test: Remove obsolete driusan/dkim and dkimpy tests

This patch removes the integration tests that covered using driusan/dkim and dkimpy's tools in the example hook. Now that we have internal DKIM support, the example hook doesn't attempt to use them, so we can remove the tests that cover it. Those tools, and other DKIM implementations, can still be used in the post-data hook just as before.
2025-12-27 16:17:03 +00:00 · 2024-03-09 21:51:10 +00:00
parent 5eded4edc3
commit 8abed11ede
12 changed files with 0 additions and 242 deletions
--- a/test/t-15-driusan_dkim/config/chasquid.conf
+++ b/test/t-15-driusan_dkim/config/chasquid.conf
@@ -1,10 +0,0 @@
-smtp_address: ":1025"
-submission_address: ":1587"
-submission_over_tls_address: ":1465"
-monitoring_address: ":1099"
-
-mail_delivery_agent_bin: "test-mda"
-mail_delivery_agent_args: "%to%"
-
-data_dir: "../.data"
-mail_log_path: "../.logs/mail_log"
--- a/test/t-15-driusan_dkim/config/domains/testserver/dkim_selector
+++ b/test/t-15-driusan_dkim/config/domains/testserver/dkim_selector
@@ -1 +0,0 @@
-testselector1
--- a/test/t-15-driusan_dkim/config/hooks/post-data
+++ b/test/t-15-driusan_dkim/config/hooks/post-data
@@ -1,19 +0,0 @@
-#!/bin/bash
-
-# If authenticated, sign; otherwise, verify.
-#
-# It is not recommended that we fail delivery on dkim verification failures,
-# but leave it to the MUA to handle verifications.
-# https://tools.ietf.org/html/rfc6376#section-2.2
-#
-# We do a verification here so we have a stronger integration test (check
-# encodings/dot-stuffing/etc. works ok), but it's not recommended for general
-# purposes.
-
-if [ "$AUTH_AS" != "" ]; then
-	DOMAIN=$( echo "$MAIL_FROM" | cut -d '@' -f 2 )
-	exec dkimsign -n -hd -key ../.dkimcerts/private.pem \
-		-s $(cat "domains/$DOMAIN/dkim_selector") -d "$DOMAIN"
-fi
-
-exec dkimverify -txt ../.dkimcerts/dns.txt
--- a/test/t-15-driusan_dkim/content
+++ b/test/t-15-driusan_dkim/content
@@ -1,9 +0,0 @@
-Subject: Prueba desde el test
-To: someone@testserver
-
-Crece desde el test el futuro
-Crece desde el test
-
-.
-
-El punto de arriba testea el dot-stuffing, que es importante para DKIM.
--- a/test/t-15-driusan_dkim/hosts
+++ b/test/t-15-driusan_dkim/hosts
@@ -1 +0,0 @@
-testserver localhost
--- a/test/t-15-driusan_dkim/run.sh
+++ b/test/t-15-driusan_dkim/run.sh
@@ -1,57 +0,0 @@
-#!/bin/bash
-#
-# Test integration with driusan's DKIM tools.
-# https://github.com/driusan/dkim
-
-set -e
-. "$(dirname "$0")/../util/lib.sh"
-
-init
-check_hostaliases
-
-for binary in dkimsign dkimverify dkimkeygen; do
-	if ! command -v $binary > /dev/null; then
-		skip "$binary binary not found"
-	fi
-done
-
-generate_certs_for testserver
-( mkdir -p .dkimcerts; cd .dkimcerts; dkimkeygen )
-
-add_user user@testserver secretpassword
-add_user someone@testserver secretpassword
-
-mkdir -p .logs
-chasquid -v=2 --logfile=.logs/chasquid.log --config_dir=config &
-wait_until_ready 1465
-
-# Authenticated: user@testserver -> someone@testserver
-# Should be signed.
-smtpc --addr=localhost:1465 \
-	--server_cert=config/certs/testserver/fullchain.pem \
-	--user=user@testserver --password=secretpassword \
-	someone@testserver < content
-wait_for_file .mail/someone@testserver
-mail_diff content .mail/someone@testserver
-grep -q "DKIM-Signature:" .mail/someone@testserver
-
-# Verify the signature manually, just in case.
-dkimverify -txt .dkimcerts/dns.txt < .mail/someone@testserver
-
-# Save the signed mail so we can verify it later.
-# Drop the first line ("From blah") so it can be used as email contents.
-tail -n +2 .mail/someone@testserver > .signed_content
-
-# Not authenticated: someone@testserver -> someone@testserver
-smtpc --addr=localhost:1025 \
-	--from=someone@testserver someone@testserver < .signed_content
-
-# Check that the signature fails on modified content.
-echo "Added content, invalid and not signed" >> .signed_content
-if smtpc --addr=localhost:1025 \
-	--from=someone@testserver someone@testserver < .signed_content \
-	> /dev/null 2>&1 ; then
-	fail "DKIM verification succeeded on modified content"
-fi
-
-success
--- a/test/t-19-dkimpy/config/chasquid.conf
+++ b/test/t-19-dkimpy/config/chasquid.conf
@@ -1,10 +0,0 @@
-smtp_address: ":1025"
-submission_address: ":1587"
-submission_over_tls_address: ":1465"
-monitoring_address: ":1099"
-
-mail_delivery_agent_bin: "test-mda"
-mail_delivery_agent_args: "%to%"
-
-data_dir: "../.data"
-mail_log_path: "../.logs/mail_log"
--- a/test/t-19-dkimpy/config/domains/testserver/dkim_selector
+++ b/test/t-19-dkimpy/config/domains/testserver/dkim_selector
@@ -1 +0,0 @@
-testselector1
--- a/test/t-19-dkimpy/config/hooks/post-data
+++ b/test/t-19-dkimpy/config/hooks/post-data
@@ -1,42 +0,0 @@
-#!/bin/bash
-
-# If authenticated, sign; otherwise, verify.
-#
-# It is not recommended that we fail delivery on dkim verification failures,
-# but leave it to the MUA to handle verifications.
-# https://tools.ietf.org/html/rfc6376#section-2.2
-#
-# We do a verification here so we have a stronger integration test (check
-# encodings/dot-stuffing/etc. works ok), but it's not recommended for general
-# purposes.
-
-set -e
-
-TF="$(mktemp --tmpdir post-data-XXXXXXXXXX)"
-trap 'rm "$TF"' EXIT
-
-# Save the message to the temporary file.
-cat > "$TF"
-
-if [ "$AUTH_AS" != "" ]; then
-	DOMAIN=$( echo "$MAIL_FROM" | cut -d '@' -f 2 )
-
-	# Call /usr/bin/dkimsign directly to prevent a conflict with
-	# driusan/dkim, which the integration tests install in ~/go/bin.
-	/usr/bin/dkimsign \
-		"$(cat "domains/$DOMAIN/dkim_selector")" \
-		"$DOMAIN" \
-		"../.dkimcerts/private.key" \
-		< "$TF" > "$TF.dkimout"
-	# dkimpy doesn't provide a way to just show the new headers, so we
-	# have to compute the difference.
-	diff --changed-group-format='%>' \
-		--unchanged-group-format='' \
-		"$TF" "$TF.dkimout" && exit 1
-	rm "$TF.dkimout"
-else
-	# NOTE: This is using driusan/dkim instead of dkimpy, because dkimpy can't be
-	# overridden to get the DNS information from anywhere else (text file or custom
-	# DNS server).
-	dkimverify -txt ../.dkimcerts/private.dns < "$TF"
-fi
--- a/test/t-19-dkimpy/content
+++ b/test/t-19-dkimpy/content
@@ -1,9 +0,0 @@
-Subject: Prueba desde el test
-To: someone@testserver
-
-Crece desde el test el futuro
-Crece desde el test
-
-.
-
-El punto de arriba testea el dot-stuffing, que es importante para DKIM.
--- a/test/t-19-dkimpy/hosts
+++ b/test/t-19-dkimpy/hosts
@@ -1 +0,0 @@
-testserver localhost
--- a/test/t-19-dkimpy/run.sh
+++ b/test/t-19-dkimpy/run.sh
@@ -1,82 +0,0 @@
-#!/bin/bash
-#
-# Test integration with dkimpy.
-
-set -e
-. "$(dirname "$0")/../util/lib.sh"
-
-init
-check_hostaliases
-
-# Check if dkimpy tools are installed in /usr/bin, and driusan/dkim is
-# installed somewhere else in $PATH.
-#
-# Unfortunately we need both because dkimpy's dkimverify lacks the features
-# needed to use it in integration testing.
-#
-# We need to run them and check the help because there are other binaries with
-# the same name.
-# This is really hacky but the most practical way to handle it, since they
-# both have the same binary names.
-if ! /usr/bin/dkimsign --help 2>&1 | grep -q -- --identity; then
-	skip "/usr/bin/dkimsign is not dkimpy's"
-fi
-if ! dkimverify --help 2>&1 < /dev/null | grep -q -- "-txt string"; then
-	skip "dkimverify is not driusan/dkim's"
-fi
-
-generate_certs_for testserver
-( mkdir -p .dkimcerts; cd .dkimcerts; dknewkey private > log 2>&1 )
-
-# Some dkimpy versions have a bug where it can't parse the keys generated by
-# its own key generator. Detect if that's the case, and if so, skip the test.
-# See https://bugs.launchpad.net/dkimpy/+bug/1978835.
-if ! /usr/bin/dkimsign \
-	testselector1 testserver .dkimcerts/private.key \
-	< content 2>&1 | grep -q "DKIM-Signature:"
-then
-	skip "buggy dkimpy version"
-fi
-
-add_user user@testserver secretpassword
-add_user someone@testserver secretpassword
-
-mkdir -p .logs
-chasquid -v=2 --logfile=.logs/chasquid.log --config_dir=config &
-wait_until_ready 1025
-
-# Authenticated: user@testserver -> someone@testserver
-# Should be signed.
-smtpc --addr=localhost:1465 \
-	--server_cert=config/certs/testserver/fullchain.pem \
-	--user=user@testserver --password=secretpassword \
-	someone@testserver < content
-wait_for_file .mail/someone@testserver
-mail_diff content .mail/someone@testserver
-if ! grep -q "DKIM-Signature:" .mail/someone@testserver; then
-	fail "mail not signed, DKIM-Signature header missing"
-fi
-
-# Verify the signature manually, just in case.
-# NOTE: This is using driusan/dkim instead of dkimpy, because dkimpy can't be
-# overridden to get the DNS information from anywhere else (text file or custom
-# DNS server).
-dkimverify -txt .dkimcerts/private.dns < .mail/someone@testserver
-
-# Save the signed mail so we can verify it later.
-# Drop the first line ("From blah") so it can be used as email contents.
-tail -n +2 .mail/someone@testserver > .signed_content
-
-# Not authenticated: someone@testserver -> someone@testserver
-smtpc --addr=localhost:1025 \
-	--from=someone@testserver someone@testserver < .signed_content
-
-# Check that the signature fails on modified content.
-echo "Added content, invalid and not signed" >> .signed_content
-if smtpc --addr=localhost:1025 \
-	--from=someone@testserver someone@testserver < .signed_content \
-	> /dev/null 2>&1 ; then
-	fail "DKIM verification succeeded on modified content"
-fi
-
-success