All of lore.kernel.org
 help / color / mirror / Atom feed
From: Roberto Sassu <roberto.sassu@huaweicloud.com>
To: zohar@linux.ibm.com, dmitry.kasatkin@gmail.com
Cc: linux-integrity@vger.kernel.org, vt@altlinux.org, pvorel@suse.cz,
	stefanb@linux.ibm.com, Roberto Sassu <roberto.sassu@huawei.com>
Subject: [PATCH ima-evm-utils v3 05/11] Add support for creating a new testing environment in functions.sh
Date: Wed, 25 Jan 2023 09:50:24 +0100	[thread overview]
Message-ID: <20230125085030.1568256-6-roberto.sassu@huaweicloud.com> (raw)
In-Reply-To: <20230125085030.1568256-1-roberto.sassu@huaweicloud.com>

From: Roberto Sassu <roberto.sassu@huawei.com>

Add the new functions _run_env(), _exit_env(), _init_env() and
_cleanup_env() to run the tests inside a new environment specified with the
TST_ENV environment variable.

A typical structure of a script with tests is:

trap '_report_exit_and_cleanup _cleanup_env cleanup' \
    SIGINT SIGTERM SIGSEGV EXIT

cleanup() {
	<test cleanup>
}

<tests implementations>

_run_env "$TST_KERNEL" "$PWD/$(basename "$0")" "env_var1=$env_var1 ..."

_exit_env "$TST_KERNEL"

_init_env

<tests init>

<tests call>

If TST_ENV is not set or empty, don't create a new testing environment and
perform the cleanup in the current environment. Don't create a new testing
environment also if the script is already executed in a new environment, to
avoid loops. Instead, for cleanup, do it in the new environment and skip it
in the host environment (if the cleanup function is passed to
_cleanup_env()).

Signal to the creator of the environment failures of tests or of the script
itself run in the new environment (if the exit code is 1 ($FAIL) or 99
($HARDFAIL)) with an unclean shutdown of the system.

Add haveged and systemd as dependencies for the tests in ci/fedora.sh,
respectively for initializing the random number generator and for shutting
down the system in the new environment.

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
---
 ci/fedora.sh       |  4 ++-
 tests/functions.sh | 83 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 86 insertions(+), 1 deletion(-)

diff --git a/ci/fedora.sh b/ci/fedora.sh
index e60de7981c60..198034a34e3c 100755
--- a/ci/fedora.sh
+++ b/ci/fedora.sh
@@ -45,7 +45,9 @@ yum -y install \
 	vim-common \
 	wget \
 	which \
-	zstd
+	zstd \
+	haveged \
+	systemd
 
 yum -y install docbook5-style-xsl || true
 yum -y install swtpm || true
diff --git a/tests/functions.sh b/tests/functions.sh
index cf83ad21562f..9dc9b96d1d7a 100755
--- a/tests/functions.sh
+++ b/tests/functions.sh
@@ -271,6 +271,17 @@ _report_exit_and_cleanup() {
   [ $testsfail -gt 0 ] && echo -n "$RED" || echo -n "$NORM"
   echo " FAIL: $testsfail"
   echo "$NORM"
+  # Signal failure to the testing environment creator with an unclean shutdown.
+  if [ -n "$TST_ENV" ] && [ $$ -eq 1 ]; then
+    if [ -z "$(command -v poweroff)" ]; then
+      echo "Warning: cannot properly shutdown system"
+    fi
+
+    if [ $testsfail -eq 0 ] && [ $exit_code -ne "$FAIL" ] &&
+       [ $exit_code -ne "$HARDFAIL" ]; then
+      poweroff -f
+    fi
+  fi
   if [ $testsfail -gt 0 ]; then
     exit "$FAIL"
   elif [ $testspass -gt 0 ]; then
@@ -319,3 +330,75 @@ _softhsm_teardown() {
   unset SOFTHSM_SETUP_CONFIGDIR SOFTHSM2_CONF PKCS11_KEYURI \
     EVMCTL_ENGINE OPENSSL_ENGINE OPENSSL_KEYFORM
 }
+
+# Syntax: _run_env <kernel> <init> <additional kernel parameters>
+_run_env() {
+  if [ -z "$TST_ENV" ]; then
+    return
+  fi
+
+  if [ $$ -eq 1 ]; then
+    return
+  fi
+
+  if [ "$TST_ENV" = "um" ]; then
+    expect_pass "$1" rootfstype=hostfs rw init="$2" quiet mem=2048M "$3"
+  else
+    echo $RED"Testing environment $TST_ENV not supported"$NORM
+    exit "$FAIL"
+  fi
+}
+
+# Syntax: _exit_env <kernel>
+_exit_env() {
+  if [ -z "$TST_ENV" ]; then
+    return
+  fi
+
+  if [ $$ -eq 1 ]; then
+    return
+  fi
+
+  exit "$OK"
+}
+
+# Syntax: _init_env
+_init_env() {
+  if [ -z "$TST_ENV" ]; then
+    return
+  fi
+
+  if [ $$ -ne 1 ]; then
+    return
+  fi
+
+  mount -t tmpfs tmpfs /tmp
+  mount -t proc proc /proc
+  mount -t sysfs sysfs /sys
+  mount -t securityfs securityfs /sys/kernel/security
+
+  if [ -n "$(command -v haveged 2> /dev/null)" ]; then
+    $(command -v haveged) -w 1024 &> /dev/null
+  fi
+
+  pushd "$PWD" > /dev/null || exit "$FAIL"
+}
+
+# Syntax: _cleanup_env <cleanup function>
+_cleanup_env() {
+  if [ -z "$TST_ENV" ]; then
+    $1
+    return
+  fi
+
+  if [ $$ -ne 1 ]; then
+    return
+  fi
+
+  $1
+
+  umount /sys/kernel/security
+  umount /sys
+  umount /proc
+  umount /tmp
+}
-- 
2.25.1


  parent reply	other threads:[~2023-01-25  8:52 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-01-25  8:50 [PATCH ima-evm-utils v3 00/11] Support testing in new enviroments Roberto Sassu
2023-01-25  8:50 ` [PATCH ima-evm-utils v3 01/11] Fix error messages and vars in calc_evm_hmac() Roberto Sassu
2023-01-25  8:50 ` [PATCH ima-evm-utils v3 02/11] Add config for UML kernel Roberto Sassu
2023-01-25  8:50 ` [PATCH ima-evm-utils v3 03/11] Compile the UML kernel and download it in Github Actions Roberto Sassu
2023-01-25 19:17   ` Mimi Zohar
2023-01-26  9:09     ` Roberto Sassu
2023-01-25  8:50 ` [PATCH ima-evm-utils v3 04/11] Pass cleanup function and its arguments to _report_exit_and_cleanup() Roberto Sassu
2023-01-25 13:52   ` Stefan Berger
2023-01-25  8:50 ` Roberto Sassu [this message]
2023-01-25 13:36   ` [PATCH ima-evm-utils v3 05/11] Add support for creating a new testing environment in functions.sh Roberto Sassu
2023-01-25  8:50 ` [PATCH ima-evm-utils v3 06/11] Introduce TST_LIST variable to select a test to execute Roberto Sassu
2023-01-25 14:06   ` Stefan Berger
2023-01-25  8:50 ` [PATCH ima-evm-utils v3 07/11] Add tests for EVM portable signatures Roberto Sassu
2023-01-25 23:15   ` Stefan Berger
2023-01-25  8:50 ` [PATCH ima-evm-utils v3 08/11] Adapt fsverity.test to be able to run in a new testing environment Roberto Sassu
2023-01-25 22:45   ` Stefan Berger
2023-01-25  8:50 ` [PATCH ima-evm-utils v3 09/11] Use in-place built fsverity binary instead of installing it Roberto Sassu
2023-01-25  8:50 ` [PATCH ima-evm-utils v3 10/11] ci: haveged requires EPEL on CentOS stream:8 Roberto Sassu
2023-01-25  8:50 ` [PATCH ima-evm-utils v3 11/11] Temporarily remove CONFIG_DEBUG_SG to test portable signatures Roberto Sassu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230125085030.1568256-6-roberto.sassu@huaweicloud.com \
    --to=roberto.sassu@huaweicloud.com \
    --cc=dmitry.kasatkin@gmail.com \
    --cc=linux-integrity@vger.kernel.org \
    --cc=pvorel@suse.cz \
    --cc=roberto.sassu@huawei.com \
    --cc=stefanb@linux.ibm.com \
    --cc=vt@altlinux.org \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.