Test for built-in security measures in YUM [PKGS-7386]

author: mboelen <michael@cisofy.com> 2014-10-13 22:36:09 +0400
committer: mboelen <michael@cisofy.com> 2014-10-13 22:36:09 +0400
commit: 5e840367cae0dfe849da5febd71344e4a67c11e6 (patch)
tree: cacde5fe9791e097507c14ecbe980ec70990ed3d /include/tests_ports_packages
parent: 34b177547f9d26acb7afe68fcb5be6464b10a4df (diff)
1 files changed, 31 insertions, 14 deletions
diff --git a/include/tests_ports_packages b/include/tests_ports_packages
index 13439ab5..e8c0d2fb 100644
--- a/include/tests_ports_packages
+++ b/include/tests_ports_packages
@@ -590,22 +590,39 @@
         DO_TEST=0
         logtext "Test: Determining if yum-security package installed"
 
-        FileExists /etc/yum/pluginconf.d/security.conf
-        if [ ${FILE_FOUND} -eq 1 ]; then
-           SearchItem "^enabled=1$" "/etc/yum/pluginconf.d/security.conf"
-           if [ ${ITEM_FOUND} -eq 1 ]; then
-               DO_TEST=1
-           fi
-         else
-           # Check if it's installed as package (this is old style)
-           FIND=`rpm -q yum-security yum-plugin-security | grep -v "not installed"`
-           if [ ! "${FIND}" = "" ]; then
-               logtext "Result: found yum-plugin-security package"
-               DO_TEST=1
-           fi
+        # Check for built-in --security option
+        if [ ${DO_TEST} -eq 0 ]; then
+            FileExists /usr/share/yum-cli/cly.py
+            if [ ${FILE_FOUND} -eq 1 ]; then
+               SearchItem "--security" "/usr/share/yum-cli/cly.py"
+               if [ ${ITEM_FOUND} -eq 1 ]; then
+                   DO_TEST=1
+                   logtext "Result: found built-in security in yum"
+               fi
+            fi
+        fi
+
+        if [ ${DO_TEST} -eq 0 ]; then
+            FileExists /etc/yum/pluginconf.d/security.conf
+            if [ ${FILE_FOUND} -eq 1 ]; then
+               SearchItem "^enabled=1$" "/etc/yum/pluginconf.d/security.conf"
+               if [ ${ITEM_FOUND} -eq 1 ]; then
+                   DO_TEST=1
+                   logtext "Result: Found enabled plugin"
+               fi
+            fi
+        fi
+
+        # Check if it's installed as package (this is old style)
+        if [ ${DO_TEST} -eq 0 ]; then
+            FIND=`rpm -q yum-security yum-plugin-security | grep -v "not installed"`
+            if [ ! "${FIND}" = "" ]; then
+                logtext "Result: found yum-plugin-security package"
+                DO_TEST=1
+            fi
         fi
 
-        # If we have the module of yum active, continue.
+        # If we have the module of yum active, continue testing
         if [ ${DO_TEST} -eq 1 ]; then
             PKG_AUDIT_TOOL_FOUND=1
             PKG_AUDIT_TOOL="yum-security"
author	mboelen <michael@cisofy.com>	2014-10-13 22:36:09 +0400
committer	mboelen <michael@cisofy.com>	2014-10-13 22:36:09 +0400
commit	5e840367cae0dfe849da5febd71344e4a67c11e6 (patch)
tree	cacde5fe9791e097507c14ecbe980ec70990ed3d /include/tests_ports_packages
parent	34b177547f9d26acb7afe68fcb5be6464b10a4df (diff)