vh/NetAlertX
1
0
Fork 0
mirror of https://github.com/jokob-sk/NetAlertX.git synced 2026-04-07 02:31:27 -07:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Fix errors for tests

Browse Source
This commit is contained in:
Adam Outler
2025-10-26 00:14:03 +00:00
parent c4a041e6e1
commit fb02774814
6 changed files with 52 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.devcontainer/Dockerfile
View File

@@ -185,6 +185,9 @@ RUN chown -R ${READ_ONLY_USER}:${READ_ONLY_GROUP} ${READ_ONLY_FOLDERS} && \
find ${READ_WRITE_FOLDERS} -type d -exec chmod 700 {} + && \ find ${READ_WRITE_FOLDERS} -type d -exec chmod 700 {} + && \
chown ${READ_ONLY_USER}:${READ_ONLY_GROUP} /entrypoint.sh /opt /opt/venv && \ chown ${READ_ONLY_USER}:${READ_ONLY_GROUP} /entrypoint.sh /opt /opt/venv && \
chmod 005 /entrypoint.sh ${SYSTEM_SERVICES}/*.sh /app /opt /opt/venv && \ chmod 005 /entrypoint.sh ${SYSTEM_SERVICES}/*.sh /app /opt /opt/venv && \
for dir in ${READ_WRITE_FOLDERS}; do \
install -d -o ${NETALERTX_USER} -g ${NETALERTX_GROUP} -m 700 "$dir"; \
done && \
apk del apk-tools && \ apk del apk-tools && \
rm -Rf /var /etc/sudoers.d/* /etc/shadow /etc/gshadow /etc/sudoers \ rm -Rf /var /etc/sudoers.d/* /etc/shadow /etc/gshadow /etc/sudoers \
/lib/apk /lib/firmware /lib/modules-load.d /lib/sysctl.d /mnt /home/ /root \ /lib/apk /lib/firmware /lib/modules-load.d /lib/sysctl.d /mnt /home/ /root \

2
.vscode/tasks.json vendored
View File

@@ -164,7 +164,7 @@
{ {
"label": "[Any] Build Unit Test Docker image", "label": "[Any] Build Unit Test Docker image",
"type": "shell", "type": "shell",
"command": "docker build -t netalertx-test .", "command": "docker build -t netalertx-test .; echo '🧪 Unit Test Docker image built: netalertx-test'",
"presentation": { "presentation": {
"echo": true, "echo": true,
"reveal": "always", "reveal": "always",

3
Dockerfile
View File

@@ -182,6 +182,9 @@ RUN chown -R ${READ_ONLY_USER}:${READ_ONLY_GROUP} ${READ_ONLY_FOLDERS} && \
find ${READ_WRITE_FOLDERS} -type d -exec chmod 700 {} + && \ find ${READ_WRITE_FOLDERS} -type d -exec chmod 700 {} + && \
chown ${READ_ONLY_USER}:${READ_ONLY_GROUP} /entrypoint.sh /opt /opt/venv && \ chown ${READ_ONLY_USER}:${READ_ONLY_GROUP} /entrypoint.sh /opt /opt/venv && \
chmod 005 /entrypoint.sh ${SYSTEM_SERVICES}/*.sh /app /opt /opt/venv && \ chmod 005 /entrypoint.sh ${SYSTEM_SERVICES}/*.sh /app /opt /opt/venv && \
for dir in ${READ_WRITE_FOLDERS}; do \
install -d -o ${NETALERTX_USER} -g ${NETALERTX_GROUP} -m 700 "$dir"; \
done && \
apk del apk-tools && \ apk del apk-tools && \
rm -Rf /var /etc/sudoers.d/* /etc/shadow /etc/gshadow /etc/sudoers \ rm -Rf /var /etc/sudoers.d/* /etc/shadow /etc/gshadow /etc/sudoers \
/lib/apk /lib/firmware /lib/modules-load.d /lib/sysctl.d /mnt /home/ /root \ /lib/apk /lib/firmware /lib/modules-load.d /lib/sysctl.d /mnt /home/ /root \

4
install/production-filesystem/entrypoint.sh
View File

@@ -70,7 +70,9 @@ if [ "${NETALERTX_DEBUG:-0}" != "1" ]; then
if [ ${NETALERTX_DOCKER_ERROR_CHECK} -ne 0 ]; then if [ ${NETALERTX_DOCKER_ERROR_CHECK} -ne 0 ]; then
echo exit code ${NETALERTX_DOCKER_ERROR_CHECK} from ${script} echo exit code ${NETALERTX_DOCKER_ERROR_CHECK} from ${script}
exit ${NETALERTX_DOCKER_ERROR_CHECK} if [ ${NETALERTX_DOCKER_ERROR_CHECK} -ne 0 ]; then
NETALERTX_CHECK_ONLY=${NETALERTX_DOCKER_ERROR_CHECK}
fi
fi fi
done done
fi fi

46
install/production-filesystem/services/scripts/check-persistent_storage.sh → install/production-filesystem/services/scripts/check-persistent-storage.sh
View File

@@ -1,14 +1,48 @@
#!/bin/sh #!/bin/sh
# check-storage.sh - Verify critical paths are persistent mounts. # check-storage.sh - Verify critical paths are persistent mounts.
warn_if_not_persistent_mount() { # Get the Device ID of the root filesystem (overlayfs/tmpfs)
path="$1" # The default, non-persistent container root will have a unique Device ID.
# Check if the path is a mount point by looking for it in /proc/self/mountinfo # Persistent mounts will have a different Device ID (unless it's a bind mount
# We are looking for an exact match in the mount point column (field 5) # from the host's root, which is a rare and unusual setup for a single volume check).
if awk -v target="${path}" '$5 == target {found=1} END {exit found ? 0 : 1}' /proc/self/mountinfo; then ROOT_DEV_ID=$(stat -c '%d' /)
is_persistent_mount() {
target_path="$1"
# Stat the path and get its Device ID
current_dev_id=$(stat -c '%d' "${target_path}")
# If the Device ID of the target is *different* from the root's Device ID,
# it means it resides on a separate filesystem, implying a mount.
if [ "${current_dev_id}" != "${ROOT_DEV_ID}" ]; then
return 0 # Persistent (different filesystem/device ID)
fi
# Fallback to check if it's the root directory itself (which is always mounted)
if [ "${target_path}" = "/" ]; then
return 0 return 0
fi fi
# Check parent directory recursively
parent_dir=$(dirname "${target_path}")
if [ "${parent_dir}" != "${target_path}" ]; then
is_persistent_mount "${parent_dir}"
return $?
fi
return 1 # Not persistent
}
warn_if_not_persistent_mount() {
path="$1"
if is_persistent_mount "${path}"; then
return 0
fi
# ... (Your existing warning message block remains unchanged) ...
failures=1 failures=1
YELLOW=$(printf '\033[1;33m') YELLOW=$(printf '\033[1;33m')
RESET=$(printf '\033[0m') RESET=$(printf '\033[0m')
@@ -36,7 +70,7 @@ EOF
# If NETALERTX_DEBUG=1 then we will exit # If NETALERTX_DEBUG=1 then we will exit
if [ "${NETALERTX_DEBUG}" = "1" ]; then if [ "${NETALERTX_DEBUG}" = "1" ]; then
exit 0 exit 0
fi fi
failures=0 failures=0

1
test/docker_tests/test_container_environment.py
View File

@@ -169,6 +169,7 @@ def _run_container(
extra_args: list[str] | None = None, extra_args: list[str] | None = None,
volume_specs: list[str] | None = None, volume_specs: list[str] | None = None,
sleep_seconds: float = GRACE_SECONDS, sleep_seconds: float = GRACE_SECONDS,
userns: str | None = "host",
) -> subprocess.CompletedProcess[str]: ) -> subprocess.CompletedProcess[str]:
name = f"netalertx-test-{label}-{uuid.uuid4().hex[:8]}".lower() name = f"netalertx-test-{label}-{uuid.uuid4().hex[:8]}".lower()
cmd: list[str] = ["docker", "run", "--rm", "--name", name] cmd: list[str] = ["docker", "run", "--rm", "--name", name]