mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-11-14 23:43:56 +01:00
tests(check): also checks indentation.
This commit is contained in:
parent
37bafddc80
commit
d793858d26
@ -9,50 +9,104 @@
|
|||||||
set -eu -o pipefail
|
set -eu -o pipefail
|
||||||
|
|
||||||
readonly APPARMORD="apparmor.d"
|
readonly APPARMORD="apparmor.d"
|
||||||
|
readonly HEADERS=(
|
||||||
|
"# apparmor.d - Full set of apparmor profiles"
|
||||||
|
"# Copyright (C) "
|
||||||
|
"# SPDX-License-Identifier: GPL-2.0-only"
|
||||||
|
)
|
||||||
|
|
||||||
|
_die() {
|
||||||
|
echo " ✗ $*"
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
_ensure_header() {
|
_ensure_header() {
|
||||||
local file="$1"
|
local file="$1"
|
||||||
headers=(
|
for header in "${HEADERS[@]}"; do
|
||||||
"# apparmor.d - Full set of apparmor profiles"
|
|
||||||
"# Copyright (C) "
|
|
||||||
"# SPDX-License-Identifier: GPL-2.0-only"
|
|
||||||
)
|
|
||||||
for header in "${headers[@]}"; do
|
|
||||||
if ! grep -q "^$header" "$file"; then
|
if ! grep -q "^$header" "$file"; then
|
||||||
echo "$file does not contain '$header'"
|
_die "$file does not contain '$header'"
|
||||||
exit 1
|
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
_ensure_indentation() {
|
||||||
|
local file="$1"
|
||||||
|
local in_profile=false
|
||||||
|
local first_line_after_profile=true
|
||||||
|
local line_number=0
|
||||||
|
|
||||||
|
while IFS= read -r line; do
|
||||||
|
line_number=$((line_number + 1))
|
||||||
|
|
||||||
|
if [[ "$line" =~ $'\t' ]]; then
|
||||||
|
_die "$file:$line_number: tabs are not allowed."
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ "$line" =~ ^profile ]]; then
|
||||||
|
in_profile=true
|
||||||
|
first_line_after_profile=true
|
||||||
|
|
||||||
|
elif $in_profile; then
|
||||||
|
if $first_line_after_profile; then
|
||||||
|
local leading_spaces="${line%%[! ]*}"
|
||||||
|
local num_spaces=${#leading_spaces}
|
||||||
|
if ((num_spaces != 2)); then
|
||||||
|
_die "$file: profile must have a two-space indentation."
|
||||||
|
fi
|
||||||
|
first_line_after_profile=false
|
||||||
|
|
||||||
|
else
|
||||||
|
local leading_spaces="${line%%[! ]*}"
|
||||||
|
local num_spaces=${#leading_spaces}
|
||||||
|
|
||||||
|
if ((num_spaces % 2 != 0)); then
|
||||||
|
ok=false
|
||||||
|
for offset in 5 11; do
|
||||||
|
num_spaces=$((num_spaces - offset))
|
||||||
|
if ((num_spaces < 0)); then
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
if ((num_spaces % 2 == 0)); then
|
||||||
|
ok=true
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
if ! $ok; then
|
||||||
|
_die "$file:$line_number: invalid indentation."
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
done <"$file"
|
||||||
|
}
|
||||||
|
|
||||||
_ensure_include() {
|
_ensure_include() {
|
||||||
local file="$1"
|
local file="$1"
|
||||||
local include="$2"
|
local include="$2"
|
||||||
if ! grep -q "^ *${include}$" "$file"; then
|
if ! grep -q "^ *${include}$" "$file"; then
|
||||||
echo "$file does not contain '$include'"
|
_die "$file does not contain '$include'"
|
||||||
exit 1
|
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
_ensure_abi() {
|
_ensure_abi() {
|
||||||
local file="$1"
|
local file="$1"
|
||||||
if ! grep -q "^ *abi <abi/4.0>," "$file"; then
|
if ! grep -q "^ *abi <abi/4.0>," "$file"; then
|
||||||
echo "$file does not contain 'abi <abi/4.0>,'"
|
_die "$file does not contain 'abi <abi/4.0>,'"
|
||||||
exit 1
|
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
_ensure_vim() {
|
_ensure_vim() {
|
||||||
local file="$1"
|
local file="$1"
|
||||||
if ! grep -q "^# vim:syntax=apparmor" "$file"; then
|
if ! grep -q "^# vim:syntax=apparmor" "$file"; then
|
||||||
echo "$file does not contain '# vim:syntax=apparmor'"
|
_die "$file does not contain '# vim:syntax=apparmor'"
|
||||||
exit 1
|
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
check_profiles() {
|
check_profiles() {
|
||||||
echo "⋅ Checking if all profiles contain:"
|
echo " ⋅ Checking if all profiles contain:"
|
||||||
echo " - apparmor.d header & license"
|
echo " - apparmor.d header & license"
|
||||||
|
echo " - Check indentation: 2 spaces"
|
||||||
echo " - 'abi <abi/4.0>,'"
|
echo " - 'abi <abi/4.0>,'"
|
||||||
echo " - 'profile <profile_name>'"
|
echo " - 'profile <profile_name>'"
|
||||||
echo " - 'include if exists <local/*>'"
|
echo " - 'include if exists <local/*>'"
|
||||||
@ -67,19 +121,18 @@ check_profiles() {
|
|||||||
name="${name/.apparmor.d/}"
|
name="${name/.apparmor.d/}"
|
||||||
include="include if exists <local/$name>"
|
include="include if exists <local/$name>"
|
||||||
_ensure_header "$file"
|
_ensure_header "$file"
|
||||||
|
_ensure_indentation "$file"
|
||||||
_ensure_include "$file" "$include"
|
_ensure_include "$file" "$include"
|
||||||
_ensure_abi "$file"
|
_ensure_abi "$file"
|
||||||
_ensure_vim "$file"
|
_ensure_vim "$file"
|
||||||
if ! grep -q "^profile $name" "$file"; then
|
if ! grep -q "^profile $name" "$file"; then
|
||||||
echo "$name does not contain 'profile $name'"
|
_die "$name does not contain 'profile $name'"
|
||||||
exit 1
|
|
||||||
fi
|
fi
|
||||||
mapfile -t subrofiles < <(grep "^ *profile*" "$file" | awk '{print $2}')
|
mapfile -t subrofiles < <(grep "^ *profile*" "$file" | awk '{print $2}')
|
||||||
for subprofile in "${subrofiles[@]}"; do
|
for subprofile in "${subrofiles[@]}"; do
|
||||||
include="include if exists <local/${name}_${subprofile}>"
|
include="include if exists <local/${name}_${subprofile}>"
|
||||||
if ! grep -q "^ *${include}$" "$file"; then
|
if ! grep -q "^ *${include}$" "$file"; then
|
||||||
echo "$name: $name//$subprofile does not contain '$include'"
|
_die "$name: $name//$subprofile does not contain '$include'"
|
||||||
exit 1
|
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
done
|
done
|
||||||
@ -87,8 +140,9 @@ check_profiles() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
check_abstractions() {
|
check_abstractions() {
|
||||||
echo "⋅ Checking if all abstractions contain:"
|
echo " ⋅ Checking if all abstractions contain:"
|
||||||
echo " - apparmor.d header & license"
|
echo " - apparmor.d header & license"
|
||||||
|
echo " - Check indentation: 2 spaces"
|
||||||
echo " - 'abi <abi/4.0>,'"
|
echo " - 'abi <abi/4.0>,'"
|
||||||
echo " - 'include if exists <abstractions/*.d>'"
|
echo " - 'include if exists <abstractions/*.d>'"
|
||||||
echo " - vim:syntax=apparmor"
|
echo " - vim:syntax=apparmor"
|
||||||
@ -103,12 +157,12 @@ check_abstractions() {
|
|||||||
root="${dir/${APPARMORD}\/abstractions\//}"
|
root="${dir/${APPARMORD}\/abstractions\//}"
|
||||||
include="include if exists <abstractions/${root}${name}.d>"
|
include="include if exists <abstractions/${root}${name}.d>"
|
||||||
_ensure_header "$file"
|
_ensure_header "$file"
|
||||||
|
_ensure_indentation "$file"
|
||||||
_ensure_include "$file" "$include"
|
_ensure_include "$file" "$include"
|
||||||
_ensure_abi "$file"
|
_ensure_abi "$file"
|
||||||
_ensure_vim "$file"
|
_ensure_vim "$file"
|
||||||
done
|
done
|
||||||
done
|
done
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
check_profiles
|
check_profiles
|
||||||
|
Loading…
Reference in New Issue
Block a user