@@ -31,6 +31,7 @@ PTESTS_FAST = "\
libarchive \
libassuan \
libatomic-ops \
+ libcap \
libcheck \
libconfig \
libconvert-asn1-perl \
new file mode 100644
@@ -0,0 +1,25 @@
+#!/bin/sh
+
+EXPECT_FAIL=1
+EXPECT_PASS=0
+
+cd tests
+
+for t in uns_test psx_test libcap_launch_test cap_test exploit noexploit; do
+ output=$("./$t" 2>&1 )
+ status=$?
+
+ expected="$EXPECT_PASS"
+
+ if [ $t = 'exploit' ]; then
+ expected="$EXPECT_FAIL"
+ fi
+
+ if [ "$status" -eq "$expected" ]; then
+ echo "PASS: $t"
+ else
+ echo "FAIL: $t"
+ echo "$output"
+ fi
+done
+
@@ -11,16 +11,20 @@ LIC_FILES_CHKSUM = "file://License;md5=2965a646645b72ecee859b43c592dcaa \
"
DEPENDS = "hostperl-runtime-native gperf-native"
+RDEPENDS:${PN}-ptest += "bash"
SRC_URI = "${KERNELORG_MIRROR}/linux/libs/security/linux-privs/${BPN}2/${BPN}-${PV}.tar.xz"
SRC_URI:append:class-nativesdk = " \
file://0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch \
"
+SRC_URI:append = " \
+ file://run-ptest \
+ "
SRC_URI[sha256sum] = "0d621e562fd932ccf67b9660fb018e468a683d7b827541df27813228c996bb11"
UPSTREAM_CHECK_URI = "https://www.kernel.org/pub/linux/libs/security/linux-privs/${BPN}2/"
-inherit lib_package
+inherit lib_package ptest
PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}"
PACKAGECONFIG[pam] = "PAM_CAP=yes,PAM_CAP=no,libpam"
@@ -62,6 +66,44 @@ do_install:append() {
fi
}
+LIBCAP_PTEST_TESTS = " \
+ uns_test \
+ psx_test \
+ libcap_psx_test \
+ noop \
+ libcap_launch_test \
+ exploit \
+ noexploit \
+"
+
+do_compile_ptest() {
+ oe_runmake -C tests ${LIBCAP_PTEST_TESTS} \
+ AR="${AR}" \
+ CC="${CC}" \
+ RANLIB="${RANLIB}" \
+ OBJCOPY="${OBJCOPY}"
+ oe_runmake -C libcap cap_test \
+ AR="${AR}" \
+ CC="${CC}" \
+ RANLIB="${RANLIB}" \
+ OBJCOPY="${OBJCOPY}"
+ oe_runmake -C progs tcapsh-static \
+ AR="${AR}" \
+ RANLIB="${RANLIB}" \
+ OBJCOPY="${OBJCOPY}" \
+ CC="${CC}"
+}
+
+do_install_ptest() {
+ install -d ${D}${PTEST_PATH}/tests ${D}${PTEST_PATH}/progs
+
+ for f in ${LIBCAP_PTEST_TESTS}; do
+ install -m 0755 ${B}/tests/${f} ${D}${PTEST_PATH}/tests
+ done
+ install -m 0755 ${B}/libcap/cap_test ${D}${PTEST_PATH}/tests
+ install -m 0755 ${B}/progs/tcapsh-static ${D}${PTEST_PATH}/progs
+}
+
# pam files
FILES:${PN} += "${base_libdir}/security/*.so"
These ptests include a subset of upstream tests that provide functional coverage of core libcap and libpsx behavior across target systems. This approach is preferred instead of using libcap's quicktest.sh script because the later assumes the upstream build-tree layout and has too many dependencies not available after installation. Quicktest exercises a wide range of kernel capability features and environment-specific functionality that is too comprehensive for ptests. The ptests include the following from libcap/tests: uns_test, psx_test, libcap_launch_test, exploit and noexploit. cap_test from libcap/libcap is also included. These provide coverage for capability manipulation, libpsx integration, launch handling, and basic security validation. Signed-off-by: Kris Gavvala <kris.gavvala@windriver.com> --- changes in v2: - Removed libcap_psx_test from ptests - Added bash when installing ptests .../distro/include/ptest-packagelists.inc | 1 + meta/recipes-support/libcap/files/run-ptest | 25 +++++++++++ meta/recipes-support/libcap/libcap_2.78.bb | 44 ++++++++++++++++++- 3 files changed, 69 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-support/libcap/files/run-ptest