YunoHost/package_check
1
0
Fork 0
mirror of https://github.com/YunoHost/package_check.git synced 2024-09-03 20:06:20 +02:00
Code Issues Projects Releases Packages Wiki Activity

LXC_EXEC to ynh_lxc_pc_exec

Browse source
This commit is contained in:
yalh76 2022-10-23 23:56:52 +02:00
parent 26530dd3de
commit 984e4c2720
3 changed files with 36 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
lib/tests.sh
View file

@ -13,7 +13,7 @@ _RUN_YUNOHOST_CMD() {
lxc file push -p -r "$package_path" $LXC_NAME/app_folder --quiet lxc file push -p -r "$package_path" $LXC_NAME/app_folder --quiet
# --output-as none is to disable the json-like output for some commands like backup create # --output-as none is to disable the json-like output for some commands like backup create
LXC_EXEC "yunohost --output-as none --debug $1" \ ynh_lxc_pc_exec "yunohost --output-as none --debug $1" \
| grep --line-buffered -v --extended-regexp '^[0-9]+\s+.{1,15}DEBUG' \ | grep --line-buffered -v --extended-regexp '^[0-9]+\s+.{1,15}DEBUG' \
| grep --line-buffered -v 'processing action' | grep --line-buffered -v 'processing action'
@ -39,7 +39,7 @@ _PREINSTALL () {
# Copy the pre-install script into the container. # Copy the pre-install script into the container.
lxc file push "$preinstall_script" "$LXC_NAME/preinstall.sh" lxc file push "$preinstall_script" "$LXC_NAME/preinstall.sh"
# Then execute the script to execute the pre-install commands. # Then execute the script to execute the pre-install commands.
LXC_EXEC "bash /preinstall.sh" ynh_lxc_pc_exec "bash /preinstall.sh"
fi fi
} }
@ -63,7 +63,7 @@ _PREUPGRADE () {
# Copy the pre-upgrade script into the container. # Copy the pre-upgrade script into the container.
lxc file push "$preupgrade_script" "$LXC_NAME/preupgrade.sh" lxc file push "$preupgrade_script" "$LXC_NAME/preupgrade.sh"
# Then execute the script to execute the pre-upgrade commands. # Then execute the script to execute the pre-upgrade commands.
LXC_EXEC "bash /preupgrade.sh" ynh_lxc_pc_exec "bash /preupgrade.sh"
return $? return $?
fi fi
} }
@ -111,7 +111,7 @@ _INSTALL_APP () {
local ret=$? local ret=$?
[ $ret -eq 0 ] && log_debug "Installation successful." || log_error "Installation failed." [ $ret -eq 0 ] && log_debug "Installation successful." || log_error "Installation failed."
if LXC_EXEC "su nobody -s /bin/bash -c \"test -r /var/www/$app_id || test -w /var/www/$app_id || test -x /var/www/$app_id\"" if ynh_lxc_pc_exec "su nobody -s /bin/bash -c \"test -r /var/www/$app_id || test -w /var/www/$app_id || test -x /var/www/$app_id\""
then then
log_error "It looks like anybody can read/enter /var/www/$app_id, which ain't super great from a security point of view ... Config files or other files may contain secrets or information that should in most case not be world-readable. You should remove all 'others' permissions with 'chmod o-rwx', and setup appropriate, exclusive permissions to the appropriate owner/group with chmod/chown." log_error "It looks like anybody can read/enter /var/www/$app_id, which ain't super great from a security point of view ... Config files or other files may contain secrets or information that should in most case not be world-readable. You should remove all 'others' permissions with 'chmod o-rwx', and setup appropriate, exclusive permissions to the appropriate owner/group with chmod/chown."
SET_RESULT "failure" install_dir_permissions SET_RESULT "failure" install_dir_permissions
@ -212,7 +212,7 @@ _VALIDATE_THAT_APP_CAN_BE_ACCESSED () {
log_debug "Running curl $check_domain$curl_check_path" log_debug "Running curl $check_domain$curl_check_path"
# Call cURL to try to access to the URL of the app # Call cURL to try to access to the URL of the app
LXC_EXEC "curl --location --insecure --silent --show-error \ ynh_lxc_pc_exec "curl --location --insecure --silent --show-error \
--header 'Host: $check_domain' \ --header 'Host: $check_domain' \
--resolve $DOMAIN:80:$LXC_IP \ --resolve $DOMAIN:80:$LXC_IP \
--resolve $DOMAIN:443:$LXC_IP \ --resolve $DOMAIN:443:$LXC_IP \
@ -223,7 +223,7 @@ _VALIDATE_THAT_APP_CAN_BE_ACCESSED () {
$check_domain$curl_check_path" \ $check_domain$curl_check_path" \
> "$TEST_CONTEXT/curl_print" > "$TEST_CONTEXT/curl_print"
LXC_EXEC "cat ./curl_output" > $curl_output ynh_lxc_pc_exec "cat ./curl_output" > $curl_output
# Analyze the result of curl command # Analyze the result of curl command
if [ $? -ne 0 ] if [ $? -ne 0 ]
@ -284,12 +284,12 @@ Page extract:\n$page_extract" > $TEST_CONTEXT/curl_result
# If we had a 50x error, try to display service info and logs to help debugging # If we had a 50x error, try to display service info and logs to help debugging
if [[ $curl_error -ne 0 ]] && echo "5" | grep -q "${http_code:0:1}" if [[ $curl_error -ne 0 ]] && echo "5" | grep -q "${http_code:0:1}"
then then
LXC_EXEC "systemctl --all" | grep "$app_id_to_check.*service" ynh_lxc_pc_exec "systemctl --all" | grep "$app_id_to_check.*service"
for SERVICE in $(LXC_EXEC "systemctl -all" | grep -o "$app_id_to_check.*service") for SERVICE in $(ynh_lxc_pc_exec "systemctl -all" | grep -o "$app_id_to_check.*service")
do do
LXC_EXEC "journalctl --no-pager --no-hostname -n 30 -u $SERVICE"; ynh_lxc_pc_exec "journalctl --no-pager --no-hostname -n 30 -u $SERVICE";
done done
LXC_EXEC "tail -v -n 15 \$(find /var/log/{nginx/,php*,$app_id_to_check} -mmin -3)" ynh_lxc_pc_exec "tail -v -n 15 \$(find /var/log/{nginx/,php*,$app_id_to_check} -mmin -3)"
fi fi
done done
@ -490,7 +490,7 @@ TEST_PORT_ALREADY_USED () {
lxc file push $TEST_CONTEXT/netcat.service $LXC_NAME/etc/systemd/system/netcat.service lxc file push $TEST_CONTEXT/netcat.service $LXC_NAME/etc/systemd/system/netcat.service
# Then start this service to block this port. # Then start this service to block this port.
LXC_EXEC "systemctl enable --now netcat" ynh_lxc_pc_exec "systemctl enable --now netcat"
_PREINSTALL _PREINSTALL

8
lib/tests_coordination.sh
View file

@ -257,13 +257,13 @@ run_all_tests() {
LXC_RESET LXC_RESET
LXC_CREATE LXC_CREATE
# Be sure that the container is running # Be sure that the container is running
LXC_EXEC "true" ynh_lxc_pc_exec "true"
# Print the version of YunoHost from the LXC container # Print the version of YunoHost from the LXC container
log_small_title "YunoHost versions" log_small_title "YunoHost versions"
LXC_EXEC "yunohost --version" ynh_lxc_pc_exec "yunohost --version"
LXC_EXEC "yunohost --version --output-as json" | jq -r .yunohost.version >> $TEST_CONTEXT/ynh_version ynh_lxc_pc_exec "yunohost --version --output-as json" | jq -r .yunohost.version >> $TEST_CONTEXT/ynh_version
LXC_EXEC "yunohost --version --output-as json" | jq -r .yunohost.repo >> $TEST_CONTEXT/ynh_branch ynh_lxc_pc_exec "yunohost --version --output-as json" | jq -r .yunohost.repo >> $TEST_CONTEXT/ynh_branch
echo $ARCH > $TEST_CONTEXT/architecture echo $ARCH > $TEST_CONTEXT/architecture
echo $app_id > $TEST_CONTEXT/app_id echo $app_id > $TEST_CONTEXT/app_id

44
lib/ynh_lxd_package_check
View file

@ -4,6 +4,27 @@
# PACKAGE_CHECK HELPERS # PACKAGE_CHECK HELPERS
#================================================= #=================================================
ynh_lxc_pc_exec () {
# Start the lxc container and execute the given command in it
local cmd=$1
_LXC_START_AND_WAIT $LXC_NAME
start_timer
# Execute the command given in argument in the container and log its results.
lxc exec $LXC_NAME --env PACKAGE_CHECK_EXEC=1 -t -- /bin/bash -c "$cmd" | tee -a "$complete_log" $current_test_log
# Store the return code of the command
local returncode=${PIPESTATUS[0]}
log_debug "Return code: $returncode"
stop_timer 1
# Return the exit code of the ssh command
return $returncode
}
LXC_CREATE () { LXC_CREATE () {
log_info "Launching new LXC $LXC_NAME ..." log_info "Launching new LXC $LXC_NAME ..."
# Check if we can launch container from YunoHost remote image # Check if we can launch container from YunoHost remote image
@ -86,29 +107,6 @@ LOAD_LXC_SNAPSHOT () {
_LXC_START_AND_WAIT $LXC_NAME _LXC_START_AND_WAIT $LXC_NAME
} }
#=================================================
LXC_EXEC () {
# Start the lxc container and execute the given command in it
local cmd=$1
_LXC_START_AND_WAIT $LXC_NAME
start_timer
# Execute the command given in argument in the container and log its results.
lxc exec $LXC_NAME --env PACKAGE_CHECK_EXEC=1 -t -- /bin/bash -c "$cmd" | tee -a "$complete_log" $current_test_log
# Store the return code of the command
local returncode=${PIPESTATUS[0]}
log_debug "Return code: $returncode"
stop_timer 1
# Return the exit code of the ssh command
return $returncode
}
LXC_STOP () { LXC_STOP () {
local container_to_stop=$1 local container_to_stop=$1
# (We also use timeout 30 in front of the command because sometime lxc # (We also use timeout 30 in front of the command because sometime lxc