mirror of
https://github.com/inspec/inspec
synced 2024-12-11 22:02:47 +00:00
4fcdc95b92
Signed-off-by: Jeremiah Snapp <jeremiah@chef.io>
33 lines
1 KiB
Bash
33 lines
1 KiB
Bash
#!/bin/bash
|
|
set -ueo pipefail
|
|
|
|
channel="${CHANNEL:-unstable}"
|
|
product="${PRODUCT:-inspec}"
|
|
version="${VERSION:-latest}"
|
|
|
|
echo "--- Installing $channel $product $version"
|
|
package_file="$(install-omnibus-product -c "$channel" -P "$product" -v "$version" | tail -n 1)"
|
|
|
|
echo "--- Verifying omnibus package is signed"
|
|
check-omnibus-package-signed "$package_file"
|
|
|
|
echo "--- Verifying ownership of package files"
|
|
|
|
export INSTALL_DIR=/opt/inspec
|
|
NONROOT_FILES="$(find "$INSTALL_DIR" ! -uid 0 -print)"
|
|
if [[ "$NONROOT_FILES" == "" ]]; then
|
|
echo "Packages files are owned by root. Continuing verification."
|
|
else
|
|
echo "Exiting with an error because the following files are not owned by root:"
|
|
echo "$NONROOT_FILES"
|
|
exit 1
|
|
fi
|
|
|
|
echo "--- Running verification for $channel $product $version"
|
|
|
|
# Set GEM_HOME and GEM_PATH to verify our appbundle inspec shim is correctly
|
|
# removing them from the environment while launching from our embedded ruby.
|
|
export GEM_HOME=/SHOULD_NOT_EXIST
|
|
export GEM_PATH=/SHOULD_NOT_EXIST
|
|
|
|
inspec version
|