mirror of
https://github.com/ovh/the-bastion.git
synced 2024-09-20 15:05:58 +08:00
chore: bump OpenSUSE Leap tests from 15.3 to 15.4
This commit is contained in:
parent
49dc104dd7
commit
6f13149093
4
.github/workflows/tests.yml
vendored
4
.github/workflows/tests.yml
vendored
|
@ -20,7 +20,7 @@ jobs:
|
||||||
name: Long
|
name: Long
|
||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
platform: [rockylinux8, debian10, 'opensuse15@opensuse/leap:15.3', ubuntu2204]
|
platform: [rockylinux8, debian11, 'opensuse15@opensuse/leap:15.4', ubuntu2204]
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
if: contains(github.event.pull_request.labels.*.name, 'tests:long')
|
if: contains(github.event.pull_request.labels.*.name, 'tests:long')
|
||||||
steps:
|
steps:
|
||||||
|
@ -34,7 +34,7 @@ jobs:
|
||||||
name: Full
|
name: Full
|
||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
platform: [centos7, rockylinux8, debian9, debian10, debian11, 'opensuse15@opensuse/leap:15.3', ubuntu1604, ubuntu1804, ubuntu2004, ubuntu2204]
|
platform: [centos7, rockylinux8, debian9, debian10, debian11, 'opensuse15@opensuse/leap:15.4', ubuntu1604, ubuntu1804, ubuntu2004, ubuntu2204]
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
if: contains(github.event.pull_request.labels.*.name, 'tests:full')
|
if: contains(github.event.pull_request.labels.*.name, 'tests:full')
|
||||||
steps:
|
steps:
|
||||||
|
|
|
@ -76,7 +76,7 @@ Linux distros below are tested with each release, but as this is a security prod
|
||||||
- CentOS 7.x
|
- CentOS 7.x
|
||||||
- RockyLinux 8.x
|
- RockyLinux 8.x
|
||||||
- Ubuntu LTS 22.04, 20.04, 18.04, 16.04
|
- Ubuntu LTS 22.04, 20.04, 18.04, 16.04
|
||||||
- OpenSUSE Leap 15.3\*
|
- OpenSUSE Leap 15.4\*
|
||||||
|
|
||||||
\*: Note that these versions have no out-of-the-box MFA support, as they lack packaged versions of `pamtester`, `pam-google-authenticator`, or both. Of course, you may compile those yourself.
|
\*: Note that these versions have no out-of-the-box MFA support, as they lack packaged versions of `pamtester`, `pam-google-authenticator`, or both. Of course, you may compile those yourself.
|
||||||
Any other so-called "modern" Linux version are not tested with each release, but should work with no or minor adjustments.
|
Any other so-called "modern" Linux version are not tested with each release, but should work with no or minor adjustments.
|
||||||
|
|
|
@ -35,22 +35,15 @@ if echo "$DISTRO_LIKE" | grep -q -w debian; then
|
||||||
libjson-xs-perl inotify-tools lsof curl libterm-readline-gnu-perl \
|
libjson-xs-perl inotify-tools lsof curl libterm-readline-gnu-perl \
|
||||||
libwww-perl libdigest-sha-perl libnet-ssleay-perl \
|
libwww-perl libdigest-sha-perl libnet-ssleay-perl \
|
||||||
libnet-server-perl cryptsetup mosh expect openssh-server locales \
|
libnet-server-perl cryptsetup mosh expect openssh-server locales \
|
||||||
coreutils netcat bash libcgi-pm-perl iputils-ping tar"
|
coreutils netcat-traditional bash libcgi-pm-perl iputils-ping tar \
|
||||||
|
liblinux-prctl-perl libpam-google-authenticator pamtester"
|
||||||
# workaround for debian/armhf: curl fails to validate some SSL certificates,
|
# workaround for debian/armhf: curl fails to validate some SSL certificates,
|
||||||
# whereas wget succeeds; this is needed for e.g. install-ttyrec.sh
|
# whereas wget succeeds; this is needed for e.g. install-ttyrec.sh
|
||||||
if [ "$(uname -m)" = armv7l ]; then
|
if [ "$(uname -m)" = armv7l ]; then
|
||||||
wanted_list="$wanted_list wget"
|
wanted_list="$wanted_list wget"
|
||||||
fi
|
fi
|
||||||
|
# optional packages
|
||||||
[ "$opt_dev" = 1 ] && wanted_list="$wanted_list libperl-critic-perl libtest-deep-perl perltidy shellcheck openssl wget"
|
[ "$opt_dev" = 1 ] && wanted_list="$wanted_list libperl-critic-perl libtest-deep-perl perltidy shellcheck openssl wget"
|
||||||
|
|
||||||
if { [ "$LINUX_DISTRO" = debian ] && [ "$DISTRO_VERSION_MAJOR" -lt 9 ]; } ||
|
|
||||||
{ [ "$LINUX_DISTRO" = ubuntu ] && [ "$DISTRO_VERSION_MAJOR" -le 16 ]; }; then
|
|
||||||
wanted_list="$wanted_list openssh-blacklist openssh-blacklist-extra"
|
|
||||||
fi
|
|
||||||
if { [ "$LINUX_DISTRO" = debian ] && [ "$DISTRO_VERSION_MAJOR" -ge 8 ]; } ||
|
|
||||||
{ [ "$LINUX_DISTRO" = ubuntu ] && [ "$DISTRO_VERSION_MAJOR" -ge 14 ]; }; then
|
|
||||||
wanted_list="$wanted_list liblinux-prctl-perl libpam-google-authenticator pamtester"
|
|
||||||
fi
|
|
||||||
[ "$opt_syslogng" = 1 ] && wanted_list="$wanted_list syslog-ng syslog-ng-core"
|
[ "$opt_syslogng" = 1 ] && wanted_list="$wanted_list syslog-ng syslog-ng-core"
|
||||||
|
|
||||||
if [ "$opt_install" = 1 ]; then
|
if [ "$opt_install" = 1 ]; then
|
||||||
|
@ -110,7 +103,7 @@ elif echo "$DISTRO_LIKE" | grep -q -w rhel; then
|
||||||
elif echo "$DISTRO_LIKE" | grep -q -w suse; then
|
elif echo "$DISTRO_LIKE" | grep -q -w suse; then
|
||||||
wanted_list="perl-common-sense perl-JSON perl-Net-Netmask perl-Net-IP \
|
wanted_list="perl-common-sense perl-JSON perl-Net-Netmask perl-Net-IP \
|
||||||
perl-Net-DNS perl-DBD-SQLite perl-Term-ReadKey perl-DateTime \
|
perl-Net-DNS perl-DBD-SQLite perl-Term-ReadKey perl-DateTime \
|
||||||
fortune sudo fping perl perl-base \
|
fortune sudo fping perl perl-base gzip \
|
||||||
xz sqlite3 binutils acl gpg2 rsync \
|
xz sqlite3 binutils acl gpg2 rsync \
|
||||||
perl-JSON-XS inotify-tools lsof curl perl-TermReadLine-Gnu \
|
perl-JSON-XS inotify-tools lsof curl perl-TermReadLine-Gnu \
|
||||||
perl-libwww-perl perl-Digest perl-IO-Socket-SSL \
|
perl-libwww-perl perl-Digest perl-IO-Socket-SSL \
|
||||||
|
|
|
@ -36,7 +36,7 @@ you are *warmly* advised to run it on the latest up-to-date stable version of yo
|
||||||
- CentOS 7.x
|
- CentOS 7.x
|
||||||
- RockyLinux 8.x
|
- RockyLinux 8.x
|
||||||
- Ubuntu LTS 22.04, 20.04, 18.04, 16.04
|
- Ubuntu LTS 22.04, 20.04, 18.04, 16.04
|
||||||
- OpenSUSE Leap 15.3\*
|
- OpenSUSE Leap 15.4\*
|
||||||
|
|
||||||
\*: Note that these versions have no out-of-the-box MFA support, as they lack packaged versions of ``pamtester``,
|
\*: Note that these versions have no out-of-the-box MFA support, as they lack packaged versions of ``pamtester``,
|
||||||
``pam-google-authenticator``, or both. Of course, you may compile those yourself.
|
``pam-google-authenticator``, or both. Of course, you may compile those yourself.
|
||||||
|
|
|
@ -53,6 +53,8 @@ testsuite_selfaccesses_force_password()
|
||||||
success sshd_config_patch $r0 "\"sed -i 's/^ChallengeResponseAuthentication no/ChallengeResponseAuthentication yes/' /etc/ssh/sshd_config\""
|
success sshd_config_patch $r0 "\"sed -i 's/^ChallengeResponseAuthentication no/ChallengeResponseAuthentication yes/' /etc/ssh/sshd_config\""
|
||||||
success sshd_config_patch $r0 "\"echo -e 'Match User ${account4}\n KbdInteractiveAuthentication yes\n AuthenticationMethods keyboard-interactive' >> /etc/ssh/sshd_config\""
|
success sshd_config_patch $r0 "\"echo -e 'Match User ${account4}\n KbdInteractiveAuthentication yes\n AuthenticationMethods keyboard-interactive' >> /etc/ssh/sshd_config\""
|
||||||
success sshd_reload $r0 "\"pkill -SIGHUP -f '^(/usr/sbin/sshd\\\$|sshd.+listener)'\""
|
success sshd_reload $r0 "\"pkill -SIGHUP -f '^(/usr/sbin/sshd\\\$|sshd.+listener)'\""
|
||||||
|
# during tests, under some OSes it takes some time for sshd to accept new connections again after the SIGHUP
|
||||||
|
[ "$COUNTONLY" != 1 ] && sleep 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue