pck-update, test01_*,: rework output of all tests
Signed-off-by: Davide Madrisan <davide.madrisan@gmail.com>
This commit is contained in:
parent
80d929a5b1
commit
af1fa53444
@ -57,6 +57,10 @@ Changes in version 1.12.0
|
|||||||
Remove the partially obsolete document `autospec-it-HOWTO'.
|
Remove the partially obsolete document `autospec-it-HOWTO'.
|
||||||
Update/improve the italian manpage by merging part of the italian HOWTO.
|
Update/improve the italian manpage by merging part of the italian HOWTO.
|
||||||
|
|
||||||
|
+ update
|
||||||
|
* tests/test01_pkgquality, ests/test02_pkgsecurity - Davide Madrisan:
|
||||||
|
Rework output by adding the numbering of tests.
|
||||||
|
|
||||||
-------------------------------------------------------------------------------
|
-------------------------------------------------------------------------------
|
||||||
|
|
||||||
Changes in version 1.10.0
|
Changes in version 1.10.0
|
||||||
|
@ -2663,7 +2663,7 @@ $pck-$pck_rpmversion-$pck_rpmrelease$DISTRO_rpm.noarch.rpm"
|
|||||||
notify.error $"package not found"": \`$pcknew_name'"
|
notify.error $"package not found"": \`$pcknew_name'"
|
||||||
echo "rpmpkg_name[$i]=\"$rpms_dir/noarch/$pcknew_name\"" \
|
echo "rpmpkg_name[$i]=\"$rpms_dir/noarch/$pcknew_name\"" \
|
||||||
>> $tmpextractdir/rpmpkg.info
|
>> $tmpextractdir/rpmpkg.info
|
||||||
notify.note " $pcknew_name"
|
notify.note " * $pcknew_name"
|
||||||
else
|
else
|
||||||
pcknew_name="\
|
pcknew_name="\
|
||||||
$pck-$pck_rpmversion-$pck_rpmrelease$DISTRO_rpm.$target_cpu.rpm"
|
$pck-$pck_rpmversion-$pck_rpmrelease$DISTRO_rpm.$target_cpu.rpm"
|
||||||
@ -2754,6 +2754,12 @@ can't create temporary directory"": $tmpextractdir/$i"
|
|||||||
[ -d "$testdir" ] ||
|
[ -d "$testdir" ] ||
|
||||||
notify.error $"no such file or directory"": \`$testdir'"
|
notify.error $"no such file or directory"": \`$testdir'"
|
||||||
|
|
||||||
|
function test_number_str() {
|
||||||
|
[ $test_number -le 9 ] &&
|
||||||
|
echo " $test_number" || echo " $test_number"
|
||||||
|
}
|
||||||
|
|
||||||
|
local test_number=1
|
||||||
for fname in $testdir/*; do
|
for fname in $testdir/*; do
|
||||||
notify.debug "$FUNCNAME: running test: \`$fname'"
|
notify.debug "$FUNCNAME: running test: \`$fname'"
|
||||||
( . $fname
|
( . $fname
|
||||||
|
@ -55,6 +55,12 @@ msgstr "controllo"
|
|||||||
msgid "checking for \\`$SPEC_BUILDROOT' (%buildroot) strings"
|
msgid "checking for \\`$SPEC_BUILDROOT' (%buildroot) strings"
|
||||||
msgstr "ricerca della stringa \\`$SPEC_BUILDROOT' (%buildroot)"
|
msgstr "ricerca della stringa \\`$SPEC_BUILDROOT' (%buildroot)"
|
||||||
|
|
||||||
|
msgid "checking for %buildroot strings"
|
||||||
|
msgstr "ricerca delle stringhe %buildroot"
|
||||||
|
|
||||||
|
msgid "N/A"
|
||||||
|
msgstr "N/A"
|
||||||
|
|
||||||
msgid "skipped"
|
msgid "skipped"
|
||||||
msgstr "ignorato"
|
msgstr "ignorato"
|
||||||
|
|
||||||
|
@ -26,7 +26,7 @@ done
|
|||||||
|
|
||||||
function alltests() {
|
function alltests() {
|
||||||
# FIXME: add to 'po' file
|
# FIXME: add to 'po' file
|
||||||
notify.note " * ${NOTE}"$"performing quality checks""${NORM}""..."
|
notify.note " ${NOTE}"$"performing quality checks""${NORM}""..."
|
||||||
|
|
||||||
TEMP=`LC_ALL=C getopt \
|
TEMP=`LC_ALL=C getopt \
|
||||||
-o i:t: --long infofile:,tmpdir: \
|
-o i:t: --long infofile:,tmpdir: \
|
||||||
@ -69,8 +69,8 @@ function alltests() {
|
|||||||
# - symlinks to files in the buildroot directory for rpm
|
# - symlinks to files in the buildroot directory for rpm
|
||||||
# (usable for a symlink attacks)
|
# (usable for a symlink attacks)
|
||||||
# - symlinks not pointing to existing files
|
# - symlinks not pointing to existing files
|
||||||
notify.note \
|
notify.note "$(test_number_str). ${NOTE}"\
|
||||||
" * ${NOTE}"$"checking for wrong symbolic links""${NORM}..."
|
$"checking for wrong symbolic links""${NORM}..."
|
||||||
|
|
||||||
# local rpmbuildroot=`sed -n "/%description/q;{
|
# local rpmbuildroot=`sed -n "/%description/q;{
|
||||||
# /^BuildRoot[ ]*:/{s/[^ ]*[ ]*//;p}}" \
|
# /^BuildRoot[ ]*:/{s/[^ ]*[ ]*//;p}}" \
|
||||||
@ -108,15 +108,21 @@ wrong symlink"": \`${NOTE}${f/./}${NORM}' --> \`${NOTE}$(readlink $f)${NORM}'"
|
|||||||
popd >/dev/null
|
popd >/dev/null
|
||||||
let "i += 1"
|
let "i += 1"
|
||||||
done
|
done
|
||||||
|
test_number=$(($test_number + 1))
|
||||||
|
|
||||||
# check for `%buildroot' strings
|
# check for `%buildroot' strings
|
||||||
if [ "$rpm_ignores_buildroot" = 1 ]; then
|
if [ "$rpm_ignores_buildroot" = 1 ]; then
|
||||||
[ "$SPEC_BUILDROOT" ] && notify.note \
|
[ "$SPEC_BUILDROOT" ] &&
|
||||||
" * ${NOTE}"$"checking for \`$SPEC_BUILDROOT' (%buildroot) strings"\
|
|
||||||
"${NORM}... "$"skipped"
|
|
||||||
else
|
|
||||||
notify.note \
|
notify.note \
|
||||||
" * "$"checking for \`$SPEC_BUILDROOT' (%buildroot) strings"
|
"$(test_number_str). ${NOTE}"\
|
||||||
|
$"checking for \`$SPEC_BUILDROOT' (%buildroot) strings"\
|
||||||
|
"${NORM}... "$"skipped" ||
|
||||||
|
notify.note \
|
||||||
|
"$(test_number_str). ${NOTE}"\
|
||||||
|
$"checking for %buildroot strings""${NORM}... "$"N/A"
|
||||||
|
else
|
||||||
|
notify.note "$(test_number_str). "\
|
||||||
|
$"checking for \`$SPEC_BUILDROOT' (%buildroot) strings"
|
||||||
|
|
||||||
[ "$SPEC_BUILDROOT" ] || notify.error \
|
[ "$SPEC_BUILDROOT" ] || notify.error \
|
||||||
$"(bug)"" -- $FUNCNAME: ""empty string"" (SPEC_BUILDROOT)"
|
$"(bug)"" -- $FUNCNAME: ""empty string"" (SPEC_BUILDROOT)"
|
||||||
@ -138,11 +144,12 @@ sed "s,$SPEC_BUILDROOT\(.*\), - [%buildroot]\1,")"
|
|||||||
let "i += 1"
|
let "i += 1"
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
test_number=$(($test_number + 1))
|
||||||
|
|
||||||
# check for `%_builddir' strings
|
# check for `%_builddir' strings
|
||||||
BUILDDIR="$(rpm --eval=%_builddir 2>/dev/null)"
|
BUILDDIR="$(rpm --eval=%_builddir 2>/dev/null)"
|
||||||
notify.note \
|
notify.note "$(test_number_str). ${NOTE}"\
|
||||||
" * ${NOTE}"$"checking for \`$BUILDDIR' (%_builddir) strings""${NORM}... "
|
$"checking for \`$BUILDDIR' (%_builddir) strings""${NORM}... "
|
||||||
|
|
||||||
[ "$BUILDDIR" ] ||
|
[ "$BUILDDIR" ] ||
|
||||||
notify.error $"(bug)"" -- $FUNCNAME: ""empty string"" (BUILDDIR)"
|
notify.error $"(bug)"" -- $FUNCNAME: ""empty string"" (BUILDDIR)"
|
||||||
@ -163,10 +170,11 @@ sed "s,$BUILDDIR,[%_builddir],g;s,.*, - &,")"
|
|||||||
popd >/dev/null
|
popd >/dev/null
|
||||||
let "i += 1"
|
let "i += 1"
|
||||||
done
|
done
|
||||||
|
test_number=$(($test_number + 1))
|
||||||
|
|
||||||
# check for suspected plugins (.la, .so) in devel packages
|
# check for suspected plugins (.la, .so) in devel packages
|
||||||
# note: pure plugins must be in the main package, not in devel
|
# note: pure plugins must be in the main package, not in devel
|
||||||
notify.note " * ${NOTE}"$"\
|
notify.note "$(test_number_str). ${NOTE}"$"\
|
||||||
checking for suspicious plugins in devel packages""${NORM}..."
|
checking for suspicious plugins in devel packages""${NORM}..."
|
||||||
|
|
||||||
let "i = 0"
|
let "i = 0"
|
||||||
@ -186,9 +194,10 @@ grep ' shared object,' | sed -n 's/.\(.*\):.*/\1/p'`; do
|
|||||||
popd >/dev/null
|
popd >/dev/null
|
||||||
let "i += 1"
|
let "i += 1"
|
||||||
done
|
done
|
||||||
|
test_number=$(($test_number + 1))
|
||||||
|
|
||||||
# check for wrong file attributes in lib and bin dirs
|
# check for wrong file attributes in lib and bin dirs
|
||||||
notify.note " * ${NOTE}"$"\
|
notify.note "$(test_number_str). ${NOTE}"$"\
|
||||||
checking for wrong file attributes in bin and lib directories""${NORM}..."
|
checking for wrong file attributes in bin and lib directories""${NORM}..."
|
||||||
|
|
||||||
warning=0
|
warning=0
|
||||||
@ -223,9 +232,10 @@ ${NOTE}"$"Hint"":${NORM}
|
|||||||
...
|
...
|
||||||
%attr(0755,root,root) %{_bindir}/<program>
|
%attr(0755,root,root) %{_bindir}/<program>
|
||||||
-----------------------------"
|
-----------------------------"
|
||||||
|
test_number=$(($test_number + 1))
|
||||||
|
|
||||||
# check for libraries with undefined symbols
|
# check for libraries with undefined symbols
|
||||||
notify.note " * ${NOTE}"$"\
|
notify.note "$(test_number_str). ${NOTE}"$"\
|
||||||
checking for libraries with undefined symbols after relocation""${NORM}..."
|
checking for libraries with undefined symbols after relocation""${NORM}..."
|
||||||
|
|
||||||
let "i = 0"
|
let "i = 0"
|
||||||
@ -252,9 +262,10 @@ $(LC_ALL=C ldd -d -r "$f" 2>/dev/null |& grep "undefined symbol")"
|
|||||||
popd >/dev/null
|
popd >/dev/null
|
||||||
let "i += 1"
|
let "i += 1"
|
||||||
done
|
done
|
||||||
|
test_number=$(($test_number + 1))
|
||||||
|
|
||||||
# check for binary files in etc (see FHS-2.2)
|
# check for binary files in etc (see FHS-2.2)
|
||||||
notify.note " * ${NOTE}"$"\
|
notify.note "$(test_number_str). ${NOTE}"$"\
|
||||||
checking for binary files installed in /etc (see FHS)""${NORM}..."
|
checking for binary files installed in /etc (see FHS)""${NORM}..."
|
||||||
|
|
||||||
warning=0
|
warning=0
|
||||||
@ -282,10 +293,10 @@ ${NOTE}"$"Hint"":${NORM}
|
|||||||
...
|
...
|
||||||
%attr(0644,root,root) %{_sysconfdir}/<...file>
|
%attr(0644,root,root) %{_sysconfdir}/<...file>
|
||||||
-----------------------------" #|| exit 1
|
-----------------------------" #|| exit 1
|
||||||
|
test_number=$(($test_number + 1))
|
||||||
|
|
||||||
# check for installation code needed by info pages
|
# check for installation code needed by info pages
|
||||||
notify.note \
|
notify.note "$(test_number_str). ${NOTE}"$"\
|
||||||
" * ${NOTE}"$"\
|
|
||||||
checking if the info catalog is updated when necessary""${NORM}..."
|
checking if the info catalog is updated when necessary""${NORM}..."
|
||||||
|
|
||||||
error=0
|
error=0
|
||||||
@ -328,9 +339,10 @@ exit 0
|
|||||||
---------------------------------------"
|
---------------------------------------"
|
||||||
let "total_issues += $error"; }
|
let "total_issues += $error"; }
|
||||||
done
|
done
|
||||||
|
test_number=$(($test_number + 1))
|
||||||
|
|
||||||
# check packages for wrong user and/or group ownerships
|
# check packages for wrong user and/or group ownerships
|
||||||
notify.note " * ${NOTE}"$"\
|
notify.note "$(test_number_str). ${NOTE}"$"\
|
||||||
checking packages for wrong user and/or group ownerships""${NORM}..."
|
checking packages for wrong user and/or group ownerships""${NORM}..."
|
||||||
|
|
||||||
error=0
|
error=0
|
||||||
@ -352,9 +364,10 @@ package not found"": \`${pck##*/}'"
|
|||||||
fi
|
fi
|
||||||
done )
|
done )
|
||||||
done
|
done
|
||||||
|
test_number=$(($test_number + 1))
|
||||||
|
|
||||||
# check for desktop files installed in non standard applnk dir
|
# check for desktop files installed in non standard applnk dir
|
||||||
notify.note " * ${NOTE}"$"\
|
notify.note "$(test_number_str). ${NOTE}"$"\
|
||||||
checking packages for desktop files installed in the applnk dir""${NORM}..."
|
checking packages for desktop files installed in the applnk dir""${NORM}..."
|
||||||
|
|
||||||
warning=0
|
warning=0
|
||||||
@ -381,10 +394,11 @@ ${NOTE}"$"Hint"":${NORM}
|
|||||||
"$"create desktop files for:"" ${rpmdatadir}/applications
|
"$"create desktop files for:"" ${rpmdatadir}/applications
|
||||||
"$"see:"" <http://www.freedesktop.org/>
|
"$"see:"" <http://www.freedesktop.org/>
|
||||||
-----------------------------"
|
-----------------------------"
|
||||||
|
test_number=$(($test_number + 1))
|
||||||
|
|
||||||
# check if a package that do not contains binaries is tagged noarch
|
# check if a package that do not contains binaries is tagged noarch
|
||||||
notify.note \
|
notify.note "$(test_number_str). ${NOTE}"\
|
||||||
" * ${NOTE}"$"checking for packages with bad BuildArch tag""${NORM}..."
|
$"checking for packages with bad BuildArch tag""${NORM}..."
|
||||||
|
|
||||||
warning=0
|
warning=0
|
||||||
let "i = 0"
|
let "i = 0"
|
||||||
@ -408,8 +422,10 @@ BuildArch: noarch
|
|||||||
-----------------------------"
|
-----------------------------"
|
||||||
let "total_issues += 1"; }
|
let "total_issues += 1"; }
|
||||||
fi
|
fi
|
||||||
|
test_number=$(($test_number + 1))
|
||||||
|
|
||||||
notify.note "\
|
notify.note "
|
||||||
--> ${NOTE}"$"Quality checks: ${#rpmpkg_name[@]} \
|
--> ${NOTE}"$"Quality checks: ${#rpmpkg_name[@]} \
|
||||||
package(s) checked: ${WARN}$total_issues${NOTE} warning(s).""${NORM}"
|
package(s) checked: ${WARN}$total_issues${NOTE} warning(s).""${NORM}""
|
||||||
|
"
|
||||||
}
|
}
|
||||||
|
@ -19,7 +19,7 @@ TEXTDOMAIN="test02_pkgsecurity"; export TEXTDOMAIN
|
|||||||
|
|
||||||
function alltests() {
|
function alltests() {
|
||||||
# FIXME: add to 'po' file
|
# FIXME: add to 'po' file
|
||||||
notify.note " * ${NOTE}"$"performing security checks""${NORM}""..."
|
notify.note " ${NOTE}"$"performing security checks""${NORM}""..."
|
||||||
|
|
||||||
TEMP=`LC_ALL=C getopt \
|
TEMP=`LC_ALL=C getopt \
|
||||||
-o i:t: --long infofile:,tmpdir: \
|
-o i:t: --long infofile:,tmpdir: \
|
||||||
@ -70,8 +70,8 @@ function alltests() {
|
|||||||
|
|
||||||
local total_issues=0
|
local total_issues=0
|
||||||
|
|
||||||
notify.note \
|
notify.note "$(test_number_str). ${NOTE}"\
|
||||||
" * ${NOTE}"$"checking for RPATH vulnerabilities""${NORM}..."
|
$"checking for RPATH vulnerabilities""${NORM}..."
|
||||||
|
|
||||||
let "i = 0"
|
let "i = 0"
|
||||||
for pck in ${rpmpkg_name[@]}; do
|
for pck in ${rpmpkg_name[@]}; do
|
||||||
@ -92,9 +92,10 @@ function alltests() {
|
|||||||
popd >/dev/null
|
popd >/dev/null
|
||||||
let "i += 1"
|
let "i += 1"
|
||||||
done
|
done
|
||||||
|
test_number=$(($test_number + 1))
|
||||||
|
|
||||||
notify.note \
|
notify.note "$(test_number_str). ${NOTE}"\
|
||||||
" * ${NOTE}"$"checking for setuid binaries""${NORM}..."
|
$"checking for setuid binaries""${NORM}..."
|
||||||
|
|
||||||
let "i = 0"
|
let "i = 0"
|
||||||
for pck in ${rpmpkg_name[@]}; do
|
for pck in ${rpmpkg_name[@]}; do
|
||||||
@ -108,9 +109,10 @@ function alltests() {
|
|||||||
popd >/dev/null
|
popd >/dev/null
|
||||||
let "i += 1"
|
let "i += 1"
|
||||||
done
|
done
|
||||||
|
test_number=$(($test_number + 1))
|
||||||
|
|
||||||
notify.note \
|
notify.note "$(test_number_str). ${NOTE}"\
|
||||||
" * ${NOTE}"$"checking for setgid directories""${NORM}..."
|
$"checking for setgid directories""${NORM}..."
|
||||||
|
|
||||||
let "i = 0"
|
let "i = 0"
|
||||||
for pck in ${rpmpkg_name[@]}; do
|
for pck in ${rpmpkg_name[@]}; do
|
||||||
@ -122,10 +124,11 @@ function alltests() {
|
|||||||
popd >/dev/null
|
popd >/dev/null
|
||||||
let "i += 1"
|
let "i += 1"
|
||||||
done
|
done
|
||||||
|
test_number=$(($test_number + 1))
|
||||||
|
|
||||||
# checking for unsecure use of $$ as random source in shell scripts
|
# checking for unsecure use of $$ as random source in shell scripts
|
||||||
notify.note " * ${NOTE}"$"\
|
notify.note "$(test_number_str). ${NOTE}"\
|
||||||
checking for unsecure use of \`\$\$' in shell and perl scripts""${NORM}..."
|
$"checking for unsecure use of \`\$\$' in shell and perl scripts""${NORM}..."
|
||||||
|
|
||||||
vulnerable=0
|
vulnerable=0
|
||||||
let "i = 0"
|
let "i = 0"
|
||||||
@ -163,8 +166,10 @@ ${NOTE}"$"Hint for perl scripts"":${NORM}
|
|||||||
use File::Temp qw/ tempfile /;
|
use File::Temp qw/ tempfile /;
|
||||||
(\$fh,\$file) = tempfile ('<script_name>.XXXXXX');
|
(\$fh,\$file) = tempfile ('<script_name>.XXXXXX');
|
||||||
-----------------------------"
|
-----------------------------"
|
||||||
|
test_number=$(($test_number + 1))
|
||||||
|
|
||||||
notify.note "\
|
notify.note "
|
||||||
--> ${NOTE}"$"Security checks: ${#rpmpkg_name[@]} \
|
--> ${NOTE}"$"Security checks: ${#rpmpkg_name[@]} \
|
||||||
package(s) checked: ${WARN}$total_issues${NOTE} warning(s).""${NORM}"
|
package(s) checked: ${WARN}$total_issues${NOTE} warning(s).""${NORM}""
|
||||||
|
"
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user