diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/gating.yaml b/gating.yaml new file mode 100644 index 0000000..af37a4c --- /dev/null +++ b/gating.yaml @@ -0,0 +1,8 @@ +--- !Policy +product_versions: +- fedora-* +decision_contexts: +- bodhi_update_push_stable +subject_type: koji_build +rules: +- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/tests.functional} diff --git a/krb5-tests b/krb5-tests new file mode 100644 index 0000000..cbbb302 --- /dev/null +++ b/krb5-tests @@ -0,0 +1,14 @@ +#!/bin/sh +set -e + +export RPM_PACKAGE_NAME={{ name }} +export RPM_PACKAGE_VERSION={{ version }} +export RPM_PACKAGE_RELEASE={{ release }} +export RPM_ARCH={{ arch }} + +testdir="$(mktemp -d)" +trap "rm -rf ${testdir}" EXIT + +cp -rp /usr/share/{{ name }}-tests "${testdir}/" +make -C "${testdir}/{{ name }}-tests" $(rpm --eval '%{_smp_mflags}') +keyctl session - make -C "${testdir}/{{ name }}-tests" check diff --git a/krb5.spec b/krb5.spec index 113a81c..cc8bc17 100644 --- a/krb5.spec +++ b/krb5.spec @@ -1,27 +1,3 @@ -%bcond_without check -%if %{without check} -%global skipcheck 1 -%endif - -# COPR doesn't work right with the tests. I suspect keyring issues, -# but can't actually debug, so... -%if 0%{?copr_username:1} -%global skipcheck 1 -%endif - -# There are 0 test machines for this architecture, very few builders, and -# they're not very well provisioned / maintained. I can't support it. -# Patches welcome, but there's nothing I can do - it fails more than half the -# for "infrastructure issues" that I can't hope to debug. -%ifarch s390x -%global skipcheck 1 -%endif - -# RHEL runs upstream's test suite in a separate pass after build. -%if 0%{?rhel} -%global skipcheck 1 -%endif - # Set this so that find-lang.sh will recognize the .po files. %global gettext_domain mit-krb5 # Guess where the -libs subpackage's docs are going to go. @@ -81,6 +57,7 @@ Source11: ksu.pamd Source12: krb5kdc.logrotate Source13: kadmind.logrotate Source14: krb5-krb5kdc.conf +Source15: %{name}-tests Patch1: 0001-downstream-ksu-pam-integration.patch Patch2: 0002-downstream-SELinux-integration.patch @@ -115,17 +92,6 @@ BuildRequires: perl-interpreter # For autosetup BuildRequires: git -%if 0%{?skipcheck} -%else -BuildRequires: dejagnu -BuildRequires: net-tools, rpcbind -BuildRequires: hostname -BuildRequires: iproute -BuildRequires: python3-pyrad -BuildRequires: procps-ng -BuildRequires: resolv_wrapper -%endif - %if 0%{?fedora} > 35 # Need KDFs. This is the "real" version BuildRequires: openssl-devel => 1:3.0.0 @@ -135,6 +101,10 @@ BuildRequires: openssl-devel >= 1:1.1.1d-4 BuildRequires: openssl-devel < 1:3.0.0 %endif +# Enable compilation of optional tests +BuildRequires: resolv_wrapper +BuildRequires: libcmocka-devel + %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure @@ -244,6 +214,53 @@ Kerberos is a network authentication system. The libkadm5 package contains only the libkadm5clnt and libkadm5serv shared objects. This interface is not considered stable. +%package tests +Summary: Test sources for krb5 build + +# Build dependencies +Requires: coreutils, gawk, sed +Requires: gcc-c++ +Requires: gettext +Requires: libcom_err-devel +Requires: libselinux-devel +Requires: libss-devel +Requires: libverto-devel +Requires: lmdb-devel +Requires: openldap-devel +Requires: pam-devel +Requires: redhat-rpm-config +%if 0%{?fedora} > 35 +Requires: openssl-devel => 1:3.0.0 +%else +Requires: openssl-devel >= 1:1.1.1d-4 +Requires: openssl-devel < 1:3.0.0 +%endif + +# Test dependencies +Requires: dejagnu +Requires: hostname +Requires: iproute +Requires: keyutils, keyutils-libs-devel >= 1.5.8 +Requires: libcmocka-devel +Requires: libverto-module-base +Requires: logrotate +Requires: net-tools, rpcbind +Requires: perl-interpreter +Requires: procps-ng +Requires: python3-kdcproxy +Requires: python3-pyrad +Requires: resolv_wrapper +Requires: /etc/crypto-policies/back-ends/krb5.config +Requires: /usr/share/dict/words +#Requires: openldap-servers, openldap-clients + +# sssd_krb5_locator_plugin.so conflicts with t_discover_uri.py +Conflicts: sssd-client + +%description tests +FOR TESTING PURPOSE ONLY +Test sources for krb5 build, with pre-defined compilation parameters + %prep %autosetup -S git_am -n %{name}-%{version}%{?dashpre} ln NOTICE LICENSE @@ -354,17 +371,6 @@ sphinx-build -a -b man -t pathsubs doc build-man sphinx-build -a -b html -t pathsubs doc build-html rm -fr build-html/_sources -%if 0%{?skipcheck} -%else -%check -pushd src - -# The build system may give us a revoked session keyring, so run affected -# tests with a new one. -keyctl session - make check OFFLINE=yes TMPDIR=%{_tmppath} -popd -%endif - %install [ "$RPM_BUILD_ROOT" != '/' ] && rm -rf -- "$RPM_BUILD_ROOT" @@ -481,6 +487,39 @@ rm -- "$RPM_BUILD_ROOT/%{_docdir}/krb5-libs/examples/services.append" # This is only needed for tests rm -- "$RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/preauth/test.so" +# Generate tests launching script +sed -e 's/{{ name }}/%{name}/' \ + -e 's/{{ version }}/%{krb5_version}/' \ + -e 's/{{ release }}/%{krb5_release}/' \ + -e 's/{{ arch }}/%{_arch}/' \ + -i %{SOURCE15} +mkdir -p $RPM_BUILD_ROOT%{_libexecdir} +install -pm 755 %{SOURCE15} $RPM_BUILD_ROOT%{_libexecdir}/ + +# Copy source files from build folder to system data folder +install -pdm 755 $RPM_BUILD_ROOT%{_datarootdir}/%{name}-tests +pushd src +cp -p --parents -t "$RPM_BUILD_ROOT%{_datarootdir}/%{name}-tests/" \ + $(find . -type f -exec file -i "{}" + \ + | sed -ne 's|^\./\([^:]\+\): \+text/.\+$|\1|p') +popd + +# Copy binary test files +install -pm 644 src/tests/pkinit-certs/*.p12 \ + "$RPM_BUILD_ROOT%{_datarootdir}/%{name}-tests/tests/pkinit-certs/" +install -pm 644 src/tests/au_dict.json \ + "$RPM_BUILD_ROOT%{_datarootdir}/%{name}-tests/tests/" + +# Unset executable bit if no shebang in script +for f in $(find "$RPM_BUILD_ROOT%{_datarootdir}/%{name}-tests/" -type f -executable) +do + head -n1 "$f" | grep -Eq '^#!' || chmod a-x "$f" +done + +# Remove broken shebang Perl scripts +rm -- "$RPM_BUILD_ROOT%{_datarootdir}/%{name}-tests/config/wconfig.pl" +rm -- "$RPM_BUILD_ROOT%{_datarootdir}/%{name}-tests/kadmin/kdbkeys/do-test.pl" + %find_lang %{gettext_domain} %ldconfig_scriptlets libs @@ -666,6 +705,10 @@ exit 0 %{_libdir}/libkadm5clnt_mit.so.* %{_libdir}/libkadm5srv_mit.so.* +%files tests +%{_libexecdir}/%{name}-tests +%{_datarootdir}/%{name}-tests/ + %changelog * Wed Nov 23 2022 Julien Rische - 1.20.1-1 - New upstream version (1.20.1) diff --git a/plans/tests.fmf b/plans/tests.fmf new file mode 100644 index 0000000..9d368f3 --- /dev/null +++ b/plans/tests.fmf @@ -0,0 +1,9 @@ +summary: Tests +discover: + how: fmf +prepare: +- how: shell + script: + - dnf remove -y sssd-client +execute: + how: tmt diff --git a/tests/inplace-upgrade-sanity-test/Makefile b/tests/inplace-upgrade-sanity/Makefile similarity index 100% rename from tests/inplace-upgrade-sanity-test/Makefile rename to tests/inplace-upgrade-sanity/Makefile diff --git a/tests/inplace-upgrade-sanity-test/PURPOSE b/tests/inplace-upgrade-sanity/PURPOSE similarity index 100% rename from tests/inplace-upgrade-sanity-test/PURPOSE rename to tests/inplace-upgrade-sanity/PURPOSE diff --git a/tests/inplace-upgrade-sanity/TC#0378369.fmf b/tests/inplace-upgrade-sanity/TC#0378369.fmf new file mode 100644 index 0000000..8d54d68 --- /dev/null +++ b/tests/inplace-upgrade-sanity/TC#0378369.fmf @@ -0,0 +1,21 @@ +tag: + - CI-Tier-1 + - CI-Tier-1-krb5 + - Fedora 31 + - Fedora 32 + - FedoraReady + - IDM-CI-gating + - NoRHEL4 + - NoRHEL5 + - TIPpass + - TIPpass_Security + - Tier1 + - Tier1security + - rhel_upgrade +tier: '1' +adjust: + - enabled: false + when: distro == rhel-4, rhel-5 + continue: false +extra-nitrate: TC#0378369 +extra-summary: /CoreOS/krb5/Sanity/inplace-upgrade-sanity-test diff --git a/tests/inplace-upgrade-sanity/TC#0552039.fmf b/tests/inplace-upgrade-sanity/TC#0552039.fmf new file mode 100644 index 0000000..7f2731d --- /dev/null +++ b/tests/inplace-upgrade-sanity/TC#0552039.fmf @@ -0,0 +1,17 @@ +link: + - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1394908 +tag: + - NoRHEL4 + - NoRHEL5 + - TIPpass + - TIPpass_Security + - Tier2 +tier: '2' +adjust: + - enabled: false + when: distro == rhel-4, rhel-5, rhel-6 + continue: false +environment: + TEST_ENTROPY_SOURCE: yes +extra-nitrate: TC#0552039 +extra-summary: 'BZ#1394908: Enable faster getrandom-based entropy system' diff --git a/tests/inplace-upgrade-sanity/TC#0608992.fmf b/tests/inplace-upgrade-sanity/TC#0608992.fmf new file mode 100644 index 0000000..440308f --- /dev/null +++ b/tests/inplace-upgrade-sanity/TC#0608992.fmf @@ -0,0 +1,14 @@ +tag: + - Fedora 31 + - Fedora 32 + - FedoraReady + - NoRHEL4 + - NoRHEL5 + - rhel_upgrade +adjust: + - enabled: false + when: distro == rhel-4, rhel-5 + continue: false +manual: true +extra-nitrate: TC#0608992 +extra-summary: /CoreOS/krb5/Sanity/inplace-upgrade-sanity-test-manual diff --git a/tests/inplace-upgrade-sanity-test/kdc.conf b/tests/inplace-upgrade-sanity/kdc.conf similarity index 100% rename from tests/inplace-upgrade-sanity-test/kdc.conf rename to tests/inplace-upgrade-sanity/kdc.conf diff --git a/tests/inplace-upgrade-sanity-test/krb5.conf b/tests/inplace-upgrade-sanity/krb5.conf similarity index 100% rename from tests/inplace-upgrade-sanity-test/krb5.conf rename to tests/inplace-upgrade-sanity/krb5.conf diff --git a/tests/inplace-upgrade-sanity/main.fmf b/tests/inplace-upgrade-sanity/main.fmf new file mode 100644 index 0000000..40e0a0e --- /dev/null +++ b/tests/inplace-upgrade-sanity/main.fmf @@ -0,0 +1,19 @@ +summary: Verifies basic scenarios which should work after inplace upgrade. +enabled: true +contact: Filip Dvorak +component: +- krb5 +test: ./runtest.sh +path: /tests/inplace-upgrade-sanity +framework: beakerlib +require: +- expect +- krb5-server +- krb5-workstation +- openssh-clients +- openssh-server +- rng-tools +- setools-console +duration: 20m +extra-summary: /CoreOS/krb5/Sanity/inplace-upgrade-sanity-test +extra-task: /CoreOS/krb5/Sanity/inplace-upgrade-sanity-test diff --git a/tests/inplace-upgrade-sanity-test/runtest.sh b/tests/inplace-upgrade-sanity/runtest.sh similarity index 97% rename from tests/inplace-upgrade-sanity-test/runtest.sh rename to tests/inplace-upgrade-sanity/runtest.sh index 7454540..c6e3d45 100755 --- a/tests/inplace-upgrade-sanity-test/runtest.sh +++ b/tests/inplace-upgrade-sanity/runtest.sh @@ -27,7 +27,6 @@ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # Include Beaker environment -. /usr/bin/rhts-environment.sh . /usr/share/beakerlib/beakerlib.sh || exit 1 PACKAGE="krb5" @@ -89,11 +88,17 @@ rlJournalStart if rlIsRHEL 6; then rlRun "sed -i \"s/EXAMPLE.COM/$krb5REALM1/\" $krb5conf" rlRun "sed -i \"s/kerberos.example.com/$krb5HostName/\" $krb5conf" - rlRun "sed -i \"s/example.com/$krb5DomainName/\" $krb5conf" + if [ "$krb5DomainName" ]; then + rlRun "sed -i \"s/example.com/$krb5DomainName/\" $krb5conf" + fi else rlRun "sed -i \"s/\[libdefaults\]/[libdefaults]\n default_realm = $krb5REALM1/\" $krb5conf" rlRun "sed -i \"s/\[realms\]/[realms]\n $krb5REALM1 = {\n kdc = $krb5HostName\n admin_server = $krb5HostName\n }/\" $krb5conf" - rlRun "sed -i \"s/\[domain_realm\]/[domain_realm]\n .$krb5DomainName = $krb5REALM1\n $krb5DomainName = $krb5REALM1/\" $krb5conf" + if [ "$krb5DomainName" ]; then + rlRun "sed -i \"s/\[domain_realm\]/[domain_realm]\n .$krb5DomainName = $krb5REALM1\n $krb5DomainName = $krb5REALM1/\" $krb5conf" + else + rlRun "sed -i \"s/\[domain_realm\]/[domain_realm]\n $krb5HostName = $krb5REALM1/\" $krb5conf" + fi fi rlRun "sed -i s/EXAMPLE.COM/$krb5REALM1/ $krb5kdcconf" # Configure the kadmin ACL @@ -368,4 +373,4 @@ _EOF rlRun "rm -r $TmpDir" rlPhaseEnd rlJournalPrintText -rlJournalEnd \ No newline at end of file +rlJournalEnd diff --git a/tests/tests.yml b/tests/tests.yml deleted file mode 100644 index 6ebc417..0000000 --- a/tests/tests.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -# This first play always runs on the local staging system -- hosts: localhost - roles: - - role: standard-test-beakerlib - tags: - - classic - tests: - - inplace-upgrade-sanity-test - required_packages: - - expect # Required for inplace-upgrade-sanity-test - - krb5-server # Required for inplace-upgrade-sanity-test - - krb5-workstation # Required for inplace-upgrade-sanity-test - - openssh-clients # Required for inplace-upgrade-sanity-test - - openssh-server # Required for inplace-upgrade-sanity-test - - rng-tools # Required for inplace-upgrade-sanity-test diff --git a/tests/upstream/main.fmf b/tests/upstream/main.fmf new file mode 100644 index 0000000..66718fa --- /dev/null +++ b/tests/upstream/main.fmf @@ -0,0 +1,7 @@ +summary: Run upstream tests +test: ./test.sh +enabled: true +path: /tests/upstream +require: +- krb5-tests +duration: 20m diff --git a/tests/upstream/test.sh b/tests/upstream/test.sh new file mode 100755 index 0000000..9c5abc5 --- /dev/null +++ b/tests/upstream/test.sh @@ -0,0 +1,2 @@ +#!/bin/sh -eux +/usr/libexec/krb5-tests