Re: [Audit-test-developer] [PATCH 05/14] utils/envcheck: add rpm (suite) dependency check

[Jiri J. <jja...@re...>]

On 12/04/2013 03:41 PM, Stephan Mueller wrote:
> Am Mittwoch, 4. Dezember 2013, 15:28:44 schrieb Jiri Jaburek:
> 
> Hi Jiri,
> 

Hi Stephan,

>> Signed-off-by: Jiri Jaburek <jja...@re...>
>> ---
>> audit-test/utils/envcheck | 31 +++++++++++++++++++++++++++++++
>> 1 file changed, 31 insertions(+)
>>
>> diff --git a/audit-test/utils/envcheck b/audit-test/utils/envcheck
>> index 2e28754..d43958f 100755
>> --- a/audit-test/utils/envcheck
>> +++ b/audit-test/utils/envcheck
>> @@ -143,6 +143,36 @@ check_variables() {
>> }
>>
>>
>> +### RPM DEPENDENCIES
>> +check_rpm_deps() {
>> +    local CHECK_FAILED
>> +
>> +    # requires for this check
>> +    which rpm &>/dev/null || {
>> +        echo "rpm binary not available, skipping rpm dependency
>> checks" +        return 2
>> +    }
>> +
>> +    # from README.run
>> +    local rpms="audit-libs-devel expect libselinux-devel perl-devel \
>> +                perl-Expect perl-IO-Tty"
> 
> Question: is it wise to hard code the RPM names? Note, other distros may 
> use different names.

The following was mentioned in a commit which introduced envcheck:

  The idea is to catch various configuration or setup errors
  and give useful hints, so that the user doesn't have to debug
  the system/suite to find out what could possibly go wrong.

  This script is not supposed to replace or duplicate functionality
  provided by the suite itself, it should be only used for basic sanity
  verification of the environment. It doesn't claim to reveal all
  configuration errors, but it can still be useful.

  Because of the reasons mentioned above, running this script
  is purely optional.

The idea being that it's not the ultimate checking thing, which must
pass in all checks.

The RPM list is taken from README.run and is thus hardcoded there as
well. I've tried to limit this new rpm deps check to RPM-specific
distros by checking the `rpm' command availability (which itself is
a rather lame check, better ideas welcome), but I'm not against more
complex verification methods.
I didn't want to limit the package names to RHEL, since there may be
other RPM-based distros with the same package names (ie. CentOS).
If the check starts failing on RHEL-unrelated RPM-based distros,
it at least makes the person double-check the required dependencies
and (hopefully) report the problem on this list, so we can come up with
a better solution (using case/esac, for example).

Overall, a much better check would be file-based. That would, however,
require some serious suite digging for truly required files, which is
kind of out of the scope of the envcheck script.

> 
>> +
>> +    for rpm in $rpms; do
>> +        check "rpm -q \"$rpm\"" 0 "rpm package $rpm is installed"
>> +    done;
>> +
>> +    if [ "$CHECK_FAILED" ]; then
>> +        echo
>> +        echo "RPM dependency checking failed."
>> +        echo "Please make sure you have installed all necessary suite"
>> +        echo "requires / dependencies specified at the top of
>> README.run." +        return 1
>> +    else
>> +        check_rpm_deps=1
>> +    fi
>> +}
>> +
>> +
>> ### USER SESSION
>> check_user_session() {
>>     local CHECK_FAILED
>> @@ -396,6 +426,7 @@ check_kvm() {
>> # checks to be run, ordering is important
>> CHECKS="
>> check_variables
>> +check_rpm_deps
>> check_user_session
>> check_suite
>> check_networking_if
> 
> 
> Ciao
> Stephan
>