Compare commits
4 Commits
devel
...
feature/im
Author | SHA1 | Date |
---|---|---|
Neil Hanlon | f82771d5cc | |
Neil Hanlon | ddc1dd0fe9 | |
Neil Hanlon | 4324e977d1 | |
Neil Hanlon | 91c01da5cf |
|
@ -1,47 +0,0 @@
|
|||
---
|
||||
name: Build empanada images for imagefactory
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, "devel" ]
|
||||
pull_request:
|
||||
branches: [ $default-branch ]
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
buildx:
|
||||
runs-on:
|
||||
- ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v1
|
||||
# https://github.com/docker/setup-buildx-action
|
||||
- name: Set up Docker Buildx
|
||||
id: buildx
|
||||
uses: docker/setup-buildx-action@v1
|
||||
with:
|
||||
install: true
|
||||
|
||||
- name: Login to ghcr
|
||||
if: github.event_name != 'pull_request'
|
||||
uses: docker/login-action@v1
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.repository_owner }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
- name: Build and push
|
||||
id: docker_build
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
builder: ${{ steps.buildx.outputs.name }}
|
||||
platforms: linux/amd64,linux/arm64,linux/s390x,linux/ppc64le
|
||||
context: ./iso/empanadas
|
||||
file: ./iso/empanadas/Containerfile.imagefactory
|
||||
push: ${{ github.event_name != 'pull_request' }}
|
||||
tags: ghcr.io/rocky-linux/empanadas-imagefactory:latest
|
||||
cache-from: type=gha
|
||||
cache-to: type=gha,mode=max
|
|
@ -1,9 +1,9 @@
|
|||
---
|
||||
name: Build empanada container images for lorax
|
||||
name: Build empanada container images
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, "devel" ]
|
||||
branches: [ $default-branch ]
|
||||
pull_request:
|
||||
branches: [ $default-branch ]
|
||||
workflow_dispatch:
|
||||
|
@ -17,17 +17,17 @@ jobs:
|
|||
uses: actions/checkout@v2
|
||||
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v3
|
||||
uses: docker/setup-qemu-action@v1
|
||||
# https://github.com/docker/setup-buildx-action
|
||||
- name: Set up Docker Buildx
|
||||
id: buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
uses: docker/setup-buildx-action@v1
|
||||
with:
|
||||
install: true
|
||||
|
||||
- name: Login to ghcr
|
||||
if: github.event_name != 'pull_request'
|
||||
uses: docker/login-action@v3
|
||||
uses: docker/login-action@v1
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.repository_owner }}
|
||||
|
@ -35,13 +35,13 @@ jobs:
|
|||
|
||||
- name: Build and push
|
||||
id: docker_build
|
||||
uses: docker/build-push-action@v5
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
builder: ${{ steps.buildx.outputs.name }}
|
||||
platforms: linux/amd64,linux/arm64,linux/s390x,linux/ppc64le
|
||||
context: ./iso/empanadas
|
||||
file: ./iso/empanadas/Containerfile
|
||||
push: ${{ github.event_name != 'pull_request' }}
|
||||
tags: ghcr.io/rocky-linux/sig-core-toolkit:latest
|
||||
tags: ghcr.io/neilhanlon/sig-core-toolkit:latest
|
||||
cache-from: type=gha
|
||||
cache-to: type=inline
|
||||
cache-to: type=gha,mode=max
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
*.sw[a-z]
|
26
README.md
26
README.md
|
@ -3,9 +3,10 @@ sig-core-toolkit
|
|||
|
||||
Release Engineering toolkit for repeatable operations or functionality testing.
|
||||
|
||||
Currently mirrored at our [github](https://github.com/rocky-linux), and the
|
||||
[RESF Git Service](https://git.resf.org). Changes will typically occur at the
|
||||
RESF Git Service.
|
||||
Currently mirrored at our [github](https://github.com/rocky-linux),
|
||||
[Rocky Linux Git Service](https://git.rockylinux.org), and the
|
||||
[RESF Git Service](https://git.resf.org). Changes either occur at the Rocky
|
||||
Linux Git Service or RESF Git Service.
|
||||
|
||||
What does this have?
|
||||
--------------------
|
||||
|
@ -13,9 +14,10 @@ What does this have?
|
|||
* analyze -> Analysis utilities (such as download stats)
|
||||
* chat -> mattermost related utilities
|
||||
* func -> (mostly defunct) testing scripts and tools to test base functionality
|
||||
* iso -> Contains `empanadas`, which provides ISO, Compose, and Sync related utilities.
|
||||
* iso -> ISO related utilities
|
||||
* live -> Live image related utilities
|
||||
* mangle -> Manglers and other misc stuff
|
||||
* sync -> Sync tools, primarily for Rocky Linux 8 and will eventually be deprecated
|
||||
* sync -> Sync tools, primarily for Rocky Linux 8
|
||||
|
||||
How can I help?
|
||||
---------------
|
||||
|
@ -23,17 +25,13 @@ How can I help?
|
|||
Fork this repository and open a PR with your changes. Keep these things in mind
|
||||
when you make changes:
|
||||
|
||||
* Your PR should be against the devel branch (not optional)
|
||||
* Have pre-commit installed if possible
|
||||
* Have shellcheck installed if possible
|
||||
* Have pre-commit installed
|
||||
* Have shellcheck installed
|
||||
* Shell Scripts: These must pass a shellcheck test!
|
||||
* Python scripts: Try your best to follow PEP8 guidelines (even the best linters get things wrong)
|
||||
* Python scripts: Try your best to follow PEP8 guidelines
|
||||
|
||||
* Note that not everything has to pass. Just try your best.
|
||||
|
||||
PR's against the main branch will be closed.
|
||||
|
||||
PR's are preferred at the [RESF Git Service](https://git.resf.org).
|
||||
Your PR should be against the devel branch at all times. PR's against the main
|
||||
branch will be closed.
|
||||
|
||||
Will some of this be moved into separate repositories?
|
||||
------------------------------------------------------
|
||||
|
|
|
@ -1,5 +1,2 @@
|
|||
log/*.log
|
||||
log/*.log.*
|
||||
clone_again/
|
||||
cloned/
|
||||
tftptest
|
||||
|
|
|
@ -5,20 +5,22 @@ These are a set of scripts that are designed to test the core functionality
|
|||
of a Rocky Linux system. They are designed to work on current versions of
|
||||
Rocky and are used to test a system as a Release Engineering self-QA but
|
||||
can be used by others for their own personal testing (under the assumption
|
||||
that you just want to see what happens, we don't judge.
|
||||
that you just want to see what happens, we don't judge :).
|
||||
|
||||
These tests *must* pass for a X.0 release to be considered "Core Validated".
|
||||
These tests *must* pass for a release to be considered "Core Validated"
|
||||
Checking against the upstream repositories for package matches are not enough
|
||||
and are/will be addressed by other tools.
|
||||
|
||||
* common -> Functions that our scripts and tests may or may not use. Templates
|
||||
and other files should come here too under common/files and
|
||||
scripts that use them should reference them as `./common/files/...`
|
||||
* core -> Core functionality and testing. For example, packages and service
|
||||
functionality.
|
||||
* lib -> Library tests (these may be done elsewhere, such as openqa)
|
||||
* lib -> Library tests (these may be done elsewhere)
|
||||
* log -> Log output. This repository has example logs of running on Rocky
|
||||
Linux.
|
||||
* modules -> Tests for module streams and their basic tests
|
||||
* stacks -> Software stacks, think like LAMP (may be done elsewhere, such as openqa)
|
||||
* stacks -> Software stacks, think like LAMP.
|
||||
|
||||
How to Run
|
||||
----------
|
||||
|
@ -26,11 +28,9 @@ How to Run
|
|||
There are two ways to run through the tests:
|
||||
|
||||
* By running `/bin/bash runtests.sh`
|
||||
* Runs all core tests
|
||||
* By running `/bin/bash stacktests.sh`
|
||||
* Runs all stack tests (eg, lamp, ipa)
|
||||
* Runs all tests
|
||||
* By running `/bin/bash monotests.sh`
|
||||
* Supposed to runs all tests one by one to help identify failures as they happen (not functional)
|
||||
* Runs all tests one by one to help identify failures as they happen
|
||||
|
||||
Adding Tests
|
||||
------------
|
||||
|
@ -148,13 +148,6 @@ security is important, actually work and function correctly.
|
|||
With that said, There is no reason to disable integral security layers on your
|
||||
system.
|
||||
|
||||
### Should EPEL be enabled?
|
||||
No. The point is to test Rocky packages, not EPEL. There are also package
|
||||
differences that will break (eg: nc -> nmap-ncat vs netcat).
|
||||
|
||||
### What about CRB or extras?
|
||||
It may say it's a failure, but it will continue anyway.
|
||||
|
||||
Current Tree
|
||||
------------
|
||||
```
|
||||
|
@ -323,9 +316,6 @@ Current Tree
|
|||
│ │ ├── 00-install-lsof.sh
|
||||
│ │ ├── 10-test-lsof.sh
|
||||
│ │ └── README.md
|
||||
│ ├── pkg_mdadm
|
||||
│ │ ├── 00-install-mdadm.sh
|
||||
│ │ └── 01-test-mdadm.sh
|
||||
│ ├── pkg_network
|
||||
│ │ ├── 00-install-packages.sh
|
||||
│ │ ├── 10-tracepath.sh
|
||||
|
@ -358,13 +348,6 @@ Current Tree
|
|||
│ │ ├── 30-postfix-sasl.sh
|
||||
│ │ ├── 40-postfix-tls.sh
|
||||
│ │ └── README.md
|
||||
│ ├── pkg_postgresql
|
||||
│ │ ├── 00-install-postgresql.sh
|
||||
│ │ ├── 01-configure-postgresql.sh
|
||||
│ │ ├── 10-create-db.sh
|
||||
│ │ ├── 11-create-user.sh
|
||||
│ │ ├── 20-drop-db.sh
|
||||
│ │ └── 21-drop-user.sh
|
||||
│ ├── pkg_python
|
||||
│ │ ├── 00-install-python.sh
|
||||
│ │ ├── 10-test-python3.sh
|
||||
|
@ -440,11 +423,6 @@ Current Tree
|
|||
│ ├── pkg_telnet
|
||||
│ │ ├── 00-install-telnet.sh
|
||||
│ │ └── 10-test-telnet.sh
|
||||
│ ├── pkg_tftp-server
|
||||
│ │ ├── 00-install-tftp.sh
|
||||
│ │ ├── 01-configure-tftp.sh
|
||||
│ │ ├── 10-get-test.sh
|
||||
│ │ └── 11-put-test.sh
|
||||
│ ├── pkg_vsftpd
|
||||
│ │ ├── 00-install-vsftpd.sh
|
||||
│ │ ├── 10-anonymous-vsftpd.sh
|
||||
|
@ -469,21 +447,20 @@ Current Tree
|
|||
├── README.md
|
||||
├── runtests.sh
|
||||
├── skip.list
|
||||
├── stacks
|
||||
│ ├── ipa
|
||||
│ │ ├── 00-ipa-pregame.sh
|
||||
│ │ ├── 10-install-ipa.sh
|
||||
│ │ ├── 11-configure-ipa.sh
|
||||
│ │ ├── 12-verify-ipa.sh
|
||||
│ │ ├── 20-ipa-user.sh
|
||||
│ │ ├── 21-ipa-service.sh
|
||||
│ │ ├── 22-ipa-dns.sh
|
||||
│ │ ├── 23-ipa-sudo.sh
|
||||
│ │ ├── 50-cleanup-ipa.sh
|
||||
│ │ └── README.md
|
||||
│ └── lamp
|
||||
│ ├── 00-install-lamp.sh
|
||||
│ ├── 01-verification.sh
|
||||
│ └── 10-test-lamp.sh
|
||||
└── stacks.sh
|
||||
└── stacks
|
||||
├── ipa
|
||||
│ ├── 00-ipa-pregame.sh
|
||||
│ ├── 10-install-ipa.sh
|
||||
│ ├── 11-configure-ipa.sh
|
||||
│ ├── 12-verify-ipa.sh
|
||||
│ ├── 20-ipa-user.sh
|
||||
│ ├── 21-ipa-service.sh
|
||||
│ ├── 22-ipa-dns.sh
|
||||
│ ├── 23-ipa-sudo.sh
|
||||
│ ├── 50-cleanup-ipa.sh
|
||||
│ └── README.md
|
||||
└── lamp
|
||||
├── 00-install-lamp.sh
|
||||
├── 01-verification.sh
|
||||
└── 10-test-lamp.sh
|
||||
```
|
||||
|
|
|
@ -11,5 +11,5 @@ export readonly RELEASE_NAME=rocky
|
|||
# A 0 means it was successful. It can be changed to 1 on failure.
|
||||
export IPAINSTALLED=0
|
||||
|
||||
LOGFILE="$(pwd)/log/$(date +'%m-%d-%Y')-tests.log"
|
||||
LOGFILE="./log/$(date +'%m-%d-%Y')-tests.log"
|
||||
export LOGFILE
|
||||
|
|
|
@ -36,25 +36,11 @@ function r_processor() {
|
|||
if [[ "$(basename ${file})" =~ README|^\.|^_ ]]; then
|
||||
continue
|
||||
fi
|
||||
[ -x "${file}" ] && echo "Begin processing script: ${file}" && "${file}"
|
||||
[ -x "${file}" ] && "${file}"
|
||||
done
|
||||
return 0
|
||||
}
|
||||
|
||||
function r_checkEPELEnabled() {
|
||||
/usr/bin/dnf repolist | grep -q '^epel'
|
||||
return $?
|
||||
}
|
||||
|
||||
function r_checkTmpNoExec() {
|
||||
grep 'tmp' /etc/fstab | grep -q noexec
|
||||
tmpexec=$?
|
||||
|
||||
if [ "$tmpexec" -eq "0" ]; then
|
||||
r_log "internal" "WARN: noexec is set for temporary directories. Some tests may fail."
|
||||
fi
|
||||
}
|
||||
|
||||
################################################################################
|
||||
# Functions that deal with (p)ackages
|
||||
|
||||
|
@ -113,11 +99,7 @@ function p_getPackageArch() {
|
|||
}
|
||||
|
||||
function p_getDist() {
|
||||
rpm -q --whatprovides redhat-release --queryformat '%{version}\n' | cut -d'.' -f1
|
||||
}
|
||||
|
||||
function p_getMinorVersion() {
|
||||
rpm -q --whatprovides redhat-release --queryformat '%{version}\n' | cut -d'.' -f2
|
||||
rpm -q "$(rpm -qf /etc/redhat-release)" --queryformat '%{version}\n' | cut -d'.' -f1
|
||||
}
|
||||
|
||||
################################################################################
|
||||
|
@ -222,16 +204,12 @@ function m_recycleLog() {
|
|||
|
||||
rl_ver=$(p_getDist)
|
||||
rl_arch=$(m_getArch)
|
||||
rl_minor_ver=$(p_getMinorVersion)
|
||||
export rl_ver
|
||||
export rl_arch
|
||||
export rl_minor_ver
|
||||
|
||||
export -f r_log
|
||||
export -f r_checkExitStatus
|
||||
export -f r_processor
|
||||
export -f r_checkEPELEnabled
|
||||
export -f r_checkTmpNoExec
|
||||
export -f p_installPackageNormal
|
||||
export -f p_installPackageNoWeaks
|
||||
export -f p_removePackage
|
||||
|
@ -240,7 +218,6 @@ export -f p_resetModule
|
|||
export -f p_getPackageRelease
|
||||
export -f p_getPackageArch
|
||||
export -f p_getDist
|
||||
export -f p_getMinorVersion
|
||||
export -f m_serviceCycler
|
||||
export -f m_checkForPort
|
||||
export -f m_assertCleanExit
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
Basic tests, such as repos
|
|
@ -1,56 +0,0 @@
|
|||
#!/usr/bin/env python3
|
||||
# label <label@rockylinux.org>
|
||||
import datetime
|
||||
import sys
|
||||
import dnf
|
||||
import dnf.exceptions
|
||||
|
||||
# pylint: disable=unnecessary-lambda-assignment
|
||||
now = datetime.datetime.today().strftime("%m-%d-%Y %T")
|
||||
|
||||
class DnfQuiet(dnf.Base):
|
||||
"""
|
||||
DNF object
|
||||
|
||||
This is in the event we need special functions
|
||||
"""
|
||||
def __init__(self):
|
||||
dnf.Base.__init__(self)
|
||||
|
||||
def main():
|
||||
"""
|
||||
Main run
|
||||
"""
|
||||
dnfobj = DnfQuiet()
|
||||
releasever = dnfobj.conf.releasever
|
||||
try:
|
||||
dnfobj.read_all_repos()
|
||||
# pylint: disable=bare-except
|
||||
except:
|
||||
print(f'[-] {now} -> Could not read repos', file=sys.stderr)
|
||||
sys.exit(1)
|
||||
|
||||
rocky_default_repos = {
|
||||
'8': ['baseos', 'appstream', 'extras'],
|
||||
'9': ['baseos', 'appstream', 'extras']
|
||||
}.get(releasever, None)
|
||||
|
||||
if not rocky_default_repos:
|
||||
print(f'[-] {now} -> Not a Rocky Linux system')
|
||||
sys.exit(1)
|
||||
|
||||
print(f'[-] {now} -> Checking if non-default repo is enabled')
|
||||
_not_allowed=False
|
||||
for repo in list(dnfobj.repos.iter_enabled()):
|
||||
if not repo.id in rocky_default_repos:
|
||||
print(f'[-] {now} -> {repo.id} is enabled and should be disabled')
|
||||
_not_allowed=True
|
||||
if _not_allowed:
|
||||
print(f'[-] {now} -> FAIL - There are extra repos enabled')
|
||||
sys.exit(1)
|
||||
|
||||
print(f'[-] {now} -> PASS')
|
||||
sys.exit(0)
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
|
@ -1,8 +1,6 @@
|
|||
#!/bin/bash
|
||||
r_log "acl" "Install the acl package"
|
||||
p_installPackageNormal acl
|
||||
p_installPackageNormal attr
|
||||
# This normally is not needed.
|
||||
#r_log "acl" "Remount filesystems with ACL support"
|
||||
#mount -o remount,acl /
|
||||
r_log "acl" "Remount filesystems with ACL support (this normally should not be needed)"
|
||||
mount -o remount,acl /
|
||||
sleep 3
|
||||
|
|
|
@ -2,7 +2,6 @@
|
|||
ACLFILE=/tmp/testfile_acl
|
||||
r_log "acl" "Test that the acl get and set functions work"
|
||||
touch "${ACLFILE}"
|
||||
trap '/bin/rm -f ${ACLFILE}' EXIT
|
||||
|
||||
# Use setfacl for readonly
|
||||
r_log "acl" "Set readonly ACL for the user nobody"
|
||||
|
@ -13,3 +12,4 @@ r_log "acl" "Verifying that the nobody user is set to read only"
|
|||
getfacl "${ACLFILE}" | grep -q 'user:nobody:r--'
|
||||
|
||||
r_checkExitStatus $?
|
||||
/bin/rm -f "${ACLFILE}"
|
||||
|
|
|
@ -1,22 +0,0 @@
|
|||
#!/bin/bash
|
||||
ACLIMG=/tmp/testacl.img
|
||||
r_log "acl" "Test the use of xattr"
|
||||
touch "${ACLIMG}"
|
||||
trap '/bin/rm -f ${ACLIMG}' EXIT
|
||||
|
||||
# Use setfacl for readonly
|
||||
r_log "acl" "Create image"
|
||||
dd if=/dev/zero of=${ACLIMG} bs=1024000 count=100
|
||||
echo -e 'y\n' | mkfs.ext3 "${ACLIMG}"
|
||||
mkdir /mnt/xattr
|
||||
mount -t ext3 -o loop,user_xattr "${ACLIMG}" /mnt/xattr
|
||||
touch /mnt/xattr/testfile
|
||||
|
||||
r_log "acl" "Apply attrs as needed"
|
||||
setfattr -n user.nobody /mnt/xattr/testfile
|
||||
getfattr /mnt/xattr/testfile | grep -q 'user.nobody'
|
||||
final_status=$?
|
||||
|
||||
umount /mnt/xattr
|
||||
|
||||
r_checkExitStatus $final_status
|
|
@ -2,4 +2,4 @@
|
|||
r_log "archive" "Installing appropriate archive formats"
|
||||
|
||||
# We might need expect for zmore - does anyone actually use zmore?
|
||||
p_installPackageNormal bzip2 diffutils gzip less tar unzip util-linux-ng zip lzop
|
||||
p_installPackageNormal bzip2 diffutils gzip less ncompress tar unzip util-linux-ng zip lzop
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
#!/bin/bash
|
||||
r_log "archive" "Test bzip/bzcat/bunzip"
|
||||
FILE=/var/tmp/bziptest.txt
|
||||
trap '/bin/rm -f ${FILE}' EXIT
|
||||
|
||||
cat > "$FILE" <<EOF
|
||||
testing text
|
||||
|
@ -24,3 +23,5 @@ fi
|
|||
grep -q 'testing text' "${FILE}"
|
||||
|
||||
r_checkExitStatus $?
|
||||
|
||||
/bin/rm -f "${FILE}*"
|
||||
|
|
|
@ -1,9 +1,8 @@
|
|||
#!/bin/bash
|
||||
r_log "archive" "Verifying gzip binaries"
|
||||
|
||||
echo -n "Processing; "
|
||||
for bin in gunzip gzexe gzip zcat zcmp zdiff zegrep zfgrep zforce zgrep zless zmore znew; do
|
||||
echo -n "$bin "
|
||||
echo -n "$bin"
|
||||
r_log "archive" "$bin"
|
||||
$bin --version &> /dev/null || r_checkExitStatus 1
|
||||
done
|
||||
|
|
|
@ -4,9 +4,6 @@ r_log "archive" "Test gzip/zcat/gunzip"
|
|||
FILE=/var/tmp/gzip-test.txt
|
||||
MD5HASH=e6331c582fbad6653832860f469f7d1b
|
||||
|
||||
# clean up
|
||||
trap '/bin/rm $FILE* &> /dev/null && /bin/rm -rf /var/tmp/gziptest &> /dev/null' EXIT
|
||||
|
||||
# Double check that stuff is cleared out
|
||||
/bin/rm $FILE* &> /dev/null
|
||||
/bin/rm -rf /var/tmp/gziptest &> /dev/null
|
||||
|
@ -92,12 +89,8 @@ gzip $FILE $FILE.1 || r_checkExitStatus 1
|
|||
r_log "archive" "Verify that .Z files can be handled"
|
||||
gunzip $FILE.gz
|
||||
ls -l /var/tmp >> $FILE
|
||||
if [ "$RL_VER" -eq 8 ]; then
|
||||
compress $FILE || r_checkExitStatus 1
|
||||
gunzip $FILE.Z || r_checkExitStatus 1
|
||||
else
|
||||
r_log "archive" "Skipping for 9"
|
||||
fi
|
||||
compress $FILE || r_checkExitStatus 1
|
||||
gunzip $FILE.Z || r_checkExitStatus 1
|
||||
|
||||
# handle some zip files
|
||||
r_log "archive" "Verify that .zip files can be handled"
|
||||
|
@ -110,3 +103,7 @@ tar -czf $FILE.tgz $FILE &> /dev/null
|
|||
gunzip $FILE.tgz
|
||||
[ -e $FILE.tar ]
|
||||
r_checkExitStatus $?
|
||||
|
||||
# clean up
|
||||
/bin/rm $FILE* &> /dev/null
|
||||
/bin/rm -rf /var/tmp/gziptest &> /dev/null
|
||||
|
|
|
@ -2,8 +2,6 @@
|
|||
r_log "archive" "Checking gzexe"
|
||||
r_log "archive" "Creating archive"
|
||||
FILE=/var/tmp/gzexe-test-script
|
||||
trap '/bin/rm -f $FILE* 2>/dev/null' EXIT
|
||||
|
||||
/bin/rm -f $FILE* &>/dev/null
|
||||
|
||||
cat > $FILE <<EOF
|
||||
|
@ -20,3 +18,5 @@ r_log "archive" "Test gzexe"
|
|||
r_log "archive" "Check that it actually runs"
|
||||
$FILE | grep -q "Hello!"
|
||||
r_checkExitStatus $?
|
||||
|
||||
/bin/rm -f $FILE* 2>/dev/null
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
#!/bin/bash
|
||||
r_log "archive" "Check zcmp and zdiff"
|
||||
BASEFILE="/var/tmp/gziptest"
|
||||
trap '/bin/rm -f ${BASEFILE}*' EXIT
|
||||
/bin/rm -f ${BASEFILE}
|
||||
|
||||
cat > ${BASEFILE}.1 <<EOF
|
||||
|
@ -16,3 +15,5 @@ r_log "archive" "Check zcmp"
|
|||
|
||||
r_log "archive" "Check zdiff"
|
||||
/bin/zdiff ${BASEFILE}.1.gz ${BASEFILE}.2.gz || r_checkExitStatus 1
|
||||
|
||||
/bin/rm -f ${BASEFILE}*
|
||||
|
|
|
@ -2,7 +2,6 @@
|
|||
r_log "archive" "Testing zforce"
|
||||
|
||||
BASEFILE="/var/tmp/abcdefg"
|
||||
trap '/bin/rm "$BASEFILE.gz"' EXIT
|
||||
/bin/rm $BASEFILE* &>/dev/null
|
||||
|
||||
cat > $BASEFILE <<EOF
|
||||
|
@ -15,3 +14,5 @@ mv $BASEFILE.gz $BASEFILE
|
|||
zforce $BASEFILE || r_checkExitStatus 1
|
||||
[ -e "$BASEFILE.gz" ]
|
||||
r_checkExitStatus $?
|
||||
|
||||
/bin/rm "$BASEFILE.gz"
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
#!/bin/bash
|
||||
r_log "archive" "Testing zgrep"
|
||||
BASEFILE=/var/tmp/zgreptest
|
||||
trap '/bin/rm $BASEFILE*' EXIT
|
||||
/bin/rm $BASEFILE* &> /dev/null
|
||||
|
||||
cat > $BASEFILE <<EOF
|
||||
|
@ -12,3 +11,5 @@ gzip $BASEFILE
|
|||
|
||||
zgrep -q 'Green Obsidian' $BASEFILE.gz
|
||||
r_checkExitStatus $?
|
||||
|
||||
/bin/rm $BASEFILE*
|
||||
|
|
|
@ -4,7 +4,6 @@ r_log "archive" "Test tar create and extract"
|
|||
TARDIR="/var/tmp/tartest"
|
||||
FILE1="$TARDIR/test.1.txt"
|
||||
FILE2="$TARDIR/test.2.txt"
|
||||
trap '/bin/rm -rf /var/tmp/tarfile.tar $TARDIR' EXIT
|
||||
|
||||
mkdir -p $TARDIR
|
||||
cat > $FILE1 <<EOF
|
||||
|
@ -33,3 +32,5 @@ if [ $RES1 == 0 ] && [ $RES2 == 0 ]; then
|
|||
fi
|
||||
|
||||
r_checkExitStatus $ret_val
|
||||
|
||||
/bin/rm -rf /var/tmp/tarfile.tar $TARDIR
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
#!/bin/bash
|
||||
r_log "archive" "Check xzcmp and xzdiff"
|
||||
BASEFILE="/var/tmp/xztest"
|
||||
trap '/bin/rm -f ${BASEFILE}*' EXIT
|
||||
/bin/rm -f ${BASEFILE}
|
||||
|
||||
cat > ${BASEFILE}.1 <<EOF
|
||||
|
@ -16,3 +15,5 @@ r_log "archive" "Check xzcmp"
|
|||
|
||||
r_log "archive" "Check xzdiff"
|
||||
/bin/zdiff ${BASEFILE}.1.xz ${BASEFILE}.2.xz || r_checkExitStatus 1
|
||||
|
||||
/bin/rm -f ${BASEFILE}*
|
||||
|
|
|
@ -4,7 +4,6 @@ r_log "archive" "Test zip create and extract"
|
|||
ZIPDIR="/var/tmp/ziptest"
|
||||
FILE1="$ZIPDIR/test.1.txt"
|
||||
FILE2="$ZIPDIR/test.2.txt"
|
||||
trap '/bin/rm -rf /var/tmp/zipfile.zip $ZIPDIR' EXIT
|
||||
|
||||
mkdir -p $ZIPDIR
|
||||
cat > $FILE1 <<EOF
|
||||
|
@ -32,4 +31,6 @@ if [ $RES1 == 0 ] && [ $RES2 == 0 ]; then
|
|||
ret_val=0
|
||||
fi
|
||||
|
||||
r_checkExitStatus "$ret_val"
|
||||
r_checkExitStatus $ret_val
|
||||
|
||||
/bin/rm -rf /var/tmp/zipfile.zip $ZIPDIR
|
||||
|
|
|
@ -2,7 +2,6 @@
|
|||
r_log "archive" "Testing lzop compress and decompress"
|
||||
|
||||
LZOFILE=/var/tmp/obsidian.txt
|
||||
trap '/bin/rm ${LZOFILE}' EXIT
|
||||
|
||||
echo 'Green Obsidian is the release name' > ${LZOFILE}
|
||||
|
||||
|
@ -14,5 +13,5 @@ lzop -d ${LZOFILE}.lzo -o ${LZOFILE}
|
|||
/bin/rm ${LZOFILE}.lzo
|
||||
|
||||
grep -q 'Green Obsidian' ${LZOFILE}
|
||||
ret_val="$?"
|
||||
r_checkExitStatus "$ret_val"
|
||||
|
||||
/bin/rm ${LZOFILE}
|
||||
|
|
|
@ -2,8 +2,6 @@
|
|||
ATTRTEST="/var/tmp/attrtest.img"
|
||||
ATTRMNT="/mnt/attrtest"
|
||||
|
||||
trap 'umount /mnt/attrtest ; /bin/rm -f ${ATTRTEST} ; /bin/rm -rf ${ATTRMNT}' EXIT
|
||||
|
||||
r_log "attr" "Checking that *attr works"
|
||||
dd if=/dev/zero of="${ATTRTEST}" bs=1024000 count=100 &>/dev/null
|
||||
r_checkExitStatus $?
|
||||
|
@ -16,3 +14,8 @@ setfattr -n user.test "${ATTRMNT}/testfile"
|
|||
getfattr "${ATTRMNT}/testfile" | grep -oq "user.test"
|
||||
|
||||
r_checkExitStatus $?
|
||||
|
||||
# Cleanup
|
||||
umount /mnt/attrtest
|
||||
/bin/rm -f "${ATTRTEST}"
|
||||
/bin/rm -rf "${ATTRMNT}"
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
#!/bin/bash
|
||||
r_log "coreutils" "Testing cat"
|
||||
trap "/bin/rm /var/tmp/cattest" EXIT
|
||||
|
||||
cat > /var/tmp/cattest <<EOF
|
||||
Green Obsidian
|
||||
|
@ -8,3 +7,5 @@ EOF
|
|||
|
||||
grep -q "Green Obsidian" /var/tmp/cattest
|
||||
r_checkExitStatus $?
|
||||
|
||||
/bin/rm /var/tmp/cattest
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/bash
|
||||
r_log "coreutils" "Testing readlink"
|
||||
trap "/bin/rm /var/tmp/listen" EXIT
|
||||
ln -s /var/tmp/talk /var/tmp/listen
|
||||
readlink /var/tmp/listen | grep -q "/var/tmp/talk"
|
||||
r_checkExitStatus $?
|
||||
/bin/rm /var/tmp/listen
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
#!/bin/bash
|
||||
r_log "coreutils" "Test hash sum tools"
|
||||
trap '/bin/rm ${HASHFILE}' EXIT
|
||||
|
||||
HASHFILE=/var/tmp/obsidian
|
||||
echo "Green Obsidian is our release name" > ${HASHFILE}
|
||||
|
@ -23,3 +22,5 @@ r_checkExitStatus $?
|
|||
r_log "coreutils" "Test sha512sum"
|
||||
/usr/bin/sha512sum ${HASHFILE} | grep -q e50554c29a5cb7bd04279d3c0918e486024c79c4b305a2e360a97d4021dacf56ce0d17fa6e6a0e81ad03d5fb74fbe2d50cce6081c2c277f22b958cdae978a2f5
|
||||
r_checkExitStatus $?
|
||||
|
||||
/bin/rm ${HASHFILE}
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
#!/bin/bash
|
||||
r_log "coreutils" "Testing touch and ls"
|
||||
trap '/bin/rm /tmp/touch-?' EXIT
|
||||
|
||||
r_log "coreutils" "Touch files with specific dates"
|
||||
touch -t 199104230420 /tmp/touch-1
|
||||
|
@ -11,3 +10,5 @@ r_log "coreutils" "Verify that the oldest file is last"
|
|||
ls -lt /tmp/touch-? | tail -n 1 | grep -q 'touch-1'
|
||||
|
||||
r_checkExitStatus $?
|
||||
|
||||
/bin/rm /tmp/touch-?
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
#!/bin/bash
|
||||
r_log "coreutils" "Ensure uniq works as expected"
|
||||
trap '/bin/rm /var/tmp/uniq' EXIT
|
||||
|
||||
cat > /var/tmp/uniq <<EOF
|
||||
Rocky
|
||||
|
@ -15,3 +14,4 @@ EOF
|
|||
|
||||
uniq -d /var/tmp/uniq | wc -l | grep -q 2 && uniq -u /var/tmp/uniq | wc -l | grep -q 4
|
||||
r_checkExitStatus $?
|
||||
/bin/rm /var/tmp/uniq
|
||||
|
|
|
@ -2,7 +2,6 @@
|
|||
r_log "coreutils" "Ensure wc works as expected"
|
||||
r_log "coreutils" "This should have already been done with uniq"
|
||||
# Context: we should probably test some switches...
|
||||
trap "/bin/rm /var/tmp/wc" EXIT
|
||||
|
||||
cat > /var/tmp/wc <<EOF
|
||||
Rocky
|
||||
|
@ -22,3 +21,5 @@ wc -L /var/tmp/wc | grep -q 8 && \
|
|||
wc -w /var/tmp/wc | grep -q 8
|
||||
|
||||
r_checkExitStatus $?
|
||||
|
||||
/bin/rm /var/tmp/wc
|
||||
|
|
|
@ -5,18 +5,14 @@ OUTTER=/var/tmp/cpio/out
|
|||
INNER=/var/tmp/cpio/in
|
||||
PASSER=/var/tmp/cpio/pass
|
||||
|
||||
trap '/bin/rm -rf /var/tmp/cpio' EXIT
|
||||
|
||||
# Nothing should be here. Clean up first.
|
||||
[ -d /var/tmp/cpio ] && /bin/rm -rf /var/tmp/cpio
|
||||
|
||||
r_log "cpio" "Test basic copy out"
|
||||
mkdir -p "$OUTTER" "$INNER" "$PASSER"
|
||||
|
||||
# Ensure at least one file exists in /tmp to prevent errors.
|
||||
echo 1 > $(mktemp)
|
||||
# shellcheck disable=2012
|
||||
find /tmp -type f | cpio -o > "$OUTTER"/cpio.out 2> /dev/null
|
||||
ls /tmp | cpio -o > "$OUTTER"/cpio.out
|
||||
r_checkExitStatus $?
|
||||
|
||||
r_log "cpio" "Test basic copy in"
|
||||
|
@ -27,7 +23,7 @@ popd || exit 1
|
|||
|
||||
r_log "cpio" "Test basic passthrough"
|
||||
pushd "$INNER" || exit 1
|
||||
find . | cpio -pd "$PASSER"
|
||||
find /tmp | cpio -pd "$PASSER"
|
||||
r_checkExitStatus $?
|
||||
popd || exit 1
|
||||
|
||||
|
|
|
@ -15,4 +15,3 @@ r_checkExitStatus $?
|
|||
|
||||
r_log "cracklib" "Testing a complicated password"
|
||||
echo -e "2948_Obaym-" | cracklib-check | grep -q "OK"
|
||||
r_checkExitStatus $?
|
||||
|
|
|
@ -1,8 +1,6 @@
|
|||
#!/bin/bash
|
||||
r_log "cron" "Testing hourly cron jobs"
|
||||
|
||||
trap '/bin/rm /etc/cron.{weekly,daily,hourly}/rocky.sh' EXIT
|
||||
|
||||
cat > /etc/cron.hourly/rocky.sh <<EOF
|
||||
#!/bin/bash
|
||||
echo "obsidian"
|
||||
|
@ -36,3 +34,5 @@ chmod +x /etc/cron.weekly/rocky.sh
|
|||
|
||||
run-parts /etc/cron.weekly | grep -q "obsidian"
|
||||
r_checkExitStatus $?
|
||||
|
||||
/bin/rm /etc/cron.{weekly,daily,hourly}/rocky.sh
|
||||
|
|
|
@ -1,8 +1,9 @@
|
|||
#!/bin/bash
|
||||
r_log "file" "Check that we can see a symlink"
|
||||
FILE_PATH=/var/tmp/linktest
|
||||
trap '/bin/rm ${FILE_PATH}' EXIT
|
||||
MIME="inode/symlink"
|
||||
ln -s /etc/issue $FILE_PATH
|
||||
file -i $FILE_PATH | grep -q "${MIME}"
|
||||
r_checkExitStatus $?
|
||||
|
||||
/bin/rm /var/tmp/linktest
|
||||
|
|
|
@ -2,7 +2,6 @@
|
|||
r_log "findutils" "Testing basic find stuff"
|
||||
|
||||
TMPDIR=/var/tmp/find
|
||||
trap '/bin/rm -rf $TMPDIR' EXIT
|
||||
|
||||
[ -e $TMPDIR ] && rm -rf "$TMPDIR"
|
||||
|
||||
|
@ -38,8 +37,8 @@ r_log "findutils" "Perform for xargs test: fails with spaces in the name"
|
|||
# shellcheck disable=SC2038
|
||||
find "$TMPDIR" -type f | xargs ls &> /dev/null && { r_log "findutils" "Why did this get a 0 exit?"; exit "$FAIL"; }
|
||||
ret_val=$?
|
||||
if [ "$ret_val" -ne "0" ]; then
|
||||
r_checkExitStatus 0
|
||||
else
|
||||
r_checkExitStatus 1
|
||||
if [ "$ret_val" -ne 0 ]; then
|
||||
r_checkExitStatus $?
|
||||
fi
|
||||
|
||||
rm -rf "$TMPDIR"
|
||||
|
|
|
@ -9,7 +9,7 @@ fi
|
|||
|
||||
COUNTS="$(grep -c rockylinux.org $FIREPATH)"
|
||||
|
||||
if [ "$COUNTS" -ge 2 ]; then
|
||||
if [ "$COUNTS" -eq 2 ]; then
|
||||
r_checkExitStatus 0
|
||||
else
|
||||
r_checkExitStatus 1
|
||||
|
|
|
@ -1,14 +1,7 @@
|
|||
#!/bin/bash
|
||||
function cleanup() {
|
||||
cp /etc/raddb/users.backup /etc/raddb/users
|
||||
rm -rf /etc/raddb/users.backup
|
||||
systemctl stop radiusd.service
|
||||
}
|
||||
|
||||
r_log "freeradius" "Test basic freeradius functionality"
|
||||
r_log "freeradius" "Configure freeradius"
|
||||
trap cleanup EXIT
|
||||
|
||||
r_log "freeradius" "Configure freeradius"
|
||||
cp /etc/raddb/users /etc/raddb/users.backup
|
||||
cat >> /etc/raddb/users << EOF
|
||||
rocky Cleartext-Password := "rocky"
|
||||
|
@ -20,3 +13,7 @@ systemctl start radiusd.service
|
|||
sleep 1
|
||||
echo "User-Name=rocky,User-Password=rocky " | radclient -x localhost:1812 auth testing123 | grep -q 'Access-Accept'
|
||||
r_checkExitStatus $?
|
||||
|
||||
cp /etc/raddb/users.backup /etc/raddb/users
|
||||
rm -rf /etc/raddb/users.backup
|
||||
systemctl stop radiusd.service
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
#!/bin/bash
|
||||
r_log "git" "Test basic git clones"
|
||||
trap 'rm -rf $TMPREPO' EXIT
|
||||
|
||||
WORKDIR=$(pwd)
|
||||
TMPREPO=/var/tmp/repo
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
r_log "httpd" "Verify httpd branding"
|
||||
|
||||
r_log "httpd" "Token"
|
||||
curl -sI http://localhost/ | grep -i "Server:\ Apache.*\ (Rocky Linux)" > /dev/null 2>&1
|
||||
curl -sI http://localhost/ | grep -i "Server:\ Apache.*\ (Rocky)" > /dev/null 2>&1
|
||||
r_checkExitStatus $?
|
||||
|
||||
r_log "httpd" "index"
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
#!/bin/bash
|
||||
r_log "httpd" "Test basic authentication functionality"
|
||||
trap "rm /etc/httpd/conf.d/test-basic-auth.conf ; m_serviceCycler httpd reload" EXIT
|
||||
|
||||
cat > /etc/httpd/conf.d/test-basic-auth.conf <<EOF
|
||||
## Core basic auth test
|
||||
|
@ -16,8 +15,9 @@ EOF
|
|||
htpasswd -c -b /etc/httpd/htpasswd tester tester
|
||||
mkdir -p /var/www/html/basic_auth
|
||||
echo "Basic Auth Test" > /var/www/html/basic_auth/index.html
|
||||
# This isn't normally needed, it should just work
|
||||
restorecon -R /var/www/html
|
||||
m_serviceCycler httpd cycle
|
||||
curl -s -u tester:tester http://localhost/basic_auth/ | grep -q 'Basic Auth Test' > /dev/null 2>&1
|
||||
r_checkExitStatus $?
|
||||
|
||||
rm /etc/httpd/conf.d/test-basic-auth.conf
|
||||
m_serviceCycler httpd reload
|
||||
|
|
|
@ -1,12 +1,5 @@
|
|||
#!/bin/bash
|
||||
function cleanup() {
|
||||
rm /etc/httpd/conf.d/vhost.conf
|
||||
sed -i '/127.0.0.1 coretest/d' /etc/hosts
|
||||
m_serviceCycler httpd reload
|
||||
}
|
||||
|
||||
r_log "httpd" "Test basic vhost functionality"
|
||||
trap cleanup EXIT
|
||||
|
||||
echo "127.0.0.1 coretest" >> /etc/hosts
|
||||
cat > /etc/httpd/conf.d/vhost.conf << EOF
|
||||
|
@ -21,10 +14,12 @@ EOF
|
|||
|
||||
mkdir -p /var/www/vhost/coretest
|
||||
echo "core vhost test page" > /var/www/vhost/coretest/index.html
|
||||
# This isn't normally needed, it should just work
|
||||
restorecon -R /var/www/vhost
|
||||
m_serviceCycler httpd cycle
|
||||
|
||||
curl -s http://coretest/ | grep -q 'core vhost test page' > /dev/null 2>&1
|
||||
|
||||
r_checkExitStatus $?
|
||||
|
||||
rm /etc/httpd/conf.d/vhost.conf
|
||||
sed -i '/127.0.0.1 coretest/d' /etc/hosts
|
||||
m_serviceCycler httpd reload
|
||||
|
|
|
@ -2,8 +2,6 @@
|
|||
r_log "httpd" "Test basic php"
|
||||
|
||||
echo "<?php echo phpinfo(); ?>" > /var/www/html/test.php
|
||||
# This isn't normally needed, it should just work
|
||||
restorecon -R /var/www/html
|
||||
curl -s http://localhost/test.php | grep -q 'PHP Version' > /dev/null 2>&1
|
||||
|
||||
r_checkExitStatus $?
|
||||
|
|
|
@ -1,8 +1,3 @@
|
|||
#!/bin/bash
|
||||
r_log "lsb" "Install LSB package"
|
||||
if [ "$RL_VER" -ge 8 ]; then
|
||||
r_log "lsb" "redhat-lsb is not in EL9"
|
||||
exit $PASS
|
||||
fi
|
||||
|
||||
p_installPackageNormal redhat-lsb
|
||||
|
|
|
@ -1,10 +1,5 @@
|
|||
#!/bin/bash
|
||||
r_log "lsb" "Test LSB branding"
|
||||
if [ "$RL_VER" -ge 8 ]; then
|
||||
r_log "lsb" "redhat-lsb is not in EL9"
|
||||
exit $PASS
|
||||
fi
|
||||
|
||||
lsb_release -i | grep -q "Rocky"
|
||||
r_checkExitStatus $?
|
||||
lsb_release -d | grep -q "Rocky"
|
||||
|
|
|
@ -1,3 +0,0 @@
|
|||
#!/bin/bash
|
||||
r_log "mdadm" "Install mdadm"
|
||||
p_installPackageNormal mdadm
|
|
@ -1,13 +0,0 @@
|
|||
#!/bin/bash
|
||||
r_log "mdadm" "Check that mdadm will operate and return the right exit codes"
|
||||
[ ${EUID} -eq 0 ] || { r_log "mdadm" "Not running as root. Skipping." ; exit "$PASS"; }
|
||||
MDADM=$(which mdadm)
|
||||
|
||||
[ -z "${MDADM}" ] && { r_log "mdadm" "which reported the binary but it doesn't exist, why?"; exit "$FAIL"; }
|
||||
|
||||
${MDADM} --detail --scan &> /dev/null
|
||||
ret_val=$?
|
||||
|
||||
[ "$ret_val" -eq 0 ] || { r_log "mdadm" "There was a non-zero exit. This is likely fatal."; exit "$FAIL"; }
|
||||
|
||||
r_checkExitStatus $ret_val
|
|
@ -1,7 +1,3 @@
|
|||
#!/bin/bash
|
||||
r_log "network" "Install necessary network packages and utilities"
|
||||
pkgs=(traceroute iputils iproute mtr psmisc net-tools which iptraf)
|
||||
if [ "$RL_VER" -eq 8 ]; then
|
||||
pkgs+=( arpwatch )
|
||||
fi
|
||||
p_installPackageNormal "${pkgs[@]}"
|
||||
p_installPackageNormal traceroute iputils iproute mtr arpwatch psmisc net-tools which iptraf
|
||||
|
|
|
@ -1,3 +0,0 @@
|
|||
#!/bin/bash
|
||||
r_log "openssh" "Install openssh"
|
||||
p_installPackageNormal openssh-clients openssh-server sshpass
|
|
@ -1,5 +0,0 @@
|
|||
#!/bin/bash
|
||||
r_log "openssh" "Ensure ssh is listening"
|
||||
|
||||
echo "" > /dev/tcp/localhost/22
|
||||
r_checkExitStatus $?
|
|
@ -1,16 +0,0 @@
|
|||
#!/bin/bash
|
||||
r_log "openssh" "Testing basic login (using sshpass)"
|
||||
trap 'userdel -rf sshpasstest; unset SSHPASS' EXIT
|
||||
|
||||
if sshd -T | grep -q "passwordauthentication yes"; then
|
||||
r_log "openssh" "Creating test user"
|
||||
export SSHPASS="Blu30nyx!"
|
||||
useradd sshpasstest
|
||||
echo "${SSHPASS}" | passwd --stdin sshpasstest
|
||||
r_log "openssh" "Testing login"
|
||||
sshpass -e ssh sshpasstest@localhost echo 'hello'
|
||||
r_checkExitStatus $?
|
||||
else
|
||||
r_log "openssh" "Skipping test"
|
||||
exit 0
|
||||
fi
|
|
@ -1,32 +0,0 @@
|
|||
#!/bin/bash
|
||||
r_log "openssh" "Testing key login (using sshpass)"
|
||||
|
||||
case $RL_VER in
|
||||
8)
|
||||
KEYTYPES="rsa ecdsa ed25519"
|
||||
;;
|
||||
9)
|
||||
KEYTYPES="rsa ecdsa ed25519"
|
||||
;;
|
||||
*)
|
||||
KEYTYPES="ed25519"
|
||||
;;
|
||||
esac
|
||||
|
||||
r_log "openssh" "Creating test user"
|
||||
useradd sshkeytest
|
||||
echo "Blu30nyx!" | passwd --stdin sshkeytest
|
||||
|
||||
for KEYTYPE in $KEYTYPES; do
|
||||
r_log "openssh" "Creating key: ${KEYTYPE}"
|
||||
runuser -l sshkeytest -c "echo | ssh-keygen -q -t ${KEYTYPE} -b 4096 -f ~/.ssh/id_${KEYTYPE}" > /dev/null
|
||||
runuser -l sshkeytest -c "cat ~/.ssh/*pub > ~/.ssh/authorized_keys && chmod 600 ~/.ssh/*keys" > /dev/null
|
||||
STRINGTEST=$(mktemp -u)
|
||||
echo "${STRINGTEST}" > /home/sshkeytest/test_file
|
||||
r_log "openssh" "Testing key: ${KEYTYPE}"
|
||||
runuser -l sshkeytest -c "ssh -i ~/.ssh/id_${KEYTYPE} localhost | grep -q ${STRINGTEST} /home/sshkeytest/test_file"
|
||||
ret_val=$?
|
||||
r_checkExitStatus $ret_val
|
||||
done
|
||||
|
||||
userdel -rf sshkeytest
|
|
@ -1,4 +0,0 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
r_log "podman" "Installing podman"
|
||||
p_installPackageNormal podman
|
|
@ -1,32 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
r_log "podman" "Testing podman"
|
||||
|
||||
test_to_run=(
|
||||
"podman version"
|
||||
"podman info"
|
||||
"podman run --rm quay.io/rockylinux/rockylinux:${RL_VER}"
|
||||
"podman system service -t 1"
|
||||
"touch ${HOME}/test.txt && \
|
||||
podman run --rm --privileged -v ${HOME}/test.txt:/test.txt quay.io/rockylinux/rockylinux:${RL_VER} bash -c 'echo HELLO > /test.txt' && \
|
||||
grep -qe 'HELLO' ${HOME}/test.txt && \
|
||||
rm -f ${HOME}/test.txt"
|
||||
"printf \"FROM quay.io/rockylinux/rockylinux:${RL_VER}\nCMD echo 'HELLO'\n\" > ${HOME}/Containerfile && \
|
||||
podman build -t test:latest -f ${HOME}/Containerfile && \
|
||||
podman image rm localhost/test:latest && \
|
||||
rm -rf ${HOME}/Containerfile"
|
||||
)
|
||||
|
||||
tmpoutput="$(mktemp)"
|
||||
trap 'rm -f ${tmpoutput}' EXIT
|
||||
|
||||
for command in "${test_to_run[@]}"; do
|
||||
r_log "podman" "Running $0: ${command}"
|
||||
if ! eval "${command}" > "${tmpoutput}" 2>&1; then
|
||||
r_log "podman" "${command} has failed."
|
||||
cat "${tmpoutput}"
|
||||
exit 1
|
||||
else
|
||||
r_checkExitStatus 0
|
||||
fi
|
||||
done
|
|
@ -1,31 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
r_log "podman" "Testing podman sockets"
|
||||
|
||||
useradd podman-remote
|
||||
loginctl enable-linger podman-remote
|
||||
tmpoutput="$(mktemp)"
|
||||
|
||||
trap 'loginctl terminate-user podman-remote && loginctl disable-linger podman-remote && sleep 1 && userdel -r podman-remote && rm -f ${tmpoutput}' EXIT
|
||||
|
||||
sleep 3
|
||||
|
||||
su -l podman-remote > "${tmpoutput}" 2>&1 <<EOF
|
||||
set -e
|
||||
export XDG_RUNTIME_DIR=/run/user/\$(id -u)
|
||||
systemctl --user enable --now podman.socket
|
||||
podman --url unix://run/user/\$(id -u)/podman/podman.sock run --name port-mapping-test -d -p 8080:80 docker.io/nginx
|
||||
pid=\$(systemctl --user show --property MainPID --value podman.service)
|
||||
while [ "\${pid}" -ne 0 ] && [ -d /proc/\${pid} ]; do sleep 1; echo "Waiting for podman to exit"; done
|
||||
podman --url unix://run/user/\$(id -u)/podman/podman.sock ps | grep -q -e port-mapping-test
|
||||
podman --url unix://run/user/\$(id -u)/podman/podman.sock container rm -f port-mapping-test
|
||||
systemctl --user disable --now podman.socket
|
||||
EOF
|
||||
|
||||
ret_val=$?
|
||||
|
||||
if [ "$ret_val" -ne 0 ]; then
|
||||
cat "${tmpoutput}"
|
||||
r_checkExitStatus 1
|
||||
fi
|
||||
r_checkExitStatus 0
|
|
@ -1,6 +1,5 @@
|
|||
#!/bin/bash
|
||||
r_log "postfix" "Install postfix (requires stop of other pieces)"
|
||||
# This is OK if it fails - This is also not logged except in stderr
|
||||
m_serviceCycler sendmail stop
|
||||
p_installPackageNormal postfix nc dovecot openssl
|
||||
m_serviceCycler postfix enable
|
||||
|
|
|
@ -18,3 +18,6 @@ mv /etc/dovecot/dovecot.conf.backup /etc/dovecot/dovecot.conf
|
|||
mv /etc/postfix/main.cf.backup /etc/postfix/main.cf
|
||||
|
||||
r_checkExitStatus $ret_val
|
||||
|
||||
cp -a /etc/postfix/main.cf.backup /etc/postfix/main.cf
|
||||
cp -a /etc/dovecot/dovecot.conf.backup /etc/dovecot/dovecot.conf
|
||||
|
|
|
@ -2,17 +2,6 @@
|
|||
r_log "postfix" "Test postfix with TLS"
|
||||
DROPDIR=/var/tmp/postfix
|
||||
|
||||
function cleanup() {
|
||||
mv /etc/postfix/main.cf.backup /etc/postfix/main.cf
|
||||
mv /etc/dovecot/dovecot.conf.backup /etc/dovecot/dovecot.conf
|
||||
rm /etc/pki/tls/certs/mail.crt
|
||||
rm /etc/pki/tls/private/mail.key
|
||||
rm -rf $DROPDIR/mail.*
|
||||
rm -rf /var/tmp/postfix
|
||||
}
|
||||
|
||||
trap cleanup EXIT
|
||||
|
||||
cp -a /etc/postfix/main.cf /etc/postfix/main.cf.backup
|
||||
cp -a /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.backup
|
||||
|
||||
|
@ -70,4 +59,11 @@ r_log "postfix" "Testing that postfix offers STARTTLS"
|
|||
echo "ehlo test" | nc -w 3 127.0.0.1 25 | grep -q "STARTTLS"
|
||||
ret_val=$?
|
||||
|
||||
r_checkExitStatus $ret_val
|
||||
mv /etc/postfix/main.cf.backup /etc/postfix/main.cf
|
||||
mv /etc/dovecot/dovecot.conf.backup /etc/dovecot/dovecot.conf
|
||||
rm /etc/pki/tls/certs/mail.crt
|
||||
rm /etc/pki/tls/certs/mail.key
|
||||
rm -rf $DROPDIR/mail.*
|
||||
rm -rf /var/tmp/postfix
|
||||
|
||||
r_checkExitStatus $?
|
||||
|
|
|
@ -1,3 +0,0 @@
|
|||
#!/bin/bash
|
||||
r_log "postgresql" "Installing postgresql"
|
||||
p_installPackageNormal postgresql-server postgresql
|
|
@ -1,5 +0,0 @@
|
|||
#!/bin/bash
|
||||
r_log "postgresql" "Initialize postgresql"
|
||||
postgresql-setup --initdb
|
||||
m_serviceCycler postgresql cycle
|
||||
sleep 15
|
|
@ -1,4 +0,0 @@
|
|||
#!/bin/bash
|
||||
r_log "postgresql" "Creating db"
|
||||
su - postgres -c 'createdb pg_test'
|
||||
r_checkExitStatus $?
|
|
@ -1,4 +0,0 @@
|
|||
#!/bin/bash
|
||||
r_log "postgresql" "Creating user"
|
||||
su - postgres -c 'createuser -S -R -D testuser' > /dev/null 2>&1
|
||||
r_checkExitStatus $?
|
|
@ -1,4 +0,0 @@
|
|||
#!/bin/bash
|
||||
r_log "postgresql" "Dropping database"
|
||||
su - postgres -c 'dropdb pg_test' > /dev/null 2>&1
|
||||
r_checkExitStatus $?
|
|
@ -1,4 +0,0 @@
|
|||
#!/bin/bash
|
||||
r_log "postgresql" "Dropping user"
|
||||
su - postgres -c 'dropuser testuser' > /dev/null 2>&1
|
||||
r_checkExitStatus $?
|
|
@ -4,8 +4,8 @@ if [ "$RL_VER" -eq 8 ]; then
|
|||
file /etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial > /dev/null 2>&1 && \
|
||||
file /etc/pki/rpm-gpg/RPM-GPG-KEY-rockytesting > /dev/null 2>&1
|
||||
else
|
||||
file "/etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-${RL_VER}" > /dev/null 2>&1 && \
|
||||
file "/etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-${RL_VER}-Testing" > /dev/null 2>&1
|
||||
file "/etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-${RL_VER}" > /ev/null 2>&1 && \
|
||||
file "/etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-${RL_VER}-Testing" > /ev/null 2>&1
|
||||
fi
|
||||
|
||||
r_checkExitStatus $?
|
||||
|
|
|
@ -4,10 +4,10 @@ r_log "rocky" "Check /etc/os-release stuff"
|
|||
r_log "rocky" "Verify support directives"
|
||||
for s in NAME=\"Rocky\ Linux\" \
|
||||
ID=\"rocky\" \
|
||||
ROCKY_SUPPORT_PRODUCT=\"Rocky-Linux-$RL_VER\" \
|
||||
ROCKY_SUPPORT_PRODUCT_VERSION=\"$RL_VER\..*\"; do
|
||||
ROCKY_SUPPORT_PRODUCT=\"Rocky\ Linux\" \
|
||||
ROCKY_SUPPORT_PRODUCT_VERSION=\"$RL_VER\"; do
|
||||
if ! grep -q "$s" /etc/os-release; then
|
||||
r_log "rocky" "Missing string ($s) in /etc/os-release"
|
||||
r_log "rocky" "Missing string in /etc/os-release"
|
||||
r_checkExitStatus 1
|
||||
fi
|
||||
done
|
||||
|
|
|
@ -1,19 +0,0 @@
|
|||
#!/bin/bash
|
||||
# Check that the release package is 1.X
|
||||
r_log "rocky release" "Checking that the package is at least X.Y-1.B"
|
||||
|
||||
RELEASE_VER="$(rpm -q rocky-release --qf '%{RELEASE}')"
|
||||
RELNUM="${RELEASE_VER:0:1}"
|
||||
if [ "${RELNUM}" -ge "1" ]; then
|
||||
if [[ "${RELEASE_VER:0:3}" =~ ^${RELNUM}.[[:digit:]] ]]; then
|
||||
ret_val="0"
|
||||
else
|
||||
r_log "rocky release" "FAIL: The release package is not in X.Y-A.B format"
|
||||
ret_val="1"
|
||||
fi
|
||||
else
|
||||
r_log "rocky release" "FAIL: The release package likely starts with 0 and is not considered production ready."
|
||||
ret_val="1"
|
||||
fi
|
||||
|
||||
r_checkExitStatus $ret_val
|
|
@ -8,12 +8,7 @@ if [ ! -d /sys/firmware/efi ]; then
|
|||
exit 0
|
||||
fi
|
||||
else
|
||||
if [[ "$rl_arch" == "x86_64" ]]; then
|
||||
p_installPackageNormal pesign
|
||||
pesign --show-signature --in /boot/efi/EFI/rocky/shim.efi | grep -Eq "Microsoft Windows UEFI Driver Publisher"
|
||||
r_checkExitStatus $?
|
||||
else
|
||||
r_log "secureboot" "x86_64 is the only supported secureboot arch at this time"
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
|
|
|
@ -110,6 +110,6 @@ r_log "shadow" "Test sg"
|
|||
sg onyxuser "touch /var/tmp/onyxsg"
|
||||
r_checkExitStatus $?
|
||||
r_log "shadow" "Verify sg worked"
|
||||
stat --format="%G" /var/tmp/onyxsg | grep -q onyxuser
|
||||
stat --format="%U" /var/tmp/onyxsg | grep -q onyxuser
|
||||
r_checkExitStatus $?
|
||||
rm /var/tmp/onyxsg
|
||||
|
|
|
@ -1,11 +1,4 @@
|
|||
#!/bin/bash
|
||||
function cleanup() {
|
||||
pwconv
|
||||
rm -rf /var/tmp/pwunconv /var/tmp/pwconv
|
||||
}
|
||||
|
||||
trap cleanup EXIT
|
||||
|
||||
r_log "shadow" "Check that pwck can use correct files"
|
||||
pwck -rq ./common/files/correct-passwd ./common/files/correct-shadow
|
||||
r_checkExitStatus $?
|
||||
|
@ -15,11 +8,9 @@ pwck -rq ./common/files/incorrect-passwd ./common/files/incorrect-shadow
|
|||
ret_val=$?
|
||||
if [ "$ret_val" -eq 0 ]; then
|
||||
r_log "shadow" "They're correct."
|
||||
r_checkExitStatus 1
|
||||
else
|
||||
r_log "shadow" "They're incorrect."
|
||||
r_checkExitStatus 0
|
||||
exit 1
|
||||
fi
|
||||
r_checkExitStatus 0
|
||||
|
||||
r_log "shadow" "Check that pwconv is functional"
|
||||
mkdir -p /var/tmp/pwconv
|
||||
|
|
|
@ -1,3 +0,0 @@
|
|||
#!/bin/bash
|
||||
r_log "tftp" "Installing packages"
|
||||
p_installPackageNormal tftp-server tftp
|
|
@ -1,23 +0,0 @@
|
|||
#!/bin/bash
|
||||
r_log "tftp" "Configure tftp"
|
||||
|
||||
if [ "$RL_VER" -eq 8 ]; then
|
||||
cat <<EOF > /etc/xinetd.d/tftp
|
||||
service tftp
|
||||
{
|
||||
socket_type = dgram
|
||||
protocol = udp
|
||||
wait = yes
|
||||
user = root
|
||||
server = /usr/sbin/in.tftpd
|
||||
server_args = -s /var/lib/tftpboot
|
||||
disable = no
|
||||
per_source = 11
|
||||
cps = 100 2
|
||||
flags = IPv4
|
||||
}
|
||||
EOF
|
||||
|
||||
fi
|
||||
|
||||
m_serviceCycler tftp.socket start
|
|
@ -1,10 +0,0 @@
|
|||
#!/bin/bash
|
||||
r_log "tftp" "Getting a file from tftp"
|
||||
|
||||
chmod 777 /var/lib/tftpboot
|
||||
echo "rocky func" > /var/lib/tftpboot/tftptest
|
||||
tftp 127.0.0.1 -c get tftptest
|
||||
|
||||
grep -q "rocky func" tftptest
|
||||
r_checkExitStatus $?
|
||||
/bin/rm tftptest
|
|
@ -1,14 +0,0 @@
|
|||
#!/bin/bash
|
||||
r_log "tftp" "Testing anon write"
|
||||
TFTPDIR=/var/lib/tftpboot
|
||||
setsebool tftp_anon_write 1
|
||||
chmod 777 $TFTPDIR
|
||||
echo "rocky func" > puttest
|
||||
touch $TFTPDIR > $TFTPDIR/puttest
|
||||
chmod 666 $TFTPDIR/puttest
|
||||
tftp 127.0.0.1 -c put puttest
|
||||
sleep 2
|
||||
grep -q 'rocky func' $TFTPDIR/puttest
|
||||
r_checkExitStatus $?
|
||||
/bin/rm puttest
|
||||
/bin/rm $TFTPDIR/puttest
|
59
func/ipa.sh
59
func/ipa.sh
|
@ -1,59 +0,0 @@
|
|||
#!/bin/bash
|
||||
# Release Engineering Core Functionality Testing
|
||||
# Louis Abel <label@rockylinux.org> @nazunalika
|
||||
|
||||
################################################################################
|
||||
# Settings and variables
|
||||
|
||||
# Exits on any non-zero exit status - Disabled for now.
|
||||
#set -e
|
||||
# Undefined variables will cause an exit
|
||||
set -u
|
||||
|
||||
COMMON_EXPORTS='./common/exports.sh'
|
||||
COMMON_IMPORTS='./common/imports.sh'
|
||||
SELINUX=$(getenforce)
|
||||
|
||||
# End
|
||||
################################################################################
|
||||
|
||||
# shellcheck source=/dev/null disable=SC2015
|
||||
[ -f $COMMON_EXPORTS ] && source $COMMON_EXPORTS || { echo -e "\n[-] $(date): Variables cannot be sourced."; exit 1; }
|
||||
# shellcheck source=/dev/null disable=SC2015
|
||||
[ -f $COMMON_IMPORTS ] && source $COMMON_IMPORTS || { echo -e "\n[-] $(date): Functions cannot be sourced."; exit 1; }
|
||||
# Init log
|
||||
# shellcheck disable=SC2015
|
||||
[ -e "$LOGFILE" ] && m_recycleLog || touch "$LOGFILE"
|
||||
# SELinux check
|
||||
if [ "$SELINUX" != "Enforcing" ]; then
|
||||
echo -e "\n[-] $(date): SELinux is not enforcing."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
r_log "internal" "Starting Release Engineering Core Tests"
|
||||
|
||||
################################################################################
|
||||
# Script Work
|
||||
|
||||
# Skip tests in a list - some tests are already -x, so it won't be an issue
|
||||
if [ -e skip.list ]; then
|
||||
r_log "internal" "Disabling tests"
|
||||
# shellcheck disable=SC2162
|
||||
grep -E "^${RL_VER}" skip.list | while read line; do
|
||||
# shellcheck disable=SC2086
|
||||
testFile="$(echo $line | cut -d '|' -f 2)"
|
||||
r_log "internal" "SKIP ${testFile}"
|
||||
chmod -x "${testFile}"
|
||||
done
|
||||
r_log "internal" "WARNING: Tests above were disabled."
|
||||
fi
|
||||
|
||||
# TODO: should we let $1 judge what directory is ran?
|
||||
# TODO: get some stacks and lib in there
|
||||
|
||||
#r_processor <(/usr/bin/find ./core -type f | sort -t'/')
|
||||
#r_processor <(/usr/bin/find ./lib -type f | sort -t'/')
|
||||
r_processor <(/usr/bin/find ./stacks/ipa -type f | sort -t'/')
|
||||
|
||||
r_log "internal" "Core Tests completed"
|
||||
exit 0
|
|
@ -1,3 +0,0 @@
|
|||
#!/bin/bash
|
||||
r_log "pdf" "Install enscript, ghostscript, and poppler"
|
||||
p_installPackageNormal fontconfig @fonts enscript ghostscript poppler-utils
|
|
@ -1,23 +0,0 @@
|
|||
#!/bin/bash
|
||||
r_log "pdf" "Create a PDF from postscript from text, convert it back to text and check"
|
||||
trap 'rm -rf $PSFILE $PDFFILE $TESTFILE' EXIT
|
||||
|
||||
TOFIND="BlueOnyx"
|
||||
PSFILE="/var/tmp/test.ps"
|
||||
PDFFILE="/var/tmp/test.pdf"
|
||||
TESTFILE="/var/tmp/psresult"
|
||||
|
||||
encript -q -p $PSFILE /etc/rocky-release
|
||||
|
||||
r_log "pdf" "Check created file"
|
||||
|
||||
grep -q $TOFIND $PSFILE
|
||||
pdf_ret_val=$?
|
||||
r_checkExitStatus $pdf_ret_val
|
||||
|
||||
ps2pdf $PSFILE $PDFFILE
|
||||
pdftotext -q $PDFFILE $TESTFILE
|
||||
r_log "pdf" "Checking after conversion to text"
|
||||
grep -q $TOFIND $TESTFILE
|
||||
text_ret_val=$?
|
||||
r_checkExitStatus $text_ret_val
|
|
@ -30,16 +30,6 @@ if [ "$SELINUX" != "Enforcing" ]; then
|
|||
exit 1
|
||||
fi
|
||||
|
||||
r_checkEPELEnabled
|
||||
is_epel=$?
|
||||
if [[ "$is_epel" == "0" ]]; then
|
||||
echo "EPEL enabled. Stop."
|
||||
r_log "internal" "EPEL enabled. Stop."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
r_checkTmpNoExec
|
||||
|
||||
r_log "internal" "Starting Release Engineering Core Tests"
|
||||
|
||||
################################################################################
|
||||
|
@ -62,7 +52,7 @@ fi
|
|||
# TODO: get some stacks and lib in there
|
||||
|
||||
r_processor <(/usr/bin/find ./core -type f | sort -t'/')
|
||||
r_processor <(/usr/bin/find ./lib -type f | sort -t'/')
|
||||
#r_processor <(/usr/bin/find ./lib -type f | sort -t'/')
|
||||
#r_processor <(/usr/bin/find ./stacks -type f | sort -t'/')
|
||||
|
||||
r_log "internal" "Core Tests completed"
|
||||
|
|
|
@ -10,12 +10,9 @@
|
|||
# -> Must be a URL to bugs.rl.o, a github issue number, or a code, such as:
|
||||
# * NEEDINFO
|
||||
# * NOTREADY
|
||||
# * NOPKG
|
||||
8|./core/pkg_archive/26-zmore.sh|nazunalika|NEEDINFO
|
||||
8|./core/pkg_nfs/12-prepare-autofs.sh|nazunalika|NEEDINFO
|
||||
8|./core/pkg_diffutils/00-install-diff.sh|nazunalika|NOTREADY
|
||||
8|./core/pkg_snmp/12-test-snmp-3.sh|nazunalika|NOTWORKING
|
||||
8|./core/pkg_samba/00-install-samba.sh|nazunalika|NOTWORKING
|
||||
8|./core/pkg_samba/10-test-samba.sh|nazunalika|NOTWORKING
|
||||
9|./core/pkg_archive/27-znew.sh|nazunalika|NOPKG
|
||||
9|./core/pkg_network/30-test-arpwatch.sh|nazunalika|NOPKG
|
||||
|
|
|
@ -1,59 +0,0 @@
|
|||
#!/bin/bash
|
||||
# Release Engineering Core Functionality Testing
|
||||
# Louis Abel <label@rockylinux.org> @nazunalika
|
||||
|
||||
################################################################################
|
||||
# Settings and variables
|
||||
|
||||
# Exits on any non-zero exit status - Disabled for now.
|
||||
#set -e
|
||||
# Undefined variables will cause an exit
|
||||
set -u
|
||||
|
||||
COMMON_EXPORTS='./common/exports.sh'
|
||||
COMMON_IMPORTS='./common/imports.sh'
|
||||
SELINUX=$(getenforce)
|
||||
|
||||
# End
|
||||
################################################################################
|
||||
|
||||
# shellcheck source=/dev/null disable=SC2015
|
||||
[ -f $COMMON_EXPORTS ] && source $COMMON_EXPORTS || { echo -e "\n[-] $(date): Variables cannot be sourced."; exit 1; }
|
||||
# shellcheck source=/dev/null disable=SC2015
|
||||
[ -f $COMMON_IMPORTS ] && source $COMMON_IMPORTS || { echo -e "\n[-] $(date): Functions cannot be sourced."; exit 1; }
|
||||
# Init log
|
||||
# shellcheck disable=SC2015
|
||||
[ -e "$LOGFILE" ] && m_recycleLog || touch "$LOGFILE"
|
||||
# SELinux check
|
||||
if [ "$SELINUX" != "Enforcing" ]; then
|
||||
echo -e "\n[-] $(date): SELinux is not enforcing."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
r_log "internal" "Starting Release Engineering Core Tests"
|
||||
|
||||
################################################################################
|
||||
# Script Work
|
||||
|
||||
# Skip tests in a list - some tests are already -x, so it won't be an issue
|
||||
if [ -e skip.list ]; then
|
||||
r_log "internal" "Disabling tests"
|
||||
# shellcheck disable=SC2162
|
||||
grep -E "^${RL_VER}" skip.list | while read line; do
|
||||
# shellcheck disable=SC2086
|
||||
testFile="$(echo $line | cut -d '|' -f 2)"
|
||||
r_log "internal" "SKIP ${testFile}"
|
||||
chmod -x "${testFile}"
|
||||
done
|
||||
r_log "internal" "WARNING: Tests above were disabled."
|
||||
fi
|
||||
|
||||
# TODO: should we let $1 judge what directory is ran?
|
||||
# TODO: get some stacks and lib in there
|
||||
|
||||
#r_processor <(/usr/bin/find ./core -type f | sort -t'/')
|
||||
#r_processor <(/usr/bin/find ./lib -type f | sort -t'/')
|
||||
r_processor <(/usr/bin/find ./stacks -type f | sort -t'/')
|
||||
|
||||
r_log "internal" "Core Tests completed"
|
||||
exit 0
|
|
@ -9,6 +9,5 @@ fi
|
|||
# going to be the same thing or not so this check is there just in case.
|
||||
if [ "$RL_VER" -eq 8 ]; then
|
||||
p_enableModule idm:DL1/{client,common,dns,server}
|
||||
p_installPackageNormal ipa-server ipa-server-dns
|
||||
fi
|
||||
|
||||
p_installPackageNormal ipa-server ipa-server-dns expect
|
||||
|
|
|
@ -9,73 +9,3 @@ if [ "$IPAINSTALLED" -eq 1 ]; then
|
|||
r_checkExitStatus 1
|
||||
fi
|
||||
|
||||
kdestroy &> /dev/null
|
||||
klist 2>&1 | grep -E "(No credentials|Credentials cache .* not found)" &> /dev/null
|
||||
r_checkExitStatus $?
|
||||
|
||||
echo "b1U3OnyX!" | kinit admin@RLIPA.LOCAL
|
||||
|
||||
klist | grep "admin@RLIPA.LOCAL" &> /dev/null
|
||||
r_checkExitStatus $?
|
||||
|
||||
r_log "ipa" "Test adding a user"
|
||||
ipa user-add --first=test --last=user --random ipatestuser > /tmp/ipatestuser
|
||||
grep -q 'Added user "ipatestuser"' /tmp/ipatestuser
|
||||
|
||||
ret_val=$?
|
||||
if [ "$ret_val" -ne 0 ]; then
|
||||
r_log "ipa" "User was not created, this is considered fatal"
|
||||
r_checkExitStatus 1
|
||||
exit 1
|
||||
fi
|
||||
|
||||
sed -i 's|^ ||g' /tmp/ipatestuser
|
||||
grep -q 'First name: test' /tmp/ipatestuser
|
||||
r_checkExitStatus $?
|
||||
grep -q 'Last name: user' /tmp/ipatestuser
|
||||
r_checkExitStatus $?
|
||||
grep -q 'Full name: test user' /tmp/ipatestuser
|
||||
r_checkExitStatus $?
|
||||
grep -q 'Home directory: /home/ipatestuser' /tmp/ipatestuser
|
||||
r_checkExitStatus $?
|
||||
|
||||
r_log "ipa" "Changing password of the user"
|
||||
kdestroy &> /dev/null
|
||||
userPassword="$(awk '/Random password/ { print $3 }' /tmp/ipatestuser)"
|
||||
/bin/rm /tmp/ipatestuser
|
||||
|
||||
expect -f - <<EOF
|
||||
set send_human {.1 .3 1 .05 2}
|
||||
spawn kinit ipatestuser
|
||||
sleep 1
|
||||
expect "Password for ipatestuser@RLIPA.LOCAL: "
|
||||
send -h -- "$(echo "$userPassword")\r"
|
||||
sleep 1
|
||||
expect "Enter new password: "
|
||||
send -h -- "gr@YAm3thy5st!\r"
|
||||
sleep 1
|
||||
expect "Enter it again: "
|
||||
send -h -- "gr@YAm3thy5st!\r"
|
||||
sleep 5
|
||||
close
|
||||
EOF
|
||||
|
||||
r_log "ipa" "Re-doing a kinit"
|
||||
expect -f - <<EOF
|
||||
set send_human {.1 .3 1 .05 2}
|
||||
spawn kinit ipatestuser
|
||||
sleep 1
|
||||
expect "Password for ipatestuser@C6IPA.LOCAL:"
|
||||
send -h "gr@YAm3thy5st!\r"
|
||||
sleep 1
|
||||
close
|
||||
EOF
|
||||
|
||||
klist | grep "ipatestuser@RLIPA.LOCAL" &> /dev/null
|
||||
r_checkExitStatus $?
|
||||
|
||||
kdestroy &> /dev/null
|
||||
|
||||
r_log "ipa" "Testing for user in getent"
|
||||
getent passwd ipatestuser &> /dev/null
|
||||
r_checkExitStatus $?
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/bash
|
||||
if m_getArch aarch64 | grep -qE 'aarch64'; then
|
||||
r_log "ipa" "Skipping for aarch64"
|
||||
r_log "ipa -bash" "Skipping for aarch64"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
|
@ -9,53 +9,3 @@ if [ "$IPAINSTALLED" -eq 1 ]; then
|
|||
r_checkExitStatus 1
|
||||
fi
|
||||
|
||||
kdestroy &> /dev/null
|
||||
klist 2>&1 | grep -E "(No credentials|Credentials cache .* not found)" &> /dev/null
|
||||
r_checkExitStatus $?
|
||||
|
||||
echo "b1U3OnyX!" | kinit admin@RLIPA.LOCAL
|
||||
|
||||
klist | grep "admin@RLIPA.LOCAL" &> /dev/null
|
||||
r_checkExitStatus $?
|
||||
|
||||
r_log "ipa" "Adding test service"
|
||||
ipa service-add testservice/onyxtest.rlipa.local &> /dev/null
|
||||
r_checkExitStatus $?
|
||||
|
||||
r_log "ipa" "Getting keytab for service"
|
||||
ipa-getkeytab -s onyxtest.rlipa.local -p testservice/onyxtest.rlipa.local -k /tmp/testservice.keytab &> /dev/null
|
||||
r_checkExitStatus $?
|
||||
|
||||
r_log "ipa" "Getting a certificate for service"
|
||||
ipa-getcert request -K testservice/onyxtest.rlipa.local -D onyxtest.rlipa.local -f /etc/pki/tls/certs/testservice.crt -k /etc/pki/tls/private/testservice.key &> /dev/null
|
||||
r_checkExitStatus $?
|
||||
|
||||
while true; do
|
||||
entry="$(ipa-getcert list -r | sed -n '/Request ID/,/auto-renew: yes/p')"
|
||||
if [[ $entry =~ "status:" ]] && [[ $entry =~ "CA_REJECTED" ]]; then
|
||||
r_checkExitStatus 1
|
||||
break
|
||||
fi
|
||||
if [[ $entry =~ "" ]]; then
|
||||
r_checkExitStatus 0
|
||||
break
|
||||
fi
|
||||
sleep 1
|
||||
done
|
||||
|
||||
while ! stat /etc/pki/tls/certs/testservice.crt &> /dev/null; do
|
||||
sync
|
||||
sleep 1
|
||||
done
|
||||
|
||||
r_log "ipa" "Verifying keytab"
|
||||
klist -k /tmp/testservice.keytab | grep "testservice/onyxtest.rlipa.local" &> /dev/null
|
||||
r_checkExitStatus $?
|
||||
|
||||
r_log "ipa" "Verifying key matches the certificate"
|
||||
diff <(openssl x509 -in /etc/pki/tls/certs/testservice.crt -noout -modulus 2>&1 ) <(openssl rsa -in /etc/pki/tls/private/testservice.key -noout -modulus 2>&1 )
|
||||
r_checkExitStatus $?
|
||||
|
||||
r_log "ipa" "Verifying the certificate against our CA"
|
||||
openssl verify -CAfile /etc/ipa/ca.crt /etc/pki/tls/certs/testservice.crt | grep "/etc/pki/tls/certs/testservice.crt: OK" &> /dev/null
|
||||
r_checkExitStatus $?
|
||||
|
|
|
@ -9,38 +9,3 @@ if [ "$IPAINSTALLED" -eq 1 ]; then
|
|||
r_checkExitStatus 1
|
||||
fi
|
||||
|
||||
kdestroy &> /dev/null
|
||||
klist 2>&1 | grep -qE "(No credentials|Credentials cache .* not found)" &> /dev/null
|
||||
r_checkExitStatus $?
|
||||
|
||||
echo "b1U3OnyX!" | kinit admin@RLIPA.LOCAL
|
||||
|
||||
klist | grep "admin@RLIPA.LOCAL" &> /dev/null
|
||||
r_checkExitStatus $?
|
||||
|
||||
r_log "ipa" "Adding testzone subdomain"
|
||||
ipa dnszone-add --name-server=onyxtest.rlipa.local. --admin-email=hostmaster.testzone.rlipa.local. testzone.rlipa.local &> /dev/null
|
||||
r_checkExitStatus $?
|
||||
sleep 5
|
||||
|
||||
r_log "ipa" "Get SOA from testzone subdomain"
|
||||
dig @localhost SOA testzone.rlipa.local | grep -q "status: NOERROR" &> /dev/null
|
||||
r_checkExitStatus $?
|
||||
|
||||
r_log "ipa" "Adding a CNAME record to the primary domain"
|
||||
ipa dnsrecord-add rlipa.local testrecord --cname-hostname=onyxtest &> /dev/null
|
||||
r_checkExitStatus $?
|
||||
sleep 5
|
||||
|
||||
r_log "ipa" "Retrieving CNAME record"
|
||||
dig @localhost CNAME testrecord.rlipa.local | grep -q "status: NOERROR" &> /dev/null
|
||||
r_checkExitStatus $?
|
||||
|
||||
r_log "ipa" "Adding a CNAME to subdomain"
|
||||
ipa dnsrecord-add testzone.rlipa.local testrecord --cname-hostname=onyxtest.rlipa.local. &> /dev/null
|
||||
r_checkExitStatus $?
|
||||
sleep 5
|
||||
|
||||
r_log "ipa" "Testing can retrieve record from subdomain"
|
||||
dig @localhost CNAME testrecord.testzone.rlipa.local | grep -q "status: NOERROR" &> /dev/null
|
||||
r_checkExitStatus $?
|
||||
|
|
|
@ -9,51 +9,3 @@ if [ "$IPAINSTALLED" -eq 1 ]; then
|
|||
r_checkExitStatus 1
|
||||
fi
|
||||
|
||||
kdestroy -A
|
||||
klist 2>&1 | grep -E "(No credentials|Credentials cache .* not found)"
|
||||
r_checkExitStatus $?
|
||||
|
||||
echo "b1U3OnyX!" | kinit admin@RLIPA.LOCAL
|
||||
|
||||
klist | grep -q "admin@RLIPA.LOCAL"
|
||||
r_checkExitStatus $?
|
||||
|
||||
r_log "ipa" "Creating a test sudo rule"
|
||||
ipa sudorule-add testrule --desc="Test rule in IPA" --hostcat=all --cmdcat=all --runasusercat=all --runasgroupcat=all &> /dev/null
|
||||
r_checkExitStatus $?
|
||||
|
||||
r_log "ipa" "Adding user to test sudo rule"
|
||||
ipa sudorule-add-user testrule --users="ipatestuser" &> /dev/null
|
||||
r_checkExitStatus $?
|
||||
|
||||
r_log "ipa" "Verifying rule..."
|
||||
ipa sudorule-show testrule > /tmp/testrule
|
||||
grep -q 'Rule name: testrule' /tmp/testrule
|
||||
r_checkExitStatus $?
|
||||
grep -q 'Description: Test rule in IPA' /tmp/testrule
|
||||
r_checkExitStatus $?
|
||||
grep -q 'Enabled: TRUE' /tmp/testrule
|
||||
r_checkExitStatus $?
|
||||
grep -q 'Host category: all' /tmp/testrule
|
||||
r_checkExitStatus $?
|
||||
grep -q 'Command category: all' /tmp/testrule
|
||||
r_checkExitStatus $?
|
||||
grep -q 'RunAs User category: all' /tmp/testrule
|
||||
r_checkExitStatus $?
|
||||
grep -q 'RunAs Group category: all' /tmp/testrule
|
||||
r_checkExitStatus $?
|
||||
grep -q 'Users: ipatestuser' /tmp/testrule
|
||||
r_checkExitStatus $?
|
||||
|
||||
m_serviceCycler sssd stop
|
||||
rm -rf /var/lib/sss/db/*
|
||||
m_serviceCycler sssd start
|
||||
|
||||
sleep 5
|
||||
|
||||
r_log "ipa" "Verifying sudo abilities"
|
||||
sudo -l -U ipatestuser > /tmp/sudooutput
|
||||
grep -q 'ipatestuser may run the following commands' /tmp/sudooutput
|
||||
r_checkExitStatus $?
|
||||
grep -q 'ALL) ALL' /tmp/sudooutput
|
||||
r_checkExitStatus $?
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/bash
|
||||
if m_getArch aarch64 | grep -qE 'aarch64'; then
|
||||
r_log "ipa" "Skipping for aarch64"
|
||||
r_log "ipa -bash" "Skipping for aarch64"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
|
|
|
@ -1,2 +1,7 @@
|
|||
While not considered a "stack", it's a combination of many things at once. So
|
||||
it is being tested as a stack.
|
||||
|
||||
We will be testing mainly against EL8. It is not clear if EL9 will keep idm as
|
||||
a module in 9. However, certain tests will be checking for the release just in
|
||||
case that the modules will disappear. (I can only hope that it does and that
|
||||
it just goes back to what Fedora is doing and what EL7 does). -label
|
||||
|
|
|
@ -2,4 +2,3 @@ __pycache__/
|
|||
*.py[cod]
|
||||
*$py.class
|
||||
*.so
|
||||
Containerfile*.devel
|
||||
|
|
|
@ -56,7 +56,7 @@ RUN rm -rf /etc/yum.repos.d/*.repo
|
|||
RUN useradd -o -d /var/peridot -u 1002 peridotbuilder && usermod -a -G mock peridotbuilder
|
||||
RUN chown peridotbuilder:mock /etc/yum.conf && chown -R peridotbuilder:mock /etc/dnf && chown -R peridotbuilder:mock /etc/rpm && chown -R peridotbuilder:mock /etc/yum.repos.d
|
||||
|
||||
RUN pip install 'git+https://git.resf.org/sig_core/toolkit.git@devel#egg=empanadas&subdirectory=iso/empanadas'
|
||||
RUN pip install 'git+https://git.rockylinux.org/release-engineering/public/toolkit.git@feature/iso-kube#egg=empanadas&subdirectory=iso/empanadas'
|
||||
|
||||
RUN pip install awscli
|
||||
|
||||
|
|
|
@ -1,68 +0,0 @@
|
|||
FROM docker.io/fedora:36
|
||||
|
||||
ADD images/get_arch /get_arch
|
||||
|
||||
ENV TINI_VERSION v0.19.0
|
||||
RUN curl -o /tini -L "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini-$(/get_arch)"
|
||||
RUN chmod +x /tini
|
||||
|
||||
RUN dnf install -y \
|
||||
bash \
|
||||
bzip2 \
|
||||
cpio \
|
||||
diffutils \
|
||||
findutils \
|
||||
gawk \
|
||||
gcc \
|
||||
gcc-c++ \
|
||||
git \
|
||||
grep \
|
||||
gzip \
|
||||
info \
|
||||
make \
|
||||
patch \
|
||||
python3 \
|
||||
redhat-rpm-config \
|
||||
rpm-build \
|
||||
scl-utils-build \
|
||||
sed \
|
||||
shadow-utils \
|
||||
tar \
|
||||
unzip \
|
||||
util-linux \
|
||||
which \
|
||||
xz \
|
||||
dnf-plugins-core \
|
||||
createrepo_c \
|
||||
rpm-sign \
|
||||
sudo \
|
||||
mock \
|
||||
python-pip \
|
||||
imagefactory \
|
||||
imagefactory-plugins*
|
||||
|
||||
RUN sed -i -e 's/# memory = 1024/memory = 2048/' /etc/oz/oz.cfg
|
||||
|
||||
COPY imagefactory.patch /
|
||||
COPY oz.rpm /
|
||||
|
||||
RUN dnf -y install /oz.rpm
|
||||
RUN (cd /usr/lib/python3.10/site-packages/; patch -p1 </imagefactory.patch)
|
||||
|
||||
RUN ssh-keygen -t rsa -q -f "$HOME/.ssh/id_rsa" -N ""
|
||||
RUN dnf clean all
|
||||
RUN rm -rf /etc/yum.repos.d/*.repo /get_arch
|
||||
# RUN useradd -o -d /var/peridot -u 1002 peridotbuilder && usermod -a -G mock peridotbuilder
|
||||
# RUN chown -R peridotbuilder:mock /etc/dnf && chown -R peridotbuilder:mock /etc/rpm && chown -R peridotbuilder:mock /etc/yum.repos.d && chown -R peridotbuilder:mock /var/lib/imagefactory/storage
|
||||
|
||||
RUN pip install awscli
|
||||
|
||||
|
||||
RUN pip install 'git+https://git.resf.org/sig_core/toolkit.git@devel#egg=empanadas&subdirectory=iso/empanadas'
|
||||
|
||||
ENV LIBGUESTFS_BACKEND direct
|
||||
|
||||
COPY prep-azure.sh /prep-azure.sh
|
||||
RUN chmod +x /prep-azure.sh
|
||||
|
||||
ENTRYPOINT ["/tini", "--"]
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue