[Box Backup-commit] [boxbackup/boxbackup] e43161: Rename setup_test_bbackupd() in test/bbackupd
Chris Wilson
noreply at github.com
Sun May 19 17:01:39 BST 2019
Branch: refs/heads/master
Home: https://github.com/boxbackup/boxbackup
Commit: e43161d15dd297a66b50e2a86cc5a5b80baed3ed
https://github.com/boxbackup/boxbackup/commit/e43161d15dd297a66b50e2a86cc5a5b80baed3ed
Author: Chris Wilson <chris+github at qwirx.com>
Date: 2019-01-13 (Sun, 13 Jan 2019)
Changed paths:
M test/bbackupd/testbbackupd.cpp
Log Message:
-----------
Rename setup_test_bbackupd() in test/bbackupd
The name of this utility function was confusing with the SETUP_TEST_BBACKUPD
macro which served an entirely different purpose, so I renamed it to
prepare_test_with_client_daemon().
(cherry picked from commit 0dac53b4a31263fe8976237702538cd258fc86e1)
Commit: 254c099a15dbf3be89e7ef82d923fb66d2080959
https://github.com/boxbackup/boxbackup/commit/254c099a15dbf3be89e7ef82d923fb66d2080959
Author: Chris Wilson <chris+github at qwirx.com>
Date: 2019-01-13 (Sun, 13 Jan 2019)
Changed paths:
M test/bbackupd/testbbackupd.cpp
Log Message:
-----------
Rename test/bbackupd compare macros for readability, and add logging
(cherry picked from commit 5cf8bad939937fb35e2cd4d1e8a6580c61b07d9a)
Commit: 05b9202c4c2536432d41d523b9e17b7a9434b13a
https://github.com/boxbackup/boxbackup/commit/05b9202c4c2536432d41d523b9e17b7a9434b13a
Author: Chris Wilson <chris+github at qwirx.com>
Date: 2019-01-14 (Mon, 14 Jan 2019)
Changed paths:
M lib/backupstore/StoreTestUtils.cpp
M lib/backupstore/StoreTestUtils.h
M lib/common/Test.h
M test/bbackupd/testbbackupd.cpp
Log Message:
-----------
Refactor Start/StopSimulator out of testbackupstore
To enable reuse by testbackupstorepatch.
(cherry picked from commit 92d3f329ad1ebd9ce04d18659ea47b14b64e78ba)
Commit: 54d435424ab5d736e6675230101efb0f9f286ec0
https://github.com/boxbackup/boxbackup/commit/54d435424ab5d736e6675230101efb0f9f286ec0
Author: Chris Wilson <chris+github at qwirx.com>
Date: 2019-02-01 (Fri, 01 Feb 2019)
Changed paths:
M lib/backupstore/StoreTestUtils.cpp
M lib/backupstore/StoreTestUtils.h
M lib/common/BoxException.h
M lib/common/Test.cpp
M lib/common/Test.h
M lib/server/ServerControl.cpp
M lib/server/ServerControl.h
M test/basicserver/testbasicserver.cpp
Log Message:
-----------
Move LaunchServer and WaitForServerStartup to lib/server/ServerControl.cpp
Commit: 8c2837bda0237229c5f39e4cf95479038f9c7ec1
https://github.com/boxbackup/boxbackup/commit/8c2837bda0237229c5f39e4cf95479038f9c7ec1
Author: Chris Wilson <chris+github at qwirx.com>
Date: 2019-02-01 (Fri, 01 Feb 2019)
Changed paths:
M lib/common/FileStream.h
M lib/common/Test.cpp
M lib/server/ServerControl.cpp
M lib/server/ServerControl.h
M test/bbackupd/testbbackupd.cpp
Log Message:
-----------
test/bbackupd: add a test for bbackupd-config and bbstored-config scripts
Test creating new clients and servers, signing their certificates and running a
test backup.
(cherry picked from commit 7ac15a016360fd03eb0d7dddd4c1528069486ab1)
Commit: b0b572b69243266b7ff6423aa683bad8ec205061
https://github.com/boxbackup/boxbackup/commit/b0b572b69243266b7ff6423aa683bad8ec205061
Author: Chris Wilson <chris+github at qwirx.com>
Date: 2019-02-03 (Sun, 03 Feb 2019)
Changed paths:
M infrastructure/cmake/windows/CMakeLists.txt
Log Message:
-----------
Switch PCRE back to an official release
(cherry picked from commit e4d488d1a07bf1db32e96a9526d1fd1ea54f0967)
(cherry picked from commit c3f54004ab6aca059ec259b2b310b0bb3161e191)
(cherry picked from commit 1f87f198b4a8e56eef0b28da4685e1c9084883df)
Commit: 83238a9434a878bb86847cfd72077e07e8c65448
https://github.com/boxbackup/boxbackup/commit/83238a9434a878bb86847cfd72077e07e8c65448
Author: Chris Wilson <chris+github at qwirx.com>
Date: 2019-02-11 (Mon, 11 Feb 2019)
Changed paths:
M infrastructure/cmake/windows/CMakeLists.txt
Log Message:
-----------
Upgrade PCRE to 8.42, and switch to a new official site
Commit: 655d62b2fd9172846ef59ca6546f5dad72f1f37a
https://github.com/boxbackup/boxbackup/commit/655d62b2fd9172846ef59ca6546f5dad72f1f37a
Author: Chris Wilson <chris+github at qwirx.com>
Date: 2019-05-09 (Thu, 09 May 2019)
Changed paths:
M infrastructure/cmake/CMakeLists.txt
Log Message:
-----------
CMake buildsystem: configure files after all variables are known
Commit: c12feffd8a044bc3add241d0939699ce443288c3
https://github.com/boxbackup/boxbackup/commit/c12feffd8a044bc3add241d0939699ce443288c3
Author: Chris Wilson <chris+github at qwirx.com>
Date: 2019-05-13 (Mon, 13 May 2019)
Changed paths:
M infrastructure/cmake/CMakeLists.txt
M infrastructure/m4/boxbackup_tests.m4
Log Message:
-----------
OpenSSL: detect SSL_CTX_set_security_level and friends
Needed to enable the new SSLSecurityLevel option only when building with a
recent enough OpenSSL that supports it.
Commit: e0a1463227fb35a608d52407180277380c00f859
https://github.com/boxbackup/boxbackup/commit/e0a1463227fb35a608d52407180277380c00f859
Author: Chris Wilson <chris+github at qwirx.com>
Date: 2019-05-13 (Mon, 13 May 2019)
Changed paths:
M lib/common/Configuration.cpp
M lib/common/Configuration.h
Log Message:
-----------
Configuration: add a variant of GetKeyValueInt that has a default value
This will be used for the new SSLSecurityLevel option.
Commit: fc8237f7d1fb7e29ec074deed74e574a9a32dff1
https://github.com/boxbackup/boxbackup/commit/fc8237f7d1fb7e29ec074deed74e574a9a32dff1
Author: Chris Wilson <chris+github at qwirx.com>
Date: 2019-05-13 (Mon, 13 May 2019)
Changed paths:
M lib/common/Test.cpp
M lib/common/Test.h
M test/bbackupd/testbbackupd.cpp
Log Message:
-----------
test_bbackupd_config_script: move temp files into testfiles/tmp
This makes it easier to clean up all outputs of the test, making it rerunnable,
by just deleting the entire tmp directory.
Commit: da2f742b636a1a6353baddbc02469af48479239b
https://github.com/boxbackup/boxbackup/commit/da2f742b636a1a6353baddbc02469af48479239b
Author: Chris Wilson <chris+github at qwirx.com>
Date: 2019-05-13 (Mon, 13 May 2019)
Changed paths:
M lib/common/Test.cpp
M lib/common/Test.h
Log Message:
-----------
Test library: make old_failure_count a private variable
Commit: 906bfac7935396fe1fa15ed3f918987965313a75
https://github.com/boxbackup/boxbackup/commit/906bfac7935396fe1fa15ed3f918987965313a75
Author: Chris Wilson <chris+github at qwirx.com>
Date: 2019-05-13 (Mon, 13 May 2019)
Changed paths:
M lib/server/ServerStream.h
Log Message:
-----------
ServerStream: handle exceptions without killing server on Windows
Commit: 079556371b484fa8e7656c456a45426c04463893
https://github.com/boxbackup/boxbackup/commit/079556371b484fa8e7656c456a45426c04463893
Author: Chris Wilson <chris+github at qwirx.com>
Date: 2019-05-13 (Mon, 13 May 2019)
Changed paths:
M lib/server/SocketStreamTLS.cpp
M lib/server/TLSContext.cpp
Log Message:
-----------
SocketStreamTLS/TLSContext: improve SSL error messages
Commit: b416481815e35a78e9bcb3654c4ae1de4b61c7a6
https://github.com/boxbackup/boxbackup/commit/b416481815e35a78e9bcb3654c4ae1de4b61c7a6
Author: Chris Wilson <chris+github at qwirx.com>
Date: 2019-05-13 (Mon, 13 May 2019)
Changed paths:
M lib/backupstore/BackupStoreCheck.cpp
M lib/backupstore/BackupStoreCheck2.cpp
M lib/backupstore/BackupStoreRefCountDatabase.cpp
M lib/backupstore/BackupStoreRefCountDatabase.h
Log Message:
-----------
BackupStoreCheck: fix failure to compare refcounts of last object ID
Fix test that would randomly detect an extra change to the refcount of an
object, depending if the test broke the object with the highest unused object
ID (which depended on upload order).
Add ability to ignore changes to a specific object ID, and use it to ignore
changes to any newly-created lost+found directory, as these are expected.
(cherry picked from commit b911cb81ba6ee2cb5117947d00e9631420543c14)
Commit: 55aacf51d83c28d1046dcde84df6dc18cee808af
https://github.com/boxbackup/boxbackup/commit/55aacf51d83c28d1046dcde84df6dc18cee808af
Author: Chris Wilson <chris+github at qwirx.com>
Date: 2019-05-19 (Sun, 19 May 2019)
Changed paths:
M bin/bbackupd/bbackupd-config.in
M bin/bbackupquery/bbackupquery.cpp
M bin/bbstored/bbstored-certs.in
M bin/bbstored/bbstored-config.in
M lib/backupclient/BackupDaemonConfigVerify.cpp
M lib/bbackupd/BackupDaemon.cpp
M lib/common/BoxPortsAndFiles.h.in
M lib/server/ConnectionException.txt
M lib/server/Daemon.cpp
M lib/server/Daemon.h
M lib/server/ServerException.txt
M lib/server/ServerTLS.h
M lib/server/SocketStream.cpp
M lib/server/SocketStream.h
M lib/server/SocketStreamTLS.cpp
M lib/server/SocketStreamTLS.h
M lib/server/TLSContext.cpp
M lib/server/TLSContext.h
M test/backupstorefix/testbackupstorefix.cpp
M test/backupstorefix/testfiles/testbackupstorefix.pl.in
M test/basicserver/testbasicserver.cpp
A test/basicserver/testfiles/seclevel2-sha1/bbackupd.conf
A test/basicserver/testfiles/seclevel2-sha1/bbackupd/1234567-csr.pem
A test/basicserver/testfiles/seclevel2-sha1/bbackupd/1234567-key.pem
A test/basicserver/testfiles/seclevel2-sha1/bbackupd/NotifySysadmin.sh
A test/basicserver/testfiles/seclevel2-sha1/bbstored.conf
A test/basicserver/testfiles/seclevel2-sha1/bbstored/localhost-csr.pem
A test/basicserver/testfiles/seclevel2-sha1/bbstored/localhost-key.pem
A test/basicserver/testfiles/seclevel2-sha1/ca/clients/1234567-cert.pem
A test/basicserver/testfiles/seclevel2-sha1/ca/keys/clientRootCSR.pem
A test/basicserver/testfiles/seclevel2-sha1/ca/keys/clientRootKey.pem
A test/basicserver/testfiles/seclevel2-sha1/ca/keys/serverRootCSR.pem
A test/basicserver/testfiles/seclevel2-sha1/ca/keys/serverRootKey.pem
A test/basicserver/testfiles/seclevel2-sha1/ca/roots/clientCA.pem
A test/basicserver/testfiles/seclevel2-sha1/ca/roots/clientCA.srl
A test/basicserver/testfiles/seclevel2-sha1/ca/roots/serverCA.pem
A test/basicserver/testfiles/seclevel2-sha1/ca/roots/serverCA.srl
A test/basicserver/testfiles/seclevel2-sha1/ca/servers/localhost-cert.pem
A test/basicserver/testfiles/seclevel2-sha1/raidfile.conf
A test/basicserver/testfiles/seclevel2-sha256/bbackupd.conf
A test/basicserver/testfiles/seclevel2-sha256/bbackupd/1234567-csr.pem
A test/basicserver/testfiles/seclevel2-sha256/bbackupd/1234567-key.pem
A test/basicserver/testfiles/seclevel2-sha256/bbackupd/NotifySysadmin.sh
A test/basicserver/testfiles/seclevel2-sha256/bbstored.conf
A test/basicserver/testfiles/seclevel2-sha256/bbstored/localhost-csr.pem
A test/basicserver/testfiles/seclevel2-sha256/bbstored/localhost-key.pem
A test/basicserver/testfiles/seclevel2-sha256/ca/clients/1234567-cert.pem
A test/basicserver/testfiles/seclevel2-sha256/ca/keys/clientRootCSR.pem
A test/basicserver/testfiles/seclevel2-sha256/ca/keys/clientRootKey.pem
A test/basicserver/testfiles/seclevel2-sha256/ca/keys/serverRootCSR.pem
A test/basicserver/testfiles/seclevel2-sha256/ca/keys/serverRootKey.pem
A test/basicserver/testfiles/seclevel2-sha256/ca/roots/clientCA.pem
A test/basicserver/testfiles/seclevel2-sha256/ca/roots/clientCA.srl
A test/basicserver/testfiles/seclevel2-sha256/ca/roots/serverCA.pem
A test/basicserver/testfiles/seclevel2-sha256/ca/roots/serverCA.srl
A test/basicserver/testfiles/seclevel2-sha256/ca/servers/localhost-cert-sha1.pem
A test/basicserver/testfiles/seclevel2-sha256/ca/servers/localhost-cert.pem
A test/basicserver/testfiles/seclevel2-sha256/raidfile.conf
A test/basicserver/testfiles/srv3-insecure-daemon.conf
A test/basicserver/testfiles/srv3-seclevel2-sha1.conf
A test/basicserver/testfiles/srv3-seclevel2-sha256.conf
A test/basicserver/testfiles/srv4-noseclevel.conf
A test/basicserver/testfiles/srv4-seclevel1.conf
A test/basicserver/testfiles/srv4-seclevel2-insecure.conf
A test/basicserver/testfiles/srv4-seclevel2-secure.conf
R test/basicserver/testfiles/srv4.conf
M test/bbackupd/testbbackupd.cpp
Log Message:
-----------
Fix Debian bug 907135: weak certificates
Debian Linux have recently upgraded to OpenSSL 1.1.1, which has increased the
default global security level from 1 to 2. Level 2 does not accept certificates
with 1024-bit keys, and certificates signed with the SHA1 algorithm,
considering them to be weak and therefore dangerous. It now requires a minimum
of 2048-bit keys and SHA256 signatures. (At the time of writing, this change is
only in Debian Unstable, but it will eventually make its way into a stable
release.)
This has caused the following issues with Box Backup:
* All existing certificates are signed with the SHA1 algorithm, and can no longer be used (by default); and
* Some tests use 1024-bit certificates which can no longer be used either.
This change implements the workarounds to enable users to continue to use old certificates,
for the time being, with a warning:
* Ensure that new installations are secure (stronger certificates generated and required);
* Ensure that existing installations are not broken, even if they are considered "weak";
* Warn users if their certificates are (or might be) weak;
* Allow them to disable this warning if required (not recommended);
* Provide the option to not override the system-wide security level (which may be higher than 2 in future).
It does this by adding the new SSLSecurityLevel configuration option, fixing
the supplied scripts to generate stronger SSL certificates from now on,
replacing the old certificates used in tests, and adding tests for the issue.
If compiled with OpenSSL 1.0, existing behaviour will not change, and the
security level cannot be raised. The SSLSecurityLevel option is recognised, but
has no effect except to show a warning that it is not supported.
More work could be done on making it easier to regenerate certificates, however
some discussion is needed to come up with a plan that works and helps users.
See https://github.com/boxbackup/boxbackup/wiki/WeakSSLCertificates for more details.
Commit: 039c4a1277a9ace937f32fef77fd10721d801dcf
https://github.com/boxbackup/boxbackup/commit/039c4a1277a9ace937f32fef77fd10721d801dcf
Author: Chris Wilson <qris at users.noreply.github.com>
Date: 2019-05-19 (Sun, 19 May 2019)
Changed paths:
M bin/bbackupd/bbackupd-config.in
M bin/bbackupquery/bbackupquery.cpp
M bin/bbstored/bbstored-certs.in
M bin/bbstored/bbstored-config.in
M infrastructure/cmake/CMakeLists.txt
M infrastructure/cmake/windows/CMakeLists.txt
M infrastructure/m4/boxbackup_tests.m4
M lib/backupclient/BackupDaemonConfigVerify.cpp
M lib/backupstore/BackupStoreCheck.cpp
M lib/backupstore/BackupStoreCheck2.cpp
M lib/backupstore/BackupStoreRefCountDatabase.cpp
M lib/backupstore/BackupStoreRefCountDatabase.h
M lib/backupstore/StoreTestUtils.cpp
M lib/backupstore/StoreTestUtils.h
M lib/bbackupd/BackupDaemon.cpp
M lib/common/BoxException.h
M lib/common/BoxPortsAndFiles.h.in
M lib/common/Configuration.cpp
M lib/common/Configuration.h
M lib/common/FileStream.h
M lib/common/Test.cpp
M lib/common/Test.h
M lib/server/ConnectionException.txt
M lib/server/Daemon.cpp
M lib/server/Daemon.h
M lib/server/ServerControl.cpp
M lib/server/ServerControl.h
M lib/server/ServerException.txt
M lib/server/ServerStream.h
M lib/server/ServerTLS.h
M lib/server/SocketStream.cpp
M lib/server/SocketStream.h
M lib/server/SocketStreamTLS.cpp
M lib/server/SocketStreamTLS.h
M lib/server/TLSContext.cpp
M lib/server/TLSContext.h
M test/backupstorefix/testbackupstorefix.cpp
M test/backupstorefix/testfiles/testbackupstorefix.pl.in
M test/basicserver/testbasicserver.cpp
A test/basicserver/testfiles/seclevel2-sha1/bbackupd.conf
A test/basicserver/testfiles/seclevel2-sha1/bbackupd/1234567-csr.pem
A test/basicserver/testfiles/seclevel2-sha1/bbackupd/1234567-key.pem
A test/basicserver/testfiles/seclevel2-sha1/bbackupd/NotifySysadmin.sh
A test/basicserver/testfiles/seclevel2-sha1/bbstored.conf
A test/basicserver/testfiles/seclevel2-sha1/bbstored/localhost-csr.pem
A test/basicserver/testfiles/seclevel2-sha1/bbstored/localhost-key.pem
A test/basicserver/testfiles/seclevel2-sha1/ca/clients/1234567-cert.pem
A test/basicserver/testfiles/seclevel2-sha1/ca/keys/clientRootCSR.pem
A test/basicserver/testfiles/seclevel2-sha1/ca/keys/clientRootKey.pem
A test/basicserver/testfiles/seclevel2-sha1/ca/keys/serverRootCSR.pem
A test/basicserver/testfiles/seclevel2-sha1/ca/keys/serverRootKey.pem
A test/basicserver/testfiles/seclevel2-sha1/ca/roots/clientCA.pem
A test/basicserver/testfiles/seclevel2-sha1/ca/roots/clientCA.srl
A test/basicserver/testfiles/seclevel2-sha1/ca/roots/serverCA.pem
A test/basicserver/testfiles/seclevel2-sha1/ca/roots/serverCA.srl
A test/basicserver/testfiles/seclevel2-sha1/ca/servers/localhost-cert.pem
A test/basicserver/testfiles/seclevel2-sha1/raidfile.conf
A test/basicserver/testfiles/seclevel2-sha256/bbackupd.conf
A test/basicserver/testfiles/seclevel2-sha256/bbackupd/1234567-csr.pem
A test/basicserver/testfiles/seclevel2-sha256/bbackupd/1234567-key.pem
A test/basicserver/testfiles/seclevel2-sha256/bbackupd/NotifySysadmin.sh
A test/basicserver/testfiles/seclevel2-sha256/bbstored.conf
A test/basicserver/testfiles/seclevel2-sha256/bbstored/localhost-csr.pem
A test/basicserver/testfiles/seclevel2-sha256/bbstored/localhost-key.pem
A test/basicserver/testfiles/seclevel2-sha256/ca/clients/1234567-cert.pem
A test/basicserver/testfiles/seclevel2-sha256/ca/keys/clientRootCSR.pem
A test/basicserver/testfiles/seclevel2-sha256/ca/keys/clientRootKey.pem
A test/basicserver/testfiles/seclevel2-sha256/ca/keys/serverRootCSR.pem
A test/basicserver/testfiles/seclevel2-sha256/ca/keys/serverRootKey.pem
A test/basicserver/testfiles/seclevel2-sha256/ca/roots/clientCA.pem
A test/basicserver/testfiles/seclevel2-sha256/ca/roots/clientCA.srl
A test/basicserver/testfiles/seclevel2-sha256/ca/roots/serverCA.pem
A test/basicserver/testfiles/seclevel2-sha256/ca/roots/serverCA.srl
A test/basicserver/testfiles/seclevel2-sha256/ca/servers/localhost-cert-sha1.pem
A test/basicserver/testfiles/seclevel2-sha256/ca/servers/localhost-cert.pem
A test/basicserver/testfiles/seclevel2-sha256/raidfile.conf
A test/basicserver/testfiles/srv3-insecure-daemon.conf
A test/basicserver/testfiles/srv3-seclevel2-sha1.conf
A test/basicserver/testfiles/srv3-seclevel2-sha256.conf
A test/basicserver/testfiles/srv4-noseclevel.conf
A test/basicserver/testfiles/srv4-seclevel1.conf
A test/basicserver/testfiles/srv4-seclevel2-insecure.conf
A test/basicserver/testfiles/srv4-seclevel2-secure.conf
R test/basicserver/testfiles/srv4.conf
M test/bbackupd/testbbackupd.cpp
Log Message:
-----------
Merge pull request #36 from boxbackup/fix_debian_907135_ssl_key_size_merge
Debian Linux have recently upgraded to OpenSSL 1.1.1, which has increased the default global security level from 1 to 2. Level 2 does not accept certificates with 1024-bit keys, and certificates signed with the SHA1 algorithm, considering them to be weak and therefore dangerous. It now requires a minimum of 2048-bit keys and SHA256 signatures. (At the time of writing, this change is only in Debian Unstable, but it will eventually make its way into a stable release.)
This has caused the following issues with Box Backup:
* All existing certificates are signed with the SHA1 algorithm, and can no longer be used (by default); and
* Some tests use 1024-bit certificates which can no longer be used either.
This change implements the workarounds to enable users to continue to use old certificates,
for the time being, with a warning:
* Ensure that new installations are secure (stronger certificates generated and required);
* Ensure that existing installations are not broken, even if they are considered "weak";
* Warn users if their certificates are (or might be) weak;
* Allow them to disable this warning if required (not recommended);
* Provide the option to not override the system-wide security level (which may be higher than 2 in future).
It does this by adding the new SSLSecurityLevel configuration option, fixing the supplied scripts to generate stronger SSL certificates from now on, replacing the old certificates used in tests, and adding tests for the issue. If compiled with OpenSSL 1.0, existing behaviour will not change, and the security level cannot be raised. The SSLSecurityLevel option is recognised, but has no effect except to show a warning that it is not supported.
More work could be done on making it easier to regenerate certificates, however some discussion is needed to come up with a plan that works and helps users.
See https://github.com/boxbackup/boxbackup/wiki/WeakSSLCertificates for more details.
Compare: https://github.com/boxbackup/boxbackup/compare/2f5b556896ed...039c4a1277a9
More information about the Boxbackup-commit
mailing list