From: Kris Gavvala Date: Tue, 16 Jun 2026 02:35:45 +0000 (-0700) Subject: libcap: add ptest support X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bfc0a651f5bdf57080f811fd0c63b80f179f7563;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git libcap: add ptest support These ptests include a subset of upstream tests that provide functional coverage of core libcap and libpsx behavior across target systems. This approach is preferred instead of using libcap's quicktest.sh script because the later assumes the upstream build-tree layout and has too many dependencies not available after installation. Quicktest exercises a wide range of kernel capability features and environment-specific functionality that is too comprehensive for ptests. The ptests include the following from libcap/tests: uns_test, psx_test, libcap_launch_test, exploit and noexploit. cap_test from libcap/libcap is also included. These provide coverage for capability manipulation, libpsx integration, launch handling, and basic security validation. Signed-off-by: Kris Gavvala Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --- diff --git a/meta/conf/distro/include/ptest-packagelists.inc b/meta/conf/distro/include/ptest-packagelists.inc index de64a80ec3..2badb56c48 100644 --- a/meta/conf/distro/include/ptest-packagelists.inc +++ b/meta/conf/distro/include/ptest-packagelists.inc @@ -31,6 +31,7 @@ PTESTS_FAST = "\ libarchive \ libassuan \ libatomic-ops \ + libcap \ libcheck \ libconfig \ libconvert-asn1-perl \ diff --git a/meta/recipes-support/libcap/files/run-ptest b/meta/recipes-support/libcap/files/run-ptest new file mode 100644 index 0000000000..2d7b656fd3 --- /dev/null +++ b/meta/recipes-support/libcap/files/run-ptest @@ -0,0 +1,25 @@ +#!/bin/sh + +EXPECT_FAIL=1 +EXPECT_PASS=0 + +cd tests + +for t in uns_test psx_test libcap_launch_test cap_test exploit noexploit; do + output=$("./$t" 2>&1 ) + status=$? + + expected="$EXPECT_PASS" + + if [ $t = 'exploit' ]; then + expected="$EXPECT_FAIL" + fi + + if [ "$status" -eq "$expected" ]; then + echo "PASS: $t" + else + echo "FAIL: $t" + echo "$output" + fi +done + diff --git a/meta/recipes-support/libcap/libcap_2.78.bb b/meta/recipes-support/libcap/libcap_2.78.bb index 782ad02665..85cd8004f1 100644 --- a/meta/recipes-support/libcap/libcap_2.78.bb +++ b/meta/recipes-support/libcap/libcap_2.78.bb @@ -11,16 +11,20 @@ LIC_FILES_CHKSUM = "file://License;md5=2965a646645b72ecee859b43c592dcaa \ " DEPENDS = "hostperl-runtime-native gperf-native" +RDEPENDS:${PN}-ptest += "bash" SRC_URI = "${KERNELORG_MIRROR}/linux/libs/security/linux-privs/${BPN}2/${BPN}-${PV}.tar.xz" SRC_URI:append:class-nativesdk = " \ file://0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch \ " +SRC_URI:append = " \ + file://run-ptest \ + " SRC_URI[sha256sum] = "0d621e562fd932ccf67b9660fb018e468a683d7b827541df27813228c996bb11" UPSTREAM_CHECK_URI = "https://www.kernel.org/pub/linux/libs/security/linux-privs/${BPN}2/" -inherit lib_package +inherit lib_package ptest PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" PACKAGECONFIG[pam] = "PAM_CAP=yes,PAM_CAP=no,libpam" @@ -62,6 +66,44 @@ do_install:append() { fi } +LIBCAP_PTEST_TESTS = " \ + uns_test \ + psx_test \ + libcap_psx_test \ + noop \ + libcap_launch_test \ + exploit \ + noexploit \ +" + +do_compile_ptest() { + oe_runmake -C tests ${LIBCAP_PTEST_TESTS} \ + AR="${AR}" \ + CC="${CC}" \ + RANLIB="${RANLIB}" \ + OBJCOPY="${OBJCOPY}" + oe_runmake -C libcap cap_test \ + AR="${AR}" \ + CC="${CC}" \ + RANLIB="${RANLIB}" \ + OBJCOPY="${OBJCOPY}" + oe_runmake -C progs tcapsh-static \ + AR="${AR}" \ + RANLIB="${RANLIB}" \ + OBJCOPY="${OBJCOPY}" \ + CC="${CC}" +} + +do_install_ptest() { + install -d ${D}${PTEST_PATH}/tests ${D}${PTEST_PATH}/progs + + for f in ${LIBCAP_PTEST_TESTS}; do + install -m 0755 ${B}/tests/${f} ${D}${PTEST_PATH}/tests + done + install -m 0755 ${B}/libcap/cap_test ${D}${PTEST_PATH}/tests + install -m 0755 ${B}/progs/tcapsh-static ${D}${PTEST_PATH}/progs +} + # pam files FILES:${PN} += "${base_libdir}/security/*.so"