tools-hardened: add test scripts for systemd stages

2016-03-02 15:51:20 -05:00 · 2016-03-02 15:51:20 -05:00 · e9208fa931
parent ea24197c96
commit e9208fa931
3 changed files with 117 additions and 0 deletions
--- a/tools-hardened/common.sh
+++ b/tools-hardened/common.sh
@ -0,0 +1,61 @@
+#!/bin/bash
+
+source /etc/catalyst/catalyst.conf
+
+mydate=`date +%Y%m%d`
+
+
+undo_grsec() {
+  [[ -d /proc/sys/kernel/grsecurity ]] || return
+  for i in /proc/sys/kernel/grsecurity/chroot_* ; do
+    echo 0 > $i
+  done
+}
+
+
+banner() {
+cat << EOF | tee -a zzz.log > stage$1-$2-systemd.log
+
+************************************************************************
+*    stage$1-$2-systemd
+************************************************************************"
+
+EOF
+}
+
+
+do_stages() {
+  local arch=$1
+
+  for s in 1 2 3; do
+    local tgpath="${storedir}/builds/systemd/${arch}"
+    local target="stage${s}-${arch}-systemd-${mydate}.tar.bz2"
+    local tglink="stage${s}-${arch}-systemd.tar.bz2"
+
+    if [[ ! -f "${tgpath}/${tglink}" ]]; then
+       touch stage${s}-${arch}-systemd.log
+       echo "!!! ${tglink} at ${tgpath} doesn't exist" \
+         | tee -a zzz.log \
+         > stage${s}-${arch}-systemd.err
+       return 1
+    fi
+
+    banner ${s} ${arch}
+    catalyst -f stage${s}-${arch}-systemd.conf \
+      | tee -a zzz.log \
+      > stage${s}-${arch}-systemd.log \
+      2> stage${s}-${arch}-systemd.err
+
+    if [[ -f "${tgpath}/${target}" ]]; then
+      rm -f "${tgpath}/${tglink}"
+      ln -s ${target} "${tgpath}/${tglink}"
+    else
+      echo "!!! ${target} was not generated" \
+        | tee -a zzz.log \
+        >stage${s}-${arch}-systemd.err
+      return 1
+    fi
+  done
+
+  return 0
+}
--- a/tools-hardened/run-systemd.sh
+++ b/tools-hardened/run-systemd.sh
@ -0,0 +1,49 @@
+#!/bin/bash
+
+source common.sh
+
+prepare_confs() {
+  local arch=$1
+
+  for s in 1 2 3; do
+
+    local cstage=stage${s}
+    local p=$(( s - 1 ))
+    [[ $p == 0 ]] && p=3
+    local pstage=stage${p}
+
+    local parch="${arch}"
+      [[ "${arch}" == "i686" ]] && parch="x86"
+
+    cat stage-all.conf.template | \
+      sed -e "s:\(^version_stamp.*$\):\1-${mydate}:" \
+        -e "s:STAGE:${cstage}:g" \
+        -e "s:SARCH:${arch}:g" \
+        -e "s:PARCH:${parch}:g" \
+        >  stage${s}-${arch}-systemd.conf
+  done
+}
+
+
+main() {
+  >zzz.log
+
+  undo_grsec
+
+  catalyst -s current | tee -a zzz.log >snapshot.log 2>snapshot.err
+
+#  for arch in amd64 i686; do
+  for arch in amd64; do
+    prepare_confs ${arch}
+  done
+
+  # The parallelization `( do_stages ... ) &` doesn't work here
+  # if catalyst is using snapcache, bug #519656
+#  for arch in amd64 i686; do
+  for arch in amd64; do
+    do_stages ${arch}
+    [[ $? == 1 ]] && echo "FAILURE at ${arch}" | tee zzz.log
+  done
+}
+
+main $1 &
--- a/tools-hardened/stage-all.conf.template
+++ b/tools-hardened/stage-all.conf.template
@ -0,0 +1,7 @@
+subarch: SARCH
+target: STAGE
+version_stamp: systemd
+rel_type: systemd/SARCH
+profile: default/linux/PARCH/13.0/systemd
+snapshot: current
+source_subpath: systemd/SARCH/STAGE-SARCH-systemd