diff --git a/gating.yaml b/gating.yaml new file mode 100644 index 0000000..648918d --- /dev/null +++ b/gating.yaml @@ -0,0 +1,6 @@ +--- !Policy +product_versions: + - rhel-9 +decision_context: osci_compose_gate +rules: + - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional} diff --git a/tests/Sanity/dir-install/Makefile b/tests/Sanity/dir-install/Makefile new file mode 100644 index 0000000..74ce14d --- /dev/null +++ b/tests/Sanity/dir-install/Makefile @@ -0,0 +1,64 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /Sanity/dir-install +# Description: Install using OAA into a directory, check that the results file from the final scan contains FIXED results, which proves that remediations were executed. +# Author: Matej Tyc +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2019 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/Sanity/dir-install +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE kickstart.cfg test-ds.xml + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Matej Tyc " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Install using OAA into a directory, check that the results file from the final scan contains FIXED results, which proves that remediations were executed." >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 1h" >> $(METADATA) + @echo "RunFor: oscap-anaconda-addon" >> $(METADATA) + @echo "Requires: oscap-anaconda-addon" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2+" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Bug: 1653915" >> $(METADATA) + @echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA) + + rhts-lint $(METADATA) diff --git a/tests/Sanity/dir-install/PURPOSE b/tests/Sanity/dir-install/PURPOSE new file mode 100644 index 0000000..0969ce3 --- /dev/null +++ b/tests/Sanity/dir-install/PURPOSE @@ -0,0 +1,3 @@ +PURPOSE of /Sanity/dir-install +Description: Install using OAA into a directory, check that the results file from the final scan contains FIXED results, which proves that remediations were executed. +Author: Matej Tyc diff --git a/tests/Sanity/dir-install/kickstart.cfg b/tests/Sanity/dir-install/kickstart.cfg new file mode 100644 index 0000000..9b9501d --- /dev/null +++ b/tests/Sanity/dir-install/kickstart.cfg @@ -0,0 +1,37 @@ +lang en_US +keyboard us +timezone --utc America/New_York +reboot +url --url=@BASEOS_HTTP@ +bootloader --location=mbr --append="rhgb quiet crashkernel=auto" +zerombr +clearpart --all --initlabel +autopart +authselect --passalgo=sha512 --useshadow +selinux --enforcing +firewall --enabled --ssh +skipx +firstboot --disable +repo --name=appstream --baseurl=@APPSTREAM_HTTP@ + +# Set the system's root password (required) +# Plaintext password is: server +# Refer to e.g. http://fedoraproject.org/wiki/Anaconda/Kickstart#rootpw to see how to create +# encrypted password form for different plaintext password +rootpw --iscrypted $6$rhel6usgcb$aS6oPGXcPKp3OtFArSrhRwu6sN8q2.yEGY7AIwDOQd23YCtiz9c5mXbid1BzX9bmXTEZi.hCzTEXFosVBI5ng0 + +# The selected profile will restrict root login +# Add a user that can login and escalate privileges +# Plaintext password is: admin123 +user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted + +# Packages selection (%packages section is required) +%packages +openscap-scanner +%end + +%addon org_fedora_oscap + content-type = datastream + content-url = http://localhost:8000/test-ds.xml + profile = xccdf_org.ssgproject.content_profile_standard +%end diff --git a/tests/Sanity/dir-install/runtest.sh b/tests/Sanity/dir-install/runtest.sh new file mode 100755 index 0000000..4fdb433 --- /dev/null +++ b/tests/Sanity/dir-install/runtest.sh @@ -0,0 +1,80 @@ +#!/bin/bash +# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /Sanity/dir-install +# Description: Install using OAA into a directory, check that the results file from the final scan contains FIXED results, which proves that remediations were executed. +# Author: Matej Tyc +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2019 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="oscap-anaconda-addon" +KS=`pwd`/kickstart.cfg +INSTALLDIR=`pwd`/install + + +function get_fedora_repo_url { + local rawhide_repo="/etc/yum.repos.d/fedora-rawhide.repo" + + if [ -f "$rawhide_repo" ]; then + dnf repoinfo rawhide 2>/dev/null | grep -i "baseurl" | awk '{print $3}' + else + dnf repoinfo fedora 2>/dev/null | grep -i "baseurl" | awk '{print $3}' + fi +} + + +# $1: Channel (baseos|appstream) +function get_rhel_repo_url { + grep -Ri "baseurl=.*$1.*/os" /etc/yum.repos.d/ | sed -e 's/.*baseurl=//' | head -n 1 +} + + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm "$PACKAGE" + if rlIsRHEL; then + baseos_url=$(get_rhel_repo_url baseos) + appstream_url=$(get_rhel_repo_url appstream) + rlRun "sed -i 's|@BASEOS_HTTP@|$baseos_url|' $KS" + rlRun "sed -i 's|@APPSTREAM_HTTP@|$appstream_url|' $KS" + else + baseos_url=$(get_fedora_repo_url) + rlRun "sed -i 's|@BASEOS_HTTP@|$baseos_url|' $KS" + rlRun "sed -i '/^.*@APPSTREAM_HTTP@.*$/d' $KS" + fi + python3 -m http.server & + server_pid=$! + rlPhaseEnd + + rlPhaseStartTest + rlRun "mkdir install" 0 "Making install directory" + rlRun "anaconda --dirinstall $INSTALLDIR --kickstart $KS" 0 "Installing into a directory" + rlRun "test -f $INSTALLDIR/rh_baseos_test" 0 "Make sure that rh_baseos_test exists in the root of the installed system" + rlPhaseEnd + + rlPhaseStartCleanup + rlRun "kill $server_pid" 0 "Terminating the Python server that serves the datastream" + rlRun "rm -rf $INSTALLDIR" 0 "Remove the directory with the system installation" + rlPhaseEnd +rlJournalPrintText +rlJournalEnd diff --git a/tests/Sanity/dir-install/test-ds.xml b/tests/Sanity/dir-install/test-ds.xml new file mode 100644 index 0000000..542c69b --- /dev/null +++ b/tests/Sanity/dir-install/test-ds.xml @@ -0,0 +1,55 @@ + + + + 5.10 + 0001-01-01T00:00:00+00:00 + + + + + + x + x + + Minimal test environment + + + + + + + + + + + + + + + + + + /rh_baseos_test + + + + + incomplete + + + 1.0 + + + Dummy standard profile +