From 1690aa2971f25571be1e22ad2aea43f51111fa6f Mon Sep 17 00:00:00 2001 From: Karel Srot Date: Apr 21 2021 12:35:36 +0000 Subject: added test pkcsslotd-to-create-lock-and-log-directories --- diff --git a/Sanity/pkcsslotd-to-create-lock-and-log-directories/main.fmf b/Sanity/pkcsslotd-to-create-lock-and-log-directories/main.fmf new file mode 100644 index 0000000..1c15594 --- /dev/null +++ b/Sanity/pkcsslotd-to-create-lock-and-log-directories/main.fmf @@ -0,0 +1,48 @@ +summary: Test for BZ#1343671 (RHEL7.3 - patch to create lock and log directories) +description: | + Bug summary: RHEL7.3 - patch to create lock and log directories from opencryptoki + Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1343671 +contact: Karel Srot +component: +- openCryptoki +test: ./runtest.sh +framework: beakerlib +require: +#- library(distribution/nvr) +- url: https://github.com/beakerlib/nvr.git + name: /nvr +- url: https://src.fedoraproject.org/tests/opencryptoki.git + name: /Library/token-manipulation +recommend: +- opencryptoki +- opencryptoki-swtok +- opencryptoki-tpmtok +- opencryptoki-ccatok +- opencryptoki-icsftok +- opencryptoki-icatok +- expect +- libselinux-utils +- policycoreutils +duration: 5m +enabled: true +tag: +- CI-Tier-1 +- NoRHEL4 +- NoRHEL5 +- NoRHEL6 +- TIPpass_Security +- Tier1 +- Tier1security +- TierCandidatesPASS +tier: '1' +link: +- relates: https://bugzilla.redhat.com/show_bug.cgi?id=1343671 +- relates: https://bugzilla.redhat.com/show_bug.cgi?id=1373833 +- relates: https://bugzilla.redhat.com/show_bug.cgi?id=1697489 +adjust: +- enabled: false + when: distro == rhel-4, rhel-5, rhel-6 + continue: false +extra-nitrate: TC#0532369 +extra-summary: /CoreOS/opencryptoki/Sanity/pkcsslotd-to-create-lock-and-log-directories +extra-task: /CoreOS/opencryptoki/Sanity/pkcsslotd-to-create-lock-and-log-directories diff --git a/Sanity/pkcsslotd-to-create-lock-and-log-directories/runtest.sh b/Sanity/pkcsslotd-to-create-lock-and-log-directories/runtest.sh new file mode 100755 index 0000000..53bd9a5 --- /dev/null +++ b/Sanity/pkcsslotd-to-create-lock-and-log-directories/runtest.sh @@ -0,0 +1,111 @@ +#!/bin/bash +# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/opencryptoki/Sanity/pkcsslotd-to-create-lock-and-log-directories +# Description: Test for BZ#1343671 (RHEL7.3 - patch to create lock and log directories) +# Author: Karel Srot +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2016 Red Hat, Inc. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="opencryptoki" + +USER="bz1343671user" + +TESTDIR=`pwd` + +LOCKDIR=/run/lock # see bz#1373833 +rlIsRHEL '<7' && LOCKDIR=/var/lock + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm $PACKAGE + rlRun "rlImport nvr" || rlDie "cannot import nvr library" + rlRun "rlImport opencryptoki/token-manipulation" 2> import.log || rlDie "Could not import opencryptoki/token-manipulation library" + # need library path so we can import it as a test user + LIBPATH=`grep 'Will try to import opencryptoki\/token-manipulation from' import.log | sed 's/^.*token-manipulation from//'` + echo "LIBPATH=$LIBPATH" + rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlServiceStop pkcsslotd + rlFileBackup --clean /var/lib/opencryptoki /var/log/opencryptoki $LOCKDIR/opencryptoki + # avoid using /var/lock symlink to properly test bug 1373833 + if [ "$LOCKDIR" == "/run/lock" ]; then + [ -L /var/lock ] && rlFileBackup /var/lock && rlRun "rm -f /var/lock" + fi + rlRun "useradd -m $USER -G pkcs11" + rlPhaseEnd + + rlPhaseStartTest "testing directory creation during pkcsslotd start" + rlRun "rm -rf /var/log/opencryptoki $LOCKDIR/opencryptoki" + rlRun "pkcsResetTokens" + rlServiceStart pkcsslotd + rlAssertExists /var/log/opencryptoki + rlAssertExists $LOCKDIR/opencryptoki + rlRun "matchpathcon /var/log/opencryptoki" + rlRun "matchpathcon $LOCKDIR/opencryptoki" + rlRun "su $USER -c 'pkcsconf -t' &> query1.log" + cat query1.log + if nvrTestPackage opencryptoki '<' 3.14.0; then + rlAssertGrep "Model: IBM SoftTok" query1.log + else + rlAssertGrep "Model: Soft " query1.log + fi + rlPhaseEnd + + # initialize every token available + for SLOT in `sed -n 's/^Token #\([0-9]\).*/\1/gp' query1.log`; do + + rlPhaseStartTest "initialize token #$SLOT" + rlRun "su $USER -c 'source $LIBPATH && pkcsInitToken $SLOT'" + rlRun "su $USER -c 'pkcsconf -t -c $SLOT' &> query2.log" + cat query2.log + rlAssertGrep 'Flags:.*LOGIN_REQUIRED.*USER_PIN_INITIALIZED.*TOKEN_INITIALIZED' query2.log -E + rlPhaseEnd + + done + + if [ "$LOCKDIR" == "/run/lock" ]; then + rlPhaseStartTest "checking there is no /var/lock in filelist" + rlRun "rpm -ql $(rpm -qa | grep opencryptoki | tr '\n' ' ') | grep /var/lock" 1 + rlPhaseEnd + fi + + rlPhaseStartTest "checking $LOCKDIR/opencryptoki selinux contexts" + rlRun -s "restorecon -Rnv $LOCKDIR/opencryptoki" + rlAssertNotGrep "restorecon reset" $rlRun_LOG + rlPhaseEnd + + rlPhaseStartCleanup + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlFileRestore + rlRun "pkcsRestoreTokens" + rlServiceRestore pkcsslotd + rlLog "Waiting 12 sec for systemd --user process to exit..." + sleep 12 + rlRun "userdel -r $USER" || ps -ef + rlPhaseEnd +rlJournalPrintText +rlJournalEnd