d40434db47
This is a better alternative to https://github.com/coreos/fedora-coreos-config/pull/830 Basically rather than trying to send this out to all FCOS users, it's much saner to allow people to opt-in to it locally. If we'd finished https://github.com/coreos/rpm-ostree/issues/2326 then this would be something as trivial as: ``` $ echo 'cliwrap: true' > /etc/rpm-ostree.d/cliwrap.yaml $ rpm-ostree rebuild ``` Unfortunately that's not the world we live in, so a whole lot of layers here need crossing to just propagate a boolean. And it interacts in a tricky way with our change detection code. But, it works and will allow people to try this out. Other fixed problems: - Our `rpm --verify` wrapping was broken - Dropping privileges clashed with the default directory being `/root`, so `chdir(/)` too
62 lines
1.8 KiB
Bash
Executable File
62 lines
1.8 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# Copyright (C) 2021 Red Hat Inc.
|
|
#
|
|
# This library is free software; you can redistribute it and/or
|
|
# modify it under the terms of the GNU Lesser General Public
|
|
# License as published by the Free Software Foundation; either
|
|
# version 2 of the License, or (at your option) any later version.
|
|
#
|
|
# This library is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
# Lesser General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU Lesser General Public
|
|
# License along with this library; if not, write to the
|
|
# Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
|
# Boston, MA 02111-1307, USA.
|
|
|
|
set -euo pipefail
|
|
|
|
. ${KOLA_EXT_DATA}/libtest.sh
|
|
|
|
set -x
|
|
|
|
libtest_prepare_offline
|
|
libtest_enable_repover 0
|
|
cd $(mktemp -d)
|
|
|
|
rpm-ostree deploy --ex-cliwrap=true
|
|
rpm-ostree ex apply-live # yep it works!
|
|
|
|
wrapdir="/usr/libexec/rpm-ostree/wrapped"
|
|
if ! test -d "${wrapdir}"; then
|
|
fatal "Missing ${wrapdir}"
|
|
fi
|
|
# Test wrapped functions for rpm
|
|
rpm --version
|
|
rpm -qa > /dev/null
|
|
rpm --verify bash >out.txt
|
|
assert_file_has_content out.txt "rpm --verify is not necessary for ostree-based systems"
|
|
rm -f out.txt
|
|
if rpm -e bash 2>out.txt; then
|
|
fatal "rpm -e worked"
|
|
fi
|
|
assert_file_has_content out.txt 'Dropping privileges as `rpm` was executed with not "known safe" arguments'
|
|
|
|
if dracut --blah 2>out.txt; then
|
|
fatal "dracut worked"
|
|
fi
|
|
assert_file_has_content out.txt 'This system is rpm-ostree based'
|
|
rm -f out.txt
|
|
echo "ok cliwrap"
|
|
|
|
rpm-ostree deploy --ex-cliwrap=false
|
|
rpm-ostree ex apply-live
|
|
rpm --version
|
|
rpm -qa >/dev/null
|
|
rpm --verify bash >out.txt || true
|
|
assert_not_file_has_content "ostree-based"
|
|
echo "ok cliwrap undo"
|