bunpen: refactor: backfill tests for --bunpen-path option

2024-12-16 02:49:30 +00:00
parent 3b0f97a795
commit 3cd5a1b598
1 changed files with 118 additions and 44 deletions
--- a/pkgs/by-name/bunpen/integration_test
+++ b/pkgs/by-name/bunpen/integration_test
@@ -5,6 +5,7 @@ set -eu

 # we can't rely on /usr/bin/env existing in the nix build environment
 env=$(which env)
+test=$(which test)

 die() {
  echo "$1"
@@ -29,6 +30,10 @@ test_01_invoke_03_errors_on_invalid_file() {
  bunpen --bunpen-path / this_file_does_not_exist && return 1 || true
 }

+test_01_invoke_04_errors_if_not_in_sandbox() {
+  bunpen true && return 1 || true
+}
+
 test_02_env_arg_01_disable() {
  BUNPEN_DISABLE=1 bunpen true
 }
@@ -68,6 +73,99 @@ test_04_logs_02_enabled() {
  test -n "$stdout"
 }

+test_05_path_01_minimal() {
+  bunpen --bunpen-path "$env" --bunpen-path /nix/store "$env"
+}
+
+test_05_path_02_no_extra_in_sandbox() {
+  touch test_file0
+  bunpen --bunpen-path "$test" --bunpen-path /nix/store "$test" ! -f test_file0
+}
+
+test_05_path_03_added_to_sandbox() {
+  touch test_file0
+  bunpen --bunpen-path "$test" --bunpen-path /nix/store --bunpen-path test_file0 "$test" -f test_file0
+}
+
+test_06_path_04_handles_non_existent() {
+  bunpen --bunpen-path "$test" --bunpen-path /nix/store --bunpen-path test_file0 "$test" ! -f test_file0
+}
+
+test_06_path_05_absolute() {
+  touch test_file0
+  local p=$(realpath test_file0)
+  bunpen --bunpen-path "$test" --bunpen-path /nix/store --bunpen-path "$p" "$test" -f "$p"
+}
+
+test_06_path_06_home() {
+  mkdir test_dir0
+  touch test_dir0/test_file0
+  export HOME=$PWD/test_dir0
+  bunpen --bunpen-path "$test" --bunpen-path /nix/store --bunpen-path '$HOME/test_file0' "$test" -f "$HOME/test_file0"
+}
+
+test_06_path_07_xdg_runtime_dir() {
+  mkdir test_dir0
+  touch test_dir0/test_file0
+  mkdir test_dir1
+  touch test_dir1/test_file1
+  export HOME=$PWD/test_dir0
+  export XDG_RUNTIME_DIR=$PWD/test_dir1
+  bunpen --bunpen-path "$test" --bunpen-path /nix/store --bunpen-path '$XDG_RUNTIME_DIR/test_file1' "$test" -f "$XDG_RUNTIME_DIR/test_file1"
+}
+
+test_06_path_08_symlink_1_layer() {
+  touch test_file0
+  ln -s test_file0 test_symlink0
+  touch test_file1
+  bunpen --bunpen-path "$test" --bunpen-path /nix/store --bunpen-path test_symlink0 "$test" -f test_file0 -a -f test_symlink0 -a ! -f test_file1
+}
+
+test_06_path_08_symlink_2_layers() {
+  touch test_file0
+  ln -s test_file0 test_symlink0
+  ln -s test_symlink0 test_symlink1
+  touch test_file1
+  bunpen --bunpen-path "$test" --bunpen-path /nix/store --bunpen-path test_symlink1 "$test" -f test_file0 -a -f test_symlink1 -a -f test_symlink0 -a ! -f test_file1
+}
+
+test_06_keep_net() {
+  # new namespaces get a loopback device, however bunpen doesn't auto-up the loopback.
+  # most containers (e.g. nix build environment) do up the lo.
+  # it wouldn't necessarily be _bad_ if bunpen changed behavior here,
+  # but in the meantime this is the easiest way to see that --bunpen-keep-net *does something*
+  # (better would be to try communicating between test runner and bunpen program, e.g. netcat?)
+  test -n "$(bunpen --bunpen-path / --bunpen-keep-net ip link show lo up)"
+  test -z "$(bunpen --bunpen-path / ip link show lo up)"
+}
+
+test_07_env_01_keep() {
+  ORIG_ENV=orig bunpen --bunpen-path / bash -c '[[ "$ORIG_ENV" = orig && -z "$NOT_ENV" ]]'
+}
+
+test_07_env_02_new() {
+  bunpen --bunpen-path / --bunpen-env NEW_ENV=new bash -c '[[ "$NEW_ENV" = new && -z "$NOT_ENV" ]]'
+}
+
+test_07_env_03_update() {
+  UPD_ENV=orig bunpen --bunpen-path / --bunpen-env UPD_ENV=new bash -c '[[ "$UPD_ENV" = new && -z "$NOT_ENV" ]]'
+}
+
+test_07_env_04_substitute_home() {
+  # HOME defaults to /homeless-shelter
+  # XDG_RUNTIME_DIR defaults to (unset)
+  bunpen --bunpen-path / --bunpen-env 'H_ENV=/head$HOME/tail' --bunpen-env 'R_ENV=$XDG_RUNTIME_DIR/tail' bash -c \
+    '[[ "$H_ENV" = /head/homeless-shelter/tail && "$R_ENV" = /tail ]]'
+}
+test_07_env_05_subtitute_home_and_runtime() {
+  XDG_RUNTIME_DIR=/r/t bunpen --bunpen-path / --bunpen-env 'H_ENV=/head$HOME/tail' --bunpen-env 'R_ENV=$XDG_RUNTIME_DIR/tail' bash -c \
+    '[[ "$H_ENV" = /head/homeless-shelter/tail && "$R_ENV" = /r/t/tail ]]'
+}
+test_07_env_06_subsitute_escape() {
+  bunpen --bunpen-path / --bunpen-env 'H_ENV=/head$$HOME/tail' --bunpen-env 'H_ENV2=$$$HOME/tail' bash -c \
+    'echo "$H_ENV2" && [[ "$H_ENV" = '"'"'/head$HOME/tail'"'"' && "$H_ENV2" = '"'"'$/homeless-shelter/tail'"'"' ]]'
+}
+
 # runs a command in the sandbox and sends the sandbox helper SIGHUP.
 # if the command runs to completion (because e.g. SIGHUP was blocked), it prints "completed"
 # if the command aborts (because it received SIGHUP), it doesn't print anything.
@@ -86,24 +184,14 @@ signal_test_helper() {
  echo "$line"
 }

-test_05_signals_01_receives() {
+test_08_signals_01_receives() {
  test -z "$(signal_test_helper)"
 }
-test_05_signals_02_forwards() {
+test_08_signals_02_forwards() {
  test "$(signal_test_helper nohup)" = "completed"
 }

-test_06_keep_net() {
-  # new namespaces get a loopback device, however bunpen doesn't auto-up the loopback.
-  # most containers (e.g. nix build environment) do up the lo.
-  # it wouldn't necessarily be _bad_ if bunpen changed behavior here,
-  # but in the meantime this is the easiest way to see that --bunpen-keep-net *does something*
-  # (better would be to try communicating between test runner and bunpen program, e.g. netcat?)
-  test -n "$(bunpen --bunpen-path / --bunpen-keep-net ip link show lo up)"
-  test -z "$(bunpen --bunpen-path / ip link show lo up)"
-}
-
-test_07_reap_children() {
+test_09_reap_children() {
  # in a PID namespace, PID 1 needs to reap children.
  # that is, any processes which `fork` away from the main program being sandboxed,
  # and then exit, become zombies: PID 1 needs to `wait` on them to properly dispose of the processes.
@@ -114,47 +202,33 @@ test_07_reap_children() {
  ps x | grep -E 'Zs +[0-9]+:[0-9]+ \[true\] <defunct>' && return 1 || return 0
 }

-test_08_env_01_keep() {
-  ORIG_ENV=orig bunpen --bunpen-path / bash -c '[[ "$ORIG_ENV" = orig && -z "$NOT_ENV" ]]'
-}

-test_08_env_02_new() {
-  bunpen --bunpen-path / --bunpen-env NEW_ENV=new bash -c '[[ "$NEW_ENV" = new && -z "$NOT_ENV" ]]'
-}
-
-test_08_env_03_update() {
-  UPD_ENV=orig bunpen --bunpen-path / --bunpen-env UPD_ENV=new bash -c '[[ "$UPD_ENV" = new && -z "$NOT_ENV" ]]'
-}
-
-test_08_env_04_substitute_home() {
-  # HOME defaults to /homeless-shelter
-  # XDG_RUNTIME_DIR defaults to (unset)
-  bunpen --bunpen-path / --bunpen-env 'H_ENV=/head$HOME/tail' --bunpen-env 'R_ENV=$XDG_RUNTIME_DIR/tail' bash -c \
-    '[[ "$H_ENV" = /head/homeless-shelter/tail && "$R_ENV" = /tail ]]'
-}
-test_08_env_05_subtitute_home_and_runtime() {
-  XDG_RUNTIME_DIR=/r/t bunpen --bunpen-path / --bunpen-env 'H_ENV=/head$HOME/tail' --bunpen-env 'R_ENV=$XDG_RUNTIME_DIR/tail' bash -c \
-    '[[ "$H_ENV" = /head/homeless-shelter/tail && "$R_ENV" = /r/t/tail ]]'
-}
-test_08_env_06_subsitute_escape() {
-  bunpen --bunpen-path / --bunpen-env 'H_ENV=/head$$HOME/tail' --bunpen-env 'H_ENV2=$$$HOME/tail' bash -c \
-    'echo "$H_ENV2" && [[ "$H_ENV" = '"'"'/head$HOME/tail'"'"' && "$H_ENV2" = '"'"'$/homeless-shelter/tail'"'"' ]]'
-}
-
-
-tested=
 rc=0
+succeeded=()
+failed=()
 for f in $(declare -F); do
  if [[ "$f" =~ ^test_* ]]; then
+    mkdir "$f"
    echo -n "$f: ..."
-    if "$f"; then
+    if (cd "$f"; "$f"); then
      echo " SUCCESS"
+      succeeded+=("$f")
    else
      rc=1
      echo " FAIL"
+      failed+=("$f")
    fi
-    tested="$tested"1
  fi
 done

-test -n "$tested" && exit "$rc"
+if [[ -n "${#failed[@]}" ]]; then
+  echo
+  echo "FAILED TESTS:"
+fi
+
+for t in "${failed[@]}"; do
+  echo "- $t"
+done
+
+test -n "${#succeeded[@]}"
+exit "$rc"