From 8a9014f801896f6257883015a36d77acab52b14d Mon Sep 17 00:00:00 2001 From: Alexander Popov Date: Sun, 13 Aug 2023 20:37:28 +0300 Subject: [PATCH] Add --sysctl to functional testing Refers to #65 --- .github/workflows/functional_test.sh | 14 ++++++++------ .github/workflows/functional_test.yml | 3 ++- .woodpecker/functional_test.yml | 3 ++- 3 files changed, 12 insertions(+), 8 deletions(-) diff --git a/.github/workflows/functional_test.sh b/.github/workflows/functional_test.sh index c41a7ad..9553301 100644 --- a/.github/workflows/functional_test.sh +++ b/.github/workflows/functional_test.sh @@ -35,10 +35,11 @@ coverage run -a --branch bin/kconfig-hardened-check -g X86_32 coverage run -a --branch bin/kconfig-hardened-check -g ARM64 coverage run -a --branch bin/kconfig-hardened-check -g ARM -echo ">>>>> check the example kconfig files and cmdline <<<<<" +echo ">>>>> check the example kconfig files, cmdline, and sysctl <<<<<" cat /proc/cmdline echo "l1tf=off mds=full randomize_kstack_offset=on iommu.passthrough=0" > ./cmdline_example cat ./cmdline_example +sysctl -a > /tmp/sysctls CONFIG_DIR=`find . -name config_files` KCONFIGS=`find $CONFIG_DIR -type f | grep -e "\.config" -e "\.gz"` COUNT=0 @@ -49,11 +50,12 @@ do coverage run -a --branch bin/kconfig-hardened-check -c $C > /dev/null coverage run -a --branch bin/kconfig-hardened-check -c $C -m verbose > /dev/null coverage run -a --branch bin/kconfig-hardened-check -c $C -l /proc/cmdline > /dev/null - coverage run -a --branch bin/kconfig-hardened-check -c $C -l ./cmdline_example > /dev/null - coverage run -a --branch bin/kconfig-hardened-check -c $C -l ./cmdline_example -m verbose > /dev/null - coverage run -a --branch bin/kconfig-hardened-check -c $C -l ./cmdline_example -m json > /dev/null - coverage run -a --branch bin/kconfig-hardened-check -c $C -l ./cmdline_example -m show_ok > /dev/null - coverage run -a --branch bin/kconfig-hardened-check -c $C -l ./cmdline_example -m show_fail > /dev/null + coverage run -a --branch bin/kconfig-hardened-check -c $C -s /tmp/sysctls > /dev/null + coverage run -a --branch bin/kconfig-hardened-check -c $C -l ./cmdline_example -s /tmp/sysctls > /dev/null + coverage run -a --branch bin/kconfig-hardened-check -c $C -l ./cmdline_example -s /tmp/sysctls -m verbose > /dev/null + coverage run -a --branch bin/kconfig-hardened-check -c $C -l ./cmdline_example -s /tmp/sysctls -m json > /dev/null + coverage run -a --branch bin/kconfig-hardened-check -c $C -l ./cmdline_example -s /tmp/sysctls -m show_ok > /dev/null + coverage run -a --branch bin/kconfig-hardened-check -c $C -l ./cmdline_example -s /tmp/sysctls -m show_fail > /dev/null done echo "\n>>>>> have checked $COUNT kconfigs <<<<<" diff --git a/.github/workflows/functional_test.yml b/.github/workflows/functional_test.yml index 31e44d0..8441cc3 100644 --- a/.github/workflows/functional_test.yml +++ b/.github/workflows/functional_test.yml @@ -36,6 +36,7 @@ jobs: - name: Check all configs with the installed tool run: | echo "Check all configs with the installed tool..." + sysctl -a > /tmp/sysctls CONFIG_DIR=`find /opt/hostedtoolcache/Python/ -name config_files` KCONFIGS=`find $CONFIG_DIR -type f | grep -e "\.config" -e "\.gz"` COUNT=0 @@ -43,7 +44,7 @@ jobs: do COUNT=$(expr $COUNT + 1) echo -e "\n>>>>> checking kconfig number $COUNT <<<<<" - kconfig-hardened-check -c $C -l /proc/cmdline + kconfig-hardened-check -c $C -l /proc/cmdline -s /tmp/sysctls done echo -e "\nHave checked $COUNT kconfigs" diff --git a/.woodpecker/functional_test.yml b/.woodpecker/functional_test.yml index 8286f78..b7d014f 100644 --- a/.woodpecker/functional_test.yml +++ b/.woodpecker/functional_test.yml @@ -15,10 +15,11 @@ steps: - which kconfig-hardened-check - kconfig-hardened-check - echo "Check all configs with the installed tool..." + - sysctl -a > /tmp/sysctls - CONFIG_DIR=`find /usr/local/lib/ -name config_files` - KCONFIGS=`find $CONFIG_DIR -type f | grep -e "\.config" -e "\.gz"` - COUNT=0 - - for C in $KCONFIGS; do COUNT=$(expr $COUNT + 1); echo ">>>>> checking kconfig number $COUNT <<<<<"; kconfig-hardened-check -c $C -l /proc/cmdline; done + - for C in $KCONFIGS; do COUNT=$(expr $COUNT + 1); echo ">>>>> checking kconfig number $COUNT <<<<<"; kconfig-hardened-check -c $C -l /proc/cmdline -s /tmp/sysctls; done - echo "Have checked $COUNT kconfigs" functional-test-with-coverage: image: python:3 -- 2.31.1