From patchwork Fri Oct 18 13:21:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Dariqq X-Patchwork-Id: 69089 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 6B7C627BBEA; Fri, 18 Oct 2024 14:23:55 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-7.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED, RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE, SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 6497127BBE2 for ; Fri, 18 Oct 2024 14:23:54 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1t1mxB-0004t6-EJ; Fri, 18 Oct 2024 09:23:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1t1mxA-0004sq-BL for guix-patches@gnu.org; Fri, 18 Oct 2024 09:23:40 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1t1mxA-0006Kq-2a for guix-patches@gnu.org; Fri, 18 Oct 2024 09:23:40 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=1HeQSfeZxW4thqw9fR/hvOe9tc1mYiwaX+Hzwl5J+w0=; b=snbsIS30ekEqWw4f5uj71Og22TSUDEi7xX+OaNviAnPp0lslGhBQtJcnvywc5wOW1OYCR+yjZ/rfGXEBa+Xyb9tmEvoKUk7JOUiyxt8jCGGiNDtr2wBuA2j0srJLFIV34V2eAuirp0m/5jZ+iTqXgAGipT4E5QBXKFWjK2WyzMsiHsY0tbpCLuT8FgTVm4yTBWFL+wxpGYIujmFe8RdoOpgq8qnv9RegacXBoi2Z3HUHLkooueRsLFk761dKI1VK4y5DKLBI6Ng3+72mmkJMO3iskkMz+dC+CY4PLv4hYS/lLEE0svbKNPTOG/AVBXeq4q2SV96YSiZxAnvtHP81Pg==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1t1mxW-0007aS-Bz for guix-patches@gnu.org; Fri, 18 Oct 2024 09:24:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#73767] [PATCH v2 2/2] tests: Add activation test. Resent-From: Dariqq Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 18 Oct 2024 13:24:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 73767 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 73767@debbugs.gnu.org Cc: Dariqq Received: via spool by 73767-submit@debbugs.gnu.org id=B73767.172925778329058 (code B ref 73767); Fri, 18 Oct 2024 13:24:02 +0000 Received: (at 73767) by debbugs.gnu.org; 18 Oct 2024 13:23:03 +0000 Received: from localhost ([127.0.0.1]:37547 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t1mwY-0007YT-8y for submit@debbugs.gnu.org; Fri, 18 Oct 2024 09:23:03 -0400 Received: from mout02.posteo.de ([185.67.36.66]:51713) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t1mwW-0007Xw-Nz for 73767@debbugs.gnu.org; Fri, 18 Oct 2024 09:23:01 -0400 Received: from submission (posteo.de [185.67.36.169]) by mout02.posteo.de (Postfix) with ESMTPS id CEC31240101 for <73767@debbugs.gnu.org>; Fri, 18 Oct 2024 15:22:31 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1729257751; bh=Hhci1Dv6O8y4kvsQ9eEuDbrzzlKbB7JE6mjY6mZm6vg=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:Content-Type: Content-Transfer-Encoding:From; b=U+bAnEN+bQ4CNixRAeq1y73pJDZSpTu3NstrucsmyFL1MjekfN/lyGqDuiWaET1OE sFf1NFj7wAI3ARr8c/e6SFxYiYQ+sxti5J0m7CwGmW7l4BfOPv2RNmhshdsWA17vGi 0ufTzCtM+wEELce94gr4PjiuORpJ5jRRFf16T8XWN4goY7cG+oNmkhmxcbOP/A1vf7 19F+iagCtR/h38kcOgMIWBA1CFwLZrQ3nuEkv7hVeznLf93VDe3FOKBbS6cclrobsp maXduaU2MjrTQOJ42vdigQwU0p6n7uTTsSKcNOOcrofkpZjunvfoURBY0DXycPWP79 lNw8Uj4IqW+/Q== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4XVQNk6LHWz9rxP; Fri, 18 Oct 2024 15:22:30 +0200 (CEST) From: Dariqq Date: Fri, 18 Oct 2024 13:21:23 +0000 Message-ID: <9e16b82e73de5da03c2aa8763a970fbdd513a83d.1729257683.git.dariqq@posteo.net> In-Reply-To: <99be45a2fa553c2174a7062056ac7fced444ad5e.1729257683.git.dariqq@posteo.net> References: <99be45a2fa553c2174a7062056ac7fced444ad5e.1729257683.git.dariqq@posteo.net> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches Add a test to verify that accounts are available for activation scripts. * gnu/tests/base.scm (%activation-os): New variable. (run-activation-test): New procedure. (%test-activation): New variable. Change-Id: I59a191c5519475f256e81bdf2dc4cb01b96c31fe --- gnu/tests/base.scm | 121 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 120 insertions(+), 1 deletion(-) diff --git a/gnu/tests/base.scm b/gnu/tests/base.scm index e1a676ecd4..9430cbee12 100644 --- a/gnu/tests/base.scm +++ b/gnu/tests/base.scm @@ -3,6 +3,7 @@ ;;; Copyright © 2018 Clément Lassieur ;;; Copyright © 2022 Maxim Cournoyer ;;; Copyright © 2022 Marius Bakke +;;; Copyright © 2024 Dariqq ;;; ;;; This file is part of GNU Guix. ;;; @@ -24,6 +25,7 @@ (define-module (gnu tests base) #:use-module (gnu image) #:use-module (gnu system) #:autoload (gnu system image) (system-image) + #:use-module (gnu system privilege) #:use-module (gnu system shadow) #:use-module (gnu system nss) #:use-module (gnu system vm) @@ -60,7 +62,8 @@ (define-module (gnu tests base) %test-root-unmount %test-cleanup %test-mcron - %test-nss-mdns)) + %test-nss-mdns + %test-activation)) (define %simple-os (simple-operating-system)) @@ -1105,3 +1108,119 @@ (define %test-nss-mdns "Test Avahi's multicast-DNS implementation, and in particular, test its glibc name service switch (NSS) module.") (value (run-nss-mdns-test)))) + + +;;; +;;; Activation: Order of activation scripts +;;; Create accounts before running scripts using them + +(define %activation-os + ;; System with a new user/group, a setuid/setgid binary and an activation script + (let* ((%hello-accounts + (list (user-group (name "hello") (system? #t)) + (user-account + (name "hello") + (group "hello") + (system? #t) + (comment "") + (home-directory "/var/empty")))) + (%hello-privileged + (list + (privileged-program + (program (file-append hello "/bin/hello")) + (setuid? #t) + (setgid? #t) + (user "hello") + (group "hello")))) + (%hello-activation + (with-imported-modules (source-module-closure + '((gnu build activation))) + #~(begin + (use-modules (gnu build activation)) + + (let ((user (getpwnam "hello"))) + (mkdir-p/perms "/run/hello" user #o755))))) + + (hello-service-type + (service-type + (name 'hello) + (extensions + (list (service-extension account-service-type + (const %hello-accounts)) + (service-extension activation-service-type + (const %hello-activation)) + (service-extension privileged-program-service-type + (const %hello-privileged)))) + (default-value #f) + (description "")))) + + (operating-system + (inherit %simple-os) + (services + (cons* (service hello-service-type) + (operating-system-user-services + %simple-os)))))) + +(define (run-activation-test name) + (define os + (marionette-operating-system + %activation-os)) + + (define test + (with-imported-modules '((gnu build marionette)) + #~(begin + (use-modules (gnu build marionette) + (srfi srfi-64)) + + (define marionette + (make-marionette (list #$(virtual-machine os)))) + + (test-runner-current (system-test-runner #$output)) + (test-begin "activation") + + (test-assert "directory exists" + (marionette-eval + '(file-exists? "/run/hello") + marionette)) + + (test-assert "directory correct permissions and owner" + (marionette-eval + '(let ((dir (stat "/run/hello")) + (user (getpwnam "hello"))) + (and (eqv? (stat:uid dir) + (passwd:uid user)) + (eqv? (stat:gid dir) + (passwd:gid user)) + (= (stat:perms dir) + #o0755))) + marionette)) + + (test-assert "privileged-program exists" + (marionette-eval + '(file-exists? "/run/privileged/bin/hello") + marionette)) + + (test-assert "privileged-program correct permissions and owner" + (marionette-eval + '(let ((binary (stat "/run/privileged/bin/hello")) + (user (getpwnam "hello")) + (group (getgrnam "hello"))) + (and (eqv? (stat:uid binary) + (passwd:uid user)) + (eqv? (stat:gid binary) + (group:gid group)) + (= (stat:perms binary) + (+ #o0555 ;; base + #o4000 ;; setuid + #o2000)))) ;; setgid + marionette)) + + (test-end)))) + + (gexp->derivation name test)) + +(define %test-activation + (system-test + (name "activation") + (description "Test that activation scripts are run in the correct order") + (value (run-activation-test name))))