Forgot to draft this... again... Sorry... It's still a WIP

It looks like both the CI and my local machine are getting the following (running with new verbose flag):

✗ begin 186 checking tls: cipher list - rsa intermediate
   (from function `assert_success' in file test/test_helper/bats-assert/src/assert.bash, line 114,
    from function `collect_cipherlist_data' in file test/security_tls_cipherlists.bats, line 154,
    from function `check_ports' in file test/security_tls_cipherlists.bats, line 86,
    in test file test/security_tls_cipherlists.bats, line 47)
     `check_ports 'rsa' 'intermediate'' failed
   $ docker run -d --name tls_test_cipherlists --volume /Users/norsegaud/docker-mailserver/test/duplicate_configs/security_tls_cipherlists.bats/:/tmp/docker-mailserver/ --volume /Users/norsegaud/docker-mailserver/test/test-files/ssl/example.test/:/config/ssl/:ro --env DMS_DEBUG=0 --env ENABLE_POP3=1 --env SSL_TYPE=manual --env SSL_CERT_PATH=/config/ssl/cert.rsa.pem --env SSL_KEY_PATH=/config/ssl/key.rsa.pem --env TLS_LEVEL=intermediate --network test-network --network-alias example.test --hostname mail.example.test --tty mailserver-testing:ci
     f7d78f74fc3eedaa1277f63d9b7a2d06f22fbae7705f75b842b56bed71fce40b
   [ TASKLOG ]  mail.example.test is up and running
   $ docker run --rm --user 501:20 --network test-network --volume /Users/norsegaud/docker-mailserver/test/test-files/ssl/example.test/:/config/ssl/:ro --volume /var/folders/vb/pjyhgj4s491_k0t025_j56y00000gn/T//results/rsa/intermediate/:/output --workdir /output drwetter/testssl.sh:3.1dev --quiet --file /config/ssl/testssl.txt --mode parallel --overwrite --preference
     standard_init_linux.go:228: exec user process caused: permission denied
   
   -- command failed --
   status : 1
   output : standard_init_linux.go:228: exec user process caused: permission denied
   --

It seems like --user 501:20 is the issue as it runs without it. The comment says

--user "<uid>:<gid>" is a workaround: Avoids permission denied write errors for json output, uses id to match user uid & gid.

@polarathene, I'm going to see if anything else fails after removing it but I wanted to see if it's ok if it's removed (as long as everything else passes).

--user 501:20 --network test-network --volume /Users/norsegaud/

That is odd looking uid and gid values, and with that volume is this Windows/WSL? That context seems to be missing in the CI tests (due to lack of verbose flag I guess?)

But this other volume looks more of an issue:

--volume /var/folders/vb/pjyhgj4s491_k0t025_j56y00000gn/T//results/rsa/intermediate/:/output

I'm not familiar with this mount, but that T//results looks a bit broken path wise? I don't think it should have two / in a row like that?

Chances are the --user may be misleading here as the cause, and rather the path to write to is invalid due to some change in this PR? I believe that is meant to be temporary output for the testssl container to write JSON to.

I think my test was one of the only ones to write to such a location which might be why it's failing in particular, if so it'd be better to fix whatever change has introduced that breakage, and not quick fix it by modifying the temporary files location used in the test.

I believe whatever changes have been introduced have broken the functionality of ${BATS_TMPDIR} providing a valid path prefix here:

EDIT: If you are noticing any issues with Windows/WSL running the tests that are inconsistent with the CI, it might be another reason in favor of running bats from docker? I was looking into that at some point, not entirely sure if it'd resolve any issues with volume mounts though (a throwaway data volume that is a container instead of bind mount on the host filesystem might also work?).

Thanks @polarathene , appreciate your insight. So, I rolled bats back to 1.3.0 and it works. It looks like 1.4.0 introduced a change to BATS_TMPDIR: bats-core/bats-core#410 (comment)

How the hell this didn't fail in #2095 is beyond me... Might be good to have @casperklein and @georglauterbach take a look if they get a few minutes. I'm unsure about how the CI is all set up TBH. IMO this shouldn't have passed...

Please ignore the bats submodule for now. I'm using that to gain visibility into the tests and will revert it soon.

Is this WIP or ready to be revied?

@georglauterbach , no it's ready for review

@NorseGaud when you push yourself, my review will be dismissed I think. But @docker-mailserver/maintainers can update the branch via the webUI which should not dismiss it (if that is somehow important) :D

I could do it myself, but I've become cautious with your PRs because I already messed up twice in other PRs 😆

LGTM 👍

@casperklein or @wernerfred feel free to merge this PR if you approve it :)

I will go ahead and merge this :)

I hadn't time to review this yet. Otherwise I had approved it..

Dito ⌛