From 445af087d618bbb77437d710af4abb89697e6d06 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 11 Mar 2021 14:55:27 +0000 Subject: [PATCH] tests: Drain vmcheck/test-misc-1 into kola/misc.sh Where I stalled out before is this file has `pkg-add foo`, but now that we have the `foo` package pre-built we can move all this stuff into `misc.sh`. I dropped the YAML parsing of `--version` because we don't have python. This is related to https://github.com/coreos/coreos-assembler/issues/1645 --- tests/kolainst/nondestructive/misc.sh | 60 ++++++++++++++++ tests/vmcheck/test-misc-1.sh | 100 -------------------------- 2 files changed, 60 insertions(+), 100 deletions(-) delete mode 100755 tests/vmcheck/test-misc-1.sh diff --git a/tests/kolainst/nondestructive/misc.sh b/tests/kolainst/nondestructive/misc.sh index 9ccbd5e2..f1ac9904 100755 --- a/tests/kolainst/nondestructive/misc.sh +++ b/tests/kolainst/nondestructive/misc.sh @@ -38,6 +38,37 @@ echo "ok jsonpath" runuser -u core rpm-ostree status echo "ok status doesn't require root" +if runuser -u core rpm-ostree pkg-add foo &>err.txt; then + fatal "Was able to install a package as non-root!" +fi +assert_file_has_content err.txt 'PkgChange not allowed for user' +if runuser -u core rpm-ostree reload &>err.txt; then + assert_not_reached "Was able to reload as non-root!" +fi +echo "ok polkit" + +wrapdir="/usr/libexec/rpm-ostree/wrapped" +if [ -d "${wrapdir}" ]; then + # Test wrapped functions for rpm + rpm --version + rpm -qa > /dev/null + rpm --verify >out.txt + assert_file_has_content out.txt "rpm --verify is not necessary for ostree-based systems" + rm -f out.txt + if rpm -e bash 2>out.txt; then + fatal "rpm -e worked" + fi + assert_file_has_content out.txt 'Dropping privileges as `rpm` was executed with not "known safe" arguments' + + if dracut --blah 2>out.txt; then + fatal "dracut worked" + fi + assert_file_has_content out.txt 'This system is rpm-ostree based' + rm -f out.txt +else + echo "Missing ${wrapdir}; cliwrap not enabled" +fi + # StateRoot is only in --verbose rpm-ostree status > status.txt assert_not_file_has_content status.txt StateRoot: @@ -75,3 +106,32 @@ echo "ok crypto-policies DEFAULT backend" ldd /usr/lib64/librpmostree-1.so.1 > rpmostree-lib-deps.txt assert_not_file_has_content rpmostree-lib-deps.txt libdnf echo "ok lib deps" + +mv /etc/ostree/remotes.d{,.orig} +systemctl restart rpm-ostreed +rpm-ostree status > status.txt +assert_file_has_content status.txt 'Remote.*not found' +mv /etc/ostree/remotes.d{.orig,} +rpm-ostree reload +echo "ok remote not found" + +rpm-ostree cleanup -p +originpath=$(ostree admin --print-current-dir).origin +unshare -m /bin/bash -c "mount -o remount,rw /sysroot && cp -a ${originpath}{,.orig} && + echo 'unconfigured-state=Access to TestOS requires ONE BILLION DOLLARS' >> ${originpath}" +rpm-ostree reload +rpm-ostree status +if rpm-ostree upgrade 2>err.txt; then + echo "Upgraded from unconfigured-state" + exit 1 +fi +grep -qFe 'ONE BILLION DOLLARS' err.txt +unshare -m /bin/bash -c "mount -o remount,rw /sysroot && cp -a ${originpath}{.orig,}" +rpm-ostree reload +echo "ok unconfigured-state" + +### Stuff following here may mutate the host persistently ### + +rpm-ostree usroverlay +echo some content > /usr/share/testcontent +echo "ok usroverlay" diff --git a/tests/vmcheck/test-misc-1.sh b/tests/vmcheck/test-misc-1.sh deleted file mode 100755 index d113b781..00000000 --- a/tests/vmcheck/test-misc-1.sh +++ /dev/null @@ -1,100 +0,0 @@ -#!/bin/bash -# -# Copyright (C) 2017,2018 Red Hat, Inc. -# -# This library is free software; you can redistribute it and/or -# modify it under the terms of the GNU Lesser General Public -# License as published by the Free Software Foundation; either -# version 2 of the License, or (at your option) any later version. -# -# This library is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this library; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place - Suite 330, -# Boston, MA 02111-1307, USA. - -set -euo pipefail - -. ${commondir}/libtest.sh -. ${commondir}/libvm.sh - -set -x - -# Miscellaneous basic tests; most are nondestructive - -# https://github.com/projectatomic/rpm-ostree/issues/1301 -# FIXME: temporarily disabled as it really wants to start -# from a fresh instance and we don't currently guarantee that. -# -# But we'll rework the test suite to do that soon like -# https://github.com/ostreedev/ostree/pull/1462 -# vm_cmd 'mv /etc/ostree/remotes.d{,.orig}' -# vm_cmd systemctl restart rpm-ostreed -# vm_cmd rpm-ostree status > status.txt -# assert_file_has_content status.txt 'Remote.*not found' -# vm_cmd 'mv /etc/ostree/remotes.d{.orig,}' -# vm_rpmostree reload -# echo "ok remote not found" - -vm_rpmostree --version > version.yaml -python3 -c 'import yaml; v=yaml.safe_load(open("version.yaml")); assert("Version" in v["rpm-ostree"])' -echo "ok yaml version" - -# Make sure we can't do various operations as non-root -vm_build_rpm foo -if vm_cmd_as core rpm-ostree pkg-add foo &> err.txt; then - assert_not_reached "Was able to install a package as non-root!" -fi -assert_file_has_content err.txt 'PkgChange not allowed for user' -if vm_cmd_as core rpm-ostree reload &> err.txt; then - assert_not_reached "Was able to reload as non-root!" -fi -assert_file_has_content err.txt 'ReloadConfig not allowed for user' -echo "ok auth" - -wrapdir="/usr/libexec/rpm-ostree/wrapped" -if [ -d "${wrapdir}" ]; then - # Test wrapped functions for rpm - rpm --version - rpm -qa > /dev/null - rpm --verify >out.txt - assert_file_has_content out.txt "rpm --verify is not necessary for ostree-based systems" - rm -f out.txt - if rpm -e bash 2>out.txt; then - fatal "rpm -e worked" - fi - assert_file_has_content out.txt 'Dropping privileges as `rpm` was executed with not "known safe" arguments' - - if dracut --blah 2>out.txt; then - fatal "dracut worked" - fi - assert_file_has_content out.txt 'This system is rpm-ostree based' - rm -f out.txt -else - echo "Missing ${wrapdir}; cliwrap not enabled" -fi - -vm_rpmostree usroverlay -vm_cmd test -w /usr/bin -echo "ok usroverlay" - -vm_shell_inline_sysroot_rw <> \${originpath} - rpm-ostree reload - rpm-ostree status - if rpm-ostree upgrade 2>err.txt; then - echo "Upgraded from unconfigured-state" - exit 1 - fi - grep -qFe 'ONE BILLION DOLLARS' err.txt - mv \${originpath}{.orig,} - rpm-ostree reload -EOF -echo "ok unconfigured status"