue\torigin\tonline\t{rurl1}/\t-
test1\ttrue\ttrue\ttrue\torigin\tonline\t{durl1}/\thttp://localhost:{port}
test3\ttrue\tfalse\ttrue\torigin\tonline\t{rurl3}/\t-
test12\ttrue\tfalse\ttrue\torigin\tonline\t{rurl2}/\t-
# Ensure that test12 is still sticky.
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test1\ttrue\ttrue\ttrue\torigin\tonline\t{rurl1}/\t-
test1\ttrue\ttrue\ttrue\torigin\tonline\t{durl1}/\thttp://localhost:{port}
test3\ttrue\tfalse\ttrue\torigin\tonline\t{rurl3}/\t-
test12\ttrue\tfalse\ttrue\torigin\tonline\t{rurl2}/\t-
# Check that attempting to change test12 relative to test1
# fails.
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test1\ttrue\ttrue\ttrue\torigin\tonline\t{rurl1}/\t-
test1\ttrue\ttrue\ttrue\torigin\tonline\t{durl1}/\thttp://localhost:{port}
test12\ttrue\tfalse\ttrue\torigin\tonline\t{rurl2}/\t-
test3\ttrue\tfalse\ttrue\torigin\tonline\t{rurl3}/\t-
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test12\ttrue\tfalse\ttrue\torigin\tonline\t{0}/\t-
test3\ttrue\tfalse\ttrue\torigin\tonline\t{1}/\t-
test1\ttrue\tfalse\ttrue\torigin\tonline\t{2}/\t-
"""Test that setting the environment variable PKG_SYSREPO_URL
sets the url that pkg uses to communicate with the system
repository."""
if old_psu:
else:
"""Test that proxied file repos work correctly."""
# Find the hashes that will be included in the urls of the
# proxied file repos.
# Unicode-objects must be encoded before hashing.
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test1\ttrue\ttrue\ttrue\torigin\tonline\thttp://localhost:{port}/test1/{hash1}/\t-
test12\tfalse\ttrue\ttrue\torigin\tonline\thttp://localhost:{port}/test12/{hash2}/\t-
test3\ttrue\ttrue\ttrue\torigin\tonline\thttp://localhost:{port}/test3/{hash3}/\t-
# Check connectivity with the proxied repos.
# Check that proxied file repos that disappear vanish correctly,
# and that those with installed packages remain as disabled
# publishers.
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test1\ttrue\ttrue\tfalse\t\t\t\t
"""
# Check that when the user adds an origin to a former system
# publisher with an installed package, the publisher becomes
# enabled and is not a system publisher.
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test1\ttrue\tfalse\ttrue\torigin\tonline\t{rurl1}/\t-
"""Test that changing publishers from http to file repos and
back in the sysrepo works as expected."""
"none"])
# Find the hashes that will be included in the urls of the
# proxied file repos.
# Unicode-objects must be encoded before hashing.
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test1\ttrue\ttrue\ttrue\torigin\tonline\thttp://localhost:{port}/test1/{hash1}/\t-
test12\tfalse\ttrue\ttrue\torigin\tonline\thttp://localhost:{port}/test12/{hash2}/\t-
test3\ttrue\ttrue\ttrue\torigin\tonline\thttp://localhost:{port}/test3/{hash3}/\t-
"""Test that mirror information from the sysrepo is handled
correctly."""
"mirror-access", "mirror-access-f", "none"])
# Find the hashes that will be included in the urls of the
# proxied file repos.
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test1\ttrue\ttrue\ttrue\torigin\tonline\t{durl1}/\thttp://localhost:{port}
test1\ttrue\ttrue\ttrue\tmirror\tonline\thttp://localhost:{port}/test1/{hash1}/\t-
test12\tfalse\ttrue\ttrue\torigin\tonline\t{durl2}/\thttp://localhost:{port}
test12\tfalse\ttrue\ttrue\tmirror\tonline\thttp://localhost:{port}/test12/{hash2}/\t-
test3\ttrue\ttrue\ttrue\torigin\tonline\t{durl3}/\thttp://localhost:{port}
test3\ttrue\ttrue\ttrue\tmirror\tonline\thttp://localhost:{port}/test3/{hash3}/\t-
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test1\ttrue\ttrue\ttrue\torigin\tonline\thttp://localhost:{port}/test1/{hash1}/\t-
test1\ttrue\ttrue\ttrue\tmirror\tonline\t{durl1}/\thttp://localhost:{port}
test12\tfalse\ttrue\ttrue\torigin\tonline\thttp://localhost:{port}/test12/{hash2}/\t-
test12\tfalse\ttrue\ttrue\tmirror\tonline\t{durl2}/\thttp://localhost:{port}
test3\ttrue\ttrue\ttrue\torigin\tonline\thttp://localhost:{port}/test3/{hash3}/\t-
test3\ttrue\ttrue\ttrue\tmirror\tonline\t{durl3}/\thttp://localhost:{port}
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
"""
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test1\ttrue\ttrue\ttrue\torigin\tonline\thttp://localhost:{port}/test1/{hash1}/\t-
test1\ttrue\ttrue\ttrue\tmirror\tonline\t{durl1}/\thttp://localhost:{port}
test12\tfalse\ttrue\ttrue\torigin\tonline\thttp://localhost:{port}/test12/{hash2}/\t-
test12\tfalse\ttrue\ttrue\tmirror\tonline\t{durl2}/\thttp://localhost:{port}
test3\ttrue\ttrue\ttrue\torigin\tonline\thttp://localhost:{port}/test3/{hash3}/\t-
test3\ttrue\ttrue\ttrue\tmirror\tonline\t{durl3}/\thttp://localhost:{port}
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test1\ttrue\ttrue\ttrue\torigin\tonline\t{durl1}/\thttp://localhost:{port}
test1\ttrue\ttrue\ttrue\tmirror\tonline\thttp://localhost:{port}/test1/{hash1}/\t-
test12\tfalse\ttrue\ttrue\torigin\tonline\t{durl2}/\thttp://localhost:{port}
test12\tfalse\ttrue\ttrue\tmirror\tonline\thttp://localhost:{port}/test12/{hash2}/\t-
test3\ttrue\ttrue\ttrue\torigin\tonline\t{durl3}/\thttp://localhost:{port}
test3\ttrue\ttrue\ttrue\tmirror\tonline\thttp://localhost:{port}/test3/{hash3}/\t-
"""Test that https repos are proxied correctly."""
"""Ensure https configurations are created properly when
using a cached configuration."""
"""Implementation of test_11_https_repos, parameterizing
use_config_cache."""
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test1\ttrue\ttrue\ttrue\torigin\tonline\t{ac1url}/\thttp://localhost:{port}
test12\tfalse\ttrue\ttrue\torigin\tonline\t{ac2url}/\thttp://localhost:{port}
test3\ttrue\ttrue\ttrue\torigin\tonline\t{ac3url}/\thttp://localhost:{port}
""".format(
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
"""
"""Test that repos which are disabled in the global zone do not
create problems."""
"""Ensure disable configurations are created properly when
using a cached configuration."""
"""Implementation of test_12_disabled_repos, parameterizing
use_config_cache."""
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test12\tfalse\ttrue\ttrue\torigin\tonline\t{durl2}/\thttp://localhost:{port}
test3\ttrue\ttrue\ttrue\torigin\tonline\t{durl3}/\thttp://localhost:{port}
"""Test that publishers with no urls are allowed as syspubs
"""Test that publishers which use no url are allowed as syspubs
when using cached configurations."""
"""Implementation of test_13[a]_no_url, parameterizing
use_config_cache."""
expected_empty = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test4\ttrue\ttrue\ttrue\t\t\t\t
"""
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test4\ttrue\ttrue\ttrue\torigin\tonline\t{0}/\t-
# add another empty publisher
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test4\ttrue\ttrue\ttrue\t\t\t\t
empty\ttrue\tfalse\ttrue\t\t\t\t
"""
# toggle the system publisher and verify that
# our configuration made it to the image
expected_nonsyspub = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
test4\ttrue\tfalse\ttrue\t\t\t\t
empty\ttrue\tfalse\ttrue\t\t\t\t
"""
# because we've added and removed local configuration for a
# publisher, that makes that publisher hang around in the user
# image configuration.
# The user needs to unset the publisher to make it go away.
# verify the sysrepo configuration is still there
"""Test that an unprivileged user can use non-image modifying
commands and that image modifying commands don't trace back."""
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
"""
# Test that when the sysrepo isn't available, unprivileged users
# don't lose functionality.
# Since the last privileged command was done when no
# system-publishers were available, that's what's expected when
# the system repository isn't available.
expected = """\
PUBLISHER\tSTICKY\tSYSPUB\tENABLED\tTYPE\tSTATUS\tURI\tPROXY
"""
# Now do a privileged command command to change what the state
# on disk is.
"""Test that the image signature policy of ignore is propagated
by the system-repository."""
conf_name = "img-sig-ignore"
"""Test that the image signature policy of require is propagated
by the system-repository."""
conf_name = "img-sig-require"
"""Test that the image signature policy of require-names and the
corresponding required names are propagated by the
system-repository."""
conf_name = "img-sig-req-names"
"""Test that the publisher signature policies of ignore are
propagated by the system-repository."""
conf_name = "pub-sig-ignore"
for p in pubs:
"""Test that the publisher signature policies of
require-signatures are propagated by the system-repository."""
conf_name = "pub-sig-require"
for p in pubs:
"""Test that publishers signature policies of require-names and
the corresponding required names are propagated by the
system-repository."""
conf_name = "pub-sig-reqnames"
for p in pubs:
p.prefix + ":" +
"""Test that a mixture of publisher signature policies are
correctly propagated."""
conf_name = "pub-sig-mixed"
for p in pubs:
if p.prefix == "test1":
p.prefix + ":" +
p.properties["signature-policy"],
elif p.prefix == "test12":
p.properties)
else:
p.prefix + ":" +
p.properties["signature-policy"],
"""Test that a mixture of image and publisher signature policies
are correctly propagated."""
conf_name = "img-pub-sig-mixed"
for p in pubs:
if p.prefix == "test1":
p.prefix + ":" +
p.properties["signature-policy"],
elif p.prefix == "test12":
p.prefix + ":" +
p.properties["signature-policy"],
p.prefix + ":" +
"signature-required-names"]),
else:
p.prefix + ":" +
p.properties["signature-policy"],
"""Test that the catalog response is not cached when dealing
with an http repo."""
conf_name = "test1-test3"
"""Test that the catalog response is not cached when dealing
with an http repo."""
conf_name = "test1-test3-f"
"""Test that the pkg client doesn't rebuild the known image
catalog unnecessarily.
The way we test this is kinda obtuse. To test this we use a
staged image operation. This allows us to break up pkg
execution into three stages, planning, preparation, and
execution. At the end of the planning stage, we create and
save an image plan to disk. This image plan includes the last
modified timestamp for the known catalog. Subsequently when
we go to load the plan from disk (during preparation and
execution) we check that timestamp to make sure the image
hasn't changed since the plan was generated (this ensures that
the image plan is still valid). So if the pkg client decides
to update the known catalog unnecessarily then we'll fail when
we try to reload the plan during preparation
(--stage=prepare)."""
"test12-test12"])
# enable the test1 and test12 publishers
# install a package from the test1 and test12 publisher
# disable the test1 publisher
# do a staged update
"""Test that sysrepo publishers get refreshed automatically
when sysrepo configuration changes."""
"test1-test12-test12"])
# the client should see packages from the test1 and test12 pubs.
expected = (
"example_pkg 1.0-0 ---\n"
"foo (test12) 1.0-0 ---\n")
# remove the test12 pub.
expected = "example_pkg 1.0-0 ---\n"
# add the test12 pub.
expected = (
"example_pkg 1.0-0 ---\n"
"foo (test12) 1.0-0 ---\n")
# add an origin (with new packages) to the test12 pub.
expected = (
"example_pkg 1.0-0 ---\n"
"foo (test12) 1.1-0 ---\n"
"foo (test12) 1.0-0 ---\n")
# push a new package into one of the test12 repos.
# (we have to do an explicit refresh since "list" won't do it
# because last_refreshed is too recent.)
expected = (
"bar (test12) 1.0-0 ---\n"
"example_pkg 1.0-0 ---\n"
"foo (test12) 1.1-0 ---\n"
"foo (test12) 1.0-0 ---\n")
# remove an origin from the test12 pub.
expected = (
"bar (test12) 1.0-0 ---\n"
"example_pkg 1.0-0 ---\n"
"foo (test12) 1.0-0 ---\n")
# install a package from the test12 pub.
# then re-do a bunch of the tests above.
# remove the test12 pub.
expected = (
"example_pkg 1.0-0 ---\n"
"foo (test12) 1.0-0 i--\n")
# add the test12 pub.
expected = (
"bar (test12) 1.0-0 ---\n"
"example_pkg 1.0-0 ---\n"
"foo (test12) 1.0-0 i--\n")
# add an origin (with new packages) to the test12 pub.
expected = (
"bar (test12) 1.0-0 ---\n"
"example_pkg 1.0-0 ---\n"
"foo (test12) 1.1-0 ---\n"
"foo (test12) 1.0-0 i--\n")
# push a new package into one of the test12 repos.
# (we have to do an explicit refresh since "list" won't do it
# because last_refreshed is too recent.)
expected = (
"bar (test12) 1.1-0 ---\n"
"bar (test12) 1.0-0 ---\n"
"example_pkg 1.0-0 ---\n"
"foo (test12) 1.1-0 ---\n"
"foo (test12) 1.0-0 i--\n")
# remove an origin from the test12 pub.
expected = (
"bar (test12) 1.1-0 ---\n"
"bar (test12) 1.0-0 ---\n"
"example_pkg 1.0-0 ---\n"
"foo (test12) 1.0-0 i--\n")
"""Test that sysrepo publishers get refreshed automatically
when sysrepo configuration changes."""
# the client should see packages from the test1 pubs.
expected = (
"example_pkg 1.0-0 ---\n")
# push a new package into one of the test12 repos.
# verify that the client only sees the new package after an
# explicit refresh
expected = (
"example_pkg 1.0-0 ---\n")
expected = (
"bar 1.0-0 ---\n"
"example_pkg 1.0-0 ---\n")
# disable the sysrepo.
# the client should not see any packages.
expected = ("")
# push a new package into one of the test12 repos.
# enable the sysrepo.
# the client should see packages from the test1 pubs.
expected = (
"bar 1.1-0 ---\n"
"bar 1.0-0 ---\n"
"example_pkg 1.0-0 ---\n")
# install a package from the test12 pub.
# then re-do a bunch of the tests above.
# disable the sysrepo.
# the client should only see the installed package.
expected = (
"example_pkg 1.0-0 i--\n")
# push a new package into one of the test12 repos.
# enable the sysrepo.
# the client should see packages from the test1 pubs.
expected = (
"bar 1.1-0 ---\n"
"bar 1.0-0 ---\n"
"example_pkg 1.0-0 i--\n"
"foo 1.0-0 ---\n")
"""Test that publishers with disabled origins are handled "
correctly."""
# Test disabled origin is not shown in system repo.
# Use cache configuration this time.
# Test disabled origin is not shown in system repo.
# Test publisher with all origins disabled is shown in the
# system repo as if no origin is set.
# Use cache configuration this time.
# Test publisher with all origins disabled is shown in the
# system repo as if no origin is set.
__smf_cmds_template = { \
import getopt
import sys
if __name__ == "__main__":
try:
opts, pargs = getopt.getopt(sys.argv[1:], "cp:")
except getopt.GetoptError as e:
usage(_("illegal global option -- {{0}}").format(e.opt))
prop_dict = {{
"config/listen_host" : "localhost",
"config/listen_port" : "{proxy_port}",
}}
found_c = False
prop = None
for opt, arg in opts:
if opt == "-c":
found_c = True
elif opt == "-p":
prop = arg
if prop:
prop = prop_dict.get(prop, None)
if not found_c or not prop:
sys.exit(1)
print(prop)
sys.exit(0)
for k, v in prop_dict.iteritems():
print("{{0}} {{1}}".format(k, v))
sys.exit(0)
""",
import getopt
import sys
if __name__ == "__main__":
try:
opts, pargs = getopt.getopt(sys.argv[1:], "cp:")
except getopt.GetoptError as e:
usage(_("illegal global option -- {{0}}").format(e.opt))
prop_dict = {{
"config/proxy_host" : "localhost",
"config/proxy_port" : "{proxy_port}"
}}
if len(pargs) != 2 or pargs[0] != "restart" or \
pargs[1] != "svc:/application/pkg/system-repository":
sys.exit(1)
sys.exit(0)
"""}
https_conf = """\
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "logs/access_log"
# will be interpreted as "/logs/access_log".
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path. If you point
# ServerRoot at a non-local disk, be sure to point the LockFile directive
# at a local disk. If you wish to share the same ServerRoot for multiple
# httpd daemons, you will need to change at least LockFile and PidFile.
#
PidFile "{pidfile}"
#
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
Listen 0.0.0.0:{https_port}
#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
LoadModule access_compat_module libexec/mod_access_compat.so
LoadModule alias_module libexec/mod_alias.so
LoadModule authn_core_module libexec/mod_authn_core.so
LoadModule authz_core_module libexec/mod_authz_core.so
LoadModule authz_host_module libexec/mod_authz_host.so
LoadModule cache_module libexec/mod_cache.so
LoadModule deflate_module libexec/mod_deflate.so
LoadModule dir_module libexec/mod_dir.so
LoadModule env_module libexec/mod_env.so
LoadModule filter_module libexec/mod_filter.so
LoadModule headers_module libexec/mod_headers.so
LoadModule log_config_module libexec/mod_log_config.so
LoadModule mime_module libexec/mod_mime.so
LoadModule mpm_worker_module libexec/mod_mpm_worker.so
LoadModule rewrite_module libexec/mod_rewrite.so
LoadModule ssl_module libexec/mod_ssl.so
LoadModule proxy_module libexec/mod_proxy.so
LoadModule proxy_connect_module libexec/mod_proxy_connect.so
LoadModule proxy_http_module libexec/mod_proxy_http.so
LoadModule unixd_module libexec/mod_unixd.so
LoadModule wsgi_module libexec/mod_wsgi-2.7.so
<IfModule unixd_module>
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User webservd
Group webservd
</IfModule>
# 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
ServerName 127.0.0.1
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/"
#
# Each directory to which Apache has access can be configured with respect
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory />
Options None
AllowOverride None
Require all denied
</Directory>
#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#
#
# This should be changed to whatever you set DocumentRoot to.
#
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.ht">
Require all denied
</FilesMatch>
#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog "{log_locs}/error_log"
#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel debug
<IfModule log_config_module>
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "{common_log_format}" common
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
#
CustomLog "{log_locs}/access_log" common
</IfModule>
<IfModule mime_module>
#
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
#
#
# AddType allows you to add to or override the MIME configuration
# file specified in TypesConfig for specific file types.
#
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
# Add a new mime.type for .p5i file extension so that clicking on
# this file type on a web page launches PackageManager in a Webinstall mode.
AddType application/vnd.pkg5.info .p5i
</IfModule>
#
# Note: The following must must be present to support
# but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
<VirtualHost 0.0.0.0:{https_port}>
AllowEncodedSlashes On
ProxyRequests Off
MaxKeepAliveRequests 10000
SSLEngine On
# Cert paths
SSLCertificateFile {server-ssl-cert}
SSLCertificateKeyFile {server-ssl-key}
# Combined product CA certs for client verification
SSLCACertificateFile {server-ca-cert}
SSLVerifyClient require
<Location />
SSLVerifyDepth 1
# The client's certificate must pass verification, and must have
# a CN which matches this repository.
SSLRequire ( {ssl-special} =~ m/{server-ca-taname}/ )
# set max to number of threads in depot
ProxyPass {proxied-server}/ nocanon max=500
</Location>
</VirtualHost>
"""