ovh/the-bastion
1
1
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2024-09-20 15:05:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

chore: bump OpenSUSE Leap tests from 15.3 to 15.4

Browse source
This commit is contained in:
Stéphane Lesimple 2023-03-23 19:12:08 +00:00 committed by Stéphane Lesimple
parent 49dc104dd7
commit 6f13149093
5 changed files with 10 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.github/workflows/tests.yml vendored
View file

@ -20,7 +20,7 @@ jobs:
name: Long name: Long
strategy: strategy:
matrix: matrix:
platform: [rockylinux8, debian10, 'opensuse15@opensuse/leap:15.3', ubuntu2204] platform: [rockylinux8, debian11, 'opensuse15@opensuse/leap:15.4', ubuntu2204]
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: contains(github.event.pull_request.labels.*.name, 'tests:long') if: contains(github.event.pull_request.labels.*.name, 'tests:long')
steps: steps:
@ -34,7 +34,7 @@ jobs:
name: Full name: Full
strategy: strategy:
matrix: matrix:
platform: [centos7, rockylinux8, debian9, debian10, debian11, 'opensuse15@opensuse/leap:15.3', ubuntu1604, ubuntu1804, ubuntu2004, ubuntu2204] platform: [centos7, rockylinux8, debian9, debian10, debian11, 'opensuse15@opensuse/leap:15.4', ubuntu1604, ubuntu1804, ubuntu2004, ubuntu2204]
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: contains(github.event.pull_request.labels.*.name, 'tests:full') if: contains(github.event.pull_request.labels.*.name, 'tests:full')
steps: steps:

2
README.md
View file

@ -76,7 +76,7 @@ Linux distros below are tested with each release, but as this is a security prod
- CentOS 7.x - CentOS 7.x
- RockyLinux 8.x - RockyLinux 8.x
- Ubuntu LTS 22.04, 20.04, 18.04, 16.04 - Ubuntu LTS 22.04, 20.04, 18.04, 16.04
- OpenSUSE Leap 15.3\* - OpenSUSE Leap 15.4\*
\*: Note that these versions have no out-of-the-box MFA support, as they lack packaged versions of `pamtester`, `pam-google-authenticator`, or both. Of course, you may compile those yourself. \*: Note that these versions have no out-of-the-box MFA support, as they lack packaged versions of `pamtester`, `pam-google-authenticator`, or both. Of course, you may compile those yourself.
Any other so-called "modern" Linux version are not tested with each release, but should work with no or minor adjustments. Any other so-called "modern" Linux version are not tested with each release, but should work with no or minor adjustments.

15
bin/admin/packages-check.sh
View file

@ -35,22 +35,15 @@ if echo "$DISTRO_LIKE" | grep -q -w debian; then
libjson-xs-perl inotify-tools lsof curl libterm-readline-gnu-perl \ libjson-xs-perl inotify-tools lsof curl libterm-readline-gnu-perl \
libwww-perl libdigest-sha-perl libnet-ssleay-perl \ libwww-perl libdigest-sha-perl libnet-ssleay-perl \
libnet-server-perl cryptsetup mosh expect openssh-server locales \ libnet-server-perl cryptsetup mosh expect openssh-server locales \
coreutils netcat bash libcgi-pm-perl iputils-ping tar" coreutils netcat-traditional bash libcgi-pm-perl iputils-ping tar \
liblinux-prctl-perl libpam-google-authenticator pamtester"
# workaround for debian/armhf: curl fails to validate some SSL certificates, # workaround for debian/armhf: curl fails to validate some SSL certificates,
# whereas wget succeeds; this is needed for e.g. install-ttyrec.sh # whereas wget succeeds; this is needed for e.g. install-ttyrec.sh
if [ "$(uname -m)" = armv7l ]; then if [ "$(uname -m)" = armv7l ]; then
wanted_list="$wanted_list wget" wanted_list="$wanted_list wget"
fi fi
# optional packages
[ "$opt_dev" = 1 ] && wanted_list="$wanted_list libperl-critic-perl libtest-deep-perl perltidy shellcheck openssl wget" [ "$opt_dev" = 1 ] && wanted_list="$wanted_list libperl-critic-perl libtest-deep-perl perltidy shellcheck openssl wget"
if { [ "$LINUX_DISTRO" = debian ] && [ "$DISTRO_VERSION_MAJOR" -lt 9 ]; } ||
{ [ "$LINUX_DISTRO" = ubuntu ] && [ "$DISTRO_VERSION_MAJOR" -le 16 ]; }; then
wanted_list="$wanted_list openssh-blacklist openssh-blacklist-extra"
fi
if { [ "$LINUX_DISTRO" = debian ] && [ "$DISTRO_VERSION_MAJOR" -ge 8 ]; } ||
{ [ "$LINUX_DISTRO" = ubuntu ] && [ "$DISTRO_VERSION_MAJOR" -ge 14 ]; }; then
wanted_list="$wanted_list liblinux-prctl-perl libpam-google-authenticator pamtester"
fi
[ "$opt_syslogng" = 1 ] && wanted_list="$wanted_list syslog-ng syslog-ng-core" [ "$opt_syslogng" = 1 ] && wanted_list="$wanted_list syslog-ng syslog-ng-core"
if [ "$opt_install" = 1 ]; then if [ "$opt_install" = 1 ]; then
@ -110,7 +103,7 @@ elif echo "$DISTRO_LIKE" | grep -q -w rhel; then
elif echo "$DISTRO_LIKE" | grep -q -w suse; then elif echo "$DISTRO_LIKE" | grep -q -w suse; then
wanted_list="perl-common-sense perl-JSON perl-Net-Netmask perl-Net-IP \ wanted_list="perl-common-sense perl-JSON perl-Net-Netmask perl-Net-IP \
perl-Net-DNS perl-DBD-SQLite perl-Term-ReadKey perl-DateTime \ perl-Net-DNS perl-DBD-SQLite perl-Term-ReadKey perl-DateTime \
fortune sudo fping perl perl-base \ fortune sudo fping perl perl-base gzip \
xz sqlite3 binutils acl gpg2 rsync \ xz sqlite3 binutils acl gpg2 rsync \
perl-JSON-XS inotify-tools lsof curl perl-TermReadLine-Gnu \ perl-JSON-XS inotify-tools lsof curl perl-TermReadLine-Gnu \
perl-libwww-perl perl-Digest perl-IO-Socket-SSL \ perl-libwww-perl perl-Digest perl-IO-Socket-SSL \

2
doc/sphinx/installation/basic.rst
View file

@ -36,7 +36,7 @@ you are *warmly* advised to run it on the latest up-to-date stable version of yo
- CentOS 7.x - CentOS 7.x
- RockyLinux 8.x - RockyLinux 8.x
- Ubuntu LTS 22.04, 20.04, 18.04, 16.04 - Ubuntu LTS 22.04, 20.04, 18.04, 16.04
- OpenSUSE Leap 15.3\* - OpenSUSE Leap 15.4\*
\*: Note that these versions have no out-of-the-box MFA support, as they lack packaged versions of ``pamtester``, \*: Note that these versions have no out-of-the-box MFA support, as they lack packaged versions of ``pamtester``,
``pam-google-authenticator``, or both. Of course, you may compile those yourself. ``pam-google-authenticator``, or both. Of course, you may compile those yourself.

2
tests/functional/tests.d/341-selfaccesses-force-password.sh
View file

@ -53,6 +53,8 @@ testsuite_selfaccesses_force_password()
success sshd_config_patch $r0 "\"sed -i 's/^ChallengeResponseAuthentication no/ChallengeResponseAuthentication yes/' /etc/ssh/sshd_config\"" success sshd_config_patch $r0 "\"sed -i 's/^ChallengeResponseAuthentication no/ChallengeResponseAuthentication yes/' /etc/ssh/sshd_config\""
success sshd_config_patch $r0 "\"echo -e 'Match User ${account4}\n KbdInteractiveAuthentication yes\n AuthenticationMethods keyboard-interactive' >> /etc/ssh/sshd_config\"" success sshd_config_patch $r0 "\"echo -e 'Match User ${account4}\n KbdInteractiveAuthentication yes\n AuthenticationMethods keyboard-interactive' >> /etc/ssh/sshd_config\""
success sshd_reload $r0 "\"pkill -SIGHUP -f '^(/usr/sbin/sshd\\\$|sshd.+listener)'\"" success sshd_reload $r0 "\"pkill -SIGHUP -f '^(/usr/sbin/sshd\\\$|sshd.+listener)'\""
# during tests, under some OSes it takes some time for sshd to accept new connections again after the SIGHUP
[ "$COUNTONLY" != 1 ] && sleep 1
fi fi