* [meta-security][PATCH 2/4] scap-security-guide: disable ptest
2025-07-18 14:10 [meta-security][PATCH 0/4] master-next updates Scott Murray
2025-07-18 14:10 ` [meta-security][PATCH 1/4] scap-security-guide: upgrade 0.1.76 -> 0.1.77 Scott Murray
@ 2025-07-18 14:10 ` Scott Murray
2025-07-18 14:10 ` [meta-security][PATCH 3/4] suricata: fix "interface" arg in systemd service Scott Murray
` (2 subsequent siblings)
4 siblings, 0 replies; 7+ messages in thread
From: Scott Murray @ 2025-07-18 14:10 UTC (permalink / raw)
To: yocto-patches; +Cc: marta.rybczynska
From: Yi Zhao <yi.zhao@eng.windriver.com>
Enabling ptest will significantly increase build time. Additionally,
since the ptest distro_feature is enabled by default in poky distro,
build time can be very long, which is annoying.
On my build host:
Enable ptest:
$ time build scap-security-guide
real 219m54.529s
user 0m49.040s
sys 0m1.304s
Disable ptest:
$ time build scap-security-guide
real 1m25.222s
user 0m3.306s
sys 0m0.166s
Since no one cares about this ptest and no one fixes the test failures.
Let's disable it.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
.../scap-security-guide/files/run-ptest | 7 ---
.../scap-security-guide_0.1.77.bb | 52 +------------------
2 files changed, 1 insertion(+), 58 deletions(-)
delete mode 100644 recipes-compliance/scap-security-guide/files/run-ptest
diff --git a/recipes-compliance/scap-security-guide/files/run-ptest b/recipes-compliance/scap-security-guide/files/run-ptest
deleted file mode 100644
index e8d270f..0000000
--- a/recipes-compliance/scap-security-guide/files/run-ptest
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/sh
-
-export PYTHONPATH="/usr/lib/scap-security-guide/ptest/git:$PYTHONPATH"
-
-cd git/build
-
-ctest --output-on-failure -E unique-stigids
diff --git a/recipes-compliance/scap-security-guide/scap-security-guide_0.1.77.bb b/recipes-compliance/scap-security-guide/scap-security-guide_0.1.77.bb
index a082a70..cdd22a5 100644
--- a/recipes-compliance/scap-security-guide/scap-security-guide_0.1.77.bb
+++ b/recipes-compliance/scap-security-guide/scap-security-guide_0.1.77.bb
@@ -9,7 +9,6 @@ LICENSE = "BSD-3-Clause"
SRCREV = "c1e1ba121d32b3c319b0e25ee2993b62386e5857"
SRC_URI = "git://github.com/ComplianceAsCode/content.git;nobranch=1;protocol=https \
file://run_eval.sh \
- file://run-ptest \
"
@@ -17,7 +16,7 @@ DEPENDS = "openscap-native python3-pyyaml-native python3-jinja2-native libxml2-n
B = "${S}/build"
-inherit cmake pkgconfig python3native python3targetconfig ptest
+inherit cmake pkgconfig python3native python3targetconfig
STAGING_OSCAP_BUILDDIR = "${TMPDIR}/work-shared/openscap/oscap-build-artifacts"
export OSCAP_CPE_PATH = "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/cpe"
@@ -40,57 +39,8 @@ do_install:append() {
install ${UNPACKDIR}/run_eval.sh ${D}${datadir}/openscap/.
}
-do_compile_ptest() {
- cd ${S}/build
- cmake ../
- make
-}
-
-do_install_ptest() {
-
- # remove host & work dir from tests
- for x in $(find ${S}/build -type f) ;
- do
- sed -e 's#${HOSTTOOLS_DIR}/##g' \
- -e 's#${RECIPE_SYSROOT_NATIVE}##g' \
- -e 's#${UNPACKDIR}#${PTEST_PATH}#g' \
- -e 's#/.*/xmllint#/usr/bin/xmllint#g' \
- -e 's#/.*/oscap#/usr/bin/oscap#g' \
- -e 's#/python3-native##g' \
- -i ${x}
- done
-
- for x in $(find ${S}/build-scripts -type f) ;
- do
- sed -i -e '1s|^#!.*|#!/usr/bin/env python3|' ${x}
- done
-
- for x in $(find ${S}/tests -type f) ;
- do
- sed -i -e '1s|^#!.*|#!/usr/bin/env python3|' ${x}
- done
-
- for x in $(find ${S}/utils -type f) ;
- do
- sed -i -e '1s|^#!.*|#!/usr/bin/env python3|' ${x}
- done
-
- PDIRS="apple_os build controls products shared components applications linux_os ocp-resources tests utils ssg build-scripts"
- t=${D}/${PTEST_PATH}/git
- for d in ${PDIRS}; do
- install -d ${t}/$d
- cp -fr ${S}/$d/* ${t}/$d/.
- done
-
- # Remove __pycache__ directories as they contain references to TMPDIR
- for pycachedir in $(find ${D}/${PTEST_PATH} -name __pycache__); do
- rm -rf $pycachedir
- done
-}
-
FILES:${PN} += "${datadir}/xml ${datadir}/openscap"
RDEPENDS:${PN} = "openscap"
-RDEPENDS:${PN}-ptest = "cmake grep sed bash git python3 python3-modules python3-pyyaml python3-pytest libxml2-utils libxslt-bin"
COMPATIBLE_HOST:libc-musl = "null"
--
2.50.0
^ permalink raw reply related [flat|nested] 7+ messages in thread* [meta-security][PATCH 4/4] samhain: Adapt test output to Automake format for ptest compatibility
2025-07-18 14:10 [meta-security][PATCH 0/4] master-next updates Scott Murray
` (2 preceding siblings ...)
2025-07-18 14:10 ` [meta-security][PATCH 3/4] suricata: fix "interface" arg in systemd service Scott Murray
@ 2025-07-18 14:10 ` Scott Murray
2025-07-20 18:26 ` [yocto-patches] [meta-security][PATCH 0/4] master-next updates Marta Rybczynska
4 siblings, 0 replies; 7+ messages in thread
From: Scott Murray @ 2025-07-18 14:10 UTC (permalink / raw)
To: yocto-patches; +Cc: marta.rybczynska
From: Haixiao Yan <haixiao.yan.cn@windriver.com>
Convert CuTest output to follow Automake-compatible format
(PASS:/FAIL:) so that ptest-runner can correctly parse and
report test results.
root@qemux86-64:~# ptest-runner samhain-standalone -t 3600
START: ptest-runner
2025-07-06T09:38
BEGIN: /usr/lib64/samhain-standalone/ptest
PASS: Test_quote_string_ok
PASS: Test_unquote_string_ok
PASS: Test_csv_escape_ok
PASS: Test_tiger
PASS: Test_tiger_file
PASS: Test_tiger_file_with_length
PASS: Test_sh_tools_safe_name_01
PASS: Test_sh_tools_safe_name_02
PASS: Test_sh_tools_safe_name_03
PASS: Test_sh_tools_safe_name_04
PASS: Test_sh_tools_safe_name_05
PASS: Test_sh_tools_safe_name_06
PASS: Test_sh_tools_safe_name_07
PASS: Test_is_numeric_01
PASS: Test_dnmalloc
PASS: Test_sh_unix_lookup_page
PASS: Test_sl_strlcpy
PASS: Test_sl_strlcat
PASS: Test_sh_util_acl_compact
PASS: Test_sh_util_strdup_ok
PASS: Test_sh_util_strconcat_ok
PASS: Test_sh_util_base64_enc_ok
PASS: Test_sh_util_dirname_ok
PASS: Test_sh_util_basename_ok
PASS: Test_sh_util_utf8_ok
PASS: Test_sh_util_obscure_ok
PASS: Test_sl_stale
PASS: Test_sl_snprintf
PASS: Test_sl_ts_strncmp
PASS: Test_sl_strcasecmp
PASS: Test_zAVLTree
PASS: Test_sha256
PASS: Test_entropy
PASS: Test_fifo
PASS: Test_file_lists
PASS: Test_file_dequote
PASS: Test_uuid
PASS: Test_ignore_ok
PASS: Test_inotify
PASS: Test_ipvx
PASS: Test_login
PASS: Test_login
PASS: Test_portcheck_lists
PASS: Test_processcheck_watchlist_ok
PASS: Test_processcheck_listhandle_ok
PASS: Test_restrict
PASS: Test_cmdlist
PASS: Test_srp
PASS: Test_string
DURATION: 0
END: /usr/lib64/samhain-standalone/ptest
2025-07-06T09:38
STOP: ptest-runner
TOTAL: 1 FAIL: 0
root@qemux86-64:~#
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
...t-output-to-match-Automake-standards.patch | 102 ++++++++++++++++++
recipes-ids/samhain/samhain.inc | 1 +
2 files changed, 103 insertions(+)
create mode 100644 recipes-ids/samhain/files/0001-Format-test-output-to-match-Automake-standards.patch
diff --git a/recipes-ids/samhain/files/0001-Format-test-output-to-match-Automake-standards.patch b/recipes-ids/samhain/files/0001-Format-test-output-to-match-Automake-standards.patch
new file mode 100644
index 0000000..eccd242
--- /dev/null
+++ b/recipes-ids/samhain/files/0001-Format-test-output-to-match-Automake-standards.patch
@@ -0,0 +1,102 @@
+From 065813e5ec274942c4e8803d813ae863fb17313f Mon Sep 17 00:00:00 2001
+From: Haixiao Yan <haixiao.yan.cn@windriver.com>
+Date: Sun, 6 Jul 2025 14:34:08 +0800
+Subject: [PATCH] Format test output to match Automake standards
+
+Upstream-Status: Pending
+
+Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
+---
+ src/CuTest.c | 63 +++++++++++++++--------------------------------
+ src/make-tests.sh | 1 -
+ 2 files changed, 20 insertions(+), 44 deletions(-)
+
+diff --git a/src/CuTest.c b/src/CuTest.c
+index c1884daedbd8..44007fdb97ff 100644
+--- a/src/CuTest.c
++++ b/src/CuTest.c
+@@ -302,49 +302,26 @@ void CuSuiteRun(CuSuite* testSuite)
+ }
+ }
+
+-void CuSuiteSummary(CuSuite* testSuite, CuString* summary)
+-{
+- int i;
+- for (i = 0 ; i < testSuite->count ; ++i)
+- {
+- CuTest* testCase = testSuite->list[i];
+- CuStringAppend(summary, testCase->failed ? "F" : ".");
+- }
+- CuStringAppend(summary, "\n\n");
+-}
+-
+ void CuSuiteDetails(CuSuite* testSuite, CuString* details)
+ {
+- int i;
+- int failCount = 0;
+-
+- if (testSuite->failCount == 0)
+- {
+- int passCount = testSuite->count - testSuite->failCount;
+- const char* testWord = passCount == 1 ? "test" : "tests";
+- CuStringAppendFormat(details, "OK (%d %s)\n", passCount, testWord);
+- }
+- else
+- {
+- if (testSuite->failCount == 1)
+- CuStringAppend(details, "There was 1 failure:\n");
+- else
+- CuStringAppendFormat(details, "There were %d failures:\n", testSuite->failCount);
+-
+- for (i = 0 ; i < testSuite->count ; ++i)
+- {
+- CuTest* testCase = testSuite->list[i];
+- if (testCase->failed)
+- {
+- failCount++;
+- CuStringAppendFormat(details, "%d) %s: %s\n",
+- failCount, testCase->name, testCase->message);
+- }
+- }
+- CuStringAppend(details, "\n!!!FAILURES!!!\n");
+-
+- CuStringAppendFormat(details, "Runs: %d ", testSuite->count);
+- CuStringAppendFormat(details, "Passes: %d ", testSuite->count - testSuite->failCount);
+- CuStringAppendFormat(details, "Fails: %d\n", testSuite->failCount);
+- }
++ int i;
++
++ for (i = 0; i < testSuite->count; ++i)
++ {
++ CuTest* testCase = testSuite->list[i];
++ if (testCase->failed)
++ {
++ CuStringAppendFormat(details, "FAIL: %s\n", testCase->name);
++ }
++ else
++ {
++ CuStringAppendFormat(details, "PASS: %s\n", testCase->name);
++ }
++ }
++
++ CuStringAppend(details, "\n");
++ CuStringAppendFormat(details, "# TOTAL: %d\n", testSuite->count);
++ CuStringAppendFormat(details, "# PASS: %d\n", testSuite->count - testSuite->failCount);
++ CuStringAppendFormat(details, "# FAIL: %d\n", testSuite->failCount);
+ }
++
+diff --git a/src/make-tests.sh b/src/make-tests.sh
+index b6cf814e7030..01399ca75775 100755
+--- a/src/make-tests.sh
++++ b/src/make-tests.sh
+@@ -45,7 +45,6 @@ cat $FILES | grep '^void Test' |
+ echo \
+ '
+ CuSuiteRun(suite);
+- CuSuiteSummary(suite, output);
+ CuSuiteDetails(suite, output);
+ if (suite->failCount > 0)
+ fprintf(stderr, "%s%c", output->buffer, 0x0A);
+--
+2.34.1
+
diff --git a/recipes-ids/samhain/samhain.inc b/recipes-ids/samhain/samhain.inc
index 6b8d30e..fc4e423 100644
--- a/recipes-ids/samhain/samhain.inc
+++ b/recipes-ids/samhain/samhain.inc
@@ -19,6 +19,7 @@ SRC_URI = "https://la-samhna.de/archive/samhain_signed-${PV}.tar.gz \
file://0008-Add-LDFLAGS-variable-for-compiling-samhain_setpwd.patch \
file://0009-fix-build-with-new-version-attr.patch \
file://0010-Fix-initializer-element-is-not-constant.patch \
+ file://0001-Format-test-output-to-match-Automake-standards.patch \
"
SRC_URI[sha256sum] = "0b5d3534fd60ecf45dfd79bd415e81f7a56eba7f1755771735e204f334033578"
--
2.50.0
^ permalink raw reply related [flat|nested] 7+ messages in thread* Re: [yocto-patches] [meta-security][PATCH 0/4] master-next updates
2025-07-18 14:10 [meta-security][PATCH 0/4] master-next updates Scott Murray
` (3 preceding siblings ...)
2025-07-18 14:10 ` [meta-security][PATCH 4/4] samhain: Adapt test output to Automake format for ptest compatibility Scott Murray
@ 2025-07-20 18:26 ` Marta Rybczynska
2025-07-21 17:10 ` Scott Murray
4 siblings, 1 reply; 7+ messages in thread
From: Marta Rybczynska @ 2025-07-20 18:26 UTC (permalink / raw)
To: yocto-patches; +Cc: marta.rybczynska
[-- Attachment #1: Type: text/plain, Size: 966 bytes --]
On Fri, Jul 18, 2025 at 4:11 PM Scott Murray via lists.yoctoproject.org
<scott.murray=konsulko.com@lists.yoctoproject.org> wrote:
> Roll up the submissions since the first batch of whinlatter fixes,
> plus an upgrade of scap-security-guide to get it building again
> after the CMake 4.0 upgrade in oe-core.
>
> A note about the ptest removal for scap-security-guide; while
> having comprehensive ptests is desirable, from the commit history
> it is clear that there was no interest in banging these ones into
> a working state in the last couple of years. As well, ptests are
> not enabled in most of the current CI build configurations, and it
> seems clear that the build time hit would be massive in this case
> if they were. If someone motivated to try to investigate resolving
> these issues appears, this decision can be revisited.
>
>
Fine for me. This commit leads to a better situation in the CI, OK to merge.
Kind regards,
Marta
[-- Attachment #2: Type: text/html, Size: 1436 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread