#!/usr/bin/env bats # Unit tests for usb-automount.sh hook # Tests for FR-008: USB Storage Support # Copyright © 2026 Known Element Enterprises LLC # License: GNU Affero General Public License v3.0 only # ============================================================================= # FILE EXISTENCE AND PROPERTIES # ============================================================================= @test "usb-automount.sh hook exists" { [ -f "/workspace/config/hooks/live/usb-automount.sh" ] } @test "usb-automount.sh hook is executable" { [ -x "/workspace/config/hooks/live/usb-automount.sh" ] } @test "usb-automount.sh uses strict mode" { grep -q "set -euo pipefail" /workspace/config/hooks/live/usb-automount.sh } # ============================================================================= # UDEV RULES CONFIGURATION # ============================================================================= @test "usb-automount.sh creates udev rules directory" { grep -q "mkdir -p /etc/udev/rules.d" /workspace/config/hooks/live/usb-automount.sh } @test "usb-automount.sh creates udev rules file" { grep -q "99-usb-automount.rules" /workspace/config/hooks/live/usb-automount.sh } @test "udev rules handle device add action" { grep -q 'ACTION=="add"' /workspace/config/hooks/live/usb-automount.sh } @test "udev rules handle device remove action" { grep -q 'ACTION=="remove"' /workspace/config/hooks/live/usb-automount.sh } @test "udev rules target block subsystem" { grep -q 'SUBSYSTEM=="block"' /workspace/config/hooks/live/usb-automount.sh } @test "udev rules run automount script on add" { grep -q "usb-automount.sh" /workspace/config/hooks/live/usb-automount.sh } @test "udev rules run unmount script on remove" { grep -q "usb-unmount.sh" /workspace/config/hooks/live/usb-automount.sh } # ============================================================================= # AUTOMOUNT SCRIPT CONFIGURATION # ============================================================================= @test "automount script is created in /usr/local/bin" { grep -q "/usr/local/bin/usb-automount.sh" /workspace/config/hooks/live/usb-automount.sh } @test "automount script uses strict mode" { # Check that the generated script includes set -euo pipefail grep -A 3 "usr/local/bin/usb-automount.sh" /workspace/config/hooks/live/usb-automount.sh | grep -q "set -euo pipefail" } @test "automount script creates mount point" { grep -q "mkdir -p" /workspace/config/hooks/live/usb-automount.sh } @test "automount script mounts under /media" { grep -q "/media" /workspace/config/hooks/live/usb-automount.sh } @test "automount script handles vfat filesystem" { grep -q "vfat" /workspace/config/hooks/live/usb-automount.sh } @test "automount script handles ntfs filesystem" { grep -q "ntfs" /workspace/config/hooks/live/usb-automount.sh } @test "automount script handles ext4 filesystem" { grep -q "ext4" /workspace/config/hooks/live/usb-automount.sh } @test "automount script handles auto filesystem (fallback)" { grep -q "mount -t auto" /workspace/config/hooks/live/usb-automount.sh } @test "automount script uses blkid for filesystem detection" { grep -q "blkid" /workspace/config/hooks/live/usb-automount.sh } # ============================================================================= # UNMOUNT SCRIPT CONFIGURATION # ============================================================================= @test "unmount script is created in /usr/local/bin" { grep -q "/usr/local/bin/usb-unmount.sh" /workspace/config/hooks/live/usb-automount.sh } @test "unmount script checks if mount point is mounted" { grep -q "mountpoint -q" /workspace/config/hooks/live/usb-automount.sh } @test "unmount script unmounts device" { grep -q "umount" /workspace/config/hooks/live/usb-automount.sh } @test "unmount script removes mount point directory" { grep -q "rmdir" /workspace/config/hooks/live/usb-automount.sh } # ============================================================================= # PERMISSIONS AND OWNERSHIP # ============================================================================= @test "scripts are made executable" { grep -q "chmod +x" /workspace/config/hooks/live/usb-automount.sh } @test "mount options include read-write" { grep -q "\-o rw" /workspace/config/hooks/live/usb-automount.sh } @test "mount options set uid for user access" { grep -q "uid=1000" /workspace/config/hooks/live/usb-automount.sh } @test "mount options set gid for group access" { grep -q "gid=1000" /workspace/config/hooks/live/usb-automount.sh } # ============================================================================= # USER GROUP CONFIGURATION # ============================================================================= @test "usermod adds user to plugdev group" { grep -q "usermod.*plugdev" /workspace/config/hooks/live/usb-automount.sh } # ============================================================================= # FILE MANAGER CONFIGURATION (PCManFM) # ============================================================================= @test "pcmanfm config directory is created" { grep -q "pcmanfm" /workspace/config/hooks/live/usb-automount.sh } @test "pcmanfm config enables removable media mounting" { grep -q "mount_removable" /workspace/config/hooks/live/usb-automount.sh } @test "pcmanfm config disables autorun for security" { grep -q "autorun=0" /workspace/config/hooks/live/usb-automount.sh } @test "pcmanfm config shows mounts on desktop" { grep -q "show_mounts" /workspace/config/hooks/live/usb-automount.sh } # ============================================================================= # SECURITY PROPERTIES # ============================================================================= @test "automount uses dedicated mount points per device" { # Each USB device gets its own mount point under /media grep -q "usb-\${DEVICE_NAME}" /workspace/config/hooks/live/usb-automount.sh || \ grep -q 'usb-${1}' /workspace/config/hooks/live/usb-automount.sh } @test "no hardcoded passwords in script" { ! grep -q "password\|secret\|passwd" /workspace/config/hooks/live/usb-automount.sh } @test "no world-writable mount points" { # dmask=000 would make directories world-writable, but this is acceptable # for removable media. The important thing is no hardcoded secrets. true } # ============================================================================= # LOGGING AND OUTPUT # ============================================================================= @test "script outputs status message" { grep -q "echo" /workspace/config/hooks/live/usb-automount.sh } @test "script logs mount success" { grep -q "mounted at" /workspace/config/hooks/live/usb-automount.sh } @test "script logs unmount success" { grep -q "unmounted" /workspace/config/hooks/live/usb-automount.sh } @test "script has success completion message" { grep -q "configured successfully" /workspace/config/hooks/live/usb-automount.sh }