KNEL/football
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
efb69887191b3f573f091ae86b34a660a99916f1
football/tests/unit/run_comprehensive_test.bats
reachableceo efb6988719 fix: remove host FDE requirement, fix remaining audit partials 
Host FDE is no longer required — only guest (ISO) FDE matters per owner
direction. The build host's security posture is the owner's responsibility.
The Docker container already isolates the build process.

Changes:
- run.sh: Removed check_host_fde() function and its call in iso build path
- run.sh: Fixed SB key chmod in inline SECUREBOOT_HOOK (C-04 complete)
- run.sh: Fixed cache manifest format — no longer capped at 20 files (H-09)
- docs/PRD.md: Removed FR-011 Host FDE, renumbered FR-011 = Secure Boot/UKI
- docs/COMPLIANCE.md: Replaced fraudulent  summary with honest aspirational
- config/hooks/installed/encryption-validation.sh: lsblk discovery (H-06)
- src/security-hardening.sh: Synced WiFi blacklist with live hook (M-12)
- tests/: Updated 3 test files for guest encryption instead of host FDE
- AGENTS.md, README.md, audit docs: Removed host FDE references
- STATUS.md: Updated for current state
- JOURNAL.md: Added ADR-017 (host FDE not required)

782 tests pass, 0 fail, 0 shellcheck warnings.

Reference: DeepReport-2026-05-08.md C-02, C-04, H-06, H-09, M-12

💘 Generated with Crush

Assisted-by: GLM-5.1 via Crush <crush@charm.land>
2026-05-08 14:28:04 -05:00

312 lines
8.7 KiB
Bash
Raw Blame History

#!/usr/bin/env bats
# KNEL-Football Unit Tests - run.sh Main Entry Point
# Reference: PRD.md FR-010 (ISO Build Process)
# Copyright © 2026 Known Element Enterprises LLC
# License: GNU Affero General Public License v3.0 only
# =============================================================================
# File Existence and Basic Properties
# =============================================================================
@test "run.sh exists" {
[ -f "/workspace/run.sh" ]
}
@test "run.sh is executable" {
[ -x "/workspace/run.sh" ]
}
@test "run.sh is a valid bash script" {
run bash -n /workspace/run.sh
[ "$status" -eq 0 ]
}
@test "run.sh uses strict mode" {
grep -q "set -euo pipefail" /workspace/run.sh
}
# =============================================================================
# Script Structure and Configuration
# =============================================================================
@test "run.sh defines SCRIPT_DIR variable" {
grep -q "SCRIPT_DIR=" /workspace/run.sh
}
@test "run.sh defines DOCKER_IMAGE variable" {
grep -q "DOCKER_IMAGE=" /workspace/run.sh
}
@test "run.sh defines OUTPUT_DIR variable" {
grep -q "OUTPUT_DIR=" /workspace/run.sh
}
@test "run.sh defines BUILD_DIR variable" {
grep -q "BUILD_DIR=" /workspace/run.sh
}
@test "run.sh defines BUILD_LOG variable" {
grep -q "BUILD_LOG=" /workspace/run.sh
}
# =============================================================================
# Logging Functions
# =============================================================================
@test "run.sh defines log_info function" {
grep -q "log_info()" /workspace/run.sh
}
@test "run.sh defines log_warn function" {
grep -q "log_warn()" /workspace/run.sh
}
@test "run.sh defines log_error function" {
grep -q "log_error()" /workspace/run.sh
}
# =============================================================================
# Build Commands
# =============================================================================
@test "run.sh has build command" {
grep -q 'build)' /workspace/run.sh
}
@test "run.sh has iso command" {
grep -q 'iso)' /workspace/run.sh
}
@test "run.sh has monitor command" {
grep -q 'monitor)' /workspace/run.sh
}
@test "run.sh has clean command" {
grep -q 'clean)' /workspace/run.sh
}
# =============================================================================
# Test Commands
# =============================================================================
@test "run.sh has test command" {
grep -q 'test)' /workspace/run.sh
}
@test "run.sh has test:unit command" {
grep -q 'test:unit)' /workspace/run.sh
}
@test "run.sh has test:integration command" {
grep -q 'test:integration)' /workspace/run.sh
}
@test "run.sh has test:security command" {
grep -q 'test:security)' /workspace/run.sh
}
@test "run.sh has test:system command" {
grep -q 'test:system)' /workspace/run.sh
}
@test "run.sh has lint command" {
grep -q 'lint)' /workspace/run.sh
}
# =============================================================================
# VM Testing Commands
# =============================================================================
@test "run.sh has test:iso command" {
grep -q 'test:iso)' /workspace/run.sh
}
@test "run.sh defines vm_check_prerequisites function" {
grep -q "vm_check_prerequisites()" /workspace/run.sh
}
@test "run.sh defines vm_create function" {
grep -q "vm_create()" /workspace/run.sh
}
@test "run.sh defines vm_console function" {
grep -q "vm_console()" /workspace/run.sh
}
@test "run.sh defines vm_status function" {
grep -q "vm_status()" /workspace/run.sh
}
@test "run.sh defines vm_destroy function" {
grep -q "vm_destroy()" /workspace/run.sh
}
@test "run.sh defines vm_is_running function" {
grep -q "vm_is_running()" /workspace/run.sh
}
# =============================================================================
# Help and Usage
# =============================================================================
@test "run.sh has help command" {
grep -qE 'help\|\*\)|\*\)|help\)' /workspace/run.sh
}
@test "run.sh has usage function" {
grep -q "usage()" /workspace/run.sh
}
@test "run.sh usage shows available commands" {
run bash /workspace/run.sh help
[ "$status" -eq 1 ] # usage() exits with 1
[[ "$output" == *"build"* ]]
[[ "$output" == *"test"* ]]
[[ "$output" == *"iso"* ]]
}
@test "run.sh help mentions Docker" {
run bash /workspace/run.sh help
[[ "$output" == *"docker"* ]] || [[ "$output" == *"Docker"* ]]
}
@test "run.sh help mentions test commands" {
run bash /workspace/run.sh help
[[ "$output" == *"test:unit"* ]]
[[ "$output" == *"test:integration"* ]]
[[ "$output" == *"test:security"* ]]
}
# =============================================================================
# Docker Integration
# =============================================================================
@test "run.sh iso command uses Docker" {
grep -A 50 -F 'iso|iso:demo)' /workspace/run.sh | grep -q "docker run"
}
@test "run.sh test command uses Docker" {
grep -A 10 'test)' /workspace/run.sh | grep -q "docker run"
}
@test "run.sh mounts workspace as read-only in Docker" {
grep -q "/workspace:ro" /workspace/run.sh
}
@test "run.sh uses correct Docker image name" {
grep -q "knel-football-dev" /workspace/run.sh
}
# =============================================================================
# Build Configuration
# =============================================================================
@test "run.sh configures live-build for Debian trixie" {
grep -q "\-\-distribution trixie" /workspace/run.sh
}
@test "run.sh configures live-build for AMD64" {
grep -q "\-\-architectures amd64" /workspace/run.sh
}
@test "run.sh configures live-build for ISO hybrid" {
grep -q "\-\-binary-images iso-hybrid" /workspace/run.sh
}
@test "run.sh sets correct ISO application name" {
grep -q "KNEL-Football Secure OS" /workspace/run.sh
}
@test "run.sh enables Debian installer" {
grep -q "\-\-debian-installer" /workspace/run.sh
}
# =============================================================================
# Checksum Generation
# =============================================================================
@test "run.sh generates SHA256 checksums" {
grep -q "sha256sum" /workspace/run.sh
}
@test "run.sh generates MD5 checksums" {
grep -q "md5sum" /workspace/run.sh
}
# =============================================================================
# VM Configuration
# =============================================================================
@test "run.sh defines VM name" {
grep -q 'VM_NAME=' /workspace/run.sh
}
@test "run.sh defines VM RAM size" {
grep -q 'VM_RAM=' /workspace/run.sh
}
@test "run.sh defines VM CPU count" {
grep -q 'VM_CPUS=' /workspace/run.sh
}
@test "run.sh defines VM disk size" {
grep -q 'VM_DISK_SIZE=' /workspace/run.sh
}
@test "run.sh uses system libvirt URI" {
grep -q 'qemu:///system' /workspace/run.sh
}
# =============================================================================
# Main Entry Point
# =============================================================================
@test "run.sh has main function" {
grep -q "main()" /workspace/run.sh
}
@test "run.sh calls main with arguments" {
grep -q 'main "\$@"' /workspace/run.sh
}
@test "run.sh uses case statement for command dispatch" {
grep -q "case.*command" /workspace/run.sh
}
# =============================================================================
# Shell Compatibility
# =============================================================================
@test "run.sh shebang is bash" {
head -1 /workspace/run.sh | grep -q "#!/bin/bash"
}
@test "run.sh handles missing arguments gracefully" {
run bash /workspace/run.sh
[ "$status" -eq 1 ] # Should show usage and exit 1
}
# =============================================================================
# Guest FDE Requirements (FR-011 - removed, guest-only via FR-001)
# =============================================================================
@test "run.sh has LUKS2 encryption support for guest" {
grep -q "luksFormat\|luks2\|LUKS" /workspace/run.sh || grep -q "argon2id" /workspace/config/includes.installer/preseed.cfg
}
@test "run.sh references encryption for guest LUKS2" {
grep -qi "luks\|encryption" /workspace/run.sh
}
@test "preseed configures guest encryption" {
grep -qi "crypto\|encrypt\|luks" /workspace/config/includes.installer/preseed.cfg
}
@test "run.sh iso command references guest encryption" {
grep -A 15 -F 'iso|iso:demo)' /workspace/run.sh | grep -qi "encryption"
}
@test "preseed patches partman for argon2id" {
grep -q "argon2id" /workspace/config/includes.installer/preseed.cfg
}
Reference in New Issue View Git Blame Copy Permalink