mirror of
https://github.com/firehol/firehol.git
synced 2024-06-16 12:08:23 +00:00
Enable automated testing
Rename unittest directory to tests to be more standard Install all required packages rather than placeholders Get a suitable version of "unshare"
This commit is contained in:
parent
1557cb6b98
commit
0ec7817b99
31
.travis.yml
31
.travis.yml
@ -2,15 +2,8 @@
|
||||
# https://docs.travis-ci.com/user/trusty-ci-environment/
|
||||
dist: trusty
|
||||
#
|
||||
# Use full virtualisation
|
||||
# Use full virtualisation to allow use of user namespaces
|
||||
sudo: true
|
||||
## Use docker image for speed
|
||||
## When pandoc whitelisted:
|
||||
## https://github.com/travis-ci/apt-package-whitelist/blob/master/ubuntu-trusty
|
||||
## Issue here:
|
||||
## https://github.com/travis-ci/apt-package-whitelist/issues/3762
|
||||
#sudo: false
|
||||
#group: beta
|
||||
#
|
||||
# C includes autotools and make by default
|
||||
language: c
|
||||
@ -28,6 +21,8 @@ addons:
|
||||
- texlive-latex-recommended
|
||||
- lmodern
|
||||
- libxml2-utils
|
||||
- traceroute
|
||||
- ipset
|
||||
#
|
||||
# Setup environment
|
||||
before_install:
|
||||
@ -40,11 +35,18 @@ before_install:
|
||||
# WARNING: Any changes to the above 5 lines should be monitored closely
|
||||
- ssh-keyscan -H firehol.org >> ~/.ssh/known_hosts
|
||||
#
|
||||
# Run-time dependencies that we don't strictly need to build source package
|
||||
# N.B. when we start running full testing, real tools will be needed
|
||||
- mkdir /tmp/fake-tools
|
||||
- for t in iprange traceroute ipset; do echo '#!/bin/sh' > /tmp/fake-tools/$t && echo 'echo 999.999.999' >> /tmp/fake-tools/$t && chmod +x /tmp/fake-tools/$t; done
|
||||
- export PATH=$PATH:/tmp/fake-tools
|
||||
# Set up to ensure tests run:
|
||||
# - Ensure unprivileged user namespaces enabled
|
||||
# - Get latest version of iprange from firehol project
|
||||
# - Get a version of util-linux which has the user namespace options
|
||||
# - Install required kernel modules
|
||||
- sudo sysctl kernel.unprivileged_userns_clone=1
|
||||
- sudo .travis/install-iprange
|
||||
- sudo .travis/replace-unshare
|
||||
- sudo modprobe ip6table_mangle
|
||||
- sudo modprobe iptable_raw
|
||||
- sudo modprobe ip6table_raw
|
||||
- sudo modprobe ip6table_nat
|
||||
#
|
||||
# Run
|
||||
before_script:
|
||||
@ -52,7 +54,8 @@ before_script:
|
||||
# Run the commit hooks in case the developer didn't
|
||||
- git diff 4b825dc642cb6eb9a060e54bf8d69288fbee4904 | ./packaging/check-files -
|
||||
script:
|
||||
- fakeroot ./packaging/git-build && ./configure && make check
|
||||
- fakeroot ./packaging/git-build
|
||||
- (test -f firehol*.tar.gz && mkdir -p build && tar xfzC firehol*.tar.gz build && cd build/firehol* && mkdir out-of-tree && cd out-of-tree && ../configure && make check)
|
||||
#
|
||||
# Deploy as required
|
||||
after_success:
|
||||
|
47
.travis/install-iprange
Executable file
47
.travis/install-iprange
Executable file
@ -0,0 +1,47 @@
|
||||
#!/bin/sh
|
||||
|
||||
if ! MYTMP="`mktemp -d -t install-iprange-XXXXXX`"
|
||||
then
|
||||
echo >&2
|
||||
echo >&2
|
||||
echo >&2 "Cannot create temporary directory."
|
||||
echo >&2
|
||||
exit 1
|
||||
fi
|
||||
export MYTMP
|
||||
|
||||
myexit() {
|
||||
rm -rf $MYTMP
|
||||
exit 0
|
||||
}
|
||||
|
||||
trap myexit INT
|
||||
trap myexit HUP
|
||||
trap myexit 0
|
||||
|
||||
DIR=`pwd`/
|
||||
export DIR
|
||||
|
||||
cd $MYTMP
|
||||
|
||||
set -e
|
||||
|
||||
curl -s -o json https://api.github.com/repos/firehol/iprange/releases/latest
|
||||
dl=$(sed -ne '/"browser_download_url":.*.tar.gz"/{s/.*"browser_download_url": *//;s/{.*//;s/",*//g;p;q}' json)
|
||||
dl=https://github.com/firehol/iprange/releases/download/v1.0.3/iprange-1.0.3.tar.gz
|
||||
|
||||
if [ "$dl" = "" ]
|
||||
then
|
||||
echo "Could not find download for latest iprange"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo $dl
|
||||
curl -s -L -o iprange.tar.gz "$dl"
|
||||
|
||||
mkdir build
|
||||
tar xfzC iprange.tar.gz build
|
||||
|
||||
cd build/iprange*
|
||||
./configure --disable-man
|
||||
make install
|
40
.travis/replace-unshare
Executable file
40
.travis/replace-unshare
Executable file
@ -0,0 +1,40 @@
|
||||
#!/bin/sh
|
||||
|
||||
if ! MYTMP="`mktemp -d -t replace-unshare-XXXXXX`"
|
||||
then
|
||||
echo >&2
|
||||
echo >&2
|
||||
echo >&2 "Cannot create temporary directory."
|
||||
echo >&2
|
||||
exit 1
|
||||
fi
|
||||
export MYTMP
|
||||
|
||||
myexit() {
|
||||
rm -rf $MYTMP
|
||||
exit 0
|
||||
}
|
||||
|
||||
trap myexit INT
|
||||
trap myexit HUP
|
||||
trap myexit 0
|
||||
|
||||
DIR=`pwd`/
|
||||
export DIR
|
||||
|
||||
cd $MYTMP
|
||||
|
||||
set -e
|
||||
|
||||
dl=https://launchpad.net/ubuntu/+archive/primary/+files/util-linux_2.27.1.orig.tar.xz
|
||||
|
||||
echo $dl
|
||||
curl -s -L -o util-linux.tar.xz "$dl"
|
||||
|
||||
mkdir build
|
||||
tar xfJC util-linux.tar.xz build
|
||||
|
||||
cd build/util-*
|
||||
./configure --disable-all-programs --enable-unshare
|
||||
make
|
||||
make install
|
@ -11,7 +11,7 @@ AUTOMAKE_OPTIONS = \
|
||||
AM_DISTCHECK_CONFIGURE_FLAGS = \
|
||||
--disable-maintainer-mode
|
||||
|
||||
SUBDIRS = sbin etc examples doc contrib html
|
||||
SUBDIRS = sbin etc examples doc contrib html tests
|
||||
|
||||
DIST_SUBDIRS = $(SUBDIRS) m4
|
||||
|
||||
|
@ -29,6 +29,7 @@ dnl Check for functioning symbolic links
|
||||
AC_PROG_LN_S
|
||||
|
||||
AM_CONDITIONAL([GIT_TREE], [test -f "${srcdir}/README.md"])
|
||||
AM_CONDITIONAL([USERNS_ENABLED], [test "`cat /proc/sys/kernel/unprivileged_userns_clone`" = "1"])
|
||||
|
||||
AX_FIREHOL_AUTOSAVE()
|
||||
AX_FIREHOL_AUTOSAVE6()
|
||||
@ -391,6 +392,7 @@ AC_CONFIG_FILES([
|
||||
html/Makefile
|
||||
html/ipsets/Makefile
|
||||
contrib/Makefile
|
||||
tests/Makefile
|
||||
])
|
||||
|
||||
AC_OUTPUT
|
||||
|
@ -7,8 +7,7 @@ conffiles =
|
||||
if ENABLE_FIREHOL
|
||||
|
||||
examples_SCRIPTS = \
|
||||
adblock.sh \
|
||||
newns.sh
|
||||
adblock.sh
|
||||
|
||||
conffiles += \
|
||||
server-dmz.conf \
|
||||
|
@ -86,6 +86,8 @@ try_build() {
|
||||
git diff --staged | patch -p1 -d "$MYTMP/build"
|
||||
(cd $MYTMP/build; ./packaging/git-build || touch $MYTMP/fail)
|
||||
if [ -f $MYTMP/fail ]; then return 1; fi
|
||||
(cd $MYTMP/build; make check || touch $MYTMP/fail)
|
||||
if [ -f $MYTMP/fail ]; then return 1; fi
|
||||
(cd $MYTMP/build; ./packaging/tar-compare . *.tar.gz || touch $MYTMP/fail)
|
||||
if [ -f $MYTMP/fail ]; then return 1; fi
|
||||
touch $MYTMP/success
|
||||
|
@ -51,7 +51,7 @@ diff -r "$1" $MYTMP/unpack/* | grep "^Only" | sed \
|
||||
-e '/: tmp-anchor-links$/d' \
|
||||
-e '/: tmp-manproc$/d' \
|
||||
-e '/: .*\.tar\.\(gz\|bz2\|xz\)$/d' \
|
||||
-e '/: unittest$/d' > $MYTMP/out
|
||||
> $MYTMP/out
|
||||
|
||||
cat $MYTMP/out
|
||||
test -s $MYTMP/out && exit 1
|
||||
|
0
unittest/.gitignore → tests/.gitignore
vendored
0
unittest/.gitignore → tests/.gitignore
vendored
112
tests/Makefile.am
Normal file
112
tests/Makefile.am
Normal file
@ -0,0 +1,112 @@
|
||||
# Process this file with automake to produce Makefile.in
|
||||
|
||||
testargs =
|
||||
|
||||
if ENABLE_FIREHOL
|
||||
testargs += $(srcdir)/firehol
|
||||
endif
|
||||
|
||||
if ENABLE_FIREQOS
|
||||
testargs += $(srcdir)/fireqos
|
||||
endif
|
||||
|
||||
if ENABLE_LINK_BALANCER
|
||||
testargs += $(srcdir)/link-balancer
|
||||
endif
|
||||
|
||||
if ENABLE_UPDATE_IPSETS
|
||||
testargs += $(srcdir)/update-ipsets
|
||||
endif
|
||||
|
||||
if ENABLE_VNETBUILD
|
||||
testargs += $(srcdir)/vnetbuild
|
||||
endif
|
||||
|
||||
if USERNS_ENABLED
|
||||
check-local: unittest
|
||||
$(srcdir)/unittest $(testargs)
|
||||
endif
|
||||
|
||||
TOOLS = \
|
||||
README.md \
|
||||
tools/clean-class \
|
||||
tools/clean-iptables \
|
||||
tools/newns \
|
||||
unittest \
|
||||
update-audit
|
||||
|
||||
# Generated with:
|
||||
# find firehol fireqos link-balancer update-ipsets -type f | sed -e 's:.*: & \\:' | sort
|
||||
TESTFILES = \
|
||||
firehol/basics/empty.aud4 \
|
||||
firehol/basics/empty.aud6 \
|
||||
firehol/basics/empty.conf \
|
||||
firehol/basics/interface46.aud4 \
|
||||
firehol/basics/interface46.aud6 \
|
||||
firehol/basics/interface46.conf \
|
||||
firehol/basics/interface.aud4 \
|
||||
firehol/basics/interface.aud6 \
|
||||
firehol/basics/interface.conf \
|
||||
firehol/basics/router46.aud4 \
|
||||
firehol/basics/router46.aud6 \
|
||||
firehol/basics/router46.conf \
|
||||
firehol/basics/router.aud4 \
|
||||
firehol/basics/router.aud6 \
|
||||
firehol/basics/router.conf \
|
||||
firehol/cmdline/panic-test.aud4 \
|
||||
firehol/cmdline/panic-test.aud6 \
|
||||
firehol/cmdline/panic-test.conf \
|
||||
firehol/cmdline/panic-test.run.sh \
|
||||
firehol/cmdline/stop-test.aud4 \
|
||||
firehol/cmdline/stop-test.aud6 \
|
||||
firehol/cmdline/stop-test.conf \
|
||||
firehol/cmdline/stop-test.post.sh \
|
||||
firehol/cmdline/stop-test.pre.sh \
|
||||
firehol/cmdline/stop-test.run.sh \
|
||||
firehol/cmdline/try-test.aud4 \
|
||||
firehol/cmdline/try-test.aud6 \
|
||||
firehol/cmdline/try-test.conf \
|
||||
firehol/cmdline/try-test.post.sh \
|
||||
firehol/cmdline/try-test.pre.sh \
|
||||
firehol/cmdline/try-test.run.sh \
|
||||
firehol/not-both/ipv4-disable-conf.aud4 \
|
||||
firehol/not-both/ipv4-disable-conf.aud6 \
|
||||
firehol/not-both/ipv4-disable-conf.conf \
|
||||
firehol/not-both/ipv4-disable-defaults.aud4 \
|
||||
firehol/not-both/ipv4-disable-defaults.aud6 \
|
||||
firehol/not-both/ipv4-disable-defaults.conf \
|
||||
firehol/not-both/ipv4-disable-defaults.pre.sh \
|
||||
firehol/not-both/ipv6-disable-conf.aud4 \
|
||||
firehol/not-both/ipv6-disable-conf.aud6 \
|
||||
firehol/not-both/ipv6-disable-conf.conf \
|
||||
firehol/not-both/ipv6-disable-defaults.aud4 \
|
||||
firehol/not-both/ipv6-disable-defaults.aud6 \
|
||||
firehol/not-both/ipv6-disable-defaults.conf \
|
||||
firehol/not-both/ipv6-disable-defaults.pre.sh \
|
||||
fireqos/basic/minimal-qos.class.aud \
|
||||
fireqos/basic/minimal-qos.conf \
|
||||
fireqos/basic/minimal-qos.filter.aud \
|
||||
fireqos/basic/minimal-qos.qdisc.aud \
|
||||
fireqos/cmdline/clear-all.class.aud \
|
||||
fireqos/cmdline/clear-all.conf \
|
||||
fireqos/cmdline/clear-all.filter.aud \
|
||||
fireqos/cmdline/clear-all.post.sh \
|
||||
fireqos/cmdline/clear-all.pre.sh \
|
||||
fireqos/cmdline/clear-all.qdisc.aud \
|
||||
fireqos/cmdline/clear-all.run.sh \
|
||||
fireqos/cmdline/no-args.class.aud \
|
||||
fireqos/cmdline/no-args.conf \
|
||||
fireqos/cmdline/no-args.filter.aud \
|
||||
fireqos/cmdline/no-args.qdisc.aud \
|
||||
fireqos/cmdline/no-args.run.sh \
|
||||
link-balancer/basics/simple.conf \
|
||||
link-balancer/basics/simple.pre.sh \
|
||||
link-balancer/basics/simple.rules.aud \
|
||||
link-balancer/basics/simple.table.aud \
|
||||
update-ipsets/basic/no-setup.conf \
|
||||
update-ipsets/basic/no-setup.run.sh \
|
||||
vnetbuild/basic/no-setup.conf \
|
||||
vnetbuild/basic/no-setup.ns.aud \
|
||||
vnetbuild/basic/no-setup.run.sh
|
||||
|
||||
EXTRA_DIST = $(TOOLS) $(TESTFILES)
|
@ -3,12 +3,13 @@ Unit Tests
|
||||
|
||||
NOTE
|
||||
: The `unittest` command uses namespaces to isolate itself and the
|
||||
tests it runs from the running firewall.
|
||||
tests it runs from the running firewall. It needs user namespaces
|
||||
to be enabled.
|
||||
|
||||
Run tests as:
|
||||
|
||||
~~~~
|
||||
sudo ./unittest directory-or-conffile...
|
||||
./unittest directory-or-conffile...
|
||||
~~~~
|
||||
|
||||
Any number of files and directories (in which case all .conf files found
|
@ -12,7 +12,7 @@ then
|
||||
echo "Do not run as root. The unittest system uses user namespaces instead."
|
||||
exit 1
|
||||
fi
|
||||
exec $dirname/../examples/newns.sh $0 "$@"
|
||||
exec $dirname/tools/newns $0 "$@"
|
||||
fi
|
||||
|
||||
haderror=""
|
||||
@ -33,9 +33,9 @@ do
|
||||
done
|
||||
done
|
||||
|
||||
if [ ! -x tools/clean-iptables ]
|
||||
if [ ! -x $dirname/tools/clean-iptables ]
|
||||
then
|
||||
echo "Executable tools/clean-iptables script not found"
|
||||
echo "Executable $dirname/tools/clean-iptables script not found"
|
||||
echo ""
|
||||
haderror="Y"
|
||||
fi
|
||||
@ -65,7 +65,7 @@ fi
|
||||
if [ ! -r /proc/net/ip_tables_names ]
|
||||
then
|
||||
echo "Faking /proc/net/ip_tables_names"
|
||||
$dirname/../examples/newns.sh --fake-proc || exit 1
|
||||
$dirname/tools/newns --fake-proc || exit 1
|
||||
fi
|
||||
|
||||
echo "Running in separate namespace"
|
||||
@ -98,7 +98,7 @@ export TESTDIR
|
||||
export FIREHOL_OVERRIDE_PROGRAM_DIR=$MYTMP/prog
|
||||
mkdir -p "$FIREHOL_OVERRIDE_PROGRAM_DIR"
|
||||
sed -e "s#[@].*POST[@]#$MYTMP#" ../sbin/install.config.in > "$FIREHOL_OVERRIDE_PROGRAM_DIR/install.config"
|
||||
cp ../sbin/functions.* "$FIREHOL_OVERRIDE_PROGRAM_DIR"
|
||||
cp $dirname/../sbin/functions.* "$FIREHOL_OVERRIDE_PROGRAM_DIR"
|
||||
|
||||
kcov=`which kcov 2> /dev/null`
|
||||
if [ "$kcov" ]
|
||||
@ -227,20 +227,20 @@ do
|
||||
export audns=$(newext ns.aud $conf)
|
||||
|
||||
case $conf in
|
||||
firehol*)
|
||||
*firehol/*/*.conf)
|
||||
clear_iptables
|
||||
program=firehol
|
||||
;;
|
||||
fireqos*)
|
||||
*fireqos/*/*.conf)
|
||||
program=fireqos
|
||||
;;
|
||||
link-balancer*)
|
||||
*link-balancer/*/*.conf)
|
||||
program=link-balancer
|
||||
;;
|
||||
vnetbuild*)
|
||||
*vnetbuild/*/*.conf)
|
||||
program=vnetbuild
|
||||
;;
|
||||
update-ipsets*)
|
||||
*update-ipsets/*/*.conf)
|
||||
program=update-ipsets
|
||||
;;
|
||||
*)
|
||||
@ -252,7 +252,7 @@ do
|
||||
then
|
||||
echo "Cannot determine program for $conf"
|
||||
else
|
||||
script=../sbin/${program}
|
||||
script=$dirname/../sbin/${program}
|
||||
export script
|
||||
total=$((total + 1))
|
||||
|
||||
@ -339,8 +339,8 @@ do
|
||||
firehol)
|
||||
iptables-save > "$out4".raw
|
||||
ip6tables-save > "$out6".raw
|
||||
tools/clean-iptables "$out4".raw > "$out4"
|
||||
tools/clean-iptables "$out6".raw > "$out6"
|
||||
$dirname/tools/clean-iptables "$out4".raw > "$out4"
|
||||
$dirname/tools/clean-iptables "$out6".raw > "$out6"
|
||||
if ! cmp "$aud4" "$out4"
|
||||
then
|
||||
errors=$((errors + 1))
|
||||
@ -353,7 +353,7 @@ do
|
||||
tc qdisc show dev veth0 > "$outqdisc"
|
||||
tc class show dev veth0 > "$outclass".raw
|
||||
tc filter show dev veth0 > "$outfilter"
|
||||
tools/clean-class "$outclass".raw > "$outclass"
|
||||
$dirname/tools/clean-class "$outclass".raw > "$outclass"
|
||||
if ! cmp "$audqdisc" "$outqdisc"
|
||||
then
|
||||
errors=$((errors + 1))
|
0
tests/vnetbuild/basic/no-setup.conf
Normal file
0
tests/vnetbuild/basic/no-setup.conf
Normal file
0
tests/vnetbuild/basic/no-setup.ns.aud
Normal file
0
tests/vnetbuild/basic/no-setup.ns.aud
Normal file
10
tests/vnetbuild/basic/no-setup.run.sh
Executable file
10
tests/vnetbuild/basic/no-setup.run.sh
Executable file
@ -0,0 +1,10 @@
|
||||
#!/bin/sh
|
||||
|
||||
$kcov $script
|
||||
status=$?
|
||||
if [ $status -eq 1 ]
|
||||
then
|
||||
exit 0
|
||||
fi
|
||||
echo "Status: $status"
|
||||
exit 1
|
@ -1 +0,0 @@
|
||||
FireHOL unit tests belong here
|
@ -1 +0,0 @@
|
||||
FireQOS unit tests belong here
|
@ -1 +0,0 @@
|
||||
link-balancer unit tests belong here
|
@ -1 +0,0 @@
|
||||
update-ipsets unit tests belong here
|
@ -1 +0,0 @@
|
||||
vnetbuild unit tests belong here
|
Loading…
Reference in New Issue
Block a user