mirror of
https://github.com/inspec/inspec
synced 2024-11-10 15:14:23 +00:00
38 lines
1.1 KiB
Bash
38 lines
1.1 KiB
Bash
#!/bin/bash
|
|
set -ueo pipefail
|
|
|
|
channel="${CHANNEL:-unstable}"
|
|
product="${PRODUCT:-inspec}"
|
|
version="${VERSION:-latest}"
|
|
|
|
echo "--- Installing $channel $product $version"
|
|
package_file="$(install-omnibus-product -c "$channel" -P "$product" -v "$version" | tail -n 1)"
|
|
|
|
echo "--- Verifying omnibus package is signed"
|
|
check-omnibus-package-signed "$package_file"
|
|
|
|
echo "--- Testing $channel $product $version"
|
|
|
|
export INSTALL_DIR=/opt/inspec
|
|
export PATH="/opt/inspec/bin:$PATH"
|
|
|
|
echo "Verifying ownership of package files"
|
|
|
|
NONROOT_FILES="$(find "$INSTALL_DIR" ! -uid 0 -print)"
|
|
if [[ "$NONROOT_FILES" == "" ]]; then
|
|
echo "Packages files are owned by root. Continuing verification."
|
|
else
|
|
echo "Exiting with an error because the following files are not owned by root:"
|
|
echo "$NONROOT_FILES"
|
|
exit 1
|
|
fi
|
|
|
|
echo "Running verification for $product"
|
|
|
|
# Set GEM_HOME and GEM_PATH to verify our appbundle inspec shim is correctly
|
|
# removing them from the environment while launching from our embedded ruby.
|
|
export GEM_HOME=/SHOULD_NOT_EXIST
|
|
export GEM_PATH=/SHOULD_NOT_EXIST
|
|
|
|
export PATH="$PATH:/usr/local/bin"
|
|
inspec version
|