diff --git a/xCAT-test/autotest/testcase/nodeset/cases0 b/xCAT-test/autotest/testcase/nodeset/cases0 index c95fbec9c..ae13c016f 100644 --- a/xCAT-test/autotest/testcase/nodeset/cases0 +++ b/xCAT-test/autotest/testcase/nodeset/cases0 @@ -473,3 +473,21 @@ check:output=~$$CN:\s*install cmd:imagename=`cat /tmp/imagename`;osversion=`lsdef -t osimage -o $imagename |grep osvers|awk -F= '{print $2}'`;versionnum=`echo $osversion |sed 's:[a-zA-Z]::g'`;grep -w -A10 "$$CN" /var/lib/dhcpd/dhcpd.leases | grep "/install/$osversion/armel/cumulus-linux-$versionnum-bcm-armel.bin" check:rc==0 end + +start:nodeset_secureroot +os: rhels +description: Test nodeset could generate right installation files when site.secureroot=1 +label: others,security +cmd: chdef -t site secureroot=1 +cmd: myimage=__GETNODEATTR($$CN,provmethod)__; osimage=__GETNODEATTR($$CN,os)__-__GETNODEATTR($$CN,arch)__-install-compute; cn=$$CN +test -f /install/autoinst/$cn && mv -f /install/autoinst/$cn /install/autoinst/$cn.secureroot +nodeset $cn osimage=$osimage +myresult=$? +chdef $cn provmethod=$myimage +test $myresult -eq 0 +check:rc==0 +cmd: cat /install/autoinst/$$CN | grep '^rootpw --iscrypted \*' > /dev/null +check:rc==0 +cmd: chdef -t site secureroot= +cmd: test -f /install/autoinst/$$CN.secureroot && mv -f /install/autoinst/$$CN.secureroot /install/autoinst/$$CN +end diff --git a/xCAT-test/autotest/testcase/packimg/cases_secure_protect b/xCAT-test/autotest/testcase/packimg/cases_secure_protect new file mode 100644 index 000000000..0b4bd2c8d --- /dev/null +++ b/xCAT-test/autotest/testcase/packimg/cases_secure_protect @@ -0,0 +1,42 @@ +start:packimage_nosyncfiles +os:Linux +description: Test packimage with --nosyncfiles +label: others,security +cmd: myimage=$$OSIMAGE +lsdef -t osimage -o $myimage -z > /tmp/packimage_nosyncfiles.osimage && \ +chdef -t osimage -o "$myimage" rootimgdir=/tmp/packimage_nosyncfiles/rootimgdir && \ +chdef -t osimage -o "$myimage" synclists=/tmp/packimage_nosyncfiles.sensitive.$$ && \ +touch /tmp/packimage_nosyncfiles.sensitive && \ +echo "/tmp/packimage_nosyncfiles.sensitive -> /etc/sensitive.xcattesting" > /tmp/packimage_nosyncfiles.sensitive.$$ && \ +genimage "$myimage" && \ +packimage "$myimage" --nosyncfiles +if [ $? = 0 ]; then + test ! -e /tmp/packimage_nosyncfiles/rootimgdir/rootimg/etc/sensitive.xcattesting +else + false +fi +check:rc==0 +cmd: test -e /tmp/packimage_nosyncfiles.osimage && cat /tmp/packimage_nosyncfiles.osimage | mkdef -t osimage $$OSIMAGE -f +cmd: rm -rf /tmp/packimage_nosyncfiles* +end + +start:packimage_secureroot +os:Linux +description: Test packimage with site.secureroot=1 +label: others,security +cmd: chdef -t site secureroot=1 +cmd: myimage=$$OSIMAGE +lsdef -t osimage $myimage -z > /tmp/packimage_secureroot.osimage && \ +chdef -t osimage -o "$myimage" rootimgdir=/tmp/packimage_secureroot/rootimgdir && \ +genimage "$myimage" && \ +packimage "$myimage" --nosyncfiles +if [ $? = 0 ]; then + grep '^root\:\*\:' /tmp/packimage_secureroot/rootimgdir/rootimg/etc/shadow +else + false +fi +check:rc==0 +cmd: test -e /tmp/packimage_secureroot.osimage && cat /tmp/packimage_secureroot.osimage | mkdef -t osimage $$OSIMAGE -f +cmd: rm -rf /tmp/packimage_secureroot* +cmd: chdef -t site secureroot= +end