openmamba/autospec
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

pck-update, test01_*,: rework output of all tests

Browse Source 
Signed-off-by: Davide Madrisan <davide.madrisan@gmail.com>
This commit is contained in:
Davide Madrisan 2012-05-19 00:03:42 +02:00
parent 80d929a5b1
commit af1fa53444
5 changed files with 72 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -57,6 +57,10 @@ Changes in version 1.12.0
Remove the partially obsolete document `autospec-it-HOWTO'.
Update/improve the italian manpage by merging part of the italian HOWTO.
+ update
* tests/test01_pkgquality, ests/test02_pkgsecurity - Davide Madrisan:
Rework output by adding the numbering of tests.
-------------------------------------------------------------------------------
Changes in version 1.10.0

8
plugins/pck-update.in
View File

@ -2663,7 +2663,7 @@ $pck-$pck_rpmversion-$pck_rpmrelease$DISTRO_rpm.noarch.rpm"
notify.error $"package not found"": \`$pcknew_name'"
echo "rpmpkg_name[$i]=\"$rpms_dir/noarch/$pcknew_name\"" \
>> $tmpextractdir/rpmpkg.info
notify.note " $pcknew_name"
notify.note " * $pcknew_name"
else
pcknew_name="\
$pck-$pck_rpmversion-$pck_rpmrelease$DISTRO_rpm.$target_cpu.rpm"
@ -2754,6 +2754,12 @@ can't create temporary directory"": $tmpextractdir/$i"
[ -d "$testdir" ] ||
notify.error $"no such file or directory"": \`$testdir'"
function test_number_str() {
[ $test_number -le 9 ] &&
echo " $test_number" || echo " $test_number"
}
local test_number=1
for fname in $testdir/*; do
notify.debug "$FUNCNAME: running test: \`$fname'"
( . $fname

6
po/it/test01_pkgquality.po
View File

@ -55,6 +55,12 @@ msgstr "controllo"
msgid "checking for \\`$SPEC_BUILDROOT' (%buildroot) strings"
msgstr "ricerca della stringa \\`$SPEC_BUILDROOT' (%buildroot)"
msgid "checking for %buildroot strings"
msgstr "ricerca delle stringhe %buildroot"
msgid "N/A"
msgstr "N/A"
msgid "skipped"
msgstr "ignorato"

62
tests/test01_pkgquality.in
View File

@ -26,7 +26,7 @@ done
function alltests() {
# FIXME: add to 'po' file
notify.note " * ${NOTE}"$"performing quality checks""${NORM}""..."
notify.note " ${NOTE}"$"performing quality checks""${NORM}""..."
TEMP=`LC_ALL=C getopt \
-o i:t: --long infofile:,tmpdir: \
@ -69,8 +69,8 @@ function alltests() {
# - symlinks to files in the buildroot directory for rpm
# (usable for a symlink attacks)
# - symlinks not pointing to existing files
notify.note \
" * ${NOTE}"$"checking for wrong symbolic links""${NORM}..."
notify.note "$(test_number_str). ${NOTE}"\
$"checking for wrong symbolic links""${NORM}..."
# local rpmbuildroot=`sed -n "/%description/q;{
# /^BuildRoot[ ]*:/{s/[^ ]*[ ]*//;p}}" \
@ -108,16 +108,22 @@ wrong symlink"": \`${NOTE}${f/./}${NORM}' --> \`${NOTE}$(readlink $f)${NORM}'"
popd >/dev/null
let "i += 1"
done
test_number=$(($test_number + 1))
# check for `%buildroot' strings
if [ "$rpm_ignores_buildroot" = 1 ]; then
[ "$SPEC_BUILDROOT" ] && notify.note \
" * ${NOTE}"$"checking for \`$SPEC_BUILDROOT' (%buildroot) strings"\
"${NORM}... "$"skipped"
[ "$SPEC_BUILDROOT" ] &&
notify.note \
"$(test_number_str). ${NOTE}"\
$"checking for \`$SPEC_BUILDROOT' (%buildroot) strings"\
"${NORM}... "$"skipped" ||
notify.note \
"$(test_number_str). ${NOTE}"\
$"checking for %buildroot strings""${NORM}... "$"N/A"
else
notify.note \
" * "$"checking for \`$SPEC_BUILDROOT' (%buildroot) strings"
notify.note "$(test_number_str). "\
$"checking for \`$SPEC_BUILDROOT' (%buildroot) strings"
[ "$SPEC_BUILDROOT" ] || notify.error \
$"(bug)"" -- $FUNCNAME: ""empty string"" (SPEC_BUILDROOT)"
@ -138,11 +144,12 @@ sed "s,$SPEC_BUILDROOT\(.*\), - [%buildroot]\1,")"
let "i += 1"
done
fi
test_number=$(($test_number + 1))
# check for `%_builddir' strings
BUILDDIR="$(rpm --eval=%_builddir 2>/dev/null)"
notify.note \
" * ${NOTE}"$"checking for \`$BUILDDIR' (%_builddir) strings""${NORM}... "
notify.note "$(test_number_str). ${NOTE}"\
$"checking for \`$BUILDDIR' (%_builddir) strings""${NORM}... "
[ "$BUILDDIR" ] ||
notify.error $"(bug)"" -- $FUNCNAME: ""empty string"" (BUILDDIR)"
@ -163,10 +170,11 @@ sed "s,$BUILDDIR,[%_builddir],g;s,.*, - &,")"
popd >/dev/null
let "i += 1"
done
test_number=$(($test_number + 1))
# check for suspected plugins (.la, .so) in devel packages
# note: pure plugins must be in the main package, not in devel
notify.note " * ${NOTE}"$"\
notify.note "$(test_number_str). ${NOTE}"$"\
checking for suspicious plugins in devel packages""${NORM}..."
let "i = 0"
@ -186,9 +194,10 @@ grep ' shared object,' | sed -n 's/.\(.*\):.*/\1/p'`; do
popd >/dev/null
let "i += 1"
done
test_number=$(($test_number + 1))
# check for wrong file attributes in lib and bin dirs
notify.note " * ${NOTE}"$"\
notify.note "$(test_number_str). ${NOTE}"$"\
checking for wrong file attributes in bin and lib directories""${NORM}..."
warning=0
@ -223,9 +232,10 @@ ${NOTE}"$"Hint"":${NORM}
...
%attr(0755,root,root) %{_bindir}/<program>
-----------------------------"
test_number=$(($test_number + 1))
# check for libraries with undefined symbols
notify.note " * ${NOTE}"$"\
notify.note "$(test_number_str). ${NOTE}"$"\
checking for libraries with undefined symbols after relocation""${NORM}..."
let "i = 0"
@ -252,9 +262,10 @@ $(LC_ALL=C ldd -d -r "$f" 2>/dev/null |& grep "undefined symbol")"
popd >/dev/null
let "i += 1"
done
test_number=$(($test_number + 1))
# check for binary files in etc (see FHS-2.2)
notify.note " * ${NOTE}"$"\
notify.note "$(test_number_str). ${NOTE}"$"\
checking for binary files installed in /etc (see FHS)""${NORM}..."
warning=0
@ -282,10 +293,10 @@ ${NOTE}"$"Hint"":${NORM}
...
%attr(0644,root,root) %{_sysconfdir}/<...file>
-----------------------------" #|| exit 1
test_number=$(($test_number + 1))
# check for installation code needed by info pages
notify.note \
" * ${NOTE}"$"\
notify.note "$(test_number_str). ${NOTE}"$"\
checking if the info catalog is updated when necessary""${NORM}..."
error=0
@ -328,9 +339,10 @@ exit 0
---------------------------------------"
let "total_issues += $error"; }
done
test_number=$(($test_number + 1))
# check packages for wrong user and/or group ownerships
notify.note " * ${NOTE}"$"\
notify.note "$(test_number_str). ${NOTE}"$"\
checking packages for wrong user and/or group ownerships""${NORM}..."
error=0
@ -352,9 +364,10 @@ package not found"": \`${pck##*/}'"
fi
done )
done
test_number=$(($test_number + 1))
# check for desktop files installed in non standard applnk dir
notify.note " * ${NOTE}"$"\
notify.note "$(test_number_str). ${NOTE}"$"\
checking packages for desktop files installed in the applnk dir""${NORM}..."
warning=0
@ -381,10 +394,11 @@ ${NOTE}"$"Hint"":${NORM}
"$"create desktop files for:"" ${rpmdatadir}/applications
"$"see:"" <http://www.freedesktop.org/>
-----------------------------"
test_number=$(($test_number + 1))
# check if a package that do not contains binaries is tagged noarch
notify.note \
" * ${NOTE}"$"checking for packages with bad BuildArch tag""${NORM}..."
notify.note "$(test_number_str). ${NOTE}"\
$"checking for packages with bad BuildArch tag""${NORM}..."
warning=0
let "i = 0"
@ -408,8 +422,10 @@ BuildArch: noarch
-----------------------------"
let "total_issues += 1"; }
fi
test_number=$(($test_number + 1))
notify.note "\
notify.note "
--> ${NOTE}"$"Quality checks: ${#rpmpkg_name[@]} \
package(s) checked: ${WARN}$total_issues${NOTE} warning(s).""${NORM}"
package(s) checked: ${WARN}$total_issues${NOTE} warning(s).""${NORM}""
"
}

27
tests/test02_pkgsecurity.in
View File

@ -19,7 +19,7 @@ TEXTDOMAIN="test02_pkgsecurity"; export TEXTDOMAIN
function alltests() {
# FIXME: add to 'po' file
notify.note " * ${NOTE}"$"performing security checks""${NORM}""..."
notify.note " ${NOTE}"$"performing security checks""${NORM}""..."
TEMP=`LC_ALL=C getopt \
-o i:t: --long infofile:,tmpdir: \
@ -70,8 +70,8 @@ function alltests() {
local total_issues=0
notify.note \
" * ${NOTE}"$"checking for RPATH vulnerabilities""${NORM}..."
notify.note "$(test_number_str). ${NOTE}"\
$"checking for RPATH vulnerabilities""${NORM}..."
let "i = 0"
for pck in ${rpmpkg_name[@]}; do
@ -92,9 +92,10 @@ function alltests() {
popd >/dev/null
let "i += 1"
done
test_number=$(($test_number + 1))
notify.note \
" * ${NOTE}"$"checking for setuid binaries""${NORM}..."
notify.note "$(test_number_str). ${NOTE}"\
$"checking for setuid binaries""${NORM}..."
let "i = 0"
for pck in ${rpmpkg_name[@]}; do
@ -108,9 +109,10 @@ function alltests() {
popd >/dev/null
let "i += 1"
done
test_number=$(($test_number + 1))
notify.note \
" * ${NOTE}"$"checking for setgid directories""${NORM}..."
notify.note "$(test_number_str). ${NOTE}"\
$"checking for setgid directories""${NORM}..."
let "i = 0"
for pck in ${rpmpkg_name[@]}; do
@ -122,10 +124,11 @@ function alltests() {
popd >/dev/null
let "i += 1"
done
test_number=$(($test_number + 1))
# checking for unsecure use of $$ as random source in shell scripts
notify.note " * ${NOTE}"$"\
checking for unsecure use of \`\$\$' in shell and perl scripts""${NORM}..."
notify.note "$(test_number_str). ${NOTE}"\
$"checking for unsecure use of \`\$\$' in shell and perl scripts""${NORM}..."
vulnerable=0
let "i = 0"
@ -163,8 +166,10 @@ ${NOTE}"$"Hint for perl scripts"":${NORM}
use File::Temp qw/ tempfile /;
(\$fh,\$file) = tempfile ('<script_name>.XXXXXX');
-----------------------------"
test_number=$(($test_number + 1))
notify.note "\
notify.note "
--> ${NOTE}"$"Security checks: ${#rpmpkg_name[@]} \
package(s) checked: ${WARN}$total_issues${NOTE} warning(s).""${NORM}"
package(s) checked: ${WARN}$total_issues${NOTE} warning(s).""${NORM}""
"
}