diff --git a/tests/common/libvm.sh b/tests/common/libvm.sh index 5bd5c434..13687ecd 100644 --- a/tests/common/libvm.sh +++ b/tests/common/libvm.sh @@ -39,7 +39,7 @@ vm_setup() { vm_rsync() { if ! test -f .vagrant/using_sshfs; then pushd ${topsrcdir} - rsyncopts="ssh -o User=root" + local rsyncopts="ssh -o User=root" if [ -f ssh-config ]; then rsyncopts="$rsyncopts -F ssh-config" fi @@ -53,6 +53,19 @@ vm_rsync() { fi } +# run command in vm as user +# - $1 username +# - $@ command to run +vm_cmd_as() { + local user=$1; shift + # don't reuse root's ControlPath + local sshopts="-o User=$user" + if [ -f "${topsrcdir}/ssh-config" ]; then + sshopts="$sshopts -F ${topsrcdir}/ssh-config" + fi + ssh $sshopts $VM "$@" +} + # run command in vm # - $@ command to run vm_cmd() { @@ -61,9 +74,9 @@ vm_cmd() { # Copy argument (usually shell script) to VM, execute it there vm_cmdfile() { - bin=$1 + local bin=$1 chmod a+x ${bin} - bn=$(basename ${bin}) + local bn=$(basename ${bin}) $SCP $1 $VM:/root/${bn} $SSH /root/${bn} } @@ -77,14 +90,14 @@ vm_clean_caches() { # run rpm-ostree in vm # - $@ args vm_rpmostree() { - $SSH env ASAN_OPTIONS=detect_leaks=false rpm-ostree "$@" + vm_cmd env ASAN_OPTIONS=detect_leaks=false rpm-ostree "$@" } # copy files to a directory in the vm # - $1 target directory # - $2.. files & dirs to copy vm_send() { - dir=$1; shift + local dir=$1; shift vm_cmd mkdir -p $dir $SCP -r "$@" $VM:$dir } @@ -118,8 +131,8 @@ EOF # - $1 timeout in second (optional) # - $2 previous bootid (optional) vm_ssh_wait() { - timeout=${1:-0}; shift - old_bootid=${1:-}; shift + local timeout=${1:-0}; shift + local old_bootid=${1:-}; shift if ! vm_cmd true; then echo "Failed to log into VM, retrying with debug:" $SSH -o LogLevel=debug true || true @@ -151,7 +164,7 @@ vm_get_boot_id() { # Run a command in the VM that will cause a reboot vm_reboot_cmd() { vm_cmd sync - bootid=$(vm_get_boot_id 2>/dev/null) + local bootid=$(vm_get_boot_id 2>/dev/null) vm_cmd $@ || : vm_ssh_wait 120 $bootid } @@ -185,8 +198,8 @@ vm_has_packages() { # - $1 index of deployment (or -1 for booted) # - $2 key to retrieve vm_get_deployment_info() { - idx=$1 - key=$2 + local idx=$1 + local key=$2 vm_rpmostree status --json | \ python -c " import sys, json @@ -215,10 +228,10 @@ if \"$key\" in depl: # retrieve the deployment root # - $1 index of deployment vm_get_deployment_root() { - idx=$1 - csum=$(vm_get_deployment_info $idx checksum) - serial=$(vm_get_deployment_info $idx serial) - osname=$(vm_get_deployment_info $idx osname) + local idx=$1 + local csum=$(vm_get_deployment_info $idx checksum) + local serial=$(vm_get_deployment_info $idx serial) + local osname=$(vm_get_deployment_info $idx osname) echo /ostree/deploy/$osname/deploy/$csum.$serial } @@ -245,7 +258,7 @@ vm_get_local_packages() { # check that the packages are currently layered # - $@ packages to check for vm_has_layered_packages() { - pkgs=$(vm_get_layered_packages) + local pkgs=$(vm_get_layered_packages) for pkg in "$@"; do if [[ " $pkgs " != *$pkg* ]]; then return 1 @@ -256,7 +269,7 @@ vm_has_layered_packages() { # check that the packages are currently requested # - $@ packages to check for vm_has_requested_packages() { - pkgs=$(vm_get_requested_packages) + local pkgs=$(vm_get_requested_packages) for pkg in "$@"; do if [[ " $pkgs " != *$pkg* ]]; then return 1 @@ -265,7 +278,7 @@ vm_has_requested_packages() { } vm_has_local_packages() { - pkgs=$(vm_get_local_packages) + local pkgs=$(vm_get_local_packages) for pkg in "$@"; do if [[ " $pkgs " != *$pkg* ]]; then return 1 @@ -287,8 +300,8 @@ vm_get_booted_csum() { # - $1 package to check for # - $2 either "present" or "absent" vm_assert_layered_pkg() { - pkg=$1; shift - policy=$1; shift + local pkg=$1; shift + local policy=$1; shift set +e vm_has_packages $pkg; pkg_in_rpmdb=$? diff --git a/tests/vmcheck/overlay.sh b/tests/vmcheck/overlay.sh index 00f14e6f..64693b21 100755 --- a/tests/vmcheck/overlay.sh +++ b/tests/vmcheck/overlay.sh @@ -48,7 +48,7 @@ if test -z "${INSIDE_VM:-}"; then vm_rsync - $SSH "env INSIDE_VM=1 /var/roothome/sync/tests/vmcheck/overlay.sh" + vm_cmd env INSIDE_VM=1 /var/roothome/sync/tests/vmcheck/overlay.sh vm_reboot exit 0 fi diff --git a/tests/vmcheck/sync.sh b/tests/vmcheck/sync.sh index c0107fd1..cace20b9 100755 --- a/tests/vmcheck/sync.sh +++ b/tests/vmcheck/sync.sh @@ -38,7 +38,7 @@ if test -z "${INSIDE_VM:-}"; then make install DESTDIR=${VMCHECK_INSTTREE} vm_rsync - $SSH "env INSIDE_VM=1 /var/roothome/sync/tests/vmcheck/sync.sh" + vm_cmd env INSIDE_VM=1 /var/roothome/sync/tests/vmcheck/sync.sh exit 0 else diff --git a/tests/vmcheck/test-basic.sh b/tests/vmcheck/test-basic.sh index 91a54a9a..c9e8a4aa 100755 --- a/tests/vmcheck/test-basic.sh +++ b/tests/vmcheck/test-basic.sh @@ -34,17 +34,24 @@ vm_assert_status_jq \ '.deployments[0]["requested-base-removals"]' echo "ok empty pkg arrays in status json" -# Be sure an unprivileged user exists -vm_cmd getent passwd bin +# Be sure an unprivileged user exists and that we can SSH into it. This is a bit +# underhanded, but we need a bona fide user session to verify non-priv status, +# and logging in through SSH is an easy way to achieve that. +if ! vm_cmd getent passwd testuser; then + vm_cmd useradd testuser + vm_cmd mkdir -pm 0700 /home/testuser/.ssh + vm_cmd cp -a /root/.ssh/authorized_keys /home/testuser/.ssh + vm_cmd chown -R testuser:testuser /home/testuser/.ssh +fi # Make sure we can't layer as non-root vm_build_rpm foo -if vm_cmd "runuser -u bin rpm-ostree pkg-add foo" &> err.txt; then +if vm_cmd_as testuser rpm-ostree pkg-add foo &> err.txt; then assert_not_reached "Was able to install a package as non-root!" fi assert_file_has_content err.txt 'PkgChange not allowed for user' echo "ok layering requires root" # Assert that we can do status as non-root -vm_cmd "runuser -u bin rpm-ostree status" +vm_cmd_as testuser rpm-ostree status echo "ok status doesn't require root"