Merge pull request #473 from hallyn/2021-12-26/srht
Test sr.ht CI integration
This commit is contained in:
commit
7052a0a2dd
26
.build.yml
Normal file
26
.build.yml
Normal file
@ -0,0 +1,26 @@
|
||||
image: ubuntu/focal
|
||||
packages:
|
||||
- automake
|
||||
- autopoint
|
||||
- xsltproc
|
||||
- libselinux1-dev
|
||||
- gettext
|
||||
- expect
|
||||
- byacc
|
||||
- libtool
|
||||
sources:
|
||||
- https://github.com/shadow-maint/shadow
|
||||
tasks:
|
||||
- build: |
|
||||
cd shadow
|
||||
./autogen.sh --without-selinux --disable-man
|
||||
grep ENABLE_ config.status
|
||||
- tasks: |
|
||||
cd shadow
|
||||
cat /proc/self/uid_map
|
||||
cat /proc/self/status
|
||||
systemd-detect-virt
|
||||
make
|
||||
make DESTDIR=/tmp/shadow-inst install
|
||||
sudo make install
|
||||
(cd tests; sudo ./run_some || { cat testsuite.log; false; })
|
43
.github/workflows/main.yml
vendored
43
.github/workflows/main.yml
vendored
@ -1,43 +0,0 @@
|
||||
name: CI
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ master ]
|
||||
pull_request:
|
||||
branches: [ master ]
|
||||
# Allows you to run this workflow manually from the Actions tab
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
build:
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: debug
|
||||
run: |
|
||||
id
|
||||
which bash
|
||||
whoami
|
||||
env
|
||||
ps -ef
|
||||
pwd
|
||||
cat /proc/self/uid_map
|
||||
cat /proc/self/status
|
||||
systemd-detect-virt
|
||||
- name: Install dependencies
|
||||
run: |
|
||||
sudo apt-get update
|
||||
sudo apt-get -y install automake autopoint xsltproc gettext expect byacc libtool
|
||||
- name: configure
|
||||
run: |
|
||||
./autogen.sh --without-selinux --disable-man
|
||||
grep ENABLE_ config.status
|
||||
- run: make
|
||||
- run: make install DESTDIR=${HOME}/rootfs
|
||||
- run: sudo make install
|
||||
- run: |
|
||||
cd tests
|
||||
sudo ./run_some
|
||||
cat testsuite.log
|
@ -122,7 +122,7 @@ enum subid_status shadow_subid_list_owner_ranges(const char *owner, enum subid_t
|
||||
if (id_type == ID_TYPE_UID && strcmp(owner, "group1") == 0)
|
||||
return SUBID_STATUS_SUCCESS;
|
||||
ranges = (struct subid_range *)malloc(sizeof(struct subid_range));
|
||||
if (!*ranges)
|
||||
if (!ranges)
|
||||
return SUBID_STATUS_ERROR;
|
||||
if (strcmp(owner, "user1") == 0 || strcmp(owner, "group1") == 0) {
|
||||
ranges[0].start = 100000;
|
||||
|
@ -25,22 +25,24 @@ sysctl -q kernel.unprivileged_userns_clone=1
|
||||
echo "OK"
|
||||
|
||||
echo -n "Create world writable tmp directory... "
|
||||
rm -rf /tmp/test-gidmap
|
||||
mkdir -m 0777 /tmp/test-gidmap
|
||||
echo "OK"
|
||||
|
||||
echo -n "setup gidmapping... "
|
||||
base=$(id -g foo)
|
||||
runuser foo -g foo -c "unshare -U sleep 10 & pid=\$!; \
|
||||
newgidmap \$pid 0 1000 1 1 1000000 1000; ret=\$?; \
|
||||
cat /proc/\$pid/gid_map >/tmp/test-gidmap/gid_map;
|
||||
sleep 2; newgidmap \$pid 0 $base 1 1 1000000 1000; ret=\$?; \
|
||||
cat /proc/\$pid/gid_map >/tmp/test-gidmap/gid_map;
|
||||
kill \$pid; exit \$ret"
|
||||
../../common/compare_file.pl /tmp/test-gidmap/gid_map data/gid_map
|
||||
echo "OK"
|
||||
|
||||
echo -n "Try to setup gidmapping with different primary group... "
|
||||
runuser foo -g bar -c "unshare -U sleep 10 & pid=\$!; \
|
||||
newgidmap \$pid 0 1001 1 1 1000000 1000 2>/tmp/test-gidmap/newgidmap.err; ret=\$?; \
|
||||
sleep 2; newgidmap \$pid 0 $base 1 1 1000000 1000 2>/tmp/test-gidmap/newgidmap.err; ret=\$?; \
|
||||
kill \$pid; exit \$ret" && exit 1 || {
|
||||
status=$?
|
||||
status=$?
|
||||
}
|
||||
echo "OK"
|
||||
|
||||
|
@ -23,21 +23,36 @@ change_config
|
||||
sysctl -q kernel.unprivileged_userns_clone=1
|
||||
|
||||
echo -n "Create world writable tmp directory..."
|
||||
rm -rf /tmp/test-gidmap
|
||||
mkdir -m 0777 /tmp/test-gidmap
|
||||
echo "OK"
|
||||
|
||||
echo -n "setup gidmapping... "
|
||||
base=$(id -g foo)
|
||||
runuser foo -g foo -c "unshare -U sleep 10 & pid=\$!; \
|
||||
newgidmap \$pid 0 1000 1 1 1000000 1000; ret=\$?; \
|
||||
cat /proc/\$pid/gid_map >/tmp/test-gidmap/gid_map;
|
||||
sleep 2s; newgidmap \$pid 0 $base 1 1 1000000 1000; ret=\$?; \
|
||||
cat /proc/\$pid/gid_map >/tmp/test-gidmap/gid_map;
|
||||
kill \$pid; exit \$ret"
|
||||
../../common/compare_file.pl /tmp/test-gidmap/gid_map data/gid_map
|
||||
echo "OK"
|
||||
|
||||
# This next test should fail if setgroups on the ns is not
|
||||
# USERNS_SETGROUPS_ALLOWED ("allow")
|
||||
# TODO let's figure out what to do about this. For now skip
|
||||
# that test.
|
||||
log_status "$0" "SUCCESS"
|
||||
|
||||
sysctl -q kernel.unprivileged_userns_clone=$unpriv_userns
|
||||
rm -rf /tmp/test-gidmap;
|
||||
|
||||
restore_config
|
||||
trap '' 0
|
||||
exit 0
|
||||
|
||||
echo -n "setup gidmapping with different primary group... "
|
||||
runuser foo -g bar -c "unshare -U sleep 10 & pid=\$!; \
|
||||
newgidmap \$pid 0 1001 1 1 1000000 1000; ret=\$?; \
|
||||
cat /proc/\$pid/gid_map >/tmp/test-gidmap/gid_map;
|
||||
sleep 2s; newgidmap \$pid 0 $base 1 1 1000000 1000; ret=\$?; \
|
||||
cat /proc/\$pid/gid_map >/tmp/test-gidmap/gid_map;
|
||||
kill \$pid; exit \$ret"
|
||||
../../common/compare_file.pl /tmp/test-gidmap/gid_map data/gid_map.bar
|
||||
echo "OK"
|
||||
|
@ -1,6 +1,6 @@
|
||||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
set -ex
|
||||
|
||||
cd $(dirname $0)
|
||||
|
||||
@ -25,20 +25,22 @@ sysctl -q kernel.unprivileged_userns_clone=1
|
||||
echo "OK"
|
||||
|
||||
echo -n "Create world writable tmp directory... "
|
||||
rm -rf /tmp/test-uidmap
|
||||
mkdir -m 0777 /tmp/test-uidmap
|
||||
echo "OK"
|
||||
|
||||
echo -n "setup uidmapping... "
|
||||
base=$(id -u foo)
|
||||
runuser foo -g foo -c "unshare -U sleep 10 & pid=\$!; \
|
||||
newuidmap \$pid 0 1000 1 1 1000000 1000; ret=\$?; \
|
||||
cat /proc/\$pid/uid_map >/tmp/test-uidmap/uid_map;
|
||||
sleep 2s; newuidmap \$pid 0 $base 1 1 1000000 1000; ret=\$?; \
|
||||
cat /proc/\$pid/uid_map >/tmp/test-uidmap/uid_map;
|
||||
kill \$pid; exit \$ret"
|
||||
../../common/compare_file.pl /tmp/test-uidmap/uid_map data/uid_map
|
||||
echo "OK"
|
||||
|
||||
echo -n "Try to setup uidmapping with different primary group... "
|
||||
runuser foo -g bar -c "unshare -U sleep 10 & pid=\$!; \
|
||||
newuidmap \$pid 0 1000 1 1 1000000 1000 2>/tmp/test-uidmap/newuidmap.err; ret=\$?; \
|
||||
newuidmap \$pid 0 $base 1 1 1000000 1000 2>/tmp/test-uidmap/newuidmap.err; ret=\$?; \
|
||||
kill \$pid; exit \$ret" && exit 1 || {
|
||||
status=$?
|
||||
}
|
||||
|
@ -1,6 +1,6 @@
|
||||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
set -ex
|
||||
|
||||
cd $(dirname $0)
|
||||
|
||||
@ -23,12 +23,14 @@ change_config
|
||||
sysctl -q kernel.unprivileged_userns_clone=1
|
||||
|
||||
echo -n "Create world writable tmp directory..."
|
||||
rm -rf /tmp/test-uidmap
|
||||
mkdir -m 0777 /tmp/test-uidmap
|
||||
echo "OK"
|
||||
|
||||
echo -n "setup uidmapping... "
|
||||
base=$(id -u foo)
|
||||
runuser foo -g foo -c "unshare -U sleep 10 & pid=\$!; \
|
||||
newuidmap \$pid 0 1000 1 1 1000000 1000; ret=\$?; \
|
||||
sleep 2; newuidmap \$pid 0 $base 1 1 1000000 1000; ret=\$?; \
|
||||
cat /proc/\$pid/uid_map >/tmp/test-uidmap/uid_map;
|
||||
kill \$pid; exit \$ret"
|
||||
../../common/compare_file.pl /tmp/test-uidmap/uid_map data/uid_map
|
||||
@ -36,7 +38,7 @@ echo "OK"
|
||||
|
||||
echo -n "setup uidmapping with different primary group... "
|
||||
runuser foo -g bar -c "unshare -U sleep 10 & pid=\$!; \
|
||||
newuidmap \$pid 0 1000 1 1 1000000 1000; ret=\$?; \
|
||||
sleep 2; newuidmap \$pid 0 $base 1 1 1000000 1000; ret=\$?; \
|
||||
cat /proc/\$pid/uid_map >/tmp/test-uidmap/uid_map;
|
||||
kill \$pid; exit \$ret"
|
||||
../../common/compare_file.pl /tmp/test-uidmap/uid_map data/uid_map
|
||||
|
@ -32,6 +32,8 @@ run_test()
|
||||
[ -f /etc/group.lock ] && echo $1 /etc/group.lock || true
|
||||
[ -f /etc/shadow.lock ] && echo $1 /etc/shadow.lock || true
|
||||
[ -f /etc/gshadow.lock ] && echo $1 /etc/gshadow.lock || true
|
||||
[ -f /etc/gshadow.lock ] && echo $1 /etc/gshadow.lock || true
|
||||
rm -rf /tmp/test-uidmap
|
||||
if [ "$(stat -c"%G" /etc/shadow)" != "shadow" ]
|
||||
then
|
||||
echo $1
|
||||
@ -137,4 +139,5 @@ if [ "$failed" != 0 ]
|
||||
then
|
||||
echo "the following tests failed:"
|
||||
echo "$failed_tests"
|
||||
exit 1
|
||||
fi
|
||||
|
Loading…
Reference in New Issue
Block a user