diff --git a/scripts/test-integration.sh b/scripts/test-integration.sh index 463fc03..443e4ff 100755 --- a/scripts/test-integration.sh +++ b/scripts/test-integration.sh @@ -2,7 +2,7 @@ cd "$(readlink -f "$(dirname "$BASH_SOURCE")")"/.. -IMAGE="${1:-$( docker images | grep '^fhem/*' | grep -v "" | awk '{print $3}' | uniq )}" +IMAGE="${1:-$( docker images | grep 'alexa' | grep -v "" | awk '{print $3}' | uniq )}" echo -e "\n\n" docker images @@ -15,14 +15,14 @@ RETURNCODE=0 for ID in $IMAGE; do echo "Booting up container for variant $ID ..." - CONTAINER=$( docker run -d -ti --health-interval=60s --health-timeout=10s --health-start-period=150s --health-retries=5 $ID ) + CONTAINER=$( docker run -d -ti --health-interval=60s --health-timeout=10s --health-start-period=150s --health-retries=5 "$ID" ) docker container ls | grep 'fhem/.*' echo -ne "Waiting for container ..." sleep 3 bootstate="created" - until [ $bootstate != "created" ]; do - bootstate=$( docker inspect --format="{{json .State}}" $CONTAINER 2>/dev/null | jq -r .Status ) + until [ "$bootstate" != "created" ]; do + bootstate=$( docker inspect --format="{{json .State}}" "$CONTAINER" 2>/dev/null | jq -r .Status ) echo -n " ." sleep 3 done @@ -37,13 +37,21 @@ for ID in $IMAGE; do if [ -z "$status" ]; then echo -ne "\nWaiting for health status report ..." healthstate="starting" - until [ $healthstate != "starting" ]; do - healthstate=$( docker inspect --format="{{json .State}}" $CONTAINER 2>/dev/null | jq -r .Health.Status ) + until [ "$healthstate" != "starting" ]; do + healthstate=$( docker inspect --format="{{json .State}}" "$CONTAINER" 2>/dev/null | jq -r .Health.Status ) echo -n " ." sleep 3 done if [ -n "$healthstate" ] && [ "$healthstate" == "healthy" ]; then - status="OK" + + # Check SSH connection + if ! output=$(docker container exec --user 6062 "${CONTAINER}" ssh -F .ssh/config -p 58824 fhem-va.fhem.de status 2>&1); then + echo "$output" + status="ssh-error" + else + status="OK" + fi + elif [ -n "$healthstate" ] && [ "$healthstate" != "null" ]; then status=$healthstate else @@ -53,15 +61,15 @@ for ID in $IMAGE; do fi if [ "$status" != "OK" ]; then - echo -e "\nImage $ID did come up with unexpected state "$status". Integration test FAILED!\n\n" - docker logs $CONTAINER - docker container rm $CONTAINER --force --volumes 2>&1>/dev/null - docker rmi $ID >/dev/null + echo -e "\nImage $ID did come up with unexpected state $status. Integration test FAILED!\n\n" + docker logs "$CONTAINER" + docker container rm "$CONTAINER" --force --volumes 2>&1>/dev/null + docker rmi "$ID" >/dev/null echo "$ID $status" >> ./failed_variants (( RETURNCODE++ )) else echo -e "\nImage $ID integration test PASSED.\n\n" - docker container rm $CONTAINER --force --volumes 2>&1>/dev/null + docker container rm "$CONTAINER" --force --volumes 2>&1>/dev/null fi done diff --git a/src/entry.sh b/src/entry.sh index 2ff9c00..ce35882 100755 --- a/src/entry.sh +++ b/src/entry.sh @@ -46,7 +46,7 @@ generate_ssh_keys() { if [ ! -s ${ALEXAFHEM_DIR}/.ssh/id_rsa ]; then echo -e " - Generating SSH RSA client certificate for user 'alexa-fhem' ..." rm -f ${ALEXAFHEM_DIR}/.ssh/id_rsa* - ssh-keygen -t rsa -b 4096 -f ${ALEXAFHEM_DIR}/.ssh/id_rsa -q -N "" -o -a 100 + ssh-keygen -t rsa-sha2-512 -b 4096 -f ${ALEXAFHEM_DIR}/.ssh/id_rsa -q -N "" -o -a 100 sed -i "s/root@.*/alexa-fhem@alexa-fhem-docker/" ${ALEXAFHEM_DIR}/.ssh/id_rsa.pub fi chmod 600 ${ALEXAFHEM_DIR}/.ssh/id_rsa @@ -55,14 +55,15 @@ generate_ssh_keys() { harden_ssh_client() { if [ ! -f ${ALEXAFHEM_DIR}/.ssh/config ]; then - echo "IdentityFile ~/.ssh/id_ed25519 -IdentityFile ~/.ssh/id_rsa - -Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr -HostKeyAlgorithms ssh-ed25519,ssh-rsa -KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256 -MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,umac-128-etm@openssh.com -" > "${ALEXAFHEM_DIR}"/.ssh/config + printf "%s\n" \ + "IdentityFile ~/.ssh/id_ed25519" \ + "IdentityFile ~/.ssh/id_rsa" \ + "PubkeyAcceptedKeyTypes +ssh-rsa" \ + "HostKeyAlgorithms +ssh-rsa" \ + "Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-gcm@openssh.com,aes128-ctr" \ + "MACs hmac-sha2-256,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com" \ + "KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,gss-curve25519-sha256-,diffie-hellman-group16-sha512,gss-group16-sha512-,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256" \ + "Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com" > "${ALEXAFHEM_DIR}"/.ssh/config fi } diff --git a/src/tests/bats/entry.bats b/src/tests/bats/entry.bats index 51c5d1b..57adfca 100644 --- a/src/tests/bats/entry.bats +++ b/src/tests/bats/entry.bats @@ -66,7 +66,8 @@ teardown_file() { assert_file_exists "${ALEXAFHEM_DIR}"/.ssh/config assert_file_contains "${ALEXAFHEM_DIR}"/.ssh/config "IdentityFile" assert_file_contains "${ALEXAFHEM_DIR}"/.ssh/config "Ciphers" - assert_file_contains "${ALEXAFHEM_DIR}"/.ssh/config "ssh-ed25519,ssh-rsa" + assert_file_contains "${ALEXAFHEM_DIR}"/.ssh/config "hmac-sha2-256" + assert_file_contains "${ALEXAFHEM_DIR}"/.ssh/config "hmac-sha2-512" }