tests: Run as unprivileged user

Approach taken from cockpit: https://src.fedoraproject.org/rpms/cockpit/c/6d1be3eb74
2020-04-29 07:29:23 +02:00 · 2020-04-29 07:29:23 +02:00 · 1d5f8f120c
commit 1d5f8f120c
parent d6da8e6a37
3 changed files with 51 additions and 37 deletions
--- a/tests/browser.sh
+++ b/tests/browser.sh
@ -4,17 +4,34 @@ set -eux
 # from standard-test-source
 SOURCE="$(pwd)/source"
 LOGS="$(pwd)/logs"
 TESTS="$(pwd)/tests"
 mkdir -p "$LOGS"
 chmod a+w "$LOGS"
 # install browser; on RHEL, use chromium from epel
 if ! rpm -q chromium-headless; then
    if grep -q 'ID=rhel' /etc/os-release; then
        dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
        dnf config-manager --enable epel
    fi
    dnf install -y chromium-headless
 fi
 # create user account for logging in
 if ! id admin 2>/dev/null; then
-    useradd admin -G wheel
+    useradd -c Administrator -G wheel admin
    echo admin:foobar | chpasswd
 fi
 # avoid sudo lecture during tests
 su -c 'echo foobar | sudo --stdin whoami' - admin
 # create user account for running the test
 if ! id runtest 2>/dev/null; then
    useradd -c 'Test runner' runtest
 fi
 chown -R runtest "$SOURCE"
 # disable core dumps, we rather investigate them upstream where test VMs are accessible
 echo core > /proc/sys/kernel/core_pattern
@ -30,42 +47,12 @@ podman pull docker.io/busybox
 podman pull docker.io/alpine
 podman pull docker.io/registry:2
 EOF
 loginctl disable-linger $(id -u admin)
 systemctl enable --now cockpit.socket io.podman.socket
-# tests need cockpit's bots/ libraries and test infrastructure
+# Run tests as unprivileged user
-cd $SOURCE
+su - -c "env SOURCE=$SOURCE LOGS=$LOGS $TESTS/run-test.sh" runtest
 git init
 make bots test/common
-# only install a subset to save time/space
+RC=$(cat $LOGS/exitcode)
-npm install chrome-remote-interface sizzle
+exit ${RC:-1}
 . /etc/os-release
 export TEST_OS="${ID}-${VERSION_ID/./-}"
 # HACK: upstream tests don't recognize rhel-8-3 yet
 if [ "$TEST_OS" = "rhel-8-3" ]; then
    export TEST_OS=rhel-8-2
 fi
 # install browser; on RHEL, use chromium from epel
 if ! rpm -q chromium-headless; then
    if [ "$ID" = "rhel" ]; then
        dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
        dnf config-manager --enable epel
    fi
    dnf install -y chromium-headless
 fi
 export TEST_AUDIT_NO_SELINUX=1
 # run tests
 RC=0
 test/check-application -tv --machine 127.0.0.1:22 --browser 127.0.0.1:9090 TestApplication.testBasicSystem || { RC=$? ; cp --verbose Test* $LOGS || true; }
 # reset system changes from tests, for running this multiple times in a row
 rm -f /etc/systemd/system/cockpit.service.d/notls.conf
 systemctl daemon-reload
 systemctl stop cockpit.service
 exit $RC
--- a/tests/run-test.sh
+++ b/tests/run-test.sh
@ -0,0 +1,27 @@
 #!/bin/sh
 set -eux
 # tests need cockpit's bots/ libraries and test infrastructure
 cd $SOURCE
 git init
 make bots test/common
 # only install a subset to save time/space
 npm install chrome-remote-interface sizzle
 . /etc/os-release
 export TEST_OS="${ID}-${VERSION_ID/./-}"
 # HACK: upstream tests don't recognize rhel-8-3 yet
 if [ "$TEST_OS" = "rhel-8-3" ]; then
    export TEST_OS=rhel-8-2
 fi
 export TEST_AUDIT_NO_SELINUX=1
 RC=0
 test/check-application -tv --machine 127.0.0.1:22 --browser 127.0.0.1:9090 TestApplication.testBasicSystem || RC=$?
 echo $RC > "$LOGS/exitcode"
 cp --verbose Test* "$LOGS" || true
 # deliver test result via exitcode file
 exit 0
--- a/tests/tests.yml
+++ b/tests/tests.yml
@ -17,7 +17,7 @@
    - npm
    - python3
    tests:
-    - verify:
+    - browser:
        dir: .
        run: ./browser.sh
        save-files: ["logs/*"]