Restrict access to doas.conf

2024-11-22 04:25:12 +00:00 · 2021-04-07 19:56:19 +01:00 · 2021-04-07 19:56:19 +01:00 · 087ecd25a2
commit 087ecd25a2
parent 24a89b680d
3 changed files with 19 additions and 18 deletions
--- a/extras/test/00_create.sh
+++ b/extras/test/00_create.sh
@ -15,17 +15,17 @@ test_expect_success 'Testing tomb creation: dig, forge and lock' '
    tt_lock --tomb-pwd $DUMMYPASS
    '

-# if test_have_prereq SPHINX ORACLE; then
-# 	test_export "sphinx_test"
-# 	test_expect_success 'Testing tomb creation: dig, forge and lock (sphinx password handling)' '
-#         tt_dig -s 20 &&
-#         tt_forge --tomb-pwd $DUMMYPASS --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST &&
-#         print $(echo $DUMMYPASS | sphinx get $DUMMYUSER $DUMMYHOST) \
-#             | gpg --batch --passphrase-fd 0 --no-tty --no-options -d $tomb_key \
-#             | hexdump -C &&
-#         tt_lock --tomb-pwd $DUMMYPASS --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST
-#         '
-# fi
+if test_have_prereq SPHINX ORACLE; then
+	test_export "sphinx_test"
+	test_expect_success 'Testing tomb creation: dig, forge and lock (sphinx password handling)' '
+        tt_dig -s 20 &&
+        tt_forge --tomb-pwd $DUMMYPASS --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST &&
+        print $(echo $DUMMYPASS | sphinx get $DUMMYUSER $DUMMYHOST) \
+            | gpg --batch --passphrase-fd 0 --no-tty --no-options -d $tomb_key \
+            | hexdump -C &&
+        tt_lock --tomb-pwd $DUMMYPASS --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST
+        '
+fi

 if test_have_prereq DOAS; then
    test_export "doas_test"
--- a/extras/test/10_operations.sh
+++ b/extras/test/10_operations.sh
@ -44,13 +44,13 @@ if test_have_prereq LSOF; then
        '
 fi

-# if test_have_prereq SPHINX ORACLE; then
-#     test_export "sphinx_test" # Using already generated tomb
-#     test_expect_success 'Testing open with good password (sphinx)' '
-#         tt_open --tomb-pwd $DUMMYPASS --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST &&
-#         tt_close
-#         '
-# fi
+if test_have_prereq SPHINX ORACLE; then
+    test_export "sphinx_test" # Using already generated tomb
+    test_expect_success 'Testing open with good password (sphinx)' '
+        tt_open --tomb-pwd $DUMMYPASS --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST &&
+        tt_close
+        '
+fi

 if test_have_prereq DOAS; then
    test_export "doas_test" # Using already generated tomb
--- a/extras/test/Dockerfile
+++ b/extras/test/Dockerfile
@ -12,6 +12,7 @@ WORKDIR /Tomb/extras
 RUN ./install_sphinx.sh

 COPY extras/test/doas.conf /etc/doas.conf
+RUN chmod 400 /etc/doas.conf

 WORKDIR /Tomb
 RUN make --directory=extras/kdf-keys