diff options
-rw-r--r-- | .redhat-ci.yml | 34 | ||||
-rw-r--r-- | Makefile-tests.am | 2 | ||||
-rw-r--r-- | maint.mk | 2 | ||||
-rw-r--r-- | tests/installed/README.md | 2 | ||||
-rw-r--r-- | tests/installed/libinsttest.sh | 48 | ||||
l--------- | tests/installed/libtest-core.sh | 1 | ||||
-rwxr-xr-x | tests/installed/run.sh | 9 | ||||
-rwxr-xr-x | tests/installed/test-bare-root.sh | 42 | ||||
-rwxr-xr-x | tests/installed/test-deploy-selinux.sh | 21 | ||||
-rwxr-xr-x | tests/libtest.sh | 2 |
10 files changed, 160 insertions, 3 deletions
diff --git a/.redhat-ci.yml b/.redhat-ci.yml index 9eaf93ca..e5604040 100644 --- a/.redhat-ci.yml +++ b/.redhat-ci.yml @@ -101,3 +101,37 @@ tests: artifacts: - test-suite.log + +--- + +inherit: false +branches: + - master + - auto + - try + +context: f25ah-insttest +required: false + +cluster: + hosts: + - name: vmcheck + distro: fedora/25/atomic + container: + image: projectatomic/ostree-tester + +build: + config-opts: > + --prefix=/usr + --libdir=/usr/lib64 + --enable-gtk-doc + +# Copy the build from the container to the host; ideally down the line +# this is installing an RPM via https://github.com/jlebon/redhat-ci/issues/10 +tests: + - make install DESTDIR=$(pwd)/insttree + - rsync -rl -e 'ssh -o User=root' . vmcheck:ostree/ + - ssh root@vmcheck 'ostree admin unlock && rsync -rlv ./ostree/insttree/usr/ /usr/ && ./ostree/tests/installed/run.sh' + +artifacts: + - test-suite.log diff --git a/Makefile-tests.am b/Makefile-tests.am index d2059e3a..a0eefdb9 100644 --- a/Makefile-tests.am +++ b/Makefile-tests.am @@ -130,7 +130,7 @@ dist_installed_test_data = tests/archive-test.sh \ tests/pre-endian-deltas-repo-little.tar.xz \ $(NULL) -EXTRA_DIST += tests/libtest.sh +EXTRA_DIST += tests/libtest.sh tests/libtest-core.sh dist_test_extra_scripts = \ tests/bootloader-entries-crosscheck.py \ @@ -1123,7 +1123,7 @@ sc_copyright_check: sc_missing_cmd_prefix: @prohibit='^ostree ' \ halt='found missing ${CMD_PREFIX}' \ - in_vc_files='$tests/.*\.sh$$' \ + in_vc_files='$tests/[^/]*\.sh$$' \ $(_sc_search_regexp) # If tests/help-version exists and seems to be new enough, assume that its diff --git a/tests/installed/README.md b/tests/installed/README.md new file mode 100644 index 00000000..45bf7d93 --- /dev/null +++ b/tests/installed/README.md @@ -0,0 +1,2 @@ +This suite of tests is currently run from redhat-ci; +they're intended to run as root. diff --git a/tests/installed/libinsttest.sh b/tests/installed/libinsttest.sh new file mode 100644 index 00000000..4f72b651 --- /dev/null +++ b/tests/installed/libinsttest.sh @@ -0,0 +1,48 @@ +# Common definitions for installed, privileged tests +# +# Copyright (C) 2017 Colin Walters <walters@verbum.org> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the +# Free Software Foundation, Inc., 59 Temple Place - Suite 330, +# Boston, MA 02111-1307, USA. + +dn=$(dirname $0) +. ${dn}/libtest-core.sh + +# Determine our origin refspec - we'll use this as a test base +rpmostree=$(which rpm-ostree 2>/dev/null) +if test -z "${rpmostree}"; then + skip "no rpm-ostree, at some point point this to raw ostree too" +fi + +# We need to be root +assert_streq $(id -u) 0 + +PYTHON= +for py in /usr/bin/python3 /usr/bin/python; do + if ! test -x ${py}; then continue; fi + export PYTHON=${py} + break +done +if test -z "${PYTHON}"; then + fatal "no python found" +fi + +rpmostree_query_json() { + query=$1 + rpm-ostree status --json | $PYTHON -c 'import json,sys; v=json.load(sys.stdin); print(v'${query}')' +} +host_refspec=$(rpmostree_query_json '["deployments"][0]["origin"]') +host_commit=$(rpmostree_query_json '["deployments"][0]["checksum"]') +host_osname=$(rpmostree_query_json '["deployments"][0]["osname"]') diff --git a/tests/installed/libtest-core.sh b/tests/installed/libtest-core.sh new file mode 120000 index 00000000..d26203e2 --- /dev/null +++ b/tests/installed/libtest-core.sh @@ -0,0 +1 @@ +../libtest-core.sh
\ No newline at end of file diff --git a/tests/installed/run.sh b/tests/installed/run.sh new file mode 100755 index 00000000..3c60a6e2 --- /dev/null +++ b/tests/installed/run.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +set -xeuo pipefail + +dn=$(dirname $0) +for tn in ${dn}/test-*.sh; do + echo Executing: ${tn} + ${tn} +done diff --git a/tests/installed/test-bare-root.sh b/tests/installed/test-bare-root.sh new file mode 100755 index 00000000..0d384c2c --- /dev/null +++ b/tests/installed/test-bare-root.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +# Tests of the "raw ostree" functionality using the host's ostree repo as uid 0. + +set -xeuo pipefail + +dn=$(dirname $0) +. ${dn}/libinsttest.sh + +echo "1..2" + +cd /ostree/repo/tmp +rm co -rf +rm co-testref -rf +ostree refs --delete testref +ostree checkout -H ${host_refspec} co +victim_symlink=/usr/bin/gtar # Seems likely to stick around +# Copy the link to avoid corrupting it +cp co/${victim_symlink}{,.tmp} +mv co/${victim_symlink}{.tmp,} +# Add another xattr to a symlink and a directory, since otherwise this is unusual +setfattr -n security.biometric -v iris co/${victim_symlink} +setfattr -n security.crunchy -v withketchup co/usr/bin +csum=$(ostree commit -b testref --link-checkout-speedup --tree=dir=co) +ostree fsck +ostree ls -X testref ${victim_symlink} > ls.txt +assert_file_has_content ls.txt 'security.biometric' +ostree ls -X ${host_refspec} ${victim_symlink} > ls.txt +assert_not_file_has_content ls.txt security.biometric +ostree ls -X testref usr/bin > ls.txt +assert_file_has_content ls.txt 'security.crunchy' + +ostree checkout -H testref co-testref +getfattr -n security.biometric co-testref/${victim_symlink} > xattr.txt +assert_file_has_content xattr.txt 'security.biometric="iris"' +getfattr -n security.crunchy co-testref/usr/bin > xattr.txt +assert_file_has_content xattr.txt 'security.crunchy="withketchup"' + +rm co -rf +rm co-testref -rf + +echo "ok xattrs" diff --git a/tests/installed/test-deploy-selinux.sh b/tests/installed/test-deploy-selinux.sh new file mode 100755 index 00000000..c4965f87 --- /dev/null +++ b/tests/installed/test-deploy-selinux.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +# Verify our /etc merge works with selinux + +set -xeuo pipefail + +dn=$(dirname $0) +. ${dn}/libinsttest.sh + +# Create a new deployment +ostree admin deploy --karg-proc-cmdline ${host_refspec} +new_deployment_path=/ostree/deploy/${host_osname}/deploy/${host_commit}.1 + +# A set of files that have a variety of security contexts +for file in fstab passwd exports hostname sysctl.conf; do + current=$(cd /etc && ls -Z ${file}) + new=$(cd ${new_deployment_path}/etc && ls -Z ${file}) + assert_streq "${current}" "${new}" +done + +ostree admin undeploy 0 diff --git a/tests/libtest.sh b/tests/libtest.sh index 7939e4c7..c667bcc2 100755 --- a/tests/libtest.sh +++ b/tests/libtest.sh @@ -18,7 +18,6 @@ # Boston, MA 02111-1307, USA. dn=$(dirname $0) -. ${dn}/libtest-core.sh if [ -n "${G_TEST_SRCDIR:-}" ]; then test_srcdir="${G_TEST_SRCDIR}/tests" @@ -31,6 +30,7 @@ if [ -n "${G_TEST_BUILDDIR:-}" ]; then else test_builddir=$(dirname $0) fi +. ${test_srcdir}/libtest-core.sh test_tmpdir=$(pwd) |