mirror of
https://github.com/arcan1s/ahriman.git
synced 2025-06-28 06:41:43 +00:00
feat: replace scan paths options to single one
It has been found that previous system didn't allow to configure specific cases (e.g. a whitelisted directory inside /usr/lib/cmake). The current solution replaces two options to single one, which also allows a regular expressions Also PackageArchive class has been moved to core package, because it is more about service rather than model
This commit is contained in:
@ -25,6 +25,7 @@ from ahriman.models.remote_source import RemoteSource
|
||||
from ahriman.models.repository_id import RepositoryId
|
||||
from ahriman.models.repository_paths import RepositoryPaths
|
||||
from ahriman.models.result import Result
|
||||
from ahriman.models.scan_paths import ScanPaths
|
||||
from ahriman.models.user import User
|
||||
from ahriman.models.user_access import UserAccess
|
||||
|
||||
@ -587,6 +588,20 @@ def result(package_ahriman: Package) -> Result:
|
||||
return result
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def scan_paths(configuration: Configuration) -> ScanPaths:
|
||||
"""
|
||||
scan paths fixture
|
||||
|
||||
Args:
|
||||
configuration(Configuration): configuration test instance
|
||||
|
||||
Returns:
|
||||
ScanPaths: scan paths test instance
|
||||
"""
|
||||
return ScanPaths(configuration.getlist("build", "scan_paths", fallback=[]))
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def spawner(configuration: Configuration) -> Spawn:
|
||||
"""
|
||||
|
||||
@ -1,6 +1,35 @@
|
||||
import pytest
|
||||
|
||||
from pytest_mock import MockerFixture
|
||||
from typing import Any
|
||||
|
||||
from ahriman.core.alpm.pacman import Pacman
|
||||
from ahriman.core.build_tools.package_archive import PackageArchive
|
||||
from ahriman.core.build_tools.sources import Sources
|
||||
from ahriman.models.package import Package
|
||||
from ahriman.models.repository_paths import RepositoryPaths
|
||||
from ahriman.models.scan_paths import ScanPaths
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def package_archive_ahriman(package_ahriman: Package, repository_paths: RepositoryPaths, pacman: Pacman,
|
||||
scan_paths: ScanPaths, passwd: Any, mocker: MockerFixture) -> PackageArchive:
|
||||
"""
|
||||
package archive fixture
|
||||
|
||||
Args:
|
||||
package_ahriman(Package): package test instance
|
||||
repository_paths(RepositoryPaths): repository paths test instance
|
||||
pacman(Pacman): pacman test instance
|
||||
scan_paths(ScanPaths): scan paths test instance
|
||||
passwd(Any): passwd structure test instance
|
||||
mocker(MockerFixture): mocker object
|
||||
|
||||
Returns:
|
||||
PackageArchive: package archive test instance
|
||||
"""
|
||||
mocker.patch("ahriman.models.repository_paths.getpwuid", return_value=passwd)
|
||||
return PackageArchive(repository_paths.build_directory, package_ahriman, pacman, scan_paths)
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
|
||||
@ -3,16 +3,16 @@ from pathlib import Path
|
||||
from pytest_mock import MockerFixture
|
||||
from unittest.mock import MagicMock, PropertyMock
|
||||
|
||||
from ahriman.core.build_tools.package_archive import PackageArchive
|
||||
from ahriman.core.exceptions import UnknownPackageError
|
||||
from ahriman.models.filesystem_package import FilesystemPackage
|
||||
from ahriman.models.package_archive import PackageArchive
|
||||
|
||||
|
||||
def test_dynamic_needed(mocker: MockerFixture) -> None:
|
||||
"""
|
||||
must correctly define list of dynamically linked libraries
|
||||
"""
|
||||
mocker.patch("ahriman.models.package_archive.PackageArchive.is_elf", return_value=True)
|
||||
mocker.patch("ahriman.core.build_tools.package_archive.PackageArchive.is_elf", return_value=True)
|
||||
|
||||
linked = PackageArchive.dynamic_needed(Path(".tox") / "tests" / "bin" / "python")
|
||||
assert linked
|
||||
@ -24,7 +24,7 @@ def test_dynamic_needed_not_elf(mocker: MockerFixture) -> None:
|
||||
"""
|
||||
must skip checking if not an elf file
|
||||
"""
|
||||
mocker.patch("ahriman.models.package_archive.PackageArchive.is_elf", return_value=False)
|
||||
mocker.patch("ahriman.core.build_tools.package_archive.PackageArchive.is_elf", return_value=False)
|
||||
assert not PackageArchive.dynamic_needed(Path(".tox") / "tests" / "bin" / "python")
|
||||
|
||||
|
||||
@ -32,7 +32,7 @@ def test_dynamic_needed_no_section(mocker: MockerFixture) -> None:
|
||||
"""
|
||||
must skip checking if there was no dynamic section found
|
||||
"""
|
||||
mocker.patch("ahriman.models.package_archive.PackageArchive.is_elf", return_value=True)
|
||||
mocker.patch("ahriman.core.build_tools.package_archive.PackageArchive.is_elf", return_value=True)
|
||||
mocker.patch("elftools.elf.elffile.ELFFile.iter_sections", return_value=[])
|
||||
assert not PackageArchive.dynamic_needed(Path(".tox") / "tests" / "bin" / "python")
|
||||
|
||||
@ -109,8 +109,8 @@ def test_raw_dependencies_packages(package_archive_ahriman: PackageArchive, mock
|
||||
files=[Path("package2") / "file4", Path("package2") / "file3"],
|
||||
),
|
||||
}
|
||||
mocker.patch("ahriman.models.package_archive.PackageArchive.installed_packages", return_value=packages)
|
||||
mocker.patch("ahriman.models.package_archive.PackageArchive.depends_on_paths", return_value=(
|
||||
mocker.patch("ahriman.core.build_tools.package_archive.PackageArchive.installed_packages", return_value=packages)
|
||||
mocker.patch("ahriman.core.build_tools.package_archive.PackageArchive.depends_on_paths", return_value=(
|
||||
{"file1", "file3"},
|
||||
{Path("usr") / "dir2", Path("dir3"), Path("package2") / "dir4"},
|
||||
))
|
||||
@ -165,17 +165,19 @@ def test_depends_on(package_archive_ahriman: PackageArchive, mocker: MockerFixtu
|
||||
"""
|
||||
must extract packages and files which are dependencies for the package
|
||||
"""
|
||||
raw_mock = mocker.patch("ahriman.models.package_archive.PackageArchive._raw_dependencies_packages",
|
||||
raw_mock = mocker.patch("ahriman.core.build_tools.package_archive.PackageArchive._raw_dependencies_packages",
|
||||
return_value="1")
|
||||
refined_mock = mocker.patch("ahriman.models.package_archive.PackageArchive._refine_dependencies", return_value={
|
||||
Path("package1") / "file1": [FilesystemPackage(package_name="package1", depends=set(), opt_depends=set())],
|
||||
Path("package2") / "file3": [FilesystemPackage(package_name="package2", depends=set(), opt_depends=set())],
|
||||
Path("package2") / "dir4": [FilesystemPackage(package_name="package2", depends=set(), opt_depends=set())],
|
||||
Path("usr") / "dir2": [
|
||||
FilesystemPackage(package_name="package1", depends=set(), opt_depends=set()),
|
||||
FilesystemPackage(package_name="package2", depends=set(), opt_depends=set()),
|
||||
],
|
||||
})
|
||||
refined_mock = mocker.patch(
|
||||
"ahriman.core.build_tools.package_archive.PackageArchive._refine_dependencies", return_value={
|
||||
Path("package1") / "file1": [FilesystemPackage(package_name="package1", depends=set(), opt_depends=set())],
|
||||
Path("package2") / "file3": [FilesystemPackage(package_name="package2", depends=set(), opt_depends=set())],
|
||||
Path("package2") / "dir4": [FilesystemPackage(package_name="package2", depends=set(), opt_depends=set())],
|
||||
Path("usr") / "dir2": [
|
||||
FilesystemPackage(package_name="package1", depends=set(), opt_depends=set()),
|
||||
FilesystemPackage(package_name="package2", depends=set(), opt_depends=set()),
|
||||
],
|
||||
}
|
||||
)
|
||||
|
||||
result = package_archive_ahriman.depends_on()
|
||||
raw_mock.assert_called_once_with()
|
||||
@ -194,8 +196,9 @@ def test_depends_on_paths(package_archive_ahriman: PackageArchive, mocker: Mocke
|
||||
"""
|
||||
package_dir = package_archive_ahriman.root / "build" / \
|
||||
package_archive_ahriman.package.base / "pkg" / package_archive_ahriman.package.base
|
||||
dynamic_mock = mocker.patch("ahriman.models.package_archive.PackageArchive.dynamic_needed", return_value=["lib"])
|
||||
walk_mock = mocker.patch("ahriman.models.package_archive.walk", return_value=[
|
||||
dynamic_mock = mocker.patch("ahriman.core.build_tools.package_archive.PackageArchive.dynamic_needed",
|
||||
return_value=["lib"])
|
||||
walk_mock = mocker.patch("ahriman.core.build_tools.package_archive.walk", return_value=[
|
||||
package_dir / "root" / "file",
|
||||
Path("directory"),
|
||||
])
|
||||
@ -213,7 +216,7 @@ def test_installed_packages(package_archive_ahriman: PackageArchive, mocker: Moc
|
||||
"""
|
||||
must load list of installed packages and their files
|
||||
"""
|
||||
walk_mock = mocker.patch("ahriman.models.package_archive.walk", return_value=[
|
||||
walk_mock = mocker.patch("ahriman.core.build_tools.package_archive.walk", return_value=[
|
||||
Path("ahriman-2.13.3-1") / "desc",
|
||||
Path("ahriman-2.13.3-1") / "files",
|
||||
])
|
||||
@ -24,7 +24,7 @@ def test_process_build(executor: Executor, package_ahriman: Package, passwd: Any
|
||||
move_mock = mocker.patch("shutil.move")
|
||||
status_client_mock = mocker.patch("ahriman.core.status.Client.set_building")
|
||||
commit_sha_mock = mocker.patch("ahriman.core.status.local_client.LocalClient.package_changes_update")
|
||||
depends_on_mock = mocker.patch("ahriman.models.package_archive.PackageArchive.depends_on",
|
||||
depends_on_mock = mocker.patch("ahriman.core.build_tools.package_archive.PackageArchive.depends_on",
|
||||
return_value=Dependencies())
|
||||
dependencies_mock = mocker.patch("ahriman.core.status.local_client.LocalClient.package_dependencies_update")
|
||||
|
||||
|
||||
@ -1,24 +1,17 @@
|
||||
import pytest
|
||||
|
||||
from typing import Any
|
||||
from unittest.mock import MagicMock, PropertyMock
|
||||
from pytest_mock import MockerFixture
|
||||
|
||||
from ahriman import __version__
|
||||
from ahriman.core.alpm.pacman import Pacman
|
||||
from ahriman.core.alpm.remote import AUR
|
||||
from ahriman.core.configuration import Configuration
|
||||
from ahriman.models.build_status import BuildStatus, BuildStatusEnum
|
||||
from ahriman.models.counters import Counters
|
||||
from ahriman.models.filesystem_package import FilesystemPackage
|
||||
from ahriman.models.internal_status import InternalStatus
|
||||
from ahriman.models.package import Package
|
||||
from ahriman.models.package_archive import PackageArchive
|
||||
from ahriman.models.package_description import PackageDescription
|
||||
from ahriman.models.package_source import PackageSource
|
||||
from ahriman.models.remote_source import RemoteSource
|
||||
from ahriman.models.repository_paths import RepositoryPaths
|
||||
from ahriman.models.scan_paths import ScanPaths
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
@ -77,27 +70,6 @@ def internal_status(counters: Counters) -> InternalStatus:
|
||||
repository="aur-clone")
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def package_archive_ahriman(package_ahriman: Package, repository_paths: RepositoryPaths, pacman: Pacman,
|
||||
scan_paths: ScanPaths, passwd: Any, mocker: MockerFixture) -> PackageArchive:
|
||||
"""
|
||||
package archive fixture
|
||||
|
||||
Args:
|
||||
package_ahriman(Package): package test instance
|
||||
repository_paths(RepositoryPaths): repository paths test instance
|
||||
pacman(Pacman): pacman test instance
|
||||
scan_paths(ScanPaths): scan paths test instance
|
||||
passwd(Any): passwd structure test instance
|
||||
mocker(MockerFixture): mocker object
|
||||
|
||||
Returns:
|
||||
PackageArchive: package archive test instance
|
||||
"""
|
||||
mocker.patch("ahriman.models.repository_paths.getpwuid", return_value=passwd)
|
||||
return PackageArchive(repository_paths.build_directory, package_ahriman, pacman, scan_paths)
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def package_tpacpi_bat_git() -> Package:
|
||||
"""
|
||||
@ -161,20 +133,3 @@ def pyalpm_package_description_ahriman(package_description_ahriman: PackageDescr
|
||||
type(mock).provides = PropertyMock(return_value=package_description_ahriman.provides)
|
||||
type(mock).url = PropertyMock(return_value=package_description_ahriman.url)
|
||||
return mock
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def scan_paths(configuration: Configuration) -> ScanPaths:
|
||||
"""
|
||||
scan paths fixture
|
||||
|
||||
Args:
|
||||
configuration(Configuration): configuration test instance
|
||||
|
||||
Returns:
|
||||
ScanPaths: scan paths test instance
|
||||
"""
|
||||
return ScanPaths(
|
||||
allowed_paths=configuration.getpathlist("build", "allowed_scan_paths"),
|
||||
blacklisted_paths=configuration.getpathlist("build", "blacklisted_scan_paths"),
|
||||
)
|
||||
|
||||
@ -3,40 +3,30 @@ from pathlib import Path
|
||||
from ahriman.models.scan_paths import ScanPaths
|
||||
|
||||
|
||||
def test_post_init(scan_paths: ScanPaths) -> None:
|
||||
"""
|
||||
must convert paths to / relative
|
||||
"""
|
||||
assert all(not path.is_absolute() for path in scan_paths.allowed_paths)
|
||||
assert all(not path.is_absolute() for path in scan_paths.blacklisted_paths)
|
||||
|
||||
|
||||
def test_is_allowed() -> None:
|
||||
"""
|
||||
must check if path is subpath of one in allowed list
|
||||
"""
|
||||
assert ScanPaths(allowed_paths=[Path("/") / "usr"], blacklisted_paths=[]).is_allowed(Path("usr"))
|
||||
assert ScanPaths(allowed_paths=[Path("/") / "usr"], blacklisted_paths=[]).is_allowed(Path("usr") / "lib")
|
||||
assert not ScanPaths(allowed_paths=[Path("/") / "usr"], blacklisted_paths=[]).is_allowed(Path("var"))
|
||||
assert ScanPaths(["usr"]).is_allowed(Path("usr"))
|
||||
assert ScanPaths(["usr"]).is_allowed(Path("usr") / "lib")
|
||||
assert not ScanPaths(["usr"]).is_allowed(Path("var"))
|
||||
|
||||
assert ScanPaths(["usr(?!/lib)"]).is_allowed(Path("usr"))
|
||||
assert ScanPaths(["usr(?!/lib)", "var"]).is_allowed(Path("var"))
|
||||
assert not ScanPaths(["usr(?!/lib)"]).is_allowed(Path("usr") / "lib")
|
||||
|
||||
|
||||
def test_is_blacklisted() -> None:
|
||||
def test_is_allowed_default(scan_paths: ScanPaths) -> None:
|
||||
"""
|
||||
must check if path is not subpath of one in blacklist
|
||||
must provide expected default configuration
|
||||
"""
|
||||
assert ScanPaths(
|
||||
allowed_paths=[Path("/") / "usr"],
|
||||
blacklisted_paths=[Path("/") / "usr" / "lib"],
|
||||
).is_allowed(Path("usr"))
|
||||
assert ScanPaths(
|
||||
allowed_paths=[Path("/") / "usr", Path("/") / "var"],
|
||||
blacklisted_paths=[Path("/") / "usr" / "lib"],
|
||||
).is_allowed(Path("var"))
|
||||
assert not ScanPaths(
|
||||
allowed_paths=[Path("/") / "usr"],
|
||||
blacklisted_paths=[Path("/") / "usr" / "lib"],
|
||||
).is_allowed(Path(" usr") / "lib")
|
||||
assert not ScanPaths(
|
||||
allowed_paths=[Path("/") / "usr"],
|
||||
blacklisted_paths=[Path("/") / "usr" / "lib"],
|
||||
).is_allowed(Path("usr") / "lib" / "qt")
|
||||
assert not scan_paths.is_allowed(Path("usr"))
|
||||
assert not scan_paths.is_allowed(Path("var"))
|
||||
|
||||
assert scan_paths.is_allowed(Path("usr") / "lib")
|
||||
assert scan_paths.is_allowed(Path("usr") / "lib" / "libm.so")
|
||||
|
||||
# cmake case
|
||||
assert scan_paths.is_allowed(Path("usr") / "lib" / "libcmake.so")
|
||||
assert not scan_paths.is_allowed(Path("usr") / "lib" / "cmake")
|
||||
assert not scan_paths.is_allowed(Path("usr") / "lib" / "cmake" / "file.cmake")
|
||||
|
||||
@ -20,13 +20,12 @@ salt = salt
|
||||
allow_read_only = no
|
||||
|
||||
[build]
|
||||
allowed_scan_paths = /usr/lib
|
||||
archbuild_flags =
|
||||
blacklisted_scan_paths = /usr/lib/cmake
|
||||
build_command = extra-x86_64-build
|
||||
ignore_packages =
|
||||
makechrootpkg_flags =
|
||||
makepkg_flags = --skippgpcheck
|
||||
scan_paths = ^usr/lib(?!/cmake).*$
|
||||
triggers = ahriman.core.report.ReportTrigger ahriman.core.upload.UploadTrigger
|
||||
triggers_known = ahriman.core.distributed.WorkerLoaderTrigger ahriman.core.distributed.WorkerRegisterTrigger ahriman.core.distributed.WorkerTrigger ahriman.core.distributed.WorkerUnregisterTrigger ahriman.core.gitremote.RemotePullTrigger ahriman.core.gitremote.RemotePushTrigger ahriman.core.report.ReportTrigger ahriman.core.upload.UploadTrigger ahriman.core.support.KeyringTrigger ahriman.core.support.MirrorlistTrigger
|
||||
|
||||
|
||||
Reference in New Issue
Block a user