packaging
/
ostree
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tests/installed: New installed, privileged tests using Fedora AH 

Our container-driven tests can't e.g. test SELinux sanely, and
have to support being run as root *and* non-root too.

Use redhat-ci to provision a VM and run tests directly there. These are
installed tests too.

Closes: https://github.com/ostreedev/ostree/issues/806

Closes: #807
Approved by: jlebon
This commit is contained in:
Colin Walters 2017-04-24 14:40:06 -04:00 committed by Atomic Bot
parent 8b4196d8f7
commit 654b0c4877
10 changed files with 160 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
.redhat-ci.yml
View File

@ -101,3 +101,37 @@ tests:
artifacts: artifacts:
- test-suite.log - test-suite.log
---
inherit: false
branches:
- master
- auto
- try
context: f25ah-insttest
required: false
cluster:
hosts:
- name: vmcheck
distro: fedora/25/atomic
container:
image: projectatomic/ostree-tester
build:
config-opts: >
--prefix=/usr
--libdir=/usr/lib64
--enable-gtk-doc
# Copy the build from the container to the host; ideally down the line
# this is installing an RPM via https://github.com/jlebon/redhat-ci/issues/10
tests:
- make install DESTDIR=$(pwd)/insttree
- rsync -rl -e 'ssh -o User=root' . vmcheck:ostree/
- ssh root@vmcheck 'ostree admin unlock && rsync -rlv ./ostree/insttree/usr/ /usr/ && ./ostree/tests/installed/run.sh'
artifacts:
- test-suite.log

2
Makefile-tests.am
View File

@ -130,7 +130,7 @@ dist_installed_test_data = tests/archive-test.sh \
tests/pre-endian-deltas-repo-little.tar.xz \ tests/pre-endian-deltas-repo-little.tar.xz \
$(NULL) $(NULL)
EXTRA_DIST += tests/libtest.sh EXTRA_DIST += tests/libtest.sh tests/libtest-core.sh
dist_test_extra_scripts = \ dist_test_extra_scripts = \
tests/bootloader-entries-crosscheck.py \ tests/bootloader-entries-crosscheck.py \

2
maint.mk
View File

@ -1123,7 +1123,7 @@ sc_copyright_check:
sc_missing_cmd_prefix: sc_missing_cmd_prefix:
@prohibit='^ostree ' \ @prohibit='^ostree ' \
halt='found missing ${CMD_PREFIX}' \ halt='found missing ${CMD_PREFIX}' \
in_vc_files='$tests/.*\.sh$$' \ in_vc_files='$tests/[^/]*\.sh$$' \
$(_sc_search_regexp) $(_sc_search_regexp)
# If tests/help-version exists and seems to be new enough, assume that its # If tests/help-version exists and seems to be new enough, assume that its

2
tests/installed/README.md Normal file
View File

@ -0,0 +1,2 @@
This suite of tests is currently run from redhat-ci;
they're intended to run as root.

48
tests/installed/libinsttest.sh Normal file
View File

@ -0,0 +1,48 @@
# Common definitions for installed, privileged tests
#
# Copyright (C) 2017 Colin Walters <walters@verbum.org>
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the
# Free Software Foundation, Inc., 59 Temple Place - Suite 330,
# Boston, MA 02111-1307, USA.
dn=$(dirname $0)
. ${dn}/libtest-core.sh
# Determine our origin refspec - we'll use this as a test base
rpmostree=$(which rpm-ostree 2>/dev/null)
if test -z "${rpmostree}"; then
skip "no rpm-ostree, at some point point this to raw ostree too"
fi
# We need to be root
assert_streq $(id -u) 0
PYTHON=
for py in /usr/bin/python3 /usr/bin/python; do
if ! test -x ${py}; then continue; fi
export PYTHON=${py}
break
done
if test -z "${PYTHON}"; then
fatal "no python found"
fi
rpmostree_query_json() {
query=$1
rpm-ostree status --json | $PYTHON -c 'import json,sys; v=json.load(sys.stdin); print(v'${query}')'
}
host_refspec=$(rpmostree_query_json '["deployments"][0]["origin"]')
host_commit=$(rpmostree_query_json '["deployments"][0]["checksum"]')
host_osname=$(rpmostree_query_json '["deployments"][0]["osname"]')

1
tests/installed/libtest-core.sh Symbolic link
View File

@ -0,0 +1 @@
../libtest-core.sh

9
tests/installed/run.sh Executable file
View File

@ -0,0 +1,9 @@
#!/bin/bash
set -xeuo pipefail
dn=$(dirname $0)
for tn in ${dn}/test-*.sh; do
echo Executing: ${tn}
${tn}
done

42
tests/installed/test-bare-root.sh Executable file
View File

@ -0,0 +1,42 @@
#!/bin/bash
# Tests of the "raw ostree" functionality using the host's ostree repo as uid 0.
set -xeuo pipefail
dn=$(dirname $0)
. ${dn}/libinsttest.sh
echo "1..2"
cd /ostree/repo/tmp
rm co -rf
rm co-testref -rf
ostree refs --delete testref
ostree checkout -H ${host_refspec} co
victim_symlink=/usr/bin/gtar # Seems likely to stick around
# Copy the link to avoid corrupting it
cp co/${victim_symlink}{,.tmp}
mv co/${victim_symlink}{.tmp,}
# Add another xattr to a symlink and a directory, since otherwise this is unusual
setfattr -n security.biometric -v iris co/${victim_symlink}
setfattr -n security.crunchy -v withketchup co/usr/bin
csum=$(ostree commit -b testref --link-checkout-speedup --tree=dir=co)
ostree fsck
ostree ls -X testref ${victim_symlink} > ls.txt
assert_file_has_content ls.txt 'security.biometric'
ostree ls -X ${host_refspec} ${victim_symlink} > ls.txt
assert_not_file_has_content ls.txt security.biometric
ostree ls -X testref usr/bin > ls.txt
assert_file_has_content ls.txt 'security.crunchy'
ostree checkout -H testref co-testref
getfattr -n security.biometric co-testref/${victim_symlink} > xattr.txt
assert_file_has_content xattr.txt 'security.biometric="iris"'
getfattr -n security.crunchy co-testref/usr/bin > xattr.txt
assert_file_has_content xattr.txt 'security.crunchy="withketchup"'
rm co -rf
rm co-testref -rf
echo "ok xattrs"

21
tests/installed/test-deploy-selinux.sh Executable file
View File

@ -0,0 +1,21 @@
#!/bin/bash
# Verify our /etc merge works with selinux
set -xeuo pipefail
dn=$(dirname $0)
. ${dn}/libinsttest.sh
# Create a new deployment
ostree admin deploy --karg-proc-cmdline ${host_refspec}
new_deployment_path=/ostree/deploy/${host_osname}/deploy/${host_commit}.1
# A set of files that have a variety of security contexts
for file in fstab passwd exports hostname sysctl.conf; do
current=$(cd /etc && ls -Z ${file})
new=$(cd ${new_deployment_path}/etc && ls -Z ${file})
assert_streq "${current}" "${new}"
done
ostree admin undeploy 0

2
tests/libtest.sh
View File

@ -18,7 +18,6 @@
# Boston, MA 02111-1307, USA. # Boston, MA 02111-1307, USA.
dn=$(dirname $0) dn=$(dirname $0)
. ${dn}/libtest-core.sh
if [ -n "${G_TEST_SRCDIR:-}" ]; then if [ -n "${G_TEST_SRCDIR:-}" ]; then
test_srcdir="${G_TEST_SRCDIR}/tests" test_srcdir="${G_TEST_SRCDIR}/tests"
@ -31,6 +30,7 @@ if [ -n "${G_TEST_BUILDDIR:-}" ]; then
else else
test_builddir=$(dirname $0) test_builddir=$(dirname $0)
fi fi
. ${test_srcdir}/libtest-core.sh
test_tmpdir=$(pwd) test_tmpdir=$(pwd)