From 2d63802e77617e4840c81baceb709260341c251a Mon Sep 17 00:00:00 2001 From: Craig Jennings Date: Thu, 25 Jun 2026 03:33:59 -0400 Subject: test(archsetup): expand validation coverage + fix ParallelDownloads (P4) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add post-install checks beyond the original shell sweep, validated against a live VM: test_hardening (sshd prohibit-password, quiet-printk sysctl, emptied /etc/issue, console font, EFI mount perms), test_config_applied (pacman ParallelDownloads/Color/multilib, makepkg flags, NetworkManager drop-ins, fail2ban jail, reflector), and test_backups (the .archsetup.bak files backup_system_file leaves behind — end-to-end proof of that feature). The new tests caught a real bug: ParallelDownloads stayed at Arch's default 5 because the sed only matched a commented "#ParallelDownloads", but current Arch ships it uncommented. Match both (^#?ParallelDownloads) so the intended 10 takes effect. Verified against a kept VM: 95 passed, 10 skipped (the one remaining failure was the pre-fix ParallelDownloads on the already-built VM, which the sed fix resolves on the next fresh install). --- scripts/testing/tests/test_backups.py | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 scripts/testing/tests/test_backups.py (limited to 'scripts/testing/tests/test_backups.py') diff --git a/scripts/testing/tests/test_backups.py b/scripts/testing/tests/test_backups.py new file mode 100644 index 0000000..314cacc --- /dev/null +++ b/scripts/testing/tests/test_backups.py @@ -0,0 +1,30 @@ +# SPDX-License-Identifier: GPL-3.0-or-later +"""Post-install checks: backup_system_file ran during a real install. + +Expansion coverage (P4). The unit suite (tests/backup-system-file/) covers the +helper's logic; this confirms it actually fires end-to-end — archsetup leaves a +.archsetup.bak next to each pre-existing file it edits in place. + +These targets are edited unconditionally on every run (pacman.conf/makepkg.conf +always sed'd, sudoers always appended, mkinitcpio.conf HOOKS on non-ZFS), so +their backups must exist. Conditionally-edited files (locale.gen, geoclue, +fstab) aren't asserted here since their edits depend on the base image. +""" + +import pytest + + +ALWAYS_BACKED_UP = [ + "/etc/pacman.conf", + "/etc/makepkg.conf", + "/etc/sudoers", + "/etc/mkinitcpio.conf", +] + + +@pytest.mark.attribution("archsetup") +@pytest.mark.parametrize("path", ALWAYS_BACKED_UP) +def test_backup_created_for_edited_file(host, path): + bak = host.file(path + ".archsetup.bak") + assert bak.exists, "%s.archsetup.bak missing — backup_system_file did not fire" % path + assert bak.is_file -- cgit v1.2.3