[Pkg-sssd-devel] [Git][sssd-team/sssd][master] 2 commits: Improve certificate/smartcard dep8 tests.
Timo Aaltonen (@tjaalton)
gitlab at salsa.debian.org
Thu Jan 18 09:47:46 GMT 2024
Timo Aaltonen pushed to branch master at Debian SSSD packaging / sssd
Commits:
a41e9387 by Sergio Durigan Junior at 2024-01-17T20:23:05-05:00
Improve certificate/smartcard dep8 tests.
- d/t/control: Don't depend on "needs-sudo" restriction, since the
tests don't really use "sudo" selectively but rather rely on a normal
user being setup as a side effect of "needs-sudo". Instead, we can
use "needs-root".
- d/t/sssd-smart-card-pam-auth-configs-tester.sh,
d/t/sssd-softhism2-certificates-tests.sh: Use
"${AUTOPKGTEST_NORMAL_USER}" instead of "$SUDO_USER".
- - - - -
ceec671e by Sergio Durigan Junior at 2024-01-17T20:23:54-05:00
changelog for 2.9.2-2
- - - - -
4 changed files:
- debian/changelog
- debian/tests/control
- debian/tests/sssd-smart-card-pam-auth-configs-tester.sh
- debian/tests/sssd-softhism2-certificates-tests.sh
Changes:
=====================================
debian/changelog
=====================================
@@ -1,3 +1,16 @@
+sssd (2.9.2-2) UNRELEASED; urgency=medium
+
+ * Improve certificate/smartcard dep8 tests.
+ - d/t/control: Don't depend on "needs-sudo" restriction, since the
+ tests don't really use "sudo" selectively but rather rely on a normal
+ user being setup as a side effect of "needs-sudo". Instead, we can
+ use "needs-root".
+ - d/t/sssd-smart-card-pam-auth-configs-tester.sh,
+ d/t/sssd-softhism2-certificates-tests.sh: Use
+ "${AUTOPKGTEST_NORMAL_USER}" instead of "$SUDO_USER".
+
+ -- Sergio Durigan Junior <sergiodj at debian.org> Wed, 17 Jan 2024 20:23:32 -0500
+
sssd (2.9.2-1) unstable; urgency=medium
[ Timo Aaltonen ]
=====================================
debian/tests/control
=====================================
@@ -6,9 +6,7 @@ Tests: ldap-user-group-krb5-auth
Depends: @, slapd, ldap-utils, openssl, expect, lsb-release, krb5-user, krb5-admin-server, krb5-kdc
Restrictions: isolation-container, needs-root, allow-stderr
-Test-Command: sudo
- bash debian/tests/sssd-softhism2-certificates-tests.sh
-Features: test-name=sssd-softhism2-certificates-tests
+Tests: sssd-softhism2-certificates-tests.sh
Depends: bash,
gnutls-bin,
openssl,
@@ -16,10 +14,10 @@ Depends: bash,
softhsm2,
sssd,
util-linux
-Restrictions: needs-sudo,
+Restrictions: needs-root,
allow-stderr
-Test-Command: sudo env
+Test-Command: env
OFFLINE_MODE=1
bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh
Features: test-name=sssd-smart-card-pam-auth-configs
@@ -34,6 +32,6 @@ Depends: bash,
util-linux
Restrictions: breaks-testbed,
isolation-container,
- needs-sudo,
+ needs-root,
allow-stderr
=====================================
debian/tests/sssd-smart-card-pam-auth-configs-tester.sh
=====================================
@@ -11,6 +11,11 @@
set -xe
+if [ -z "${AUTOPKGTEST_NORMAL_USER}" ]; then
+ adduser --quiet --disable-password _sssduser
+ AUTOPKGTEST_NORMAL_USER="_sssduser"
+fi
+
export DEBIAN_FRONTEND=noninteractive
required_tools=(
@@ -25,11 +30,6 @@ if [[ ! -v OFFLINE_MODE ]]; then
)
fi
-if [ "$(id -u)" != 0 ] || [ -z "$SUDO_USER" ]; then
- echo "This tool requires sudo!"
- exit 2
-fi
-
for cmd in "${required_tools[@]}"; do
if ! command -v "$cmd" > /dev/null; then
echo "Tool $cmd missing"
@@ -138,15 +138,15 @@ find "$tmpdir" -type f -exec chmod 666 {} \;
backup_file /etc/sssd/sssd.conf
rm -f /etc/sssd/sssd.conf
-user_home="$(runuser -u "$SUDO_USER" -- sh -c 'echo ~')"
+user_home="$(runuser -u "${AUTOPKGTEST_NORMAL_USER}" -- sh -c 'echo ~')"
mkdir -p "$user_home"
-chown "$SUDO_USER:$SUDO_USER" "$user_home"
+chown "${AUTOPKGTEST_NORMAL_USER}:${AUTOPKGTEST_NORMAL_USER}" "$user_home"
-user_config="$(runuser -u "$SUDO_USER" -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}')"
+user_config="$(runuser -u "${AUTOPKGTEST_NORMAL_USER}" -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}')"
system_config="/etc"
softhsm2_conf_paths=(
- "$SUDO_USER:$user_config/softhsm2/softhsm2.conf"
+ "${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf"
"root:$system_config/softhsm/softhsm2.conf"
)
@@ -173,7 +173,7 @@ enable_files_domain = True
services = pam
#certificate_verification = $verification_options
-[certmap/implicit_files/$SUDO_USER]
+[certmap/implicit_files/${AUTOPKGTEST_NORMAL_USER}]
matchrule = <SUBJECT>.*Test Organization.*
[pam]
@@ -205,18 +205,18 @@ EOF
pam-auth-update --enable "$alternative" || return 2
cat /etc/pam.d/common-auth
- echo -n -e "$PIN" | runuser -u "$SUDO_USER" -- \
- pamtester -v "$pam_service" "$SUDO_USER" authenticate || return 2
- echo -n -e "$PIN" | runuser -u "$SUDO_USER" -- \
+ echo -n -e "$PIN" | runuser -u "${AUTOPKGTEST_NORMAL_USER}" -- \
+ pamtester -v "$pam_service" "${AUTOPKGTEST_NORMAL_USER}" authenticate || return 2
+ echo -n -e "$PIN" | runuser -u "${AUTOPKGTEST_NORMAL_USER}" -- \
pamtester -v "$pam_service" "" authenticate || return 2
- if echo -n -e "wrong${PIN}" | runuser -u "$SUDO_USER" -- \
- pamtester -v "$pam_service" "$SUDO_USER" authenticate; then
+ if echo -n -e "wrong${PIN}" | runuser -u "${AUTOPKGTEST_NORMAL_USER}" -- \
+ pamtester -v "$pam_service" "${AUTOPKGTEST_NORMAL_USER}" authenticate; then
echo "Unexpected pass!"
return 2
fi
- if echo -n -e "wrong${PIN}" | runuser -u "$SUDO_USER" -- \
+ if echo -n -e "wrong${PIN}" | runuser -u "${AUTOPKGTEST_NORMAL_USER}" -- \
pamtester -v "$pam_service" "" authenticate; then
echo "Unexpected pass!"
return 2
=====================================
debian/tests/sssd-softhism2-certificates-tests.sh
=====================================
@@ -7,6 +7,11 @@
# Used to verify p11_child usage in SSSD.
set -xe
+if [ -z "${AUTOPKGTEST_NORMAL_USER}" ]; then
+ adduser --quiet --disable-password _sssduser
+ AUTOPKGTEST_NORMAL_USER="_sssduser"
+fi
+
required_tools=(
p11tool # debian package: gnutls-bin
openssl # debian package: openssl
View it on GitLab: https://salsa.debian.org/sssd-team/sssd/-/compare/b5ab8ee7e6284d47de19880384d9dce683547f22...ceec671e20343961b31cabe39c861b091cfe04ee
--
View it on GitLab: https://salsa.debian.org/sssd-team/sssd/-/compare/b5ab8ee7e6284d47de19880384d9dce683547f22...ceec671e20343961b31cabe39c861b091cfe04ee
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-sssd-devel/attachments/20240118/863971f7/attachment-0001.htm>
More information about the Pkg-sssd-devel
mailing list