The branch main has been updated by bapt: URL: https://cgit.FreeBSD.org/src/commit/?id=0f92bee2b3e08ffa34720a2eeffbce01af3f19f9
commit 0f92bee2b3e08ffa34720a2eeffbce01af3f19f9 Author: Baptiste Daroussin <[email protected]> AuthorDate: 2026-05-10 15:54:48 +0000 Commit: Baptiste Daroussin <[email protected]> CommitDate: 2026-05-10 15:54:48 +0000 nuageinit: add adddoas tests --- libexec/nuageinit/tests/Makefile | 1 + libexec/nuageinit/tests/adddoas.lua | 64 +++++++++++++++++++++++++++++++++++++ libexec/nuageinit/tests/nuage.sh | 7 ++++ 3 files changed, 72 insertions(+) diff --git a/libexec/nuageinit/tests/Makefile b/libexec/nuageinit/tests/Makefile index d13ad14f1d8f..4c99f8e31ce3 100644 --- a/libexec/nuageinit/tests/Makefile +++ b/libexec/nuageinit/tests/Makefile @@ -20,5 +20,6 @@ ${PACKAGE}FILES+= warn.lua ${PACKAGE}FILES+= addfile.lua ${PACKAGE}FILES+= decode_base64.lua ${PACKAGE}FILES+= addsudo.lua +${PACKAGE}FILES+= adddoas.lua .include <bsd.test.mk> diff --git a/libexec/nuageinit/tests/adddoas.lua b/libexec/nuageinit/tests/adddoas.lua new file mode 100644 index 000000000000..d4bab41ecc3d --- /dev/null +++ b/libexec/nuageinit/tests/adddoas.lua @@ -0,0 +1,64 @@ +#!/usr/libexec/flua +--- +-- SPDX-License-Identifier: BSD-2-Clause +-- +-- Copyright (c) 2026 Baptiste Daroussin <[email protected]> + +local n = require("nuage") + +local root = os.getenv("NUAGE_FAKE_ROOTDIR") +if not root then + root = "" +end + +local function get_localbase() + local f = io.popen("sysctl -in user.localbase 2> /dev/null") + local lb = f:read("*l") + f:close() + if lb == nil or lb:len() == 0 then + lb = "/usr/local" + end + return lb +end + +local function read_doasconf() + local path = root .. get_localbase() .. "/etc/doas.conf" + local f = io.open(path, "r") + if not f then + return nil + end + local content = f:read("*a") + f:close() + return content +end + +-- test with a single string rule with %u substitution +n.adddoas({ name = "testuser", doas = "permit persist %u as root" }) +local content = read_doasconf() +if not content then + n.err("doas.conf not created") +end +if content ~= "permit persist testuser as root\n" then + n.err("unexpected doas.conf content with %u: '" .. content .. "'") +end + +-- remove file for next test +os.remove(root .. get_localbase() .. "/etc/doas.conf") + +-- test with a table of rules +n.adddoas({ + name = "testuser", + doas = { + "deny %u as foobar", + "permit persist %u as root cmd whoami" + } +}) +content = read_doasconf() +if not content then + n.err("doas.conf not created for table") +end +if content ~= "deny testuser as foobar\npermit persist testuser as root cmd whoami\n" then + n.err("unexpected doas.conf content for table: '" .. content .. "'") +end + +os.exit(0) diff --git a/libexec/nuageinit/tests/nuage.sh b/libexec/nuageinit/tests/nuage.sh index 9e3442281c15..01c4612eb8ec 100644 --- a/libexec/nuageinit/tests/nuage.sh +++ b/libexec/nuageinit/tests/nuage.sh @@ -16,6 +16,7 @@ atf_test_case addgroup atf_test_case addfile atf_test_case decode_base64 atf_test_case addsudo +atf_test_case adddoas settimezone_body() { @@ -103,6 +104,11 @@ addsudo_body() atf_check /usr/libexec/flua $(atf_get_srcdir)/addsudo.lua } +adddoas_body() +{ + atf_check /usr/libexec/flua $(atf_get_srcdir)/adddoas.lua +} + atf_init_test_cases() { atf_add_test_case sethostname @@ -113,4 +119,5 @@ atf_init_test_cases() atf_add_test_case addfile atf_add_test_case decode_base64 atf_add_test_case addsudo + atf_add_test_case adddoas }
