initial buildroot for linux 5.15
This commit is contained in:
@@ -0,0 +1 @@
|
||||
source "$BR2_EXTERNAL_DETECT_BAD_ARCH_PATH/package/detect-bad-arch/Config.in"
|
||||
@@ -0,0 +1 @@
|
||||
name: DETECT_BAD_ARCH
|
||||
@@ -0,0 +1 @@
|
||||
include $(sort $(wildcard $(BR2_EXTERNAL_DETECT_BAD_ARCH_PATH)/package/*/*.mk))
|
||||
+4
@@ -0,0 +1,4 @@
|
||||
config BR2_PACKAGE_DETECT_BAD_ARCH
|
||||
bool
|
||||
default y
|
||||
|
||||
+15
@@ -0,0 +1,15 @@
|
||||
################################################################################
|
||||
#
|
||||
# detect-bad-arch
|
||||
#
|
||||
################################################################################
|
||||
|
||||
define DETECT_BAD_ARCH_BUILD_CMDS
|
||||
echo "int main(void) { return 0; }" | $(HOSTCC) -x c -o $(@D)/foo -
|
||||
endef
|
||||
|
||||
define DETECT_BAD_ARCH_INSTALL_TARGET_CMDS
|
||||
$(INSTALL) -D -m 0755 $(@D)/foo $(TARGET_DIR)/usr/bin/foo
|
||||
endef
|
||||
|
||||
$(eval $(generic-package))
|
||||
@@ -0,0 +1 @@
|
||||
name: CPE_ID
|
||||
@@ -0,0 +1 @@
|
||||
include $(sort $(wildcard $(BR2_EXTERNAL_CPE_ID_PATH)/package/*/*.mk))
|
||||
@@ -0,0 +1,4 @@
|
||||
CPE_ID_PKG1_VERSION = 42
|
||||
|
||||
$(eval $(generic-package))
|
||||
$(eval $(host-generic-package))
|
||||
@@ -0,0 +1,3 @@
|
||||
CPE_ID_PKG2_VERSION = 67
|
||||
|
||||
$(eval $(host-generic-package))
|
||||
@@ -0,0 +1,5 @@
|
||||
CPE_ID_PKG3_VERSION = 67
|
||||
CPE_ID_PKG3_CPE_ID_VENDOR = cpe-id-pkg3_project
|
||||
|
||||
$(eval $(generic-package))
|
||||
$(eval $(host-generic-package))
|
||||
@@ -0,0 +1,9 @@
|
||||
CPE_ID_PKG4_VERSION = 67
|
||||
CPE_ID_PKG4_CPE_ID_VENDOR = foo
|
||||
CPE_ID_PKG4_CPE_ID_PRODUCT = bar
|
||||
CPE_ID_PKG4_CPE_ID_VERSION = 42
|
||||
CPE_ID_PKG4_CPE_ID_UPDATE = b2
|
||||
CPE_ID_PKG4_CPE_ID_PREFIX = cpe:2.4:a
|
||||
|
||||
$(eval $(generic-package))
|
||||
$(eval $(host-generic-package))
|
||||
@@ -0,0 +1,16 @@
|
||||
CPE_ID_PKG5_VERSION = 57
|
||||
|
||||
CPE_ID_PKG5_CPE_ID_VENDOR = foo
|
||||
CPE_ID_PKG5_CPE_ID_PRODUCT = bar
|
||||
CPE_ID_PKG5_CPE_ID_VERSION = 42
|
||||
CPE_ID_PKG5_CPE_ID_UPDATE = b2
|
||||
CPE_ID_PKG5_CPE_ID_PREFIX = cpe:2.4:a
|
||||
|
||||
HOST_CPE_ID_PKG5_CPE_ID_VENDOR = baz
|
||||
HOST_CPE_ID_PKG5_CPE_ID_PRODUCT = fuz
|
||||
HOST_CPE_ID_PKG5_CPE_ID_VERSION = 43
|
||||
HOST_CPE_ID_PKG5_CPE_ID_UPDATE = b3
|
||||
HOST_CPE_ID_PKG5_CPE_ID_PREFIX = cpe:2.5:a
|
||||
|
||||
$(eval $(generic-package))
|
||||
$(eval $(host-generic-package))
|
||||
@@ -0,0 +1,7 @@
|
||||
# <name> <type> <mode> <uid> <gid> <major> <minor> <start> <inc> <count>
|
||||
/usr/sbin/getcap f 755 0 0 - - - - -
|
||||
|xattr cap_sys_nice+eip
|
||||
# leading spaces are ignored for xattr
|
||||
|xattr cap_kill+eip
|
||||
# leading tabs are ignored for xattr
|
||||
|xattr cap_sys_time+eip
|
||||
Executable
+12
@@ -0,0 +1,12 @@
|
||||
#!/bin/sh
|
||||
(
|
||||
printf "arg1,%s\n" "${1}"
|
||||
printf "arg2,%s\n" "${2}"
|
||||
printf "arg3,%s\n" "${3}"
|
||||
printf "TARGET_DIR,%s\n" "${TARGET_DIR}"
|
||||
printf "BUILD_DIR,%s\n" "${BUILD_DIR}"
|
||||
printf "HOST_DIR,%s\n" "${HOST_DIR}"
|
||||
printf "STAGING_DIR,%s\n" "${STAGING_DIR}"
|
||||
printf "BINARIES_DIR,%s\n" "${BINARIES_DIR}"
|
||||
printf "BR2_CONFIG,%s\n" "${BR2_CONFIG}"
|
||||
) > ${BUILD_DIR}/$(basename "${0}" .sh).log
|
||||
@@ -0,0 +1 @@
|
||||
post-build.sh
|
||||
@@ -0,0 +1 @@
|
||||
post-build.sh
|
||||
@@ -0,0 +1 @@
|
||||
foobar
|
||||
@@ -0,0 +1 @@
|
||||
barfoo
|
||||
@@ -0,0 +1 @@
|
||||
CONFIG_SQUASHFS_XATTR=y
|
||||
@@ -0,0 +1,18 @@
|
||||
import infra
|
||||
import infra.basetest
|
||||
|
||||
|
||||
class DetectBadArchTest(infra.basetest.BRConfigTest):
|
||||
config = infra.basetest.BASIC_TOOLCHAIN_CONFIG + infra.basetest.MINIMAL_CONFIG
|
||||
br2_external = [infra.filepath("tests/core/br2-external/detect-bad-arch")]
|
||||
|
||||
def test_run(self):
|
||||
with self.assertRaises(SystemError):
|
||||
self.b.build()
|
||||
logf_path = infra.log_file_path(self.b.builddir, "build",
|
||||
infra.basetest.BRConfigTest.logtofile)
|
||||
if logf_path:
|
||||
s = 'ERROR: architecture for "/usr/bin/foo" is'
|
||||
with open(logf_path, "r") as f:
|
||||
lines = [line for line in f.readlines() if line.startswith(s)]
|
||||
self.assertEqual(len(lines), 1)
|
||||
@@ -0,0 +1,110 @@
|
||||
import infra
|
||||
import subprocess
|
||||
import json
|
||||
|
||||
|
||||
class CpeIdTest(infra.basetest.BRConfigTest):
|
||||
config = ""
|
||||
br2_external = [infra.filepath("tests/core/cpeid-br2-external")]
|
||||
|
||||
def get_vars(self, var):
|
||||
cmd = ["make", "--no-print-directory", "-C", self.b.builddir,
|
||||
"VARS=%s%%" % var, "printvars"]
|
||||
lines = subprocess.check_output(cmd).splitlines()
|
||||
return dict([str(x, "utf-8").split("=") for x in lines])
|
||||
|
||||
def get_json(self, pkg):
|
||||
cmd = ["make", "--no-print-directory", "-C", self.b.builddir,
|
||||
"%s-show-info" % pkg]
|
||||
return json.loads(subprocess.check_output(cmd))
|
||||
|
||||
def test_pkg1(self):
|
||||
# this package has no CPE ID information, it should not have
|
||||
# any CPE_ID variable defined.
|
||||
pkg_vars = self.get_vars("CPE_ID_PKG1_CPE_ID")
|
||||
cpe_vars = ["CPE_ID_VALID", "CPE_ID_PRODUCT", "CPE_ID_VERSION", "CPE_ID_UPDATE",
|
||||
"CPE_ID_PREFIX", "CPE_ID"]
|
||||
for v in cpe_vars:
|
||||
self.assertNotIn("CPE_ID_PKG1_%s" % v, pkg_vars)
|
||||
pkg_json = self.get_json("cpe-id-pkg1")
|
||||
self.assertNotIn("cpe-id", pkg_json['cpe-id-pkg1'])
|
||||
|
||||
pkg_vars = self.get_vars("HOST_CPE_ID_PKG1_CPE_ID")
|
||||
for v in cpe_vars:
|
||||
self.assertNotIn("HOST_CPE_ID_PKG1_%s" % v, pkg_vars)
|
||||
pkg_json = self.get_json("host-cpe-id-pkg1")
|
||||
self.assertNotIn("cpe-id", pkg_json['host-cpe-id-pkg1'])
|
||||
|
||||
def test_pkg2(self):
|
||||
# this package has no CPE ID information, it should not have
|
||||
# any CPE_ID variable defined.
|
||||
pkg_vars = self.get_vars("HOST_CPE_ID_PKG2_CPE_ID")
|
||||
cpe_vars = ["CPE_ID_VALID", "CPE_ID_PRODUCT", "CPE_ID_VERSION", "CPE_ID_UPDATE",
|
||||
"CPE_ID_PREFIX", "CPE_ID"]
|
||||
for v in cpe_vars:
|
||||
self.assertNotIn("HOST_CPE_ID_PKG2_%s" % v, pkg_vars)
|
||||
pkg_json = self.get_json("host-cpe-id-pkg2")
|
||||
self.assertNotIn("cpe-id", pkg_json['host-cpe-id-pkg2'])
|
||||
|
||||
def test_pkg3(self):
|
||||
# this package has just <pkg>_CPE_ID_VENDOR defined, so verify
|
||||
# it has the default CPE_ID value, and that inheritance of the
|
||||
# values for the host package is working
|
||||
pkg_vars = self.get_vars("CPE_ID_PKG3_CPE_ID")
|
||||
self.assertEqual(pkg_vars["CPE_ID_PKG3_CPE_ID"],
|
||||
"cpe:2.3:a:cpe-id-pkg3_project:cpe-id-pkg3:67:*:*:*:*:*:*:*")
|
||||
self.assertEqual(pkg_vars["CPE_ID_PKG3_CPE_ID_VALID"], "YES")
|
||||
pkg_json = self.get_json("cpe-id-pkg3")
|
||||
self.assertEqual(pkg_json['cpe-id-pkg3']['cpe-id'],
|
||||
"cpe:2.3:a:cpe-id-pkg3_project:cpe-id-pkg3:67:*:*:*:*:*:*:*")
|
||||
|
||||
pkg_vars = self.get_vars("HOST_CPE_ID_PKG3_CPE_ID")
|
||||
self.assertEqual(pkg_vars["HOST_CPE_ID_PKG3_CPE_ID"],
|
||||
"cpe:2.3:a:cpe-id-pkg3_project:cpe-id-pkg3:67:*:*:*:*:*:*:*")
|
||||
self.assertEqual(pkg_vars["HOST_CPE_ID_PKG3_CPE_ID_VALID"], "YES")
|
||||
pkg_json = self.get_json("host-cpe-id-pkg3")
|
||||
self.assertEqual(pkg_json['host-cpe-id-pkg3']['cpe-id'],
|
||||
"cpe:2.3:a:cpe-id-pkg3_project:cpe-id-pkg3:67:*:*:*:*:*:*:*")
|
||||
|
||||
def test_pkg4(self):
|
||||
# this package defines
|
||||
# <pkg>_CPE_ID_{VENDOR,PRODUCT,VERSION,UPDATE,PREFIX},
|
||||
# make sure we get the computed <pkg>_CPE_ID, and that it is
|
||||
# inherited by the host variant
|
||||
pkg_vars = self.get_vars("CPE_ID_PKG4_CPE_ID")
|
||||
self.assertEqual(pkg_vars["CPE_ID_PKG4_CPE_ID"],
|
||||
"cpe:2.4:a:foo:bar:42:b2:*:*:*:*:*:*")
|
||||
self.assertEqual(pkg_vars["CPE_ID_PKG4_CPE_ID_VALID"], "YES")
|
||||
pkg_json = self.get_json("cpe-id-pkg4")
|
||||
self.assertEqual(pkg_json['cpe-id-pkg4']['cpe-id'],
|
||||
"cpe:2.4:a:foo:bar:42:b2:*:*:*:*:*:*")
|
||||
|
||||
pkg_vars = self.get_vars("HOST_CPE_ID_PKG4_CPE_ID")
|
||||
self.assertEqual(pkg_vars["HOST_CPE_ID_PKG4_CPE_ID"],
|
||||
"cpe:2.4:a:foo:bar:42:b2:*:*:*:*:*:*")
|
||||
self.assertEqual(pkg_vars["HOST_CPE_ID_PKG4_CPE_ID_VALID"], "YES")
|
||||
pkg_json = self.get_json("host-cpe-id-pkg4")
|
||||
self.assertEqual(pkg_json['host-cpe-id-pkg4']['cpe-id'],
|
||||
"cpe:2.4:a:foo:bar:42:b2:*:*:*:*:*:*")
|
||||
|
||||
def test_pkg5(self):
|
||||
# this package defines
|
||||
# <pkg>_CPE_ID_{VENDOR,PRODUCT,VERSION,UPDATE,PREFIX} and
|
||||
# HOST_<pkg>_CPE_ID_{VENDOR,PRODUCT,VERSION,UPDATE,PREFIX}
|
||||
# separately, with different values. Make sure we get the
|
||||
# right <pkg>_CPE_ID and HOST_<pkg>_CPE_ID values.
|
||||
pkg_vars = self.get_vars("CPE_ID_PKG5_CPE_ID")
|
||||
self.assertEqual(pkg_vars["CPE_ID_PKG5_CPE_ID"],
|
||||
"cpe:2.4:a:foo:bar:42:b2:*:*:*:*:*:*")
|
||||
self.assertEqual(pkg_vars["CPE_ID_PKG5_CPE_ID_VALID"], "YES")
|
||||
pkg_json = self.get_json("cpe-id-pkg5")
|
||||
self.assertEqual(pkg_json['cpe-id-pkg5']['cpe-id'],
|
||||
"cpe:2.4:a:foo:bar:42:b2:*:*:*:*:*:*")
|
||||
|
||||
pkg_vars = self.get_vars("HOST_CPE_ID_PKG5_CPE_ID")
|
||||
self.assertEqual(pkg_vars["HOST_CPE_ID_PKG5_CPE_ID"],
|
||||
"cpe:2.5:a:baz:fuz:43:b3:*:*:*:*:*:*")
|
||||
self.assertEqual(pkg_vars["HOST_CPE_ID_PKG5_CPE_ID_VALID"], "YES")
|
||||
pkg_json = self.get_json("host-cpe-id-pkg5")
|
||||
self.assertEqual(pkg_json['host-cpe-id-pkg5']['cpe-id'],
|
||||
"cpe:2.5:a:baz:fuz:43:b3:*:*:*:*:*:*")
|
||||
@@ -0,0 +1,46 @@
|
||||
import os
|
||||
|
||||
import infra.basetest
|
||||
|
||||
|
||||
class TestFileCapabilities(infra.basetest.BRTest):
|
||||
config = \
|
||||
"""
|
||||
BR2_arm=y
|
||||
BR2_TOOLCHAIN_EXTERNAL=y
|
||||
BR2_ROOTFS_DEVICE_TABLE="system/device_table.txt {}"
|
||||
BR2_ROOTFS_DEVICE_TABLE_SUPPORTS_EXTENDED_ATTRIBUTES=y
|
||||
BR2_TARGET_GENERIC_GETTY_PORT="ttyAMA0"
|
||||
BR2_LINUX_KERNEL=y
|
||||
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
|
||||
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.204"
|
||||
BR2_LINUX_KERNEL_DEFCONFIG="vexpress"
|
||||
BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="{}"
|
||||
BR2_LINUX_KERNEL_DTS_SUPPORT=y
|
||||
BR2_LINUX_KERNEL_INTREE_DTS_NAME="vexpress-v2p-ca9"
|
||||
BR2_PACKAGE_LIBCAP=y
|
||||
BR2_PACKAGE_LIBCAP_TOOLS=y
|
||||
BR2_TARGET_ROOTFS_SQUASHFS=y
|
||||
# BR2_TARGET_ROOTFS_TAR is not set
|
||||
""".format(infra.filepath("tests/core/device_table2.txt"),
|
||||
infra.filepath("tests/core/squashfs-xattr-kernel.config"))
|
||||
|
||||
def test_run(self):
|
||||
img = os.path.join(self.builddir, "images", "rootfs.squashfs")
|
||||
infra.img_round_power2(img)
|
||||
|
||||
self.emulator.boot(arch="armv7",
|
||||
kernel=os.path.join(self.builddir, "images", "zImage"),
|
||||
kernel_cmdline=["root=/dev/mmcblk0",
|
||||
"rootfstype=squashfs"],
|
||||
options=["-drive", "file={},if=sd,format=raw".format(img),
|
||||
"-M", "vexpress-a9",
|
||||
"-dtb", os.path.join(self.builddir, "images", "vexpress-v2p-ca9.dtb")])
|
||||
self.emulator.login()
|
||||
|
||||
cmd = "getcap -v /usr/sbin/getcap"
|
||||
output, _ = self.emulator.run(cmd)
|
||||
self.assertIn("cap_kill", output[0])
|
||||
self.assertIn("cap_sys_nice", output[0])
|
||||
self.assertIn("cap_sys_time", output[0])
|
||||
self.assertIn("=eip", output[0])
|
||||
@@ -0,0 +1,115 @@
|
||||
import os
|
||||
import json
|
||||
|
||||
import infra.basetest
|
||||
|
||||
|
||||
class TestHardeningBase(infra.basetest.BRTest):
|
||||
config = \
|
||||
"""
|
||||
BR2_powerpc64=y
|
||||
BR2_powerpc_e5500=y
|
||||
BR2_TOOLCHAIN_EXTERNAL=y
|
||||
BR2_TOOLCHAIN_EXTERNAL_CUSTOM=y
|
||||
BR2_TOOLCHAIN_EXTERNAL_DOWNLOAD=y
|
||||
BR2_TOOLCHAIN_EXTERNAL_URL="https://toolchains.bootlin.com/downloads/releases/toolchains/powerpc64-e5500/tarballs/powerpc64-e5500--glibc--stable-2018.02-2.tar.bz2"
|
||||
BR2_TOOLCHAIN_EXTERNAL_GCC_6=y
|
||||
BR2_TOOLCHAIN_EXTERNAL_HEADERS_4_1=y
|
||||
BR2_TOOLCHAIN_EXTERNAL_CUSTOM_GLIBC=y
|
||||
BR2_TOOLCHAIN_EXTERNAL_CXX=y
|
||||
BR2_PACKAGE_LIGHTTPD=y
|
||||
BR2_PACKAGE_HOST_CHECKSEC=y
|
||||
# BR2_TARGET_ROOTFS_TAR is not set
|
||||
"""
|
||||
|
||||
checksec_files = ["usr/sbin/lighttpd", "bin/busybox"]
|
||||
|
||||
def checksec_run(self, target_file):
|
||||
filepath = os.path.join(self.builddir, "target", target_file)
|
||||
cmd = ["host/bin/checksec", "--format=json",
|
||||
"--file={}".format(filepath)]
|
||||
# Checksec is being used for elf file analysis only. There are no
|
||||
# assumptions of target/run-time checks as part of this testing.
|
||||
ret = infra.run_cmd_on_host(self.builddir, cmd)
|
||||
return json.loads(ret)
|
||||
|
||||
|
||||
class TestRelro(TestHardeningBase):
|
||||
config = TestHardeningBase.config + \
|
||||
"""
|
||||
BR2_RELRO_FULL=y
|
||||
"""
|
||||
|
||||
def test_run(self):
|
||||
for f in self.checksec_files:
|
||||
out = self.checksec_run(f)
|
||||
filepath = os.path.join(self.builddir, "target", f)
|
||||
self.assertEqual(out[filepath]["relro"], "full")
|
||||
self.assertEqual(out[filepath]["pie"], "yes")
|
||||
|
||||
|
||||
class TestRelroPartial(TestHardeningBase):
|
||||
config = TestHardeningBase.config + \
|
||||
"""
|
||||
BR2_RELRO_PARTIAL=y
|
||||
# BR2_PIC_PIE is not set
|
||||
"""
|
||||
|
||||
def test_run(self):
|
||||
for f in self.checksec_files:
|
||||
out = self.checksec_run(f)
|
||||
filepath = os.path.join(self.builddir, "target", f)
|
||||
self.assertEqual(out[filepath]["relro"], "partial")
|
||||
self.assertEqual(out[filepath]["pie"], "no")
|
||||
|
||||
|
||||
class TestSspNone(TestHardeningBase):
|
||||
config = TestHardeningBase.config + \
|
||||
"""
|
||||
BR2_SSP_NONE=y
|
||||
"""
|
||||
|
||||
def test_run(self):
|
||||
for f in self.checksec_files:
|
||||
out = self.checksec_run(f)
|
||||
filepath = os.path.join(self.builddir, "target", f)
|
||||
self.assertEqual(out[filepath]["canary"], "no")
|
||||
|
||||
|
||||
class TestSspStrong(TestHardeningBase):
|
||||
config = TestHardeningBase.config + \
|
||||
"""
|
||||
BR2_SSP_STRONG=y
|
||||
"""
|
||||
|
||||
def test_run(self):
|
||||
for f in self.checksec_files:
|
||||
out = self.checksec_run(f)
|
||||
filepath = os.path.join(self.builddir, "target", f)
|
||||
self.assertEqual(out[filepath]["canary"], "yes")
|
||||
|
||||
|
||||
class TestFortifyNone(TestHardeningBase):
|
||||
config = TestHardeningBase.config + \
|
||||
"""
|
||||
BR2_FORTIFY_SOURCE_NONE=y
|
||||
"""
|
||||
|
||||
def test_run(self):
|
||||
for f in self.checksec_files:
|
||||
out = self.checksec_run(f)
|
||||
filepath = os.path.join(self.builddir, "target", f)
|
||||
self.assertEqual(out[filepath]["fortified"], "0")
|
||||
|
||||
|
||||
class TestFortifyConserv(TestHardeningBase):
|
||||
config = TestHardeningBase.config + \
|
||||
"""
|
||||
BR2_FORTIFY_SOURCE_1=y
|
||||
"""
|
||||
|
||||
def test_run(self):
|
||||
for f in self.checksec_files:
|
||||
out = self.checksec_run(f)
|
||||
filepath = os.path.join(self.builddir, "target", f)
|
||||
self.assertNotEqual(out[filepath]["fortified"], "0")
|
||||
@@ -0,0 +1,48 @@
|
||||
import os
|
||||
import csv
|
||||
|
||||
import infra.basetest
|
||||
|
||||
|
||||
class TestPostScripts(infra.basetest.BRTest):
|
||||
config = infra.basetest.BASIC_TOOLCHAIN_CONFIG + \
|
||||
"""
|
||||
BR2_INIT_NONE=y
|
||||
BR2_SYSTEM_BIN_SH_NONE=y
|
||||
# BR2_PACKAGE_BUSYBOX is not set
|
||||
BR2_ROOTFS_POST_BUILD_SCRIPT="{}"
|
||||
BR2_ROOTFS_POST_FAKEROOT_SCRIPT="{}"
|
||||
BR2_ROOTFS_POST_IMAGE_SCRIPT="{}"
|
||||
BR2_ROOTFS_POST_SCRIPT_ARGS="foobar baz"
|
||||
""".format(infra.filepath("tests/core/post-build.sh"),
|
||||
infra.filepath("tests/core/post-fakeroot.sh"),
|
||||
infra.filepath("tests/core/post-image.sh"))
|
||||
|
||||
def check_post_log_file(self, f, what, target_dir):
|
||||
lines = {}
|
||||
with open(os.path.join(self.builddir, "build", f), newline='') as csvfile:
|
||||
r = csv.reader(csvfile, delimiter=',')
|
||||
for row in r:
|
||||
lines[row[0]] = row[1]
|
||||
|
||||
self.assertEqual(lines["arg1"], what)
|
||||
self.assertEqual(lines["arg2"], "foobar")
|
||||
self.assertEqual(lines["arg3"], "baz")
|
||||
self.assertEqual(lines["TARGET_DIR"], target_dir)
|
||||
self.assertEqual(lines["BUILD_DIR"], os.path.join(self.builddir, "build"))
|
||||
self.assertEqual(lines["HOST_DIR"], os.path.join(self.builddir, "host"))
|
||||
staging = os.readlink(os.path.join(self.builddir, "staging"))
|
||||
self.assertEqual(lines["STAGING_DIR"], staging)
|
||||
self.assertEqual(lines["BINARIES_DIR"], os.path.join(self.builddir, "images"))
|
||||
self.assertEqual(lines["BR2_CONFIG"], os.path.join(self.builddir, ".config"))
|
||||
|
||||
def test_run(self):
|
||||
self.check_post_log_file("post-build.log",
|
||||
os.path.join(self.builddir, "target"),
|
||||
os.path.join(self.builddir, "target"))
|
||||
self.check_post_log_file("post-fakeroot.log",
|
||||
os.path.join(self.builddir, "build/buildroot-fs/tar/target"),
|
||||
os.path.join(self.builddir, "build/buildroot-fs/tar/target"))
|
||||
self.check_post_log_file("post-image.log",
|
||||
os.path.join(self.builddir, "images"),
|
||||
os.path.join(self.builddir, "target"))
|
||||
@@ -0,0 +1,36 @@
|
||||
import os
|
||||
import infra.basetest
|
||||
from crypt import crypt
|
||||
|
||||
|
||||
class TestRootPassword(infra.basetest.BRTest):
|
||||
password = "foo"
|
||||
config = infra.basetest.BASIC_TOOLCHAIN_CONFIG + \
|
||||
"""
|
||||
BR2_TARGET_ROOTFS_CPIO=y
|
||||
BR2_TARGET_ENABLE_ROOT_LOGIN=y
|
||||
BR2_TARGET_GENERIC_ROOT_PASSWD="{}"
|
||||
""".format(password)
|
||||
|
||||
def test_run(self):
|
||||
# 1. Test by looking hash in the /etc/shadow
|
||||
shadow = os.path.join(self.builddir, "target", "etc", "shadow")
|
||||
with open(shadow, "r") as f:
|
||||
users = f.readlines()
|
||||
for user in users:
|
||||
s = user.split(":")
|
||||
n, h = s[0], s[1]
|
||||
if n == "root":
|
||||
# Fail if the account is disabled or no password is required
|
||||
self.assertTrue(h not in ["", "*"])
|
||||
# Fail if the hash isn't right
|
||||
self.assertEqual(crypt(self.password, h), h)
|
||||
|
||||
# 2. Test by attempting to login
|
||||
cpio_file = os.path.join(self.builddir, "images", "rootfs.cpio")
|
||||
try:
|
||||
self.emulator.boot(arch="armv7", kernel="builtin",
|
||||
options=["-initrd", cpio_file])
|
||||
self.emulator.login(self.password)
|
||||
except SystemError:
|
||||
self.fail("Unable to login with the password")
|
||||
@@ -0,0 +1,30 @@
|
||||
import os
|
||||
import subprocess
|
||||
|
||||
import infra.basetest
|
||||
|
||||
|
||||
def compare_file(file1, file2):
|
||||
return subprocess.call(["cmp", file1, file2])
|
||||
|
||||
|
||||
class TestRootfsOverlay(infra.basetest.BRTest):
|
||||
|
||||
rootfs_overlay_path = infra.filepath("tests/core/rootfs-overlay")
|
||||
|
||||
config = infra.basetest.BASIC_TOOLCHAIN_CONFIG + \
|
||||
infra.basetest.MINIMAL_CONFIG + \
|
||||
"""
|
||||
BR2_ROOTFS_OVERLAY="{0}1 {0}2"
|
||||
""".format(rootfs_overlay_path)
|
||||
|
||||
def test_run(self):
|
||||
target_file = os.path.join(self.builddir, "target", "test-file1")
|
||||
overlay_file = "{}1/test-file1".format(self.rootfs_overlay_path)
|
||||
ret = compare_file(overlay_file, target_file)
|
||||
self.assertEqual(ret, 0)
|
||||
|
||||
target_file = os.path.join(self.builddir, "target", "etc", "test-file2")
|
||||
overlay_file = "{}2/etc/test-file2".format(self.rootfs_overlay_path)
|
||||
ret = compare_file(overlay_file, target_file)
|
||||
self.assertEqual(ret, 0)
|
||||
@@ -0,0 +1,86 @@
|
||||
import os
|
||||
|
||||
import infra.basetest
|
||||
|
||||
|
||||
class TestSELinuxInfra(infra.basetest.BRTest):
|
||||
config = infra.basetest.BASIC_TOOLCHAIN_CONFIG +\
|
||||
"""
|
||||
BR2_PACKAGE_REFPOLICY=y
|
||||
BR2_PACKAGE_PYTHON3=y
|
||||
BR2_PACKAGE_SETOOLS=y
|
||||
BR2_TARGET_ROOTFS_CPIO=y
|
||||
"""
|
||||
|
||||
def base_test_run(self):
|
||||
cpio_file = os.path.join(self.builddir, "images", "rootfs.cpio")
|
||||
self.emulator.boot(arch="armv5", kernel="builtin",
|
||||
options=["-initrd", cpio_file])
|
||||
self.emulator.login()
|
||||
|
||||
|
||||
class TestSELinuxExtraModules(TestSELinuxInfra):
|
||||
config = TestSELinuxInfra.config + \
|
||||
"""
|
||||
BR2_REFPOLICY_EXTRA_MODULES="ntp tor"
|
||||
"""
|
||||
|
||||
def test_run(self):
|
||||
TestSELinuxInfra.base_test_run(self)
|
||||
|
||||
out, ret = self.emulator.run("seinfo -t ntpd_t", 15)
|
||||
self.assertEqual(ret, 0)
|
||||
self.assertEqual(out[2].strip(), "ntpd_t")
|
||||
|
||||
out, ret = self.emulator.run("seinfo -t tor_t", 15)
|
||||
self.assertEqual(ret, 0)
|
||||
self.assertEqual(out[2].strip(), "tor_t")
|
||||
|
||||
|
||||
class TestSELinuxExtraModulesDirs(TestSELinuxInfra):
|
||||
config = TestSELinuxInfra.config + \
|
||||
"""
|
||||
BR2_REFPOLICY_EXTRA_MODULES_DIRS="{}"
|
||||
""".format(infra.filepath("tests/core/test_selinux/extra_modules"))
|
||||
|
||||
def test_run(self):
|
||||
TestSELinuxInfra.base_test_run(self)
|
||||
|
||||
out, ret = self.emulator.run("seinfo -t buildroot_test_t", 15)
|
||||
self.assertEqual(ret, 0)
|
||||
self.assertEqual(out[2].strip(), "buildroot_test_t")
|
||||
|
||||
|
||||
class TestSELinuxCustomGit(TestSELinuxInfra):
|
||||
config = TestSELinuxInfra.config + \
|
||||
"""
|
||||
BR2_PACKAGE_REFPOLICY_CUSTOM_GIT=y
|
||||
BR2_PACKAGE_REFPOLICY_CUSTOM_REPO_URL="https://github.com/SELinuxProject/refpolicy.git"
|
||||
BR2_PACKAGE_REFPOLICY_CUSTOM_REPO_VERSION="RELEASE_2_20200818"
|
||||
"""
|
||||
|
||||
def test_run(self):
|
||||
pass
|
||||
|
||||
|
||||
class TestSELinuxPackage(TestSELinuxInfra):
|
||||
br2_external = [infra.filepath("tests/core/test_selinux/br2_external")]
|
||||
config = TestSELinuxInfra.config + \
|
||||
"""
|
||||
BR2_PACKAGE_SELINUX_TEST=y
|
||||
"""
|
||||
|
||||
def test_run(self):
|
||||
TestSELinuxInfra.base_test_run(self)
|
||||
|
||||
out, ret = self.emulator.run("seinfo -t ntpd_t", 15)
|
||||
self.assertEqual(ret, 0)
|
||||
self.assertEqual(out[2].strip(), "ntpd_t")
|
||||
|
||||
out, ret = self.emulator.run("seinfo -t tor_t", 15)
|
||||
self.assertEqual(ret, 0)
|
||||
self.assertEqual(out[2].strip(), "tor_t")
|
||||
|
||||
out, ret = self.emulator.run("seinfo -t buildroot_test_t", 15)
|
||||
self.assertEqual(ret, 0)
|
||||
self.assertEqual(out[2].strip(), "buildroot_test_t")
|
||||
@@ -0,0 +1 @@
|
||||
source "$BR2_EXTERNAL_SELINUX_PATH/package/selinux-test/Config.in"
|
||||
@@ -0,0 +1 @@
|
||||
name: SELINUX
|
||||
@@ -0,0 +1 @@
|
||||
include $(sort $(wildcard $(BR2_EXTERNAL_SELINUX_PATH)/package/*/*.mk))
|
||||
@@ -0,0 +1,4 @@
|
||||
config BR2_PACKAGE_SELINUX_TEST
|
||||
bool "SELinux test package"
|
||||
help
|
||||
Test package for SELinux Buildroot helpers.
|
||||
+9
@@ -0,0 +1,9 @@
|
||||
################################################################################
|
||||
#
|
||||
# SELinux test package
|
||||
#
|
||||
################################################################################
|
||||
|
||||
SELINUX_TEST_SELINUX_MODULES = ntp tor
|
||||
|
||||
$(eval $(generic-package))
|
||||
+1
@@ -0,0 +1 @@
|
||||
## <summary>Buildroot rules</summary>
|
||||
+3
@@ -0,0 +1,3 @@
|
||||
policy_module(buildroot, 1.0.0)
|
||||
|
||||
type buildroot_test_t;
|
||||
@@ -0,0 +1 @@
|
||||
## <summary>Buildroot rules</summary>
|
||||
@@ -0,0 +1,3 @@
|
||||
policy_module(buildroot, 1.0.0)
|
||||
|
||||
type buildroot_test_t;
|
||||
@@ -0,0 +1,72 @@
|
||||
import os
|
||||
|
||||
import infra.basetest
|
||||
|
||||
|
||||
def boot_armv5_cpio(emulator, builddir):
|
||||
img = os.path.join(builddir, "images", "rootfs.cpio")
|
||||
emulator.boot(arch="armv5", kernel="builtin",
|
||||
options=["-initrd", img])
|
||||
emulator.login()
|
||||
|
||||
|
||||
class TestNoTimezone(infra.basetest.BRTest):
|
||||
config = infra.basetest.BASIC_TOOLCHAIN_CONFIG + \
|
||||
"""
|
||||
# BR2_TARGET_TZ_INFO is not set
|
||||
BR2_TARGET_ROOTFS_CPIO=y
|
||||
# BR2_TARGET_ROOTFS_TAR is not set
|
||||
"""
|
||||
|
||||
def test_run(self):
|
||||
boot_armv5_cpio(self.emulator, self.builddir)
|
||||
tz, _ = self.emulator.run("TZ=UTC date +%Z")
|
||||
self.assertEqual(tz[0].strip(), "UTC")
|
||||
tz, _ = self.emulator.run("TZ=America/Los_Angeles date +%Z")
|
||||
self.assertEqual(tz[0].strip(), "UTC")
|
||||
|
||||
|
||||
class TestGlibcAllTimezone(infra.basetest.BRTest):
|
||||
config = \
|
||||
"""
|
||||
BR2_arm=y
|
||||
BR2_TOOLCHAIN_EXTERNAL=y
|
||||
BR2_TARGET_TZ_INFO=y
|
||||
BR2_TARGET_ROOTFS_CPIO=y
|
||||
# BR2_TARGET_ROOTFS_TAR is not set
|
||||
"""
|
||||
|
||||
def test_run(self):
|
||||
boot_armv5_cpio(self.emulator, self.builddir)
|
||||
tz, _ = self.emulator.run("date +%Z")
|
||||
self.assertEqual(tz[0].strip(), "UTC")
|
||||
tz, _ = self.emulator.run("TZ=UTC date +%Z")
|
||||
self.assertEqual(tz[0].strip(), "UTC")
|
||||
tz, _ = self.emulator.run("TZ=America/Los_Angeles date +%Z")
|
||||
self.assertEqual(tz[0].strip(), "PST")
|
||||
tz, _ = self.emulator.run("TZ=Europe/Paris date +%Z")
|
||||
self.assertEqual(tz[0].strip(), "CET")
|
||||
|
||||
|
||||
class TestGlibcNonDefaultLimitedTimezone(infra.basetest.BRTest):
|
||||
config = \
|
||||
"""
|
||||
BR2_arm=y
|
||||
BR2_TOOLCHAIN_EXTERNAL=y
|
||||
BR2_TARGET_TZ_INFO=y
|
||||
BR2_TARGET_TZ_ZONELIST="northamerica"
|
||||
BR2_TARGET_LOCALTIME="America/New_York"
|
||||
BR2_TARGET_ROOTFS_CPIO=y
|
||||
# BR2_TARGET_ROOTFS_TAR is not set
|
||||
"""
|
||||
|
||||
def test_run(self):
|
||||
boot_armv5_cpio(self.emulator, self.builddir)
|
||||
tz, _ = self.emulator.run("date +%Z")
|
||||
self.assertEqual(tz[0].strip(), "EST")
|
||||
tz, _ = self.emulator.run("TZ=UTC date +%Z")
|
||||
self.assertEqual(tz[0].strip(), "UTC")
|
||||
tz, _ = self.emulator.run("TZ=America/Los_Angeles date +%Z")
|
||||
self.assertEqual(tz[0].strip(), "PST")
|
||||
tz, _ = self.emulator.run("TZ=Europe/Paris date +%Z")
|
||||
self.assertEqual(tz[0].strip(), "Europe")
|
||||
Reference in New Issue
Block a user