rpms / libcap

#1 Add CI tests using the standard test interface

Closed 5 years ago by karsten. Opened 6 years ago by astepano.

git://fedorapeople.org/~astepano/libcap master into master

Add CI tests using the standard test interface

Andrei Stepanov • 6 years ago

469e3db

tests/capsh-basic-functionality/Makefile

file added

+64

		`@@ -0,0 +1,64 @@`
		`+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
		`+ #`
		`+ # Makefile of /CoreOS/libcap/Sanity/capsh-basic-functionality`
		`+ # Description: tests basic functionality`
		`+ # Author: Karel Srot <ksrot@redhat.com>`
		`+ #`
		`+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
		`+ #`
		`+ # Copyright (c) 2017 Red Hat, Inc.`
		`+ #`
		`+ # This copyrighted material is made available to anyone wishing`
		`+ # to use, modify, copy, or redistribute it subject to the terms`
		`+ # and conditions of the GNU General Public License version 2.`
		`+ #`
		`+ # This program is distributed in the hope that it will be`
		`+ # useful, but WITHOUT ANY WARRANTY; without even the implied`
		`+ # warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR`
		`+ # PURPOSE. See the GNU General Public License for more details.`
		`+ #`
		`+ # You should have received a copy of the GNU General Public`
		`+ # License along with this program; if not, write to the Free`
		`+ # Software Foundation, Inc., 51 Franklin Street, Fifth Floor,`
		`+ # Boston, MA 02110-1301, USA.`
		`+ #`
		`+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
		`+`
		`+ export TEST=/CoreOS/libcap/Sanity/capsh-basic-functionality`
		`+ export TESTVERSION=1.0`
		`+`
		`+ BUILT_FILES=`
		`+`
		`+ FILES=$(METADATA) runtest.sh Makefile PURPOSE`
		`+`
		`+ .PHONY: all install download clean`
		`+`
		`+ run: $(FILES) build`
		`+ ./runtest.sh`
		`+`
		`+ build: $(BUILT_FILES)`
		`+ test -x runtest.sh \|\| chmod a+x runtest.sh`
		`+`
		`+ clean:`
		`+ rm -f *~ $(BUILT_FILES)`
		`+`
		`+`
		`+ include /usr/share/rhts/lib/rhts-make.include`
		`+`
		`+ $(METADATA): Makefile`
		`+ @echo "Owner: Karel Srot <ksrot@redhat.com>" > $(METADATA)`
		`+ @echo "Name: $(TEST)" >> $(METADATA)`
		`+ @echo "TestVersion: $(TESTVERSION)" >> $(METADATA)`
		`+ @echo "Path: $(TEST_DIR)" >> $(METADATA)`
		`+ @echo "Description: tests basic functionality" >> $(METADATA)`
		`+ @echo "Type: Sanity" >> $(METADATA)`
		`+ @echo "TestTime: 5m" >> $(METADATA)`
		`+ @echo "RunFor: libcap" >> $(METADATA)`
		`+ @echo "Requires: libcap" >> $(METADATA)`
		`+ @echo "Priority: Normal" >> $(METADATA)`
		`+ @echo "License: GPLv2" >> $(METADATA)`
		`+ @echo "Confidential: no" >> $(METADATA)`
		`+ @echo "Destructive: no" >> $(METADATA)`
		`+ @echo "Releases: -RHEL4 -RHELClient5 -RHELServer5 -RHEL6" >> $(METADATA)`
		`+`
		`+ rhts-lint $(METADATA)`

tests/capsh-basic-functionality/PURPOSE

file added

		`@@ -0,0 +1,3 @@`
		`+ PURPOSE of /CoreOS/libcap/Sanity/capsh-basic-functionality`
		`+ Description: tests basic functionality`
		`+ Author: Karel Srot <ksrot@redhat.com>`

tests/capsh-basic-functionality/runtest.sh

file added

+123

		`@@ -0,0 +1,123 @@`
		`+ #!/bin/bash`
		`+ # vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k`
		`+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
		`+ #`
		`+ # runtest.sh of /CoreOS/libcap/Sanity/capsh-basic-functionality`
		`+ # Description: tests basic functionality`
		`+ # Author: Karel Srot <ksrot@redhat.com>`
		`+ #`
		`+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
		`+ #`
		`+ # Copyright (c) 2017 Red Hat, Inc.`
		`+ #`
		`+ # This copyrighted material is made available to anyone wishing`
		`+ # to use, modify, copy, or redistribute it subject to the terms`
		`+ # and conditions of the GNU General Public License version 2.`
		`+ #`
		`+ # This program is distributed in the hope that it will be`
		`+ # useful, but WITHOUT ANY WARRANTY; without even the implied`
		`+ # warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR`
		`+ # PURPOSE. See the GNU General Public License for more details.`
		`+ #`
		`+ # You should have received a copy of the GNU General Public`
		`+ # License along with this program; if not, write to the Free`
		`+ # Software Foundation, Inc., 51 Franklin Street, Fifth Floor,`
		`+ # Boston, MA 02110-1301, USA.`
		`+ #`
		`+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
		`+`
		`+ # Include Beaker environment`
		`+ . /usr/bin/rhts-environment.sh \|\| exit 1`
		`+ . /usr/share/beakerlib/beakerlib.sh \|\| exit 1`
		`+`
karsten commented 6 years ago How about export LANG=C
		`+ PACKAGE="libcap"`
		`+`
		`+ rlJournalStart`
		`+ rlPhaseStartSetup`
		`+ rlAssertRpm $PACKAGE`
		`+ rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"`
		`+ rlRun "pushd $TmpDir"`
		`+ rlRun "useradd -m libcap_tester"`
		`+ rlPhaseEnd`
		`+`
		`+ rlPhaseStartTest "Remove the listed capabilities from the prevailing bounding set"`
		`+ rlRun -s "capsh --drop=cap_net_raw -- -c 'getpcaps \$\$'"`
		`+ rlAssertGrep "Capabilities for" $rlRun_LOG`
		`+ rlAssertNotGrep cap_net_raw $rlRun_LOG`
		`+ rlRun -s "capsh --drop=cap_net_raw -- -c 'ping localhost -c 1'" 2,126 "Ping without cap_net_raw shoud fail"`
		`+ rlAssertGrep "Operation not permitted" $rlRun_LOG`
		`+ rlPhaseEnd`
		`+`
		`+ rlPhaseStartTest "Set the prevailing process capabilities"`
		`+ rlRun -s "capsh --caps=cap_chown+p --print"`
		`+ rlAssertGrep "Current: = cap_chown+p" $rlRun_LOG`
		`+ rlPhaseEnd`
		`+`
		`+ rlPhaseStartTest "Set the inheritable set of capabilities"`
		`+ rlRun -s "capsh --inh=cap_chown --print"`
		`+ rlRun "grep 'Current: = ' $rlRun_LOG \| grep 'cap_chown+eip'"`
		`+ rlRun -s "capsh --inh=cap_chown -- -c 'getpcaps \$\$' 2>&1"`
		`+ rlAssertGrep "cap_chown+eip" $rlRun_LOG`
		`+ rlPhaseEnd`
		`+`
		`+ rlPhaseStartTest "Assume the identity of the user nobody"`
		+ USERID=`id -u nobody`
		+ GROUPID=`id -g nobody`
		`+ rlRun -s "capsh --user=nobody -- -c 'id'"`
		`+ rlAssertGrep "uid=$USERID(nobody) gid=$GROUPID(nobody) groups=$GROUPID(nobody)" $rlRun_LOG`
		`+ rlPhaseEnd`
		`+`
		`+ rlPhaseStartTest "Force all uid values to equal to nobody"`
		`+ rlRun -s "capsh --uid=$USERID -- -c 'id'"`
		`+ rlAssertGrep "uid=$USERID(nobody) gid=0(root) groups=0(root)" $rlRun_LOG`
		`+ rlPhaseEnd`
		`+`
		`+ rlPhaseStartTest "Force all gid values to equal to nobody"`
		`+ rlRun -s "capsh --gid=$GROUPID -- -c 'id'"`
		`+ rlAssertGrep "uid=0(root) gid=$GROUPID(nobody)" $rlRun_LOG`
		`+ rlPhaseEnd`
		`+`
		`+ rlPhaseStartTest "Set the supplementary groups"`
		+ GROUP2ID=`id -g daemon`
		`+ rlRun -s "capsh --groups=${GROUPID},${GROUP2ID} -- -c id"`
		`+ rlAssertGrep "uid=0(root) gid=0(root) groups=0(root),${GROUP2ID}(daemon),${GROUPID}(nobody)" $rlRun_LOG`
		`+ rlPhaseEnd`
		`+`
		`+ rlPhaseStartTest "Permit the process to retain its capabilities after a setuid"`
		+ CURRENT=`capsh --print \| grep 'Current:' \| cut -d '+' -f 1`
		`+ rlRun -s "capsh --keep=0 --uid=$USERID --print"`
		`+ rlAssertGrep 'Current: =$' $rlRun_LOG -E`
		`+ rlRun -s "capsh --keep=1 --uid=$USERID --print"`
		`+ rlAssertGrep "$CURRENT" $rlRun_LOG`
		`+ rlPhaseEnd`
		`+`
		`+ rlPhaseStartTest "Decode capabilities"`
		`+ rlRun "CODE=$( cat /proc/$$/status \| awk '/CapEff/ { print $2 }' )"`
		`+ rlRun "DECODE=$( capsh --decode=$CODE \| cut -d '=' -f 2 )"`
		`+ rlRun "capsh --print \| grep 'Current: = $DECODE'"`
		`+ rlPhaseEnd`
		`+`
		`+ rlPhaseStartTest "Verify the existence of a capability on the system"`
		`+ rlRun "capsh --supports=cap_net_raw"`
		`+ rlRun -s "capsh --supports=cap_foo_bar" 1`
		`+ rlAssertGrep "cap\[cap_foo_bar\] not recognized by library" $rlRun_LOG`
		`+ rlPhaseEnd`
		`+`
		`+ rlPhaseStartTest "Verify exit code for unsupported option"`
		`+ rlRun "capsh --foo bar" 1`
		`+ rlPhaseEnd`
		`+`
		`+ rlPhaseStartTest "Run as a regular user"`
		+ USERID=`id -u libcap_tester`
		`+ rlRun -s "su - libcap_tester -c 'capsh --print'"`
		`+ rlAssertGrep "Current: =\$" $rlRun_LOG -E`
		`+ rlAssertGrep "uid=$USERID(libcap_tester)" $rlRun_LOG`
		`+ rlPhaseEnd`
		`+`
		`+ rlPhaseStartCleanup`
		`+ rlRun "userdel -r libcap_tester"`
		`+ rlRun "popd"`
		`+ rlRun "rm -r $TmpDir" 0 "Removing tmp directory"`
		`+ rlPhaseEnd`
		`+ rlJournalPrintText`
		`+ rlJournalEnd`

tests/pam_cap-so-sanity-test/Makefile

file added

+64

		`@@ -0,0 +1,64 @@`
		`+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
		`+ #`
		`+ # Makefile of /CoreOS/libcap/Sanity/pam_cap-so-sanity-test`
		`+ # Description: basic functionality test for pam_cap.so module`
		`+ # Author: Karel Srot <ksrot@redhat.com>`
		`+ #`
		`+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
		`+ #`
		`+ # Copyright (c) 2017 Red Hat, Inc.`
		`+ #`
		`+ # This copyrighted material is made available to anyone wishing`
		`+ # to use, modify, copy, or redistribute it subject to the terms`
		`+ # and conditions of the GNU General Public License version 2.`
		`+ #`
		`+ # This program is distributed in the hope that it will be`
		`+ # useful, but WITHOUT ANY WARRANTY; without even the implied`
		`+ # warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR`
		`+ # PURPOSE. See the GNU General Public License for more details.`
		`+ #`
		`+ # You should have received a copy of the GNU General Public`
		`+ # License along with this program; if not, write to the Free`
		`+ # Software Foundation, Inc., 51 Franklin Street, Fifth Floor,`
		`+ # Boston, MA 02110-1301, USA.`
		`+ #`
		`+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
		`+`
		`+ export TEST=/CoreOS/libcap/Sanity/pam_cap-so-sanity-test`
		`+ export TESTVERSION=1.0`
		`+`
		`+ BUILT_FILES=`
		`+`
		`+ FILES=$(METADATA) runtest.sh Makefile PURPOSE`
		`+`
		`+ .PHONY: all install download clean`
		`+`
		`+ run: $(FILES) build`
		`+ ./runtest.sh`
		`+`
		`+ build: $(BUILT_FILES)`
		`+ test -x runtest.sh \|\| chmod a+x runtest.sh`
		`+`
		`+ clean:`
		`+ rm -f *~ $(BUILT_FILES)`
		`+`
		`+`
		`+ include /usr/share/rhts/lib/rhts-make.include`
		`+`
		`+ $(METADATA): Makefile`
		`+ @echo "Owner: Karel Srot <ksrot@redhat.com>" > $(METADATA)`
		`+ @echo "Name: $(TEST)" >> $(METADATA)`
		`+ @echo "TestVersion: $(TESTVERSION)" >> $(METADATA)`
		`+ @echo "Path: $(TEST_DIR)" >> $(METADATA)`
		`+ @echo "Description: basic functionality test for pam_cap.so module" >> $(METADATA)`
		`+ @echo "Type: Sanity" >> $(METADATA)`
		`+ @echo "TestTime: 5m" >> $(METADATA)`
		`+ @echo "RunFor: libcap" >> $(METADATA)`
		`+ @echo "Requires: libcap" >> $(METADATA)`
		`+ @echo "Priority: Normal" >> $(METADATA)`
		`+ @echo "License: GPLv2" >> $(METADATA)`
		`+ @echo "Confidential: no" >> $(METADATA)`
		`+ @echo "Destructive: no" >> $(METADATA)`
		`+ @echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)`
		`+`
		`+ rhts-lint $(METADATA)`

tests/pam_cap-so-sanity-test/PURPOSE

file added

		`@@ -0,0 +1,5 @@`
		`+ PURPOSE of /CoreOS/libcap/Sanity/pam_cap-so-sanity-test`
		`+ Description: basic functionality test for pam_cap.so module`
		`+ Author: Karel Srot <ksrot@redhat.com>`
		`+`
		`+ Test if a test user can be granted capabilities via pam_cap.so module.`

tests/pam_cap-so-sanity-test/runtest.sh

file added

+63

		`@@ -0,0 +1,63 @@`
		`+ #!/bin/bash`
		`+ # vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k`
		`+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
		`+ #`
		`+ # runtest.sh of /CoreOS/libcap/Sanity/pam_cap-so-sanity-test`
		`+ # Description: basic functionality test for pam_cap.so module`
		`+ # Author: Karel Srot <ksrot@redhat.com>`
		`+ #`
		`+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
		`+ #`
		`+ # Copyright (c) 2017 Red Hat, Inc.`
		`+ #`
		`+ # This copyrighted material is made available to anyone wishing`
		`+ # to use, modify, copy, or redistribute it subject to the terms`
		`+ # and conditions of the GNU General Public License version 2.`
		`+ #`
		`+ # This program is distributed in the hope that it will be`
		`+ # useful, but WITHOUT ANY WARRANTY; without even the implied`
		`+ # warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR`
		`+ # PURPOSE. See the GNU General Public License for more details.`
		`+ #`
		`+ # You should have received a copy of the GNU General Public`
		`+ # License along with this program; if not, write to the Free`
		`+ # Software Foundation, Inc., 51 Franklin Street, Fifth Floor,`
		`+ # Boston, MA 02110-1301, USA.`
		`+ #`
		`+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
		`+`
		`+ # Include Beaker environment`
		`+ . /usr/bin/rhts-environment.sh \|\| exit 1`
		`+ . /usr/share/beakerlib/beakerlib.sh \|\| exit 1`
		`+`
		`+ PACKAGE="libcap"`
		`+`
		`+ rlJournalStart`
		`+ rlPhaseStartSetup`
		`+ rlAssertRpm $PACKAGE`
		`+ rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"`
		`+ rlRun "pushd $TmpDir"`
		`+ rlRun "useradd -m pam_cap_user"`
		`+ rlRun "useradd -m pam_cap_user2"`
		`+ rlFileBackup /etc/pam.d/su`
		`+ [ -f /etc/security/capability.conf ] && rlFileBackup /etc/security/capability.conf`
		`+ rlRun "echo -e 'cap_net_raw pam_cap_user\nnone *' > /etc/security/capability.conf"`
		`+ rlRun "sed '1 s/^/auth required pam_cap.so/' -i /etc/pam.d/su" 0 "Configure pam_cap.so in /etc/pam.d/su"`
		`+ rlPhaseEnd`
		`+`
		`+ rlPhaseStartTest`
		`+ rlRun "su - pam_cap_user -c 'getpcaps \$\$' &> user1.log"`
		`+ rlAssertGrep "Capabilities for.* = cap_net_raw" user1.log -E`
		`+ rlRun "su - pam_cap_user2 -c 'getpcaps \$\$' &> user2.log"`
		`+ rlAssertNotGrep "cap_net_raw" user2.log`
		`+ rlPhaseEnd`
		`+`
		`+ rlPhaseStartCleanup`
		`+ rlRun "userdel -r pam_cap_user"`
		`+ rlRun "userdel -r pam_cap_user2"`
		`+ rlFileRestore`
		`+ rlRun "popd"`
		`+ rlRun "rm -r $TmpDir" 0 "Removing tmp directory"`
		`+ rlPhaseEnd`
		`+ rlJournalPrintText`
		`+ rlJournalEnd`

tests/pkg-config-libcap-pc-addition/Makefile

file added

+65

		`@@ -0,0 +1,65 @@`
		`+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
		`+ #`
		`+ # Makefile of /CoreOS/libcap/Sanity/pkg-config-libcap-pc-addition`
		`+ # Description: Test for BZ#1425490 (Missing libcap.pc)`
		`+ # Author: Karel Srot <ksrot@redhat.com>`
		`+ #`
		`+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
		`+ #`
		`+ # Copyright (c) 2017 Red Hat, Inc.`
		`+ #`
		`+ # This copyrighted material is made available to anyone wishing`
		`+ # to use, modify, copy, or redistribute it subject to the terms`
		`+ # and conditions of the GNU General Public License version 2.`
		`+ #`
		`+ # This program is distributed in the hope that it will be`
		`+ # useful, but WITHOUT ANY WARRANTY; without even the implied`
		`+ # warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR`
		`+ # PURPOSE. See the GNU General Public License for more details.`
		`+ #`
		`+ # You should have received a copy of the GNU General Public`
		`+ # License along with this program; if not, write to the Free`
		`+ # Software Foundation, Inc., 51 Franklin Street, Fifth Floor,`
		`+ # Boston, MA 02110-1301, USA.`
		`+ #`
		`+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
		`+`
		`+ export TEST=/CoreOS/libcap/Sanity/pkg-config-libcap-pc-addition`
		`+ export TESTVERSION=1.0`
		`+`
		`+ BUILT_FILES=`
		`+`
		`+ FILES=$(METADATA) runtest.sh Makefile PURPOSE`
		`+`
		`+ .PHONY: all install download clean`
		`+`
		`+ run: $(FILES) build`
		`+ ./runtest.sh`
		`+`
		`+ build: $(BUILT_FILES)`
		`+ test -x runtest.sh \|\| chmod a+x runtest.sh`
		`+`
		`+ clean:`
		`+ rm -f *~ $(BUILT_FILES)`
		`+`
		`+`
		`+ include /usr/share/rhts/lib/rhts-make.include`
		`+`
		`+ $(METADATA): Makefile`
		`+ @echo "Owner: Karel Srot <ksrot@redhat.com>" > $(METADATA)`
		`+ @echo "Name: $(TEST)" >> $(METADATA)`
		`+ @echo "TestVersion: $(TESTVERSION)" >> $(METADATA)`
		`+ @echo "Path: $(TEST_DIR)" >> $(METADATA)`
		`+ @echo "Description: Test for BZ#1425490 (Missing libcap.pc)" >> $(METADATA)`
		`+ @echo "Type: Sanity" >> $(METADATA)`
		`+ @echo "TestTime: 5m" >> $(METADATA)`
		`+ @echo "RunFor: libcap" >> $(METADATA)`
		`+ @echo "Requires: libcap libcap-devel pkgconfig" >> $(METADATA)`
		`+ @echo "Priority: Normal" >> $(METADATA)`
		`+ @echo "License: GPLv2" >> $(METADATA)`
		`+ @echo "Confidential: no" >> $(METADATA)`
		`+ @echo "Destructive: no" >> $(METADATA)`
		`+ @echo "Bug: 1425490" >> $(METADATA)`
		`+ @echo "Releases: -RHEL4 -RHELClient5 -RHELServer5 -RHEL6" >> $(METADATA)`
		`+`
		`+ rhts-lint $(METADATA)`

tests/pkg-config-libcap-pc-addition/PURPOSE

file added

		`@@ -0,0 +1,7 @@`
		`+ PURPOSE of /CoreOS/libcap/Sanity/pkg-config-libcap-pc-addition`
		`+ Description: Test for BZ#1425490 (Missing libcap.pc)`
		`+ Author: Karel Srot <ksrot@redhat.com>`
		`+ Bug summary: Missing libcap.pc`
		`+ Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1425490`
		`+`
		`+ Checking the presence and sanity of the libcap.pc file.`

tests/pkg-config-libcap-pc-addition/runtest.sh

file added

+62

		`@@ -0,0 +1,62 @@`
		`+ #!/bin/bash`
		`+ # vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k`
		`+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
		`+ #`
		`+ # runtest.sh of /CoreOS/libcap/Sanity/pkg-config-libcap-pc-addition`
		`+ # Description: Test for BZ#1425490 (Missing libcap.pc)`
		`+ # Author: Karel Srot <ksrot@redhat.com>`
		`+ #`
		`+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
		`+ #`
		`+ # Copyright (c) 2017 Red Hat, Inc.`
		`+ #`
		`+ # This copyrighted material is made available to anyone wishing`
		`+ # to use, modify, copy, or redistribute it subject to the terms`
		`+ # and conditions of the GNU General Public License version 2.`
		`+ #`
		`+ # This program is distributed in the hope that it will be`
		`+ # useful, but WITHOUT ANY WARRANTY; without even the implied`
		`+ # warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR`
		`+ # PURPOSE. See the GNU General Public License for more details.`
		`+ #`
		`+ # You should have received a copy of the GNU General Public`
		`+ # License along with this program; if not, write to the Free`
		`+ # Software Foundation, Inc., 51 Franklin Street, Fifth Floor,`
		`+ # Boston, MA 02110-1301, USA.`
		`+ #`
		`+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
		`+`
		`+ # Include Beaker environment`
		`+ . /usr/bin/rhts-environment.sh \|\| exit 1`
		`+ . /usr/share/beakerlib/beakerlib.sh \|\| exit 1`
		`+`
		`+ PACKAGE="libcap"`
		`+`
		`+ rlJournalStart`
		`+ rlPhaseStartSetup`
		`+ rlAssertRpm $PACKAGE`
		`+ rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"`
		`+ rlRun "pushd $TmpDir"`
		`+ rlPhaseEnd`
		`+`
		`+ rlPhaseStartTest`
		`+ rlRun "rpm -ql libcap-devel \| grep libcap.pc" 0 "There must be libcap.pc"`
		`+ if [ $? -eq 0 ]; then`
		`+ PCFILE=$(rpm -ql libcap-devel \| grep libcap.pc)`
		`+ rlRun "pkg-config --libs libcap \| grep -- '-lcap'"`
		`+ VER=$(awk '/Version:/ { print $2 }' $PCFILE \| tail -1)`
		`+ rlRun "pkg-config --modversion libcap \| grep $VER"`
		`+ rlRun -s "pkg-config --print-variables libcap"`
		`+ rlAssertGrep "^prefix" $rlRun_LOG`
		`+ rlAssertGrep "^exec_prefix" $rlRun_LOG`
		`+ rlAssertGrep "^libdir" $rlRun_LOG`
		`+ rlAssertGrep "^includedir" $rlRun_LOG`
		`+ fi`
		`+ rlPhaseEnd`
		`+`
		`+ rlPhaseStartCleanup`
		`+ rlRun "popd"`
		`+ rlRun "rm -r $TmpDir" 0 "Removing tmp directory"`
		`+ rlPhaseEnd`
		`+ rlJournalPrintText`
		`+ rlJournalEnd`

tests/setcap-getcap-basic-functionality/Makefile

file added

+64

		`@@ -0,0 +1,64 @@`
		`+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
		`+ #`
		`+ # Makefile of /CoreOS/libcap/Sanity/setcap-getcap-basic-functionality`
		`+ # Description: test basic functionality`
		`+ # Author: Karel Srot <ksrot@redhat.com>`
		`+ #`
		`+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
		`+ #`
		`+ # Copyright (c) 2017 Red Hat, Inc.`
		`+ #`
		`+ # This copyrighted material is made available to anyone wishing`
		`+ # to use, modify, copy, or redistribute it subject to the terms`
		`+ # and conditions of the GNU General Public License version 2.`
		`+ #`
		`+ # This program is distributed in the hope that it will be`
		`+ # useful, but WITHOUT ANY WARRANTY; without even the implied`
		`+ # warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR`
		`+ # PURPOSE. See the GNU General Public License for more details.`
		`+ #`
		`+ # You should have received a copy of the GNU General Public`
		`+ # License along with this program; if not, write to the Free`
		`+ # Software Foundation, Inc., 51 Franklin Street, Fifth Floor,`
		`+ # Boston, MA 02110-1301, USA.`
		`+ #`
		`+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
		`+`
		`+ export TEST=/CoreOS/libcap/Sanity/setcap-getcap-basic-functionality`
		`+ export TESTVERSION=1.0`
		`+`
		`+ BUILT_FILES=`
		`+`
		`+ FILES=$(METADATA) runtest.sh Makefile PURPOSE`
		`+`
		`+ .PHONY: all install download clean`
		`+`
		`+ run: $(FILES) build`
		`+ ./runtest.sh`
		`+`
		`+ build: $(BUILT_FILES)`
		`+ test -x runtest.sh \|\| chmod a+x runtest.sh`
		`+`
		`+ clean:`
		`+ rm -f *~ $(BUILT_FILES)`
		`+`
		`+`
		`+ include /usr/share/rhts/lib/rhts-make.include`
		`+`
		`+ $(METADATA): Makefile`
		`+ @echo "Owner: Karel Srot <ksrot@redhat.com>" > $(METADATA)`
		`+ @echo "Name: $(TEST)" >> $(METADATA)`
		`+ @echo "TestVersion: $(TESTVERSION)" >> $(METADATA)`
		`+ @echo "Path: $(TEST_DIR)" >> $(METADATA)`
		`+ @echo "Description: test basic functionality" >> $(METADATA)`
		`+ @echo "Type: Sanity" >> $(METADATA)`
		`+ @echo "TestTime: 5m" >> $(METADATA)`
		`+ @echo "RunFor: libcap" >> $(METADATA)`
		`+ @echo "Requires: libcap" >> $(METADATA)`
		`+ @echo "Priority: Normal" >> $(METADATA)`
		`+ @echo "License: GPLv2" >> $(METADATA)`
		`+ @echo "Confidential: no" >> $(METADATA)`
		`+ @echo "Destructive: no" >> $(METADATA)`
		`+ @echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)`
		`+`
		`+ rhts-lint $(METADATA)`

tests/setcap-getcap-basic-functionality/PURPOSE

file added

		`@@ -0,0 +1,3 @@`
		`+ PURPOSE of /CoreOS/libcap/Sanity/setcap-getcap-basic-functionality`
		`+ Description: test basic functionality`
		`+ Author: Karel Srot <ksrot@redhat.com>`

tests/setcap-getcap-basic-functionality/runtest.sh

file added

+98

		`@@ -0,0 +1,98 @@`
		`+ #!/bin/bash`
		`+ # vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k`
		`+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
		`+ #`
		`+ # runtest.sh of /CoreOS/libcap/Sanity/setcap-getcap-basic-functionality`
		`+ # Description: test basic functionality`
		`+ # Author: Karel Srot <ksrot@redhat.com>`
		`+ #`
		`+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
		`+ #`
		`+ # Copyright (c) 2017 Red Hat, Inc.`
		`+ #`
		`+ # This copyrighted material is made available to anyone wishing`
		`+ # to use, modify, copy, or redistribute it subject to the terms`
		`+ # and conditions of the GNU General Public License version 2.`
		`+ #`
		`+ # This program is distributed in the hope that it will be`
		`+ # useful, but WITHOUT ANY WARRANTY; without even the implied`
		`+ # warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR`
		`+ # PURPOSE. See the GNU General Public License for more details.`
		`+ #`
		`+ # You should have received a copy of the GNU General Public`
		`+ # License along with this program; if not, write to the Free`
		`+ # Software Foundation, Inc., 51 Franklin Street, Fifth Floor,`
		`+ # Boston, MA 02110-1301, USA.`
		`+ #`
		`+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
		`+`
		`+ # Include Beaker environment`
		`+ . /usr/bin/rhts-environment.sh \|\| exit 1`
		`+ . /usr/share/beakerlib/beakerlib.sh \|\| exit 1`
		`+`
		`+ PACKAGE="libcap"`
		`+`
		`+ rlJournalStart`
		`+ rlPhaseStartSetup`
		`+ rlAssertRpm $PACKAGE`
		`+ rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"`
		`+ rlRun "pushd $TmpDir"`
		`+ rlRun "mkdir mydir && touch file1 mydir/file2 mydir/file3"`
		`+ rlPhaseEnd`
		`+`
		`+ rlPhaseStartTest "set and get capabilities"`
		`+ rlRun "setcap cap_net_admin+p file1 cap_net_raw+ei mydir/file2"`
		`+ rlRun -s "getcap file1 mydir/file2"`
		`+ rlAssertGrep "file1 = cap_net_admin+p" $rlRun_LOG`
		`+ rlAssertGrep "mydir/file2 = cap_net_raw+ei" $rlRun_LOG`
		`+ rlPhaseEnd`
		`+`
		`+ rlPhaseStartTest "set capabilities via stdin"`
		`+ rlRun "echo -e 'cap_net_raw+p\ncap_net_admin+p' > input"`
		`+ rlRun -s "setcap - mydir/file3 < input"`
		`+ rlAssertGrep "Please enter caps for file \[empty line to end\]:" $rlRun_LOG`
		`+ rlRun "getcap mydir/file3 \| grep 'mydir/file3 = cap_net_admin,cap_net_raw+p'"`
		`+ rlPhaseEnd`
		`+`
		`+ rlPhaseStartTest "set capabilities quietly via stdin"`
		`+ rlRun "echo -e 'cap_net_raw+p' > input"`
		`+ rlRun -s "setcap -q - mydir/file3 < input"`
		`+ rlAssertNotGrep "Please enter caps for file" $rlRun_LOG`
		`+ rlRun "getcap mydir/file3 \| grep 'mydir/file3 = cap_net_raw+p'"`
		`+ rlPhaseEnd`
		`+`
		`+ rlPhaseStartTest "remove capabilities"`
		`+ rlRun "setcap -r mydir/file3"`
		`+ rlRun "getcap \| grep file3" 1 "There should be no capabilities listed for file1"`
		`+ rlPhaseEnd`
		`+`
		`+ rlPhaseStartTest "listing capabilities recursively"`
		`+ rlRun -s "getcap -r *"`
		`+ rlAssertGrep "file1 = cap_net_admin+p" $rlRun_LOG`
		`+ rlAssertGrep "mydir/file2 = cap_net_raw+ei" $rlRun_LOG`
		`+ rlPhaseEnd`
		`+`
		`+ rlPhaseStartTest "listing capabilities verbosely"`
		`+ rlRun -s "getcap -v mydir/*"`
		`+ rlAssertGrep "mydir/file2 = cap_net_raw+ei" $rlRun_LOG`
		`+ rlAssertGrep "mydir/file3\$" $rlRun_LOG -E`
		`+ rlPhaseEnd`
		`+`
		`+ rlPhaseStartTest "print help"`
		`+ rlRun "setcap -h \| grep 'usage: setcap'" 1`
		`+ rlRun "getcap -h \| grep 'usage: getcap'" 1`
		`+ rlPhaseEnd`
		`+`
		`+ rlPhaseStartTest "exit with 1 on error"`
		`+ rlRun -s "setcap foo bar" 1`
		`+ rlAssertGrep "fatal error: Invalid argument" $rlRun_LOG`
		`+ rlRun -s "getcap -f oo" 1`
		`+ rlAssertGrep "getcap: invalid option -- 'f'" $rlRun_LOG`
		`+ rlPhaseEnd`
		`+`
		`+ rlPhaseStartCleanup`
		`+ rlRun "popd"`
		`+ rlRun "rm -r $TmpDir" 0 "Removing tmp directory"`
		`+ rlPhaseEnd`
		`+ rlJournalPrintText`
		`+ rlJournalEnd`

tests/tests.yml

file added

+25

		`@@ -0,0 +1,25 @@`
		`+ ---`
		`+ # Tests that run in docker and classic context`
		`+ - hosts: localhost`
		`+ roles:`
		`+ - role: standard-test-beakerlib`
		`+ tags:`
		`+ - classic`
		`+ - container`
		`+ tests:`
		`+ - pam_cap-so-sanity-test`
		`+ - setcap-getcap-basic-functionality`
		`+ required_packages:`
		`+ - libcap # libcap package required for all tests`
		`+ - iputils # ping command required for capsh-basic-functionality`
		`+`
		`+ # Tests that run in atomic`
		`+ - hosts: localhost`
		`+ roles:`
		`+ - role: standard-test-beakerlib`
		`+ tags:`
		`+ - atomic`
		`+ tests:`
		`+ - capsh-basic-functionality`
		`+ - pam_cap-so-sanity-test`
		`+ - setcap-getcap-basic-functionality`

no initial comment

astepano commented 6 years ago

Justification

Adds tests according to the CI wiki specifically the standard test interface
in the spec.

Adds tests according to the CI wiki specifically the standard test interface
in the spec. The playbook includes Tier1 level test cases that have been
tested in the following contexts and is passing reliably: Classic,
Atomic, Container. Test logs are stored in the artifacts directory.

The following steps are used to execute the tests using the standard test
interface:

$ ansible-playbook --list-tags tests.yml

playbook: tests.yml

play #1 (localhost): localhost    TAGS: []
     TASK TAGS: [atomic, classic, container]

The following steps are used to execute the tests using the standard test
interface.

Test environment

Make sure you have installed packages from the spec.

$ rpm -q ansible python2-dnf libselinux-python standard-test-roles
ansible-2.3.2.0-1.fc26.noarch
python2-dnf-2.6.3-11.fc26.noarch
libselinux-python-2.6-7.fc26.x86_64
standard-test-roles-2.4-1.fc26.noarch

Run tests

For classic

$ sudo TEST_SUBJECTS='' ansible-playbook --inventory=/usr/share/ansible/inventory --tags=classic tests.yml

For atomic

$ curl -Lo ~/atomic.qcow2 https://ftp-stud.hs-esslingen.de/pub/Mirrors/alt.fedoraproject.org/atomic/stable/Fedora-Atomic-26-20170707.1/CloudImages/x86_64/images/Fedora-Atomic-26-20170707.1.x86_64.qcow2
$ sudo TEST_SUBJECTS=~/atomic.qcow2 ansible-playbook --inventory=/usr/share/ansible/inventory --tags=atomic tests.yml

For container

$ sudo TEST_SUBJECTS=docker:docker.io/library/fedora:26 ansible-playbook --inventory=/usr/share/ansible/inventory --tags=container tests.yml

Snippet of test run

TASK [standard-test-beakerlib : Execute beakerlib tests] ****************************************************************
changed: [/home/fedora/atomic.qcow2] => (item=capsh-basic-functionality)
changed: [/home/fedora/atomic.qcow2] => (item=pam_cap-so-sanity-test)
changed: [/home/fedora/atomic.qcow2] => (item=setcap-getcap-basic-functionality)

TASK [standard-test-beakerlib : Make the master test summary log artifact] **********************************************
changed: [/home/fedora/atomic.qcow2] => (item=capsh-basic-functionality)
changed: [/home/fedora/atomic.qcow2] => (item=pam_cap-so-sanity-test)
changed: [/home/fedora/atomic.qcow2] => (item=setcap-getcap-basic-functionality)

TASK [standard-test-beakerlib : Pull out the logs] *********************************************************************$
changed: [/home/fedora/atomic.qcow2]

TASK [standard-test-beakerlib : Check the results] *********************************************************************$
changed: [/home/fedora/atomic.qcow2]

PLAY RECAP *************************************************************************************************************$
/home/fedora/atomic.qcow2  : ok=14   changed=9    unreachable=0    failed=0

Notes

Tests will be enabled in CI, yet gating is currently disabled, so nothing will
change. Tests will run on each dist-git commit, they are not triggered on koji
builds and if you are using FMN, it should notify you of failures normally.

The RH QE maintainer contact in case you have questions: ksrot @redhat.com The
idea is that these tests become yours just as you are maintaining the package,
there will of course be people around if you have questions or troubles.

karsten commented 6 years ago

The docker tests fail if you have LANG=de_DE.UTF-8 (or any other LANG != C/en*) :
[ FAIL ] :: File '/var/tmp/rlRun_LOG.CBJ0oLo7' should contain 'uid=99(nobody) gid=99(nobody) groups=99(nobody)'

with LANG=de_DE.UTF-8: