Blob Blame History Raw
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
#   runtest.sh of /CoreOS/opencryptoki/Sanity/pkcsslotd-to-create-lock-and-log-directories
#   Description: Test for BZ#1343671 (RHEL7.3 - patch to create lock and log directories)
#   Author: Karel Srot <ksrot@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
#   Copyright (c) 2016 Red Hat, Inc.
#
#   This copyrighted material is made available to anyone wishing
#   to use, modify, copy, or redistribute it subject to the terms
#   and conditions of the GNU General Public License version 2.
#
#   This program is distributed in the hope that it will be
#   useful, but WITHOUT ANY WARRANTY; without even the implied
#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
#   PURPOSE. See the GNU General Public License for more details.
#
#   You should have received a copy of the GNU General Public
#   License along with this program; if not, write to the Free
#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
#   Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# Include Beaker environment
. /usr/share/beakerlib/beakerlib.sh || exit 1

PACKAGE="opencryptoki"

USER="bz1343671user"

TESTDIR=`pwd`

LOCKDIR=/run/lock  # see bz#1373833
rlIsRHEL '<7' && LOCKDIR=/var/lock

rlJournalStart
    rlPhaseStartSetup
        rlAssertRpm $PACKAGE
        rlRun "rlImport nvr/nvr" || rlDie "cannot import nvr library"
        rlRun "rlImport opencryptoki/token-manipulation" 2> import.log || rlDie "Could not import opencryptoki/token-manipulation library"
        # need library path so we can import it as a test user
        LIBPATH=`grep 'Will try to import opencryptoki\/token-manipulation from' import.log | sed 's/^.*token-manipulation from//'`
    echo "LIBPATH=$LIBPATH"
        rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
        rlRun "pushd $TmpDir"
	    rlServiceStop pkcsslotd
        rlFileBackup --clean /var/lib/opencryptoki /var/log/opencryptoki $LOCKDIR/opencryptoki
        # avoid using /var/lock symlink to properly test bug 1373833
	    if [ "$LOCKDIR" == "/run/lock" ]; then
		    [ -L /var/lock ] && rlFileBackup /var/lock && rlRun "rm -f /var/lock"
	    fi
        rlRun "useradd -m $USER -G pkcs11"
    rlPhaseEnd

    rlPhaseStartTest "testing directory creation during pkcsslotd start"
	    rlRun "rm -rf /var/log/opencryptoki $LOCKDIR/opencryptoki"
	    rlRun "pkcsResetTokens"
        rlServiceStart pkcsslotd
	    rlAssertExists /var/log/opencryptoki
	    rlAssertExists $LOCKDIR/opencryptoki
	    rlRun "matchpathcon /var/log/opencryptoki"
	    rlRun "matchpathcon $LOCKDIR/opencryptoki"
	    rlRun "su $USER -c 'pkcsconf -t' &> query1.log"
        cat query1.log
        if nvrTestPackage opencryptoki '<' 3.14.0; then
	        rlAssertGrep "Model: IBM SoftTok" query1.log
        else
            rlAssertGrep "Model: Soft " query1.log
        fi
    rlPhaseEnd

    # initialize every token available
    for SLOT in `sed -n 's/^Token #\([0-9]\).*/\1/gp' query1.log`; do

        rlPhaseStartTest "initialize token #$SLOT"
	    	rlRun "su $USER -c 'source $LIBPATH && pkcsInitToken $SLOT'"
	    	rlRun "su $USER -c 'pkcsconf -t -c $SLOT' &> query2.log"
	    	cat query2.log
	    	rlAssertGrep 'Flags:.*LOGIN_REQUIRED.*USER_PIN_INITIALIZED.*TOKEN_INITIALIZED' query2.log -E
        rlPhaseEnd

    done

  if [ "$LOCKDIR" == "/run/lock" ]; then
    rlPhaseStartTest "checking there is no /var/lock in filelist"
        rlRun "rpm -ql $(rpm -qa | grep opencryptoki | tr '\n' ' ') | grep /var/lock" 1
    rlPhaseEnd
  fi

    rlPhaseStartTest "checking $LOCKDIR/opencryptoki selinux contexts"
	    rlRun -s "restorecon -Rnv $LOCKDIR/opencryptoki"
	    rlAssertNotGrep "restorecon reset" $rlRun_LOG
    rlPhaseEnd

    rlPhaseStartCleanup
        rlRun "popd"
        rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
	    rlFileRestore
        rlRun "pkcsRestoreTokens"
	    rlServiceRestore pkcsslotd
        rlLog "Waiting 12 sec for systemd --user process to exit..."
        sleep 12
        rlRun "userdel -r $USER" || ps -ef
    rlPhaseEnd
rlJournalPrintText
rlJournalEnd