5284e28af7
Pulls the 5 privileged helpers out of deploy/files/usr/local/{libexec,sbin}/
into top-level scripts/{libexec,sbin}/. They are application-inherent code
(invoked at runtime via sudo from l4d2host/l4d2web), not deploy artifacts —
the previous nesting under deploy/files/ confused source-of-truth with
install-target FHS layout.
deploy/ now means "reference exemplar": README explaining the target
layout, plus example sudoers / sysctl / sandbox-resolv.conf / env
templates / curated systemd units (the ones ckn-bw's reactor emits).
Anyone building a fresh deployment (other than ckn-bw) reads this tree.
Dead static artifacts deleted: left4me-apply-cake helper, left4me-cake
+ left4me-nft-mark service units, cake.env, left4me-mark.nft, and the
superseded deploy-test-server.sh installer.
Tests split to match the new shape:
- scripts/tests/{test_overlay,test_script_sandbox,test_systemctl_helper,
test_journalctl_helper,test_helpers_use_fixed_paths,test_sudoers_grants}.py
with shared fixtures in conftest.py
- deploy/tests/test_example_units.py (renamed from test_deploy_artifacts.py)
— slimmed to lock down the curated example units, sysctl, env templates
l4d2host/tests/test_overlay_helper.py: helper-source path updated to
scripts/libexec/left4me-overlay (was building the path segment-by-segment
under deploy/files/, missed by the path-prefix grep during pre-flight).
Runtime install-target paths (/usr/local/{libexec,sbin}/) unchanged, so
l4d2host/service_control.py, l4d2web/services/overlay_builders.py, the
sudoers grants, and the systemd units all keep their existing path
references.
Requires the matching ckn-bw change to bundles/left4me/items.py
(install_left4me_scripts repointed from /opt/left4me/src/deploy/files/...
to /opt/left4me/src/scripts/...). Left4me lands first so a fresh
git_deploy exposes the new source path before the bundle apply runs.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
36 lines
1.3 KiB
Python
36 lines
1.3 KiB
Python
"""Shared fixtures and path constants for `scripts/tests/`."""
|
|
import os
|
|
from pathlib import Path
|
|
|
|
|
|
ROOT = Path(__file__).resolve().parents[2]
|
|
SCRIPTS = ROOT / "scripts"
|
|
LIBEXEC = SCRIPTS / "libexec"
|
|
SBIN = SCRIPTS / "sbin"
|
|
|
|
# `deploy/` is reference material; the sudoers example lives there and is
|
|
# the canonical statement of which paths sudo grants to the `left4me` uid.
|
|
# `scripts/tests/test_sudoers_grants.py` reads it from across the dir
|
|
# boundary because the contract being audited is about *scripts*, not deploy.
|
|
DEPLOY = ROOT / "deploy"
|
|
|
|
|
|
def fake_command(tmp_path, command_name):
|
|
"""Drop a no-op stub of `command_name` into `tmp_path`. Returns the
|
|
marker file the stub writes its args to, so tests can assert that the
|
|
helper rejected bad input before invoking the real command.
|
|
"""
|
|
marker = tmp_path / f"{command_name}.args"
|
|
command = tmp_path / command_name
|
|
command.write_text(f"#!/bin/sh\nprintf '%s\\n' \"$*\" > '{marker}'\nexit 0\n")
|
|
command.chmod(0o755)
|
|
return marker
|
|
|
|
|
|
def env_with_fake_commands(tmp_path):
|
|
"""Build an environment that prepends `tmp_path` onto PATH so helpers
|
|
find the fake commands first.
|
|
"""
|
|
env = os.environ.copy()
|
|
env["PATH"] = f"{tmp_path}{os.pathsep}{env.get('PATH', '')}"
|
|
return env
|