[openssh-commits] [openssh] 04/07: Improve Solaris PAM tests.

git+noreply at mindrot.org git+noreply at mindrot.org
Tue May 5 00:09:33 AEST 2026 

This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch master
in repository openssh.

commit 6296749fe19a14d11826dd04591ebb84c110e96b
Author: Darren Tucker <dtucker at dtucker.net>
AuthorDate: Mon May 4 21:40:52 2026 +1000

    Improve Solaris PAM tests.
    
     - Set up and run tests with SUDO.
     - Set random password to use for password & kbdint auth tests.
     - Only run t-exec when re-testing with PAM, don't rerun unit tests.
     - When testing PAM builds, test with and without UsePAM.
---
 .github/workflows/vm.yml | 26 +++++++++++++++++++++-----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/vm.yml b/.github/workflows/vm.yml
index 505781b31..05721f556 100644
--- a/.github/workflows/vm.yml
+++ b/.github/workflows/vm.yml
@@ -424,11 +424,21 @@ jobs:
         release: ${{ matrix.target }}
         usesh: true
         prepare: |
-          set -x
+          echo Setting up user builder.
           useradd -m builder
+          openssl rand -base64 9 >$GITHUB_WORKSPACE/regress/password
+          chown builder $GITHUB_WORKSPACE/regress/password
+          pw=$(tr -d '\n' <$GITHUB_WORKSPACE/regress/password | openssl passwd -6 -stdin)
+          passwd -p "$pw" builder
+          echo Setting up sudo.
           sed -e "s/^root.*ALL$/root ALL=(ALL) NOPASSWD: ALL/" /etc/sudoers >>/tmp/sudoers
           mv /tmp/sudoers /etc/sudoers
-          echo "builder ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers
+          echo "builder ALL=(ALL) NOPASSWD: ALL" >/etc/sudoers.d/builder
+          echo 'Testing sudo config for root->builder.'
+          sudo -u builder id
+          echo 'Testing sudo config for builder->root.'
+          sudo -u builder sudo id
+          echo Creating directories.
           mkdir -p /var/empty /usr/local/etc
           cp $GITHUB_WORKSPACE/moduli /usr/local/etc/moduli
 
@@ -448,7 +458,7 @@ jobs:
       shell: solaris {0}
       run: |
         cd $GITHUB_WORKSPACE
-        sudo -u builder make tests
+        sudo -u builder env SUDO=sudo make tests
 
     - name: "PAM: configure"
       shell: solaris {0}
@@ -459,9 +469,15 @@ jobs:
     - name: "PAM: make"
       shell: solaris {0}
       run: cd $GITHUB_WORKSPACE && sudo -u builder make
-    - name: "PAM: make tests"
+    - name: "PAM: make t-exec UsePAM=no"
+      shell: solaris {0}
+      run: |
+        cd $GITHUB_WORKSPACE
+        sudo -u builder env SUDO=sudo make t-exec
+    - name: "PAM: make t-exec UsePAM=yes"
       shell: solaris {0}
       run: |
         cd $GITHUB_WORKSPACE
-        sudo -u builder env SSHD_CONFOPTS="UsePam yes" make tests
+        cp regress/password regress/kbdintpw
+        sudo -u builder env SUDO=sudo TEST_SSH_SSHD_CONFOPTS="UsePam yes" make t-exec
 

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list