commit apache-rex for openSUSE:Factory

3 Nov 2019

Hello community,

here is the log from the commit of package apache-rex for openSUSE:Factory checked in at 2019-11-03 10:30:50
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apache-rex (Old)
 and      /work/SRC/openSUSE:Factory/.apache-rex.new.2990 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "apache-rex"

Sun Nov  3 10:30:50 2019 rev:15 rq:743665 version:20191022

Changes:
--------

--- /work/SRC/openSUSE:Factory/apache-rex/apache-rex.changes	2019-09-17 13:36:37.533850355 +0200
+++ /work/SRC/openSUSE:Factory/.apache-rex.new.2990/apache-rex.changes	2019-11-03 10:30:55.489018900 +0100
@@ -1,0 +2,19 @@
+Tue Oct 22 06:19:52 UTC 2019 - pgajdos@suse.com
+
+- version update to 20191022
+  * add softshm support 
+  * new
+    . mod_whatkilledus-basic
+    . mod_diagnostics-basic
+    . mod_ssl-pkcs11
+  * expand
+    . core-ErrorLogFormat-basic
+    . mod_ssl-basic
+    . core-KeepAlive-basic
+    . mod_log_config-basic
+    . mod_log_debug-basic
+    . mod_dumpio-basic
+    . mod_log_forensic-basic
+    . mod_unique_id-basic
+
+-------------------------------------------------------------------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ apache-rex.spec ++++++
--- /var/tmp/diff_new_pack.X7U6yf/_old	2019-11-03 10:30:56.645020283 +0100
+++ /var/tmp/diff_new_pack.X7U6yf/_new	2019-11-03 10:30:56.649020287 +0100
@@ -25,7 +25,7 @@
 %define macros_file           macros.apache-rex
 
 Name:           apache-rex
-Version:        20190906
+Version:        20191022
 Release:        0
 Summary:        Script for Apache HTTPD Runnable Examples
 License:        Apache-2.0

++++++ apache-rex.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/README.md new/apache-rex/README.md
--- old/apache-rex/README.md	2019-09-06 11:45:01.183616776 +0200
+++ new/apache-rex/README.md	2019-10-22 08:18:35.629562689 +0200
@@ -101,6 +101,8 @@
 * `pre-run.sh` (optional)  
   Shows what has to be done before apache start (e. g. place test ssl 
   certificate on correct place). `pre-run.sh` return value is not checked.
+  It can write `$AREX_RUN_DIR/server_environment`, which will be sourced
+  into httpd environment.
 * `run.sh` (required)  
   Determines an example flow. Script exits `0` in case whole example passed
   or number of failed subexample. If there are more subexamples failing, 
@@ -152,4 +154,5 @@
   Full path to `sed` command (required for some Filter example definitions).
 * `AREX_ROTATELOGS_COMMAND`  
   Full path to `rotatelogs` or `rotatelogs2` command (required e. g. in piped logs).
-
+* `AREX_SOFTHSM2_SO`
+  mailny used in lib/softhsm, it is softhsm shared library module
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/contents new/apache-rex/contents
--- old/apache-rex/contents	2019-09-06 11:45:01.227617040 +0200
+++ new/apache-rex/contents	2019-10-22 08:18:35.613562599 +0200
@@ -155,7 +155,7 @@
 mod_cache-filter
 mod_file_cache-basic
 mod_expires-basic
-mod_unique-id-basic
+mod_unique_id-basic
 mod_lua-basic
 mod_lua-authz-provider
 mod_lua-authz-provider-abz57204
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/core-ErrorLogFormat-basic/example.conf new/apache-rex/core-ErrorLogFormat-basic/example.conf
--- old/apache-rex/core-ErrorLogFormat-basic/example.conf	2019-09-06 11:45:03.447630371 +0200
+++ new/apache-rex/core-ErrorLogFormat-basic/example.conf	2019-10-22 08:18:35.669562914 +0200
@@ -1,2 +1,2 @@
-ErrorLogFormat "[MYLOGFORMAT] %M [MYLOGFORMAT]"
+ErrorLogFormat "[MYLOGFORMAT] [DATE]%t[DATE] [MESSAGE]%M[MESSAGE] [MYLOGFORMAT]"
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/core-ErrorLogFormat-basic/run.sh new/apache-rex/core-ErrorLogFormat-basic/run.sh
--- old/apache-rex/core-ErrorLogFormat-basic/run.sh	2019-09-06 11:45:03.447630371 +0200
+++ new/apache-rex/core-ErrorLogFormat-basic/run.sh	2019-10-22 08:18:35.669562914 +0200
@@ -3,4 +3,11 @@
 echo "[1] error_log contains specified format"
 cat $AREX_RUN_DIR/error_log | grep "[MYLOGFORMAT].*[MYLOGFORMAT]" || exit_code=1
 
+echo "[2] server time (time in an error_log) timezone matches system one"
+servertimesec=$(tail -n 1 $AREX_RUN_DIR/error_log | sed 's:.*[DATE]\(.*\)[DATE].*::' | date +%s)
+systemtimesec=$(date +%s)
+difference=$((systemtimesec-servertimesec))
+echo $servertimesec - $systemtimesec = $difference
+[ $difference -lt 5 ] || exit_code=2
+
 exit $exit_code
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/core-KeepAlive-basic/MODULES new/apache-rex/core-KeepAlive-basic/MODULES
--- old/apache-rex/core-KeepAlive-basic/MODULES	2019-09-06 11:45:01.123616416 +0200
+++ new/apache-rex/core-KeepAlive-basic/MODULES	2019-10-22 08:18:35.617562622 +0200
@@ -0,0 +1 @@
+version
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/core-KeepAlive-basic/example.conf.in new/apache-rex/core-KeepAlive-basic/example.conf.in
--- old/apache-rex/core-KeepAlive-basic/example.conf.in	2019-09-06 11:45:01.123616416 +0200
+++ new/apache-rex/core-KeepAlive-basic/example.conf.in	2019-10-22 08:18:35.617562622 +0200
@@ -1,3 +1,10 @@
+<IfVersion >= 2.4.0>
+  LogLevel debug
+  # http://httpd.apache.org/docs/2.4/mod/core.html#errorlogformat
+  ErrorLogFormat "[%{uc}t] [%-m:%-l] [R:%L] [C:%{C}L] %7F: %E: %M"
+  ErrorLogFormat request "[%{uc}t] [R:%L] Request %k on C:%{c}L pid:%P tid:%T"
+  ErrorLogFormat connection "[%{uc}t] [C:%{c}L] local\ %a remote\ %A"
+</IfVersion>
 Listen @AREX_PORT1@
 <VirtualHost *:@AREX_PORT1@>
   DocumentRoot @AREX_RUN_DIR@/htdocs-vh1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/core-KeepAlive-basic/run.sh new/apache-rex/core-KeepAlive-basic/run.sh
--- old/apache-rex/core-KeepAlive-basic/run.sh	2019-09-06 11:45:01.123616416 +0200
+++ new/apache-rex/core-KeepAlive-basic/run.sh	2019-10-22 08:18:35.617562622 +0200
@@ -18,4 +18,11 @@
            http://localhost:$AREX_PORT2/apache_pb.png > $AREX_RUN_DIR/out-vh2 2>&1
 grep -a 'Re-using existing connection'  $AREX_RUN_DIR/out-vh2 && exit_code=2
 
+if [ $AREX_APACHE_VERSION -ge 20400 ]; then
+  echo "[3] error_log containing requests to connections according"
+  cat $AREX_RUN_DIR/error_log | grep 'Request [01]' | tee $AREX_RUN_DIR/requests-to-conections
+  [ $(grep -c 'Request 0' $AREX_RUN_DIR/requests-to-conections) -eq 3 ] || exit_code=3
+  [ $(grep -c 'Request 1' $AREX_RUN_DIR/requests-to-conections) -eq 1 ] || exit_code=3
+fi
+
 exit $exit_code
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/core-LogLevel-basic/example.conf.in new/apache-rex/core-LogLevel-basic/example.conf.in
--- old/apache-rex/core-LogLevel-basic/example.conf.in	2019-09-06 11:45:03.563631068 +0200
+++ new/apache-rex/core-LogLevel-basic/example.conf.in	2019-10-22 08:18:35.677562959 +0200
@@ -1,8 +1,14 @@
 <IfVersion >= 2.4>
   # http://events.linuxfoundation.org/sites/events/files/slides/AC2014-Debug.pdf
-  <If "%{REMOTE_ADDR} =~ /(127.0.0|::1)/">
-    LogLevel trace8
-  </If>
+  <Location /problem/>
+    LogLevel info
+    <If "%{REMOTE_ADDR} =~ /(127.0.0|::1)/">
+      LogLevel trace4
+    </If>
+  </Location>
+  <Location /no-problem/>
+    LogLevel trace3
+  </Location>
 </IfVersion>
 <IfVersion < 2.4>
   LogLevel debug
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/core-LogLevel-basic/run.sh new/apache-rex/core-LogLevel-basic/run.sh
--- old/apache-rex/core-LogLevel-basic/run.sh	2019-09-06 11:45:03.563631068 +0200
+++ new/apache-rex/core-LogLevel-basic/run.sh	2019-10-22 08:18:35.677562959 +0200
@@ -1,9 +1,18 @@
 exit_code=0
 
-echo "[1] LogLevel setting depending on %{REMOTE_ADDR}"
-curl -s http://localhost:$AREX_PORT/ > /dev/null
+mkdir $AREX_DOCUMENT_ROOT/no-problem/
+echo 'index' > $AREX_DOCUMENT_ROOT/no-problem/index.html
+
+echo "[1] LogLevel setting depending on %{REMOTE_ADDR} and location"
+curl -s http://localhost:$AREX_PORT/problem/ > /dev/null
+curl -s http://localhost:$AREX_PORT/no-problem/ > /dev/null
 if [ $AREX_APACHE_VERSION -ge 20400 ]; then
-  grep 'http:trace[1-8]' $AREX_RUN_DIR/error_log || exit_code=1
+  echo 'trace3 in both requests'
+  grep 'http:trace3.*Response' $AREX_RUN_DIR/error_log | tee $AREX_RUN_DIR/trace3-response.txt
+  [ $(cat $AREX_RUN_DIR/trace3-response.txt | wc -l) -eq 2 ] || exit_code=1
+  echo 'trace4 in first only'
+  grep 'http:trace4.*Content-Length' $AREX_RUN_DIR/error_log | tee $AREX_RUN_DIR/trace4-content-length.txt
+  [ $(cat $AREX_RUN_DIR/trace4-content-length.txt | wc -l) -eq 1 ] || exit_code=1
 else
   grep '\[debug\]' $AREX_RUN_DIR/error_log || exit_code=1
 fi
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/debug-coredump/run.sh new/apache-rex/debug-coredump/run.sh
--- old/apache-rex/debug-coredump/run.sh	2019-09-06 11:45:03.299629483 +0200
+++ new/apache-rex/debug-coredump/run.sh	2019-10-22 08:18:35.661562869 +0200
@@ -33,7 +33,9 @@
 
 if [ -e $AREX_RUN_DIR/core ]; then
   echo
-  echo 'bt' | gdb $AREX_RUN_DIR/core 2>/dev/null | grep 'Core was generated by.*httpd' || exit_code=1
+  echo 'bt' | gdb $AREX_RUN_DIR/core 2>/dev/null > $AREX_RUN_DIR/backtrace
+  grep '^#' $AREX_RUN_DIR/backtrace
+  grep 'Core was generated by.*httpd' $AREX_RUN_DIR/backtrace || exit_code=1
 fi
 
 exit $exit_code
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/debug-coredump/skip.sh new/apache-rex/debug-coredump/skip.sh
--- old/apache-rex/debug-coredump/skip.sh	2019-09-06 11:45:03.299629483 +0200
+++ new/apache-rex/debug-coredump/skip.sh	2019-10-22 08:18:35.661562869 +0200
@@ -1,9 +1,8 @@
-# REASON: ulimit -c is zero or could not obtain coredump from coredumpctl
+# REASON: ulimit -c is zero or does not have coredumpctl (or permissions)
 skip_exit_code=1
 [ "$(ulimit -c)" == "0" ] && skip_exit_code=0
 # System appears to write coredumps to systemd-coredump
-# but do not have coredumpctl. I have no solution for 
-# this situation now.
-[ "$AREX_HAVE_SYSTEMD_COREDUMP" == "1" ] && ! [ $(which coredumpctl 2>/dev/null) ] && skip_exit_code=0
+# but do not have coredumpctl abilities.
+[ "$AREX_HAVE_SYSTEMD_COREDUMP" == "0" ] && skip_exit_code=0
 exit $skip_exit_code
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/lib/openssl new/apache-rex/lib/openssl
--- old/apache-rex/lib/openssl	2019-09-06 11:45:03.311629554 +0200
+++ new/apache-rex/lib/openssl	2019-10-22 08:18:35.661562869 +0200
@@ -208,3 +208,10 @@
                | grep 'Cert Status' | sed 's/.*Cert Status:[^a-z]*\([a-z]*\)[^a-z]*/\1/'
 }
 
+function openssl_pem_to_der()
+{
+  pem_file=$1
+  der_file=$2
+  openssl rsa -in $pem_file -inform pem -out $der_file -outform der
+}
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/lib/processman new/apache-rex/lib/processman
--- old/apache-rex/lib/processman	2019-09-06 11:45:03.311629554 +0200
+++ new/apache-rex/lib/processman	2019-10-22 08:18:35.661562869 +0200
@@ -17,7 +17,7 @@
   lsof -i | grep ":$port (LISTEN)" && return 1 || return 0
 }
 
-function httpd_restart
+function httpd_restart()
 {
   ps -A | grep httpd
   kill -HUP $(cat $AREX_RUN_DIR/pid)
@@ -26,3 +26,9 @@
   ps -A | grep httpd
 }
 
+function a_child_pid()
+{
+  main_process_pid=$(cat $AREX_RUN_DIR/pid)
+  ps -A | grep httpd | grep -v "$main_process_pid" | head -n 1 | sed 's:^\s*\([0-9]*\).*:\1:'
+}
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/lib/softhsm new/apache-rex/lib/softhsm
--- old/apache-rex/lib/softhsm	1970-01-01 01:00:00.000000000 +0100
+++ new/apache-rex/lib/softhsm	2019-10-22 08:18:35.661562869 +0200
@@ -0,0 +1,79 @@
+#!/bin/bash
+
+source $(dirname ${BASH_SOURCE[0]})/openssl
+
+shsm2_pin=1234
+shsm2_puk=4321
+
+# create the softhsm database, which is a plain dir
+function softhsm2_create_database()
+{
+  dir=$1
+  shsm2_database_dir="$dir/softhsm.db"
+  echo -n "~ Creating $shsm2_database_dir .. "
+  mkdir -p $shsm2_database_dir
+  echo '~ .. done.'
+}
+
+# create softhsm configuration pointing to the database
+function softhsm2_configuration()
+{
+  dir=$1
+  shsm2_database_dir="$dir/softhsm.db"
+  shsm2_configuration_file="$dir/softhsm.conf"
+  echo -n '~ Creating softhsm2 configuration file .. '
+  echo 'objectstore.backend = file'                 >> $shsm2_configuration_file
+  echo "directories.tokendir = $shsm2_database_dir" >  $shsm2_configuration_file
+  echo 'done.'
+  echo '~ Exporting SOFTHSM2_CONF' 
+}
+
+# inits a softhsm token in the slot
+function softhsm2_init_token()
+{
+  dir=$1
+  label=$2
+  echo '~ Creating softhsm2 token ... '
+  export SOFTHSM2_CONF="$dir/softhsm.conf"
+  softhsm2 --init-token --free --label "$label" --so-pin $shsm2_puk --pin $shsm2_pin
+  if softhsm2 --show-slots | grep "$label"; then
+    echo '~ .. done.'
+    return 0
+  fi
+  echo '~ .. failure.'
+  return 1
+}
+
+# shortcut for the above
+function softhsm2_create_token()
+{
+  dir=$1
+  token_label=$2
+  softhsm2_create_database $dir
+  softhsm2_configuration $dir
+  softhsm2_init_token $dir $token_label || return 1
+} 
+
+# load a file to the softhsm token
+function softhsm2_token_load_file()
+{
+  dir=$1
+  token_label=$2
+  id=$3
+  file_path=$4
+  file_label=$5
+  file_type=$6
+  export SOFTHSM2_CONF="$dir/softhsm.conf"
+  echo "~ Writing $file_type $file_label ($file_path) to $token_label .. "
+  success='yes'
+  pkcs11-tool -p $shsm2_pin --module $AREX_SOFTHSM2_SO --id $id --token-label $token_label --label $file_label --write-object $file_path -y $file_type || success='no'
+  if [ $success == 'yes' ]; then
+    echo '~ .. done.'
+    return 0
+  else
+    echo '~ .. failure.'
+    return 1
+  fi
+}
+
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_diagnostics-basic/DESCRIPTION new/apache-rex/mod_diagnostics-basic/DESCRIPTION
--- old/apache-rex/mod_diagnostics-basic/DESCRIPTION	1970-01-01 01:00:00.000000000 +0100
+++ new/apache-rex/mod_diagnostics-basic/DESCRIPTION	2019-10-22 08:18:35.629562689 +0200
@@ -0,0 +1 @@
+How to debug with mod_diagnostics.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_diagnostics-basic/MODULES new/apache-rex/mod_diagnostics-basic/MODULES
--- old/apache-rex/mod_diagnostics-basic/MODULES	1970-01-01 01:00:00.000000000 +0100
+++ new/apache-rex/mod_diagnostics-basic/MODULES	2019-10-22 08:18:35.629562689 +0200
@@ -0,0 +1 @@
+diagnostic_filter substitute log_debug deflate
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_diagnostics-basic/example.conf.in new/apache-rex/mod_diagnostics-basic/example.conf.in
--- old/apache-rex/mod_diagnostics-basic/example.conf.in	1970-01-01 01:00:00.000000000 +0100
+++ new/apache-rex/mod_diagnostics-basic/example.conf.in	2019-10-22 08:18:35.629562689 +0200
@@ -0,0 +1,39 @@
+LogLevel info substitute:trace8 deflate:trace8
+
+<Directory "@AREX_DOCUMENT_ROOT@">
+   @AREX_ALLOW_FROM_LOCALHOST@
+
+  LogMessage "Request BEGIN: %{THE_REQUEST}" hook=handler
+  LogMessage "Request END:   %{THE_REQUEST}" hook=log_transaction
+</Directory>
+  
+DeflateCompressionLevel 7
+
+<Location /a/>
+  # no filter applied
+  SetOutputfilter o-resource-1;o-resource-2
+</Location>
+
+<Location /b/>
+  # using o-resource as mod_substitute is registered as AP_FTYPE_RESOURCE
+  SetOutputfilter o-resource-1;SUBSTITUTE;o-resource-2
+</Location>
+
+<Location /c/>
+  # using o-resource as mod_substitute is registered as AP_FTYPE_RESOURCE
+  SetOutputfilter o-resource-1;SUBSTITUTE;o-resource-2
+  Substitute 's/L/l/'
+</Location>
+
+<Location /d/>
+  # using o-resource as mod_substitute is registered as AP_FTYPE_RESOURCE
+  SetOutputfilter o-resource-1;SUBSTITUTE;o-resource-2
+  Substitute 's/^h/H/'
+  Substitute 's/FUN/fun/'
+</Location>
+
+<Location /e/>
+  # using o-resource as mod_data is registered as AP_FTYPE_CONTENT_SET
+  SetOutputfilter o-content-1;DEFLATE;o-content-2
+</Location>
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_diagnostics-basic/run.sh new/apache-rex/mod_diagnostics-basic/run.sh
--- old/apache-rex/mod_diagnostics-basic/run.sh	1970-01-01 01:00:00.000000000 +0100
+++ new/apache-rex/mod_diagnostics-basic/run.sh	2019-10-22 08:18:35.629562689 +0200
@@ -0,0 +1,73 @@
+exit_code=0
+
+function log_entries
+{
+  req_ident=$1
+  # utilize '\t' in the mod_diagnostics error_log messages
+  output=0
+  while read -r line; do
+    [[ "$line" =~ BEGIN.*$req_ident ]] && output=1
+    [ $output -eq 1 ] && printf "$line\n"; 
+    [[ "$line" =~ END.*$req_ident ]]   && output=0
+  done < $AREX_RUN_DIR/error_log
+  
+}
+
+mkdir $AREX_DOCUMENT_ROOT/{a,b,c,d,e}
+
+echo "[1] no filter between log filters"
+echo "brigade is intact (FILE EOS)"
+echo -n 'Have a lot of fun...' > $AREX_DOCUMENT_ROOT/a/test.html
+curl http://localhost:$AREX_PORT/a/test.html
+echo
+log_entries '/a/'             | tee $AREX_RUN_DIR/error_log.1
+[ $(grep -c FILE $AREX_RUN_DIR/error_log.1) -eq 2 ] || exit_code=1
+
+echo
+echo "[2] SUBSTITUTE filter between log filters, no Substitute directive, though"
+echo "    data bucket changes type from FILE to TRANSIENT"
+echo -n 'Have a lot of fun...' > $AREX_DOCUMENT_ROOT/b/test.html
+curl http://localhost:$AREX_PORT/b/test.html
+echo
+log_entries '/b/'             | tee $AREX_RUN_DIR/error_log.2
+[ $(grep -c TRANSIENT $AREX_RUN_DIR/error_log.2) -eq 1 ] || exit_code=2
+
+echo
+echo "[3] SUBSTITUTE filter between log filters, regexp does not match"
+echo "    data bucket changes type from FILE to TRANSIENT"
+echo -n 'Have a lot of fun...' > $AREX_DOCUMENT_ROOT/c/test1.html
+curl http://localhost:$AREX_PORT/c/test1.html
+echo
+log_entries '/c/test1.html'   | tee $AREX_RUN_DIR/error_log.3
+[ $(grep -c TRANSIENT $AREX_RUN_DIR/error_log.3) -eq 1 ] || exit_code=3
+
+echo
+echo "[4] SUBSTITUTE filter between log filters, regexp matches"
+echo "    data bucket changes type from FILE (20 bytes) to three TRANSIENT ones (7+1+12 bytes)"
+echo -n 'Have a Lot of fun...' > $AREX_DOCUMENT_ROOT/c/test2.html
+curl http://localhost:$AREX_PORT/c/test2.html
+echo
+log_entries '/c/test2.html'   | tee $AREX_RUN_DIR/error_log.4
+[ $(grep -c TRANSIENT $AREX_RUN_DIR/error_log.4) -eq 3 ] || exit_code=4
+
+echo
+echo "[5] SUBSTITUTE filter between log filters, two Substitute, both regexps match"
+echo "    data bucket changes type from FILE (20 bytes) to POOL (20 bytes)"
+echo -n 'have a lot of FUN...' > $AREX_DOCUMENT_ROOT/d/test.html
+curl http://localhost:$AREX_PORT/d/test.html
+echo
+log_entries '/d/'             | tee $AREX_RUN_DIR/error_log.5
+[ $(grep -c POOL $AREX_RUN_DIR/error_log.5) -eq 1 ] || exit_code=5
+
+echo
+echo "[6] DATA filter between log filters"
+echo "    data bucket transforms type from FILE (20000 bytes) to HEAP (87 bytes) and IMMORTAL (10 bytes), POOL (8 bytes),"
+echo "    which look like a overhead cost"
+for i in $(seq 1 1000); do
+  echo -n 'Have a lot of fun...' >> $AREX_DOCUMENT_ROOT/e/test.data
+done
+curl -H "Accept-Encoding: gzip,deflate" http://localhost:$AREX_PORT/e/test.data >/dev/null 2>&1
+log_entries '/e/'             | tee $AREX_RUN_DIR/error_log.6
+[ $(grep -c HEAP $AREX_RUN_DIR/error_log.6) -eq 1 ] || exit_code=6
+
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_dumpio-basic/example.conf.in new/apache-rex/mod_dumpio-basic/example.conf.in
--- old/apache-rex/mod_dumpio-basic/example.conf.in	2019-09-06 11:45:01.143616536 +0200
+++ new/apache-rex/mod_dumpio-basic/example.conf.in	2019-10-22 08:18:35.621562644 +0200
@@ -1,4 +1,5 @@
 <IfVersion >= 2.4>
+ErrorLogFormat "%M"
 LogLevel info dumpio:trace7
 </IfVersion>
 <IfVersion < 2.4>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_dumpio-basic/run.sh new/apache-rex/mod_dumpio-basic/run.sh
--- old/apache-rex/mod_dumpio-basic/run.sh	2019-09-06 11:45:01.143616536 +0200
+++ new/apache-rex/mod_dumpio-basic/run.sh	2019-10-22 08:18:35.621562644 +0200
@@ -1,11 +1,15 @@
 exit_code=0
 
-echo index >  $AREX_DOCUMENT_ROOT/index.html
-
-echo "[1] dumpio log"
-curl -s http://localhost:$AREX_PORT/
-grep 'mod_dumpio:  dumpio_in (data-HEAP): Host: localhost' $AREX_RUN_DIR/error_log || exit_code=1
-grep 'mod_dumpio:  dumpio_out (data-MMAP): index'          $AREX_RUN_DIR/error_log || exit_code=1
+echo 'my index' >  $AREX_DOCUMENT_ROOT/index.html
 
+echo "[1] dumpio log of simple GET"
+curl -H 'Range: bytes=4-8' -s "http://localhost:$AREX_PORT/?genus-name=ips&species-name=duplicatus"
+echo REQUEST
+grep 'dumpio_in (data'  $AREX_RUN_DIR/error_log
+echo RESPONSE
+grep 'dumpio_out (data' $AREX_RUN_DIR/error_log
+echo
+grep 'mod_dumpio:  dumpio_in .*: Host: localhost' $AREX_RUN_DIR/error_log || exit_code=1
+grep 'mod_dumpio:  dumpio_out .*: ndex'           $AREX_RUN_DIR/error_log || exit_code=1
 
 exit $exit_code
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_log_config-basic/MODULES new/apache-rex/mod_log_config-basic/MODULES
--- old/apache-rex/mod_log_config-basic/MODULES	2019-09-06 11:45:01.155616608 +0200
+++ new/apache-rex/mod_log_config-basic/MODULES	2019-10-22 08:18:35.625562667 +0200
@@ -1 +1 @@
-log_config
+log_config version
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_log_config-basic/example.conf.in new/apache-rex/mod_log_config-basic/example.conf.in
--- old/apache-rex/mod_log_config-basic/example.conf.in	2019-09-06 11:45:01.155616608 +0200
+++ new/apache-rex/mod_log_config-basic/example.conf.in	2019-10-22 08:18:35.625562667 +0200
@@ -1,3 +1,12 @@
-LogFormat "%a %A %s" my_format
-CustomLog @AREX_RUN_DIR@/my_log my_format
-
+LogLevel info
+<IfVersion >= 2.4.0>
+  ErrorLogFormat "%L| [%l] %E: %M"
+  LogFormat "%L| [local ip: %A] [peer ip: %a] [url: %U]" my_request
+  LogFormat "%L| [handler: %R] [status: %s] [size: %B] [serve time: %D ms]" my_response
+</IfVersion>
+<IfVersion < 2.4.0>
+  LogFormat "[local ip: %A] [peer ip: %a] [url: %U]" my_request
+  LogFormat "[handler: %R] [status: %s] [size: %B] [serve time: %D ms]" my_response
+</IfVersion>
+CustomLog @AREX_RUN_DIR@/requests my_request
+CustomLog @AREX_RUN_DIR@/responses my_response
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_log_config-basic/run.sh new/apache-rex/mod_log_config-basic/run.sh
--- old/apache-rex/mod_log_config-basic/run.sh	2019-09-06 11:45:01.155616608 +0200
+++ new/apache-rex/mod_log_config-basic/run.sh	2019-10-22 08:18:35.625562667 +0200
@@ -1,12 +1,40 @@
 exit_code=0
-
-echo "[1] Test 404 from localhost"
+icontent='site index'
+sizeof_icontent=$(echo $icontent | wc -c)
 curl -s http://localhost:$AREX_PORT/ > /dev/null
-cat $AREX_RUN_DIR/my_log | grep '\(127.0.0.1\|::1\) \(127.0.0.1\|::1\) 404' || exit_code=1
-
-echo "[2] Test 200 from localhost"
-touch $AREX_DOCUMENT_ROOT/index.html
+echo $icontent > $AREX_DOCUMENT_ROOT/index.html
 curl -s http://localhost:$AREX_PORT/ > /dev/null
-cat $AREX_RUN_DIR/my_log | grep '\(127.0.0.1\|::1\) \(127.0.0.1\|::1\) 200' || exit_code=1
+echo ERROR LOG:
+cat $AREX_RUN_DIR/error_log
+echo
+echo REQUEST LOG:
+cat $AREX_RUN_DIR/requests
+echo
+echo RESPONSE LOG:
+cat $AREX_RUN_DIR/responses
+echo
+
+echo "[1] 404 logs"
+if [ $AREX_APACHE_VERSION -ge 20400 ]; then
+  # gather request error_log id
+  request_error_log_id=$(grep 'Attempt to serve directory' $AREX_RUN_DIR/error_log | sed 's:^\([^|]*\)|.*:\1:')
+  echo "REQUEST LOG ID: $request_error_log_id, related logs:"
+  grep $request_error_log_id $AREX_RUN_DIR/{error_log,requests,responses}
+else
+  grep '\[url: /\]'      $AREX_RUN_DIR/requests  || exit_code=1
+  grep '\[status: 404\]' $AREX_RUN_DIR/responses || exit_code=1
+fi
+
+echo
+echo "[2] 200 logs"
+if [ $AREX_APACHE_VERSION -ge 20400 ]; then
+  # this will not get error_log id, as it generates no log entry in error_log
+  # for 'info' LogLevel; in case of 'debug' it would get one
+  request_error_log_id='-'
+  echo "REQUEST LOG ID: $request_error_log_id, related logs:"
+  grep "^$request_error_log_id|" $AREX_RUN_DIR/{requests,responses}
+fi
+grep '\[url: /index.html\]'       $AREX_RUN_DIR/requests  || exit_code=2
+grep '\[status: 200\] \[size: 11\]' $AREX_RUN_DIR/responses || exit_code=2
 
 exit $exit_code
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_log_debug-basic/example.conf.in new/apache-rex/mod_log_debug-basic/example.conf.in
--- old/apache-rex/mod_log_debug-basic/example.conf.in	2019-09-06 11:45:03.395630059 +0200
+++ new/apache-rex/mod_log_debug-basic/example.conf.in	2019-10-22 08:18:35.661562869 +0200
@@ -1,11 +1,24 @@
-ErrorLogFormat '[%{cu}t] %M'
+ErrorLogFormat "[%{cu}t] %M"
 LogLevel info
+
+<Directory "@AREX_DOCUMENT_ROOT@">
+  @AREX_ALLOW_FROM_LOCALHOST@
+</Directory>
+
+<Directory "@AREX_DOCUMENT_ROOT@/a/">
+  LogMessage "request under /a/ (%{THE_REQUEST})"
+</Directory>
+
 <Directory "@AREX_DOCUMENT_ROOT@/foo/">
   RewriteEngine on
   RewriteBase "/foo/"
   RewriteRule "(.*)\.html" "welcome.html" [L]
-  LogMessage  "%{REQUEST_URI} has been requested, serving %{REQUEST_FILENAME}" hook=all
+  LogMessage  "[%{HANDLER}] %{REQUEST_URI} has been requested, serving %{REQUEST_FILENAME}" hook=all
+</Directory>
 
-  @AREX_ALLOW_FROM_LOCALHOST@
+<Directory "@AREX_DOCUMENT_ROOT@/weather/">
+  LogMessage "weather info: hi"
+  # according to doc, it should be %{reqenv:Range}, but that does not work
+  LogMessage "weather info: %{req:Range}" hook=handler
 </Directory>
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_log_debug-basic/run.sh new/apache-rex/mod_log_debug-basic/run.sh
--- old/apache-rex/mod_log_debug-basic/run.sh	2019-09-06 11:45:03.395630059 +0200
+++ new/apache-rex/mod_log_debug-basic/run.sh	2019-10-22 08:18:35.661562869 +0200
@@ -1,10 +1,32 @@
 exit_code=0
 
-echo "[1] log of request and internal request after rewrite"
+echo "[1] basic log message"
+mkdir -p $AREX_DOCUMENT_ROOT/a/
+echo "index" > $AREX_DOCUMENT_ROOT/a/index.html
+curl -s http://localhost:$AREX_PORT/a/index.html          > /dev/null
+curl -s http://localhost:$AREX_PORT/a/b/not-existing.html > /dev/null
+grep 'request under /a/ .*index.html'        $AREX_RUN_DIR/error_log || exit_code=1
+grep 'request under /a/ .*not-existing.html' $AREX_RUN_DIR/error_log || exit_code=1
+
+echo
+echo "[2] log of request and internal request after rewrite"
 mkdir -p $AREX_DOCUMENT_ROOT/foo/
 echo 'Welcome!' > $AREX_DOCUMENT_ROOT/foo/welcome.html
 curl -s http://localhost:$AREX_PORT/foo/bar.html > /dev/null 
-grep 'has been requested' $AREX_RUN_DIR/error_log || exit_code=1
+grep 'has been requested' $AREX_RUN_DIR/error_log || exit_code=2
+echo
+
+echo "[3] expose a header in error_log, Range: in this case"
+mkdir -p $AREX_DOCUMENT_ROOT/weather/
+echo 'Today, there will be raining whole day.'  > $AREX_DOCUMENT_ROOT/weather/data.txt
+curl -s    -o $AREX_RUN_DIR/weather-data.txt http://localhost:$AREX_PORT/weather/data.txt
+echo 'Today, there will be snowing whole day.' >> $AREX_DOCUMENT_ROOT/weather/data.txt
+curl -s -C -  -o $AREX_RUN_DIR/weather-data.txt http://localhost:$AREX_PORT/weather/data.txt
+echo 'Otherwise the weather will be different.'>> $AREX_DOCUMENT_ROOT/weather/data.txt
+curl -s -C -  -o $AREX_RUN_DIR/weather-data.txt http://localhost:$AREX_PORT/weather/data.txt
+grep 'weather info: hi'        $AREX_RUN_DIR/error_log || exit_code=3
+grep 'weather info: bytes=40-' $AREX_RUN_DIR/error_log || exit_code=3
+grep 'weather info: bytes=80-' $AREX_RUN_DIR/error_log || exit_code=3
 
 exit $exit_code
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_log_forensic-basic/BINARIES new/apache-rex/mod_log_forensic-basic/BINARIES
--- old/apache-rex/mod_log_forensic-basic/BINARIES	1970-01-01 01:00:00.000000000 +0100
+++ new/apache-rex/mod_log_forensic-basic/BINARIES	2019-10-22 08:18:35.669562914 +0200
@@ -0,0 +1 @@
+check_forensic
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_log_forensic-basic/MODULES new/apache-rex/mod_log_forensic-basic/MODULES
--- old/apache-rex/mod_log_forensic-basic/MODULES	2019-09-06 11:45:03.471630515 +0200
+++ new/apache-rex/mod_log_forensic-basic/MODULES	2019-10-22 08:18:35.669562914 +0200
@@ -1 +1 @@
-log_forensic
+log_forensic cgi alias
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_log_forensic-basic/example.conf.in new/apache-rex/mod_log_forensic-basic/example.conf.in
--- old/apache-rex/mod_log_forensic-basic/example.conf.in	2019-09-06 11:45:03.471630515 +0200
+++ new/apache-rex/mod_log_forensic-basic/example.conf.in	2019-10-22 08:18:35.669562914 +0200
@@ -1,6 +1,15 @@
+# make sure there is only one child for subexample [3]
+StartServers    1
+MinSpareServers 1
+MaxSpareServers 1
+
 ForensicLog @AREX_RUN_DIR@/forensic_log
 
 <Directory @AREX_DOCUMENT_DIR@>
   @AREX_ALLOW_FROM_LOCALHOST@
 </Directory>
 
+ScriptAlias /cgi-bin/ "@AREX_RUN_DIR@/cgi-bin/"
+<Directory "@AREX_RUN_DIR@/cgi-bin/">
+  Options +ExecCGI
+</Directory>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_log_forensic-basic/run.sh new/apache-rex/mod_log_forensic-basic/run.sh
--- old/apache-rex/mod_log_forensic-basic/run.sh	2019-09-06 11:45:03.471630515 +0200
+++ new/apache-rex/mod_log_forensic-basic/run.sh	2019-10-22 08:18:35.669562914 +0200
@@ -1,5 +1,7 @@
 exit_code=0
 
+. ../lib/processman
+
 echo index >  $AREX_DOCUMENT_ROOT/index.html
 
 echo "[1] forensic log contains begin and end of processing request"
@@ -8,8 +10,41 @@
 request_id=$(head -n 1 $AREX_RUN_DIR/forensic_log | sed 's:+\(.*\)|GET.*:\1:')
 grep "\-$request_id" $AREX_RUN_DIR/forensic_log || exit_code=1
 
+echo
 echo "[2] forensic log contains also specified header"
 curl -s -X POST -H 'my-header: hello_world' http://localhost:$AREX_PORT/
 grep '+.*|POST.*|my-header:hello_world' $AREX_RUN_DIR/forensic_log || exit_code=2
 
+echo
+echo "[3] after apache child pid kill, there will be no pairwise line"
+cgi_dir=$AREX_RUN_DIR/cgi-bin
+mkdir -p  $cgi_dir
+cat << EOF > $cgi_dir/long.cgi
+#!/bin/bash
+echo 'Content-type: text/html'
+echo ''
+sleep 5
+echo 'result'
+EOF
+chmod 755 $cgi_dir/long.cgi
+
+child_pid=$(a_child_pid)
+echo "Make request, but there is only child $child_pid; request takes long"
+curl -s http://localhost:$AREX_PORT/cgi-bin/long.cgi&
+sleep 1
+
+echo "Killing child pid $child_pid"
+kill -9 $child_pid
+sleep 1
+
+echo "forensic_log contains only + line, but not the - line"
+grep 'long.cgi' $AREX_RUN_DIR/forensic_log | grep long.cgi | tee $AREX_RUN_DIR/forensic_log-excerpt
+nlines=$(cat $AREX_RUN_DIR/forensic_log-excerpt | wc -l)
+[ "$nlines" -eq 1 ] || exit_code=3
+
+echo "Alternatively, via check_forensic script"
+check_forensic $AREX_RUN_DIR/forensic_log | tee $AREX_RUN_DIR/check_forensic-output
+diff $AREX_RUN_DIR/{forensic_log-excerpt,check_forensic-output} || exit_code=3
+
 exit $exit_code
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_ssl-pkcs11/BINARIES new/apache-rex/mod_ssl-pkcs11/BINARIES
--- old/apache-rex/mod_ssl-pkcs11/BINARIES	1970-01-01 01:00:00.000000000 +0100
+++ new/apache-rex/mod_ssl-pkcs11/BINARIES	2019-10-22 08:18:35.685563004 +0200
@@ -0,0 +1 @@
+openssl softhsm2-util pkcs11-tool
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_ssl-pkcs11/DESCRIPTION new/apache-rex/mod_ssl-pkcs11/DESCRIPTION
--- old/apache-rex/mod_ssl-pkcs11/DESCRIPTION	1970-01-01 01:00:00.000000000 +0100
+++ new/apache-rex/mod_ssl-pkcs11/DESCRIPTION	2019-10-22 08:18:35.685563004 +0200
@@ -0,0 +1 @@
+Using PKCS11 module authentication in mod_ssl.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_ssl-pkcs11/MODULES new/apache-rex/mod_ssl-pkcs11/MODULES
--- old/apache-rex/mod_ssl-pkcs11/MODULES	1970-01-01 01:00:00.000000000 +0100
+++ new/apache-rex/mod_ssl-pkcs11/MODULES	2019-10-22 08:18:35.685563004 +0200
@@ -0,0 +1 @@
+ssl:mime:log_config:version
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_ssl-pkcs11/MODULES_OPT new/apache-rex/mod_ssl-pkcs11/MODULES_OPT
--- old/apache-rex/mod_ssl-pkcs11/MODULES_OPT	1970-01-01 01:00:00.000000000 +0100
+++ new/apache-rex/mod_ssl-pkcs11/MODULES_OPT	2019-10-22 08:18:35.685563004 +0200
@@ -0,0 +1 @@
+socache_shmcb
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_ssl-pkcs11/example.conf.in new/apache-rex/mod_ssl-pkcs11/example.conf.in
--- old/apache-rex/mod_ssl-pkcs11/example.conf.in	1970-01-01 01:00:00.000000000 +0100
+++ new/apache-rex/mod_ssl-pkcs11/example.conf.in	2019-10-22 08:18:35.685563004 +0200
@@ -0,0 +1,39 @@
+LogLevel   info
+
+
+ServerName aserver.suse.cz
+
+<IfVersion >= 2.4.2>
+  DefaultRuntimeDir @AREX_RUN_DIR@/run
+</IfVersion>
+
+AddType application/x-x509-ca-cert .crt
+AddType application/x-pkcs7-crl    .crl
+
+SSLEngine             on
+
+SSLCryptoDevice       pkcs11
+SSLCertificateFile    "pkcs11:token=aserver.suse.cz-token;object=aserver.suse.cz-cert;type=cert;pin-value=1234"
+SSLCertificateKeyFile "pkcs11:token=aserver.suse.cz-token;object=aserver.suse.cz-privkey;type=private;pin-value=1234"
+
+SSLSessionCache         shmcb:@AREX_RUN_DIR/ssl_scache(512000)
+SSLSessionCacheTimeout  300
+
+SSLRandomSeed startup builtin
+SSLRandomSeed connect builtin
+
+SSLProtocol all
+<IfVersion >= 2.3.0>
+SSLCipherSuite DEFAULT
+</IfVersion>
+<IfVersion < 2.3.0>
+SSLCipherSuite ALL
+</IfVersion>
+SSLHonorCipherOrder on
+
+CustomLog             @AREX_RUN_DIR@/test-server_log   ssl_combined
+
+<Directory @AREX_DOCUMENT_ROOT@>
+  @AREX_ALLOW_FROM_LOCALHOST@
+</Directory>
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_ssl-pkcs11/pre-run.sh new/apache-rex/mod_ssl-pkcs11/pre-run.sh
--- old/apache-rex/mod_ssl-pkcs11/pre-run.sh	1970-01-01 01:00:00.000000000 +0100
+++ new/apache-rex/mod_ssl-pkcs11/pre-run.sh	2019-10-22 08:18:35.685563004 +0200
@@ -0,0 +1,56 @@
+#
+# create CA certificate and SERVER certificate
+#
+. ../lib/openssl
+. ../lib/softhsm
+
+echo Setup CA
+echo ~~~~~~~~
+openssl_setup_ca $AREX_RUN_DIR
+echo
+echo Setup SERVER 
+echo ~~~~~~~~~~~~
+openssl_setup_entity $AREX_RUN_DIR aserver.suse.cz
+echo
+
+#
+# create a softhsm token with server key on it
+#
+# create the token
+echo '--- Initializing softhsm2 ------------------'
+success='yes'
+softhsm2_create_token "$AREX_RUN_DIR/pkcs11" 'aserver.suse.cz-token' || success='no'
+if [ $success == 'yes' ]; then
+  echo '--- Done. ----------------------------------'
+else
+  echo '--- Failed. --------------------------------'
+fi
+# openssl_setup_entity writes $AREX_RUN_DIR/aserver.suse.cz/private.key in
+# PEM format, we need DER
+echo 'Converting PEM to DER'
+openssl_pem_to_der $AREX_RUN_DIR/aserver.suse.cz/private.key $AREX_RUN_DIR/aserver.suse.cz/private.key.der
+openssl_pem_to_der $AREX_RUN_DIR/aserver.suse.cz/my.crt      $AREX_RUN_DIR/aserver.suse.cz/my.crt.der
+# load the key in DER format
+echo "--- Write private key to token ---------------------"
+success='yes'
+softhsm2_token_load_file "$AREX_RUN_DIR/pkcs11" 'aserver.suse.cz-token' 010203 $AREX_RUN_DIR/aserver.suse.cz/private.key.der 'aserver.suse.cz-privkey' privkey || success='no'
+if [ $success == 'yes' ]; then
+  echo '--- Done. ----------------------------------'
+else
+  echo '--- Failed. --------------------------------'
+fi
+echo "--- Write certiicate to token ---------------------"
+success='yes'
+softhsm2_token_load_file "$AREX_RUN_DIR/pkcs11" 'aserver.suse.cz-token' 010203 $AREX_RUN_DIR/aserver.suse.cz/my.crt 'aserver.suse.cz-cert' cert || success='no'
+if [ $success == 'yes' ]; then
+  echo '--- Done. ----------------------------------'
+else
+  echo '--- Failed. --------------------------------'
+fi
+# create server environment, need SOFTHSM2_CONF exported
+echo "export SOFTHSM2_CONF=\"$AREX_RUN_DIR/pkcs11/softhsm.conf\"" > $AREX_RUN_DIR/server_environment
+#
+# create runtime dir, see DefaultRuntimeDir directive
+#
+mkdir -p $AREX_RUN_DIR/run
+exit 0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_ssl-pkcs11/run.sh new/apache-rex/mod_ssl-pkcs11/run.sh
--- old/apache-rex/mod_ssl-pkcs11/run.sh	1970-01-01 01:00:00.000000000 +0100
+++ new/apache-rex/mod_ssl-pkcs11/run.sh	2019-10-22 08:18:35.685563004 +0200
@@ -0,0 +1,12 @@
+exit_code=0
+
+echo 'Test SSL' > $AREX_DOCUMENT_ROOT/index.html
+
+echo "[1] access trough https allowed"
+curl -s --cacert $AREX_RUN_DIR/ca/my.crt --resolve "aserver.suse.cz:$AREX_PORT:127.0.0.1" https://aserver.suse.cz:$AREX_PORT/ \
+    | grep 'Test SSL' || exit_code=1
+
+echo "[2] error_log contains references to pkcs11"
+grep 'Certificate and private key.*pkcs11:token=aserver.suse.cz-token' $AREX_RUN_DIR/error_log || exit_code=2
+
+exit $exit_code
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_ssl-pkcs11/skip.sh new/apache-rex/mod_ssl-pkcs11/skip.sh
--- old/apache-rex/mod_ssl-pkcs11/skip.sh	1970-01-01 01:00:00.000000000 +0100
+++ new/apache-rex/mod_ssl-pkcs11/skip.sh	2019-10-22 08:18:35.685563004 +0200
@@ -0,0 +1,2 @@
+# REASON: curl does not have --resolve
+exit $([ $AREX_CURL_HAVE_RESOLVE -eq 0 ])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_unique-id-basic/DESCRIPTION new/apache-rex/mod_unique-id-basic/DESCRIPTION
--- old/apache-rex/mod_unique-id-basic/DESCRIPTION	2019-09-06 11:45:03.427630251 +0200
+++ new/apache-rex/mod_unique-id-basic/DESCRIPTION	1970-01-01 01:00:00.000000000 +0100
@@ -1 +0,0 @@
-Demonstrate basic functionality of unique_id module.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_unique-id-basic/MODULES new/apache-rex/mod_unique-id-basic/MODULES
--- old/apache-rex/mod_unique-id-basic/MODULES	2019-09-06 11:45:03.427630251 +0200
+++ new/apache-rex/mod_unique-id-basic/MODULES	1970-01-01 01:00:00.000000000 +0100
@@ -1 +0,0 @@
-unique_id log_config
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_unique-id-basic/example.conf.in new/apache-rex/mod_unique-id-basic/example.conf.in
--- old/apache-rex/mod_unique-id-basic/example.conf.in	2019-09-06 11:45:03.427630251 +0200
+++ new/apache-rex/mod_unique-id-basic/example.conf.in	1970-01-01 01:00:00.000000000 +0100
@@ -1,6 +0,0 @@
-LogFormat "%{UNIQUE_ID}e %{%d/%b/%Y %T}t.%{msec_frac}t %f %s" mylog
-CustomLog "@AREX_RUN_DIR@/access.log" mylog
-
-<Directory "@AREX_DOCUMENT_ROOT@">
-  @AREX_ALLOW_FROM_LOCALHOST@
-</Directory>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_unique-id-basic/run.sh new/apache-rex/mod_unique-id-basic/run.sh
--- old/apache-rex/mod_unique-id-basic/run.sh	2019-09-06 11:45:03.427630251 +0200
+++ new/apache-rex/mod_unique-id-basic/run.sh	1970-01-01 01:00:00.000000000 +0100
@@ -1,8 +0,0 @@
-exit_code=0
-
-echo "[1] UNIQUE_ID is set to '[A-Za-z0-9@-]*' string"
-echo 'main index' > $AREX_DOCUMENT_ROOT/index.html
-curl -s http://localhost:$AREX_PORT/ > /dev/null
-grep '^[A-Za-z0-9@-]* .*' $AREX_RUN_DIR/access.log || exit_code=1
-
-exit $exit_code
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_unique_id-basic/DESCRIPTION new/apache-rex/mod_unique_id-basic/DESCRIPTION
--- old/apache-rex/mod_unique_id-basic/DESCRIPTION	1970-01-01 01:00:00.000000000 +0100
+++ new/apache-rex/mod_unique_id-basic/DESCRIPTION	2019-10-22 08:18:35.665562892 +0200
@@ -0,0 +1 @@
+Demonstrate basic functionality of unique_id module.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_unique_id-basic/MODULES new/apache-rex/mod_unique_id-basic/MODULES
--- old/apache-rex/mod_unique_id-basic/MODULES	1970-01-01 01:00:00.000000000 +0100
+++ new/apache-rex/mod_unique_id-basic/MODULES	2019-10-22 08:18:35.665562892 +0200
@@ -0,0 +1 @@
+unique_id log_config log_forensic log_debug
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_unique_id-basic/example.conf.in new/apache-rex/mod_unique_id-basic/example.conf.in
--- old/apache-rex/mod_unique_id-basic/example.conf.in	1970-01-01 01:00:00.000000000 +0100
+++ new/apache-rex/mod_unique_id-basic/example.conf.in	2019-10-22 08:18:35.665562892 +0200
@@ -0,0 +1,11 @@
+LogFormat      "%{UNIQUE_ID}e %{%d/%b/%Y %T}t.%{msec_frac}t %f %s" mylog
+CustomLog      @AREX_RUN_DIR@/access_log mylog
+ForensicLog    @AREX_RUN_DIR@/forensic_log
+# LogLevel info for LogMessage to be logged
+LogLevel       info
+ErrorLogFormat "%L| [%l] %E: %M"    
+
+<Directory "@AREX_DOCUMENT_ROOT@">
+  @AREX_ALLOW_FROM_LOCALHOST@
+  LogMessage "Request: %{env:UNIQUE_ID}"
+</Directory>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_unique_id-basic/run.sh new/apache-rex/mod_unique_id-basic/run.sh
--- old/apache-rex/mod_unique_id-basic/run.sh	1970-01-01 01:00:00.000000000 +0100
+++ new/apache-rex/mod_unique_id-basic/run.sh	2019-10-22 08:18:35.665562892 +0200
@@ -0,0 +1,17 @@
+exit_code=0
+
+echo "[1] UNIQUE_ID is set to '[A-Za-z0-9@-]*' string"
+echo 'main index' > $AREX_DOCUMENT_ROOT/index.html
+curl -s http://localhost:$AREX_PORT/ >/dev/null
+grep '^[A-Za-z0-9@-]* .*' $AREX_RUN_DIR/access_log || exit_code=1
+unique_id=$(head -n 1 $AREX_RUN_DIR/access_log | cut -d' ' -f1)
+
+echo
+echo "[2] UNIQUE_ID is also used as forensic_log identifier"
+grep $unique_id $AREX_RUN_DIR/forensic_log || exit_code=2
+
+echo
+echo "[3] UNIQUE_ID can be used also in error_log: as %L in ErrorLogFormat or in LogMessage (%{env: UNIQUE_ID})"
+grep "$unique_id|.*Request: $unique_id" $AREX_RUN_DIR/error_log || exit_code=3
+
+exit $exit_code
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_whatkilledus-basic/DESCRIPTION new/apache-rex/mod_whatkilledus-basic/DESCRIPTION
--- old/apache-rex/mod_whatkilledus-basic/DESCRIPTION	1970-01-01 01:00:00.000000000 +0100
+++ new/apache-rex/mod_whatkilledus-basic/DESCRIPTION	2019-10-22 08:18:35.673562937 +0200
@@ -0,0 +1 @@
+Demonstrate WKU reports.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_whatkilledus-basic/MODULES new/apache-rex/mod_whatkilledus-basic/MODULES
--- old/apache-rex/mod_whatkilledus-basic/MODULES	1970-01-01 01:00:00.000000000 +0100
+++ new/apache-rex/mod_whatkilledus-basic/MODULES	2019-10-22 08:18:35.669562914 +0200
@@ -0,0 +1 @@
+backtrace log_config mime whatkilledus crash cgi alias
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_whatkilledus-basic/example.conf.in new/apache-rex/mod_whatkilledus-basic/example.conf.in
--- old/apache-rex/mod_whatkilledus-basic/example.conf.in	1970-01-01 01:00:00.000000000 +0100
+++ new/apache-rex/mod_whatkilledus-basic/example.conf.in	2019-10-22 08:18:35.669562914 +0200
@@ -0,0 +1,15 @@
+# make sure there is only one child
+StartServers    1
+MinSpareServers 1
+MaxSpareServers 1
+
+EnableExceptionHook On
+
+WKUObscureInRequest hdr:Authorization hdr:Cookie hdr:Proxy-Authorization user password query unparsed-line
+WKULogfile @AREX_RUN_DIR@/wku_log
+
+ScriptAlias /cgi-bin/ "@AREX_RUN_DIR@/cgi-bin/"
+<Directory "@AREX_RUN_DIR@/cgi-bin/">
+  Options +ExecCGI
+</Directory>
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_whatkilledus-basic/run.sh new/apache-rex/mod_whatkilledus-basic/run.sh
--- old/apache-rex/mod_whatkilledus-basic/run.sh	1970-01-01 01:00:00.000000000 +0100
+++ new/apache-rex/mod_whatkilledus-basic/run.sh	2019-10-22 08:18:35.669562914 +0200
@@ -0,0 +1,63 @@
+exit_code=0
+
+. ../lib/processman
+
+cgi_dir=$AREX_RUN_DIR/cgi-bin
+mkdir -p  $cgi_dir
+cat << EOF > $cgi_dir/long.cgi
+#!/bin/bash
+echo 'Content-type: text/html'
+echo ''
+sleep 5
+echo 'result'
+EOF
+chmod 755 $cgi_dir/long.cgi
+
+child_pid=$(a_child_pid)
+echo "Make request, but there is only child $child_pid; request takes long"
+curl -s http://localhost:$AREX_PORT/cgi-bin/long.cgi&
+sleep 1
+
+echo "Killing child pid $child_pid"
+kill -SEGV $child_pid
+sleep 1
+
+child_pid=$(a_child_pid)
+echo "Make a request again with another child (pid $child_pid)"
+curl -s http://localhost:$AREX_PORT/cgi-bin/long.cgi&
+sleep 1
+
+echo "Killing child pid $child_pid with another signal"
+kill -BUS $child_pid
+sleep 1
+
+echo
+echo "[1] wku_log contains data of the crash"
+echo "The report contains:"
+echo "===================="
+# highlights in the report
+echo "(a) Crash happened, when"
+echo "------------------------"
+grep '**** Crash at'          $AREX_RUN_DIR/wku_log | tee $AREX_RUN_DIR/wku_log-excerpt
+wc -l $AREX_RUN_DIR/wku_log-excerpt | grep -q '^2 ' || exit_code=1
+echo "(b) What uncaught signal caused it"
+echo "----------------------------------"
+grep 'Fatal signal:'          $AREX_RUN_DIR/wku_log | tee $AREX_RUN_DIR/wku_log-excerpt
+wc -l $AREX_RUN_DIR/wku_log-excerpt | grep -q '^2 ' || exit_code=1
+echo "(c) Backtrace, where the crash happened"
+echo "---------------------------------------"
+grep 'mod_cgi.so'             $AREX_RUN_DIR/wku_log | tee $AREX_RUN_DIR/wku_log-excerpt
+wc -l $AREX_RUN_DIR/wku_log-excerpt | grep -q '^4 ' || exit_code=1
+echo "(d) Request line processed"
+echo "--------------------------"
+grep -A 1 'Request line'      $AREX_RUN_DIR/wku_log | tee $AREX_RUN_DIR/wku_log-excerpt
+wc -l $AREX_RUN_DIR/wku_log-excerpt | grep -q '^5 ' || exit_code=1
+echo "(e) Client connection processed"
+echo "-------------------------------"
+grep -A 1 'Client connection' $AREX_RUN_DIR/wku_log | tee $AREX_RUN_DIR/wku_log-excerpt
+wc -l $AREX_RUN_DIR/wku_log-excerpt | grep -q '^5 ' || exit_code=1
+
+echo
+echo See $AREX_RUN_DIR/wku_log for details.
+
+exit $exit_code
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/run-rex new/apache-rex/run-rex
--- old/apache-rex/run-rex	2019-09-06 11:45:01.223617017 +0200
+++ new/apache-rex/run-rex	2019-10-22 08:18:35.629562689 +0200
@@ -191,6 +191,11 @@
   which httxt2dbm 2>/dev/null
 }
 
+function check_forensic_command()
+{
+  which check_forensic 2>/dev/null
+}
+
 function curl_command()
 {
   which curl 2>/dev/null
@@ -256,6 +261,11 @@
   which python3 python 2>/dev/null | head -n 1
 }
 
+function sysctl_command()
+{
+  which sysctl 2>/dev/null
+}
+
 function coredumpctl_command()
 {
   which coredumpctl 2>/dev/null | head -n 1
@@ -266,6 +276,16 @@
   which openssl 2>/dev/null
 }
 
+function softhsm2_command()
+{
+  which softhsm2-util 2>/dev/null
+}
+
+function pkcs11_tool_command()
+{
+  which pkcs11-tool 2>/dev/null
+}
+
 function nss_pcache_command()
 {
   which nss_pcache 2>/dev/null
@@ -291,6 +311,11 @@
   openssl engine | grep -v dynamic | head -n 1 | sed 's:^(\([^()]*\)).*:\1:'
 }
 
+function softhsm2_so()
+{
+  ls /usr/lib{,64}/pkcs11/libsofthsm2.so /usr/lib{,64}/shofthsm2/libsofthsm2.so 2>/dev/null | head -n 1
+}
+
 function openssl_have_alpn()
 {
   objdump -T $(ldconfig -p | grep 'libssl\.so\.' | sed 's:.* => ::') | grep alpn > /dev/null && echo -n '1' || echo -n '0'
@@ -318,7 +343,13 @@
 
 function have_systemd_coredump()
 {
-  core_pattern | grep -q 'systemd-coredump' && echo '1' || echo '0'
+  # check whether: 1. system is configured to dump coredumps into systemd-coredump
+  #                2. coredumpctl command exists and user have enough privileges to gather dumps 
+  if sysctl kernel.core_pattern | grep -q 'systemd-coredump' && coredumpctl list | grep -q 'TIME\|No coredumps found.'; then
+    echo '1'
+  else 
+    echo '0'
+  fi
 }
 
 function check_system()
@@ -354,6 +385,9 @@
   HTTXT2DBM_COMMAND=$(httxt2dbm_command)
   register_command "$HTTXT2DBM_COMMAND"   httxt2dbm
   echod -n '.'
+  CHECK_FORENSIC_COMMAND=$(check_forensic_command)
+  register_command "$CHECK_FORENSIC_COMMAND" check_forensic
+  echod -n '.'
   CURL_COMMAND=$(curl_command)
   register_command "$CURL_COMMAND"        curl
   echod -n '.'
@@ -381,12 +415,21 @@
   PYTHON_COMMAND=$(python_command)
   register_command "$PYTHON_COMMAND"      python
   echod -n '.'
+  SYSCTL_COMMAND=$(sysctl_command)
+  register_command "$SYSCTL_COMMAND"      sysctl
+  echod -n '.'
   COREDUMPCTL_COMMAND=$(coredumpctl_command)
   register_command "$COREDUMPCTL_COMMAND" coredumpctl
   echod -n '.'
   OPENSSL_COMMAND=$(openssl_command)
   register_command "$OPENSSL_COMMAND"     openssl
   echod -n '.'
+  SOFTHSM2_COMMAND=$(softhsm2_command)
+  register_command "$SOFTHSM2_COMMAND"    softhsm2
+  echod -n '.'
+  PKCS11_TOOL_COMMAND=$(pkcs11_tool_command)
+  register_command "$PKCS11_TOOL_COMMAND" pkcs11-tool
+  echod -n '.'
   NSS_PCACHE_COMMAND=$(nss_pcache_command)
   register_command "$NSS_PCACHE_COMMAND"  nss_pcache
   echod -n '.'
@@ -417,6 +460,9 @@
     export AREX_OPENSSL_HAVE_ALPN=$(openssl_have_alpn)
     echod -n '.'
   fi
+  if command_exists softhsm2; then
+    export AREX_SOFTHSM2_SO=$(softhsm2_so)
+  fi
   if command_exists python; then
     export AREX_HAVE_PYTHON_TORNADO=$(have_python_tornado)
     echod -n '.'
@@ -442,6 +488,7 @@
   echod "htdbm command ............................ $HTDBM_COMMAND"
   echod "rotatelogs command ....................... $AREX_ROTATELOGS_COMMAND"
   echod "httxt2dbm command ........................ $HTTXT2DBM_COMMAND"
+  echod "check_forensic command ................... $CHECK_FORENSIC_COMMAND"
   echod "curl command ............................. $CURL_COMMAND"
   echod "curl have --resolve switch ............... $AREX_CURL_HAVE_RESOLVE"
   echod "curl have --cert-status switch ........... $AREX_CURL_HAVE_CERT_STATUS"
@@ -455,10 +502,14 @@
   echod "wget command ............................. $WGET_COMMAND"
   echod "nc command ............................... $NC_COMMAND"
   echod "python command ........................... $PYTHON_COMMAND"
+  echod "sysctl command ........................... $SYSCTL_COMMAND"
   echod "coredumpctl command ...................... $COREDUMPCTL_COMMAND"
   echod "openssl command .......................... $OPENSSL_COMMAND"
+  echod "softhsm2 command ......................... $SOFTHSM2_COMMAND"
+  echod "pkcs11-tool command ...................... $PKCS11_TOOL_COMMAND"
   echod "openssl engine ........................... $AREX_AN_OPENSSL_ENGINE"
   echod "openssl have alpn support ................ $AREX_OPENSSL_HAVE_ALPN"
+  echod "softhsm2 shared object ................... $AREX_SOFTHSM2_SO"
   echod "nss_pcache command ....................... $NSS_PCACHE_COMMAND"
   echod "lsof command ............................. $LSOF_COMMAND"
   echod "vsftpd command ........................... $VSFTPD_COMMAND"
@@ -702,6 +753,10 @@
     sh $AREX_RUN_DIR/pre-run.sh
   fi
 
+  # source $AREX_RUN_DIR/server_environment, which pre-run.sh
+  # can write
+  . $AREX_RUN_DIR/server_environment
+
   # create default DocumentRoot
   mkdir -p $AREX_RUN_DIR/htdocs
 
@@ -731,6 +786,7 @@
 function start_apache()
 {
   start_ok=1
+
   httpd -f $AREX_RUN_DIR/httpd.conf $SERVER_FLAGS -k start 2>$AREX_RUN_DIR/start_log || start_ok=0
   if [ $start_ok -ne 1 ]; then
     echo '0'

    

root

tags

participants (1)