support/testing: new test for root password

Add support to test that the root passowrd is working as expected.
- Buildtime test: Check the hash present in the generated '/etc/shadow'.
- Runtime test: Build an armv7 image and try to login with a password.

Signed-off-by: Victor Huesca <victor.huesca@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 7ee6e248b1bf18c645717755938aa638a075c2ee..99940640a535f74a46ae982750e586ab51d19b0f 100644 (file)
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -341,6 +341,7 @@ tests.core.test_hardening.TestRelroPartial: { extends: .runtime_test }
 tests.core.test_hardening.TestSspNone: { extends: .runtime_test }
 tests.core.test_hardening.TestSspStrong: { extends: .runtime_test }
 tests.core.test_post_scripts.TestPostScripts: { extends: .runtime_test }
+tests.core.test_root_password.TestRootPassword: { extends: .runtime_test }
 tests.core.test_rootfs_overlay.TestRootfsOverlay: { extends: .runtime_test }
 tests.core.test_timezone.TestGlibcAllTimezone: { extends: .runtime_test }
 tests.core.test_timezone.TestGlibcNonDefaultLimitedTimezone: { extends: .runtime_test }

diff --git a/DEVELOPERS b/DEVELOPERS
index 27a98db256d71b12d21426363123ee642ae21c78..5fe244a570785d67701b7c77ad45e9f70a46b889 100644 (file)
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -2308,6 +2308,9 @@ F:        package/llvm/
 N:     Vanya Sergeev <vsergeev@gmail.com>
 F:     package/lua-periphery/
 
+N:     Victor Huesca <victor.huesca@bootlin.com>
+F:     support/testing/tests/core/test_root_password.py
+
 N:     Vincent Prince <vincent.prince.fr@gmail.com>
 F:     package/nss-myhostname/
 F:     package/utp_com/

diff --git a/support/testing/tests/core/test_root_password.py b/support/testing/tests/core/test_root_password.py
new file mode 100644 (file)
index 0000000..aefcd36
--- /dev/null
+++ b/support/testing/tests/core/test_root_password.py
@@ -0,0 +1,36 @@
+import os
+import infra.basetest
+from crypt import crypt
+
+
+class TestRootPassword(infra.basetest.BRTest):
+    password = "foo"
+    config = infra.basetest.BASIC_TOOLCHAIN_CONFIG + \
+        """
+        BR2_TARGET_ROOTFS_CPIO=y
+        BR2_TARGET_ENABLE_ROOT_LOGIN=y
+        BR2_TARGET_GENERIC_ROOT_PASSWD="{}"
+        """.format(password)
+
+    def test_run(self):
+        # 1. Test by looking hash in the /etc/shadow
+        shadow = os.path.join(self.builddir, "target", "etc", "shadow")
+        with open(shadow, "r") as f:
+            users = f.readlines()
+            for user in users:
+                s = user.split(":")
+                n, h = s[0], s[1]
+                if n == "root":
+                    # Fail if the account is disabled or no password is required
+                    self.assertTrue(h not in ["", "*"])
+                    # Fail if the hash isn't right
+                    self.assertEqual(crypt(self.password, h), h)
+
+        # 2. Test by attempting to login
+        cpio_file = os.path.join(self.builddir, "images", "rootfs.cpio")
+        try:
+            self.emulator.boot(arch="armv7", kernel="builtin",
+                               options=["-initrd", cpio_file])
+            self.emulator.login(self.password)
+        except SystemError:
+            self.fail("Unable to login with the password")