diff --git a/Makefile b/Makefile index c8948af2f374..e9185d4b33ed 100644 --- a/Makefile +++ b/Makefile @@ -23,12 +23,6 @@ GO ?= go GOFLAGS := # Set to 1 to use static linking for all builds (including tests). STATIC := -# The cockroach image to be used for starting Docker containers -# during acceptance tests. Usually cockroachdb/cockroach{,-dev} -# depending on the context. -COCKROACH_IMAGE := - -RUN := run # Variables to be overridden on the command line, e.g. # make test PKG=./storage TESTFLAGS=--vmodule=multiraft=1 @@ -43,20 +37,17 @@ DUPLFLAGS := -t 100 ifeq ($(STATIC),1) # The netgo build tag instructs the net package to try to build a -# Go-only resolver. +# Go-only resolver. As of Go 1.5, netgo is the default...but apparently +# not when using cgo (???). TAGS += netgo -# The installsuffix makes sure we actually get the netgo build, see -# https://github.com/golang/go/issues/9369#issuecomment-69864440 -GOFLAGS += -installsuffix netgo -LDFLAGS += -extldflags "-static" +LDFLAGS += -extldflags '-static' endif .PHONY: all all: build test check -# On a release build, rebuild everything (except stdlib) -# to make sure that the 'release' build tag is taken -# into account. +# On a release build, rebuild everything to make sure that the +# 'release' build tag is taken into account. .PHONY: release release: TAGS += release release: GOFLAGS += -a diff --git a/sql/logic_test.go b/sql/logic_test.go index 63fa5478b2d6..9fcd7f25c930 100644 --- a/sql/logic_test.go +++ b/sql/logic_test.go @@ -204,27 +204,25 @@ func (t *logicTest) setUser(tempDir, user string) { if err != nil { t.Fatal(err) } - dir, err := os.Getwd() - if err != nil { - t.Fatal(err) - } - certDir := filepath.Join(filepath.Dir(dir), "resource", security.EmbeddedCertsDir) - certPath := security.ClientCertPath(certDir, user) - keyPath := security.ClientKeyPath(certDir, user) + caPath := filepath.Join(security.EmbeddedCertsDir, "ca.crt") + certPath := security.ClientCertPath(security.EmbeddedCertsDir, user) + keyPath := security.ClientKeyPath(security.EmbeddedCertsDir, user) - // `github.com/lib/pq` requires that private key file permissions are - // "u=rw (0600) or less". - tmpKeyPath := tempRestrictedCopy(t.T, keyPath, tempDir) + // Copy these assets to disk from embedded strings, so this test can + // run from a standalone binary. + tempCAPath, _ := tempRestrictedCopy(t.T, tempDir, caPath, "TestLogic_ca") + tempCertPath, _ := tempRestrictedCopy(t.T, tempDir, certPath, "TestLogic_cert") + tempKeyPath, _ := tempRestrictedCopy(t.T, tempDir, keyPath, "TestLogic_key") pgUrl := url.URL{ Scheme: "postgres", User: url.User(user), Host: net.JoinHostPort(host, port), RawQuery: fmt.Sprintf("sslmode=verify-full&sslrootcert=%s&sslcert=%s&sslkey=%s", - url.QueryEscape(filepath.Join(certDir, "ca.crt")), - url.QueryEscape(certPath), - url.QueryEscape(tmpKeyPath), + url.QueryEscape(tempCAPath), + url.QueryEscape(tempCertPath), + url.QueryEscape(tempKeyPath), ), } @@ -254,8 +252,7 @@ func (t *logicTest) run(path string) { // MySQL or Postgres instance. t.srv = setupTestServer(t.T) - // `github.com/lib/pq` requires that private key file permissions are - // "u=rw (0600) or less". + // Make a temporary directory to hold all our on-disk crypto assets. tempDir, err := ioutil.TempDir(os.TempDir(), "TestLogic") if err != nil { t.Fatal(err) diff --git a/sql/main_test.go b/sql/main_test.go index 7d7cea8ded67..7a38a499e901 100644 --- a/sql/main_test.go +++ b/sql/main_test.go @@ -22,7 +22,7 @@ import ( "database/sql" "fmt" "io/ioutil" - "path/filepath" + "os" "testing" "github.com/cockroachdb/cockroach/client" @@ -123,16 +123,32 @@ func cleanup(s *server.TestServer, db *sql.DB) { cleanupTestServer(s) } -// `github.com/lib/pq` requires that private key file permissions are -// "u=rw (0600) or less". -func tempRestrictedCopy(t *testing.T, keyPath, tempDir string) string { - key, err := ioutil.ReadFile(keyPath) +func tempRestrictedCopy(t *testing.T, tempdir, path, prefix string) (string, func()) { + contents, err := securitytest.Asset(path) if err != nil { t.Fatal(err) } - tmpKeyPath := filepath.Join(tempDir, "tempRestrictedCopy") - if err := ioutil.WriteFile(tmpKeyPath, key, 0600); err != nil { + + tempFile, err := ioutil.TempFile(tempdir, prefix) + if err != nil { + t.Fatal(err) + } + if err := tempFile.Close(); err != nil { + t.Fatal(err) + } + tempPath := tempFile.Name() + if err := os.Remove(tempPath); err != nil { + t.Fatal(err) + } + // `github.com/lib/pq` requires that private key file permissions are + // "u=rw (0600) or less". + if err := ioutil.WriteFile(tempPath, contents, 0600); err != nil { t.Fatal(err) } - return tmpKeyPath + return tempPath, func() { + if err := os.Remove(tempPath); err != nil { + // Not Fatal() because we might already be panicking. + t.Error(err) + } + } } diff --git a/sql/pgwire_test.go b/sql/pgwire_test.go index cc13f1568c7e..fab3e845ce46 100644 --- a/sql/pgwire_test.go +++ b/sql/pgwire_test.go @@ -20,11 +20,9 @@ package sql_test import ( "database/sql" "fmt" - "io/ioutil" "net" "net/url" "os" - "path/filepath" "testing" "github.com/lib/pq" @@ -36,8 +34,8 @@ import ( "github.com/cockroachdb/cockroach/util/leaktest" ) -func trivialQuery(datasource string) error { - db, err := sql.Open("postgres", datasource) +func trivialQuery(pgUrl url.URL) error { + db, err := sql.Open("postgres", pgUrl.String()) if err != nil { return err } @@ -51,29 +49,16 @@ func trivialQuery(datasource string) error { func TestPGWire(t *testing.T) { defer leaktest.AfterTest(t) - dir, err := os.Getwd() - if err != nil { - t.Fatal(err) - } - certDir := filepath.Join(filepath.Dir(dir), "resource", security.EmbeddedCertsDir) - certUser := server.TestUser - certPath := security.ClientCertPath(certDir, certUser) - keyPath := security.ClientKeyPath(certDir, certUser) + certPath := security.ClientCertPath(security.EmbeddedCertsDir, certUser) + keyPath := security.ClientKeyPath(security.EmbeddedCertsDir, certUser) - // `github.com/lib/pq` requires that private key file permissions are - // "u=rw (0600) or less". - tempDir, err := ioutil.TempDir(os.TempDir(), "TestPGWire") - if err != nil { - t.Fatal(err) - } - defer func() { - if err := os.RemoveAll(tempDir); err != nil { - // Not Fatal() because we might already be panicking. - t.Error(err) - } - }() - tmpKeyPath := tempRestrictedCopy(t, keyPath, tempDir) + // Copy these assets to disk from embedded strings, so this test can + // run from a standalone binary. + tempCertPath, tempCertCleanup := tempRestrictedCopy(t, os.TempDir(), certPath, "TestPGWire_cert") + defer tempCertCleanup() + tempKeyPath, tempKeyCleanup := tempRestrictedCopy(t, os.TempDir(), keyPath, "TestPGWire_key") + defer tempKeyCleanup() for _, insecure := range [...]bool{true, false} { ctx := server.NewTestContext() @@ -89,7 +74,7 @@ func TestPGWire(t *testing.T) { Scheme: "postgres", Host: net.JoinHostPort(host, port), } - if err := trivialQuery(basePgUrl.String()); err != nil { + if err := trivialQuery(basePgUrl); err != nil { if insecure { if err != pq.ErrSSLNotSupported { t.Fatal(err) @@ -104,7 +89,7 @@ func TestPGWire(t *testing.T) { { disablePgUrl := basePgUrl disablePgUrl.RawQuery = "sslmode=disable" - err := trivialQuery(disablePgUrl.String()) + err := trivialQuery(disablePgUrl) if insecure { if err != nil { t.Fatal(err) @@ -119,7 +104,7 @@ func TestPGWire(t *testing.T) { { requirePgUrlNoCert := basePgUrl requirePgUrlNoCert.RawQuery = "sslmode=require" - err := trivialQuery(requirePgUrlNoCert.String()) + err := trivialQuery(requirePgUrlNoCert) if insecure { if err != pq.ErrSSLNotSupported { t.Fatal(err) @@ -136,10 +121,10 @@ func TestPGWire(t *testing.T) { requirePgUrlWithCert := basePgUrl requirePgUrlWithCert.User = url.User(optUser) requirePgUrlWithCert.RawQuery = fmt.Sprintf("sslmode=require&sslcert=%s&sslkey=%s", - url.QueryEscape(certPath), - url.QueryEscape(tmpKeyPath), + url.QueryEscape(tempCertPath), + url.QueryEscape(tempKeyPath), ) - err := trivialQuery(requirePgUrlWithCert.String()) + err := trivialQuery(requirePgUrlWithCert) if insecure { if err != pq.ErrSSLNotSupported { t.Fatal(err)