[gentoo-commits] proj/releng:master commit in: tools-hardened/ - gentoo-commits

From:	"Anthony G. Basile" <blueness@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/releng:master commit in: tools-hardened/
Date:	Wed, 02 Mar 2016 20:41:25
Message-Id:	`1456951880.e9208fa931e35d9cb9ef21ebca08149b9c165e4e.blueness@gentoo`

1

commit:     e9208fa931e35d9cb9ef21ebca08149b9c165e4e

2

Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>

3

AuthorDate: Wed Mar  2 20:51:20 2016 +0000

4

Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>

5

CommitDate: Wed Mar  2 20:51:20 2016 +0000

6

URL:        https://gitweb.gentoo.org/proj/releng.git/commit/?id=e9208fa9

7

8

tools-hardened: add test scripts for systemd stages

9

10

 tools-hardened/common.sh               | 61 ++++++++++++++++++++++++++++++++++

11

 tools-hardened/run-systemd.sh          | 49 +++++++++++++++++++++++++++

12

 tools-hardened/stage-all.conf.template |  7 ++++

13

 3 files changed, 117 insertions(+)

14

15

diff --git a/tools-hardened/common.sh b/tools-hardened/common.sh

16

new file mode 100644

17

index 0000000..9a0a03a

18

--- /dev/null

19

+++ b/tools-hardened/common.sh

20

@@ -0,0 +1,61 @@

21

+#!/bin/bash

22

+

23

+source /etc/catalyst/catalyst.conf

24

+

25

+mydate=`date +%Y%m%d`

26

+

27

+

28

+undo_grsec() {

29

+  [[ -d /proc/sys/kernel/grsecurity ]] || return

30

+  for i in /proc/sys/kernel/grsecurity/chroot_* ; do

31

+    echo 0 > $i

32

+  done

33

+}

34

+

35

+

36

+banner() {

37

+cat << EOF | tee -a zzz.log > stage$1-$2-systemd.log

38

+

39

+************************************************************************

40

+*    stage$1-$2-systemd

41

+************************************************************************"

42

+

43

+EOF

44

+}

45

+

46

+

47

+do_stages() {

48

+  local arch=$1

49

+

50

+  for s in 1 2 3; do

51

+    local tgpath="${storedir}/builds/systemd/${arch}"

52

+    local target="stage${s}-${arch}-systemd-${mydate}.tar.bz2"

53

+    local tglink="stage${s}-${arch}-systemd.tar.bz2"

54

+

55

+    if [[ ! -f "${tgpath}/${tglink}" ]]; then

56

+       touch stage${s}-${arch}-systemd.log

57

+       echo "!!! ${tglink} at ${tgpath} doesn't exist" \

58

+         | tee -a zzz.log \

59

+         > stage${s}-${arch}-systemd.err

60

+       return 1

61

+    fi

62

+

63

+    banner ${s} ${arch}

64

+    catalyst -f stage${s}-${arch}-systemd.conf \

65

+      | tee -a zzz.log \

66

+      > stage${s}-${arch}-systemd.log \

67

+      2> stage${s}-${arch}-systemd.err

68

+

69

+    if [[ -f "${tgpath}/${target}" ]]; then

70

+      rm -f "${tgpath}/${tglink}"

71

+      ln -s ${target} "${tgpath}/${tglink}"

72

+    else

73

+      echo "!!! ${target} was not generated" \

74

+        | tee -a zzz.log \

75

+        >stage${s}-${arch}-systemd.err

76

+      return 1

77

+    fi

78

+  done

79

+

80

+  return 0

81

+}

82

83

diff --git a/tools-hardened/run-systemd.sh b/tools-hardened/run-systemd.sh

84

new file mode 100644

85

index 0000000..94c57d1

86

--- /dev/null

87

+++ b/tools-hardened/run-systemd.sh

88

@@ -0,0 +1,49 @@

89

+#!/bin/bash

90

+

91

+source common.sh

92

+

93

+prepare_confs() {

94

+  local arch=$1

95

+

96

+  for s in 1 2 3; do

97

+

98

+    local cstage=stage${s}

99

+    local p=$(( s - 1 ))

100

+    [[ $p == 0 ]] && p=3

101

+    local pstage=stage${p}

102

+

103

+    local parch="${arch}"

104

+      [[ "${arch}" == "i686" ]] && parch="x86"

105

+

106

+    cat stage-all.conf.template | \

107

+      sed -e "s:\(^version_stamp.*$\):\1-${mydate}:" \

108

+        -e "s:STAGE:${cstage}:g" \

109

+        -e "s:SARCH:${arch}:g" \

110

+        -e "s:PARCH:${parch}:g" \

111

+        >  stage${s}-${arch}-systemd.conf

112

+  done

113

+}

114

+

115

+

116

+main() {

117

+  >zzz.log

118

+

119

+  undo_grsec

120

+

121

+  catalyst -s current | tee -a zzz.log >snapshot.log 2>snapshot.err

122

+

123

+#  for arch in amd64 i686; do

124

+  for arch in amd64; do

125

+    prepare_confs ${arch}

126

+  done

127

+

128

+  # The parallelization `( do_stages ... ) &` doesn't work here

129

+  # if catalyst is using snapcache, bug #519656

130

+#  for arch in amd64 i686; do

131

+  for arch in amd64; do

132

+    do_stages ${arch}

133

+    [[ $? == 1 ]] && echo "FAILURE at ${arch}" | tee zzz.log

134

+  done

135

+}

136

+

137

+main $1 &

138

139

diff --git a/tools-hardened/stage-all.conf.template b/tools-hardened/stage-all.conf.template

140

new file mode 100644

141

index 0000000..942ddc7

142

--- /dev/null

143

+++ b/tools-hardened/stage-all.conf.template

144

@@ -0,0 +1,7 @@

145

+subarch: SARCH

146

+target: STAGE

147

+version_stamp: systemd

148

+rel_type: systemd/SARCH

149

+profile: default/linux/PARCH/13.0/systemd

150

+snapshot: current

151

+source_subpath: systemd/SARCH/STAGE-SARCH-systemd

1	commit: e9208fa931e35d9cb9ef21ebca08149b9c165e4e
2	Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3	AuthorDate: Wed Mar 2 20:51:20 2016 +0000
4	Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5	CommitDate: Wed Mar 2 20:51:20 2016 +0000
6	URL: https://gitweb.gentoo.org/proj/releng.git/commit/?id=e9208fa9
7
8	tools-hardened: add test scripts for systemd stages
9
10	tools-hardened/common.sh \| 61 ++++++++++++++++++++++++++++++++++
11	tools-hardened/run-systemd.sh \| 49 +++++++++++++++++++++++++++
12	tools-hardened/stage-all.conf.template \| 7 ++++
13	3 files changed, 117 insertions(+)
14
15	diff --git a/tools-hardened/common.sh b/tools-hardened/common.sh
16	new file mode 100644
17	index 0000000..9a0a03a
18	--- /dev/null
19	+++ b/tools-hardened/common.sh
20	@@ -0,0 +1,61 @@
21	+#!/bin/bash
22	+
23	+source /etc/catalyst/catalyst.conf
24	+
25	+mydate=`date +%Y%m%d`
26	+
27	+
28	+undo_grsec() {
29	+ [[ -d /proc/sys/kernel/grsecurity ]] \|\| return
30	+ for i in /proc/sys/kernel/grsecurity/chroot_* ; do
31	+ echo 0 > $i
32	+ done
33	+}
34	+
35	+
36	+banner() {
37	+cat << EOF \| tee -a zzz.log > stage$1-$2-systemd.log
38	+
39	+************************************************************************
40	+* stage$1-$2-systemd
41	+************************************************************************"
42	+
43	+EOF
44	+}
45	+
46	+
47	+do_stages() {
48	+ local arch=$1
49	+
50	+ for s in 1 2 3; do
51	+ local tgpath="${storedir}/builds/systemd/${arch}"
52	+ local target="stage${s}-${arch}-systemd-${mydate}.tar.bz2"
53	+ local tglink="stage${s}-${arch}-systemd.tar.bz2"
54	+
55	+ if [[ ! -f "${tgpath}/${tglink}" ]]; then
56	+ touch stage${s}-${arch}-systemd.log
57	+ echo "!!! ${tglink} at ${tgpath} doesn't exist" \
58	+ \| tee -a zzz.log \
59	+ > stage${s}-${arch}-systemd.err
60	+ return 1
61	+ fi
62	+
63	+ banner ${s} ${arch}
64	+ catalyst -f stage${s}-${arch}-systemd.conf \
65	+ \| tee -a zzz.log \
66	+ > stage${s}-${arch}-systemd.log \
67	+ 2> stage${s}-${arch}-systemd.err
68	+
69	+ if [[ -f "${tgpath}/${target}" ]]; then
70	+ rm -f "${tgpath}/${tglink}"
71	+ ln -s ${target} "${tgpath}/${tglink}"
72	+ else
73	+ echo "!!! ${target} was not generated" \
74	+ \| tee -a zzz.log \
75	+ >stage${s}-${arch}-systemd.err
76	+ return 1
77	+ fi
78	+ done
79	+
80	+ return 0
81	+}
82
83	diff --git a/tools-hardened/run-systemd.sh b/tools-hardened/run-systemd.sh
84	new file mode 100644
85	index 0000000..94c57d1
86	--- /dev/null
87	+++ b/tools-hardened/run-systemd.sh
88	@@ -0,0 +1,49 @@
89	+#!/bin/bash
90	+
91	+source common.sh
92	+
93	+prepare_confs() {
94	+ local arch=$1
95	+
96	+ for s in 1 2 3; do
97	+
98	+ local cstage=stage${s}
99	+ local p=$(( s - 1 ))
100	+ [[ $p == 0 ]] && p=3
101	+ local pstage=stage${p}
102	+
103	+ local parch="${arch}"
104	+ [[ "${arch}" == "i686" ]] && parch="x86"
105	+
106	+ cat stage-all.conf.template \| \
107	+ sed -e "s:\(^version_stamp.*$\):\1-${mydate}:" \
108	+ -e "s:STAGE:${cstage}:g" \
109	+ -e "s:SARCH:${arch}:g" \
110	+ -e "s:PARCH:${parch}:g" \
111	+ > stage${s}-${arch}-systemd.conf
112	+ done
113	+}
114	+
115	+
116	+main() {
117	+ >zzz.log
118	+
119	+ undo_grsec
120	+
121	+ catalyst -s current \| tee -a zzz.log >snapshot.log 2>snapshot.err
122	+
123	+# for arch in amd64 i686; do
124	+ for arch in amd64; do
125	+ prepare_confs ${arch}
126	+ done
127	+
128	+ # The parallelization `( do_stages ... ) &` doesn't work here
129	+ # if catalyst is using snapcache, bug #519656
130	+# for arch in amd64 i686; do
131	+ for arch in amd64; do
132	+ do_stages ${arch}
133	+ [[ $? == 1 ]] && echo "FAILURE at ${arch}" \| tee zzz.log
134	+ done
135	+}
136	+
137	+main $1 &
138
139	diff --git a/tools-hardened/stage-all.conf.template b/tools-hardened/stage-all.conf.template
140	new file mode 100644
141	index 0000000..942ddc7
142	--- /dev/null
143	+++ b/tools-hardened/stage-all.conf.template
144	@@ -0,0 +1,7 @@
145	+subarch: SARCH
146	+target: STAGE
147	+version_stamp: systemd
148	+rel_type: systemd/SARCH
149	+profile: default/linux/PARCH/13.0/systemd
150	+snapshot: current
151	+source_subpath: systemd/SARCH/STAGE-SARCH-systemd

Gentoo Archives: gentoo-commits