61 lines
2.9 KiB
Text
61 lines
2.9 KiB
Text
|
#!/bin/sh
|
||
|
set -eu
|
||
|
export LC_ALL=C.UTF-8
|
||
|
if [ ! -e /mmdebstrap-testenv ]; then
|
||
|
echo "this test modifies the system and should only be run inside a container" >&2
|
||
|
exit 1
|
||
|
fi
|
||
|
adduser --gecos user --disabled-password user
|
||
|
echo user:100000:65536 | cmp /etc/subuid -
|
||
|
echo user:100000:65536 | cmp /etc/subgid -
|
||
|
sysctl -w kernel.unprivileged_userns_clone=1
|
||
|
# include iputils-ping so that we can verify that taridshift does not remove
|
||
|
# extended attributes
|
||
|
# run through tarshift no-op to create a tarball that should be bit-by-bit
|
||
|
# identical to a round trip through "taridshift X" and "taridshift -X"
|
||
|
runuser -u user -- {{ CMD }} --mode=unshare --variant=apt --include=iputils-ping {{ DIST }} - {{ MIRROR }} \
|
||
|
| ./taridshift 0 > /tmp/debian-chroot.tar
|
||
|
# make sure that xattrs are set in the original tarball
|
||
|
mkdir /tmp/debian-chroot
|
||
|
tar --xattrs --xattrs-include='*' --directory /tmp/debian-chroot -xf /tmp/debian-chroot.tar ./bin/ping
|
||
|
echo "/tmp/debian-chroot/bin/ping cap_net_raw=ep" > /tmp/expected
|
||
|
getcap /tmp/debian-chroot/bin/ping | diff -u /tmp/expected -
|
||
|
rm /tmp/debian-chroot/bin/ping
|
||
|
rmdir /tmp/debian-chroot/bin
|
||
|
rmdir /tmp/debian-chroot
|
||
|
# shift the uid/gid forward by 100000 and backward by 100000
|
||
|
./taridshift 100000 < /tmp/debian-chroot.tar > /tmp/debian-chroot-shifted.tar
|
||
|
./taridshift -100000 < /tmp/debian-chroot-shifted.tar > /tmp/debian-chroot-shiftedback.tar
|
||
|
# the tarball before and after the roundtrip through taridshift should be bit
|
||
|
# by bit identical
|
||
|
cmp /tmp/debian-chroot.tar /tmp/debian-chroot-shiftedback.tar
|
||
|
# manually adjust uid/gid and compare "tar -t" output
|
||
|
tar --numeric-owner -tvf /tmp/debian-chroot.tar \
|
||
|
| sed 's# 100/0 # 100100/100000 #' \
|
||
|
| sed 's# 100/8 # 100100/100008 #' \
|
||
|
| sed 's# 0/0 # 100000/100000 #' \
|
||
|
| sed 's# 0/5 # 100000/100005 #' \
|
||
|
| sed 's# 0/8 # 100000/100008 #' \
|
||
|
| sed 's# 0/42 # 100000/100042 #' \
|
||
|
| sed 's# 0/43 # 100000/100043 #' \
|
||
|
| sed 's# 0/50 # 100000/100050 #' \
|
||
|
| sed 's/ \+/ /g' \
|
||
|
> /tmp/debian-chroot.txt
|
||
|
tar --numeric-owner -tvf /tmp/debian-chroot-shifted.tar \
|
||
|
| sed 's/ \+/ /g' \
|
||
|
| diff -u /tmp/debian-chroot.txt -
|
||
|
mkdir /tmp/debian-chroot
|
||
|
tar --xattrs --xattrs-include='*' --directory /tmp/debian-chroot -xf /tmp/debian-chroot-shifted.tar
|
||
|
echo "100000 100000" > /tmp/expected
|
||
|
stat --format="%u %g" /tmp/debian-chroot/bin/ping | diff -u /tmp/expected -
|
||
|
echo "/tmp/debian-chroot/bin/ping cap_net_raw=ep" > /tmp/expected
|
||
|
getcap /tmp/debian-chroot/bin/ping | diff -u /tmp/expected -
|
||
|
echo "0 0" > /tmp/expected
|
||
|
runuser -u user -- {{ CMD }} --unshare-helper /usr/sbin/chroot /tmp/debian-chroot stat --format="%u %g" /bin/ping \
|
||
|
| diff -u /tmp/expected -
|
||
|
echo "/bin/ping cap_net_raw=ep" > /tmp/expected
|
||
|
runuser -u user -- {{ CMD }} --unshare-helper /usr/sbin/chroot /tmp/debian-chroot getcap /bin/ping \
|
||
|
| diff -u /tmp/expected -
|
||
|
rm /tmp/debian-chroot.tar /tmp/debian-chroot-shifted.tar /tmp/debian-chroot.txt /tmp/debian-chroot-shiftedback.tar /tmp/expected
|
||
|
rm -r /tmp/debian-chroot
|