[107515] trunk/base/tests/test/trace

cal at macports.org cal at macports.org
Mon Jul 1 17:22:03 PDT 2013 

Revision: 107515
          https://trac.macports.org/changeset/107515
Author:   cal at macports.org
Date:     2013-07-01 17:22:03 -0700 (Mon, 01 Jul 2013)
Log Message:
-----------
trace test: fix to correctly test trace mode

Previously, this test tested privilege separation rather than trace mode,
because the location the Portfiles tried to access was in the trace sandbox.

This test helped uncover a series of problems in trace mode I have fixed
locally and will commit shortly.

Modified Paths:
--------------
    trunk/base/tests/test/trace/Makefile
    trunk/base/tests/test/trace/Portfile

Modified: trunk/base/tests/test/trace/Makefile
===================================================================
--- trunk/base/tests/test/trace/Makefile	2013-07-02 00:01:14 UTC (rev 107514)
+++ trunk/base/tests/test/trace/Makefile	2013-07-02 00:22:03 UTC (rev 107515)
@@ -2,33 +2,27 @@
 
 .PHONY: test
 
+PWD=$(shell dirname `pwd`)
+
 $(bindir)/port:
 	@echo "Please install MacPorts before running this test"
 	@exit 1
 
 test:
 	@PORTSRC=$(PORTSRC) $(bindir)/port clean > /dev/null
-	@touch delete-trace
-	@touch rename-trace
-	@mkdir -p rmdir-trace
-	@rm -f create-trace
-	@rm -f create-trace-modenv
-	@rm -rf mkdir-trace
+	@mkdir -p ../tracetesttmp
+	@chown $(RUNUSR) ../tracetesttmp
+	@sudo -u $(RUNUSR) touch ../tracetesttmp/delete-trace
+	@sudo -u $(RUNUSR) touch ../tracetesttmp/rename-trace
+	@sudo -u $(RUNUSR) mkdir -p ../tracetesttmp/rmdir-trace
 	@rm -f /tmp/hello-trace
-	@rm -f link-trace
-	@ln -s /usr/include/unistd.h /tmp/link-trace2
-	@-PORTSRC=$(PORTSRC) $(bindir)/port -t test > output 2>&1 || (cat output; exit 1)
-	@rm -f link-trace
+	@ln -sf /usr/include/unistd.h /tmp/link-trace2
+	@chown -h $(RUNUSR) /tmp/link-trace2
+	@PORTSRC=$(PORTSRC) $(bindir)/port -t test > output 2>&1 || (cat output; exit 1)
 	@rm -f /tmp/link-trace2
-	@rm -f delete-trace
-	@rm -f rename-trace
-	@rm -f rename-new-trace
-	@rm -f create-trace
-	@rm -f create-trace-modenv
-	@rm -rf mkdir-trace
-	@rm -rf rmdir-trace
 	@rm -f /tmp/hello-trace
-	@sed -e "s|${PWD}|PWD|g" < output > output.sed
+	@rm -rf ../tracetesttmp
+	@sed -e "s|$(PWD)|PWD|g" < output > output.sed
 	@diff -u master output.sed 2>&1 | tee difference
 	@if [ -s difference ]; then \
 		exit 1; \

Modified: trunk/base/tests/test/trace/Portfile
===================================================================
--- trunk/base/tests/test/trace/Portfile	2013-07-02 00:01:14 UTC (rev 107514)
+++ trunk/base/tests/test/trace/Portfile	2013-07-02 00:22:03 UTC (rev 107515)
@@ -1,33 +1,50 @@
+# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
 # $Id$
 
-PortSystem 1.0
-name		trace
-version		1
-categories	test
-maintainers	pguyot at kallisys.net
-description	Test port for -t
-homepage	http://www.macports.org/
-platforms	darwin
+PortSystem          1.0
+name                trace
+version             1
+categories          test
+maintainers         pguyot at kallisys.net
+description         Test port for -t
+homepage            http://www.macports.org/
+platforms           darwin
 
-long_description ${description}
+long_description    ${description}
 
 distfiles
-use_configure no
-build		{}
-destroot	{
-	system "touch ${destroot}${prefix}/lib/${name}"
+use_configure       no
+build {}
+destroot {
+    system "touch ${destroot}${prefix}/lib/${name}"
 }
 
 test {
-	catch {system "touch create-trace"}
-	catch {system "rm delete-trace"}
-	system "touch /tmp/hello-trace"
-	system "rm /tmp/hello-trace"
-	system "ln -s /usr/include/ link-trace"
-	system "rm /tmp/link-trace2"
-	catch {system "mkdir mkdir-trace"}
-	catch {system "rmdir rmdir-trace"}
-	catch {system "mv rename-trace rename-new-trace"}
-	catch {system "DYLD_INSERT_LIBRARIES= touch create-trace-modenv"}
-	system "mkdir -p /usr/bin"
+    proc fails {operation} {
+        if {![catch $operation]} {
+            ui_error "Operation ${operation} succeeded although it should have failed!"
+            error "test failure"
+        }
+    }
+    # the port directory is outside of the sandbox; make sure files can't be
+    # created, deleted or symlinked into place here
+    fails {system "touch ../tracetesttmp/create-trace"}
+    fails {system "rm ../tracetesttmp/delete-trace"}
+    fails {system "ln -s /usr/include/ ../tracetesttmp/link-trace"}
+    # we also don't want mkdir or rmdir here
+    fails {system "mkdir ../tracetesttmp/mkdir-trace"}
+    fails {system "rmdir ../tracetesttmp/rmdir-trace"}
+    # renaming should also be prohibited
+    fails {system "mv ../tracetesttmp/rename-trace ../tracetesttmp/rename-new-trace"}
+
+    # test access to /tmp
+    system "touch /tmp/hello-trace"
+    system "rm /tmp/hello-trace"
+    system "rm /tmp/link-trace2"
+
+    # overwriting DYLD_INSERT_LIBRARIES should not allow escaping the sandbox (due to env restoring)
+    fails {system "DYLD_INSERT_LIBRARIES= touch ../tracetesttmp/create-trace-modenv"}
+
+    # if the directories already exist, mkdir -p should succeed.
+    system "mkdir -p /usr/bin"
 }
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/macports-changes/attachments/20130701/80cdc57d/attachment-0001.html>

More information about the macports-changes mailing list