pck-update, test01_*,: rework output of all tests
Signed-off-by: Davide Madrisan <davide.madrisan@gmail.com>
This commit is contained in:
parent
80d929a5b1
commit
af1fa53444
@ -57,6 +57,10 @@ Changes in version 1.12.0
|
||||
Remove the partially obsolete document `autospec-it-HOWTO'.
|
||||
Update/improve the italian manpage by merging part of the italian HOWTO.
|
||||
|
||||
+ update
|
||||
* tests/test01_pkgquality, ests/test02_pkgsecurity - Davide Madrisan:
|
||||
Rework output by adding the numbering of tests.
|
||||
|
||||
-------------------------------------------------------------------------------
|
||||
|
||||
Changes in version 1.10.0
|
||||
|
@ -2663,7 +2663,7 @@ $pck-$pck_rpmversion-$pck_rpmrelease$DISTRO_rpm.noarch.rpm"
|
||||
notify.error $"package not found"": \`$pcknew_name'"
|
||||
echo "rpmpkg_name[$i]=\"$rpms_dir/noarch/$pcknew_name\"" \
|
||||
>> $tmpextractdir/rpmpkg.info
|
||||
notify.note " $pcknew_name"
|
||||
notify.note " * $pcknew_name"
|
||||
else
|
||||
pcknew_name="\
|
||||
$pck-$pck_rpmversion-$pck_rpmrelease$DISTRO_rpm.$target_cpu.rpm"
|
||||
@ -2754,6 +2754,12 @@ can't create temporary directory"": $tmpextractdir/$i"
|
||||
[ -d "$testdir" ] ||
|
||||
notify.error $"no such file or directory"": \`$testdir'"
|
||||
|
||||
function test_number_str() {
|
||||
[ $test_number -le 9 ] &&
|
||||
echo " $test_number" || echo " $test_number"
|
||||
}
|
||||
|
||||
local test_number=1
|
||||
for fname in $testdir/*; do
|
||||
notify.debug "$FUNCNAME: running test: \`$fname'"
|
||||
( . $fname
|
||||
|
@ -55,6 +55,12 @@ msgstr "controllo"
|
||||
msgid "checking for \\`$SPEC_BUILDROOT' (%buildroot) strings"
|
||||
msgstr "ricerca della stringa \\`$SPEC_BUILDROOT' (%buildroot)"
|
||||
|
||||
msgid "checking for %buildroot strings"
|
||||
msgstr "ricerca delle stringhe %buildroot"
|
||||
|
||||
msgid "N/A"
|
||||
msgstr "N/A"
|
||||
|
||||
msgid "skipped"
|
||||
msgstr "ignorato"
|
||||
|
||||
|
@ -26,7 +26,7 @@ done
|
||||
|
||||
function alltests() {
|
||||
# FIXME: add to 'po' file
|
||||
notify.note " * ${NOTE}"$"performing quality checks""${NORM}""..."
|
||||
notify.note " ${NOTE}"$"performing quality checks""${NORM}""..."
|
||||
|
||||
TEMP=`LC_ALL=C getopt \
|
||||
-o i:t: --long infofile:,tmpdir: \
|
||||
@ -69,8 +69,8 @@ function alltests() {
|
||||
# - symlinks to files in the buildroot directory for rpm
|
||||
# (usable for a symlink attacks)
|
||||
# - symlinks not pointing to existing files
|
||||
notify.note \
|
||||
" * ${NOTE}"$"checking for wrong symbolic links""${NORM}..."
|
||||
notify.note "$(test_number_str). ${NOTE}"\
|
||||
$"checking for wrong symbolic links""${NORM}..."
|
||||
|
||||
# local rpmbuildroot=`sed -n "/%description/q;{
|
||||
# /^BuildRoot[ ]*:/{s/[^ ]*[ ]*//;p}}" \
|
||||
@ -108,16 +108,22 @@ wrong symlink"": \`${NOTE}${f/./}${NORM}' --> \`${NOTE}$(readlink $f)${NORM}'"
|
||||
popd >/dev/null
|
||||
let "i += 1"
|
||||
done
|
||||
test_number=$(($test_number + 1))
|
||||
|
||||
# check for `%buildroot' strings
|
||||
if [ "$rpm_ignores_buildroot" = 1 ]; then
|
||||
[ "$SPEC_BUILDROOT" ] && notify.note \
|
||||
" * ${NOTE}"$"checking for \`$SPEC_BUILDROOT' (%buildroot) strings"\
|
||||
"${NORM}... "$"skipped"
|
||||
[ "$SPEC_BUILDROOT" ] &&
|
||||
notify.note \
|
||||
"$(test_number_str). ${NOTE}"\
|
||||
$"checking for \`$SPEC_BUILDROOT' (%buildroot) strings"\
|
||||
"${NORM}... "$"skipped" ||
|
||||
notify.note \
|
||||
"$(test_number_str). ${NOTE}"\
|
||||
$"checking for %buildroot strings""${NORM}... "$"N/A"
|
||||
else
|
||||
notify.note \
|
||||
" * "$"checking for \`$SPEC_BUILDROOT' (%buildroot) strings"
|
||||
|
||||
notify.note "$(test_number_str). "\
|
||||
$"checking for \`$SPEC_BUILDROOT' (%buildroot) strings"
|
||||
|
||||
[ "$SPEC_BUILDROOT" ] || notify.error \
|
||||
$"(bug)"" -- $FUNCNAME: ""empty string"" (SPEC_BUILDROOT)"
|
||||
|
||||
@ -138,11 +144,12 @@ sed "s,$SPEC_BUILDROOT\(.*\), - [%buildroot]\1,")"
|
||||
let "i += 1"
|
||||
done
|
||||
fi
|
||||
test_number=$(($test_number + 1))
|
||||
|
||||
# check for `%_builddir' strings
|
||||
BUILDDIR="$(rpm --eval=%_builddir 2>/dev/null)"
|
||||
notify.note \
|
||||
" * ${NOTE}"$"checking for \`$BUILDDIR' (%_builddir) strings""${NORM}... "
|
||||
notify.note "$(test_number_str). ${NOTE}"\
|
||||
$"checking for \`$BUILDDIR' (%_builddir) strings""${NORM}... "
|
||||
|
||||
[ "$BUILDDIR" ] ||
|
||||
notify.error $"(bug)"" -- $FUNCNAME: ""empty string"" (BUILDDIR)"
|
||||
@ -163,10 +170,11 @@ sed "s,$BUILDDIR,[%_builddir],g;s,.*, - &,")"
|
||||
popd >/dev/null
|
||||
let "i += 1"
|
||||
done
|
||||
test_number=$(($test_number + 1))
|
||||
|
||||
# check for suspected plugins (.la, .so) in devel packages
|
||||
# note: pure plugins must be in the main package, not in devel
|
||||
notify.note " * ${NOTE}"$"\
|
||||
notify.note "$(test_number_str). ${NOTE}"$"\
|
||||
checking for suspicious plugins in devel packages""${NORM}..."
|
||||
|
||||
let "i = 0"
|
||||
@ -186,9 +194,10 @@ grep ' shared object,' | sed -n 's/.\(.*\):.*/\1/p'`; do
|
||||
popd >/dev/null
|
||||
let "i += 1"
|
||||
done
|
||||
test_number=$(($test_number + 1))
|
||||
|
||||
# check for wrong file attributes in lib and bin dirs
|
||||
notify.note " * ${NOTE}"$"\
|
||||
notify.note "$(test_number_str). ${NOTE}"$"\
|
||||
checking for wrong file attributes in bin and lib directories""${NORM}..."
|
||||
|
||||
warning=0
|
||||
@ -223,9 +232,10 @@ ${NOTE}"$"Hint"":${NORM}
|
||||
...
|
||||
%attr(0755,root,root) %{_bindir}/<program>
|
||||
-----------------------------"
|
||||
test_number=$(($test_number + 1))
|
||||
|
||||
# check for libraries with undefined symbols
|
||||
notify.note " * ${NOTE}"$"\
|
||||
notify.note "$(test_number_str). ${NOTE}"$"\
|
||||
checking for libraries with undefined symbols after relocation""${NORM}..."
|
||||
|
||||
let "i = 0"
|
||||
@ -252,9 +262,10 @@ $(LC_ALL=C ldd -d -r "$f" 2>/dev/null |& grep "undefined symbol")"
|
||||
popd >/dev/null
|
||||
let "i += 1"
|
||||
done
|
||||
test_number=$(($test_number + 1))
|
||||
|
||||
# check for binary files in etc (see FHS-2.2)
|
||||
notify.note " * ${NOTE}"$"\
|
||||
notify.note "$(test_number_str). ${NOTE}"$"\
|
||||
checking for binary files installed in /etc (see FHS)""${NORM}..."
|
||||
|
||||
warning=0
|
||||
@ -282,10 +293,10 @@ ${NOTE}"$"Hint"":${NORM}
|
||||
...
|
||||
%attr(0644,root,root) %{_sysconfdir}/<...file>
|
||||
-----------------------------" #|| exit 1
|
||||
test_number=$(($test_number + 1))
|
||||
|
||||
# check for installation code needed by info pages
|
||||
notify.note \
|
||||
" * ${NOTE}"$"\
|
||||
notify.note "$(test_number_str). ${NOTE}"$"\
|
||||
checking if the info catalog is updated when necessary""${NORM}..."
|
||||
|
||||
error=0
|
||||
@ -328,9 +339,10 @@ exit 0
|
||||
---------------------------------------"
|
||||
let "total_issues += $error"; }
|
||||
done
|
||||
test_number=$(($test_number + 1))
|
||||
|
||||
# check packages for wrong user and/or group ownerships
|
||||
notify.note " * ${NOTE}"$"\
|
||||
notify.note "$(test_number_str). ${NOTE}"$"\
|
||||
checking packages for wrong user and/or group ownerships""${NORM}..."
|
||||
|
||||
error=0
|
||||
@ -352,9 +364,10 @@ package not found"": \`${pck##*/}'"
|
||||
fi
|
||||
done )
|
||||
done
|
||||
test_number=$(($test_number + 1))
|
||||
|
||||
# check for desktop files installed in non standard applnk dir
|
||||
notify.note " * ${NOTE}"$"\
|
||||
notify.note "$(test_number_str). ${NOTE}"$"\
|
||||
checking packages for desktop files installed in the applnk dir""${NORM}..."
|
||||
|
||||
warning=0
|
||||
@ -381,10 +394,11 @@ ${NOTE}"$"Hint"":${NORM}
|
||||
"$"create desktop files for:"" ${rpmdatadir}/applications
|
||||
"$"see:"" <http://www.freedesktop.org/>
|
||||
-----------------------------"
|
||||
test_number=$(($test_number + 1))
|
||||
|
||||
# check if a package that do not contains binaries is tagged noarch
|
||||
notify.note \
|
||||
" * ${NOTE}"$"checking for packages with bad BuildArch tag""${NORM}..."
|
||||
notify.note "$(test_number_str). ${NOTE}"\
|
||||
$"checking for packages with bad BuildArch tag""${NORM}..."
|
||||
|
||||
warning=0
|
||||
let "i = 0"
|
||||
@ -408,8 +422,10 @@ BuildArch: noarch
|
||||
-----------------------------"
|
||||
let "total_issues += 1"; }
|
||||
fi
|
||||
test_number=$(($test_number + 1))
|
||||
|
||||
notify.note "\
|
||||
notify.note "
|
||||
--> ${NOTE}"$"Quality checks: ${#rpmpkg_name[@]} \
|
||||
package(s) checked: ${WARN}$total_issues${NOTE} warning(s).""${NORM}"
|
||||
package(s) checked: ${WARN}$total_issues${NOTE} warning(s).""${NORM}""
|
||||
"
|
||||
}
|
||||
|
@ -19,7 +19,7 @@ TEXTDOMAIN="test02_pkgsecurity"; export TEXTDOMAIN
|
||||
|
||||
function alltests() {
|
||||
# FIXME: add to 'po' file
|
||||
notify.note " * ${NOTE}"$"performing security checks""${NORM}""..."
|
||||
notify.note " ${NOTE}"$"performing security checks""${NORM}""..."
|
||||
|
||||
TEMP=`LC_ALL=C getopt \
|
||||
-o i:t: --long infofile:,tmpdir: \
|
||||
@ -70,8 +70,8 @@ function alltests() {
|
||||
|
||||
local total_issues=0
|
||||
|
||||
notify.note \
|
||||
" * ${NOTE}"$"checking for RPATH vulnerabilities""${NORM}..."
|
||||
notify.note "$(test_number_str). ${NOTE}"\
|
||||
$"checking for RPATH vulnerabilities""${NORM}..."
|
||||
|
||||
let "i = 0"
|
||||
for pck in ${rpmpkg_name[@]}; do
|
||||
@ -92,9 +92,10 @@ function alltests() {
|
||||
popd >/dev/null
|
||||
let "i += 1"
|
||||
done
|
||||
test_number=$(($test_number + 1))
|
||||
|
||||
notify.note \
|
||||
" * ${NOTE}"$"checking for setuid binaries""${NORM}..."
|
||||
notify.note "$(test_number_str). ${NOTE}"\
|
||||
$"checking for setuid binaries""${NORM}..."
|
||||
|
||||
let "i = 0"
|
||||
for pck in ${rpmpkg_name[@]}; do
|
||||
@ -108,9 +109,10 @@ function alltests() {
|
||||
popd >/dev/null
|
||||
let "i += 1"
|
||||
done
|
||||
test_number=$(($test_number + 1))
|
||||
|
||||
notify.note \
|
||||
" * ${NOTE}"$"checking for setgid directories""${NORM}..."
|
||||
notify.note "$(test_number_str). ${NOTE}"\
|
||||
$"checking for setgid directories""${NORM}..."
|
||||
|
||||
let "i = 0"
|
||||
for pck in ${rpmpkg_name[@]}; do
|
||||
@ -122,10 +124,11 @@ function alltests() {
|
||||
popd >/dev/null
|
||||
let "i += 1"
|
||||
done
|
||||
test_number=$(($test_number + 1))
|
||||
|
||||
# checking for unsecure use of $$ as random source in shell scripts
|
||||
notify.note " * ${NOTE}"$"\
|
||||
checking for unsecure use of \`\$\$' in shell and perl scripts""${NORM}..."
|
||||
notify.note "$(test_number_str). ${NOTE}"\
|
||||
$"checking for unsecure use of \`\$\$' in shell and perl scripts""${NORM}..."
|
||||
|
||||
vulnerable=0
|
||||
let "i = 0"
|
||||
@ -163,8 +166,10 @@ ${NOTE}"$"Hint for perl scripts"":${NORM}
|
||||
use File::Temp qw/ tempfile /;
|
||||
(\$fh,\$file) = tempfile ('<script_name>.XXXXXX');
|
||||
-----------------------------"
|
||||
test_number=$(($test_number + 1))
|
||||
|
||||
notify.note "\
|
||||
notify.note "
|
||||
--> ${NOTE}"$"Security checks: ${#rpmpkg_name[@]} \
|
||||
package(s) checked: ${WARN}$total_issues${NOTE} warning(s).""${NORM}"
|
||||
package(s) checked: ${WARN}$total_issues${NOTE} warning(s).""${NORM}""
|
||||
"
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user