YunoHost/package_check
1
0
Fork 0
mirror of https://github.com/YunoHost/package_check.git synced 2024-09-03 20:06:20 +02:00
Code Issues Projects Releases Packages Wiki Activity

Zblerg^44587457

Browse source
This commit is contained in:
Alexandre Aubin 2020-12-17 02:56:27 +01:00
parent abe4e94f67
commit cf98294d14
7 changed files with 280 additions and 530 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
config.defaults
View file

@ -1,33 +0,0 @@
#####################
# LXC Configuration #
#####################
# Network stuff
MAIN_NETWORK_INTERFACE=$(sudo ip route | grep default | awk '{print $5;}')
LXC_BRIDGE="lxc-pchecker"
LXC_NETWORK="10.1.4"
DNS_RESOLVER="80.67.169.12"
# Container configuration
DISTRIB="buster"
LXC_NAME="pchecker_lxc"
LXC_ROOTFS="/var/lib/lxc/$LXC_NAME/rootfs"
LXC_SNAPSHOTS="/var/lib/lxcsnaps/$LXC_NAME"
###########################
# Yunohost configuration #
###########################
# By default we'll install Yunohost with the default branch
YNH_INSTALL_SCRIPT_BRANCH=""
# Admin password
YUNO_PWD="admin"
# Domaines de test
DOMAIN="domain.tld"
SUBDOMAIN="sub.$DOMAIN"
# User de test
TEST_USER="package_checker"

47
package_check.sh
View file

@ -2,7 +2,7 @@
cd $(dirname $(realpath $0) | sed 's@/sub_scripts$@@g') cd $(dirname $(realpath $0) | sed 's@/sub_scripts$@@g')
source "./sub_scripts/common.sh" source "./sub_scripts/common.sh"
source "./sub_scripts/launcher.sh" source "./sub_scripts/lxc.sh"
source "./sub_scripts/testing_process.sh" source "./sub_scripts/testing_process.sh"
complete_log="./Complete.log" complete_log="./Complete.log"
@ -11,7 +11,7 @@ complete_log="./Complete.log"
> "$complete_log" > "$complete_log"
> "./lxc_boot.log" > "./lxc_boot.log"
TEST_CONTEXT=$(mkdtemp -d) TEST_CONTEXT=$(mktemp -d)
# Redirect fd 3 (=debug steam) to complete log # Redirect fd 3 (=debug steam) to complete log
exec 3>>$complete_log exec 3>>$complete_log
@ -33,23 +33,18 @@ package_check.sh [OPTION]... PACKAGE_TO_CHECK
Wait for the user to continue before each remove. Wait for the user to continue before each remove.
-h, --help -h, --help
Display this help Display this help
-l, --build-lxc
Install LXC and build the container if necessary.
EOF EOF
exit 0 exit 0
} }
clean_exit () { clean_exit () {
# Exit and remove all temp files # Exit and remove all temp files
# $1 = exit code # $1 = exit code
LXC_RESET
# Deactivate LXC network
LXC_TURNOFF
# Remove temporary files # Remove temporary files
rm -f "./url_output"
rm -f "./curl_print"
rm -rf "$TEST_CONTEXT" rm -rf "$TEST_CONTEXT"
# Remove the application which been tested # Remove the application which been tested
@ -74,7 +69,6 @@ clean_exit () {
gitbranch="" gitbranch=""
force_install_ok=0 force_install_ok=0
interactive=0 interactive=0
build_lxc=0
arguments=("$@") arguments=("$@")
getopts_built_arg=() getopts_built_arg=()
@ -89,7 +83,6 @@ do
# For each argument in the array, reduce to short argument for getopts # For each argument in the array, reduce to short argument for getopts
arguments[$i]=${arguments[$i]//--interactive/-i} arguments[$i]=${arguments[$i]//--interactive/-i}
arguments[$i]=${arguments[$i]//--help/-h} arguments[$i]=${arguments[$i]//--help/-h}
arguments[$i]=${arguments[$i]//--build-lxc/-l}
getopts_built_arg+=("${arguments[$i]}") getopts_built_arg+=("${arguments[$i]}")
done done
@ -120,11 +113,6 @@ parse_arg () {
# --help # --help
print_help print_help
;; ;;
l)
# --build-lxc
build_lxc=1
shift_value=1
;;
\?) \?)
echo "Invalid argument: -${OPTARG:-}" echo "Invalid argument: -${OPTARG:-}"
print_help print_help
@ -180,26 +168,9 @@ assert_we_are_connected_to_the_internets
self_upgrade self_upgrade
fetch_or_upgrade_package_linter fetch_or_upgrade_package_linter
# Check if lxc is already installed # Reset and create a fresh container to work with
if dpkg-query -W -f '${Status}' "lxc" 2>/dev/null | grep -q "ok installed" LXC_RESET
then LXC_CREATE
# If lxc is installed, check if the container is already built.
if ! sudo lxc-ls | grep -q "$LXC_NAME"
then
# If lxc's not installed and build_lxc set. Asks to build the container.
[ $build_lxc -eq 1 ] || log_critical "LXC is not installed or the container $LXC_NAME doesn't exist.\nYou should build it with 'lxc_build.sh'."
./sub_scripts/lxc_build.sh
fi
elif [ $build_lxc -eq 1 ]
then
# If lxc's not installed and build_lxc set. Asks to build the container.
./sub_scripts/lxc_build.sh
fi
# Stop and restore the LXC container. In case of previous incomplete execution.
LXC_STOP
LXC_TURNOFF
LXC_PURGE_SNAPSHOTS
#================================================= #=================================================
# Pick up the package # Pick up the package
@ -705,8 +676,6 @@ run_all_tests() {
# And keep this value separately # And keep this value separately
complete_start_timer=$starttime complete_start_timer=$starttime
LXC_INIT
# Break after the first tests serie # Break after the first tests serie
if [ $interactive -eq 1 ]; then if [ $interactive -eq 1 ]; then
read -p "Press a key to start the tests..." < /dev/tty read -p "Press a key to start the tests..." < /dev/tty
@ -734,6 +703,4 @@ run_all_tests() {
run_all_tests run_all_tests
LXC_PURGE_SNAPSHOTS
clean_exit 0 clean_exit 0

26
sub_scripts/common.sh
View file

@ -1,6 +1,22 @@
#!/bin/bash #!/bin/bash
[[ -e "./config.defaults" ]] && source "./config.defaults" DEFAULT_DIST="buster"
# By default we'll install Yunohost with the default branch
YNH_INSTALL_SCRIPT_BRANCH=""
# Admin password
YUNO_PWD="admin"
# Domaines de test
DOMAIN="domain.tld"
SUBDOMAIN="sub.$DOMAIN"
# User de test
TEST_USER="package_checker"
LXC_NAME="ynh-appci"
[[ -e "./config" ]] && source "./config" [[ -e "./config" ]] && source "./config"
readonly lock_file="./pcheck.lock" readonly lock_file="./pcheck.lock"
@ -10,11 +26,8 @@ readonly lock_file="./pcheck.lock"
#================================================= #=================================================
RUN_INSIDE_LXC() { RUN_INSIDE_LXC() {
sudo lxc-attach -n $LXC_NAME -- "$@" sudo lxc exec $LXC_NAME -- "$@"
} sudo lxc-attach -n -- "$@"
RUN_THROUGH_SSH() {
ssh -tt -q $LXC_NAME "sudo $@"
} }
assert_we_are_the_setup_user() { assert_we_are_the_setup_user() {
@ -241,4 +254,3 @@ function fetch_or_upgrade_package_linter()
echo "$check_version" > "$version_file" echo "$check_version" > "$version_file"
} }

189
sub_scripts/launcher.sh
View file

@ -1,189 +0,0 @@
# #!/bin/bash
#=================================================
# Globals variables
#=================================================
# -q aims to disable the display of 'Debian GNU/Linux' each time a command is ran
arg_ssh="-tt -q"
#=================================================
# RUNNING SNAPSHOT
#=================================================
CREATE_LXC_SNAPSHOT () {
# Create a temporary snapshot
local snapname=$1
start_timer
# Check all the witness files, to verify if them still here
check_witness_files >&2
# Stop the container, before its snapshot
sudo lxc-stop --name $LXC_NAME >&2
# Remove swap files to avoid killing the CI with huge snapshots.
local swap_file="$LXC_ROOTFS/swap_$app_id"
if sudo test -e "$swap_file"
then
sudo swapoff "$swap_file"
sudo rm "$swap_file"
fi
# Check if the snapshot already exist
if [ ! -e "$LXC_SNAPSHOTS/$snapname" ]
then
log_debug "$snapname doesn't exist, its first creation can takes a little while." >&2
# Create the snapshot.
sudo lxc-snapshot --name $LXC_NAME >> "$complete_log" 2>&1
# lxc always creates the first snapshot it can creates.
# So if snap1 doesn't exist and you try to create snap_foo, it will be named snap1.
if [ "$snapname" != "snap1" ] && [ ! -e "$LXC_SNAPSHOTS/$snapname" ]
then
# Rename snap1
sudo mv "$LXC_SNAPSHOTS/snap1" "$LXC_SNAPSHOTS/$snapname"
fi
fi
# Update the snapshot with rsync to clone the current lxc state
sudo rsync --acls --archive --delete --executability --itemize-changes --xattrs "$LXC_ROOTFS/" "$LXC_SNAPSHOTS/$snapname/rootfs/" > /dev/null 2>> "$complete_log"
stop_timer 1
# Restart the container, after the snapshot
LXC_START "true" >&2
}
LOAD_LXC_SNAPSHOT () {
# Use a temporary snapshot, if it already exists
# $1 = Name of the snapshot to use
local snapshot=$1
log_debug "Restoring snapshot $snapshot"
start_timer
# Fix the missing hostname in the hosts file...
echo "127.0.0.1 $LXC_NAME" | sudo tee --append "$LXC_SNAPSHOTS/$snapshot/rootfs/etc/hosts" > /dev/null
# Restore this snapshot.
sudo rsync --acls --archive --delete --executability --itemize-changes --xattrs "$LXC_SNAPSHOTS/$snapshot/rootfs/" "$LXC_ROOTFS/" > /dev/null 2>> "$complete_log"
local ret=$?
stop_timer 1
return $ret
}
#=================================================
is_lxc_running () {
sudo lxc-info --name=$LXC_NAME | grep --quiet "RUNNING"
}
LXC_INIT () {
# Clean previous remaining swap files
sudo swapoff $LXC_ROOTFS/swap_* 2>/dev/null
sudo rm --force $LXC_ROOTFS/swap_*
sudo swapoff $LXC_SNAPSHOTS/snap0/rootfs/swap_* 2>/dev/null
sudo rm --force $LXC_SNAPSHOTS/snap0/rootfs/swap_*
sudo swapoff $LXC_SNAPSHOTS/snap_afterinstall/rootfs/swap_* 2>/dev/null
sudo rm --force $LXC_SNAPSHOTS/snap_afterinstall/rootfs/swap_*
LXC_PURGE_SNAPSHOTS
# Initialize LXC network
# Activate the bridge
echo "Initialize network for LXC."
sudo ifup $LXC_BRIDGE --interfaces=/etc/network/interfaces.d/$LXC_BRIDGE | tee --append "$complete_log" 2>&1
# Activate iptables rules
echo "Activate iptables rules."
sudo iptables --append FORWARD --in-interface $LXC_BRIDGE --out-interface $MAIN_NETWORK_INTERFACE --jump ACCEPT | tee --append "$complete_log" 2>&1
sudo iptables --append FORWARD --in-interface $MAIN_NETWORK_INTERFACE --out-interface $LXC_BRIDGE --jump ACCEPT | tee --append "$complete_log" 2>&1
sudo iptables --table nat --append POSTROUTING --source $LXC_NETWORK.0/24 --jump MASQUERADE | tee --append "$complete_log" 2>&1
}
LXC_PURGE_SNAPSHOTS() {
LXC_STOP
for SNAP in $(sudo ls $LXC_SNAPSHOTS/snap_*install 2>/dev/null)
do
sudo lxc-snapshot -n $LXC_NAME -d $(basename $SNAP)
done
}
LXC_START () {
# Start the lxc container and execute the given command in it
local cmd=$1
start_timer
# Try to start the container 3 times.
local max_try=3
local i=0
while [ $i -lt $max_try ]
do
i=$(( $i +1 ))
# Start the container and log the booting process in ./lxc_boot.log
# Try to start only if the container is not already started
if ! is_lxc_running; then
log_debug "Start the LXC container" >> "$complete_log"
sudo lxc-start --name=$LXC_NAME --daemon --logfile "./lxc_boot.log" | tee --append "$complete_log" 2>&1
else
log_debug "A LXC container is already running"
fi
# Try to connect 5 times
local j=0
for j in `seq 1 5`
do
log_debug "." >> "$complete_log"
# Try to connect with ssh to check if the container is ready to work.
if ssh $arg_ssh -o ConnectTimeout=10 $LXC_NAME "exit 0" > /dev/null 2>&1; then
# Break the for loop if the container is ready.
break
fi
sleep 1
done
[ "$(uname -m)" == "aarch64" ] && sleep 30
done
stop_timer 1
start_timer
# Copy the package into the container.
rsync -rq --delete "$package_path" "$LXC_NAME": >> "$complete_log" 2>&1
# Execute the command given in argument in the container and log its results.
ssh $arg_ssh $LXC_NAME "$cmd" | tee -a "$complete_log"
# Store the return code of the command
local returncode=${PIPESTATUS[0]}
log_debug "Return code: $return_code"
stop_timer 1
# Return the exit code of the ssh command
return $returncode
}
LXC_STOP () {
if is_lxc_running;
then
log_debug "Stop the LXC container"
sudo lxc-stop --name=$LXC_NAME | tee --append "$complete_log" 2>&1
fi
}
LOAD_LXC_SNAPSHOT () {
snapname=$1
LXC_STOP
log_debug "Restoring snapshot $snapname"
sudo rsync --acls --archive --delete --executability --itemize-changes --xattrs "$LXC_SNAPSHOTS/$snapname/rootfs/" "$LXC_ROOTFS/" > /dev/null 2>> "$complete_log"
}

160
sub_scripts/lxc.sh Executable file
View file

@ -0,0 +1,160 @@
# #!/bin/bash
#=================================================
# Globals variables
#=================================================
# -q aims to disable the display of 'Debian GNU/Linux' each time a command is ran
arg_ssh="-tt -q"
#=================================================
# RUNNING SNAPSHOT
#=================================================
LXC_CREATE () {
lxc launch $LXC_NAME-base $LXC_NAME || exit 1
lxc config set "$LXC_NAME" security.nesting true
_LXC_START_AND_WAIT $LXC_NAME
CREATE_LXC_SNAPSHOT snap0
}
LXC_SNAPSHOT_EXISTS() {
lxc info $LXC_NAME | grep -A10 Snapshots | tail -n -1 | awk '{print $1}' | greq -q -w "$1"
}
CREATE_LXC_SNAPSHOT () {
# Create a temporary snapshot
local snapname=$1
start_timer
# Check all the witness files, to verify if them still here
[ $snapname != "snap0" ] && check_witness_files >&2
# Remove swap files to avoid killing the CI with huge snapshots.
sudo lxc exec $LXC_NAME -- bash -c 'for swapfile in $(ls /swap_*); do swapoff $swapfile; done'
sudo lxc exec $LXC_NAME -- bash -c 'for swapfile in $(ls /swap_*); do rm -f $swapfile; done'
# Stop the container, before its snapshot
sudo lxc stop --timeout 15 $LXC_NAME 2>/dev/null
# Check if the snapshot already exist
if ! LXC_SNAPSHOT_EXISTS "$snapname"
then
log_debug "$snapname doesn't exist, its first creation can takes a little while." >&2
sudo lxc snapshot $LXC_NAME $snapname --stateful
fi
stop_timer 1
}
LOAD_LXC_SNAPSHOT () {
snapname=$1
sudo lxc stop --timeout 15 $LXC_NAME 2>/dev/null
sudo lxc restore $LXC_NAME $snapname --stateful
_LXC_START_AND_WAIT $LXC_NAME
}
#=================================================
LXC_START () {
# Start the lxc container and execute the given command in it
local cmd=$1
sudo lxc start $LXC_NAME
_LXC_START_AND_WAIT $LXC_NAME
start_timer
# Copy the package into the container.
lxc exec $LXC_NAME -- rm -rf /app_folder
lxc file push -r "$package_path" $LXC_NAME/app_folder
# Execute the command given in argument in the container and log its results.
lxc exec $LXC_NAME -- $cmd | tee -a "$complete_log"
# Store the return code of the command
local returncode=${PIPESTATUS[0]}
log_debug "Return code: $return_code"
stop_timer 1
# Return the exit code of the ssh command
return $returncode
}
LXC_STOP () {
sudo lxc stop --timeout 15 $LXC_NAME 2>/dev/null
}
LXC_RESET () {
sudo lxc stop --timeout 15 $LXC_NAME 2>/dev/null
sudo lxc delete $LXC_NAME
}
_LXC_START_AND_WAIT() {
restart_container()
{
lxc stop "$1"
lxc start "$1"
}
# Try to start the container 3 times.
local max_try=3
local i=0
while [ $i -lt $max_try ]
do
i=$(( i +1 ))
local failstart=0
# Wait for container to start, we are using systemd to check this,
# for the sake of brevity.
for j in $(seq 1 10); do
if lxc exec "$1" -- /bin/bash -c "systemctl isolate multi-user.target" >/dev/null 2>/dev/null; then
break
fi
if [ "$j" == "10" ]; then
error 'Failed to start the container'
failstart=1
restart_container "$1"
fi
sleep 1s
done
# Wait for container to access the internet
for j in $(seq 1 10); do
if lxc exec "$1" -- /bin/bash -c "! which wget > /dev/null 2>&1 || wget -q --spider http://github.com"; then
break
fi
if [ "$j" == "10" ]; then
error 'Failed to access the internet'
failstart=1
restart_container "$1"
fi
sleep 1s
done
# Has started and has access to the internet
if [ $failstart -eq 0 ]
then
break
fi
# Fail if the container failed to start
if [ $i -eq $max_try ] && [ $failstart -eq 1 ]
then
return 1
fi
done
LXC_IP=$(lxc exec $1 -- hostname -I | grep -E -o "\<[0-9.]{8,}\>")
}

267
sub_scripts/lxc_build.sh
View file

@ -1,219 +1,72 @@
#!/bin/bash #!/bin/bash
# Check Debian Stretch or Buster
host_codename=$(grep "VERSION_CODENAME" /etc/os-release | cut -d= -f2)
if [ "$host_codename" != "stretch" ] && [ "$host_codename" != "buster" ]
then
echo "Package_check can only be installed on Debian Stretch or Debian Buster..."
exit 1
fi
# Load configuration
dnsforce=1
cd $(dirname $(realpath $0) | sed 's@/sub_scripts$@@g') cd $(dirname $(realpath $0) | sed 's@/sub_scripts$@@g')
source "./sub_scripts/common.sh" source "./sub_scripts/common.sh"
LXC_BUILD() function check_lxd_setup()
{ {
# Met en place le lock de Package check, le temps de l'installation # Check lxd is installed somehow
touch "$lock_file" [[ -e /snap/bin/lxd ]] || which lxd &>/dev/null \
echo $(whoami) > "./.setup_user" || critical "You need to have LXD installed. Refer to the README to know how to install it."
log_title "Installing host dependencies..." # Check that we'll be able to use lxc/lxd using sudo (for which the PATH is defined in /etc/sudoers and probably doesn't include /snap/bin)
if [[ ! -e /usr/bin/lxc ]] && [[ ! -e /usr/bin/lxd ]]
DEPENDENCIES="lxc lxctl git curl lynx jq python3-pip debootstrap rsync bridge-utils"
sudo apt-get update
sudo apt-get install -y $DEPENDENCIES
# Créer le dossier lxcsnaps, pour s'assurer que lxc utilisera ce dossier, même avec lxc 2.
sudo mkdir -p /var/lib/lxcsnaps
# Si le conteneur existe déjà
if sudo lxc-info -n $LXC_NAME > /dev/null 2>&1
then
log_title "Suppression du conteneur existant."
./sub_scripts/lxc_remove.sh
fi
log_title "Création d'une machine debian $DISTRIB minimaliste."
sudo lxc-create -n $LXC_NAME -t download -- -d debian -r $DISTRIB -a $(dpkg --print-architecture)
log_title "Autoriser l'ip forwarding, pour router vers la machine virtuelle."
echo "net.ipv4.ip_forward=1" | sudo tee /etc/sysctl.d/lxc_pchecker.conf
sudo sysctl -p /etc/sysctl.d/lxc_pchecker.conf
log_title "Ajoute un brige réseau pour la machine virtualisée"
echo | sudo tee /etc/network/interfaces.d/$LXC_BRIDGE <<EOF
auto $LXC_BRIDGE
iface $LXC_BRIDGE inet static
address $LXC_NETWORK.1/24
bridge_ports none
bridge_fd 0
bridge_maxwait 0
EOF
log_title "Active le bridge réseau"
sudo ifup $LXC_BRIDGE --interfaces=/etc/network/interfaces.d/$LXC_BRIDGE
log_title "Configuration réseau du conteneur"
if [ $(lsb_release -sc) != buster ]
then then
sudo sed -i "s/^lxc.network.type = empty$/lxc.network.type = veth\nlxc.network.flags = up\nlxc.network.link = $LXC_BRIDGE\nlxc.network.name = eth0\nlxc.network.hwaddr = 00:FF:AA:00:00:01/" /var/lib/lxc/$LXC_NAME/config [[ -e /usr/local/bin/lxc ]] && [[ -e /usr/local/bin/lxd ]] \
else || critical "You might want to add lxc and lxd inside /usr/local/bin so that there's no tricky PATH issue with sudo. If you installed lxd/lxc with snapd, this should do the trick: sudo ln -s /snap/bin/lxc /usr/local/bin/lxc && sudo ln -s /snap/bin/lxd /usr/local/bin/lxd"
echo -e "lxc.net.0.type = veth\nlxc.net.0.flags = up\nlxc.net.0.link = $LXC_BRIDGE\nlxc.net.0.name = eth0\nlxc.net.0.hwaddr = 00:FF:AA:00:00:01" | sudo tee -a /var/lib/lxc/$LXC_NAME/config
fi fi
log_title "Configuration réseau de la machine virtualisée" ip a | grep -q lxdbr0 \
sudo sed -i "s@iface eth0 inet dhcp@iface eth0 inet static\n\taddress $LXC_NETWORK.2/24\n\tgateway $LXC_NETWORK.1@" $LXC_ROOTFS/etc/network/interfaces || critical "There is no 'lxdbr0' interface... Did you ran 'lxd init' ?"
log_title "Configure le parefeu"
sudo iptables -A FORWARD -i $LXC_BRIDGE -o $MAIN_NETWORK_INTERFACE -j ACCEPT
sudo iptables -A FORWARD -i $MAIN_NETWORK_INTERFACE -o $LXC_BRIDGE -j ACCEPT
sudo iptables -t nat -A POSTROUTING -s $LXC_NETWORK.0/24 -j MASQUERADE
log_title "Vérification du contenu du resolv.conf"
sudo cp -a $LXC_ROOTFS/etc/resolv.conf $LXC_ROOTFS/etc/resolv.conf.origin
if ! sudo cat $LXC_ROOTFS/etc/resolv.conf | grep -q nameserver; then
dnsforce=1 # Le resolv.conf est vide, on force l'ajout d'un dns.
fi
if [ $dnsforce -eq 1 ]; then # Force la réécriture du resolv.conf
echo "nameserver $DNS_RESOLVER" | sudo tee $LXC_ROOTFS/etc/resolv.conf
fi
# Fix an issue with apparmor when the container start.
if [ $(lsb_release -sc) != buster ]
then
echo -e "\n# Fix apparmor issues\nlxc.aa_profile = unconfined" | sudo tee -a /var/lib/lxc/$LXC_NAME/config
else
echo -e "\n# Fix apparmor issues\nlxc.apparmor.profile = unconfined" | sudo tee -a /var/lib/lxc/$LXC_NAME/config
fi
log_title "Démarrage de la machine"
sudo lxc-start -n $LXC_NAME -d --logfile "./lxc_boot.log"
sleep 3
sudo lxc-ls -f
log_title "Test la configuration dns"
broken_dns=0
while ! RUN_INSIDE_LXC getent hosts debian.org
do
log_info "The dns isn't working (Current dns = $(sudo cat $LXC_ROOTFS/etc/resolv.conf | grep nameserver | awk '{print $2}'))"
if [ $broken_dns -eq 2 ]
then
log_info "The dns is still broken, use FDN dns"
echo "nameserver 80.67.169.12" | sudo tee $LXC_ROOTFS/etc/resolv.conf
dnsforce=0
((broken_dns++))
elif [ $dnsforce -eq 0 ]
then
log_info "Force to use the dns from the config file"
echo "nameserver $DNS_RESOLVER" | sudo tee $LXC_ROOTFS/etc/resolv.conf
new_dns="$DNS_RESOLVER"
dnsforce=1
((broken_dns++))
else
log_info "Force to use the default dns"
sudo cp -a $LXC_ROOTFS/etc/resolv.conf.origin $LXC_ROOTFS/etc/resolv.conf
new_dns="$(sudo cat $LXC_ROOTFS/etc/resolv.conf | grep nameserver | awk '{print $2}')"
dnsforce=0
((broken_dns++))
fi
log_info "Try to use the dns address $new_dns"
if [ $broken_dns -eq 3 ]; then
# Break the loop if all the possibilities have been tried.
break
fi
done
log_title "Installing container dependencies"
RUN_INSIDE_LXC apt-get update
RUN_INSIDE_LXC apt-get install -y sudo git ssh openssh-server
log_title "Renseigne /etc/hosts sur l'invité"
echo "127.0.0.1 $LXC_NAME" | sudo tee -a $LXC_ROOTFS/etc/hosts
log_title "Ajoute l'user pchecker"
RUN_INSIDE_LXC useradd -m -p pchecker pchecker
log_title "Autorise pchecker à utiliser sudo sans mot de passe"
echo "pchecker ALL=(ALL:ALL) NOPASSWD: ALL" | sudo tee -a $LXC_ROOTFS/etc/sudoers
log_title "Mise en place de la connexion ssh vers l'invité."
if [ -e $HOME/.ssh/$LXC_NAME ]; then
rm -f $HOME/.ssh/$LXC_NAME $HOME/.ssh/$LXC_NAME.pub
ssh-keygen -f $HOME/.ssh/known_hosts -R $LXC_NETWORK.2
fi
ssh-keygen -t rsa -f $HOME/.ssh/$LXC_NAME -P ''
sudo mkdir $LXC_ROOTFS/home/pchecker/.ssh
sudo cp $HOME/.ssh/$LXC_NAME.pub $LXC_ROOTFS/home/pchecker/.ssh/authorized_keys
RUN_INSIDE_LXC chown pchecker: -R /home/pchecker/.ssh
echo | tee -a $HOME/.ssh/config <<EOF
# ssh $LXC_NAME
Host $LXC_NAME
Hostname $LXC_NETWORK.2
User pchecker
IdentityFile $HOME/.ssh/$LXC_NAME
EOF
ssh-keyscan -H $LXC_NETWORK.2 >> ~/.ssh/known_hosts
# Initie une premier connexion SSH pour valider la clé.
RUN_THROUGH_SSH "exit 0"
# Si l'utilisateur tarde trop, la connexion sera refusée... ???
[ "$?" -ne 0 ] && RUN_THROUGH_SSH "exit 0"
[ -n "$YNH_INSTALL_SCRIPT_BRANCH" ] && YNH_INSTALL_SCRIPT_BRANCH="--branch $YNH_INSTALL_SCRIPT_BRANCH"
RUN_THROUGH_SSH git clone https://github.com/YunoHost/install_script $YNH_INSTALL_SCRIPT_BRANCH /tmp/install_script
log_title "Installation de Yunohost..."
RUN_THROUGH_SSH bash /tmp/install_script/install_yunohost -a
log_title "Disable apt-daily to prevent it from messing with apt/dpkg lock"
RUN_THROUGH_SSH systemctl -q stop apt-daily.timer
RUN_THROUGH_SSH systemctl -q stop apt-daily-upgrade.timer
RUN_THROUGH_SSH systemctl -q stop apt-daily.service
RUN_THROUGH_SSH systemctl -q stop apt-daily-upgrade.service
RUN_THROUGH_SSH systemctl -q disable apt-daily.timer
RUN_THROUGH_SSH systemctl -q disable apt-daily-upgrade.timer
RUN_THROUGH_SSH systemctl -q disable apt-daily.service
RUN_THROUGH_SSH systemctl -q disable apt-daily-upgrade.service
RUN_THROUGH_SSH rm -f /etc/cron.daily/apt-compat
RUN_THROUGH_SSH cp /bin/true /usr/lib/apt/apt.systemd.daily
log_title "Post install Yunohost"
RUN_THROUGH_SSH yunohost tools postinstall --domain $DOMAIN --password $YUNO_PWD --force-password
# Disable password strength check
RUN_THROUGH_SSH yunohost settings set security.password.admin.strength -v -1
RUN_THROUGH_SSH yunohost settings set security.password.user.strength -v -1
# echo "Le mot de passe Yunohost est \'$YUNO_PWD\'"
log_title "Ajout du sous domaine de test"
RUN_THROUGH_SSH yunohost domain add $SUBDOMAIN
TEST_USER_DISPLAY=${TEST_USER//"_"/""}
log_title "Ajout de l'utilisateur de test"
RUN_THROUGH_SSH yunohost user create $TEST_USER --firstname $TEST_USER_DISPLAY --mail $TEST_USER@$DOMAIN --lastname $TEST_USER_DISPLAY --password \"$YUNO_PWD\"
log_title "Vérification de l'état de Yunohost"
RUN_THROUGH_SSH yunohost --version
log_title "Arrêt de la machine virtualisée"
sudo lxc-stop -n $LXC_NAME
log_title "Suppression des règles de parefeu"
sudo iptables -D FORWARD -i $LXC_BRIDGE -o $MAIN_NETWORK_INTERFACE -j ACCEPT
sudo iptables -D FORWARD -i $MAIN_NETWORK_INTERFACE -o $LXC_BRIDGE -j ACCEPT
sudo iptables -t nat -D POSTROUTING -s $LXC_NETWORK.0/24 -j MASQUERADE
sudo ifdown --force $LXC_BRIDGE
log_title "Création d'un snapshot"
sudo lxc-snapshot -n $LXC_NAME
# Il sera nommé snap0 et stocké dans /var/lib/lxcsnaps/$LXC_NAME/snap0/
rm "$lock_file"
} }
LXC_BUILD 2>&1 | tee -a "./Build_lxc.log" function rebuild_ynh_appci_base()
{
check_lxd_setup
local DIST=${1:-$DEFAULT_DIST}
local BOX=${2:-ynh-appci}-${DIST}
set -x
sudo lxc info $BOX-base >/dev/null && sudo lxc delete $BOX-base --force
sudo lxc launch images:debian/$DIST/$ARCH $BOX-base
sudo lxc config set $BOX-base security.privileged true
sudo lxc config set $BOX-base security.nesting true # Need this for apparmor for some reason
sudo lxc restart $BOX-base
sleep 5
IN_LXC="sudo lxc exec $BOX-base -- /bin/bash -c"
INSTALL_SCRIPT="https://install.yunohost.org/$DIST"
$IN_LXC "apt install curl -y"
$IN_LXC "curl $INSTALL_SCRIPT | bash -s -- -a $YNH_BRANCH"
$IN_LXC "systemctl -q stop apt-daily.timer"
$IN_LXC "systemctl -q stop apt-daily-upgrade.timer"
$IN_LXC "systemctl -q stop apt-daily.service"
$IN_LXC "systemctl -q stop apt-daily-upgrade.service "
$IN_LXC "systemctl -q disable apt-daily.timer"
$IN_LXC "systemctl -q disable apt-daily-upgrade.timer"
$IN_LXC "systemctl -q disable apt-daily.service"
$IN_LXC "systemctl -q disable apt-daily-upgrade.service"
$IN_LXC "rm -f /etc/cron.daily/apt-compat"
$IN_LXC "cp /bin/true /usr/lib/apt/apt.systemd.daily"
# Disable password strength check
$IN_LXC "yunohost tools postinstall --domain $DOMAIN --password $YUNO_PWD --force-password"
$IN_LXC "yunohost settings set security.password.admin.strength -v -1"
$IN_LXC "yunohost settings set security.password.user.strength -v -1"
$IN_LXC "yunohost domain add $SUBDOMAIN"
TEST_USER_DISPLAY=${TEST_USER//"_"/""}
$IN_LXC "yunohost user create $TEST_USER --firstname $TEST_USER_DISPLAY --mail $TEST_USER@$DOMAIN --lastname $TEST_USER_DISPLAY --password '$YUNO_PWD'"
$IN_LXC "yunohost --version"
sudo lxc stop $BOX-base
sudo lxc publish $BOX-base --alias $BOX-base
set +x
}
rebuild_ynh_appci_base 2>&1 | tee -a "./lxc_build.log"

88
sub_scripts/testing_process.sh
View file

@ -6,11 +6,8 @@ break_before_continue () {
if [ $interactive -eq 1 ] if [ $interactive -eq 1 ]
then then
echo "To execute one command:" echo "To enter a shell on the lxc:"
echo " sudo lxc-attach -n $LXC_NAME -- command" echo " sudo lxc exec $LXC_NAME bash"
echo "To establish a ssh connection:"
echo " ssh -t $LXC_NAME"
read -p "Press a key to delete the application and continue...." < /dev/tty read -p "Press a key to delete the application and continue...." < /dev/tty
fi fi
} }
@ -30,7 +27,7 @@ RUN_YUNOHOST_CMD() {
log_debug "Running yunohost $1" log_debug "Running yunohost $1"
# --output-as none is to disable the json-like output for some commands like backup create # --output-as none is to disable the json-like output for some commands like backup create
LXC_START "sudo PACKAGE_CHECK_EXEC=1 yunohost --output-as none --debug $1" \ LXC_START "PACKAGE_CHECK_EXEC=1 yunohost --output-as none --debug $1" \
| grep --line-buffered -v --extended-regexp '^[0-9]+\s+.{1,15}DEBUG' \ | grep --line-buffered -v --extended-regexp '^[0-9]+\s+.{1,15}DEBUG' \
| grep --line-buffered -v 'processing action' | grep --line-buffered -v 'processing action'
@ -77,25 +74,22 @@ INSTALL_APP () {
if [ -n "$preinstall_template" ] if [ -n "$preinstall_template" ]
then then
log_small_title "Pre installation request" log_small_title "Pre installation request"
# Start the lxc container
LXC_START "true"
# Copy all the instructions into a script # Copy all the instructions into a script
local preinstall_script="$TEST_CONTEXT/preinstall.sh" local preinstall_script="$TEST_CONTEXT/preinstall.sh"
echo "$preinstall_template" > "$preinstall_script" echo "$preinstall_template" > "$preinstall_script"
chmod +x "$preinstall_script"
# Hydrate the template with variables # Hydrate the template with variables
sed -i "s/\$USER/$TEST_USER/" "$preinstall_script" sed -i "s/\$USER/$TEST_USER/" "$preinstall_script"
sed -i "s/\$DOMAIN/$DOMAIN/" "$preinstall_script" sed -i "s/\$DOMAIN/$DOMAIN/" "$preinstall_script"
sed -i "s/\$SUBDOMAIN/$SUBDOMAIN/" "$preinstall_script" sed -i "s/\$SUBDOMAIN/$SUBDOMAIN/" "$preinstall_script"
sed -i "s/\$PASSWORD/$YUNO_PWD/" "$preinstall_script" sed -i "s/\$PASSWORD/$YUNO_PWD/" "$preinstall_script"
# Copy the pre-install script into the container. # Copy the pre-install script into the container.
scp -rq "$preinstall_script" "$LXC_NAME": sudo lxc file push "$preinstall_script" "$LXC_NAME":/preinstall.sh
# Then execute the script to execute the pre-install commands. # Then execute the script to execute the pre-install commands.
LXC_START "./preinstall.sh >&2" LXC_START "bash /preinstall.sh"
fi fi
# Install the application in a LXC container # Install the application in a LXC container
RUN_YUNOHOST_CMD "app install --force ./app_folder/ -a '$install_args'" RUN_YUNOHOST_CMD "app install --force /app_folder -a '$install_args'"
local ret=$? local ret=$?
[ $ret -eq 0 ] && log_debug "Installation successful." || log_error "Installation failed." [ $ret -eq 0 ] && log_debug "Installation successful." || log_error "Installation failed."
@ -204,8 +198,8 @@ VALIDATE_THAT_APP_CAN_BE_ACCESSED () {
# Call curl to try to access to the url of the app # Call curl to try to access to the url of the app
curl --location --insecure --silent --show-error \ curl --location --insecure --silent --show-error \
--header "Host: $check_domain" \ --header "Host: $check_domain" \
--resolve $check_domain:80:$LXC_NETWORK.2 \ --resolve $check_domain:80:$LXC_IP \
--resolve $check_domain:443:$LXC_NETWORK.2 \ --resolve $check_domain:443:$LXC_IP \
--write-out "%{http_code};%{url_effective}\n" \ --write-out "%{http_code};%{url_effective}\n" \
--output "$curl_output" \ --output "$curl_output" \
$check_domain$curl_check_path \ $check_domain$curl_check_path \
@ -281,7 +275,9 @@ VALIDATE_THAT_APP_CAN_BE_ACCESSED () {
<title>alias_traversal test</title> <title>alias_traversal test</title>
</head><body><h1>alias_traversal test</h1> </head><body><h1>alias_traversal test</h1>
If you see this page, you have failed the test for alias_traversal issue.</body></html>" \ If you see this page, you have failed the test for alias_traversal issue.</body></html>" \
| sudo tee $LXC_ROOTFS/var/www/html/alias_traversal.html > /dev/null > $TEST_CONTEXT/alias_traversal.html
sudo lxc file push $TEST_CONTEXT $LXC_NAME/var/www/html/alias_traversal.html
curl --location --insecure --silent $check_domain$check_path../html/alias_traversal.html \ curl --location --insecure --silent $check_domain$check_path../html/alias_traversal.html \
| grep "title" | grep --quiet "alias_traversal test" \ | grep "title" | grep --quiet "alias_traversal test" \
@ -323,7 +319,7 @@ TEST_INSTALL () {
# Create the snapshot that'll be used by other tests later # Create the snapshot that'll be used by other tests later
[ "$install_type" != "private" ] \ [ "$install_type" != "private" ] \
&& [ ! -e "$LXC_SNAPSHOTS/$snapname" ] \ && ! LXC_SNAPSHOT_EXISTS $snapname
&& log_debug "Create a snapshot after app install" \ && log_debug "Create a snapshot after app install" \
&& CREATE_LXC_SNAPSHOT $snapname && CREATE_LXC_SNAPSHOT $snapname
@ -340,8 +336,6 @@ TEST_UPGRADE () {
local commit=$1 local commit=$1
# FIXME FIXME FIXME FIXME : fetch upgrade name, specific upgrade args
if [ "$commit" == "" ] if [ "$commit" == "" ]
then then
start_test "Upgrade from the same version" start_test "Upgrade from the same version"
@ -385,7 +379,7 @@ TEST_UPGRADE () {
log_small_title "Upgrade..." log_small_title "Upgrade..."
# Upgrade the application in a LXC container # Upgrade the application in a LXC container
RUN_YUNOHOST_CMD "app upgrade $app_id -f ./app_folder/" \ RUN_YUNOHOST_CMD "app upgrade $app_id -f /app_folder" \
&& VALIDATE_THAT_APP_CAN_BE_ACCESSED $SUBDOMAIN $check_path && VALIDATE_THAT_APP_CAN_BE_ACCESSED $SUBDOMAIN $check_path
return $? return $?
@ -426,9 +420,9 @@ TEST_PORT_ALREADY_USED () {
# Build a service with netcat for use this port before the app. # Build a service with netcat for use this port before the app.
echo -e "[Service]\nExecStart=/bin/netcat -l -k -p $check_port\n echo -e "[Service]\nExecStart=/bin/netcat -l -k -p $check_port\n
[Install]\nWantedBy=multi-user.target" | \ [Install]\nWantedBy=multi-user.target" > $TEST_CONTEXT/netcat.service
sudo tee "$LXC_ROOTFS/etc/systemd/system/netcat.service" \
> /dev/null sudo lxc file push $TEST_CONTEXT/netcat.service $LXC_NAME/etc/systemd/system/netcat.service
# Then start this service to block this port. # Then start this service to block this port.
LXC_START "sudo systemctl enable netcat & sudo systemctl start netcat" LXC_START "sudo systemctl enable netcat & sudo systemctl start netcat"
@ -459,7 +453,8 @@ TEST_BACKUP_RESTORE () {
local main_result=0 local main_result=0
# Remove the previous residual backups # Remove the previous residual backups
sudo rm -rf $LXC_ROOTFS/home/yunohost.backup/archives sudo rm -rf ./ynh_backups
sudo lxc exec $LXC_NAME -- rm -rf /home/yunohost.backup/archives
# BACKUP # BACKUP
# Made a backup if the installation succeed # Made a backup if the installation succeed
@ -477,7 +472,7 @@ TEST_BACKUP_RESTORE () {
[ $ret -eq 0 ] || main_result=1 [ $ret -eq 0 ] || main_result=1
# Grab the backup archive into the LXC container, and keep a copy # Grab the backup archive into the LXC container, and keep a copy
sudo cp -a $LXC_ROOTFS/home/yunohost.backup/archives ./ sudo lxc file pull -r $LXC_NAME/home/yunohost.backup/archives ./ynh_backups
# RESTORE # RESTORE
# Try the restore process in 2 times, first after removing the app, second after a restore of the container. # Try the restore process in 2 times, first after removing the app, second after a restore of the container.
@ -496,15 +491,15 @@ TEST_BACKUP_RESTORE () {
elif [ $j -eq 1 ] elif [ $j -eq 1 ]
then then
# Remove the previous residual backups
sudo rm -rf $LXC_SNAPSHOTS/snap0/rootfs/home/yunohost.backup/archives
# Place the copy of the backup archive in the container.
sudo mv -f ./archives $LXC_SNAPSHOTS/snap0/rootfs/home/yunohost.backup/
LXC_STOP LXC_STOP
LOAD_LXC_SNAPSHOT snap0 LOAD_LXC_SNAPSHOT snap0
# Remove the previous residual backups
lxc exec $LXC_NAME -- rm -f /rootfs/home/yunohost.backup/archives/*
# Place the copy of the backup archive in the container.
sudo lxc file push -r ./ynh_backups $LXC_NAME/home/yunohost.backup/archives/
log_small_title "Restore on a clean YunoHost system..." log_small_title "Restore on a clean YunoHost system..."
fi fi
@ -517,7 +512,6 @@ TEST_BACKUP_RESTORE () {
break_before_continue break_before_continue
# Stop and restore the LXC container
LXC_STOP LXC_STOP
done done
@ -942,7 +936,7 @@ set_witness_files () {
create_witness_file () { create_witness_file () {
[ "$2" = "file" ] && local action="touch" || local action="mkdir -p" [ "$2" = "file" ] && local action="touch" || local action="mkdir -p"
sudo $action "${LXC_ROOTFS}${1}" sudo lxc exec $LXC_NAME -- $action $1
} }
# Nginx conf # Nginx conf
@ -965,15 +959,7 @@ set_witness_files () {
create_witness_file "/var/log/witnessfile" file create_witness_file "/var/log/witnessfile" file
# Config fpm # Config fpm
if [ -d "${LXC_ROOTFS}/etc/php5/fpm" ]; then create_witness_file "/etc/php/7.3/fpm/pool.d/witnessfile.conf" file
create_witness_file "/etc/php5/fpm/pool.d/witnessfile.conf" file
fi
if [ -d "${LXC_ROOTFS}/etc/php/7.0/fpm" ]; then
create_witness_file "/etc/php/7.0/fpm/pool.d/witnessfile.conf" file
fi
if [ -d "${LXC_ROOTFS}/etc/php/7.3/fpm" ]; then
create_witness_file "/etc/php/7.3/fpm/pool.d/witnessfile.conf" file
fi
# Config logrotate # Config logrotate
create_witness_file "/etc/logrotate.d/witnessfile" file create_witness_file "/etc/logrotate.d/witnessfile" file
@ -982,15 +968,16 @@ set_witness_files () {
create_witness_file "/etc/systemd/system/witnessfile.service" file create_witness_file "/etc/systemd/system/witnessfile.service" file
# Database # Database
RUN_INSIDE_LXC mysqladmin --user=root --password=$(sudo cat "$LXC_ROOTFS/etc/yunohost/mysql") --wait status > /dev/null 2>&1 local mysqlpwd=$(lxc exec $LXC_NAME -- cat /etc/yunohost/mysql)
RUN_INSIDE_LXC mysql --user=root --password=$(sudo cat "$LXC_ROOTFS/etc/yunohost/mysql") --wait --execute="CREATE DATABASE witnessdb" > /dev/null 2>&1 RUN_INSIDE_LXC mysqladmin --user=root --password="$mysqlpwd" --wait status > /dev/null 2>&1
RUN_INSIDE_LXC mysql --user=root --password="$mysqlpwd" --wait --execute="CREATE DATABASE witnessdb" > /dev/null 2>&1
} }
check_witness_files () { check_witness_files () {
# Check all the witness files, to verify if them still here # Check all the witness files, to verify if them still here
check_file_exist () { check_file_exist () {
if sudo test ! -e "${LXC_ROOTFS}${1}" if sudo lxc exec $LXC_NAME -- test ! -e "{1}"
then then
log_error "The file $1 is missing ! Something gone wrong !" log_error "The file $1 is missing ! Something gone wrong !"
SET_RESULT "failure" witness SET_RESULT "failure" witness
@ -1017,15 +1004,7 @@ check_witness_files () {
check_file_exist "/var/log/witnessfile" check_file_exist "/var/log/witnessfile"
# Config fpm # Config fpm
if [ -d "${LXC_ROOTFS}/etc/php5/fpm" ]; then check_file_exist "/etc/php/7.3/fpm/pool.d/witnessfile.conf"
check_file_exist "/etc/php5/fpm/pool.d/witnessfile.conf"
fi
if [ -d "${LXC_ROOTFS}/etc/php/7.0/fpm" ]; then
check_file_exist "/etc/php/7.0/fpm/pool.d/witnessfile.conf"
fi
if [ -d "${LXC_ROOTFS}/etc/php/7.3/fpm" ]; then
check_file_exist "/etc/php/7.3/fpm/pool.d/witnessfile.conf"
fi
# Config logrotate # Config logrotate
check_file_exist "/etc/logrotate.d/witnessfile" check_file_exist "/etc/logrotate.d/witnessfile"
@ -1034,7 +1013,8 @@ check_witness_files () {
check_file_exist "/etc/systemd/system/witnessfile.service" check_file_exist "/etc/systemd/system/witnessfile.service"
# Database # Database
if ! RUN_INSIDE_LXC mysqlshow --user=root --password=$(sudo cat "$LXC_ROOTFS/etc/yunohost/mysql") witnessdb > /dev/null 2>&1 local mysqlpwd=$(lxc exec $LXC_NAME -- cat /etc/yunohost/mysql)
if ! RUN_INSIDE_LXC mysqlshow --user=root --password="$mysqlpwd" witnessdb > /dev/null 2>&1
then then
log_error "The database witnessdb is missing ! Something gone wrong !" log_error "The database witnessdb is missing ! Something gone wrong !"
SET_RESULT "failure" witness SET_RESULT "failure" witness