Skip to content

Commit

Permalink
tests/installed: New installed, privileged tests using Fedora AH
Browse files Browse the repository at this point in the history
Our container-driven tests can't e.g. test SELinux sanely, and
have to support being run as root *and* non-root too.

Use redhat-ci to provision a VM and run tests directly there. These are
installed tests too.

Closes: #806

Closes: #807
Approved by: jlebon
  • Loading branch information
cgwalters authored and rh-atomic-bot committed Apr 25, 2017
1 parent 8b4196d commit 654b0c4
Show file tree
Hide file tree
Showing 10 changed files with 160 additions and 3 deletions.
34 changes: 34 additions & 0 deletions .redhat-ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -101,3 +101,37 @@ tests:

artifacts:
- test-suite.log

---

inherit: false
branches:
- master
- auto
- try

context: f25ah-insttest
required: false

cluster:
hosts:
- name: vmcheck
distro: fedora/25/atomic
container:
image: projectatomic/ostree-tester

build:
config-opts: >
--prefix=/usr
--libdir=/usr/lib64
--enable-gtk-doc
# Copy the build from the container to the host; ideally down the line
# this is installing an RPM via https://github.com/jlebon/redhat-ci/issues/10
tests:
- make install DESTDIR=$(pwd)/insttree
- rsync -rl -e 'ssh -o User=root' . vmcheck:ostree/
- ssh root@vmcheck 'ostree admin unlock && rsync -rlv ./ostree/insttree/usr/ /usr/ && ./ostree/tests/installed/run.sh'

artifacts:
- test-suite.log
2 changes: 1 addition & 1 deletion Makefile-tests.am
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@ dist_installed_test_data = tests/archive-test.sh \
tests/pre-endian-deltas-repo-little.tar.xz \
$(NULL)

EXTRA_DIST += tests/libtest.sh
EXTRA_DIST += tests/libtest.sh tests/libtest-core.sh

dist_test_extra_scripts = \
tests/bootloader-entries-crosscheck.py \
Expand Down
2 changes: 1 addition & 1 deletion maint.mk
Original file line number Diff line number Diff line change
Expand Up @@ -1123,7 +1123,7 @@ sc_copyright_check:
sc_missing_cmd_prefix:
@prohibit='^ostree ' \
halt='found missing ${CMD_PREFIX}' \
in_vc_files='$tests/.*\.sh$$' \
in_vc_files='$tests/[^/]*\.sh$$' \
$(_sc_search_regexp)
# If tests/help-version exists and seems to be new enough, assume that its
Expand Down
2 changes: 2 additions & 0 deletions tests/installed/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
This suite of tests is currently run from redhat-ci;
they're intended to run as root.
48 changes: 48 additions & 0 deletions tests/installed/libinsttest.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
# Common definitions for installed, privileged tests
#
# Copyright (C) 2017 Colin Walters <walters@verbum.org>
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the
# Free Software Foundation, Inc., 59 Temple Place - Suite 330,
# Boston, MA 02111-1307, USA.

dn=$(dirname $0)
. ${dn}/libtest-core.sh

# Determine our origin refspec - we'll use this as a test base
rpmostree=$(which rpm-ostree 2>/dev/null)
if test -z "${rpmostree}"; then
skip "no rpm-ostree, at some point point this to raw ostree too"
fi

# We need to be root
assert_streq $(id -u) 0

PYTHON=
for py in /usr/bin/python3 /usr/bin/python; do
if ! test -x ${py}; then continue; fi
export PYTHON=${py}
break
done
if test -z "${PYTHON}"; then
fatal "no python found"
fi

rpmostree_query_json() {
query=$1
rpm-ostree status --json | $PYTHON -c 'import json,sys; v=json.load(sys.stdin); print(v'${query}')'
}
host_refspec=$(rpmostree_query_json '["deployments"][0]["origin"]')
host_commit=$(rpmostree_query_json '["deployments"][0]["checksum"]')
host_osname=$(rpmostree_query_json '["deployments"][0]["osname"]')
1 change: 1 addition & 0 deletions tests/installed/libtest-core.sh
9 changes: 9 additions & 0 deletions tests/installed/run.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
#!/bin/bash

set -xeuo pipefail

dn=$(dirname $0)
for tn in ${dn}/test-*.sh; do
echo Executing: ${tn}
${tn}
done
42 changes: 42 additions & 0 deletions tests/installed/test-bare-root.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
#!/bin/bash

# Tests of the "raw ostree" functionality using the host's ostree repo as uid 0.

set -xeuo pipefail

dn=$(dirname $0)
. ${dn}/libinsttest.sh

echo "1..2"

cd /ostree/repo/tmp
rm co -rf
rm co-testref -rf
ostree refs --delete testref
ostree checkout -H ${host_refspec} co
victim_symlink=/usr/bin/gtar # Seems likely to stick around
# Copy the link to avoid corrupting it
cp co/${victim_symlink}{,.tmp}
mv co/${victim_symlink}{.tmp,}
# Add another xattr to a symlink and a directory, since otherwise this is unusual
setfattr -n security.biometric -v iris co/${victim_symlink}
setfattr -n security.crunchy -v withketchup co/usr/bin
csum=$(ostree commit -b testref --link-checkout-speedup --tree=dir=co)
ostree fsck
ostree ls -X testref ${victim_symlink} > ls.txt
assert_file_has_content ls.txt 'security.biometric'
ostree ls -X ${host_refspec} ${victim_symlink} > ls.txt
assert_not_file_has_content ls.txt security.biometric
ostree ls -X testref usr/bin > ls.txt
assert_file_has_content ls.txt 'security.crunchy'

ostree checkout -H testref co-testref
getfattr -n security.biometric co-testref/${victim_symlink} > xattr.txt
assert_file_has_content xattr.txt 'security.biometric="iris"'
getfattr -n security.crunchy co-testref/usr/bin > xattr.txt
assert_file_has_content xattr.txt 'security.crunchy="withketchup"'

rm co -rf
rm co-testref -rf

echo "ok xattrs"
21 changes: 21 additions & 0 deletions tests/installed/test-deploy-selinux.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
#!/bin/bash

# Verify our /etc merge works with selinux

set -xeuo pipefail

dn=$(dirname $0)
. ${dn}/libinsttest.sh

# Create a new deployment
ostree admin deploy --karg-proc-cmdline ${host_refspec}
new_deployment_path=/ostree/deploy/${host_osname}/deploy/${host_commit}.1

# A set of files that have a variety of security contexts
for file in fstab passwd exports hostname sysctl.conf; do
current=$(cd /etc && ls -Z ${file})
new=$(cd ${new_deployment_path}/etc && ls -Z ${file})
assert_streq "${current}" "${new}"
done

ostree admin undeploy 0
2 changes: 1 addition & 1 deletion tests/libtest.sh
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@
# Boston, MA 02111-1307, USA.

dn=$(dirname $0)
. ${dn}/libtest-core.sh

if [ -n "${G_TEST_SRCDIR:-}" ]; then
test_srcdir="${G_TEST_SRCDIR}/tests"
Expand All @@ -31,6 +30,7 @@ if [ -n "${G_TEST_BUILDDIR:-}" ]; then
else
test_builddir=$(dirname $0)
fi
. ${test_srcdir}/libtest-core.sh

test_tmpdir=$(pwd)

Expand Down

0 comments on commit 654b0c4

Please sign in to comment.