Merge pull request #5317 from robin2008/secureroot

Looks good to me. I agree to merge.

xCAT-test/autotest/testcase/nodeset/cases0

@@ -473,3 +473,21 @@ check:output=~$$CN:\s*install
 cmd:imagename=`cat /tmp/imagename`;osversion=`lsdef -t osimage -o $imagename |grep osvers|awk -F= '{print $2}'`;versionnum=`echo $osversion |sed 's:[a-zA-Z]::g'`;grep -w -A10 "$$CN" /var/lib/dhcpd/dhcpd.leases | grep "/install/$osversion/armel/cumulus-linux-$versionnum-bcm-armel.bin"
 check:rc==0
 end
+
+start:nodeset_secureroot
+os: rhels
+description: Test nodeset could generate right installation files when site.secureroot=1
+label: others,security
+cmd: chdef -t site secureroot=1
+cmd: myimage=__GETNODEATTR($$CN,provmethod)__; osimage=__GETNODEATTR($$CN,os)__-__GETNODEATTR($$CN,arch)__-install-compute; cn=$$CN
+test -f /install/autoinst/$cn && mv -f /install/autoinst/$cn /install/autoinst/$cn.secureroot
+nodeset $cn osimage=$osimage
+myresult=$?
+chdef $cn provmethod=$myimage
+test $myresult -eq 0
+check:rc==0
+cmd: cat /install/autoinst/$$CN | grep '^rootpw --iscrypted \*' > /dev/null
+check:rc==0
+cmd: chdef -t site secureroot=
+cmd: test -f /install/autoinst/$$CN.secureroot && mv -f /install/autoinst/$$CN.secureroot /install/autoinst/$$CN
+end

xCAT-test/autotest/testcase/packimg/cases_secure_protect

@@ -0,0 +1,42 @@
+start:packimage_nosyncfiles
+os:Linux
+description: Test packimage with --nosyncfiles
+label: others,security
+cmd: myimage=$$OSIMAGE
+lsdef -t osimage -o $myimage -z > /tmp/packimage_nosyncfiles.osimage && \
+chdef -t osimage -o "$myimage" rootimgdir=/tmp/packimage_nosyncfiles/rootimgdir && \
+chdef -t osimage -o "$myimage" synclists=/tmp/packimage_nosyncfiles.sensitive.$$ && \
+touch /tmp/packimage_nosyncfiles.sensitive && \
+echo "/tmp/packimage_nosyncfiles.sensitive -> /etc/sensitive.xcattesting" > /tmp/packimage_nosyncfiles.sensitive.$$ && \
+genimage "$myimage" && \
+packimage "$myimage" --nosyncfiles
+if [ $? = 0 ]; then
+  test ! -e /tmp/packimage_nosyncfiles/rootimgdir/rootimg/etc/sensitive.xcattesting
+else
+  false
+fi
+check:rc==0
+cmd: test -e /tmp/packimage_nosyncfiles.osimage && cat /tmp/packimage_nosyncfiles.osimage | mkdef -t osimage $$OSIMAGE -f
+cmd: rm -rf /tmp/packimage_nosyncfiles*
+end
+
+start:packimage_secureroot
+os:Linux
+description: Test packimage with site.secureroot=1
+label: others,security
+cmd: chdef -t site secureroot=1
+cmd: myimage=$$OSIMAGE
+lsdef -t osimage $myimage -z > /tmp/packimage_secureroot.osimage && \
+chdef -t osimage -o "$myimage" rootimgdir=/tmp/packimage_secureroot/rootimgdir && \
+genimage "$myimage" && \
+packimage "$myimage" --nosyncfiles
+if [ $? = 0 ]; then
+  grep '^root\:\*\:' /tmp/packimage_secureroot/rootimgdir/rootimg/etc/shadow
+else
+  false
+fi
+check:rc==0
+cmd: test -e /tmp/packimage_secureroot.osimage && cat /tmp/packimage_secureroot.osimage | mkdef -t osimage $$OSIMAGE -f
+cmd: rm -rf /tmp/packimage_secureroot*
+cmd: chdef -t site secureroot=
+end