openmamba/autospec
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tests: be less verbose

Browse Source 
Signed-off-by: Davide Madrisan <davide.madrisan@gmail.com>
This commit is contained in:
Davide Madrisan 2012-01-08 23:37:58 +01:00
parent ff13cc3031
commit 701cb887d6
3 changed files with 69 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -24,6 +24,10 @@ Changes in version 1.8.3
templates/standard, templates/standard-daemon - Davide Madrisan: templates/standard, templates/standard-daemon - Davide Madrisan:
Add the %debug_package macro when required. Add the %debug_package macro when required.
* tests/test01_pkgquality
tests/test02_pkgsecurity - Davide Madrisan:
Be less verbose.
-------------------------------------------------------------------------------- --------------------------------------------------------------------------------
Changes in version 1.8.2 Changes in version 1.8.2

79
tests/test01_pkgquality.in
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# test01_pkgquality -- @package@ test (rpm quality checks) # test01_pkgquality -- @package@ test (rpm quality checks)
# Copyright (C) 2008 Davide Madrisan <davide.madrisan@gmail.com> # Copyright (C) 2008,2012 Davide Madrisan <davide.madrisan@gmail.com>
[ -z "$BASH" ] || [ ${BASH_VERSION:0:1} -lt 2 ] && [ -z "$BASH" ] || [ ${BASH_VERSION:0:1} -lt 2 ] &&
echo $"this script requires bash version 2 or better" >&2 && exit 1 echo $"this script requires bash version 2 or better" >&2 && exit 1
@ -19,7 +19,7 @@ TEXTDOMAIN="test01_pkgquality"; export TEXTDOMAIN
function alltests() { function alltests() {
# FIXME: add to 'po' file # FIXME: add to 'po' file
notify.note "** ${NOTE}"$"performing quality checks""${NORM}""..." notify.note " * ${NOTE}"$"performing quality checks""${NORM}""..."
TEMP=`LC_ALL=C getopt \ TEMP=`LC_ALL=C getopt \
-o i:t: --long infofile:,tmpdir: \ -o i:t: --long infofile:,tmpdir: \
@ -80,7 +80,6 @@ function alltests() {
let "i = 0" let "i = 0"
for pck in ${rpmpkg_name[@]}; do for pck in ${rpmpkg_name[@]}; do
notify.note " - "$"checking"": \`${pck##*/}'"
pushd $tmpextractdir/$i >/dev/null pushd $tmpextractdir/$i >/dev/null
for f in $(find -mindepth 1 -type l); do for f in $(find -mindepth 1 -type l); do
notify.debug "$f --> `readlink $f`" notify.debug "$f --> `readlink $f`"
@ -89,35 +88,37 @@ function alltests() {
# note: the first condition check for wrong links, like # note: the first condition check for wrong links, like
# /usr/share/man/man1/zcmp.1.gz -> .gz # /usr/share/man/man1/zcmp.1.gz -> .gz
# made by the broken `brp-compress' script in rpm 4.0.4 # made by the broken `brp-compress' script in rpm 4.0.4
[[ "$(readlink $f)" = ".gz" || \ if [[ "$(readlink $f)" = ".gz" || \
"$(readlink $f)" =~ $tmppath_dir ]] && notify.warning $"\ "$(readlink $f)" =~ $tmppath_dir ]]; then
notify.warning "${NOTE}${pck##*/}${NORM}"
notify.note $"\
wrong symlink"": \`${NOTE}${f/./}${NORM}' --> \`${NOTE}$(readlink $f)${NORM}'" wrong symlink"": \`${NOTE}${f/./}${NORM}' --> \`${NOTE}$(readlink $f)${NORM}'"
fi
done done
popd >/dev/null popd >/dev/null
let "i += 1" let "i += 1"
done done
###
# check for `%buildroot' strings # check for `%buildroot' strings
if [ "$rpm_ignores_buildroot" = 1 ]; then if [ "$rpm_ignores_buildroot" = 1 ]; then
notify.note \ [ "$SPEC_BUILDROOT" ] && notify.note \
" * ${NOTE}"$"checking for \`$SPEC_BUILDROOT' (%buildroot) strings"\ " * ${NOTE}"$"checking for \`$SPEC_BUILDROOT' (%buildroot) strings"\
"${NORM}... "$"skipped" "${NORM}... "$"skipped"
else else
notify.note \ notify.note \
" * "$"checking for \`$SPEC_BUILDROOT' (%buildroot) strings" " * "$"checking for \`$SPEC_BUILDROOT' (%buildroot) strings"
[ "$SPEC_BUILDROOT" ] || [ "$SPEC_BUILDROOT" ] || notify.error \
notify.error \
$"(bug)"" -- $FUNCNAME: ""empty string"" (SPEC_BUILDROOT)" $"(bug)"" -- $FUNCNAME: ""empty string"" (SPEC_BUILDROOT)"
let "i = 0" let "i = 0"
for pck in ${rpmpkg_name[@]}; do for pck in ${rpmpkg_name[@]}; do
notify.note " - "$"checking"": \`${pck##*/}'"
find $tmpextractdir/$i -type f \ find $tmpextractdir/$i -type f \
-exec grep -ls "$SPEC_BUILDROOT" {} \; | \ -exec grep -ls "$SPEC_BUILDROOT" {} \; | \
while read filename; do while read filename; do
notify.note " ${NOTE}$(\ notify.warning "${NOTE}${pck##*/}${NORM}"
notify.note "\
${NOTE}$(\
echo $filename | sed "s,$tmpextractdir/$i,," )${NORM}" echo $filename | sed "s,$tmpextractdir/$i,," )${NORM}"
notify.note "$(\ notify.note "$(\
strings -a $filename | grep "^$SPEC_BUILDROOT" | sort -bu | \ strings -a $filename | grep "^$SPEC_BUILDROOT" | sort -bu | \
@ -126,7 +127,6 @@ sed "s,$SPEC_BUILDROOT\(.*\), - [%buildroot]\1,")"
let "i += 1" let "i += 1"
done done
fi fi
###
# check for `%_builddir' strings # check for `%_builddir' strings
BUILDDIR="$(rpm --eval=%_builddir 2>/dev/null)" BUILDDIR="$(rpm --eval=%_builddir 2>/dev/null)"
@ -138,11 +138,12 @@ sed "s,$SPEC_BUILDROOT\(.*\), - [%buildroot]\1,")"
let "i = 0" let "i = 0"
for pck in ${rpmpkg_name[@]}; do for pck in ${rpmpkg_name[@]}; do
notify.note " - "$"checking"": \`${pck##*/}'"
find $tmpextractdir/$i -type f \ find $tmpextractdir/$i -type f \
-exec grep -ls "$BUILDDIR" {} \; | \ -exec grep -ls "$BUILDDIR" {} \; | \
while read filename; do while read filename; do
notify.note " ${NOTE}$(\ notify.warning "${NOTE}${pck##*/}${NORM}"
notify.note "\
${NOTE}$(\
echo $filename | sed "s,$tmpextractdir/$i,," )${NORM}" echo $filename | sed "s,$tmpextractdir/$i,," )${NORM}"
notify.note "$(\ notify.note "$(\
strings -a $filename | grep "$BUILDDIR" | sort -bu | \ strings -a $filename | grep "$BUILDDIR" | sort -bu | \
@ -150,7 +151,6 @@ sed "s,$BUILDDIR,[%_builddir],g;s,.*, - &,")"
done done
let "i += 1" let "i += 1"
done done
###
# check for suspected plugins (.la, .so) in devel packages # check for suspected plugins (.la, .so) in devel packages
# note: pure plugins must be in the main package, not in devel # note: pure plugins must be in the main package, not in devel
@ -162,19 +162,17 @@ checking for suspicious plugins in devel packages""${NORM}..."
# skip non devel packages # skip non devel packages
[[ "${pck##*/}" =~ -devel- ]] || { let "i += 1"; continue; } [[ "${pck##*/}" =~ -devel- ]] || { let "i += 1"; continue; }
notify.note " - "$"checking"": \`${pck##*/}'"
pushd $tmpextractdir/$i >/dev/null pushd $tmpextractdir/$i >/dev/null
# find *.so files that are not symlinks to dynamic libraries # find *.so files that are not symlinks to dynamic libraries
for f in `\ for f in `\
find -mindepth 1 -type f -name \*.so -exec file {} \; | \ find -mindepth 1 -type f -name \*.so -exec file {} \; | \
grep ' shared object,' | sed -n 's/.\(.*\):.*/\1/p'`; do grep ' shared object,' | sed -n 's/.\(.*\):.*/\1/p'`; do
notify.warning $"found suspect plugin \`${NOTE}$f${NORM}'" notify.warning "${NOTE}${pck##*/}${NORM}"
notify.note $"found suspect plugin \`${NOTE}$f${NORM}'"
done done
popd >/dev/null popd >/dev/null
let "i += 1" let "i += 1"
done done
###
# check for wrong file attributes in lib and bin dirs # check for wrong file attributes in lib and bin dirs
notify.note " * ${NOTE}"$"\ notify.note " * ${NOTE}"$"\
@ -183,7 +181,6 @@ checking for wrong file attributes in bin and lib directories""${NORM}..."
warning=0 warning=0
let "i = 0" let "i = 0"
for pck in ${rpmpkg_name[@]}; do for pck in ${rpmpkg_name[@]}; do
notify.note " - "$"checking"": \`${pck##*/}'"
pushd $tmpextractdir/$i >/dev/null pushd $tmpextractdir/$i >/dev/null
for f in $( find . -type f \ for f in $( find . -type f \
\( -name '*.so*' -not -perm 755 \) -or \ \( -name '*.so*' -not -perm 755 \) -or \
@ -193,7 +190,8 @@ checking for wrong file attributes in bin and lib directories""${NORM}..."
-path './usr/sbin/*' \) \ -path './usr/sbin/*' \) \
-not -perm -111 \) 2>/dev/null ); do -not -perm -111 \) 2>/dev/null ); do
let "warning = 1" && let "warning = 1" &&
notify.warning $"found suspect file"": \ notify.warning "${NOTE}${pck##*/}${NORM}"
notify.note $"found suspect file"": \
\`${NOTE}${f/./}${NORM}' [$(ls -l "$f" | sed 's, .*,,')]" \`${NOTE}${f/./}${NORM}' [$(ls -l "$f" | sed 's, .*,,')]"
done done
let "i += 1" let "i += 1"
@ -210,7 +208,6 @@ ${NOTE}"$"Hint"":${NORM}
... ...
%attr(0755,root,root) %{_bindir}/<program> %attr(0755,root,root) %{_bindir}/<program>
-----------------------------" -----------------------------"
###
# check for binary files in etc (see FHS-2.2) # check for binary files in etc (see FHS-2.2)
notify.note " * ${NOTE}"$"\ notify.note " * ${NOTE}"$"\
@ -219,13 +216,13 @@ checking for binary files installed in /etc (see FHS)""${NORM}..."
warning=0 warning=0
let "i = 0" let "i = 0"
for pck in ${rpmpkg_name[@]}; do for pck in ${rpmpkg_name[@]}; do
notify.note " - "$"checking"": \`${pck##*/}'"
pushd $tmpextractdir/$i >/dev/null pushd $tmpextractdir/$i >/dev/null
for f in $( find ./etc -type f -perm +111 2>/dev/null ); do for f in $( find ./etc -type f -perm +111 2>/dev/null ); do
case $f in case $f in
./etc/rc.d/init.d/*) ;; ./etc/rc.d/init.d/*) ;;
*) let "warning = 1" && *) let "warning = 1" &&
notify.warning $"found suspect file"": \ notify.warning "${NOTE}${pck##*/}${NORM}"
notify.note $"found suspect file"": \
\`${NOTE}${f/./}${NORM}' [$(ls -l "$f" | sed 's, .*,,')]" ;; \`${NOTE}${f/./}${NORM}' [$(ls -l "$f" | sed 's, .*,,')]" ;;
esac esac
done done
@ -240,16 +237,15 @@ ${NOTE}"$"Hint"":${NORM}
... ...
%attr(0644,root,root) %{_sysconfdir}/<...file> %attr(0644,root,root) %{_sysconfdir}/<...file>
-----------------------------" #|| exit 1 -----------------------------" #|| exit 1
###
# check for installation code needed by info pages # check for installation code needed by info pages
notify.note \ notify.note \
" * ${NOTE}"$"checking if the info catalog is updated when necessary""${NORM}..." " * ${NOTE}"$"\
checking if the info catalog is updated when necessary""${NORM}..."
error=0 error=0
let "i = 0" let "i = 0"
for pck in ${rpmpkg_name[@]}; do for pck in ${rpmpkg_name[@]}; do
notify.note " - "$"checking"": \`${pck##*/}'"
[[ -e $pck ]] || notify.error $"package not found"": \`${pck##*/}'" [[ -e $pck ]] || notify.error $"package not found"": \`${pck##*/}'"
[[ "$(rpm -p -ql $pck | [[ "$(rpm -p -ql $pck |
@ -265,8 +261,9 @@ ${NOTE}"$"Hint"":${NORM}
/preuninstall /,${/\/sbin\/install-info.*--[delete\|remove].*/p}')" ]] || \ /preuninstall /,${/\/sbin\/install-info.*--[delete\|remove].*/p}')" ]] || \
let "error+=1" let "error+=1"
[[ "$error" = "0" ]] || notify.warning "\ [ "$error" = "0" ] ||
"$"info pages should be installed/uninstalled""${NORM} { notify.warning "${NOTE}${pck##*/}${NORM}"
notify.note $"info pages should be installed/uninstalled""${NORM}
--------------------------------------- ---------------------------------------
${NOTE}"$"Hint"":${NORM} ${NOTE}"$"Hint"":${NORM}
$([[ "$rpm_macro_installinfo_binary" ]] && $([[ "$rpm_macro_installinfo_binary" ]] &&
@ -283,9 +280,8 @@ $([[ "$rpm_macro_uninstallinfo" ]] &&
echo "$rpm_macro_uninstallinfo %{name}.info" || echo "$rpm_macro_uninstallinfo %{name}.info" ||
echo "${path_installinfo:-/sbin/install-info} --delete %{name}.info") echo "${path_installinfo:-/sbin/install-info} --delete %{name}.info")
exit 0 exit 0
---------------------------------------" ---------------------------------------"; }
done done
###
# check packages for wrong user and/or group ownerships # check packages for wrong user and/or group ownerships
notify.note " * ${NOTE}"$"\ notify.note " * ${NOTE}"$"\
@ -295,7 +291,6 @@ checking packages for wrong user and/or group ownerships""${NORM}..."
idun="$(id -un)" idgn="$(id -gn)" idun="$(id -un)" idgn="$(id -gn)"
let "i = 0" let "i = 0"
for pck in ${rpmpkg_name[@]}; do for pck in ${rpmpkg_name[@]}; do
notify.note " - "$"checking"": \`${pck##*/}'"
[[ -e $pck ]] || notify.error $"\ [[ -e $pck ]] || notify.error $"\
package not found"": \`${pck##*/}'" package not found"": \`${pck##*/}'"
( LC_ALL=C rpm -p -qlv $pck | \ ( LC_ALL=C rpm -p -qlv $pck | \
@ -303,12 +298,13 @@ package not found"": \`${pck##*/}'"
set -- $line set -- $line
# FIXME : find a better check, perhaps using a range # FIXME : find a better check, perhaps using a range
# of uid reserved for users # of uid reserved for users
[[ "$idun" = "$3" || "$idgn" = "$4" ]] && if [[ "$idun" = "$3" || "$idgn" = "$4" ]]; then
notify.warning $"found suspect file"": \ notify.warning "${NOTE}${pck##*/}${NORM}"
notify.note $"found suspect file"": \
\`${NOTE}$9${NORM}' [uid:\`${NOTE}$3${NORM}', gid:\`${NOTE}$4${NORM}']" \`${NOTE}$9${NORM}' [uid:\`${NOTE}$3${NORM}', gid:\`${NOTE}$4${NORM}']"
fi
done ) done )
done done
###
# check for desktop files installed in non standard applnk dir # check for desktop files installed in non standard applnk dir
notify.note " * ${NOTE}"$"\ notify.note " * ${NOTE}"$"\
@ -318,13 +314,13 @@ checking packages for desktop files installed in the applnk dir""${NORM}..."
rpmdatadir=$(rpm --eval %_datadir 2>/dev/null) rpmdatadir=$(rpm --eval %_datadir 2>/dev/null)
let "i = 0" let "i = 0"
for pck in ${rpmpkg_name[@]}; do for pck in ${rpmpkg_name[@]}; do
notify.note " - "$"checking"": \`${pck##*/}'"
pushd $tmpextractdir/$i >/dev/null pushd $tmpextractdir/$i >/dev/null
for f in $( find .${rpmdatadir} -type f 2>/dev/null ); do for f in $( find .${rpmdatadir} -type f 2>/dev/null ); do
case $f in case $f in
.${rpmdatadir}/applnk/*.desktop) .${rpmdatadir}/applnk/*.desktop)
let "warning = 1" && let "warning = 1" &&
notify.warning $"found suspect file"": \ notify.warning "${NOTE}${pck##*/}${NORM}"
notify.note $"found suspect file"": \
\`${NOTE}${f/./}${NORM}' [$(ls -l "$f" | sed 's, .*,,')]" ;; \`${NOTE}${f/./}${NORM}' [$(ls -l "$f" | sed 's, .*,,')]" ;;
*) ;; *) ;;
esac esac
@ -337,7 +333,6 @@ ${NOTE}"$"Hint"":${NORM}
"$"create desktop files for:"" ${rpmdatadir}/applications "$"create desktop files for:"" ${rpmdatadir}/applications
"$"see:"" <http://www.freedesktop.org/> "$"see:"" <http://www.freedesktop.org/>
-----------------------------" -----------------------------"
###
# check if a package that do not contains binaries is tagged noarch # check if a package that do not contains binaries is tagged noarch
notify.note \ notify.note \
@ -346,7 +341,6 @@ ${NOTE}"$"Hint"":${NORM}
warning=0 warning=0
let "i = 0" let "i = 0"
for pck in ${rpmpkg_name[@]}; do for pck in ${rpmpkg_name[@]}; do
notify.note " - "$"checking"": \`${pck##*/}'"
pushd $tmpextractdir/$i >/dev/null pushd $tmpextractdir/$i >/dev/null
for f in $(find -mindepth 2 -perm +111 -type f \ for f in $(find -mindepth 2 -perm +111 -type f \
-exec file {} \; | grep -E "( ELF | library )"); do -exec file {} \; | grep -E "( ELF | library )"); do
@ -357,11 +351,12 @@ ${NOTE}"$"Hint"":${NORM}
popd >/dev/null popd >/dev/null
done done
if [ "$warning" = 0 ]; then if [ "$warning" = 0 ]; then
[ "$SPEC_BUILDARCH" = "noarch" ] || notify.warning "\ [ "$SPEC_BUILDARCH" = "noarch" ] ||
"$"this package should be tagged \`noarch'"" { notify.warning "${NOTE}${pck##*/}${NORM}"
notify.note $"this package should be tagged \`noarch'""
----------------------------- -----------------------------
${NOTE}"$"Hint"":${NORM} ${NOTE}"$"Hint"":${NORM}
BuildArch: noarch BuildArch: noarch
-----------------------------" -----------------------------"; }
fi fi
} }

23
tests/test02_pkgsecurity.in
View File

@ -19,7 +19,7 @@ TEXTDOMAIN="test02_pkgsecurity"; export TEXTDOMAIN
function alltests() { function alltests() {
# FIXME: add to 'po' file # FIXME: add to 'po' file
notify.note "** ${NOTE}"$"performing security checks""${NORM}""..." notify.note " * ${NOTE}"$"performing security checks""${NORM}""..."
TEMP=`LC_ALL=C getopt \ TEMP=`LC_ALL=C getopt \
-o i:t: --long infofile:,tmpdir: \ -o i:t: --long infofile:,tmpdir: \
@ -73,7 +73,6 @@ function alltests() {
let "i = 0" let "i = 0"
for pck in ${rpmpkg_name[@]}; do for pck in ${rpmpkg_name[@]}; do
notify.note " - "$"checking"": \`${pck##*/}'"
pushd $tmpextractdir/$i >/dev/null pushd $tmpextractdir/$i >/dev/null
# find ELF binaries (ELF 32-bit LSB executable) # find ELF binaries (ELF 32-bit LSB executable)
@ -81,31 +80,33 @@ function alltests() {
for f in $(find -mindepth 2 -perm +111 -type f); do for f in $(find -mindepth 2 -perm +111 -type f); do
if [[ "$(file $f | grep " ELF ")" ]]; then if [[ "$(file $f | grep " ELF ")" ]]; then
rpath="$(security.filecheckrpath $f)" rpath="$(security.filecheckrpath $f)"
[[ "$rpath" ]] && notify.warning "${f/./}\nRPATH: $rpath" if [ "$rpath" ]; then
notify.warning "${NOTE}${pck##*/}${NORM}"
notify.note "${f/./}\nRPATH: $rpath"
fi
fi fi
done done
popd >/dev/null popd >/dev/null
let "i += 1" let "i += 1"
done done
###
notify.note \ notify.note \
" * ${NOTE}"$"checking for setuid binaries""${NORM}..." " * ${NOTE}"$"checking for setuid binaries""${NORM}..."
let "i = 0" let "i = 0"
for pck in ${rpmpkg_name[@]}; do for pck in ${rpmpkg_name[@]}; do
notify.note " - "$"checking"": \`${pck##*/}'"
pushd $tmpextractdir/$i >/dev/null pushd $tmpextractdir/$i >/dev/null
# find setuid binaries # find setuid binaries
# NOTE: find output is different for normal and root users # NOTE: find output is different for normal and root users
for f in $(find -mindepth 2 -perm +111 -type f); do for f in $(find -mindepth 2 -perm +111 -type f); do
[[ "$(file $f | grep " setuid ")" ]] && if [[ "$(file $f | grep " setuid ")" ]]; then
notify.warning "${NOTE}${f/./}${NORM}" notify.warning "${NOTE}${pck##*/}${NORM}"
notify.note "${NOTE}${f/./}${NORM}"
fi
done done
popd >/dev/null popd >/dev/null
let "i += 1" let "i += 1"
done done
###
# checking for unsecure use of $$ as random source in shell scripts # checking for unsecure use of $$ as random source in shell scripts
notify.note " * ${NOTE}"$"\ notify.note " * ${NOTE}"$"\
@ -114,7 +115,6 @@ checking for unsecure use of \`\$\$' in shell and perl scripts""${NORM}..."
vulnerable=0 vulnerable=0
let "i = 0" let "i = 0"
for pck in ${rpmpkg_name[@]}; do for pck in ${rpmpkg_name[@]}; do
notify.note " - "$"checking"": \`${pck##*/}'"
pushd $tmpextractdir/$i >/dev/null pushd $tmpextractdir/$i >/dev/null
for f in $(find -mindepth 1 -perm +111 -type f); do for f in $(find -mindepth 1 -perm +111 -type f); do
# we are interesting only in shell scripts # we are interesting only in shell scripts
@ -127,8 +127,9 @@ checking for unsecure use of \`\$\$' in shell and perl scripts""${NORM}..."
-n "$(grep $f -m1 -s -rl -e"[^[:space:]]*=.*\$\$")" || -n "$(grep $f -m1 -s -rl -e"[^[:space:]]*=.*\$\$")" ||
-n "$(grep $f -m1 -s -rl -e">[[:space:]]*.*[[:space:]]*[^[:space:]]*\$\$")" ]] && -n "$(grep $f -m1 -s -rl -e">[[:space:]]*.*[[:space:]]*[^[:space:]]*\$\$")" ]] &&
let "vulnerable = 1" && let "vulnerable = 1" &&
notify.warning $"\ { notify.warning "${NOTE}${pck##*/}${NORM}"
seems to be affected"": \`${NOTE}${f/./}${NORM}'" notify.note $"\
seems to be affected"": \`${NOTE}${f/./}${NORM}'"; }
done done
popd >/dev/null popd >/dev/null
let "i += 1" let "i += 1"