872da4cf82
- Add check_host_fde() function to run.sh that detects LUKS encryption - Block ./run.sh iso if host lacks full disk encryption - Block ./run.sh test:iso commands if host lacks FDE - Add FR-011 to PRD.md documenting the host FDE requirement - Update AGENTS.md with new mandatory requirement - Add 9 tests for host FDE check in run_comprehensive_test.bats Rationale: Building a secure OS on an unencrypted host creates supply chain risk. The host must have LUKS encryption to ensure the entire build pipeline is secure. 💘 Generated with Crush Assisted-by: GLM-5 via Crush <crush@charm.land>
158 lines
4.3 KiB
Bash
158 lines
4.3 KiB
Bash
#!/usr/bin/env bats
|
|
# KNEL-Football Basic Tests - BATS Framework Validation
|
|
# Reference: PRD.md FR-001 through FR-010
|
|
# Copyright © 2026 Known Element Enterprises LLC
|
|
# License: GNU Affero General Public License v3.0 only
|
|
|
|
# =============================================================================
|
|
# BATS Framework Validation Tests
|
|
# =============================================================================
|
|
|
|
@test "bats framework is working" {
|
|
# Verify bats can execute tests
|
|
run echo "bats works"
|
|
[ "$status" -eq 0 ]
|
|
[ "$output" = "bats works" ]
|
|
}
|
|
|
|
@test "basic arithmetic assertions work" {
|
|
# Verify basic test assertions
|
|
[ 1 -eq 1 ]
|
|
[ 2 -gt 1 ]
|
|
[ 0 -lt 1 ]
|
|
}
|
|
|
|
@test "string comparison assertions work" {
|
|
# Verify string comparisons
|
|
[ "hello" = "hello" ]
|
|
[ "hello" != "world" ]
|
|
}
|
|
|
|
@test "file existence assertions work" {
|
|
# Verify file test operators
|
|
[ -f "run.sh" ]
|
|
[ -d "config" ]
|
|
[ -d "tests" ]
|
|
}
|
|
|
|
@test "run command and check status works" {
|
|
# Verify run command captures exit status
|
|
run true
|
|
[ "$status" -eq 0 ]
|
|
}
|
|
|
|
@test "run command captures output works" {
|
|
# Verify run command captures stdout
|
|
run echo "test output"
|
|
[ "$status" -eq 0 ]
|
|
[ "$output" = "test output" ]
|
|
}
|
|
|
|
@test "run command captures stderr works" {
|
|
# Verify run command captures stderr
|
|
run bash -c 'echo "error message" >&2'
|
|
[ "$status" -eq 0 ]
|
|
[ "$output" = "error message" ]
|
|
}
|
|
|
|
@test "run command captures failure status works" {
|
|
# Verify run command captures non-zero exit
|
|
run false
|
|
[ "$status" -eq 1 ]
|
|
}
|
|
|
|
# =============================================================================
|
|
# Project Structure Validation Tests
|
|
# =============================================================================
|
|
|
|
@test "project root directory exists" {
|
|
[ -d "/workspace" ]
|
|
}
|
|
|
|
@test "essential directories exist" {
|
|
[ -d "/workspace/config" ]
|
|
[ -d "/workspace/src" ]
|
|
[ -d "/workspace/tests" ]
|
|
[ -d "/workspace/docs" ]
|
|
}
|
|
|
|
@test "essential files exist" {
|
|
[ -f "/workspace/run.sh" ]
|
|
[ -f "/workspace/Dockerfile" ]
|
|
[ -f "/workspace/AGENTS.md" ]
|
|
[ -f "/workspace/README.md" ]
|
|
[ -f "/workspace/docs/PRD.md" ]
|
|
}
|
|
|
|
@test "run.sh is executable" {
|
|
[ -x "/workspace/run.sh" ]
|
|
}
|
|
|
|
@test "config directory structure is correct" {
|
|
[ -d "/workspace/config/hooks" ]
|
|
[ -d "/workspace/config/hooks/live" ]
|
|
[ -d "/workspace/config/hooks/installed" ]
|
|
[ -d "/workspace/config/package-lists" ]
|
|
}
|
|
|
|
@test "test directory structure is correct" {
|
|
[ -d "/workspace/tests/unit" ]
|
|
[ -d "/workspace/tests/integration" ]
|
|
[ -d "/workspace/tests/security" ]
|
|
[ -d "/workspace/tests/system" ]
|
|
[ -d "/workspace/tests/test_helper" ]
|
|
}
|
|
|
|
# =============================================================================
|
|
# Shell Script Syntax Validation
|
|
# =============================================================================
|
|
|
|
@test "run.sh has valid bash syntax" {
|
|
run bash -n /workspace/run.sh
|
|
[ "$status" -eq 0 ]
|
|
}
|
|
|
|
@test "security-hardening.sh has valid bash syntax" {
|
|
[ -f "/workspace/src/security-hardening.sh" ]
|
|
run bash -n /workspace/src/security-hardening.sh
|
|
[ "$status" -eq 0 ]
|
|
}
|
|
|
|
@test "firewall-setup.sh has valid bash syntax" {
|
|
[ -f "/workspace/src/firewall-setup.sh" ]
|
|
run bash -n /workspace/src/firewall-setup.sh
|
|
[ "$status" -eq 0 ]
|
|
}
|
|
|
|
@test "all hook scripts have valid bash syntax" {
|
|
for script in /workspace/config/hooks/live/*.sh; do
|
|
[ -f "$script" ]
|
|
run bash -n "$script"
|
|
[ "$status" -eq 0 ]
|
|
done
|
|
for script in /workspace/config/hooks/installed/*.sh; do
|
|
[ -f "$script" ]
|
|
run bash -n "$script"
|
|
[ "$status" -eq 0 ]
|
|
done
|
|
}
|
|
|
|
# =============================================================================
|
|
# Configuration File Validation
|
|
# =============================================================================
|
|
|
|
@test "preseed.cfg exists and is readable" {
|
|
[ -f "/workspace/config/preseed.cfg" ]
|
|
[ -r "/workspace/config/preseed.cfg" ]
|
|
}
|
|
|
|
@test "package list exists and is readable" {
|
|
[ -f "/workspace/config/package-lists/knel-football.list.chroot" ]
|
|
[ -r "/workspace/config/package-lists/knel-football.list.chroot" ]
|
|
}
|
|
|
|
@test "Dockerfile exists and is readable" {
|
|
[ -f "/workspace/Dockerfile" ]
|
|
[ -r "/workspace/Dockerfile" ]
|
|
}
|