From a4308b19135bdadf339163f7e127c628d987a0fc Mon Sep 17 00:00:00 2001 From: PhiBo Date: Wed, 28 Apr 2021 15:11:23 +0200 Subject: Add CodeQL checks Add initial github actions to perform CodeQL securtiy checks --- .github/workflows/codeql-analysis.yml | 71 +++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 .github/workflows/codeql-analysis.yml (limited to '.github') diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 00000000..9de367e5 --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,71 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: [ master ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ master ] + schedule: + - cron: '15 18 * * 0' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'cpp' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] + # Learn more: + # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main + + - name: Install packages + run: | + sudo apt-get install -y --no-install-recommends m4 gettext automake autoconf make build-essential + sudo apt-get install -y --no-install-recommends perl autotools-dev libdbi-dev libldap2-dev libpq-dev \ + libmysqlclient-dev libradcli-dev libkrb5-dev libdbi0-dev \ + libdbd-sqlite3 libssl-dev libcurl4-openssl-dev liburiparser-dev + + - name: Configure build + run: | + ./tools/setup + ./configure --enable-libtap + + - name: Build + run: | + make + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 -- cgit v1.2.3-74-g34f1 From fc71e3f9304ed51f3fd7ca544f38a30a590c8ba5 Mon Sep 17 00:00:00 2001 From: Sven Nierlein Date: Tue, 13 Apr 2021 09:15:12 +0200 Subject: migrate travis ci to github actions --- .github/NPTest.cache | 54 +++++++++++++++++++++++ .github/prepare_debian.sh | 99 +++++++++++++++++++++++++++++++++++++++++++ .github/workflows/test.yml | 77 +++++++++++++++++++++++++++++++++ .travis.yml | 98 ------------------------------------------ plugins/t/NPTest.cache.travis | 54 ----------------------- 5 files changed, 230 insertions(+), 152 deletions(-) create mode 100644 .github/NPTest.cache create mode 100755 .github/prepare_debian.sh create mode 100644 .github/workflows/test.yml delete mode 100644 .travis.yml delete mode 100644 plugins/t/NPTest.cache.travis (limited to '.github') diff --git a/.github/NPTest.cache b/.github/NPTest.cache new file mode 100644 index 00000000..232305a7 --- /dev/null +++ b/.github/NPTest.cache @@ -0,0 +1,54 @@ +{ + 'NP_ALLOW_SUDO' => 'yes', + 'NP_DNS_SERVER' => '8.8.8.8', + 'NP_GOOD_NTP_SERVICE' => '', + 'NP_HOST_DHCP_RESPONSIVE' => '', + 'NP_HOST_HPJD_PORT_INVALID' => '161', + 'NP_HOST_HPJD_PORT_VALID' => '', + 'NP_HOSTNAME_INVALID_CIDR' => '130.133.8.39/30', + 'NP_HOSTNAME_INVALID' => 'nosuchhost', + 'NP_HOSTNAME_VALID_CIDR' => '130.133.8.41/30', + 'NP_HOSTNAME_VALID_IP' => '130.133.8.40', + 'NP_HOSTNAME_VALID' => 'monitoring-plugins.org', + 'NP_HOSTNAME_VALID_REVERSE' => 'orwell.monitoring-plugins.org.', + 'NP_HOST_NONRESPONSIVE' => '192.168.1.2', + 'NP_HOST_RESPONSIVE' => 'localhost', + 'NP_HOST_SMB' => '', + 'NP_HOST_SNMP' => '', + 'NP_HOST_TCP_FTP' => '', + 'NP_HOST_TCP_HPJD' => '', + 'NP_HOST_TCP_HTTP2' => 'test.monitoring-plugins.org', + 'NP_HOST_TCP_HTTP' => 'localhost', + 'NP_HOST_TCP_IMAP' => 'imap.web.de', + 'NP_HOST_TCP_JABBER' => 'jabber.org', + 'NP_HOST_TCP_LDAP' => 'localhost', + 'NP_HOST_TCP_POP' => 'pop.web.de', + 'NP_HOST_TCP_PROXY' => 'localhost', + 'NP_HOST_TCP_SMTP' => 'localhost', + 'NP_HOST_TCP_SMTP_NOTLS' => '', + 'NP_HOST_TCP_SMTP_TLS' => '', + 'NP_HOST_TLS_CERT' => 'localhost', + 'NP_HOST_TLS_HTTP' => 'localhost', + 'NP_HOST_UDP_TIME' => 'none', + 'NP_INTERNET_ACCESS' => 'yes', + 'NP_LDAP_BASE_DN' => 'dc=nodomain', + 'NP_MOUNTPOINT2_VALID' => '/media/ramdisk1', + 'NP_MOUNTPOINT_VALID' => '/', + 'NP_MYSQL_LOGIN_DETAILS' => '-u root -d test', + 'NP_MYSQL_SERVER' => 'localhost', + 'NP_MYSQL_SOCKET' => '/var/run/mysqld/mysqld.sock', + 'NP_MYSQL_WITH_SLAVE' => '', + 'NP_MYSQL_WITH_SLAVE_LOGIN' => '', + 'NP_NO_NTP_SERVICE' => 'localhost', + 'NP_PORT_TCP_PROXY' => '3128', + 'NP_SMB_SHARE' => '', + 'NP_SMB_SHARE_DENY' => '', + 'NP_SMB_SHARE_SPC' => '', + 'NP_SMB_VALID_USER' => '', + 'NP_SMB_VALID_USER_PASS' => '', + 'NP_SNMP_COMMUNITY' => '', + 'NP_SNMP_USER' => '', + 'NP_SSH_CONFIGFILE' => '~/.ssh/config', + 'NP_SSH_HOST' => 'localhost', + 'NP_SSH_IDENTITY' => '~/.ssh/id_rsa' +} diff --git a/.github/prepare_debian.sh b/.github/prepare_debian.sh new file mode 100755 index 00000000..40053206 --- /dev/null +++ b/.github/prepare_debian.sh @@ -0,0 +1,99 @@ +#!/bin/bash + +set -x +set -e + +export DEBIAN_FRONTEND=noninteractive + +apt-get update +apt-get -y install software-properties-common +if [ $(lsb_release -is) = "Debian" ]; then + apt-add-repository non-free + apt-get update +fi +apt-get -y install perl autotools-dev libdbi-dev libldap2-dev libpq-dev libradcli-dev libnet-snmp-perl procps +apt-get -y install libdbi0-dev libdbd-sqlite3 libssl-dev dnsutils snmp-mibs-downloader libsnmp-perl snmpd +apt-get -y install fping snmp netcat smbclient vsftpd apache2 ssl-cert postfix libhttp-daemon-ssl-perl +apt-get -y install libdbd-sybase-perl libnet-dns-perl +apt-get -y install slapd ldap-utils +apt-get -y install gcc make autoconf automake gettext +apt-get -y install faketime +apt-get -y install libmonitoring-plugin-perl +apt-get -y install libcurl4-openssl-dev +apt-get -y install liburiparser-dev +apt-get -y install squid +apt-get -y install openssh-server +apt-get -y install mariadb-server mariadb-client libmariadb-dev +apt-get -y install cron iputils-ping +apt-get -y install iproute2 + +# remove ipv6 interface from hosts +if [ $(ip addr show | grep "inet6 ::1" | wc -l) -eq "0" ]; then + sed '/^::1/d' /etc/hosts > /tmp/hosts + cp -f /tmp/hosts /etc/hosts +fi + +ip addr show + +cat /etc/hosts + + +# apache +a2enmod ssl +a2ensite default-ssl +make-ssl-cert generate-default-snakeoil --force-overwrite +service apache2 start + +# squid +cp tools/squid.conf /etc/squid/squid.conf +service squid start + +# mariadb +service mariadb start +mysql -e "create database IF NOT EXISTS test;" -uroot + +# ldap +sed -e 's/cn=admin,dc=nodomain/'$(/usr/sbin/slapcat|grep ^dn:|awk '{print $2}')'/' -i .github/NPTest.cache +service slapd start + +# sshd +ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa +cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys +service ssh start +sleep 1 +ssh-keyscan localhost >> ~/.ssh/known_hosts +touch ~/.ssh/config + +# start one login session, required for check_users +( ssh -n -tt root@localhost "top" < /dev/null >/dev/null 2>&1 & ) +sleep 1 +who +ssh root@localhost "top -b -n 1" + +# snmpd +for DIR in /usr/share/snmp/mibs /usr/share/mibs; do + rm -f $DIR/ietf/SNMPv2-PDU \ + $DIR/ietf/IPSEC-SPD-MIB \ + $DIR/ietf/IPATM-IPMC-MIB \ + $DIR/iana/IANA-IPPM-METRICS-REGISTRY-MIB +done +mkdir -p /var/lib/snmp/mib_indexes +sed -e 's/^agentaddress.*/agentaddress 127.0.0.1/' -i /etc/snmp/snmpd.conf +service snmpd start + +# start cron, will be used by check_nagios +cron + +# start postfix +service postfix start + +# start ftpd +service vsftpd start + +# hostname +sed "/NP_HOST_TLS_CERT/s/.*/'NP_HOST_TLS_CERT' => '$(hostname)',/" -i /src/.github/NPTest.cache + +# create some test files to lower inodes +for i in $(seq 10); do + touch /media/ramdisk2/test.$1 +done diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 00000000..4c3497d0 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,77 @@ +name: Test + +on: + push: + branches: + - '*' + pull_request: + +jobs: +# macos: +# name: Running tests on ${{ matrix.os }} +# strategy: +# fail-fast: false +# matrix: +# os: +# - macos-10.15 +# runs-on: ${{ matrix.os }} +# steps: +# +# - name: Git clone repository +# uses: actions/checkout@v2 +# #- name: Setup tmate session, see https://github.com/marketplace/actions/debugging-with-tmate +# # uses: mxschmitt/action-tmate@v3 +# - name: Prepare machine +# run: | +# brew install automake +# - name: Run the tests +# run: | +# tools/setup \ +# && ./configure --enable-libtap \ +# && make \ +# && make test + + linux: + runs-on: ubuntu-latest + name: Running tests on ${{ matrix.distro }} + strategy: + fail-fast: false + matrix: + distro: + #- 'debian:10' + - 'debian:testing' + #- 'ubuntu:20.10' + #- 'centos:7' + #- 'centos:8' + include: + #- distro: 'debian:10' + # prepare: .github/prepare_debian.sh + - distro: 'debian:testing' + prepare: .github/prepare_debian.sh + #- distro: 'ubuntu:20.10' + # prepare: .github/prepare_debian.sh + #- distro: 'centos:7' + # prepare: .github/prepare_centos.sh + #- distro: 'centos:8' + # prepare: .github/prepare_centos.sh + steps: + - name: Git clone repository + uses: actions/checkout@v2 + #- name: Setup tmate session, see https://github.com/marketplace/actions/debugging-with-tmate + # uses: mxschmitt/action-tmate@v3 + - name: Run the tests on ${{ matrix.distro }} + run: | + docker volume create --driver local --opt type=tmpfs --opt device=tmpfs --opt o=size=100m,uid=1000 tmp-vol + docker run \ + -e NPTEST_ACCEPTDEFAULT=1 \ + -e NPTEST_CACHE="/src/.github/NPTest.cache" \ + -w /src -v ${PWD}:/src \ + --tmpfs /media/ramdisk1 \ + --mount source=tmp-vol,destination=/src,target=/media/ramdisk2 \ + ${{ matrix.distro }} \ + /bin/sh -c '${{ matrix.prepare }} && \ + tools/setup && \ + ./configure --enable-libtap && \ + make && \ + make test' + docker volume rm tmp-vol diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 3d9fe64e..00000000 --- a/.travis.yml +++ /dev/null @@ -1,98 +0,0 @@ -sudo: required -dist: xenial -language: c - -env: - global: - # This is the encrypted COVERITY_SCAN_TOKEN, created via the "travis - # encrypt" command using the project repository's public key. - - secure: "ggJ9c/VfKcwtrwz/My+ne4My7D8g3qi3vz5Hh+yLiri0+oIXCy313ZD6ssIEY/5beQZEOnuHhBgBJd/Y3clSQNc2M9fRNc+wxOkIO992lgnY0MZJN3y9MLfpqUbTClhU9Fst0qXQqGpI6UI8yz1tj7yKi7DPrycJLRrjMpyTfyo=" - -matrix: - include: - - compiler: "gcc" - os: linux - env: - - PLATFORM=linux BITS=64 HOST=x86_64 - addons: - coverity_scan: - project: - name: "monitoring-plugins/monitoring-plugins" - description: "Monitoring Plugins" - notification_email: team@monitoring-plugins.org - build_command_prepend: tools/setup && ./configure - build_command: make - branch_pattern: coverity.* - - compiler: "clang" - os: linux - env: - - PLATFORM=linux BITS=64 HOST=x86_64 - -before_install: - # Trusty related fixed - # multiverse is no on trusty activated (https://github.com/travis-ci/travis-ci/issues/4979) - - sudo apt-get install -qq --no-install-recommends software-properties-common - - sudo add-apt-repository "deb http://archive.ubuntu.com/ubuntu/ trusty multiverse" && sudo add-apt-repository "deb http://archive.ubuntu.com/ubuntu/ trusty-updates multiverse" - # /etc/hosts has IPv6 hosts (https://github.com/travis-ci/travis-ci/issues/4978) - - sudo [ $(ip addr show | grep "inet6 ::1" | wc -l) -eq "0" ] || sudo sed -i '/^::1/d' /etc/hosts - # Trusty has running ntpd on localhost, but we don't like that for our tests - - "sudo killall -9 ntpd ||:" - # Trusty has no swap, lets create some - - sudo fallocate -l 20M /swapfile; sudo chmod 600 /swapfile; sudo mkswap /swapfile; sudo swapon /swapfile - - sudo apt-get update -qq - - sudo apt-get purge -qq gawk - -install: - - sudo apt-get install -qq --no-install-recommends perl autotools-dev libdbi-dev libldap2-dev libpq-dev libmysqlclient-dev libradcli-dev libkrb5-dev libnet-snmp-perl procps - - sudo apt-get install -qq --no-install-recommends libdbi0-dev libdbd-sqlite3 libssl-dev dnsutils snmp-mibs-downloader libsnmp-perl snmpd - - sudo apt-get install -qq --no-install-recommends fping snmp netcat smbclient fping pure-ftpd apache2 ssl-cert postfix libhttp-daemon-ssl-perl - - sudo apt-get install -qq --no-install-recommends libdbd-sybase-perl libnet-dns-perl - - sudo apt-get install -qq --no-install-recommends slapd ldap-utils - - sudo apt-get install -qq --no-install-recommends autoconf automake - - sudo apt-get install -qq --no-install-recommends faketime - - sudo apt-get install -qq --no-install-recommends libmonitoring-plugin-perl - - sudo apt-get install -qq --no-install-recommends libcurl4-openssl-dev - - sudo apt-get install -qq --no-install-recommends liburiparser-dev - - sudo apt-get install -qq --no-install-recommends squid - # Trusty related dependencies (not yet provided) - - test "$(dpkg -l | grep -E "mysql-(client|server)-[0-9].[0-9]" | grep -c ^ii)" -gt 0 || sudo apt-get install -qq --no-install-recommends mariadb-client mariadb-server - # enable ssl apache - - sudo a2enmod ssl - - sudo a2ensite default-ssl - - sudo make-ssl-cert generate-default-snakeoil --force-overwrite - - sudo service apache2 reload - - sudo cp tools/squid.conf /etc/squid/squid.conf - - sudo service squid reload - - sudo service mysql restart - -before_script: - # ensure we have a test database in place for tests - - mysql -e "create database IF NOT EXISTS test;" -uroot - # Detect LDAP configuration (seems volatile on trusty env) - - sed -e 's/cn=admin,dc=nodomain/'$(sudo /usr/sbin/slapcat|grep ^dn:|grep cn=|awk '{print $2}')'/' -i plugins/t/NPTest.cache.travis - - tools/setup - - ./configure --enable-libtap - - make - - export NPTEST_ACCEPTDEFAULT=1 - - export NPTEST_CACHE="$(pwd)/plugins/t/NPTest.cache.travis" - - ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa - - cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys - - ssh-keyscan localhost >> ~/.ssh/known_hosts - - touch ~/.ssh/config - - sudo rm -f /usr/share/mibs/ietf/SNMPv2-PDU /usr/share/mibs/ietf/IPSEC-SPD-MIB /usr/share/mibs/ietf/IPATM-IPMC-MIB /usr/share/mibs/iana/IANA-IPPM-METRICS-REGISTRY-MIB - - sudo mkdir -p /var/lib/snmp/mib_indexes - - sudo mkdir /media/ramdisk && sudo chmod 777 /media/ramdisk && sudo mount -t tmpfs -o size=20% none /media/ramdisk - - sed "/NP_HOST_TLS_CERT/s/.*/'NP_HOST_TLS_CERT' => '$(hostname)',/" -i $NPTEST_CACHE - -script: - - if [ "$COVERITY_SCAN_BRANCH" != 1 ]; then make test; fi - -notifications: - irc: - channels: - - "chat.freenode.net#Monitoring-Plugins" - on_success: change - on_failure: always - skip_join: true - email: - # - team@monitoring-plugins.org diff --git a/plugins/t/NPTest.cache.travis b/plugins/t/NPTest.cache.travis deleted file mode 100644 index 9b9f8059..00000000 --- a/plugins/t/NPTest.cache.travis +++ /dev/null @@ -1,54 +0,0 @@ -{ - 'NP_ALLOW_SUDO' => 'yes', - 'NP_DNS_SERVER' => '8.8.8.8', - 'NP_GOOD_NTP_SERVICE' => '', - 'NP_HOST_DHCP_RESPONSIVE' => '', - 'NP_HOST_HPJD_PORT_INVALID' => '161', - 'NP_HOST_HPJD_PORT_VALID' => '', - 'NP_HOSTNAME_INVALID_CIDR' => '130.133.8.39/30', - 'NP_HOSTNAME_INVALID' => 'nosuchhost', - 'NP_HOSTNAME_VALID_CIDR' => '130.133.8.41/30', - 'NP_HOSTNAME_VALID_IP' => '130.133.8.40', - 'NP_HOSTNAME_VALID' => 'monitoring-plugins.org', - 'NP_HOSTNAME_VALID_REVERSE' => 'orwell.monitoring-plugins.org.', - 'NP_HOST_NONRESPONSIVE' => '10.0.0.1', - 'NP_HOST_RESPONSIVE' => 'localhost', - 'NP_HOST_SMB' => '', - 'NP_HOST_SNMP' => '', - 'NP_HOST_TCP_FTP' => '', - 'NP_HOST_TCP_HPJD' => '', - 'NP_HOST_TCP_HTTP2' => 'test.monitoring-plugins.org', - 'NP_HOST_TCP_HTTP' => 'localhost', - 'NP_HOST_TCP_IMAP' => 'imap.web.de', - 'NP_HOST_TCP_JABBER' => 'jabber.org', - 'NP_HOST_TCP_LDAP' => 'localhost', - 'NP_HOST_TCP_POP' => 'pop.web.de', - 'NP_HOST_TCP_PROXY' => 'localhost', - 'NP_HOST_TCP_SMTP' => 'localhost', - 'NP_HOST_TCP_SMTP_NOTLS' => '', - 'NP_HOST_TCP_SMTP_TLS' => '', - 'NP_HOST_TLS_CERT' => 'localhost, - 'NP_HOST_TLS_HTTP' => 'localhost', - 'NP_HOST_UDP_TIME' => 'none', - 'NP_INTERNET_ACCESS' => 'yes', - 'NP_LDAP_BASE_DN' => 'cn=admin,dc=nodomain', - 'NP_MOUNTPOINT2_VALID' => '/media/ramdisk', - 'NP_MOUNTPOINT_VALID' => '/', - 'NP_MYSQL_LOGIN_DETAILS' => '-u root -d test', - 'NP_MYSQL_SERVER' => 'localhost', - 'NP_MYSQL_SOCKET' => '/var/run/mysqld/mysqld.sock', - 'NP_MYSQL_WITH_SLAVE' => '', - 'NP_MYSQL_WITH_SLAVE_LOGIN' => '', - 'NP_NO_NTP_SERVICE' => 'localhost', - 'NP_PORT_TCP_PROXY' => '3128', - 'NP_SMB_SHARE' => '', - 'NP_SMB_SHARE_DENY' => '', - 'NP_SMB_SHARE_SPC' => '', - 'NP_SMB_VALID_USER' => '', - 'NP_SMB_VALID_USER_PASS' => '', - 'NP_SNMP_COMMUNITY' => '', - 'NP_SNMP_USER' => '', - 'NP_SSH_CONFIGFILE' => '~/.ssh/config', - 'NP_SSH_HOST' => 'localhost', - 'NP_SSH_IDENTITY' => '~/.ssh/id_rsa' -} -- cgit v1.2.3-74-g34f1 From 40e171b7cdb2262398728aa9b84e747a856d9c1f Mon Sep 17 00:00:00 2001 From: Jacob Hansen Date: Fri, 30 Apr 2021 09:38:19 +0200 Subject: Attempt to fix check_users Signed-off-by: Jacob Hansen --- .github/prepare_debian.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to '.github') diff --git a/.github/prepare_debian.sh b/.github/prepare_debian.sh index 40053206..3693accf 100755 --- a/.github/prepare_debian.sh +++ b/.github/prepare_debian.sh @@ -65,10 +65,12 @@ ssh-keyscan localhost >> ~/.ssh/known_hosts touch ~/.ssh/config # start one login session, required for check_users -( ssh -n -tt root@localhost "top" < /dev/null >/dev/null 2>&1 & ) -sleep 1 -who -ssh root@localhost "top -b -n 1" +#( ssh -n -tt root@localhost "top" < /dev/null >/dev/null 2>&1 & ) +ssh -tt localhost /dev/null 2>/dev/null & +disown %1 +#sleep 1 +#who +#ssh root@localhost "top -b -n 1" # snmpd for DIR in /usr/share/snmp/mibs /usr/share/mibs; do -- cgit v1.2.3-74-g34f1 From de9f85c916db4515bd81f2a000d7fb57f8e0f46a Mon Sep 17 00:00:00 2001 From: Jacob Hansen Date: Fri, 30 Apr 2021 12:33:52 +0200 Subject: Use openssl generated cert The SSL certificate generate using make-ssl-cert seems to not work well with a our plugins. Causing a "CN could not be found" error to be shown. Using an OpenSSL generated certifiticate, seems to work better. Signed-off-by: Jacob Hansen --- .github/prepare_debian.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to '.github') diff --git a/.github/prepare_debian.sh b/.github/prepare_debian.sh index 3693accf..a74f3464 100755 --- a/.github/prepare_debian.sh +++ b/.github/prepare_debian.sh @@ -41,8 +41,12 @@ cat /etc/hosts # apache a2enmod ssl a2ensite default-ssl -make-ssl-cert generate-default-snakeoil --force-overwrite -service apache2 start +# replace snakeoil certs with openssl generated ones as the make-ssl-cert ones +# seems to cause problems with our plugins +rm /etc/ssl/certs/ssl-cert-snakeoil.pem +rm /etc/ssl/private/ssl-cert-snakeoil.key +openssl req -nodes -newkey rsa:2048 -x509 -sha256 -days 365 -nodes -keyout /etc/ssl/private/ssl-cert-snakeoil.key -out /etc/ssl/certs/ssl-cert-snakeoil.pem -subj "/C=GB/ST=London/L=London/O=Global Security/OU=IT Department/CN=$(hostname)" +service apache2 restart # squid cp tools/squid.conf /etc/squid/squid.conf -- cgit v1.2.3-74-g34f1 From 227369bb3bec2a44ebece952a9085bfb032a7a0e Mon Sep 17 00:00:00 2001 From: Jacob Hansen Date: Wed, 19 May 2021 13:12:29 +0200 Subject: Disable IPv6 in tests Docker doesn't seem to have a working IPv6 stack by default. For now disable IPv6 tests. Signed-off-by: Jacob Hansen --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.github') diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 4c3497d0..06cc4419 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -71,7 +71,7 @@ jobs: ${{ matrix.distro }} \ /bin/sh -c '${{ matrix.prepare }} && \ tools/setup && \ - ./configure --enable-libtap && \ + ./configure --enable-libtap --with-ipv6=no && \ make && \ make test' docker volume rm tmp-vol -- cgit v1.2.3-74-g34f1 From 226469f970568340d27d90499199823b67b9e3dc Mon Sep 17 00:00:00 2001 From: Jacob Hansen Date: Wed, 19 May 2021 13:59:52 +0200 Subject: Prune container and volumes Rather than manully removing the tmpfs volume. Signed-off-by: Jacob Hansen --- .github/workflows/test.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to '.github') diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 06cc4419..3e467957 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -74,4 +74,5 @@ jobs: ./configure --enable-libtap --with-ipv6=no && \ make && \ make test' - docker volume rm tmp-vol + docker container prune -f + docker volume prune -f -- cgit v1.2.3-74-g34f1 From 6344d29143bfd80d511e6c2d4bd39b9f58e03f14 Mon Sep 17 00:00:00 2001 From: Sven Nierlein Date: Thu, 20 May 2021 17:49:46 +0200 Subject: remove useless comments Signed-off-by: Sven Nierlein --- .github/prepare_debian.sh | 4 ---- .github/workflows/test.yml | 38 +++----------------------------------- 2 files changed, 3 insertions(+), 39 deletions(-) (limited to '.github') diff --git a/.github/prepare_debian.sh b/.github/prepare_debian.sh index a74f3464..c68b9f5d 100755 --- a/.github/prepare_debian.sh +++ b/.github/prepare_debian.sh @@ -69,12 +69,8 @@ ssh-keyscan localhost >> ~/.ssh/known_hosts touch ~/.ssh/config # start one login session, required for check_users -#( ssh -n -tt root@localhost "top" < /dev/null >/dev/null 2>&1 & ) ssh -tt localhost /dev/null 2>/dev/null & disown %1 -#sleep 1 -#who -#ssh root@localhost "top -b -n 1" # snmpd for DIR in /usr/share/snmp/mibs /usr/share/mibs; do diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 3e467957..512d28e6 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -8,29 +8,7 @@ on: jobs: # macos: -# name: Running tests on ${{ matrix.os }} -# strategy: -# fail-fast: false -# matrix: -# os: -# - macos-10.15 -# runs-on: ${{ matrix.os }} -# steps: -# -# - name: Git clone repository -# uses: actions/checkout@v2 -# #- name: Setup tmate session, see https://github.com/marketplace/actions/debugging-with-tmate -# # uses: mxschmitt/action-tmate@v3 -# - name: Prepare machine -# run: | -# brew install automake -# - name: Run the tests -# run: | -# tools/setup \ -# && ./configure --enable-libtap \ -# && make \ -# && make test - +# ... linux: runs-on: ubuntu-latest name: Running tests on ${{ matrix.distro }} @@ -38,22 +16,12 @@ jobs: fail-fast: false matrix: distro: - #- 'debian:10' - 'debian:testing' - #- 'ubuntu:20.10' - #- 'centos:7' - #- 'centos:8' + #... include: - #- distro: 'debian:10' - # prepare: .github/prepare_debian.sh - distro: 'debian:testing' prepare: .github/prepare_debian.sh - #- distro: 'ubuntu:20.10' - # prepare: .github/prepare_debian.sh - #- distro: 'centos:7' - # prepare: .github/prepare_centos.sh - #- distro: 'centos:8' - # prepare: .github/prepare_centos.sh + #... steps: - name: Git clone repository uses: actions/checkout@v2 -- cgit v1.2.3-74-g34f1 From f29ba217d7521efda868551eab2866067615e49a Mon Sep 17 00:00:00 2001 From: rincewind Date: Wed, 1 Sep 2021 10:48:32 +0200 Subject: Use netcat-openbsd for debian explicitely --- .github/prepare_debian.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.github') diff --git a/.github/prepare_debian.sh b/.github/prepare_debian.sh index c68b9f5d..4021c104 100755 --- a/.github/prepare_debian.sh +++ b/.github/prepare_debian.sh @@ -13,7 +13,7 @@ if [ $(lsb_release -is) = "Debian" ]; then fi apt-get -y install perl autotools-dev libdbi-dev libldap2-dev libpq-dev libradcli-dev libnet-snmp-perl procps apt-get -y install libdbi0-dev libdbd-sqlite3 libssl-dev dnsutils snmp-mibs-downloader libsnmp-perl snmpd -apt-get -y install fping snmp netcat smbclient vsftpd apache2 ssl-cert postfix libhttp-daemon-ssl-perl +apt-get -y install fping snmp netcat-openbsd smbclient vsftpd apache2 ssl-cert postfix libhttp-daemon-ssl-perl apt-get -y install libdbd-sybase-perl libnet-dns-perl apt-get -y install slapd ldap-utils apt-get -y install gcc make autoconf automake gettext -- cgit v1.2.3-74-g34f1 From a96161c824f7f97830f4aa4daa166013961d55f1 Mon Sep 17 00:00:00 2001 From: Sven Nierlein Date: Mon, 25 Oct 2021 14:55:50 +0200 Subject: actions: map utmp from host to container this fixes the check_users not having any logged in user to check. --- .github/workflows/test.yml | 1 + 1 file changed, 1 insertion(+) (limited to '.github') diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 512d28e6..0f93930a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -35,6 +35,7 @@ jobs: -e NPTEST_CACHE="/src/.github/NPTest.cache" \ -w /src -v ${PWD}:/src \ --tmpfs /media/ramdisk1 \ + -v /var/run/utmp:/var/run/utmp \ --mount source=tmp-vol,destination=/src,target=/media/ramdisk2 \ ${{ matrix.distro }} \ /bin/sh -c '${{ matrix.prepare }} && \ -- cgit v1.2.3-74-g34f1