diff --git a/.redhat-ci.yml b/.redhat-ci.yml index 9eaf93cac6..e560404076 100644 --- a/.redhat-ci.yml +++ b/.redhat-ci.yml @@ -101,3 +101,37 @@ tests: artifacts: - test-suite.log + +--- + +inherit: false +branches: + - master + - auto + - try + +context: f25ah-insttest +required: false + +cluster: + hosts: + - name: vmcheck + distro: fedora/25/atomic + container: + image: projectatomic/ostree-tester + +build: + config-opts: > + --prefix=/usr + --libdir=/usr/lib64 + --enable-gtk-doc + +# Copy the build from the container to the host; ideally down the line +# this is installing an RPM via https://github.com/jlebon/redhat-ci/issues/10 +tests: + - make install DESTDIR=$(pwd)/insttree + - rsync -rl -e 'ssh -o User=root' . vmcheck:ostree/ + - ssh root@vmcheck 'ostree admin unlock && rsync -rlv ./ostree/insttree/usr/ /usr/ && ./ostree/tests/installed/run.sh' + +artifacts: + - test-suite.log diff --git a/Makefile-tests.am b/Makefile-tests.am index 8389331d96..fd79517cfe 100644 --- a/Makefile-tests.am +++ b/Makefile-tests.am @@ -129,7 +129,7 @@ dist_installed_test_data = tests/archive-test.sh \ tests/pre-endian-deltas-repo-little.tar.xz \ $(NULL) -EXTRA_DIST += tests/libtest.sh +EXTRA_DIST += tests/libtest.sh tests/libtest-core.sh dist_test_extra_scripts = \ tests/bootloader-entries-crosscheck.py \ diff --git a/maint.mk b/maint.mk index 3a6c9a885e..ff231c7d80 100644 --- a/maint.mk +++ b/maint.mk @@ -1123,7 +1123,7 @@ sc_copyright_check: sc_missing_cmd_prefix: @prohibit='^ostree ' \ halt='found missing ${CMD_PREFIX}' \ - in_vc_files='$tests/.*\.sh$$' \ + in_vc_files='$tests/[^/]*\.sh$$' \ $(_sc_search_regexp) # If tests/help-version exists and seems to be new enough, assume that its diff --git a/tests/installed/README.md b/tests/installed/README.md new file mode 100644 index 0000000000..45bf7d93aa --- /dev/null +++ b/tests/installed/README.md @@ -0,0 +1,2 @@ +This suite of tests is currently run from redhat-ci; +they're intended to run as root. diff --git a/tests/installed/libinsttest.sh b/tests/installed/libinsttest.sh new file mode 100644 index 0000000000..4f72b651c5 --- /dev/null +++ b/tests/installed/libinsttest.sh @@ -0,0 +1,48 @@ +# Common definitions for installed, privileged tests +# +# Copyright (C) 2017 Colin Walters +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the +# Free Software Foundation, Inc., 59 Temple Place - Suite 330, +# Boston, MA 02111-1307, USA. + +dn=$(dirname $0) +. ${dn}/libtest-core.sh + +# Determine our origin refspec - we'll use this as a test base +rpmostree=$(which rpm-ostree 2>/dev/null) +if test -z "${rpmostree}"; then + skip "no rpm-ostree, at some point point this to raw ostree too" +fi + +# We need to be root +assert_streq $(id -u) 0 + +PYTHON= +for py in /usr/bin/python3 /usr/bin/python; do + if ! test -x ${py}; then continue; fi + export PYTHON=${py} + break +done +if test -z "${PYTHON}"; then + fatal "no python found" +fi + +rpmostree_query_json() { + query=$1 + rpm-ostree status --json | $PYTHON -c 'import json,sys; v=json.load(sys.stdin); print(v'${query}')' +} +host_refspec=$(rpmostree_query_json '["deployments"][0]["origin"]') +host_commit=$(rpmostree_query_json '["deployments"][0]["checksum"]') +host_osname=$(rpmostree_query_json '["deployments"][0]["osname"]') diff --git a/tests/installed/libtest-core.sh b/tests/installed/libtest-core.sh new file mode 120000 index 0000000000..d26203e2b7 --- /dev/null +++ b/tests/installed/libtest-core.sh @@ -0,0 +1 @@ +../libtest-core.sh \ No newline at end of file diff --git a/tests/installed/run.sh b/tests/installed/run.sh new file mode 100755 index 0000000000..3c60a6e2f5 --- /dev/null +++ b/tests/installed/run.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +set -xeuo pipefail + +dn=$(dirname $0) +for tn in ${dn}/test-*.sh; do + echo Executing: ${tn} + ${tn} +done diff --git a/tests/installed/test-bare-root.sh b/tests/installed/test-bare-root.sh new file mode 100755 index 0000000000..0d384c2c35 --- /dev/null +++ b/tests/installed/test-bare-root.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +# Tests of the "raw ostree" functionality using the host's ostree repo as uid 0. + +set -xeuo pipefail + +dn=$(dirname $0) +. ${dn}/libinsttest.sh + +echo "1..2" + +cd /ostree/repo/tmp +rm co -rf +rm co-testref -rf +ostree refs --delete testref +ostree checkout -H ${host_refspec} co +victim_symlink=/usr/bin/gtar # Seems likely to stick around +# Copy the link to avoid corrupting it +cp co/${victim_symlink}{,.tmp} +mv co/${victim_symlink}{.tmp,} +# Add another xattr to a symlink and a directory, since otherwise this is unusual +setfattr -n security.biometric -v iris co/${victim_symlink} +setfattr -n security.crunchy -v withketchup co/usr/bin +csum=$(ostree commit -b testref --link-checkout-speedup --tree=dir=co) +ostree fsck +ostree ls -X testref ${victim_symlink} > ls.txt +assert_file_has_content ls.txt 'security.biometric' +ostree ls -X ${host_refspec} ${victim_symlink} > ls.txt +assert_not_file_has_content ls.txt security.biometric +ostree ls -X testref usr/bin > ls.txt +assert_file_has_content ls.txt 'security.crunchy' + +ostree checkout -H testref co-testref +getfattr -n security.biometric co-testref/${victim_symlink} > xattr.txt +assert_file_has_content xattr.txt 'security.biometric="iris"' +getfattr -n security.crunchy co-testref/usr/bin > xattr.txt +assert_file_has_content xattr.txt 'security.crunchy="withketchup"' + +rm co -rf +rm co-testref -rf + +echo "ok xattrs" diff --git a/tests/installed/test-deploy-selinux.sh b/tests/installed/test-deploy-selinux.sh new file mode 100755 index 0000000000..c4965f879d --- /dev/null +++ b/tests/installed/test-deploy-selinux.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +# Verify our /etc merge works with selinux + +set -xeuo pipefail + +dn=$(dirname $0) +. ${dn}/libinsttest.sh + +# Create a new deployment +ostree admin deploy --karg-proc-cmdline ${host_refspec} +new_deployment_path=/ostree/deploy/${host_osname}/deploy/${host_commit}.1 + +# A set of files that have a variety of security contexts +for file in fstab passwd exports hostname sysctl.conf; do + current=$(cd /etc && ls -Z ${file}) + new=$(cd ${new_deployment_path}/etc && ls -Z ${file}) + assert_streq "${current}" "${new}" +done + +ostree admin undeploy 0 diff --git a/tests/libtest-core.sh b/tests/libtest-core.sh new file mode 100644 index 0000000000..ae7f381f81 --- /dev/null +++ b/tests/libtest-core.sh @@ -0,0 +1,111 @@ +# Core source library for shell script tests +# +# Copyright (C) 2017 Colin Walters +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the +# Free Software Foundation, Inc., 59 Temple Place - Suite 330, +# Boston, MA 02111-1307, USA. + +fatal() { + echo $@ 1>&2; exit 1 +} +# fatal() is shorter to type, but retain this alias +assert_not_reached () { + fatal "$@" +} + +# Some tests look for specific English strings. Use a UTF-8 version +# of the C (POSIX) locale if we have one, or fall back to POSIX +# (https://sourceware.org/glibc/wiki/Proposals/C.UTF-8) +if locale -a | grep C.UTF-8 >/dev/null; then + export LC_ALL=C.UTF-8 +else + export LC_ALL=C +fi + +# This should really be the default IMO +export G_DEBUG=fatal-warnings +assert_streq () { + test "$1" = "$2" || fatal "$1 != $2" +} + +assert_str_match () { + if ! echo "$1" | grep -E -q "$2"; then + fatal "$1 does not match regexp $2" + fi +} + +assert_not_streq () { + (! test "$1" = "$2") || fatal "$1 == $2" +} + +assert_has_file () { + test -f "$1" || fatal "Couldn't find '$1'" +} + +assert_has_dir () { + test -d "$1" || fatal "Couldn't find '$1'" +} + +assert_not_has_file () { + if test -f "$1"; then + sed -e 's/^/# /' < "$1" >&2 + fatal "File '$1' exists" + fi +} + +assert_not_file_has_content () { + if grep -q -e "$2" "$1"; then + sed -e 's/^/# /' < "$1" >&2 + fatal "File '$1' incorrectly matches regexp '$2'" + fi +} + +assert_not_has_dir () { + if test -d "$1"; then + fatal "Directory '$1' exists" + fi +} + +assert_file_has_content () { + if ! grep -q -e "$2" "$1"; then + sed -e 's/^/# /' < "$1" >&2 + fatal "File '$1' doesn't match regexp '$2'" + fi +} + +assert_symlink_has_content () { + if ! test -L "$1"; then + echo 1>&2 "File '$1' is not a symbolic link" + exit 1 + fi + if ! readlink "$1" | grep -q -e "$2"; then + sed -e 's/^/# /' < "$1" >&2 + echo 1>&2 "Symbolic link '$1' doesn't match regexp '$2'" + exit 1 + fi +} + +assert_file_empty() { + if test -s "$1"; then + sed -e 's/^/# /' < "$1" >&2 + fatal "File '$1' is not empty" + fi +} + +# Use to skip all of these tests +skip() { + echo "1..0 # SKIP" "$@" + exit 0 +} diff --git a/tests/libtest.sh b/tests/libtest.sh index 58351f8116..c667bcc2a4 100755 --- a/tests/libtest.sh +++ b/tests/libtest.sh @@ -17,6 +17,8 @@ # Free Software Foundation, Inc., 59 Temple Place - Suite 330, # Boston, MA 02111-1307, USA. +dn=$(dirname $0) + if [ -n "${G_TEST_SRCDIR:-}" ]; then test_srcdir="${G_TEST_SRCDIR}/tests" else @@ -28,26 +30,10 @@ if [ -n "${G_TEST_BUILDDIR:-}" ]; then else test_builddir=$(dirname $0) fi - -fatal() { - echo $@ 1>&2; exit 1 -} -# fatal() is shorter to type, but retain this alias -assert_not_reached () { - fatal "$@" -} +. ${test_srcdir}/libtest-core.sh test_tmpdir=$(pwd) -# Some tests look for specific English strings. Use a UTF-8 version -# of the C (POSIX) locale if we have one, or fall back to POSIX -# (https://sourceware.org/glibc/wiki/Proposals/C.UTF-8) -if locale -a | grep C.UTF-8 >/dev/null; then - export LC_ALL=C.UTF-8 -else - export LC_ALL=C -fi - # Sanity check that we're in a tmpdir that has # just .testtmp (created by tap-driver for `make check`, # or nothing at all (as ginstest-runner does) @@ -62,8 +48,6 @@ if ! test -f .testtmp; then touch .testtmp fi -export G_DEBUG=fatal-warnings - # Also, unbreak `tar` inside `make check`...Automake will inject # TAR_OPTIONS: --owner=0 --group=0 --numeric-owner presumably so that # tarballs are predictable, except we don't want this in our tests. @@ -124,74 +108,6 @@ else OSTREE_HTTPD="${CMD_PREFIX} ostree trivial-httpd" fi -assert_streq () { - test "$1" = "$2" || fatal "$1 != $2" -} - -assert_str_match () { - if ! echo "$1" | grep -E -q "$2"; then - fatal "$1 does not match regexp $2" - fi -} - -assert_not_streq () { - (! test "$1" = "$2") || fatal "$1 == $2" -} - -assert_has_file () { - test -f "$1" || fatal "Couldn't find '$1'" -} - -assert_has_dir () { - test -d "$1" || fatal "Couldn't find '$1'" -} - -assert_not_has_file () { - if test -f "$1"; then - sed -e 's/^/# /' < "$1" >&2 - fatal "File '$1' exists" - fi -} - -assert_not_file_has_content () { - if grep -q -e "$2" "$1"; then - sed -e 's/^/# /' < "$1" >&2 - fatal "File '$1' incorrectly matches regexp '$2'" - fi -} - -assert_not_has_dir () { - if test -d "$1"; then - fatal "Directory '$1' exists" - fi -} - -assert_file_has_content () { - if ! grep -q -e "$2" "$1"; then - sed -e 's/^/# /' < "$1" >&2 - fatal "File '$1' doesn't match regexp '$2'" - fi -} - -assert_symlink_has_content () { - if ! test -L "$1"; then - echo 1>&2 "File '$1' is not a symbolic link" - exit 1 - fi - if ! readlink "$1" | grep -q -e "$2"; then - sed -e 's/^/# /' < "$1" >&2 - echo 1>&2 "Symbolic link '$1' doesn't match regexp '$2'" - exit 1 - fi -} - -assert_file_empty() { - if test -s "$1"; then - sed -e 's/^/# /' < "$1" >&2 - fatal "File '$1' is not empty" - fi -} - assert_files_hardlinked() { f1=$(stat -c %i $1) f2=$(stat -c %i $2) @@ -541,11 +457,6 @@ os_repository_new_commit () cd ${test_tmpdir} } -skip() { - echo "1..0 # SKIP" "$@" - exit 0 -} - skip_without_user_xattrs () { touch test-xattrs setfattr -n user.testvalue -v somevalue test-xattrs || \