From 7fe10d9903878d25987c44a8def72b6f056f3dd1 Mon Sep 17 00:00:00 2001
From: Florence Blanc-Renaud <flo@redhat.com>
Date: Wed, 15 May 2019 14:36:40 +0200
Subject: [PATCH] ipatests: add integration test checking the files mode

The test runs rpm -V in order to check that the file
permissions are consistent with the expectations set
in the spec file. The file mode, owner and group are
checked.

Related to https://pagure.io/freeipa/issue/7934

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
---
 .../test_integration/test_installation.py     | 51 +++++++++++++++++++
 1 file changed, 51 insertions(+)

diff --git a/ipatests/test_integration/test_installation.py b/ipatests/test_integration/test_installation.py
index 109faba42..42a70c69f 100644
--- a/ipatests/test_integration/test_installation.py
+++ b/ipatests/test_integration/test_installation.py
@@ -10,6 +10,7 @@ installed.
 from __future__ import absolute_import
 
 import os
+import re
 from datetime import datetime, timedelta
 import time
 
@@ -18,6 +19,7 @@ import pytest
 
 from ipalib.constants import DOMAIN_LEVEL_0
 from ipaplatform.constants import constants
+from ipaplatform.osinfo import osinfo
 from ipaplatform.paths import paths
 from ipaplatform.tasks import tasks as platformtasks
 from ipatests.pytest_ipa.integration.env_config import get_global_config
@@ -498,6 +500,55 @@ class TestInstallMaster(IntegrationTest):
             # Use expected failure until all SELinux violations are fixed
             pytest.xfail("{} AVCs found".format(len(avcs)))
 
+    def test_file_permissions(self):
+        args = [
+            "rpm", "-V",
+            "python3-ipaclient",
+            "python3-ipalib",
+            "python3-ipaserver"
+        ]
+
+        if osinfo.id == 'fedora':
+            args.extend([
+                "freeipa-client",
+                "freeipa-client-common",
+                "freeipa-common",
+                "freeipa-server",
+                "freeipa-server-common",
+                "freeipa-server-dns",
+                "freeipa-server-trust-ad"
+            ])
+        else:
+            args.extend([
+                "ipa-client",
+                "ipa-client-common",
+                "ipa-common",
+                "ipa-server",
+                "ipa-server-common",
+                "ipa-server-dns"
+            ])
+
+        result = self.master.run_command(args, raiseonerr=False)
+        if result.returncode != 0:
+            # Check the mode errors
+            mode_warnings = re.findall(
+                r"^.M.......  [cdglr ]+ (?P<filename>.*)$",
+                result.stdout_text, re.MULTILINE)
+            msg = "rpm -V found mode issues for the following files: {}"
+            assert mode_warnings == [], msg.format(mode_warnings)
+            # Check the owner errors
+            user_warnings = re.findall(
+                r"^.....U...  [cdglr ]+ (?P<filename>.*)$",
+                result.stdout_text, re.MULTILINE)
+            msg = "rpm -V found ownership issues for the following files: {}"
+            assert user_warnings == [], msg.format(user_warnings)
+            # Check the group errors
+            group_warnings = re.findall(
+                r"^......G..  [cdglr ]+ (?P<filename>.*)$",
+                result.stdout_text, re.MULTILINE)
+            msg = "rpm -V found group issues for the following files: {}"
+            assert group_warnings == [], msg.format(group_warnings)
+
 
 class TestInstallMasterKRA(IntegrationTest):