rpm-ostree/tests/vmcheck/test-misc-1.sh
Colin Walters c8113bde32 Add hidden coreos-rootfs seal command
All this does is put the immutable bit on the target directory.
The intention is to replace this bit to start:
8b205bfbb9/src/create_disk.sh (L229)

However, the real goal here is to add code in this file
to handle redeploying the rootfs for Fedora CoreOS which
combines OSTree+Ignition:
https://github.com/coreos/fedora-coreos-tracker/issues/94

Basically doing this in proper Rust is going to be a lot
nicer than shell script in dracut modules.  Among other
details, coreutils `mv` doesn't seem to do the right thing
for SELinux labels when policy isn't loaded.
2019-10-04 08:03:03 -07:00

164 lines
5.9 KiB
Bash
Executable File

#!/bin/bash
#
# Copyright (C) 2017,2018 Red Hat, Inc.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the
# Free Software Foundation, Inc., 59 Temple Place - Suite 330,
# Boston, MA 02111-1307, USA.
set -euo pipefail
. ${commondir}/libtest.sh
. ${commondir}/libvm.sh
set -x
# Miscellaneous basic tests; most are nondestructive
# https://github.com/projectatomic/rpm-ostree/issues/1301
# FIXME: temporarily disabled as it really wants to start
# from a fresh instance and we don't currently guarantee that.
#
# But we'll rework the test suite to do that soon like
# https://github.com/ostreedev/ostree/pull/1462
# vm_cmd 'mv /etc/ostree/remotes.d{,.orig}'
# vm_cmd systemctl restart rpm-ostreed
# vm_cmd rpm-ostree status > status.txt
# assert_file_has_content status.txt 'Remote.*not found'
# vm_cmd 'mv /etc/ostree/remotes.d{.orig,}'
# vm_rpmostree reload
# echo "ok remote not found"
# make sure that package-related entries are always present,
# even when they're empty
vm_assert_status_jq \
'.deployments[0]["packages"]' \
'.deployments[0]["requested-packages"]' \
'.deployments[0]["requested-local-packages"]' \
'.deployments[0]["base-removals"]' \
'.deployments[0]["requested-base-removals"]' \
'.deployments[0]["layered-commit-meta"]|not'
echo "ok empty pkg arrays, and commit meta correct in status json"
if test -z "${RPMOSTREE_TEST_NO_OVERLAY:-}"; then
vm_assert_status_jq \
'.deployments[0]["base-commit-meta"]["ostree.source-title"]|contains("overlay")'
echo "ok overlay found in commit meta"
fi
vm_rpmostree status --jsonpath '$.deployments[0].booted' > jsonpath.txt
assert_file_has_content_literal jsonpath.txt 'true'
echo "ok jsonpath"
vm_rpmostree --version > version.yaml
python3 -c 'import yaml; v=yaml.safe_load(open("version.yaml")); assert("Version" in v["rpm-ostree"])'
echo "ok yaml version"
# Ensure we return an error when passing a wrong option.
vm_rpmostree --help | awk '/^$/ {in_commands=0} {if(in_commands==1){print $0}} /^Builtin Commands:/ {in_commands=1}' > commands
while read command; do
if vm_rpmostree $command --n0t-3xisting-0ption &>/dev/null; then
assert_not_reached "command $command --n0t-3xisting-0ption was successful"
fi
done < commands
echo "ok error on unknown command options"
if vm_rpmostree nosuchcommand --nosuchoption 2>err.txt; then
assert_not_reached "Expected an error for nosuchcommand"
fi
assert_file_has_content err.txt 'Unknown.*command'
echo "ok error on unknown command"
# Be sure an unprivileged user exists and that we can SSH into it. This is a bit
# underhanded, but we need a bona fide user session to verify non-priv status,
# and logging in through SSH is an easy way to achieve that.
vm_shell_inline <<EOF
getent passwd testuser >/dev/null || useradd testuser
mkdir -pm 0700 /home/testuser/.ssh
cp -a /root/.ssh/authorized_keys /home/testuser/.ssh
chown -R testuser:testuser /home/testuser/.ssh
EOF
# Make sure we can't do various operations as non-root
vm_build_rpm foo
if vm_cmd_as testuser rpm-ostree pkg-add foo &> err.txt; then
assert_not_reached "Was able to install a package as non-root!"
fi
assert_file_has_content err.txt 'PkgChange not allowed for user'
if vm_cmd_as testuser rpm-ostree reload &> err.txt; then
assert_not_reached "Was able to reload as non-root!"
fi
assert_file_has_content err.txt 'ReloadConfig not allowed for user'
echo "ok auth"
# Test coreos-rootfs
vm_shell_inline << EOF
mkdir /var/tmp/coreos-rootfs
rpm-ostree coreos-rootfs seal /var/tmp/coreos-rootfs
lsattr -d /var/tmp/coreos-rootfs
rpm-ostree coreos-rootfs seal /var/tmp/coreos-rootfs
EOF > coreos-rootfs.txt
assert_file_has_content_literal coreos-rootfs.txt '----i-------------- /var/tmp/coreos-rootfs'
# Assert that we can do status as non-root
vm_cmd_as testuser rpm-ostree status
echo "ok status doesn't require root"
# StateRoot is only in --verbose
vm_rpmostree status > status.txt
assert_not_file_has_content status.txt StateRoot:
vm_rpmostree status -v > status.txt
assert_file_has_content status.txt StateRoot:
echo "ok status text"
# Also check that we can do status as non-root non-active
vm_cmd runuser -u bin rpm-ostree status
echo "ok status doesn't require active PAM session"
vm_rpmostree status -b > status.txt
assert_streq $(grep -F -e 'ostree://' status.txt | wc -l) "1"
assert_file_has_content status.txt BootedDeployment:
echo "ok status -b"
# Reload as root https://github.com/projectatomic/rpm-ostree/issues/976
vm_cmd rpm-ostree reload
echo "ok reload"
stateroot=$(vm_get_booted_stateroot)
ospath=/org/projectatomic/rpmostree1/${stateroot//-/_}
vm_cmd dbus-send --system --dest=org.projectatomic.rpmostree1 --print-reply=literal $ospath org.projectatomic.rpmostree1.OSExperimental.Moo boolean:true > moo.txt
assert_file_has_content moo.txt '🐄'
echo "ok moo"
vm_rpmostree usroverlay
vm_cmd test -w /usr/bin
echo "ok usroverlay"
vm_shell_inline <<EOF
rpm-ostree cleanup -p
originpath=\$(ostree admin --print-current-dir).origin
cp -a \${originpath}{,.orig}
echo "unconfigured-state=Access to TestOS requires ONE BILLION DOLLARS" >> \${originpath}
rpm-ostree reload
rpm-ostree status
if rpm-ostree upgrade 2>err.txt; then
echo "Upgraded from unconfigured-state"
exit 1
fi
grep -qFe 'ONE BILLION DOLLARS' err.txt
mv \${originpath}{.orig,}
rpm-ostree reload
EOF
echo "ok unconfigured status"