Compare commits

..

No commits in common. "devel" and "update/readme" have entirely different histories.

350 changed files with 5869 additions and 14464 deletions

View File

@ -14,9 +14,10 @@ What does this have?
* analyze -> Analysis utilities (such as download stats) * analyze -> Analysis utilities (such as download stats)
* chat -> mattermost related utilities * chat -> mattermost related utilities
* func -> (mostly defunct) testing scripts and tools to test base functionality
* iso -> Contains `empanadas`, which provides ISO, Compose, and Sync related utilities. * iso -> Contains `empanadas`, which provides ISO, Compose, and Sync related utilities.
* mangle -> Manglers and other misc stuff * mangle -> Manglers and other misc stuff
* sync -> Sync tools, used to sync from compose directories to mirror for Rocky Linux * sync -> Sync tools, primarily for Rocky Linux 8 and will eventually be deprecated
How can I help? How can I help?
--------------- ---------------
@ -36,3 +37,9 @@ PR's against the main branch will be closed.
PR's are preferred at the [RESF Git Service](https://git.resf.org). PR's are preferred at the [RESF Git Service](https://git.resf.org).
Will some of this be moved into separate repositories?
------------------------------------------------------
There may be some things that will be moved to its own repository in the near
future. From a SIG/Core standpoint, we believe a good chunk of this should stay
here as it makes it easier for us to maintain and manage.

5
func/.gitignore vendored Normal file
View File

@ -0,0 +1,5 @@
log/*.log
log/*.log.*
clone_again/
cloned/
tftptest

489
func/README.md Normal file
View File

@ -0,0 +1,489 @@
Release Engineering Core Functionality Testing
==============================================
These are a set of scripts that are designed to test the core functionality
of a Rocky Linux system. They are designed to work on current versions of
Rocky and are used to test a system as a Release Engineering self-QA but
can be used by others for their own personal testing (under the assumption
that you just want to see what happens, we don't judge.
These tests *must* pass for a X.0 release to be considered "Core Validated".
* common -> Functions that our scripts and tests may or may not use. Templates
and other files should come here too under common/files and
scripts that use them should reference them as `./common/files/...`
* core -> Core functionality and testing. For example, packages and service
functionality.
* lib -> Library tests (these may be done elsewhere, such as openqa)
* log -> Log output. This repository has example logs of running on Rocky
Linux.
* modules -> Tests for module streams and their basic tests
* stacks -> Software stacks, think like LAMP (may be done elsewhere, such as openqa)
How to Run
----------
There are two ways to run through the tests:
* By running `/bin/bash runtests.sh`
* Runs all core tests
* By running `/bin/bash stacktests.sh`
* Runs all stack tests (eg, lamp, ipa)
* By running `/bin/bash monotests.sh`
* Supposed to runs all tests one by one to help identify failures as they happen (not functional)
Adding Tests
------------
So you want to add a few tests. Great! Before you add them, I want you to ask
yourself the following questions:
* Are my test(s) brand new?
* Are my test(s) actually for the "core" functionality of the system?
* Will my test(s) be going through a shellcheck?
* Were my tests running with SELinux enforcing?
If you've answered no to any of the above, the test may not be valid for this
project. If you are planning on changing a test or fixing a test to look or
work better, then a PR is more than welcome. Some things could definitely
use some touching up or improvements.
When creating tests, the below should be followed (at a minimum):
* Use functions from `./common/imports.sh`
* Global variables should be in `./common/exports.sh`
* Reusable files should be in `./common/files`
* Logging is enforced; use `r_log` where ever necessary
* Exits and status checks should be against `r_checkExitStatus`
* Place comments where `r_log` won't be descriptive enough
* With some exceptions, keep lines to a maximum of 80 characters
* Use fullpath to binaries when necessary
* Use shellcheck to verify the scripts are valid and compliant (some stuff that
shellcheck reports could be false - Just use a comment to turn off that test
for that particular line, but you need to ensure it's a false positive.)
* All filenames should start with a number and end with `.sh` (eg `00-foo.sh`)
* The executable bit should be set (except for scripts that are sourced)
**Note**: that if tests should be skipped, they should be placed into the
`skip.list` file so that way they won't run during the test phase. The file will
get a -x placed on it. Note that this is generally OK, since this repo will just
be cloned when being used anyway and won't be committed back. It is just
expected that all scripts are +x to begin with unless there's a valid reason.
There are a few tests we already have disabled because they're either not done
or they are acting strangely.
**Note**: If a package required additional modification (eg, dotnet) and it
it has a `.rocky` on the release tag, then it should be noted in the mods.list.
The same thing goes for the debrand list. Additionally, if certain patches
can change the output, it would be good to test for this (see `core/pkg_httpd`)
for an example.
Core Functionality
------------------
Everyone has their own idea of "core functionality." In the case of Release
Engineering, core functionality is simply us saying that with a basic
installation of Rocky Linux, we can run basic commands that any system admin,
developer, or casual user would run and expect to work on a regular basis.
Think about the software you probably use fairly regularly on any Linux system
that you've installed, ran, or are currently running. Now think about the
commands that you run day in, and day out. Now consider that what you're
running isn't niche and it's highly likely others use them too. If something
goes wrong with the build of your distribution, your tools might not work as
expected. Which is why the idea of doing basic testing of most, if not all of
the common stuff is a good thing to do.
While writing this, the things that come to mind are:
* archiving: zip, tar, gzip, etc
* file: head, tail, less, cat, diff, find, grep, vim, git
* network: ping, ip, ssh, wget, curl
* packaging: rpm, dnf
* system utilities: systemctl, top, sudo, ps
* web (packaging): httpd
Those are just off the top of my head. There's obviously a lot more, but with
that in mind, you now have the idea of what we're trying to accomplish with
this set of tests.
With that being said, there are obviously other tests being employed for things
that people may or may not use (LAMP stacks for example). It's not a core
function by any means, but it at least validates that a common thing or set of
things works as intended without extending the system or fixing the baseline
set of packages.
FAQ
---
### How do I know what some of these scripts do?
You can view the script and look at the various `r_log` lines or the comments
if they happen to be there. If you don't see a comment, look for an `r_log`.
### How do I disable a test?
A test can be disabled by running `chmod -x` on any given test. It's also
recommended to add it to `skip.list`
### Won't some of the tests have to change on (insert major release here)?
Yes and no. There are some tests will have to be altered to deal with it, but
the only way to really find out is to run the tests on a new major release
and see what happens.
### A test failed, what do I do?
Run a test manually to get the error. (Most) errors are not sent to the logs
as the logs are mainly to say if something was "PASSED", "FAILED", or "SKIPPED".
### A test isn't descriptive enough on r_log or comments, can I PR for that?
Absolutely - If you feel there is a gap, please fork and change what you feel
needs more information!
### Do I really need SELinux enforcing to run/add tests?
Yes.
### Why though?
Ensuring the tests work and operate under default conditions (firewall and
selinux are up) helps those who use our distribution in environments where
security is important, actually work and function correctly.
With that said, There is no reason to disable integral security layers on your
system.
### Should EPEL be enabled?
No. The point is to test Rocky packages, not EPEL. There are also package
differences that will break (eg: nc -> nmap-ncat vs netcat).
### What about CRB or extras?
It may say it's a failure, but it will continue anyway.
Current Tree
------------
```
.
├── common
│   ├── exports.sh
│   ├── files
│   │   ├── correct-passwd
│   │   ├── correct-shadow
│   │   ├── dovecot-test-sasl
│   │   ├── hello.c
│   │   ├── hello.cpp
│   │   ├── incorrect-passwd
│   │   ├── incorrect-shadow
│   │   ├── lamp-sql
│   │   ├── lamp-sql-php
│   │   ├── malform-group
│   │   ├── malform-gshadow
│   │   ├── openssl-answers
│   │   ├── postfix-test-sasl
│   │   ├── postfix-test-tls
│   │   └── smb.conf
│   └── imports.sh
├── core
│   ├── pkg_acl
│   │   ├── 00-install-acl.sh
│   │   ├── 10-test-acl-functions.sh
│   │   └── README.md
│   ├── pkg_archive
│   │   ├── 00-install-formats.sh
│   │   ├── 10-bzip.sh
│   │   ├── 20-gzip-bin-test.sh
│   │   ├── 21-gzip-test.sh
│   │   ├── 22-gzexe.sh
│   │   ├── 23-zcmp-zdiff.sh
│   │   ├── 24-zforce.sh
│   │   ├── 25-zgrep.sh
│   │   ├── 25-zless.sh
│   │   ├── 26-zmore.sh
│   │   ├── 27-znew.sh
│   │   ├── 30-tar.sh
│   │   ├── 40-xzcmp-xzdiff.sh
│   │   ├── 40-zip.sh
│   │   ├── 50-lzop.sh
│   │   └── README.md
│   ├── pkg_attr
│   │   ├── 00-install-attr.sh
│   │   ├── 10-check-attr.sh
│   │   └── README.md
│   ├── pkg_auditd
│   │   ├── 00-install-auditd.sh
│   │   ├── 10-auditd-logs.sh
│   │   ├── 11-generate-events.sh
│   │   └── README.md
│   ├── pkg_bash
│   │   ├── 00-bash-version.sh
│   │   └── README.md
│   ├── pkg_bc
│   │   ├── 00-install-bc.sh
│   │   ├── 10-test-calculation.sh
│   │   └── README.md
│   ├── pkg_bind
│   │   ├── 00-install-bind.sh
│   │   ├── 10-test-lookup.sh
│   │   └── README.md
│   ├── pkg_coreutils
│   │   ├── 00-install-coreutils.sh
│   │   ├── 10-arch.sh
│   │   ├── 11-basename.sh
│   │   ├── 12-cat.sh
│   │   ├── 13-cut.sh
│   │   ├── 14-bool.sh
│   │   ├── 15-heads-tails.sh
│   │   ├── 16-pathchk.sh
│   │   ├── 17-readlink.sh
│   │   ├── 18-seq.sh
│   │   ├── 19-timeout.sh
│   │   ├── 20-hash.sh
│   │   ├── 21-touch-ls.sh
│   │   ├── 22-uniq.sh
│   │   ├── 23-wc.sh
│   │   ├── 24-yes.sh
│   │   └── README.md
│   ├── pkg_cpio
│   │   ├── 00-install-cpio.sh
│   │   ├── 10-cpio.sh
│   │   └── README.md
│   ├── pkg_cracklib
│   │   ├── 00-install-cracklib.sh
│   │   ├── 10-test-passwords.sh
│   │   └── README.md
│   ├── pkg_cron
│   │   ├── 00-install-cron.sh
│   │   ├── 10-dot-cron.sh
│   │   └── README.md
│   ├── pkg_curl
│   │   ├── 00-install-curl.sh
│   │   ├── 10-test-curl.sh
│   │   └── README.md
│   ├── pkg_diffutils
│   │   ├── 00-install-diff.sh
│   │   └── README.md
│   ├── pkg_dnf
│   │   ├── 10-remove-package.sh
│   │   └── README.md
│   ├── pkg_dovecot
│   │   ├── 00-install-dovecot.sh
│   │   ├── 01-configure-dovecot.sh
│   │   ├── 10-pop3-test.sh
│   │   ├── 11-imap-test.sh
│   │   ├── 12-dovecot-clean.sh
│   │   └── README.md
│   ├── pkg_file
│   │   ├── 00-install-file.sh
│   │   ├── 10-mime-check.sh
│   │   ├── 20-mime-image.sh
│   │   ├── 30-mime-symlink.sh
│   │   └── README.md
│   ├── pkg_findutils
│   │   ├── 00-install-findutils.sh
│   │   ├── 10-find.sh
│   │   └── README.md
│   ├── pkg_firefox
│   │   ├── 00-install-firefox.sh
│   │   ├── 10-check-firefox-start-page.sh
│   │   └── README.md
│   ├── pkg_firewalld
│   │   ├── 00-install-firewalld.sh
│   │   ├── 10-firewalld-check-rule.sh
│   │   └── README.md
│   ├── pkg_freeradius
│   │   ├── 00-install-freeradius.sh
│   │   ├── 10-test-freeradius.sh
│   │   └── README.md
│   ├── pkg_gcc
│   │   ├── 00-install-gcc.sh
│   │   ├── 10-gcc-build-simple.sh
│   │   ├── 11-gcc-build-cpp.sh
│   │   ├── 20-annobin-test-gcc.sh
│   │   ├── 21-annobin-test-gplusplus.sh
│   │   └── README.md
│   ├── pkg_git
│   │   ├── 00-install-git.sh
│   │   ├── 10-test-git.sh
│   │   ├── 11-test-clone-log.sh
│   │   └── README.md
│   ├── pkg_httpd
│   │   ├── 00-install-httpd.sh
│   │   ├── 10-httpd-branding.sh
│   │   ├── 20-test-basic-http.sh
│   │   ├── 21-test-basic-https.sh
│   │   ├── 30-test-basic-auth.sh
│   │   ├── 40-test-basic-vhost.sh
│   │   ├── 50-test-basic-php.sh
│   │   └── README.md
│   ├── pkg_kernel
│   │   ├── 10-test-kernel-keyring.sh
│   │   ├── 11-test-secure-boot.sh
│   │   ├── 12-test-debrand.sh
│   │   └── README.md
│   ├── pkg_lsb
│   │   ├── 00-install-lsb.sh
│   │   ├── 10-test-branding.sh
│   │   └── README.md
│   ├── pkg_lsof
│   │   ├── 00-install-lsof.sh
│   │   ├── 10-test-lsof.sh
│   │   └── README.md
│   ├── pkg_mdadm
│   │   ├── 00-install-mdadm.sh
│   │   └── 01-test-mdadm.sh
│   ├── pkg_network
│   │   ├── 00-install-packages.sh
│   │   ├── 10-tracepath.sh
│   │   ├── 11-traceroute.sh
│   │   ├── 12-mtr.sh
│   │   ├── 13-iptraf.sh
│   │   ├── 20-configure-bridge.sh
│   │   ├── 30-test-arpwatch.sh
│   │   ├── imports.sh
│   │   └── README.md
│   ├── pkg_nfs
│   │   ├── 00-install-nfs.sh
│   │   ├── 10-prepare-nfs-ro.sh
│   │   ├── 11-prepare-nfs-rw.sh
│   │   ├── 12-prepare-autofs.sh
│   │   └── README.md
│   ├── pkg_openssl
│   │   ├── 00-install-openssl.sh
│   │   ├── 10-test-openssl.sh
│   │   └── README.md
│   ├── pkg_perl
│   │   ├── 00-install-perl.sh
│   │   ├── 10-test-perl.sh
│   │   ├── 11-test-perl-script.sh
│   │   └── README.md
│   ├── pkg_postfix
│   │   ├── 00-install-postfix.sh
│   │   ├── 10-test-helo.sh
│   │   ├── 20-mta.sh
│   │   ├── 30-postfix-sasl.sh
│   │   ├── 40-postfix-tls.sh
│   │   └── README.md
│   ├── pkg_postgresql
│   │   ├── 00-install-postgresql.sh
│   │   ├── 01-configure-postgresql.sh
│   │   ├── 10-create-db.sh
│   │   ├── 11-create-user.sh
│   │   ├── 20-drop-db.sh
│   │   └── 21-drop-user.sh
│   ├── pkg_python
│   │   ├── 00-install-python.sh
│   │   ├── 10-test-python3.sh
│   │   └── README.md
│   ├── pkg_release
│   │   ├── 00-install-file.sh
│   │   ├── 10-name-sanity-check.sh
│   │   ├── 20-check-gpg-keys.sh
│   │   ├── 30-os-release.sh
│   │   ├── 40-system-release.sh
│   │   └── README.md
│   ├── pkg_rootfiles
│   │   ├── 00-install-rootfiles.sh
│   │   └── 10-test-rootfiles.sh
│   ├── pkg_rsyslog
│   │   ├── 00-install-rsyslog.sh
│   │   ├── 10-test-syslog.sh
│   │   └── README.md
│   ├── pkg_samba
│   │   ├── 00-install-samba.sh
│   │   ├── 10-test-samba.sh
│   │   └── README.md
│   ├── pkg_secureboot
│   │   ├── 10-test-grub-secureboot.sh
│   │   ├── 11-test-shim-certs.sh
│   │   └── README.md
│   ├── pkg_selinux
│   │   ├── 00-install-selinux-tools.sh
│   │   ├── 10-check-alerts.sh
│   │   └── 20-check-policy-mismatch.sh
│   ├── pkg_setup
│   │   ├── 00-test-shells.sh
│   │   ├── 10-test-group-file.sh
│   │   ├── 20-test-passwd-file.sh
│   │   └── README.md
│   ├── pkg_shadow-utils
│   │   ├── 00-install.sh
│   │   ├── 10-files-verify.sh
│   │   ├── 20-user-tests.sh
│   │   ├── 30-group-tests.sh
│   │   ├── 40-pw.sh
│   │   ├── 90-clean.sh
│   │   └── README.md
│   ├── pkg_snmp
│   │   ├── 00-install-snmp.sh
│   │   ├── 10-test-snmp-1.sh
│   │   ├── 11-test-snmp-2.sh
│   │   ├── 12-test-snmp-3.sh
│   │   └── README.md
│   ├── pkg_sqlite
│   │   ├── 00-install-sqlite.sh
│   │   ├── 10-sqlite-tables.sh
│   │   ├── 20-sqlite-dump.sh
│   │   └── README.md
│   ├── pkg_strace
│   │   ├── 00-install-strace.sh
│   │   ├── 10-test-strace.sh
│   │   └── README.md
│   ├── pkg_sysstat
│   │   ├── 00-install-sysstat.sh
│   │   ├── 10-iostat.sh
│   │   ├── 11-cpu.sh
│   │   ├── 12-cpu-io.sh
│   │   └── README.md
│   ├── pkg_systemd
│   │   ├── 00-systemd-list-services.sh
│   │   ├── 10-systemd-list-non-native-sevices.sh
│   │   ├── 11-systemd-service-status.sh
│   │   ├── 20-systemd-journald.sh
│   │   └── README.md
│   ├── pkg_tcpdump
│   │   └── README.md
│   ├── pkg_telnet
│   │   ├── 00-install-telnet.sh
│   │   └── 10-test-telnet.sh
│   ├── pkg_tftp-server
│   │   ├── 00-install-tftp.sh
│   │   ├── 01-configure-tftp.sh
│   │   ├── 10-get-test.sh
│   │   └── 11-put-test.sh
│   ├── pkg_vsftpd
│   │   ├── 00-install-vsftpd.sh
│   │   ├── 10-anonymous-vsftpd.sh
│   │   ├── 20-local-login.sh
│   │   ├── 30-cleanup.sh
│   │   └── README.md
│   ├── pkg_wget
│   │   ├── 00-install-wget.sh
│   │   ├── 10-test-wget.sh
│   │   └── README.md
│   └── pkg_which
│   ├── 00-install-which.sh
│   ├── 10-test-which.sh
│   └── README.md
├── debrand.list
├── lib
├── log
│   └── README.md
├── mods.list
├── modules
├── monotests.sh
├── README.md
├── runtests.sh
├── skip.list
├── stacks
│   ├── ipa
│   │   ├── 00-ipa-pregame.sh
│   │   ├── 10-install-ipa.sh
│   │   ├── 11-configure-ipa.sh
│   │   ├── 12-verify-ipa.sh
│   │   ├── 20-ipa-user.sh
│   │   ├── 21-ipa-service.sh
│   │   ├── 22-ipa-dns.sh
│   │   ├── 23-ipa-sudo.sh
│   │   ├── 50-cleanup-ipa.sh
│   │   └── README.md
│   └── lamp
│   ├── 00-install-lamp.sh
│   ├── 01-verification.sh
│   └── 10-test-lamp.sh
└── stacks.sh
```

15
func/common/exports.sh Normal file
View File

@ -0,0 +1,15 @@
#!/bin/bash
# Common Variables
export DNFDEBUG=0
export readonly PASS=0
export readonly FAIL=1
RL_VER=$(rpm --eval %rhel)
export readonly RL_VER
export readonly PRE_RELEASE=0
# This should be either: rocky, redhat, centos
export readonly RELEASE_NAME=rocky
# A 0 means it was successful. It can be changed to 1 on failure.
export IPAINSTALLED=0
LOGFILE="$(pwd)/log/$(date +'%m-%d-%Y')-tests.log"
export LOGFILE

View File

@ -0,0 +1 @@
obsidian:x:9999:9999::/home/obsidian:/bin/bash

View File

@ -0,0 +1 @@
obsidian:$6$p/uYvJM34LitE94s$gQsL3.ytkx5MpU0jGOH8XaymvvqxuuUEiZPyazju3vH34tslLjRqUlKebGx8X2lx2nTJdvcC/H4BdUZvLUyGF1:18780:0:99999:7:::

View File

@ -0,0 +1,7 @@
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}

View File

@ -0,0 +1,5 @@
#include <stdio.h>
int main() {
printf("Hello!\n");
return 0;
}

View File

@ -0,0 +1,5 @@
#include <iostream>
int main() {
std::cout << "Hello!\n";
return 0;
}

View File

@ -0,0 +1 @@
:obsidian:x:9999:9999:::/home/obsidian:/bin/bash:

View File

@ -0,0 +1 @@
obsidian:$6$p/uYvJM34LitE94s$gQsL3.ytkx5MpU0jGOH8XaymvvqxuuUEiZPyazju3vH34tslLjRqUlKebGx8X2lx2nTJdvcC/H4BdUZvLUyGF1:18780:0:99999:7:::

View File

@ -0,0 +1,5 @@
create database obsidiancore;
use obsidiancore;
create table tests (name varchar(20)) ;
grant all on obsidiancore.* to 'rocky'@'localhost' identified by 'onyx';
flush privileges;

View File

@ -0,0 +1,11 @@
<?php
$dbconnect = mysqli_connect("localhost","rocky","onyx");
if (!$dbconnect)
{
die('Could not connect: ' . mysqli_error());
}
mysqli_select_db($dbconnect, "obsidiancore");
mysqli_query($dbconnect, "INSERT INTO tests (name)
VALUES ('sqltest')");
mysqli_close($dbconnect);
?>

View File

@ -0,0 +1 @@
:test:x:9999::

View File

@ -0,0 +1 @@
test:x::

View File

@ -0,0 +1,15 @@
[ req ]
default_bits = 4096
distinguished_name = req_distinguished_name
string_mask = nombstr
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Arizona
localityName = Locality Name (eg, city)
localityName_default = Phoenix
0.organizationName = Organization Name (eg, company)
0.organizationName_default = RESF
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = Rocky

View File

@ -0,0 +1,6 @@
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
broken_sasl_auth_clients = yes

View File

@ -0,0 +1,15 @@
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_tls_security_level = may
smtpd_tls_key_file = /etc/pki/tls/private/mail.key
smtpd_tls_cert_file = /etc/pki/tls/certs/mail.crt
# smtpd_tls_CAfile = /etc/pki/tls/root.crt
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache
tls_random_source = dev:/dev/urandom
smtpd_tls_auth_only = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

View File

@ -0,0 +1,11 @@
[global]
workgroup = wrkgrp
netbios name = smbsrv
security = user
map to guest = Bad User
[rocky]
comment = Rocky Share
path = /srv/smb
read only = yes
guest only = yes

254
func/common/imports.sh Normal file
View File

@ -0,0 +1,254 @@
#!/bin/bash
# Common functions and imports to use across all scripts
# Louis Abel <label@rockylinux.org> @nazunalika
################################################################################
# Functions that (r)eturn things
function r_log() {
SCR=$1
MESSAGE=$2
printf "[-] %s %s: %s\n" "$(date +'%m-%d-%Y %T')" "$SCR" "$MESSAGE" >> "$LOGFILE"
}
# Always call this at the end of scripts to check for exit status. This will
# report "PASS" or "FAIL" depending on the exit and it will show up in the log.
# Args: $1 will be whatever you want checked
function r_checkExitStatus() {
[ "$1" -eq 0 ] && r_log "result" "PASSED" && return "$PASS"
r_log "status" "FAILED"
exit "$FAIL"
}
# Processes a list of folders containing the tests. This ignores files that
# start with a dot (.), an underscore (_) or contain README in the name.
# This is done because we cannot guarantee that whoever adds in tests or
# writes additional "find" commands won't negate these lookups.
# Additionally, we should look at the file's executable status. I considered
# just having the files named differently, but that seemed more annoying than
# just setting +x
function r_processor() {
# shellcheck disable=SC2068
exec 8< $@
# shellcheck disable=SC2162
while read -u 8 file; do
# shellcheck disable=SC2086
if [[ "$(basename ${file})" =~ README|^\.|^_ ]]; then
continue
fi
[ -x "${file}" ] && echo "Begin processing script: ${file}" && "${file}"
done
return 0
}
function r_checkEPELEnabled() {
/usr/bin/dnf repolist | grep -q '^epel'
return $?
}
function r_checkTmpNoExec() {
grep 'tmp' /etc/fstab | grep -q noexec
tmpexec=$?
if [ "$tmpexec" -eq "0" ]; then
r_log "internal" "WARN: noexec is set for temporary directories. Some tests may fail."
fi
}
################################################################################
# Functions that deal with (p)ackages
# Installs packages normally (including weak dependencies)
# Args: Any number of $1..X
function p_installPackageNormal() {
r_log "internal" "Attempting install: $*"
# shellcheck disable=SC2086
/usr/bin/dnf --assumeyes --debuglevel ${DNFDEBUG} install "$@"
r_checkExitStatus $?
}
# Installs packages excluding weak dependencies - There are some cases where
# you would need to do this.
# Args: Any number of $1..X
function p_installPackageNoWeaks() {
r_log "internal" "Attempting install: $*"
# shellcheck disable=SC2086
/usr/bin/dnf --assumeyes --debuglevel ${DNFDEBUG} --setopt install_weak_deps=0 install "$@"
r_checkExitStatus $?
}
# Removes packages
# Args: Any number of $1..X
function p_removePackage() {
r_log "internal" "Attempting uninstall: $*"
# shellcheck disable=SC2086
/usr/bin/dnf --assumeyes --debuglevel ${DNFDEBUG} remove "$@"
r_checkExitStatus $?
}
# Enables dnf modules
# Args: Any number of $1..X
function p_enableModule() {
r_log "internal" "Enabling module: $*"
# shellcheck disable=SC2086
/usr/bin/dnf --assumeyes --debuglevel ${DNFDEBUG} module enable "$@"
r_checkExitStatus $?
}
# Resets modules (since you can't "disable" technically)
# Args: Any number of $1..X
function p_resetModule() {
r_log "internal" "Resetting module: $*"
# shellcheck disable=SC2086
/usr/bin/dnf --assumeyes --debuglevel ${DNFDEBUG} module reset "$@"
r_checkExitStatus $?
}
function p_getPackageRelease() {
rpm -q --queryformat '%{RELEASE}' "$1"
}
function p_getPackageArch() {
rpm -q --queryformat '%{ARCH}' "$1"
}
function p_getDist() {
rpm -q --whatprovides redhat-release --queryformat '%{version}\n' | cut -d'.' -f1
}
function p_getMinorVersion() {
rpm -q --whatprovides redhat-release --queryformat '%{version}\n' | cut -d'.' -f2
}
################################################################################
# Functions that that are considered (m)isc
# Service cycler, basically a way of handling services and also being able to
# prevent potential race conditions.
function m_serviceCycler() {
if [ "$2" = "cycle" ]; then
# shellcheck disable=SC2086
/bin/systemctl stop $1
sleep 3
# shellcheck disable=SC2086
/bin/systemctl start $1
else
# shellcheck disable=SC2086
/bin/systemctl $2 $1
fi
sleep 3
}
function m_checkForPort() {
while true; do
sleep 1
# shellcheck disable=SC2086
if echo > /dev/tcp/localhost/$1 >/dev/null 2>&1; then
r_log "internal" "Waiting for TCP port $1 to start listening"
break
fi
done
}
function m_assertCleanExit() {
"$@" > /dev/null 2>&1
r_checkExitStatus $?
}
function m_assertEquals() {
[ "$1" -eq "$2" ]
r_checkExitStatus $?
}
function m_skipReleaseEqual() {
if [ "$(rpm --eval %rhel)" -eq "$1" ]; then
r_log "$2" "Skipped test for $1 release"
exit 0
fi
}
function m_skipReleaseNotEqual() {
if [ "$(rpm --eval %rhel)" -ne "$1" ]; then
r_log "$2" "Skipped test"
exit 0
fi
}
function m_skipReleaseGreaterThan() {
if [ "$(rpm --eval %rhel)" -gt "$1" ]; then
r_log "$2" "Skipped test"
exit 0
fi
}
function m_skipReleaseLessThan() {
if [ "$(rpm --eval %rhel)" -lt "$1" ]; then
r_log "$2" "Skipped test"
exit 0
fi
}
function m_selectAlternative() {
primaryName=$1
searchRegex=$2
option=$(/bin/echo | /usr/sbin/alternatives --config "$primaryName" | /bin/grep -E "$searchRegex" | /usr/bin/head -n1 | sed 's/ .*//g;s/[^0-9]//g')
if [ -z "$option" ]; then
r_log "alternatives" "Option not found for alternative $searchRegex of $primaryName"
r_checkExitStatus 1
fi
r_log "alternatives" "Selecting alternative $option for $primaryName $searchRegex"
/bin/echo "$option" | /usr/sbin/alternatives --config "$primaryName" > /dev/null 2>&1
}
function m_getArch() {
/usr/bin/uname -m
}
function m_recycleLog() {
num=0
rotFile="${LOGFILE}.$num"
while [ -e "$rotFile" ]; do
num=$(( num + 1 ))
rotFile="${LOGFILE}.$num"
done
mv "$LOGFILE" "$rotFile"
}
################################################################################
# export all functions below
# When this is sourced, the functions are typically already available and ready
# to be used. But it does not hurt to have them below.
rl_ver=$(p_getDist)
rl_arch=$(m_getArch)
rl_minor_ver=$(p_getMinorVersion)
export rl_ver
export rl_arch
export rl_minor_ver
export -f r_log
export -f r_checkExitStatus
export -f r_processor
export -f r_checkEPELEnabled
export -f r_checkTmpNoExec
export -f p_installPackageNormal
export -f p_installPackageNoWeaks
export -f p_removePackage
export -f p_enableModule
export -f p_resetModule
export -f p_getPackageRelease
export -f p_getPackageArch
export -f p_getDist
export -f p_getMinorVersion
export -f m_serviceCycler
export -f m_checkForPort
export -f m_assertCleanExit
export -f m_assertEquals
export -f m_skipReleaseEqual
export -f m_skipReleaseNotEqual
export -f m_skipReleaseGreaterThan
export -f m_skipReleaseLessThan
export -f m_selectAlternative
export -f m_getArch
export -f m_recycleLog

View File

@ -0,0 +1 @@
Basic tests, such as repos

56
func/core/o_basic/repos.py Executable file
View File

@ -0,0 +1,56 @@
#!/usr/bin/env python3
# label <label@rockylinux.org>
import datetime
import sys
import dnf
import dnf.exceptions
# pylint: disable=unnecessary-lambda-assignment
now = datetime.datetime.today().strftime("%m-%d-%Y %T")
class DnfQuiet(dnf.Base):
"""
DNF object
This is in the event we need special functions
"""
def __init__(self):
dnf.Base.__init__(self)
def main():
"""
Main run
"""
dnfobj = DnfQuiet()
releasever = dnfobj.conf.releasever
try:
dnfobj.read_all_repos()
# pylint: disable=bare-except
except:
print(f'[-] {now} -> Could not read repos', file=sys.stderr)
sys.exit(1)
rocky_default_repos = {
'8': ['baseos', 'appstream', 'extras'],
'9': ['baseos', 'appstream', 'extras']
}.get(releasever, None)
if not rocky_default_repos:
print(f'[-] {now} -> Not a Rocky Linux system')
sys.exit(1)
print(f'[-] {now} -> Checking if non-default repo is enabled')
_not_allowed=False
for repo in list(dnfobj.repos.iter_enabled()):
if not repo.id in rocky_default_repos:
print(f'[-] {now} -> {repo.id} is enabled and should be disabled')
_not_allowed=True
if _not_allowed:
print(f'[-] {now} -> FAIL - There are extra repos enabled')
sys.exit(1)
print(f'[-] {now} -> PASS')
sys.exit(0)
if __name__ == "__main__":
main()

View File

@ -0,0 +1,8 @@
#!/bin/bash
r_log "acl" "Install the acl package"
p_installPackageNormal acl
p_installPackageNormal attr
# This normally is not needed.
#r_log "acl" "Remount filesystems with ACL support"
#mount -o remount,acl /
sleep 3

View File

@ -0,0 +1,15 @@
#!/bin/bash
ACLFILE=/tmp/testfile_acl
r_log "acl" "Test that the acl get and set functions work"
touch "${ACLFILE}"
trap '/bin/rm -f ${ACLFILE}' EXIT
# Use setfacl for readonly
r_log "acl" "Set readonly ACL for the user nobody"
setfacl -m user:nobody:r "${ACLFILE}"
# Use getfacl to verify readonly
r_log "acl" "Verifying that the nobody user is set to read only"
getfacl "${ACLFILE}" | grep -q 'user:nobody:r--'
r_checkExitStatus $?

View File

@ -0,0 +1,22 @@
#!/bin/bash
ACLIMG=/tmp/testacl.img
r_log "acl" "Test the use of xattr"
touch "${ACLIMG}"
trap '/bin/rm -f ${ACLIMG}' EXIT
# Use setfacl for readonly
r_log "acl" "Create image"
dd if=/dev/zero of=${ACLIMG} bs=1024000 count=100
echo -e 'y\n' | mkfs.ext3 "${ACLIMG}"
mkdir /mnt/xattr
mount -t ext3 -o loop,user_xattr "${ACLIMG}" /mnt/xattr
touch /mnt/xattr/testfile
r_log "acl" "Apply attrs as needed"
setfattr -n user.nobody /mnt/xattr/testfile
getfattr /mnt/xattr/testfile | grep -q 'user.nobody'
final_status=$?
umount /mnt/xattr
r_checkExitStatus $final_status

View File

@ -0,0 +1 @@
Test the acl packge

View File

@ -0,0 +1,5 @@
#!/bin/bash
r_log "archive" "Installing appropriate archive formats"
# We might need expect for zmore - does anyone actually use zmore?
p_installPackageNormal bzip2 diffutils gzip less tar unzip util-linux-ng zip lzop

View File

@ -0,0 +1,26 @@
#!/bin/bash
r_log "archive" "Test bzip/bzcat/bunzip"
FILE=/var/tmp/bziptest.txt
trap '/bin/rm -f ${FILE}' EXIT
cat > "$FILE" <<EOF
testing text
EOF
# bzip it up
/bin/bzip2 "$FILE"
/bin/rm -f "$FILE"
# Checking bzcat
if ! bzcat "${FILE}.bz2" | grep -q "testing text"; then
r_log "archive" "bzcat has failed"
exit
fi
# bunzip it down
/bin/bunzip2 "${FILE}.bz2"
# check file contents again
grep -q 'testing text' "${FILE}"
r_checkExitStatus $?

View File

@ -0,0 +1,13 @@
#!/bin/bash
r_log "archive" "Verifying gzip binaries"
echo -n "Processing; "
for bin in gunzip gzexe gzip zcat zcmp zdiff zegrep zfgrep zforce zgrep zless zmore znew; do
echo -n "$bin "
r_log "archive" "$bin"
$bin --version &> /dev/null || r_checkExitStatus 1
done
echo
r_checkExitStatus 0

View File

@ -0,0 +1,112 @@
#!/bin/bash
r_log "archive" "Test gzip/zcat/gunzip"
FILE=/var/tmp/gzip-test.txt
MD5HASH=e6331c582fbad6653832860f469f7d1b
# clean up
trap '/bin/rm $FILE* &> /dev/null && /bin/rm -rf /var/tmp/gziptest &> /dev/null' EXIT
# Double check that stuff is cleared out
/bin/rm $FILE* &> /dev/null
/bin/rm -rf /var/tmp/gziptest &> /dev/null
# Make our test file
cat > $FILE <<EOF
Green Obsidian is the release name
EOF
# gzip
r_log "archive" "Testing gzip works"
gzip $FILE || r_checkExitStatus 1
# zcat
r_log "archive" "Test zcat works"
zcat $FILE.gz | grep -q "Green Obsidian" || r_checkExitStatus 1
# no overwrite
r_log "archive" "Check that files won't be overwritten"
touch $FILE
echo | gunzip $FILE &> /dev/null
[ $? -ne 2 ] && r_checkExitStatus 1
echo | gzip $FILE &> /dev/null
[ $? -ne 2 ] && r_checkExitStatus 1
# force overwrite
r_log "archive" "Check that files can be forcefully overwritten"
gunzip -f $FILE.gz || r_checkExitStatus 1
touch $FILE.gz
gzip -f $FILE || r_checkExitStatus 1
# -a should be ignored
# Hopefully this behavior does NOT change in 9
r_log "archive" "Check that -a is ignored"
gunzip -a $FILE.gz 2>&1 | head -n 1 | grep -q 'gzip: option --ascii ignored on this system' || r_checkExitStatus 1
# -c should write to stdout
r_log "archive" "Check that -c outputs to stdout"
gzip -c $FILE | gunzip | grep -q 'Green Obsidian' || r_checkExitStatus 1
# Expected hash is: e6331c582fbad6653832860f469f7d1b
# check -l
r_log "archive" "Check that the md5 matches"
gzip $FILE
md5check=$(gzip -l $FILE.gz | md5sum | cut -d' ' -f1)
[ "$md5check" == "$MD5HASH" ] || r_checkExitStatus 1
# Check that -v gives us some good info
r_log "archive" "Check that -v increases verbosity"
gzip -lv $FILE.gz | grep -q "e0e1ed1a" || r_checkExitStatus 1
gunzip $FILE.gz
# custom suffix
r_log "archive" "Check that a custom suffix can be used"
gzip -S .rl $FILE
[ -e $FILE.rl ] || r_checkExitStatus 1
gunzip -S .rl $FILE || r_checkExitStatus 1
# check -r
r_log "archive" "Check that -r functions"
mkdir /var/tmp/gziptest
touch /var/tmp/gziptest/{a,b}
gzip -r /var/tmp/gziptest
[ "$(find /var/tmp/gziptest/*.gz | wc -l)" -eq "2" ] || r_checkExitStatus 1
# check different compression levels
r_log "archive" "Check compression levels"
cp $FILE $FILE.1
gzip -1 $FILE
gzip -9 $FILE.1
[ "$(stat -c %s $FILE.gz)" -ne "$(stat -c %s $FILE.1.gz)" ] || r_checkExitStatus 1
# check multiple input files
r_log "archive" "Check multiple input files"
gunzip $FILE.gz $FILE.1.gz || r_checkExitStatus 1
# don't specify an extension
r_log "archive" "Don't specify file extensions"
gzip $FILE $FILE.1 || r_checkExitStatus 1
# check that .Z can be handled
r_log "archive" "Verify that .Z files can be handled"
gunzip $FILE.gz
ls -l /var/tmp >> $FILE
if [ "$RL_VER" -eq 8 ]; then
compress $FILE || r_checkExitStatus 1
gunzip $FILE.Z || r_checkExitStatus 1
else
r_log "archive" "Skipping for 9"
fi
# handle some zip files
r_log "archive" "Verify that .zip files can be handled"
zip $FILE.zip $FILE &> /dev/null || r_checkExitStatus 1
gunzip -f -S .zip $FILE.zip || r_checkExitStatus 1
# handle some tgz files
r_log "archive" "Verify that .tgz files can be handled"
tar -czf $FILE.tgz $FILE &> /dev/null
gunzip $FILE.tgz
[ -e $FILE.tar ]
r_checkExitStatus $?

View File

@ -0,0 +1,22 @@
#!/bin/bash
r_log "archive" "Checking gzexe"
r_log "archive" "Creating archive"
FILE=/var/tmp/gzexe-test-script
trap '/bin/rm -f $FILE* 2>/dev/null' EXIT
/bin/rm -f $FILE* &>/dev/null
cat > $FILE <<EOF
#!/bin/bash
echo "Hello!"
EOF
chmod +x $FILE
$FILE | grep -q "Hello!" || r_checkExitStatus 1
r_log "archive" "Test gzexe"
/bin/gzexe $FILE &>/dev/null || r_checkExitStatus 1
r_log "archive" "Check that it actually runs"
$FILE | grep -q "Hello!"
r_checkExitStatus $?

View File

@ -0,0 +1,18 @@
#!/bin/bash
r_log "archive" "Check zcmp and zdiff"
BASEFILE="/var/tmp/gziptest"
trap '/bin/rm -f ${BASEFILE}*' EXIT
/bin/rm -f ${BASEFILE}
cat > ${BASEFILE}.1 <<EOF
Green Obsidian is the release name
EOF
/bin/gzip ${BASEFILE}.1 || r_checkExitStatus 1
cp ${BASEFILE}.1.gz ${BASEFILE}.2.gz
r_log "archive" "Check zcmp"
/bin/zcmp ${BASEFILE}.1.gz ${BASEFILE}.2.gz || r_checkExitStatus 1
r_log "archive" "Check zdiff"
/bin/zdiff ${BASEFILE}.1.gz ${BASEFILE}.2.gz || r_checkExitStatus 1

View File

@ -0,0 +1,17 @@
#!/bin/bash
r_log "archive" "Testing zforce"
BASEFILE="/var/tmp/abcdefg"
trap '/bin/rm "$BASEFILE.gz"' EXIT
/bin/rm $BASEFILE* &>/dev/null
cat > $BASEFILE <<EOF
Green Obsidian is our release name
EOF
gzip $BASEFILE
mv $BASEFILE.gz $BASEFILE
zforce $BASEFILE || r_checkExitStatus 1
[ -e "$BASEFILE.gz" ]
r_checkExitStatus $?

View File

@ -0,0 +1,14 @@
#!/bin/bash
r_log "archive" "Testing zgrep"
BASEFILE=/var/tmp/zgreptest
trap '/bin/rm $BASEFILE*' EXIT
/bin/rm $BASEFILE* &> /dev/null
cat > $BASEFILE <<EOF
Green Obsidian is the release name
EOF
gzip $BASEFILE
zgrep -q 'Green Obsidian' $BASEFILE.gz
r_checkExitStatus $?

View File

@ -0,0 +1,6 @@
#!/bin/bash
r_log "archive" "Testing zless"
r_log "archive" "Generate file"
gzip -cvf /usr/lib/os-release > /var/tmp/gziptest.gz
zless -F /var/tmp/gziptest.gz | grep -q 'Rocky Linux'
r_checkExitStatus $?

View File

@ -0,0 +1 @@
#!/bin/bash

View File

@ -0,0 +1,11 @@
#!/bin/bash
r_log "archive" "Testing znew"
TESTFILE=/var/tmp/znew.txt
/bin/rm $TESTFILE* &>/dev/null
ls -l /usr/bin > $TESTFILE
compress $TESTFILE
znew $TESTFILE.Z
r_checkExitStatus $?

35
func/core/pkg_archive/30-tar.sh Executable file
View File

@ -0,0 +1,35 @@
#!/bin/bash
r_log "archive" "Test tar create and extract"
TARDIR="/var/tmp/tartest"
FILE1="$TARDIR/test.1.txt"
FILE2="$TARDIR/test.2.txt"
trap '/bin/rm -rf /var/tmp/tarfile.tar $TARDIR' EXIT
mkdir -p $TARDIR
cat > $FILE1 <<EOF
First file!
EOF
cat > $FILE2 <<EOF
Second file!
EOF
/bin/tar -c $TARDIR -f /var/tmp/tarfile.tar > /dev/null 2>&1
/bin/rm -rf $TARDIR
if [ -e "$TARDIR" ]; then
r_log "archive" "We couldn't delete $TARDIR"
exit
fi
tar -C / -xf /var/tmp/tarfile.tar
grep -q 'First file' $FILE1
RES1=$?
grep -q 'Second file' $FILE2
RES2=$?
if [ $RES1 == 0 ] && [ $RES2 == 0 ]; then
ret_val=0
fi
r_checkExitStatus $ret_val

View File

@ -0,0 +1,18 @@
#!/bin/bash
r_log "archive" "Check xzcmp and xzdiff"
BASEFILE="/var/tmp/xztest"
trap '/bin/rm -f ${BASEFILE}*' EXIT
/bin/rm -f ${BASEFILE}
cat > ${BASEFILE}.1 <<EOF
Green Obsidian is the release name
EOF
/bin/xz ${BASEFILE}.1 || r_checkExitStatus 1
cp ${BASEFILE}.1.xz ${BASEFILE}.2.xz
r_log "archive" "Check xzcmp"
/bin/zcmp ${BASEFILE}.1.xz ${BASEFILE}.2.xz || r_checkExitStatus 1
r_log "archive" "Check xzdiff"
/bin/zdiff ${BASEFILE}.1.xz ${BASEFILE}.2.xz || r_checkExitStatus 1

35
func/core/pkg_archive/40-zip.sh Executable file
View File

@ -0,0 +1,35 @@
#!/bin/bash
r_log "archive" "Test zip create and extract"
ZIPDIR="/var/tmp/ziptest"
FILE1="$ZIPDIR/test.1.txt"
FILE2="$ZIPDIR/test.2.txt"
trap '/bin/rm -rf /var/tmp/zipfile.zip $ZIPDIR' EXIT
mkdir -p $ZIPDIR
cat > $FILE1 <<EOF
First file!
EOF
cat > $FILE2 <<EOF
Second file!
EOF
/bin/zip -q /var/tmp/zipfile.zip $ZIPDIR/*
/bin/rm -rf $ZIPDIR
if [ -e "$ZIPDIR" ]; then
r_log "archive" "We couldn't delete $ZIPDIR"
exit
fi
/bin/unzip -q /var/tmp/zipfile.zip -d /
grep -q 'First file' $FILE1
RES1=$?
grep -q 'Second file' $FILE2
RES2=$?
if [ $RES1 == 0 ] && [ $RES2 == 0 ]; then
ret_val=0
fi
r_checkExitStatus "$ret_val"

View File

@ -0,0 +1,18 @@
#!/bin/bash
r_log "archive" "Testing lzop compress and decompress"
LZOFILE=/var/tmp/obsidian.txt
trap '/bin/rm ${LZOFILE}' EXIT
echo 'Green Obsidian is the release name' > ${LZOFILE}
# running compression
lzop -9 ${LZOFILE} -o ${LZOFILE}.lzo
/bin/rm ${LZOFILE}
lzop -d ${LZOFILE}.lzo -o ${LZOFILE}
/bin/rm ${LZOFILE}.lzo
grep -q 'Green Obsidian' ${LZOFILE}
ret_val="$?"
r_checkExitStatus "$ret_val"

View File

@ -0,0 +1,3 @@
Tests archive formats and archive accessories
TODO: Add xz

View File

@ -0,0 +1,3 @@
#!/bin/bash
r_log "attr" "Installing the attr package"
p_installPackageNormal attr

View File

@ -0,0 +1,18 @@
#!/bin/bash
ATTRTEST="/var/tmp/attrtest.img"
ATTRMNT="/mnt/attrtest"
trap 'umount /mnt/attrtest ; /bin/rm -f ${ATTRTEST} ; /bin/rm -rf ${ATTRMNT}' EXIT
r_log "attr" "Checking that *attr works"
dd if=/dev/zero of="${ATTRTEST}" bs=1024000 count=100 &>/dev/null
r_checkExitStatus $?
mkdir "${ATTRMNT}"
echo -e 'y\n' | mkfs.ext3 "${ATTRTEST}" > /dev/null 2>&1
mount -t ext3 -o loop,user_xattr "${ATTRTEST}" "${ATTRMNT}"
touch "${ATTRMNT}/testfile"
setfattr -n user.test "${ATTRMNT}/testfile"
getfattr "${ATTRMNT}/testfile" | grep -oq "user.test"
r_checkExitStatus $?

View File

@ -0,0 +1 @@
Test attr

View File

@ -0,0 +1,9 @@
#!/bin/bash
r_log "auditd" "Install auditd (this should be available during minimal)"
p_installPackageNormal audit
r_log "auditd" "Ensure auditd is running and enabled"
# Ignore service cycler, auditd refuses manual stop
/usr/sbin/service auditd restart
sleep 2
/usr/bin/systemctl status auditd.service | grep -q "active"
r_checkExitStatus $?

View File

@ -0,0 +1,4 @@
#!/bin/bash
r_log "auditd" "Check if the audit logs are not empty"
[[ -s /var/log/audit/audit.log ]]
r_checkExitStatus $?

View File

@ -0,0 +1,12 @@
#!/bin/bash
r_log "auditd" "Generate events for audit log"
r_log "auditd" "Add test user"
useradd relengauditd
grep "ADD_USER" /var/log/audit/audit.log | grep -q 'acct="relengauditd"'
r_checkExitStatus $?
r_log "auditd" "Delete test user"
userdel relengauditd
grep "DEL_USER" /var/log/audit/audit.log | grep -q 'ID="relengauditd"'
r_checkExitStatus $?

View File

@ -0,0 +1 @@
Test auditd

View File

@ -0,0 +1,8 @@
#!/bin/bash
# Bash is default installed on minimal
r_log "bash" "Check that the bash version is valid"
bash --version | grep -qE "(x86_64|aarch64|powerpc64le)-redhat-linux-gnu"
r_checkExitStatus $?

View File

@ -0,0 +1 @@
Test bash

View File

@ -0,0 +1,8 @@
#!/bin/bash
r_log "bc" "Install bc"
p_installPackageNormal bc
r_checkExitStatus $?
r_log "bc" "Check bc version"
bc --version
r_checkExitStatus $?

View File

@ -0,0 +1,4 @@
#!/bin/bash
r_log "bc" "Testing simple calculations"
test "$(echo "8 + 5 * 2 / 10 - 1" | bc)" -eq "8"
r_checkExitStatus $?

View File

@ -0,0 +1 @@
Test bc.

View File

@ -0,0 +1,4 @@
#!/bin/bash
r_log "bind" "Installing bind"
p_installPackageNormal bind bind-utils
m_serviceCycler named start

View File

@ -0,0 +1,4 @@
#!/bin/bash
r_log "bind" "Testing bind lookups work"
dig +timeout=5 +short @127.0.0.1 localhost | grep -q "127.0.0.1"
r_checkExitStatus $?

View File

@ -0,0 +1 @@
Test the bind package

View File

@ -0,0 +1,4 @@
#!/bin/bash
# coreutils should already be there, but just in case I guess.
r_log "coreutils" "Install coreutils"
p_installPackageNormal coreutils

View File

@ -0,0 +1,4 @@
#!/bin/bash
r_log "coreutils" "Check that the architecture matches"
uname -a | grep -q "$(arch)"
r_checkExitStatus $?

View File

@ -0,0 +1,9 @@
#!/bin/bash
r_log "coreutils" "Testing basename"
# Doing two tests for validation
basename ./core/pkg_coreutils/11-basename.sh | grep -q 11-basename.sh
r_checkExitStatus $?
basename /etc/hosts | grep -q hosts
r_checkExitStatus $?

View File

@ -0,0 +1,10 @@
#!/bin/bash
r_log "coreutils" "Testing cat"
trap "/bin/rm /var/tmp/cattest" EXIT
cat > /var/tmp/cattest <<EOF
Green Obsidian
EOF
grep -q "Green Obsidian" /var/tmp/cattest
r_checkExitStatus $?

View File

@ -0,0 +1,5 @@
#!/bin/bash
r_log "coreutils" "Test cut command"
[ "$(cut -f1 -d ' ' /etc/redhat-release)" == "Rocky" ]
r_checkExitStatus $?

View File

@ -0,0 +1,12 @@
#!/bin/bash
r_log "coreutils" "Test true/false"
r_log "coreutils" "Test true"
true
test $? -eq 0
r_checkExitStatus $?
r_log "coreutils" "Test false"
false
test $? -eq 1
r_checkExitStatus $?

View File

@ -0,0 +1,10 @@
#!/bin/bash
r_log "coreutils" "Test head and tail"
r_log "coreutils" "Testing head"
head -n1 /etc/os-release | grep -q NAME
r_checkExitStatus $?
r_log "coreutils" "Testing tail"
tail -n1 /etc/os-release | grep -q SUPPORT
r_checkExitStatus $?

View File

@ -0,0 +1,8 @@
#!/bin/bash
r_log "coreutils" "Testing pathchk"
pathchk -p "<>" 2> /dev/null
# shellcheck disable=SC2181
[ $? -eq 1 ] && pathchk /var/tmp/fakePathAndFile
# shellcheck disable=SC2181
[ $? -eq 0 ] && pathchk /var/tmp
r_checkExitStatus $?

View File

@ -0,0 +1,6 @@
#!/bin/bash
r_log "coreutils" "Testing readlink"
trap "/bin/rm /var/tmp/listen" EXIT
ln -s /var/tmp/talk /var/tmp/listen
readlink /var/tmp/listen | grep -q "/var/tmp/talk"
r_checkExitStatus $?

View File

@ -0,0 +1,6 @@
#!/bin/bash
r_log "coreutils" "Testing seq"
seq -s " " 6 | grep -q "1 2 3 4 5 6" && \
seq -s " " 3 5 | grep -q "3 4 5" && \
seq -s " " 3 3 9 | grep -q "3 6 9"
r_checkExitStatus $?

View File

@ -0,0 +1,5 @@
#!/bin/bash
r_log "coreutils" "Testing timeout and sleep"
timeout 1 sleep 1
[ $? -eq 124 ] && timeout 2 sleep 2
[ $? -eq 124 ] && r_checkExitStatus $?

View File

@ -0,0 +1,25 @@
#!/bin/bash
r_log "coreutils" "Test hash sum tools"
trap '/bin/rm ${HASHFILE}' EXIT
HASHFILE=/var/tmp/obsidian
echo "Green Obsidian is our release name" > ${HASHFILE}
r_log "coreutils" "Test md5sum"
/usr/bin/md5sum ${HASHFILE} | grep -q 7ee0df0c24cd8fbf747bbeaec2afb935
r_checkExitStatus $?
r_log "coreutils" "Test sha1sum"
/usr/bin/sha1sum ${HASHFILE} | grep -q d9dc0c244c60e6488ebca1733d8072217a2e53d9
r_checkExitStatus $?
r_log "coreutils" "Test sha224sum"
/usr/bin/sha224sum ${HASHFILE} | grep -q 5b7a29dcee3d895e21877d08da1e1408bbd6b09426887cdbfb583753
r_checkExitStatus $?
r_log "coreutils" "Test sha256sum"
/usr/bin/sha256sum ${HASHFILE} | grep -q 38ee9bbdd83f1f1dd4506b061141d956496ab01dd187e24db35e024b37f47110
r_checkExitStatus $?
r_log "coreutils" "Test sha384sum"
/usr/bin/sha384sum ${HASHFILE} | grep -q 5002b880f8b05ab66ead70ea828e3869114fe6a85bffc84fc2199c7d10fee39a69c0b523562e7bb208e7922b0d291916
r_checkExitStatus $?
r_log "coreutils" "Test sha512sum"
/usr/bin/sha512sum ${HASHFILE} | grep -q e50554c29a5cb7bd04279d3c0918e486024c79c4b305a2e360a97d4021dacf56ce0d17fa6e6a0e81ad03d5fb74fbe2d50cce6081c2c277f22b958cdae978a2f5
r_checkExitStatus $?

View File

@ -0,0 +1,13 @@
#!/bin/bash
r_log "coreutils" "Testing touch and ls"
trap '/bin/rm /tmp/touch-?' EXIT
r_log "coreutils" "Touch files with specific dates"
touch -t 199104230420 /tmp/touch-1
touch -t 199104240420 /tmp/touch-2
r_log "coreutils" "Verify that the oldest file is last"
# shellcheck disable=SC2012
ls -lt /tmp/touch-? | tail -n 1 | grep -q 'touch-1'
r_checkExitStatus $?

View File

@ -0,0 +1,17 @@
#!/bin/bash
r_log "coreutils" "Ensure uniq works as expected"
trap '/bin/rm /var/tmp/uniq' EXIT
cat > /var/tmp/uniq <<EOF
Rocky
Rocky
Obsidian
obsidian
Green
Green
Blue
onyn
EOF
uniq -d /var/tmp/uniq | wc -l | grep -q 2 && uniq -u /var/tmp/uniq | wc -l | grep -q 4
r_checkExitStatus $?

View File

@ -0,0 +1,24 @@
#!/bin/bash
r_log "coreutils" "Ensure wc works as expected"
r_log "coreutils" "This should have already been done with uniq"
# Context: we should probably test some switches...
trap "/bin/rm /var/tmp/wc" EXIT
cat > /var/tmp/wc <<EOF
Rocky
Rocky
Obsidian
obsidian
Green
Green
Blue
onynx
EOF
wc -l /var/tmp/wc | grep -q 8 && \
wc -c /var/tmp/wc | grep -q 53 && \
wc -m /var/tmp/wc | grep -q 53 && \
wc -L /var/tmp/wc | grep -q 8 && \
wc -w /var/tmp/wc | grep -q 8
r_checkExitStatus $?

View File

@ -0,0 +1,11 @@
#!/bin/bash
r_log "coreutils" "Test the yes command"
touch /var/tmp/yes-123
touch /var/tmp/yes-345
# shellcheck disable=SC2216
yes | /bin/rm -i /var/tmp/yes-* || r_checkExitStatus 1
deleted=1
test -f /var/tmp/yes-123 || test -f /var/tmp/yes-345 || deleted=0
r_checkExitStatus $deleted

View File

@ -0,0 +1 @@
Test coreutils

View File

@ -0,0 +1,3 @@
#!/bin/bash
r_log "cpio" "Install cpio"
p_installPackageNormal cpio diffutils

36
func/core/pkg_cpio/10-cpio.sh Executable file
View File

@ -0,0 +1,36 @@
#!/bin/bash
r_log "cpio" "Test basic cpio stuff"
OUTTER=/var/tmp/cpio/out
INNER=/var/tmp/cpio/in
PASSER=/var/tmp/cpio/pass
trap '/bin/rm -rf /var/tmp/cpio' EXIT
# Nothing should be here. Clean up first.
[ -d /var/tmp/cpio ] && /bin/rm -rf /var/tmp/cpio
r_log "cpio" "Test basic copy out"
mkdir -p "$OUTTER" "$INNER" "$PASSER"
# Ensure at least one file exists in /tmp to prevent errors.
echo 1 > $(mktemp)
# shellcheck disable=2012
find /tmp -type f | cpio -o > "$OUTTER"/cpio.out 2> /dev/null
r_checkExitStatus $?
r_log "cpio" "Test basic copy in"
pushd "$INNER" || exit 1
cpio -i < "$OUTTER"/cpio.out
r_checkExitStatus $?
popd || exit 1
r_log "cpio" "Test basic passthrough"
pushd "$INNER" || exit 1
find . | cpio -pd "$PASSER"
r_checkExitStatus $?
popd || exit 1
r_log "cpio" "Checking that the directories (pass and in) are the same"
diff "$PASSER" "$INNER" &> /dev/null
r_checkExitStatus $?

View File

@ -0,0 +1 @@
Test cpio

View File

@ -0,0 +1,3 @@
#!/bin/bash
r_log "cracklib" "Install the cracklib package"
p_installPackageNormal cracklib

View File

@ -0,0 +1,18 @@
#!/bin/bash
r_log "cracklib" "Test that cracklib can check passwords"
r_log "cracklib" "Test a very simple password"
echo -e "test" | cracklib-check | grep -q "too short"
r_checkExitStatus $?
r_log "cracklib" "Test a simple/dictionary password"
echo -e "testing" | cracklib-check | grep -q "dictionary"
r_checkExitStatus $?
r_log "cracklib" "Testing simplistic password"
echo -e "1234_abc" | cracklib-check | grep -q 'simplistic'
r_checkExitStatus $?
r_log "cracklib" "Testing a complicated password"
echo -e "2948_Obaym-" | cracklib-check | grep -q "OK"
r_checkExitStatus $?

View File

@ -0,0 +1 @@
Testing cracklib and cracklib accessories

View File

@ -0,0 +1,4 @@
#!/bin/bash
r_log "cron" "Installing crond"
p_installPackageNormal cronie
m_serviceCycler crond cycle

View File

@ -0,0 +1,38 @@
#!/bin/bash
r_log "cron" "Testing hourly cron jobs"
trap '/bin/rm /etc/cron.{weekly,daily,hourly}/rocky.sh' EXIT
cat > /etc/cron.hourly/rocky.sh <<EOF
#!/bin/bash
echo "obsidian"
EOF
chmod +x /etc/cron.hourly/rocky.sh
run-parts /etc/cron.hourly | grep -q "obsidian"
r_checkExitStatus $?
r_log "cron" "Testing daily cron jobs"
cat > /etc/cron.daily/rocky.sh <<EOF
#!/bin/bash
echo "obsidian"
EOF
chmod +x /etc/cron.daily/rocky.sh
run-parts /etc/cron.daily | grep -q "obsidian"
r_checkExitStatus $?
r_log "cron" "Testing weekly cron jobs"
cat > /etc/cron.weekly/rocky.sh <<EOF
#!/bin/bash
echo "obsidian"
EOF
chmod +x /etc/cron.weekly/rocky.sh
run-parts /etc/cron.weekly | grep -q "obsidian"
r_checkExitStatus $?

View File

@ -0,0 +1 @@
Testing cron and cron accessories

View File

@ -0,0 +1,3 @@
#!/bin/bash
r_log "curl" "Install curl"
p_installPackageNormal curl

View File

@ -0,0 +1,12 @@
#!/bin/bash
r_log "curl" "Basic curl test"
# TODO: Setup variables/switches I guess? Would need to be utilized in primary
# script
STRING="Rocky Linux"
URL="https://rockylinux.org"
r_log "curl" "Checking out ${URL}"
curl --location -s ${URL} | grep -q "${STRING}"

View File

@ -0,0 +1 @@
Simple curl tests

View File

@ -0,0 +1,3 @@
#!/bin/bash
r_log "diffutils" "Installing diffutils"
p_installPackageNormal diffutils

View File

@ -0,0 +1,3 @@
Test diffutils.
There's no tests here though. Need to figure out what to do.

View File

@ -0,0 +1,9 @@
#!/bin/bash
r_log "dnf" "Install ksh package"
p_installPackageNormal ksh
r_log "dnf" "Remove ksh package"
p_removePackage ksh
rpm -q ksh | grep -q "package ksh is not installed"
r_checkExitStatus $?

View File

@ -0,0 +1 @@
Test dnf and accessories

View File

@ -0,0 +1,4 @@
#!/bin/bash
r_log "dovecot" "Installing dovecot"
p_installPackageNormal dovecot nc grep
m_serviceCycler dovecot start

View File

@ -0,0 +1,9 @@
#!/bin/bash
r_log "dovecot" "Configuring dovecot"
cat > /etc/dovecot/conf.d/11-rocky.conf << EOF
mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_privileged_group = mail
EOF
m_serviceCycler dovecot restart

View File

@ -0,0 +1,31 @@
#!/bin/bash
r_log "dovecot" "Testing basic POP3 (does anyone still use this?)"
# Note that nmap-nc appears to be the default, even in fedora
NC_OPTS="-w 5 -d 3"
r_log "dovecot" "Add poptest user and maildir"
if ! id poptest > /dev/null 2>&1; then
useradd poptest
echo pop3test | passwd --stdin poptest
fi
# shellcheck disable=SC2174
mkdir -m 700 -p /home/poptest/mail/.imap/INBOX
chown -R poptest:poptest /home/poptest/mail
r_log "dovecot" "Test basic POP3 login"
# shellcheck disable=SC2086
echo -e "user poptest\npass pop3test\n" | nc ${NC_OPTS} localhost 110 | grep -q "+OK Logged in."
ret_val=$?
if [ "$ret_val" -ne 0 ]; then
tail /var/log/secure
tail /var/log/maillog
fi
r_checkExitStatus $ret_val
userdel -rf poptest

View File

@ -0,0 +1,31 @@
#!/bin/bash
r_log "dovecot" "Testing basic IMAP"
# Note that nmap-nc appears to be the default, even in fedora
NC_OPTS="-w 5 -d 3"
r_log "dovecot" "Add imapper user and maildir"
if ! id imapper > /dev/null 2>&1; then
useradd imapper
echo imaptest | passwd --stdin imapper
fi
# shellcheck disable=SC2174
mkdir -m 700 -p /home/imapper/mail/.imap/INBOX
chown -R imapper:imapper /home/imapper/mail
r_log "dovecot" "Test basic IMAP login"
# shellcheck disable=SC2086
echo -e "01 LOGIN imapper imaptest\n" | nc ${NC_OPTS} localhost 143 | grep -q "Logged in."
ret_val=$?
if [ "$ret_val" -ne 0 ]; then
tail /var/log/secure
tail /var/log/maillog
fi
r_checkExitStatus $ret_val
userdel -rf imapper

View File

@ -0,0 +1,3 @@
#!/bin/bash
rm -f /etc/dovecot/conf.d/11-rocky.conf
m_serviceCycler dovecot restart

View File

@ -0,0 +1 @@
Testing dovecot

View File

@ -0,0 +1,4 @@
#!/bin/bash
r_log "file" "Install the file package"
# At one point it was installed in an earlier test (or it's default)
m_assertCleanExit rpm -q file

View File

@ -0,0 +1,16 @@
#!/bin/bash
r_log "file" "Check mimetype of bash"
# Add additional versions here when ready
case "$RL_VER" in
8)
MIME="application/x-sharedlib"
;;
*)
# This is from fedora, 9 may or may not be this
MIME="application/x-pie-executable"
;;
esac
file -i /bin/bash | grep -q "${MIME}"
r_checkExitStatus $?

View File

@ -0,0 +1,11 @@
#!/bin/bash
r_log "file" "Check image mimetype"
pngFile="$(find /usr/share -type f -name '*.png' -print -quit)"
if [ -z "$pngFile" ]; then
r_log "file" "No png files were found. SKIP"
exit 0
fi
file -i "$pngFile" | grep -q 'image/png'
r_checkExitStatus $?

View File

@ -0,0 +1,8 @@
#!/bin/bash
r_log "file" "Check that we can see a symlink"
FILE_PATH=/var/tmp/linktest
trap '/bin/rm ${FILE_PATH}' EXIT
MIME="inode/symlink"
ln -s /etc/issue $FILE_PATH
file -i $FILE_PATH | grep -q "${MIME}"
r_checkExitStatus $?

Some files were not shown because too many files have changed in this diff Show More