acl.inc, run-ptest: improve ptest functionality on limited rootfs

ACL's ptest has a handful of failure modes which can be triggered by a restrictive or small system. First, the ptest requires that daemon be in the bin group, which run-ptest attempts to do using gpasswd, but gpasswd is part of shadow, and oe-core removes shadow when it doesn't think shadow will be needed. Even if, say, a package has RDEPENDS on it. Whoops. So we manually sed the group file. This will probably work. Second, the filesystem used for the test has to support ACLs, so we create a dummy ext3 filesystem and use that. Third, the root/permissions test relies on the assumption that "mkdir d" produces a directory which non-root users can access, but in a secure product which defaults to umask 077, this doesn't work. (That fix has been separately reported to upstream acl through their bug report form.) (This may prevent the test from running without mkfs.ext3, but it allows the test to run on targets where root doesn't have ACL support. Tradeoffs, tradeoffs everywhere.) (From OE-Core rev: 0f1054e7db74bb4a196e00773915d7997b55bdf2) Signed-off-by: Peter Seebach <peter.seebach@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Peter Seebach <peter.seebach@windriver.com> 2016-05-18 16:30:47 -0500
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-05-20 10:20:55 +0100
commit: 070ea45b6cf99227c208edf58a0c79657a3702fc (patch)
tree: 868881eae38036e4c9cec4f3883298db5f963367 /meta/recipes-support/attr
parent: 599933cfe19dbe746ec0fd8be976a1682d5aef82 (diff)
download: poky-070ea45b6cf99227c208edf58a0c79657a3702fc.tar.gz
3 files changed, 87 insertions, 5 deletions
diff --git a/meta/recipes-support/attr/acl.inc b/meta/recipes-support/attr/acl.inc
index 198fb4fed9..aebebfd965 100644
--- a/meta/recipes-support/attr/acl.inc
+++ b/meta/recipes-support/attr/acl.inc
@@ -14,6 +14,7 @@ SRC_URI = "${SAVANNAH_GNU_MIRROR}/acl/${BP}.src.tar.gz \
           file://acl-fix-the-order-of-expected-output-of-getfacl.patch \
           file://test-fix-insufficient-quoting-of.patch \
           file://test-fixups-on-SELinux-machines-for-root-testcases.patch \
+           file://test-fix-directory-permissions.patch \
 "
 require ea-acl.inc
diff --git a/meta/recipes-support/attr/acl/run-ptest b/meta/recipes-support/attr/acl/run-ptest
index 3b31cc99af..a56946d8e6 100644
--- a/meta/recipes-support/attr/acl/run-ptest
+++ b/meta/recipes-support/attr/acl/run-ptest
@@ -1,7 +1,64 @@
 #!/bin/sh
+#
+#This script is used to run acl test suites
-gpasswd -a daemon bin
+#umask 077
-make -C test -k tests root-tests |sed \
- -e 's|^\[.*\] \(.*\) -- ok$|PASS: \1|' \
+EXT3_IMAGE=ext3.img
- -e 's|^\[.*\] \(.*\) -- failed|FAIL: \1|'
+EXT3_MOUNT_POINT=/mnt/ext3
-gpasswd -d daemon bin
+trap 'rm -f ${EXT3_IMAGE}' EXIT
+dd if=/dev/zero of=${EXT3_IMAGE} bs=1M count=1
+if [ "$?" -eq 0 ]; then
+        echo "PASS: dump ext3.img"
+else
+        echo "FAIL: dump ext3.img"
+        exit 1
+fi
+mkfs.ext3 -F ${EXT3_IMAGE}
+if [ "$?" -eq 0 ]; then
+        echo "PASS: mkfs.ext3 -F ext3.img"
+else
+        echo "FAIL: mkfs.ext3 -F ext3.img"
+        exit 1
+fi
+if [ -d $EXT3_MOUNT_POINT ]; then
+        echo "mount point exist"
+else
+        mkdir -p $EXT3_MOUNT_POINT
+fi
+mount -o loop,rw,acl  ${EXT3_IMAGE} $EXT3_MOUNT_POINT
+if [ "$?" -eq 0 ]; then
+        echo "PASS: mount ext3.img"
+else
+        echo "FAIL: mount ext3.img"
+        exit 1
+fi
+cp -rf ./test/ $EXT3_MOUNT_POINT
+cd $EXT3_MOUNT_POINT/test/
+if      sed -e 's!^bin:x:2:$!bin:x:2:daemon!' < /etc/group > gtmp
+then    if      cp /etc/group group.orig;
+        then    cp gtmp /etc/group
+                make  -k tests root-tests | sed \
+                        -e 's|^\[.*\] \(.*\) -- ok$|PASS: \1|' \
+                        -e 's|^\[.*\] \(.*\) -- failed|FAIL: \1|'
+                cp group.orig /etc/group
+        else    echo "FAIL: couldn't save original group file."
+                exit 1
+        fi
+else    echo "FAIL: couldn't create modified group file."
+        exit 1
+fi
+cd -
+umount $EXT3_MOUNT_POINT
+rm -rf $EXT3_MOUNT_POINT
+rm $EXT3_IMAGE
diff --git a/meta/recipes-support/attr/acl/test-fix-directory-permissions.patch b/meta/recipes-support/attr/acl/test-fix-directory-permissions.patch
new file mode 100644
index 0000000000..cd4510c0b0
--- /dev/null
+++ b/meta/recipes-support/attr/acl/test-fix-directory-permissions.patch
@@ -0,0 +1,24 @@
+commit c45bae84817a70fef6c2b661a07a492a0d23ae85
+Author: Peter Seebach <peter.seebach@windriver.com>
+Date:   Wed May 11 15:16:06 2016 -0500
+    Fix permissions on temporary directory
+    The temporary directory's permissions have to allow other users to
+    view the directory. A default umask of 022 is common, but not mandatory,
+    and secure systems may have more restrictive defaults.
+    Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
+diff --git a/test/root/permissions.test b/test/root/permissions.test
+index 42615f5..098b52a 100644
+--- a/test/root/permissions.test
+++ b/test/root/permissions.test
+@@ -16,6 +16,7 @@ Cry immediately if we are not running as root.
+ First, set up a temporary directory and create a regular file with
+ defined permissions.
+ 
+       $ umask 022
+        $ mkdir d
+        $ cd d
+        $ umask 027
author	Peter Seebach <peter.seebach@windriver.com>	2016-05-18 16:30:47 -0500
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-05-20 10:20:55 +0100
commit	070ea45b6cf99227c208edf58a0c79657a3702fc (patch)
tree	868881eae38036e4c9cec4f3883298db5f963367 /meta/recipes-support/attr
parent	599933cfe19dbe746ec0fd8be976a1682d5aef82 (diff)
download	poky-070ea45b6cf99227c208edf58a0c79657a3702fc.tar.gz

diff --git a/meta/recipes-support/attr/acl.inc b/meta/recipes-support/attr/acl.inc index 198fb4fed9..aebebfd965 100644 --- a/meta/recipes-support/attr/acl.inc +++ b/meta/recipes-support/attr/acl.inc
@@ -14,6 +14,7 @@ SRC_URI = "${SAVANNAH_GNU_MIRROR}/acl/${BP}.src.tar.gz \
14	file://acl-fix-the-order-of-expected-output-of-getfacl.patch \	14	file://acl-fix-the-order-of-expected-output-of-getfacl.patch \
15	file://test-fix-insufficient-quoting-of.patch \	15	file://test-fix-insufficient-quoting-of.patch \
16	file://test-fixups-on-SELinux-machines-for-root-testcases.patch \	16	file://test-fixups-on-SELinux-machines-for-root-testcases.patch \
		17	file://test-fix-directory-permissions.patch \
17	"	18	"
18		19
19	require ea-acl.inc	20	require ea-acl.inc


diff --git a/meta/recipes-support/attr/acl/run-ptest b/meta/recipes-support/attr/acl/run-ptest index 3b31cc99af..a56946d8e6 100644 --- a/meta/recipes-support/attr/acl/run-ptest +++ b/meta/recipes-support/attr/acl/run-ptest
@@ -1,7 +1,64 @@
1	#!/bin/sh	1	#!/bin/sh
		2	#
		3	#This script is used to run acl test suites
2		4
3	gpasswd -a daemon bin	5	#umask 077
4	make -C test -k tests root-tests \|sed \	6
5	-e 's\|^\[.\] \(.\) -- ok$\|PASS: \1\|' \	7	EXT3_IMAGE=ext3.img
6	-e 's\|^\[.\] \(.\) -- failed\|FAIL: \1\|'	8	EXT3_MOUNT_POINT=/mnt/ext3
7	gpasswd -d daemon bin	9
		10	trap 'rm -f ${EXT3_IMAGE}' EXIT
		11
		12	dd if=/dev/zero of=${EXT3_IMAGE} bs=1M count=1
		13	if [ "$?" -eq 0 ]; then
		14	echo "PASS: dump ext3.img"
		15	else
		16	echo "FAIL: dump ext3.img"
		17	exit 1
		18	fi
		19
		20	mkfs.ext3 -F ${EXT3_IMAGE}
		21	if [ "$?" -eq 0 ]; then
		22	echo "PASS: mkfs.ext3 -F ext3.img"
		23	else
		24	echo "FAIL: mkfs.ext3 -F ext3.img"
		25	exit 1
		26	fi
		27
		28	if [ -d $EXT3_MOUNT_POINT ]; then
		29	echo "mount point exist"
		30	else
		31	mkdir -p $EXT3_MOUNT_POINT
		32	fi
		33
		34
		35	mount -o loop,rw,acl ${EXT3_IMAGE} $EXT3_MOUNT_POINT
		36	if [ "$?" -eq 0 ]; then
		37	echo "PASS: mount ext3.img"
		38	else
		39	echo "FAIL: mount ext3.img"
		40	exit 1
		41	fi
		42
		43	cp -rf ./test/ $EXT3_MOUNT_POINT
		44
		45	cd $EXT3_MOUNT_POINT/test/
		46
		47	if sed -e 's!^bin:x:2:$!bin:x:2:daemon!' < /etc/group > gtmp
		48	then if cp /etc/group group.orig;
		49	then cp gtmp /etc/group
		50	make -k tests root-tests \| sed \
		51	-e 's\|^\[.\] \(.\) -- ok$\|PASS: \1\|' \
		52	-e 's\|^\[.\] \(.\) -- failed\|FAIL: \1\|'
		53	cp group.orig /etc/group
		54	else echo "FAIL: couldn't save original group file."
		55	exit 1
		56	fi
		57	else echo "FAIL: couldn't create modified group file."
		58	exit 1
		59	fi
		60
		61	cd -
		62	umount $EXT3_MOUNT_POINT
		63	rm -rf $EXT3_MOUNT_POINT
		64	rm $EXT3_IMAGE


diff --git a/meta/recipes-support/attr/acl/test-fix-directory-permissions.patch b/meta/recipes-support/attr/acl/test-fix-directory-permissions.patch new file mode 100644 index 0000000000..cd4510c0b0 --- /dev/null +++ b/meta/recipes-support/attr/acl/test-fix-directory-permissions.patch
@@ -0,0 +1,24 @@
		1	commit c45bae84817a70fef6c2b661a07a492a0d23ae85
		2	Author: Peter Seebach <peter.seebach@windriver.com>
		3	Date: Wed May 11 15:16:06 2016 -0500
		4
		5	Fix permissions on temporary directory
		6
		7	The temporary directory's permissions have to allow other users to
		8	view the directory. A default umask of 022 is common, but not mandatory,
		9	and secure systems may have more restrictive defaults.
		10
		11	Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
		12
		13	diff --git a/test/root/permissions.test b/test/root/permissions.test
		14	index 42615f5..098b52a 100644
		15	--- a/test/root/permissions.test
		16	+++ b/test/root/permissions.test
		17	@@ -16,6 +16,7 @@ Cry immediately if we are not running as root.
		18	First, set up a temporary directory and create a regular file with
		19	defined permissions.
		20
		21	+ $ umask 022
		22	$ mkdir d
		23	$ cd d
		24	$ umask 027