mirror of
https://github.com/cloudflare/cloudflared.git
synced 2025-05-11 23:06:33 +00:00
70e675f42c
This is a cherry-pick of 157f5d1412
followed by build/CI changes so that amd64/linux FIPS compliance is
provided by new/separate binaries/artifacts/packages.
The reasoning being that FIPS compliance places excessive requirements
in the encryption algorithms used for regular users that do not care
about that. This can cause cloudflared to reject HTTPS origins that
would otherwise be accepted without FIPS checks.
This way, by having separate binaries, existing ones remain as they
were, and only FIPS-needy users will opt-in to the new FIPS binaries.
56 lines
1.1 KiB
Go
56 lines
1.1 KiB
Go
//go:build linux
|
|
// +build linux
|
|
|
|
package token
|
|
|
|
import (
|
|
"os"
|
|
"syscall"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestSignalHandler(t *testing.T) {
|
|
sigHandler := signalHandler{signals: []os.Signal{syscall.SIGUSR1}}
|
|
handlerRan := false
|
|
done := make(chan struct{})
|
|
timer := time.NewTimer(time.Second)
|
|
sigHandler.register(func() {
|
|
handlerRan = true
|
|
done <- struct{}{}
|
|
})
|
|
|
|
p, err := os.FindProcess(os.Getpid())
|
|
require.Nil(t, err)
|
|
p.Signal(syscall.SIGUSR1)
|
|
|
|
// Blocks for up to one second to make sure the handler callback runs before the assert.
|
|
select {
|
|
case <-done:
|
|
assert.True(t, handlerRan)
|
|
case <-timer.C:
|
|
t.Fail()
|
|
}
|
|
sigHandler.deregister()
|
|
}
|
|
|
|
func TestSignalHandlerClose(t *testing.T) {
|
|
sigHandler := signalHandler{signals: []os.Signal{syscall.SIGUSR1}}
|
|
done := make(chan struct{})
|
|
timer := time.NewTimer(time.Second)
|
|
sigHandler.register(func() { done <- struct{}{} })
|
|
sigHandler.deregister()
|
|
|
|
p, err := os.FindProcess(os.Getpid())
|
|
require.Nil(t, err)
|
|
p.Signal(syscall.SIGUSR1)
|
|
select {
|
|
case <-done:
|
|
t.Fail()
|
|
case <-timer.C:
|
|
}
|
|
}
|