op public repos

Blob

Date:: Mon May 29 06:40:28 2023 UTC
Message:: consistently use ten Xs in mkstemp(3) templates patch from Josiah Frentsos, thanks!
Actions:: History | Blame | Raw File
1 .include "../../got-version.mk"
2 
3 REGRESS_TARGETS=test_repo_read test_repo_read_group \
4 	test_repo_read_denied_user test_repo_read_denied_group \
5 	test_repo_read_bad_user test_repo_read_bad_group \
6 	test_repo_write test_repo_write_empty test_request_bad \
7 	test_repo_write_protected
8 NOOBJ=Yes
9 CLEANFILES=gotd.conf
10 
11 .PHONY: ensure_root prepare_test_repo check_test_repo start_gotd
12 
13 GOTD_TEST_ROOT=/tmp
14 GOTD_DEVUSER?=gotdev
15 GOTD_DEVUSER_HOME!=userinfo $(GOTD_DEVUSER) | awk '/^dir/ {print $$2}'
16 GOTD_TEST_REPO!?=mktemp -d "$(GOTD_TEST_ROOT)/gotd-test-repo-XXXXXXXXXX"
17 GOTD_TEST_REPO_URL=ssh://${GOTD_DEVUSER}@127.0.0.1/test-repo
18 
19 GOTD_TEST_USER?=${DOAS_USER}
20 .if empty(GOTD_TEST_USER)
21 GOTD_TEST_USER=${SUDO_USER}
22 .endif
23 .if empty(GOTD_TEST_USER)
24 GOTD_TEST_USER=${USER}
25 .endif
26 GOTD_TEST_USER_HOME!=userinfo $(GOTD_TEST_USER) | awk '/^dir/ {print $$2}'
27 
28 # gotd.conf parameters
29 GOTD_USER?=got
30 GOTD_SOCK=${GOTD_DEVUSER_HOME}/gotd.sock
31 
32 .if "${GOT_RELEASE}" == "Yes"
33 PREFIX ?= /usr/local
34 BINDIR ?= ${PREFIX}/bin
35 .else
36 PREFIX ?= ${GOTD_TEST_USER_HOME}
37 BINDIR ?= ${PREFIX}/bin
38 .endif
39 
40 GOTD_START_CMD?=$(BINDIR)/gotd -vv -f $(PWD)/gotd.conf
41 GOTD_STOP_CMD?=$(BINDIR)/gotctl -f $(GOTD_SOCK) stop
42 GOTD_TRAP=trap "$(GOTD_STOP_CMD)" HUP INT QUIT PIPE TERM
43 
44 GOTD_TEST_ENV=GOTD_TEST_ROOT=$(GOTD_TEST_ROOT) \
45 	GOTD_TEST_REPO_URL=$(GOTD_TEST_REPO_URL) \
46 	GOTD_TEST_REPO=$(GOTD_TEST_REPO) \
47 	GOTD_SOCK=$(GOTD_SOCK) \
48 	GOTD_DEVUSER=$(GOTD_DEVUSER) \
49 	HOME=$(GOTD_TEST_USER_HOME) \
50 	PATH=$(GOTD_TEST_USER_HOME)/bin:$(PATH)
51 
52 ensure_root:
53 	@if [[ `id -u` -ne 0 ]]; then \
54 		echo gotd test suite must be started by root >&2; \
55 		false; \
56 	fi ; \
57 	if [[ "$(GOTD_TEST_USER)" = "root" ]]; then \
58 		echo GOTD_TEST_USER must be a non-root user >&2; \
59 		false; \
60 	fi
61 
62 start_gotd_ro: ensure_root
63 	@echo 'listen on "$(GOTD_SOCK)"' > $(PWD)/gotd.conf
64 	@echo "user $(GOTD_USER)" >> $(PWD)/gotd.conf
65 	@echo 'repository "test-repo" {' >> $(PWD)/gotd.conf
66 	@echo '    path "$(GOTD_TEST_REPO)"' >> $(PWD)/gotd.conf
67 	@echo '    permit ro $(GOTD_DEVUSER)' >> $(PWD)/gotd.conf
68 	@echo "}" >> $(PWD)/gotd.conf
69 	@$(GOTD_TRAP); $(GOTD_START_CMD)
70 	@$(GOTD_TRAP); sleep .5
71 
72 start_gotd_ro_group: ensure_root
73 	@echo 'listen on "$(GOTD_SOCK)"' > $(PWD)/gotd.conf
74 	@echo "user $(GOTD_USER)" >> $(PWD)/gotd.conf
75 	@echo 'repository "test-repo" {' >> $(PWD)/gotd.conf
76 	@echo '    path "$(GOTD_TEST_REPO)"' >> $(PWD)/gotd.conf
77 	@echo '    permit ro :$(GOTD_DEVUSER)' >> $(PWD)/gotd.conf
78 	@echo "}" >> $(PWD)/gotd.conf
79 	@$(GOTD_TRAP); $(GOTD_START_CMD)
80 	@$(GOTD_TRAP); sleep .5
81 
82 # try a permit rule followed by a deny rule; last matched rule wins
83 start_gotd_ro_denied_user: ensure_root
84 	@echo 'listen on "$(GOTD_SOCK)"' > $(PWD)/gotd.conf
85 	@echo "user $(GOTD_USER)" >> $(PWD)/gotd.conf
86 	@echo 'repository "test-repo" {' >> $(PWD)/gotd.conf
87 	@echo '    path "$(GOTD_TEST_REPO)"' >> $(PWD)/gotd.conf
88 	@echo '    permit ro $(GOTD_DEVUSER)' >> $(PWD)/gotd.conf
89 	@echo '    deny $(GOTD_DEVUSER)' >> $(PWD)/gotd.conf
90 	@echo "}" >> $(PWD)/gotd.conf
91 	@$(GOTD_TRAP); $(GOTD_START_CMD)
92 	@$(GOTD_TRAP); sleep .5
93 
94 # try a permit rule followed by a deny rule; last matched rule wins
95 start_gotd_ro_denied_group: ensure_root
96 	@echo 'listen on "$(GOTD_SOCK)"' > $(PWD)/gotd.conf
97 	@echo "user $(GOTD_USER)" >> $(PWD)/gotd.conf
98 	@echo 'repository "test-repo" {' >> $(PWD)/gotd.conf
99 	@echo '    path "$(GOTD_TEST_REPO)"' >> $(PWD)/gotd.conf
100 	@echo '    permit ro $(GOTD_DEVUSER)' >> $(PWD)/gotd.conf
101 	@echo '    deny :$(GOTD_DEVUSER)' >> $(PWD)/gotd.conf
102 	@echo "}" >> $(PWD)/gotd.conf
103 	@$(GOTD_TRAP); $(GOTD_START_CMD)
104 	@$(GOTD_TRAP); sleep .5
105 
106 # $GOTD_DEVUSER should not equal $GOTD_USER
107 start_gotd_ro_bad_user: ensure_root
108 	@echo 'listen on "$(GOTD_SOCK)"' > $(PWD)/gotd.conf
109 	@echo "user $(GOTD_USER)" >> $(PWD)/gotd.conf
110 	@echo 'repository "test-repo" {' >> $(PWD)/gotd.conf
111 	@echo '    path "$(GOTD_TEST_REPO)"' >> $(PWD)/gotd.conf
112 	@echo '    permit ro $(GOTD_USER)' >> $(PWD)/gotd.conf
113 	@echo "}" >> $(PWD)/gotd.conf
114 	@$(GOTD_TRAP); $(GOTD_START_CMD)
115 	@$(GOTD_TRAP); sleep .5
116 
117 # $GOTD_DEVUSER should not be in group wheel
118 start_gotd_ro_bad_group: ensure_root
119 	@echo 'listen on "$(GOTD_SOCK)"' > $(PWD)/gotd.conf
120 	@echo "user $(GOTD_USER)" >> $(PWD)/gotd.conf
121 	@echo 'repository "test-repo" {' >> $(PWD)/gotd.conf
122 	@echo '    path "$(GOTD_TEST_REPO)"' >> $(PWD)/gotd.conf
123 	@echo '    permit ro :wheel' >> $(PWD)/gotd.conf
124 	@echo "}" >> $(PWD)/gotd.conf
125 	@$(GOTD_TRAP); $(GOTD_START_CMD)
126 	@$(GOTD_TRAP); sleep .5
127 
128 start_gotd_rw: ensure_root
129 	@echo 'listen on "$(GOTD_SOCK)"' > $(PWD)/gotd.conf
130 	@echo "user $(GOTD_USER)" >> $(PWD)/gotd.conf
131 	@echo 'repository "test-repo" {' >> $(PWD)/gotd.conf
132 	@echo '    path "$(GOTD_TEST_REPO)"' >> $(PWD)/gotd.conf
133 	@echo '    permit rw $(GOTD_DEVUSER)' >> $(PWD)/gotd.conf
134 	@echo "}" >> $(PWD)/gotd.conf
135 	@$(GOTD_TRAP); $(GOTD_START_CMD)
136 	@$(GOTD_TRAP); sleep .5
137 
138 start_gotd_rw_protected: ensure_root
139 	@echo 'listen on "$(GOTD_SOCK)"' > $(PWD)/gotd.conf
140 	@echo "user $(GOTD_USER)" >> $(PWD)/gotd.conf
141 	@echo 'repository "test-repo" {' >> $(PWD)/gotd.conf
142 	@echo '    path "$(GOTD_TEST_REPO)"' >> $(PWD)/gotd.conf
143 	@echo '    permit rw $(GOTD_DEVUSER)' >> $(PWD)/gotd.conf
144 	@echo '    protect branch "foo"' >> $(PWD)/gotd.conf
145 	@echo '    protect tag namespace "refs/tags/"' >> $(PWD)/gotd.conf
146 	@echo '    protect branch "refs/heads/main"' >> $(PWD)/gotd.conf
147 	@echo "}" >> $(PWD)/gotd.conf
148 	@$(GOTD_TRAP); $(GOTD_START_CMD)
149 	@$(GOTD_TRAP); sleep .5
150 
151 prepare_test_repo: ensure_root
152 	@chown ${GOTD_USER} "${GOTD_TEST_REPO}"
153 	@su -m ${GOTD_USER} -c 'env $(GOTD_TEST_ENV) sh ./prepare_test_repo.sh'
154 
155 prepare_test_repo_empty: ensure_root
156 	@chown ${GOTD_USER} "${GOTD_TEST_REPO}"
157 	@su -m ${GOTD_USER} -c 'env $(GOTD_TEST_ENV) sh ./prepare_test_repo.sh 1'
158 
159 test_repo_read: prepare_test_repo start_gotd_ro
160 	@-$(GOTD_TRAP); su ${GOTD_TEST_USER} -c \
161 		'env $(GOTD_TEST_ENV) sh ./repo_read.sh'
162 	@$(GOTD_STOP_CMD) 2>/dev/null
163 	@su -m ${GOTD_USER} -c 'env $(GOTD_TEST_ENV) sh ./check_test_repo.sh'
164 
165 test_repo_read_group: prepare_test_repo start_gotd_ro_group
166 	@-$(GOTD_TRAP); su ${GOTD_TEST_USER} -c \
167 		'env $(GOTD_TEST_ENV) sh ./repo_read.sh'
168 	@$(GOTD_STOP_CMD) 2>/dev/null
169 	@su -m ${GOTD_USER} -c 'env $(GOTD_TEST_ENV) sh ./check_test_repo.sh'
170 
171 test_repo_read_denied_user: prepare_test_repo start_gotd_ro_denied_user
172 	@-$(GOTD_TRAP); su ${GOTD_TEST_USER} -c \
173 		'env $(GOTD_TEST_ENV) sh ./repo_read_access_denied.sh'
174 	@$(GOTD_STOP_CMD) 2>/dev/null
175 	@su -m ${GOTD_USER} -c 'env $(GOTD_TEST_ENV) sh ./check_test_repo.sh'
176 
177 test_repo_read_denied_group: prepare_test_repo start_gotd_ro_denied_group
178 	@-$(GOTD_TRAP); su ${GOTD_TEST_USER} -c \
179 		'env $(GOTD_TEST_ENV) sh ./repo_read_access_denied.sh'
180 	@$(GOTD_STOP_CMD) 2>/dev/null
181 	@su -m ${GOTD_USER} -c 'env $(GOTD_TEST_ENV) sh ./check_test_repo.sh'
182 
183 test_repo_read_bad_user: prepare_test_repo start_gotd_ro_bad_user
184 	@-$(GOTD_TRAP); su ${GOTD_TEST_USER} -c \
185 		'env $(GOTD_TEST_ENV) sh ./repo_read_access_denied.sh'
186 	@$(GOTD_STOP_CMD) 2>/dev/null
187 	@su -m ${GOTD_USER} -c 'env $(GOTD_TEST_ENV) sh ./check_test_repo.sh'
188 
189 test_repo_read_bad_group: prepare_test_repo start_gotd_ro_bad_group
190 	@-$(GOTD_TRAP); su ${GOTD_TEST_USER} -c \
191 		'env $(GOTD_TEST_ENV) sh ./repo_read_access_denied.sh'
192 	@$(GOTD_STOP_CMD) 2>/dev/null
193 	@su -m ${GOTD_USER} -c 'env $(GOTD_TEST_ENV) sh ./check_test_repo.sh'
194 
195 test_repo_write: prepare_test_repo start_gotd_rw
196 	@-$(GOTD_TRAP); su ${GOTD_TEST_USER} -c \
197 		'env $(GOTD_TEST_ENV) sh ./repo_write.sh'
198 	@$(GOTD_STOP_CMD) 2>/dev/null
199 	@su -m ${GOTD_USER} -c 'env $(GOTD_TEST_ENV) sh ./check_test_repo.sh'
200 
201 test_repo_write_empty: prepare_test_repo_empty start_gotd_rw
202 	@-$(GOTD_TRAP); su ${GOTD_TEST_USER} -c \
203 		'env $(GOTD_TEST_ENV) sh ./repo_write_empty.sh'
204 	@$(GOTD_STOP_CMD) 2>/dev/null
205 	@su -m ${GOTD_USER} -c 'env $(GOTD_TEST_ENV) sh ./check_test_repo.sh'
206 
207 test_repo_write_protected: prepare_test_repo start_gotd_rw_protected
208 	@-$(GOTD_TRAP); su ${GOTD_TEST_USER} -c \
209 		'env $(GOTD_TEST_ENV) sh ./repo_write_protected.sh'
210 	@$(GOTD_STOP_CMD) 2>/dev/null
211 	@su -m ${GOTD_USER} -c 'env $(GOTD_TEST_ENV) sh ./check_test_repo.sh'
212 	
213 test_request_bad: prepare_test_repo_empty start_gotd_ro
214 	@-$(GOTD_TRAP); su -m ${GOTD_TEST_USER} -c \
215 		'env $(GOTD_TEST_ENV) sh ./request_bad.sh'
216 	@$(GOTD_STOP_CMD) 2>/dev/null
217 
218 .include <bsd.regress.mk>