diff --git a/config.defaults b/config.defaults deleted file mode 100644 index c4c9129..0000000 --- a/config.defaults +++ /dev/null @@ -1,33 +0,0 @@ -##################### -# LXC Configuration # -##################### - -# Network stuff -MAIN_NETWORK_INTERFACE=$(sudo ip route | grep default | awk '{print $5;}') -LXC_BRIDGE="lxc-pchecker" -LXC_NETWORK="10.1.4" -DNS_RESOLVER="80.67.169.12" - -# Container configuration -DISTRIB="buster" -LXC_NAME="pchecker_lxc" -LXC_ROOTFS="/var/lib/lxc/$LXC_NAME/rootfs" -LXC_SNAPSHOTS="/var/lib/lxcsnaps/$LXC_NAME" - -########################### -# Yunohost configuration # -########################### - -# By default we'll install Yunohost with the default branch -YNH_INSTALL_SCRIPT_BRANCH="" - -# Admin password -YUNO_PWD="admin" - -# Domaines de test -DOMAIN="domain.tld" -SUBDOMAIN="sub.$DOMAIN" - -# User de test -TEST_USER="package_checker" - diff --git a/package_check.sh b/package_check.sh index 85fd966..0c1f4d7 100755 --- a/package_check.sh +++ b/package_check.sh @@ -2,7 +2,7 @@ cd $(dirname $(realpath $0) | sed 's@/sub_scripts$@@g') source "./sub_scripts/common.sh" -source "./sub_scripts/launcher.sh" +source "./sub_scripts/lxc.sh" source "./sub_scripts/testing_process.sh" complete_log="./Complete.log" @@ -11,7 +11,7 @@ complete_log="./Complete.log" > "$complete_log" > "./lxc_boot.log" -TEST_CONTEXT=$(mkdtemp -d) +TEST_CONTEXT=$(mktemp -d) # Redirect fd 3 (=debug steam) to complete log exec 3>>$complete_log @@ -33,23 +33,18 @@ package_check.sh [OPTION]... PACKAGE_TO_CHECK Wait for the user to continue before each remove. -h, --help Display this help - -l, --build-lxc - Install LXC and build the container if necessary. EOF exit 0 } clean_exit () { + # Exit and remove all temp files # $1 = exit code - - # Deactivate LXC network - LXC_TURNOFF + LXC_RESET # Remove temporary files - rm -f "./url_output" - rm -f "./curl_print" rm -rf "$TEST_CONTEXT" # Remove the application which been tested @@ -74,7 +69,6 @@ clean_exit () { gitbranch="" force_install_ok=0 interactive=0 -build_lxc=0 arguments=("$@") getopts_built_arg=() @@ -89,7 +83,6 @@ do # For each argument in the array, reduce to short argument for getopts arguments[$i]=${arguments[$i]//--interactive/-i} arguments[$i]=${arguments[$i]//--help/-h} - arguments[$i]=${arguments[$i]//--build-lxc/-l} getopts_built_arg+=("${arguments[$i]}") done @@ -120,11 +113,6 @@ parse_arg () { # --help print_help ;; - l) - # --build-lxc - build_lxc=1 - shift_value=1 - ;; \?) echo "Invalid argument: -${OPTARG:-}" print_help @@ -180,26 +168,9 @@ assert_we_are_connected_to_the_internets self_upgrade fetch_or_upgrade_package_linter -# Check if lxc is already installed -if dpkg-query -W -f '${Status}' "lxc" 2>/dev/null | grep -q "ok installed" -then - # If lxc is installed, check if the container is already built. - if ! sudo lxc-ls | grep -q "$LXC_NAME" - then - # If lxc's not installed and build_lxc set. Asks to build the container. - [ $build_lxc -eq 1 ] || log_critical "LXC is not installed or the container $LXC_NAME doesn't exist.\nYou should build it with 'lxc_build.sh'." - ./sub_scripts/lxc_build.sh - fi -elif [ $build_lxc -eq 1 ] -then - # If lxc's not installed and build_lxc set. Asks to build the container. - ./sub_scripts/lxc_build.sh -fi - -# Stop and restore the LXC container. In case of previous incomplete execution. -LXC_STOP -LXC_TURNOFF -LXC_PURGE_SNAPSHOTS +# Reset and create a fresh container to work with +LXC_RESET +LXC_CREATE #================================================= # Pick up the package @@ -705,8 +676,6 @@ run_all_tests() { # And keep this value separately complete_start_timer=$starttime - LXC_INIT - # Break after the first tests serie if [ $interactive -eq 1 ]; then read -p "Press a key to start the tests..." < /dev/tty @@ -734,6 +703,4 @@ run_all_tests() { run_all_tests -LXC_PURGE_SNAPSHOTS - clean_exit 0 diff --git a/sub_scripts/common.sh b/sub_scripts/common.sh index 6468fca..3c17fcf 100755 --- a/sub_scripts/common.sh +++ b/sub_scripts/common.sh @@ -1,6 +1,22 @@ #!/bin/bash -[[ -e "./config.defaults" ]] && source "./config.defaults" +DEFAULT_DIST="buster" + +# By default we'll install Yunohost with the default branch +YNH_INSTALL_SCRIPT_BRANCH="" + +# Admin password +YUNO_PWD="admin" + +# Domaines de test +DOMAIN="domain.tld" +SUBDOMAIN="sub.$DOMAIN" + +# User de test +TEST_USER="package_checker" + +LXC_NAME="ynh-appci" + [[ -e "./config" ]] && source "./config" readonly lock_file="./pcheck.lock" @@ -10,11 +26,8 @@ readonly lock_file="./pcheck.lock" #================================================= RUN_INSIDE_LXC() { - sudo lxc-attach -n $LXC_NAME -- "$@" -} - -RUN_THROUGH_SSH() { - ssh -tt -q $LXC_NAME "sudo $@" + sudo lxc exec $LXC_NAME -- "$@" + sudo lxc-attach -n -- "$@" } assert_we_are_the_setup_user() { @@ -241,4 +254,3 @@ function fetch_or_upgrade_package_linter() echo "$check_version" > "$version_file" } - diff --git a/sub_scripts/launcher.sh b/sub_scripts/launcher.sh deleted file mode 100755 index e7898d4..0000000 --- a/sub_scripts/launcher.sh +++ /dev/null @@ -1,189 +0,0 @@ -# #!/bin/bash - -#================================================= -# Globals variables -#================================================= - -# -q aims to disable the display of 'Debian GNU/Linux' each time a command is ran -arg_ssh="-tt -q" - -#================================================= -# RUNNING SNAPSHOT -#================================================= - -CREATE_LXC_SNAPSHOT () { - # Create a temporary snapshot - - local snapname=$1 - - start_timer - # Check all the witness files, to verify if them still here - check_witness_files >&2 - - # Stop the container, before its snapshot - sudo lxc-stop --name $LXC_NAME >&2 - - # Remove swap files to avoid killing the CI with huge snapshots. - local swap_file="$LXC_ROOTFS/swap_$app_id" - if sudo test -e "$swap_file" - then - sudo swapoff "$swap_file" - sudo rm "$swap_file" - fi - - # Check if the snapshot already exist - if [ ! -e "$LXC_SNAPSHOTS/$snapname" ] - then - log_debug "$snapname doesn't exist, its first creation can takes a little while." >&2 - # Create the snapshot. - sudo lxc-snapshot --name $LXC_NAME >> "$complete_log" 2>&1 - - # lxc always creates the first snapshot it can creates. - # So if snap1 doesn't exist and you try to create snap_foo, it will be named snap1. - if [ "$snapname" != "snap1" ] && [ ! -e "$LXC_SNAPSHOTS/$snapname" ] - then - # Rename snap1 - sudo mv "$LXC_SNAPSHOTS/snap1" "$LXC_SNAPSHOTS/$snapname" - fi - fi - - # Update the snapshot with rsync to clone the current lxc state - sudo rsync --acls --archive --delete --executability --itemize-changes --xattrs "$LXC_ROOTFS/" "$LXC_SNAPSHOTS/$snapname/rootfs/" > /dev/null 2>> "$complete_log" - - stop_timer 1 - - # Restart the container, after the snapshot - LXC_START "true" >&2 -} - -LOAD_LXC_SNAPSHOT () { - # Use a temporary snapshot, if it already exists - # $1 = Name of the snapshot to use - local snapshot=$1 - - log_debug "Restoring snapshot $snapshot" - - start_timer - # Fix the missing hostname in the hosts file... - echo "127.0.0.1 $LXC_NAME" | sudo tee --append "$LXC_SNAPSHOTS/$snapshot/rootfs/etc/hosts" > /dev/null - - # Restore this snapshot. - sudo rsync --acls --archive --delete --executability --itemize-changes --xattrs "$LXC_SNAPSHOTS/$snapshot/rootfs/" "$LXC_ROOTFS/" > /dev/null 2>> "$complete_log" - local ret=$? - - stop_timer 1 - - return $ret -} - -#================================================= - -is_lxc_running () { - sudo lxc-info --name=$LXC_NAME | grep --quiet "RUNNING" -} - -LXC_INIT () { - # Clean previous remaining swap files - sudo swapoff $LXC_ROOTFS/swap_* 2>/dev/null - sudo rm --force $LXC_ROOTFS/swap_* - sudo swapoff $LXC_SNAPSHOTS/snap0/rootfs/swap_* 2>/dev/null - sudo rm --force $LXC_SNAPSHOTS/snap0/rootfs/swap_* - sudo swapoff $LXC_SNAPSHOTS/snap_afterinstall/rootfs/swap_* 2>/dev/null - sudo rm --force $LXC_SNAPSHOTS/snap_afterinstall/rootfs/swap_* - - LXC_PURGE_SNAPSHOTS - - # Initialize LXC network - - # Activate the bridge - echo "Initialize network for LXC." - sudo ifup $LXC_BRIDGE --interfaces=/etc/network/interfaces.d/$LXC_BRIDGE | tee --append "$complete_log" 2>&1 - - # Activate iptables rules - echo "Activate iptables rules." - sudo iptables --append FORWARD --in-interface $LXC_BRIDGE --out-interface $MAIN_NETWORK_INTERFACE --jump ACCEPT | tee --append "$complete_log" 2>&1 - sudo iptables --append FORWARD --in-interface $MAIN_NETWORK_INTERFACE --out-interface $LXC_BRIDGE --jump ACCEPT | tee --append "$complete_log" 2>&1 - sudo iptables --table nat --append POSTROUTING --source $LXC_NETWORK.0/24 --jump MASQUERADE | tee --append "$complete_log" 2>&1 -} - -LXC_PURGE_SNAPSHOTS() { - LXC_STOP - - for SNAP in $(sudo ls $LXC_SNAPSHOTS/snap_*install 2>/dev/null) - do - sudo lxc-snapshot -n $LXC_NAME -d $(basename $SNAP) - done -} - -LXC_START () { - # Start the lxc container and execute the given command in it - local cmd=$1 - - start_timer - # Try to start the container 3 times. - local max_try=3 - local i=0 - while [ $i -lt $max_try ] - do - i=$(( $i +1 )) - # Start the container and log the booting process in ./lxc_boot.log - # Try to start only if the container is not already started - if ! is_lxc_running; then - log_debug "Start the LXC container" >> "$complete_log" - sudo lxc-start --name=$LXC_NAME --daemon --logfile "./lxc_boot.log" | tee --append "$complete_log" 2>&1 - else - log_debug "A LXC container is already running" - fi - - # Try to connect 5 times - local j=0 - for j in `seq 1 5` - do - log_debug "." >> "$complete_log" - # Try to connect with ssh to check if the container is ready to work. - if ssh $arg_ssh -o ConnectTimeout=10 $LXC_NAME "exit 0" > /dev/null 2>&1; then - # Break the for loop if the container is ready. - break - fi - sleep 1 - done - - [ "$(uname -m)" == "aarch64" ] && sleep 30 - - done - stop_timer 1 - start_timer - - # Copy the package into the container. - rsync -rq --delete "$package_path" "$LXC_NAME": >> "$complete_log" 2>&1 - - # Execute the command given in argument in the container and log its results. - ssh $arg_ssh $LXC_NAME "$cmd" | tee -a "$complete_log" - - # Store the return code of the command - local returncode=${PIPESTATUS[0]} - - log_debug "Return code: $return_code" - - stop_timer 1 - # Return the exit code of the ssh command - return $returncode -} - -LXC_STOP () { - if is_lxc_running; - then - log_debug "Stop the LXC container" - sudo lxc-stop --name=$LXC_NAME | tee --append "$complete_log" 2>&1 - fi -} - -LOAD_LXC_SNAPSHOT () { - snapname=$1 - - LXC_STOP - - log_debug "Restoring snapshot $snapname" - sudo rsync --acls --archive --delete --executability --itemize-changes --xattrs "$LXC_SNAPSHOTS/$snapname/rootfs/" "$LXC_ROOTFS/" > /dev/null 2>> "$complete_log" -} - diff --git a/sub_scripts/lxc.sh b/sub_scripts/lxc.sh new file mode 100755 index 0000000..f2e02a4 --- /dev/null +++ b/sub_scripts/lxc.sh @@ -0,0 +1,160 @@ +# #!/bin/bash + +#================================================= +# Globals variables +#================================================= + +# -q aims to disable the display of 'Debian GNU/Linux' each time a command is ran +arg_ssh="-tt -q" + +#================================================= +# RUNNING SNAPSHOT +#================================================= + +LXC_CREATE () { + lxc launch $LXC_NAME-base $LXC_NAME || exit 1 + lxc config set "$LXC_NAME" security.nesting true + _LXC_START_AND_WAIT $LXC_NAME + CREATE_LXC_SNAPSHOT snap0 +} + +LXC_SNAPSHOT_EXISTS() { + lxc info $LXC_NAME | grep -A10 Snapshots | tail -n -1 | awk '{print $1}' | greq -q -w "$1" +} + +CREATE_LXC_SNAPSHOT () { + # Create a temporary snapshot + + local snapname=$1 + + start_timer + + # Check all the witness files, to verify if them still here + [ $snapname != "snap0" ] && check_witness_files >&2 + + # Remove swap files to avoid killing the CI with huge snapshots. + sudo lxc exec $LXC_NAME -- bash -c 'for swapfile in $(ls /swap_*); do swapoff $swapfile; done' + sudo lxc exec $LXC_NAME -- bash -c 'for swapfile in $(ls /swap_*); do rm -f $swapfile; done' + + # Stop the container, before its snapshot + sudo lxc stop --timeout 15 $LXC_NAME 2>/dev/null + + # Check if the snapshot already exist + if ! LXC_SNAPSHOT_EXISTS "$snapname" + then + log_debug "$snapname doesn't exist, its first creation can takes a little while." >&2 + sudo lxc snapshot $LXC_NAME $snapname --stateful + fi + + stop_timer 1 +} + +LOAD_LXC_SNAPSHOT () { + snapname=$1 + sudo lxc stop --timeout 15 $LXC_NAME 2>/dev/null + sudo lxc restore $LXC_NAME $snapname --stateful + _LXC_START_AND_WAIT $LXC_NAME +} + +#================================================= + +LXC_START () { + # Start the lxc container and execute the given command in it + local cmd=$1 + + sudo lxc start $LXC_NAME + _LXC_START_AND_WAIT $LXC_NAME + + start_timer + + # Copy the package into the container. + lxc exec $LXC_NAME -- rm -rf /app_folder + lxc file push -r "$package_path" $LXC_NAME/app_folder + + # Execute the command given in argument in the container and log its results. + lxc exec $LXC_NAME -- $cmd | tee -a "$complete_log" + + # Store the return code of the command + local returncode=${PIPESTATUS[0]} + + log_debug "Return code: $return_code" + + stop_timer 1 + # Return the exit code of the ssh command + return $returncode +} + +LXC_STOP () { + sudo lxc stop --timeout 15 $LXC_NAME 2>/dev/null +} + +LXC_RESET () { + sudo lxc stop --timeout 15 $LXC_NAME 2>/dev/null + sudo lxc delete $LXC_NAME +} + + +_LXC_START_AND_WAIT() { + + restart_container() + { + lxc stop "$1" + lxc start "$1" + } + + # Try to start the container 3 times. + local max_try=3 + local i=0 + while [ $i -lt $max_try ] + do + i=$(( i +1 )) + local failstart=0 + + # Wait for container to start, we are using systemd to check this, + # for the sake of brevity. + for j in $(seq 1 10); do + if lxc exec "$1" -- /bin/bash -c "systemctl isolate multi-user.target" >/dev/null 2>/dev/null; then + break + fi + + if [ "$j" == "10" ]; then + error 'Failed to start the container' + failstart=1 + + restart_container "$1" + fi + + sleep 1s + done + + # Wait for container to access the internet + for j in $(seq 1 10); do + if lxc exec "$1" -- /bin/bash -c "! which wget > /dev/null 2>&1 || wget -q --spider http://github.com"; then + break + fi + + if [ "$j" == "10" ]; then + error 'Failed to access the internet' + failstart=1 + + restart_container "$1" + fi + + sleep 1s + done + + # Has started and has access to the internet + if [ $failstart -eq 0 ] + then + break + fi + + # Fail if the container failed to start + if [ $i -eq $max_try ] && [ $failstart -eq 1 ] + then + return 1 + fi + done + + LXC_IP=$(lxc exec $1 -- hostname -I | grep -E -o "\<[0-9.]{8,}\>") +} diff --git a/sub_scripts/lxc_build.sh b/sub_scripts/lxc_build.sh index 150932c..7023c28 100755 --- a/sub_scripts/lxc_build.sh +++ b/sub_scripts/lxc_build.sh @@ -1,219 +1,72 @@ #!/bin/bash -# Check Debian Stretch or Buster -host_codename=$(grep "VERSION_CODENAME" /etc/os-release | cut -d= -f2) -if [ "$host_codename" != "stretch" ] && [ "$host_codename" != "buster" ] -then - echo "Package_check can only be installed on Debian Stretch or Debian Buster..." - exit 1 -fi - -# Load configuration -dnsforce=1 - cd $(dirname $(realpath $0) | sed 's@/sub_scripts$@@g') source "./sub_scripts/common.sh" -LXC_BUILD() +function check_lxd_setup() { - # Met en place le lock de Package check, le temps de l'installation - touch "$lock_file" - echo $(whoami) > "./.setup_user" + # Check lxd is installed somehow + [[ -e /snap/bin/lxd ]] || which lxd &>/dev/null \ + || critical "You need to have LXD installed. Refer to the README to know how to install it." - log_title "Installing host dependencies..." - - DEPENDENCIES="lxc lxctl git curl lynx jq python3-pip debootstrap rsync bridge-utils" - sudo apt-get update - sudo apt-get install -y $DEPENDENCIES - - # Créer le dossier lxcsnaps, pour s'assurer que lxc utilisera ce dossier, même avec lxc 2. - sudo mkdir -p /var/lib/lxcsnaps - - # Si le conteneur existe déjà - if sudo lxc-info -n $LXC_NAME > /dev/null 2>&1 - then - log_title "Suppression du conteneur existant." - ./sub_scripts/lxc_remove.sh - fi - - log_title "Création d'une machine debian $DISTRIB minimaliste." - sudo lxc-create -n $LXC_NAME -t download -- -d debian -r $DISTRIB -a $(dpkg --print-architecture) - - log_title "Autoriser l'ip forwarding, pour router vers la machine virtuelle." - echo "net.ipv4.ip_forward=1" | sudo tee /etc/sysctl.d/lxc_pchecker.conf - sudo sysctl -p /etc/sysctl.d/lxc_pchecker.conf - - log_title "Ajoute un brige réseau pour la machine virtualisée" - echo | sudo tee /etc/network/interfaces.d/$LXC_BRIDGE <> ~/.ssh/known_hosts - # Initie une premier connexion SSH pour valider la clé. - RUN_THROUGH_SSH "exit 0" - # Si l'utilisateur tarde trop, la connexion sera refusée... ??? - [ "$?" -ne 0 ] && RUN_THROUGH_SSH "exit 0" - - [ -n "$YNH_INSTALL_SCRIPT_BRANCH" ] && YNH_INSTALL_SCRIPT_BRANCH="--branch $YNH_INSTALL_SCRIPT_BRANCH" - - RUN_THROUGH_SSH git clone https://github.com/YunoHost/install_script $YNH_INSTALL_SCRIPT_BRANCH /tmp/install_script - log_title "Installation de Yunohost..." - RUN_THROUGH_SSH bash /tmp/install_script/install_yunohost -a - log_title "Disable apt-daily to prevent it from messing with apt/dpkg lock" - RUN_THROUGH_SSH systemctl -q stop apt-daily.timer - RUN_THROUGH_SSH systemctl -q stop apt-daily-upgrade.timer - RUN_THROUGH_SSH systemctl -q stop apt-daily.service - RUN_THROUGH_SSH systemctl -q stop apt-daily-upgrade.service - RUN_THROUGH_SSH systemctl -q disable apt-daily.timer - RUN_THROUGH_SSH systemctl -q disable apt-daily-upgrade.timer - RUN_THROUGH_SSH systemctl -q disable apt-daily.service - RUN_THROUGH_SSH systemctl -q disable apt-daily-upgrade.service - RUN_THROUGH_SSH rm -f /etc/cron.daily/apt-compat - RUN_THROUGH_SSH cp /bin/true /usr/lib/apt/apt.systemd.daily - - - log_title "Post install Yunohost" - RUN_THROUGH_SSH yunohost tools postinstall --domain $DOMAIN --password $YUNO_PWD --force-password - - # Disable password strength check - RUN_THROUGH_SSH yunohost settings set security.password.admin.strength -v -1 - RUN_THROUGH_SSH yunohost settings set security.password.user.strength -v -1 - - # echo "Le mot de passe Yunohost est \'$YUNO_PWD\'" - log_title "Ajout du sous domaine de test" - RUN_THROUGH_SSH yunohost domain add $SUBDOMAIN - TEST_USER_DISPLAY=${TEST_USER//"_"/""} - log_title "Ajout de l'utilisateur de test" - RUN_THROUGH_SSH yunohost user create $TEST_USER --firstname $TEST_USER_DISPLAY --mail $TEST_USER@$DOMAIN --lastname $TEST_USER_DISPLAY --password \"$YUNO_PWD\" - - log_title "Vérification de l'état de Yunohost" - RUN_THROUGH_SSH yunohost --version - - log_title "Arrêt de la machine virtualisée" - sudo lxc-stop -n $LXC_NAME - - log_title "Suppression des règles de parefeu" - sudo iptables -D FORWARD -i $LXC_BRIDGE -o $MAIN_NETWORK_INTERFACE -j ACCEPT - sudo iptables -D FORWARD -i $MAIN_NETWORK_INTERFACE -o $LXC_BRIDGE -j ACCEPT - sudo iptables -t nat -D POSTROUTING -s $LXC_NETWORK.0/24 -j MASQUERADE - sudo ifdown --force $LXC_BRIDGE - - log_title "Création d'un snapshot" - sudo lxc-snapshot -n $LXC_NAME - # Il sera nommé snap0 et stocké dans /var/lib/lxcsnaps/$LXC_NAME/snap0/ - - rm "$lock_file" + ip a | grep -q lxdbr0 \ + || critical "There is no 'lxdbr0' interface... Did you ran 'lxd init' ?" } -LXC_BUILD 2>&1 | tee -a "./Build_lxc.log" +function rebuild_ynh_appci_base() +{ + check_lxd_setup + + local DIST=${1:-$DEFAULT_DIST} + local BOX=${2:-ynh-appci}-${DIST} + + set -x + sudo lxc info $BOX-base >/dev/null && sudo lxc delete $BOX-base --force + sudo lxc launch images:debian/$DIST/$ARCH $BOX-base + sudo lxc config set $BOX-base security.privileged true + sudo lxc config set $BOX-base security.nesting true # Need this for apparmor for some reason + sudo lxc restart $BOX-base + sleep 5 + + IN_LXC="sudo lxc exec $BOX-base -- /bin/bash -c" + + INSTALL_SCRIPT="https://install.yunohost.org/$DIST" + $IN_LXC "apt install curl -y" + $IN_LXC "curl $INSTALL_SCRIPT | bash -s -- -a $YNH_BRANCH" + + $IN_LXC "systemctl -q stop apt-daily.timer" + $IN_LXC "systemctl -q stop apt-daily-upgrade.timer" + $IN_LXC "systemctl -q stop apt-daily.service" + $IN_LXC "systemctl -q stop apt-daily-upgrade.service " + $IN_LXC "systemctl -q disable apt-daily.timer" + $IN_LXC "systemctl -q disable apt-daily-upgrade.timer" + $IN_LXC "systemctl -q disable apt-daily.service" + $IN_LXC "systemctl -q disable apt-daily-upgrade.service" + $IN_LXC "rm -f /etc/cron.daily/apt-compat" + $IN_LXC "cp /bin/true /usr/lib/apt/apt.systemd.daily" + + # Disable password strength check + $IN_LXC "yunohost tools postinstall --domain $DOMAIN --password $YUNO_PWD --force-password" + + $IN_LXC "yunohost settings set security.password.admin.strength -v -1" + $IN_LXC "yunohost settings set security.password.user.strength -v -1" + + $IN_LXC "yunohost domain add $SUBDOMAIN" + TEST_USER_DISPLAY=${TEST_USER//"_"/""} + $IN_LXC "yunohost user create $TEST_USER --firstname $TEST_USER_DISPLAY --mail $TEST_USER@$DOMAIN --lastname $TEST_USER_DISPLAY --password '$YUNO_PWD'" + + $IN_LXC "yunohost --version" + + sudo lxc stop $BOX-base + sudo lxc publish $BOX-base --alias $BOX-base + set +x +} + +rebuild_ynh_appci_base 2>&1 | tee -a "./lxc_build.log" diff --git a/sub_scripts/testing_process.sh b/sub_scripts/testing_process.sh index c827671..56b2a3d 100755 --- a/sub_scripts/testing_process.sh +++ b/sub_scripts/testing_process.sh @@ -6,11 +6,8 @@ break_before_continue () { if [ $interactive -eq 1 ] then - echo "To execute one command:" - echo " sudo lxc-attach -n $LXC_NAME -- command" - echo "To establish a ssh connection:" - echo " ssh -t $LXC_NAME" - + echo "To enter a shell on the lxc:" + echo " sudo lxc exec $LXC_NAME bash" read -p "Press a key to delete the application and continue...." < /dev/tty fi } @@ -30,7 +27,7 @@ RUN_YUNOHOST_CMD() { log_debug "Running yunohost $1" # --output-as none is to disable the json-like output for some commands like backup create - LXC_START "sudo PACKAGE_CHECK_EXEC=1 yunohost --output-as none --debug $1" \ + LXC_START "PACKAGE_CHECK_EXEC=1 yunohost --output-as none --debug $1" \ | grep --line-buffered -v --extended-regexp '^[0-9]+\s+.{1,15}DEBUG' \ | grep --line-buffered -v 'processing action' @@ -77,25 +74,22 @@ INSTALL_APP () { if [ -n "$preinstall_template" ] then log_small_title "Pre installation request" - # Start the lxc container - LXC_START "true" # Copy all the instructions into a script local preinstall_script="$TEST_CONTEXT/preinstall.sh" echo "$preinstall_template" > "$preinstall_script" - chmod +x "$preinstall_script" # Hydrate the template with variables sed -i "s/\$USER/$TEST_USER/" "$preinstall_script" sed -i "s/\$DOMAIN/$DOMAIN/" "$preinstall_script" sed -i "s/\$SUBDOMAIN/$SUBDOMAIN/" "$preinstall_script" sed -i "s/\$PASSWORD/$YUNO_PWD/" "$preinstall_script" # Copy the pre-install script into the container. - scp -rq "$preinstall_script" "$LXC_NAME": + sudo lxc file push "$preinstall_script" "$LXC_NAME":/preinstall.sh # Then execute the script to execute the pre-install commands. - LXC_START "./preinstall.sh >&2" + LXC_START "bash /preinstall.sh" fi # Install the application in a LXC container - RUN_YUNOHOST_CMD "app install --force ./app_folder/ -a '$install_args'" + RUN_YUNOHOST_CMD "app install --force /app_folder -a '$install_args'" local ret=$? [ $ret -eq 0 ] && log_debug "Installation successful." || log_error "Installation failed." @@ -204,8 +198,8 @@ VALIDATE_THAT_APP_CAN_BE_ACCESSED () { # Call curl to try to access to the url of the app curl --location --insecure --silent --show-error \ --header "Host: $check_domain" \ - --resolve $check_domain:80:$LXC_NETWORK.2 \ - --resolve $check_domain:443:$LXC_NETWORK.2 \ + --resolve $check_domain:80:$LXC_IP \ + --resolve $check_domain:443:$LXC_IP \ --write-out "%{http_code};%{url_effective}\n" \ --output "$curl_output" \ $check_domain$curl_check_path \ @@ -281,7 +275,9 @@ VALIDATE_THAT_APP_CAN_BE_ACCESSED () { alias_traversal test

alias_traversal test

If you see this page, you have failed the test for alias_traversal issue." \ - | sudo tee $LXC_ROOTFS/var/www/html/alias_traversal.html > /dev/null + > $TEST_CONTEXT/alias_traversal.html + + sudo lxc file push $TEST_CONTEXT $LXC_NAME/var/www/html/alias_traversal.html curl --location --insecure --silent $check_domain$check_path../html/alias_traversal.html \ | grep "title" | grep --quiet "alias_traversal test" \ @@ -323,7 +319,7 @@ TEST_INSTALL () { # Create the snapshot that'll be used by other tests later [ "$install_type" != "private" ] \ - && [ ! -e "$LXC_SNAPSHOTS/$snapname" ] \ + && ! LXC_SNAPSHOT_EXISTS $snapname && log_debug "Create a snapshot after app install" \ && CREATE_LXC_SNAPSHOT $snapname @@ -340,8 +336,6 @@ TEST_UPGRADE () { local commit=$1 - # FIXME FIXME FIXME FIXME : fetch upgrade name, specific upgrade args - if [ "$commit" == "" ] then start_test "Upgrade from the same version" @@ -385,7 +379,7 @@ TEST_UPGRADE () { log_small_title "Upgrade..." # Upgrade the application in a LXC container - RUN_YUNOHOST_CMD "app upgrade $app_id -f ./app_folder/" \ + RUN_YUNOHOST_CMD "app upgrade $app_id -f /app_folder" \ && VALIDATE_THAT_APP_CAN_BE_ACCESSED $SUBDOMAIN $check_path return $? @@ -426,9 +420,9 @@ TEST_PORT_ALREADY_USED () { # Build a service with netcat for use this port before the app. echo -e "[Service]\nExecStart=/bin/netcat -l -k -p $check_port\n - [Install]\nWantedBy=multi-user.target" | \ - sudo tee "$LXC_ROOTFS/etc/systemd/system/netcat.service" \ - > /dev/null + [Install]\nWantedBy=multi-user.target" > $TEST_CONTEXT/netcat.service + + sudo lxc file push $TEST_CONTEXT/netcat.service $LXC_NAME/etc/systemd/system/netcat.service # Then start this service to block this port. LXC_START "sudo systemctl enable netcat & sudo systemctl start netcat" @@ -459,7 +453,8 @@ TEST_BACKUP_RESTORE () { local main_result=0 # Remove the previous residual backups - sudo rm -rf $LXC_ROOTFS/home/yunohost.backup/archives + sudo rm -rf ./ynh_backups + sudo lxc exec $LXC_NAME -- rm -rf /home/yunohost.backup/archives # BACKUP # Made a backup if the installation succeed @@ -477,7 +472,7 @@ TEST_BACKUP_RESTORE () { [ $ret -eq 0 ] || main_result=1 # Grab the backup archive into the LXC container, and keep a copy - sudo cp -a $LXC_ROOTFS/home/yunohost.backup/archives ./ + sudo lxc file pull -r $LXC_NAME/home/yunohost.backup/archives ./ynh_backups # RESTORE # Try the restore process in 2 times, first after removing the app, second after a restore of the container. @@ -496,15 +491,15 @@ TEST_BACKUP_RESTORE () { elif [ $j -eq 1 ] then - # Remove the previous residual backups - sudo rm -rf $LXC_SNAPSHOTS/snap0/rootfs/home/yunohost.backup/archives - - # Place the copy of the backup archive in the container. - sudo mv -f ./archives $LXC_SNAPSHOTS/snap0/rootfs/home/yunohost.backup/ - LXC_STOP LOAD_LXC_SNAPSHOT snap0 + # Remove the previous residual backups + lxc exec $LXC_NAME -- rm -f /rootfs/home/yunohost.backup/archives/* + + # Place the copy of the backup archive in the container. + sudo lxc file push -r ./ynh_backups $LXC_NAME/home/yunohost.backup/archives/ + log_small_title "Restore on a clean YunoHost system..." fi @@ -517,7 +512,6 @@ TEST_BACKUP_RESTORE () { break_before_continue - # Stop and restore the LXC container LXC_STOP done @@ -942,7 +936,7 @@ set_witness_files () { create_witness_file () { [ "$2" = "file" ] && local action="touch" || local action="mkdir -p" - sudo $action "${LXC_ROOTFS}${1}" + sudo lxc exec $LXC_NAME -- $action $1 } # Nginx conf @@ -965,15 +959,7 @@ set_witness_files () { create_witness_file "/var/log/witnessfile" file # Config fpm - if [ -d "${LXC_ROOTFS}/etc/php5/fpm" ]; then - create_witness_file "/etc/php5/fpm/pool.d/witnessfile.conf" file - fi - if [ -d "${LXC_ROOTFS}/etc/php/7.0/fpm" ]; then - create_witness_file "/etc/php/7.0/fpm/pool.d/witnessfile.conf" file - fi - if [ -d "${LXC_ROOTFS}/etc/php/7.3/fpm" ]; then - create_witness_file "/etc/php/7.3/fpm/pool.d/witnessfile.conf" file - fi + create_witness_file "/etc/php/7.3/fpm/pool.d/witnessfile.conf" file # Config logrotate create_witness_file "/etc/logrotate.d/witnessfile" file @@ -982,15 +968,16 @@ set_witness_files () { create_witness_file "/etc/systemd/system/witnessfile.service" file # Database - RUN_INSIDE_LXC mysqladmin --user=root --password=$(sudo cat "$LXC_ROOTFS/etc/yunohost/mysql") --wait status > /dev/null 2>&1 - RUN_INSIDE_LXC mysql --user=root --password=$(sudo cat "$LXC_ROOTFS/etc/yunohost/mysql") --wait --execute="CREATE DATABASE witnessdb" > /dev/null 2>&1 + local mysqlpwd=$(lxc exec $LXC_NAME -- cat /etc/yunohost/mysql) + RUN_INSIDE_LXC mysqladmin --user=root --password="$mysqlpwd" --wait status > /dev/null 2>&1 + RUN_INSIDE_LXC mysql --user=root --password="$mysqlpwd" --wait --execute="CREATE DATABASE witnessdb" > /dev/null 2>&1 } check_witness_files () { # Check all the witness files, to verify if them still here check_file_exist () { - if sudo test ! -e "${LXC_ROOTFS}${1}" + if sudo lxc exec $LXC_NAME -- test ! -e "{1}" then log_error "The file $1 is missing ! Something gone wrong !" SET_RESULT "failure" witness @@ -1017,15 +1004,7 @@ check_witness_files () { check_file_exist "/var/log/witnessfile" # Config fpm - if [ -d "${LXC_ROOTFS}/etc/php5/fpm" ]; then - check_file_exist "/etc/php5/fpm/pool.d/witnessfile.conf" - fi - if [ -d "${LXC_ROOTFS}/etc/php/7.0/fpm" ]; then - check_file_exist "/etc/php/7.0/fpm/pool.d/witnessfile.conf" - fi - if [ -d "${LXC_ROOTFS}/etc/php/7.3/fpm" ]; then - check_file_exist "/etc/php/7.3/fpm/pool.d/witnessfile.conf" - fi + check_file_exist "/etc/php/7.3/fpm/pool.d/witnessfile.conf" # Config logrotate check_file_exist "/etc/logrotate.d/witnessfile" @@ -1034,7 +1013,8 @@ check_witness_files () { check_file_exist "/etc/systemd/system/witnessfile.service" # Database - if ! RUN_INSIDE_LXC mysqlshow --user=root --password=$(sudo cat "$LXC_ROOTFS/etc/yunohost/mysql") witnessdb > /dev/null 2>&1 + local mysqlpwd=$(lxc exec $LXC_NAME -- cat /etc/yunohost/mysql) + if ! RUN_INSIDE_LXC mysqlshow --user=root --password="$mysqlpwd" witnessdb > /dev/null 2>&1 then log_error "The database witnessdb is missing ! Something gone wrong !" SET_RESULT "failure" witness