PR#250: Support for running tests on openSUSE - gssproxy

gssproxy

#250 Support for running tests on openSUSE

Merged 4 years ago by rharwood. Opened 4 years ago by rharwood.

rharwood/gssproxy suse into master

Support for running tests on openSUSE

Tomáš Chvátal • 4 years ago

fd954d1

tests/runtests.py

file modified

+1 -1

		`@@ -12,7 +12,7 @@`
		`from testlib import *`

		`def check_exec(name):`
		`- env = {'PATH': '/sbin:/bin:/usr/sbin:/usr/bin'}`
		`+ env = {'PATH': '/sbin:/bin:/usr/sbin:/usr/bin:/usr/lib/mit/sbin'}`
		`ret = subprocess.call(["which", name], stdout=subprocess.DEVNULL, env=env)`
		`if ret != 0:`
		`print(f"Executable '{name}' not found in {env['PATH']}",`

tests/testlib.py

file modified

+3 -2

		`@@ -301,6 +301,7 @@`

		`k5schema = None`
		`for path in ["/usr/share/doc/krb5-server-ldap*/kerberos.schema",`
		`+ "/usr/share/kerberos/ldap/kerberos.schema",`
		`"/usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"]:`
		`pathlist = glob.glob(path)`
		`if len(pathlist) > 0:`
		`@@ -367,7 +368,7 @@`
		`stashfile = os.path.join(testdir, "ldap_passwd")`
		`krb5conf = os.path.join(testdir, 'krb5.conf')`

		`- ldapenv = {'PATH': '/sbin:/bin:/usr/sbin:/usr/bin',`
		`+ ldapenv = {'PATH': '/sbin:/bin:/usr/sbin:/usr/bin:/usr/lib/mit/sbin',`
		`'KRB5_CONFIG': krb5conf}`
		`ldapenv.update(wrapenv)`

		`@@ -411,7 +412,7 @@`
		`kdcstash = os.path.join(kdcdir, KDC_STASH)`
		`kdcdb = os.path.join(kdcdir, KDC_DBNAME)`

		`- kdcenv = {'PATH': '/sbin:/bin:/usr/sbin:/usr/bin',`
		`+ kdcenv = {'PATH': '/sbin:/bin:/usr/sbin:/usr/bin:/usr/lib/mit/sbin',`
		`'KRB5_CONFIG': krb5conf,`
		`'KRB5_KDC_PROFILE': kdcconf}`
		`kdcenv.update(wrapenv)`

rharwood commented 4 years ago

This was sent in by the openSUSE maintainer (Tomáš Chvátal). Tom adds that the reason they were sent via email rather than posted here directly is that contribution on Pagure requires a Fedora account, which of course they do not have.

cipherboy commented 4 years ago

The package krb5-server-1.17-245.8.x86_64.rpm from Tumbleweed creates:

usr/lib/mit/sbin/
├── gss-server
├── kadmind
├── kadmin.local
├── kdb5_ldap_util
├── kdb5_util
├── kprop
├── kpropd
├── kproplog
├── krb5kdc
├── sim_server
├── sserver
└── uuserver

and krb5-plugin-kdb-ldap-1.17-245.8.x86_64.rpm (also from Tumbleweed) gives us:

usr/share/kerberos/ldap/
├── kerberos.ldif
└── kerberos.schema

I pulled an OpenSUSE container. After installing a lot of stuff (some of it likely unnecessary), I got gssproxy to build. I confirmed that it failed prior to this patch due to missing ldap schema. After switching to the suse branch, rebuilding, (and installing more missing build dependencies) it seems to work fine but a few tests fail. It might be user error though:

$ make check
<snip>
./tests/runtests.py 


To pass arguments to the test suite, use CHECKARGS:
    make check CHECKARGS='--debug-num=<num>'
A full set of available options can be seen with --help


Waiting for LDAP server to start...
krb5kdc: starting...
Tests to be run: t_acquire.py, t_basic.py, t_cred_store.py, t_impersonate.py, t_interpose.py, t_multi_key.py, t_program.py, t_reloading.py, t_setcredopt.py
Testing basic acquire creds...
[PASS] (0) Acquire test returned 0
Testing basic init/accept context
[PASS] (1) Init test returned 0
[PASS] (2) Accept test returned 0
Testing cred store extensions...
[PASS] (3) Cred store test returned 0
Testing impersonate creds...
[PASS] (4) Impersonate test returned 0
gssproxy[25537]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure.  Minor code may provide more information, Can't find client principal user@GSSPROXY.DEV in cache collection

[PASS] (5) Impersonate fail self test returned 255
[PASS] (6) Impersonate fail proxy test returned 255
[PASS] (7) s4u2self delegation test returned 0
[PASS] (8) Impersonate to self test returned 0
[PASS] (9) s4u2proxy fail test returned 255
[PASS] (10) s4u2proxy test returned 0
Testing interposer...
[PASS] (11) Interpose test returned 0
Testing multiple keys Keytab with first principal
  Testing basic init/accept context
[PASS] (12) Init test returned 0
[PASS] (13) Accept test returned 0
Testing multiple keys Keytab with second principal
  Testing basic init/accept context
[PASS] (14) Init test returned 0
[PASS] (15) Accept test returned 0
Testing positive program name matching...
  Testing basic acquire creds...
[PASS] (16) Acquire test returned 0
Testing negative program name matching...
  Testing basic acquire creds...
[PASS] (17) Acquire test returned 255
[PASS] Program test returned 0
Testing basic SIGHUP with no change
  Testing basic init/accept context
[PASS] (18) Init test returned 0
[PASS] (19) Accept test returned 0
Testing SIGHUP with dropped service
gssproxy[25537]: Option 'euid' is missing from [service/dontuse].

gssproxy[25537]: Error reading configuration 22: Invalid argument
gssproxy[25537]: Error reading new configuration on SIGHUP; keeping old configuration instead!

  Testing basic init/accept context
[FAIL] (20) Init test returned 0 (expected nonzero)
[INFO] To debug this test case, run:
    make check CHECKARGS='--debug-num=20'
[FAIL] (21) Accept test returned 0 (expected nonzero)
[INFO] To debug this test case, run:
    make check CHECKARGS='--debug-num=21'
Testing SIGHUP with new service
  Testing basic init/accept context
[PASS] (22) Init test returned 0
[PASS] (23) Accept test returned 0
Testing SIGHUP with change of socket
  Testing basic init/accept context
[PASS] (24) Init test returned 0
[PASS] (25) Accept test returned 0
Testing setting credential options...
[PASS] (26) Set cred options test returned 0
Killing LDAP(25521)
Killing KDC(25527)
Killing GSS-Proxy(25537)
make: *** [Makefile:2233: check] Error 1

OTOH, this PR was about running tests, and they do run. :D